On 29 Sep 2021 12:35, Damien Miller wrote:> On Mon, 27 Sep 2021, Mike Frysinger wrote:
> > would SFTPv4 support be acceptable in OpenSSH's server &
client ?
> >
> > SFTPv4 supports higher stat fidelity & user/group names (not just
numeric):
> >
https://datatracker.ietf.org/doc/html/draft-ietf-secsh-filexfer-04#section-10.1
> >
> > iiuc, some of the newer features are a bit contentious, like the NFS
ACL models
> > (which only get worse it seems with SFTPv5 & SFTPv6). from a
quick scan, it
> > seems these only show up in the file attrs operations, and the server
could
> > just not return any (never set SSH_FILEXFER_ATTR_ACL). if the client
were to
> > set file attrs and they have SSH_FILEXFER_ATTR_ACL set, then the
server could
> > also ignore it, or have it return SSH_FX_OP_UNSUPPORTED.
> >
> > the other feature that looks a bit dicey is opening files in text
mode. the
> > caveats the spec sprinkles around makes it sound like it too would be
easier
> > to simply return SSH_FX_OP_UNSUPPORTED.
> >
> > requiring filenames be UTF-8 sounds fine ... the code already treats
paths as
> > a series of bytes (effectively ignoring the encoding), so can just
keep doing
> > that. if the client sends invalid UTF-8, that's a client bug. if
the server
> > has a path that is invalid UTF-8, then the client can decide to ignore
it, or
> > process it.
> >
> > everything else looks pretty straight forward.
>
> How many of these things could be implemented as extensions?
>
> AFAIK we could use SSH_FILEXFER_ATTR_EXTENDED extensions to send
> nanosecond timestamps as well as user/group names, and it should be
> backwards compatible...
hmm, if we're thinking outside the box ...
one thought i had but figured would be rejected was that we'd backport the
new
SSH_FILEXFER_ATTR_OWNERGROUP to SFTPv3 (as it's backwards compatible), but
that
might work OK for client->server, but not so well for server->client
(since the
spec makes it sound like flags must be within the defined range only). so lets
forget about this avenue.
another idea was that we'd define an extension whereby the client could
upgrade
its connection (akin to HTTP upgrading to 1.1 or 2.0). the server would have
"sftpv4-file-attrs at openssh.com", and if the client sent that
request, then all
file attrs would have to use the newer SFTPv4 form for the rest of the session.
i think this is still within the SFTPv3 spec and wouldn't break anyone. it
has
the slight advantage of the types being directly encoded.
otherwise, i think your idea would also work within the SFTPv3 spec and not
break anyone. it would mean servers & clients would have to serialize to
strings everywhere, but maybe that's not a big deal. the standard &
extension
fields would have to both be specified, and the other side would ignore the
standard data when it sees the extension. e.g. the uid & gid fields would
have
to be specified, but if the username & group extensions were include,
they'd be
ignored in favor of dynamic lookup.
rough sketch of extensions i'd be interested in:
* attrs-type at openssh.com - the possible file types from stat/getdents:
"block" "char" "dir" "fifo"
"link" "reg" "socket" "unknown"
* attrs-owner at openssh.com - the username as a string (instead of uid)
* attrs-group at openssh.com - the groupname as a string (instead of gid)
* attrs-atime-sec at openssh.com - the 64-bit access time (if 32-bit overflows)
* attrs-mtime-sec at openssh.com - the 64-bit modify time (if 32-bit overflows)
* attrs-ctime-sec at openssh.com - the 64-bit status time
* attrs-btime-sec at openssh.com - the 64-bit create time
* attrs-atime-nsec at openssh.com - the subsecond access time (for nanoseconds)
* attrs-mtime-nsec at openssh.com - the subsecond modify time (for nanoseconds)
* attrs-ctime-nsec at openssh.com - the subsecond status time (for nanoseconds)
* attrs-btime-nsec at openssh.com - the subsecond create time (for nanoseconds)
maybe instead of "btime" we should use "createtime" as that
would match newer
SFTP specs better instead of matching Linux's statx field.
i opting for separate sec fields here to make parsing a bit easier. i figure
doing strtoull on an entire string is easier than finding the . separator and
parsing the numbers before/after that. sscanf(buf, "%llu.%llu",
&sec, &nsec).
lmk if you have a preference on the route to take.
-mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL:
<http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20210929/9a2f4b25/attachment.asc>