|
497
|
1
|
|
|
2
|
|
|
3
|
|
|
4 Secure Shell Working Group J. Galbraith
|
|
|
5 Internet-Draft VanDyke Software
|
|
|
6 Expires: June 18, 2003 T. Ylonen
|
|
|
7 S. Lehtinen
|
|
|
8 SSH Communications Security Corp
|
|
|
9 December 18, 2002
|
|
|
10
|
|
|
11
|
|
|
12 SSH File Transfer Protocol
|
|
|
13 draft-ietf-secsh-filexfer-04.txt
|
|
|
14
|
|
|
15 Status of this Memo
|
|
|
16
|
|
|
17 This document is an Internet-Draft and is in full conformance with
|
|
|
18 all provisions of Section 10 of RFC2026.
|
|
|
19
|
|
|
20 Internet-Drafts are working documents of the Internet Engineering
|
|
|
21 Task Force (IETF), its areas, and its working groups. Note that
|
|
|
22 other groups may also distribute working documents as
|
|
|
23 Internet-Drafts.
|
|
|
24
|
|
|
25 Internet-Drafts are draft documents valid for a maximum of six months
|
|
|
26 and may be updated, replaced, or obsoleted by other documents at any
|
|
|
27 time. It is inappropriate to use Internet-Drafts as reference
|
|
|
28 material or to cite them other than as "work in progress."
|
|
|
29
|
|
|
30 The list of current Internet-Drafts can be accessed at http://
|
|
|
31 www.ietf.org/ietf/1id-abstracts.txt.
|
|
|
32
|
|
|
33 The list of Internet-Draft Shadow Directories can be accessed at
|
|
|
34 http://www.ietf.org/shadow.html.
|
|
|
35
|
|
|
36 This Internet-Draft will expire on June 18, 2003.
|
|
|
37
|
|
|
38 Copyright Notice
|
|
|
39
|
|
|
40 Copyright (C) The Internet Society (2002). All Rights Reserved.
|
|
|
41
|
|
|
42 Abstract
|
|
|
43
|
|
|
44 The SSH File Transfer Protocol provides secure file transfer
|
|
|
45 functionality over any reliable data stream. It is the standard file
|
|
|
46 transfer protocol for use with the SSH2 protocol. This document
|
|
|
47 describes the file transfer protocol and its interface to the SSH2
|
|
|
48 protocol suite.
|
|
|
49
|
|
|
50
|
|
|
51
|
|
|
52
|
|
|
53
|
|
|
54
|
|
|
55
|
|
|
56 Galbraith, et al. Expires June 18, 2003 [Page 1]
|
|
|
57 �
|
|
|
58 Internet-Draft SSH File Transfer Protocol December 2002
|
|
|
59
|
|
|
60
|
|
|
61 Table of Contents
|
|
|
62
|
|
|
63 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . 3
|
|
|
64 2. Use with the SSH Connection Protocol . . . . . . . . . . . 4
|
|
|
65 3. General Packet Format . . . . . . . . . . . . . . . . . . 5
|
|
|
66 3.1 The use of stderr in the server . . . . . . . . . . . . . 6
|
|
|
67 4. Protocol Initialization . . . . . . . . . . . . . . . . . 8
|
|
|
68 4.1 Client Initialization . . . . . . . . . . . . . . . . . . 8
|
|
|
69 4.2 Server Initialization . . . . . . . . . . . . . . . . . . 8
|
|
|
70 4.3 Determining Server Newline Convention . . . . . . . . . . 9
|
|
|
71 5. File Attributes . . . . . . . . . . . . . . . . . . . . . 10
|
|
|
72 5.1 Flags . . . . . . . . . . . . . . . . . . . . . . . . . . 10
|
|
|
73 5.2 Type . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
|
|
|
74 5.3 Size . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
|
|
|
75 5.4 Owner and Group . . . . . . . . . . . . . . . . . . . . . 11
|
|
|
76 5.5 Permissions . . . . . . . . . . . . . . . . . . . . . . . 12
|
|
|
77 5.6 Times . . . . . . . . . . . . . . . . . . . . . . . . . . 12
|
|
|
78 5.7 ACL . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
|
|
|
79 5.8 Extended attributes . . . . . . . . . . . . . . . . . . . 14
|
|
|
80 6. Requests From the Client to the Server . . . . . . . . . . 15
|
|
|
81 6.1 Request Synchronization and Reordering . . . . . . . . . . 15
|
|
|
82 6.2 File Names . . . . . . . . . . . . . . . . . . . . . . . . 16
|
|
|
83 6.3 Opening, Creating, and Closing Files . . . . . . . . . . . 16
|
|
|
84 6.4 Reading and Writing . . . . . . . . . . . . . . . . . . . 19
|
|
|
85 6.5 Removing and Renaming Files . . . . . . . . . . . . . . . 20
|
|
|
86 6.6 Creating and Deleting Directories . . . . . . . . . . . . 21
|
|
|
87 6.7 Scanning Directories . . . . . . . . . . . . . . . . . . . 21
|
|
|
88 6.8 Retrieving File Attributes . . . . . . . . . . . . . . . . 22
|
|
|
89 6.9 Setting File Attributes . . . . . . . . . . . . . . . . . 23
|
|
|
90 6.10 Dealing with Symbolic links . . . . . . . . . . . . . . . 24
|
|
|
91 6.11 Canonicalizing the Server-Side Path Name . . . . . . . . . 25
|
|
|
92 6.11.1 Best practice for dealing with paths . . . . . . . . . . . 25
|
|
|
93 7. Responses from the Server to the Client . . . . . . . . . 26
|
|
|
94 8. Vendor-Specific Extensions . . . . . . . . . . . . . . . . 30
|
|
|
95 9. Security Considerations . . . . . . . . . . . . . . . . . 31
|
|
|
96 10. Changes from previous protocol versions . . . . . . . . . 32
|
|
|
97 10.1 Changes between versions 4 and 3 . . . . . . . . . . . . . 32
|
|
|
98 10.2 Changes between versions 3 and 2 . . . . . . . . . . . . . 33
|
|
|
99 10.3 Changes between versions 2 and 1 . . . . . . . . . . . . . 33
|
|
|
100 10.4 Changes between versions 1 and 0 . . . . . . . . . . . . . 33
|
|
|
101 11. Trademark Issues . . . . . . . . . . . . . . . . . . . . . 34
|
|
|
102 References . . . . . . . . . . . . . . . . . . . . . . . . 35
|
|
|
103 Authors' Addresses . . . . . . . . . . . . . . . . . . . . 35
|
|
|
104 Intellectual Property and Copyright Statements . . . . . . 37
|
|
|
105
|
|
|
106
|
|
|
107
|
|
|
108
|
|
|
109
|
|
|
110
|
|
|
111
|
|
|
112 Galbraith, et al. Expires June 18, 2003 [Page 2]
|
|
|
113 �
|
|
|
114 Internet-Draft SSH File Transfer Protocol December 2002
|
|
|
115
|
|
|
116
|
|
|
117 1. Introduction
|
|
|
118
|
|
|
119 This protocol provides secure file transfer (and more generally file
|
|
|
120 system access) functionality over a reliable data stream, such as a
|
|
|
121 channel in the SSH2 protocol [5].
|
|
|
122
|
|
|
123 This protocol is designed so that it could be used to implement a
|
|
|
124 secure remote file system service, as well as a secure file transfer
|
|
|
125 service.
|
|
|
126
|
|
|
127 This protocol assumes that it runs over a secure channel, and that
|
|
|
128 the server has already authenticated the user at the client end, and
|
|
|
129 that the identity of the client user is externally available to the
|
|
|
130 server implementation.
|
|
|
131
|
|
|
132 In general, this protocol follows a simple request-response model.
|
|
|
133 Each request and response contains a sequence number and multiple
|
|
|
134 requests may be pending simultaneously. There are a relatively large
|
|
|
135 number of different request messages, but a small number of possible
|
|
|
136 response messages. Each request has one or more response messages
|
|
|
137 that may be returned in result (e.g., a read either returns data or
|
|
|
138 reports error status).
|
|
|
139
|
|
|
140 The packet format descriptions in this specification follow the
|
|
|
141 notation presented in the secsh architecture draft. [5]
|
|
|
142
|
|
|
143 Even though this protocol is described in the context of the SSH2
|
|
|
144 protocol, this protocol is general and independent of the rest of the
|
|
|
145 SSH2 protocol suite. It could be used in a number of different
|
|
|
146 applications, such as secure file transfer over TLS RFC 2246 [1] and
|
|
|
147 transfer of management information in VPN applications.
|
|
|
148
|
|
|
149
|
|
|
150
|
|
|
151
|
|
|
152
|
|
|
153
|
|
|
154
|
|
|
155
|
|
|
156
|
|
|
157
|
|
|
158
|
|
|
159
|
|
|
160
|
|
|
161
|
|
|
162
|
|
|
163
|
|
|
164
|
|
|
165
|
|
|
166
|
|
|
167
|
|
|
168 Galbraith, et al. Expires June 18, 2003 [Page 3]
|
|
|
169 �
|
|
|
170 Internet-Draft SSH File Transfer Protocol December 2002
|
|
|
171
|
|
|
172
|
|
|
173 2. Use with the SSH Connection Protocol
|
|
|
174
|
|
|
175 When used with the SSH2 Protocol suite, this protocol is intended to
|
|
|
176 be used from the SSH Connection Protocol [7] as a subsystem, as
|
|
|
177 described in section ``Starting a Shell or a Command''. The
|
|
|
178 subsystem name used with this protocol is "sftp".
|
|
|
179
|
|
|
180
|
|
|
181
|
|
|
182
|
|
|
183
|
|
|
184
|
|
|
185
|
|
|
186
|
|
|
187
|
|
|
188
|
|
|
189
|
|
|
190
|
|
|
191
|
|
|
192
|
|
|
193
|
|
|
194
|
|
|
195
|
|
|
196
|
|
|
197
|
|
|
198
|
|
|
199
|
|
|
200
|
|
|
201
|
|
|
202
|
|
|
203
|
|
|
204
|
|
|
205
|
|
|
206
|
|
|
207
|
|
|
208
|
|
|
209
|
|
|
210
|
|
|
211
|
|
|
212
|
|
|
213
|
|
|
214
|
|
|
215
|
|
|
216
|
|
|
217
|
|
|
218
|
|
|
219
|
|
|
220
|
|
|
221
|
|
|
222
|
|
|
223
|
|
|
224 Galbraith, et al. Expires June 18, 2003 [Page 4]
|
|
|
225 �
|
|
|
226 Internet-Draft SSH File Transfer Protocol December 2002
|
|
|
227
|
|
|
228
|
|
|
229 3. General Packet Format
|
|
|
230
|
|
|
231 All packets transmitted over the secure connection are of the
|
|
|
232 following format:
|
|
|
233
|
|
|
234 uint32 length
|
|
|
235 byte type
|
|
|
236 byte[length - 1] data payload
|
|
|
237
|
|
|
238 That is, they are just data preceded by 32-bit length and 8-bit type
|
|
|
239 fields. The `length' is the length of the data area, and does not
|
|
|
240 include the `length' field itself. The format and interpretation of
|
|
|
241 the data area depends on the packet type.
|
|
|
242
|
|
|
243 All packet descriptions below only specify the packet type and the
|
|
|
244 data that goes into the data field. Thus, they should be prefixed by
|
|
|
245 the `length' and `type' fields.
|
|
|
246
|
|
|
247 The maximum size of a packet is in practice determined by the client
|
|
|
248 (the maximum size of read or write requests that it sends, plus a few
|
|
|
249 bytes of packet overhead). All servers SHOULD support packets of at
|
|
|
250 least 34000 bytes (where the packet size refers to the full length,
|
|
|
251 including the header above). This should allow for reads and writes
|
|
|
252 of at most 32768 bytes.
|
|
|
253
|
|
|
254 There is no limit on the number of outstanding (non-acknowledged)
|
|
|
255 requests that the client may send to the server. In practice this is
|
|
|
256 limited by the buffering available on the data stream and the queuing
|
|
|
257 performed by the server. If the server's queues are full, it should
|
|
|
258 not read any more data from the stream, and flow control will prevent
|
|
|
259 the client from sending more requests. Note, however, that while
|
|
|
260 there is no restriction on the protocol level, the client's API may
|
|
|
261 provide a limit in order to prevent infinite queuing of outgoing
|
|
|
262 requests at the client.
|
|
|
263
|
|
|
264 The following values are defined for packet types.
|
|
|
265
|
|
|
266
|
|
|
267
|
|
|
268
|
|
|
269
|
|
|
270
|
|
|
271
|
|
|
272
|
|
|
273
|
|
|
274
|
|
|
275
|
|
|
276
|
|
|
277
|
|
|
278
|
|
|
279
|
|
|
280 Galbraith, et al. Expires June 18, 2003 [Page 5]
|
|
|
281 �
|
|
|
282 Internet-Draft SSH File Transfer Protocol December 2002
|
|
|
283
|
|
|
284
|
|
|
285 #define SSH_FXP_INIT 1
|
|
|
286 #define SSH_FXP_VERSION 2
|
|
|
287 #define SSH_FXP_OPEN 3
|
|
|
288 #define SSH_FXP_CLOSE 4
|
|
|
289 #define SSH_FXP_READ 5
|
|
|
290 #define SSH_FXP_WRITE 6
|
|
|
291 #define SSH_FXP_LSTAT 7
|
|
|
292 #define SSH_FXP_FSTAT 8
|
|
|
293 #define SSH_FXP_SETSTAT 9
|
|
|
294 #define SSH_FXP_FSETSTAT 10
|
|
|
295 #define SSH_FXP_OPENDIR 11
|
|
|
296 #define SSH_FXP_READDIR 12
|
|
|
297 #define SSH_FXP_REMOVE 13
|
|
|
298 #define SSH_FXP_MKDIR 14
|
|
|
299 #define SSH_FXP_RMDIR 15
|
|
|
300 #define SSH_FXP_REALPATH 16
|
|
|
301 #define SSH_FXP_STAT 17
|
|
|
302 #define SSH_FXP_RENAME 18
|
|
|
303 #define SSH_FXP_READLINK 19
|
|
|
304 #define SSH_FXP_SYMLINK 20
|
|
|
305
|
|
|
306 #define SSH_FXP_STATUS 101
|
|
|
307 #define SSH_FXP_HANDLE 102
|
|
|
308 #define SSH_FXP_DATA 103
|
|
|
309 #define SSH_FXP_NAME 104
|
|
|
310 #define SSH_FXP_ATTRS 105
|
|
|
311
|
|
|
312 #define SSH_FXP_EXTENDED 200
|
|
|
313 #define SSH_FXP_EXTENDED_REPLY 201
|
|
|
314
|
|
|
315 RESERVED_FOR_EXTENSIONS 210-255
|
|
|
316
|
|
|
317 Additional packet types should only be defined if the protocol
|
|
|
318 version number (see Section ``Protocol Initialization'') is
|
|
|
319 incremented, and their use MUST be negotiated using the version
|
|
|
320 number. However, the SSH_FXP_EXTENDED and SSH_FXP_EXTENDED_REPLY
|
|
|
321 packets can be used to implement vendor-specific extensions. See
|
|
|
322 Section ``Vendor-Specific-Extensions'' for more details.
|
|
|
323
|
|
|
324 3.1 The use of stderr in the server
|
|
|
325
|
|
|
326 Packets are sent and received on stdout and stdin. Data sent on
|
|
|
327 stderr by the server SHOULD be considered debug or supplemental error
|
|
|
328 information, and MAY be displayed to the user.
|
|
|
329
|
|
|
330 For example, during initialization, there is no client request
|
|
|
331 active, so errors or warning information cannot be sent to the client
|
|
|
332 as part of the SFTP protocol at this early stage. However, the
|
|
|
333
|
|
|
334
|
|
|
335
|
|
|
336 Galbraith, et al. Expires June 18, 2003 [Page 6]
|
|
|
337 �
|
|
|
338 Internet-Draft SSH File Transfer Protocol December 2002
|
|
|
339
|
|
|
340
|
|
|
341 errors or warnings MAY be sent as stderr text.
|
|
|
342
|
|
|
343
|
|
|
344
|
|
|
345
|
|
|
346
|
|
|
347
|
|
|
348
|
|
|
349
|
|
|
350
|
|
|
351
|
|
|
352
|
|
|
353
|
|
|
354
|
|
|
355
|
|
|
356
|
|
|
357
|
|
|
358
|
|
|
359
|
|
|
360
|
|
|
361
|
|
|
362
|
|
|
363
|
|
|
364
|
|
|
365
|
|
|
366
|
|
|
367
|
|
|
368
|
|
|
369
|
|
|
370
|
|
|
371
|
|
|
372
|
|
|
373
|
|
|
374
|
|
|
375
|
|
|
376
|
|
|
377
|
|
|
378
|
|
|
379
|
|
|
380
|
|
|
381
|
|
|
382
|
|
|
383
|
|
|
384
|
|
|
385
|
|
|
386
|
|
|
387
|
|
|
388
|
|
|
389
|
|
|
390
|
|
|
391
|
|
|
392 Galbraith, et al. Expires June 18, 2003 [Page 7]
|
|
|
393 �
|
|
|
394 Internet-Draft SSH File Transfer Protocol December 2002
|
|
|
395
|
|
|
396
|
|
|
397 4. Protocol Initialization
|
|
|
398
|
|
|
399 When the file transfer protocol starts, the client first sends a
|
|
|
400 SSH_FXP_INIT (including its version number) packet to the server.
|
|
|
401 The server responds with a SSH_FXP_VERSION packet, supplying the
|
|
|
402 lowest of its own and the client's version number. Both parties
|
|
|
403 should from then on adhere to particular version of the protocol.
|
|
|
404
|
|
|
405 The version number of the protocol specified in this document is 4.
|
|
|
406 The version number should be incremented for each incompatible
|
|
|
407 revision of this protocol.
|
|
|
408
|
|
|
409 4.1 Client Initialization
|
|
|
410
|
|
|
411 The SSH_FXP_INIT packet (from client to server) has the following
|
|
|
412 data:
|
|
|
413
|
|
|
414 uint32 version
|
|
|
415
|
|
|
416 Version 3 of this protocol allowed clients to include extensions in
|
|
|
417 the SSH_FXP_INIT packet; however, this can cause interoperability
|
|
|
418 problems with version 1 and version 2 servers because the client must
|
|
|
419 send this packet before knowing the servers version.
|
|
|
420
|
|
|
421 In this version of the protocol, clients MUST use the
|
|
|
422 SSH_FXP_EXTENDED packet to send extensions to the server after
|
|
|
423 version exchange has completed. Clients MUST NOT include extensions
|
|
|
424 in the version packet. This will prevent interoperability problems
|
|
|
425 with older servers
|
|
|
426
|
|
|
427 4.2 Server Initialization
|
|
|
428
|
|
|
429 The SSH_FXP_VERSION packet (from server to client) has the following
|
|
|
430 data:
|
|
|
431
|
|
|
432 uint32 version
|
|
|
433 <extension data>
|
|
|
434
|
|
|
435 'version' is the lower of the protocol version supported by the
|
|
|
436 server and the version number received from the client.
|
|
|
437
|
|
|
438 The extension data may be empty, or may be a sequence of
|
|
|
439
|
|
|
440 string extension_name
|
|
|
441 string extension_data
|
|
|
442
|
|
|
443 pairs (both strings MUST always be present if one is, but the
|
|
|
444 `extension_data' string may be of zero length). If present, these
|
|
|
445
|
|
|
446
|
|
|
447
|
|
|
448 Galbraith, et al. Expires June 18, 2003 [Page 8]
|
|
|
449 �
|
|
|
450 Internet-Draft SSH File Transfer Protocol December 2002
|
|
|
451
|
|
|
452
|
|
|
453 strings indicate extensions to the baseline protocol. The
|
|
|
454 `extension_name' field(s) identify the name of the extension. The
|
|
|
455 name should be of the form "name@domain", where the domain is the DNS
|
|
|
456 domain name of the organization defining the extension. Additional
|
|
|
457 names that are not of this format may be defined later by the IETF.
|
|
|
458 Implementations MUST silently ignore any extensions whose name they
|
|
|
459 do not recognize.
|
|
|
460
|
|
|
461 4.3 Determining Server Newline Convention
|
|
|
462
|
|
|
463 In order to correctly process text files in a cross platform
|
|
|
464 compatible way, the newline convention must be converted from that of
|
|
|
465 the server to that of the client, or, during an upload, from that of
|
|
|
466 the client to that of the server.
|
|
|
467
|
|
|
468 Versions 3 and prior of this protocol made no provisions for
|
|
|
469 processing text files. Many clients implemented some sort of
|
|
|
470 conversion algorithm, but without either a 'canonical' on the wire
|
|
|
471 format or knowledge of the servers newline convention, correct
|
|
|
472 conversion was not always possible.
|
|
|
473
|
|
|
474 Starting with Version 4, the SSH_FXF_TEXT file open flag (Section
|
|
|
475 6.3) makes it possible to request that the server translate a file to
|
|
|
476 a 'canonical' on the wire format. This format uses \r\n as the line
|
|
|
477 separator.
|
|
|
478
|
|
|
479 Servers for systems using multiple newline characters (for example,
|
|
|
480 Mac OS X or VMS) or systems using counted records, MUST translate to
|
|
|
481 the canonical form.
|
|
|
482
|
|
|
483 However, to ease the burden of implementation on servers that use a
|
|
|
484 single, simple separator sequence, the following extension allows the
|
|
|
485 canonical format to be changed.
|
|
|
486
|
|
|
487 string "newline"
|
|
|
488 string new-canonical-separator (usually "\r" or "\n" or "\r\n")
|
|
|
489
|
|
|
490 All clients MUST support this extension.
|
|
|
491
|
|
|
492 When processing text files, clients SHOULD NOT translate any
|
|
|
493 character or sequence that is not an exact match of the servers
|
|
|
494 newline separator.
|
|
|
495
|
|
|
496 In particular, if the newline sequence being used is the canonical
|
|
|
497 "\r\n" sequence, a lone \r or a lone \n SHOULD be written through
|
|
|
498 without change.
|
|
|
499
|
|
|
500
|
|
|
501
|
|
|
502
|
|
|
503
|
|
|
504 Galbraith, et al. Expires June 18, 2003 [Page 9]
|
|
|
505 �
|
|
|
506 Internet-Draft SSH File Transfer Protocol December 2002
|
|
|
507
|
|
|
508
|
|
|
509 5. File Attributes
|
|
|
510
|
|
|
511 A new compound data type is defined for encoding file attributes.
|
|
|
512 The same encoding is used both when returning file attributes from
|
|
|
513 the server and when sending file attributes to the server. When
|
|
|
514 sending it to the server, the flags field specifies which attributes
|
|
|
515 are included, and the server will use default values for the
|
|
|
516 remaining attributes (or will not modify the values of remaining
|
|
|
517 attributes). When receiving attributes from the server, the flags
|
|
|
518 specify which attributes are included in the returned data. The
|
|
|
519 server normally returns all attributes it knows about.
|
|
|
520
|
|
|
521 uint32 flags
|
|
|
522 byte type always present
|
|
|
523 uint64 size present only if flag SIZE
|
|
|
524 string owner present only if flag OWNERGROUP
|
|
|
525 string group present only if flag OWNERGROUP
|
|
|
526 uint32 permissions present only if flag PERMISSIONS
|
|
|
527 uint64 atime present only if flag ACCESSTIME
|
|
|
528 uint32 atime_nseconds present only if flag SUBSECOND_TIMES
|
|
|
529 uint64 createtime present only if flag CREATETIME
|
|
|
530 uint32 createtime_nseconds present only if flag SUBSECOND_TIMES
|
|
|
531 uint64 mtime present only if flag MODIFYTIME
|
|
|
532 uint32 mtime_nseconds present only if flag SUBSECOND_TIMES
|
|
|
533 string acl present only if flag ACL
|
|
|
534 uint32 extended_count present only if flag EXTENDED
|
|
|
535 string extended_type
|
|
|
536 string extended_data
|
|
|
537 ... more extended data (extended_type - extended_data pairs),
|
|
|
538 so that number of pairs equals extended_count
|
|
|
539
|
|
|
540
|
|
|
541 5.1 Flags
|
|
|
542
|
|
|
543 The `flags' specify which of the fields are present. Those fields
|
|
|
544 for which the corresponding flag is not set are not present (not
|
|
|
545 included in the packet). New flags can only be added by incrementing
|
|
|
546 the protocol version number (or by using the extension mechanism
|
|
|
547 described below).
|
|
|
548
|
|
|
549 The flags bits are defined to have the following values:
|
|
|
550
|
|
|
551
|
|
|
552
|
|
|
553
|
|
|
554
|
|
|
555
|
|
|
556
|
|
|
557
|
|
|
558
|
|
|
559
|
|
|
560 Galbraith, et al. Expires June 18, 2003 [Page 10]
|
|
|
561 �
|
|
|
562 Internet-Draft SSH File Transfer Protocol December 2002
|
|
|
563
|
|
|
564
|
|
|
565 #define SSH_FILEXFER_ATTR_SIZE 0x00000001
|
|
|
566 #define SSH_FILEXFER_ATTR_PERMISSIONS 0x00000040
|
|
|
567 #define SSH_FILEXFER_ATTR_ACCESSTIME 0x00000008
|
|
|
568 #define SSH_FILEXFER_ATTR_CREATETIME 0x00000010
|
|
|
569 #define SSH_FILEXFER_ATTR_MODIFYTIME 0x00000020
|
|
|
570 #define SSH_FILEXFER_ATTR_ACL 0x00000040
|
|
|
571 #define SSH_FILEXFER_ATTR_OWNERGROUP 0x00000080
|
|
|
572 #define SSH_FILEXFER_ATTR_SUBSECOND_TIMES 0x00000100
|
|
|
573 #define SSH_FILEXFER_ATTR_EXTENDED 0x80000000
|
|
|
574
|
|
|
575 In previous versions of this protocol flags value 0x00000002 was
|
|
|
576 SSH_FILEXFER_ATTR_UIDGID. This value is now unused, and OWNERGROUP
|
|
|
577 was given a new value in order to ease implementation burden.
|
|
|
578 0x00000002 MUST NOT appear in the mask. Some future version of this
|
|
|
579 protocol may reuse flag 0x00000002.
|
|
|
580
|
|
|
581 5.2 Type
|
|
|
582
|
|
|
583 The type field is always present. The following types are defined:
|
|
|
584
|
|
|
585 #define SSH_FILEXFER_TYPE_REGULAR 1
|
|
|
586 #define SSH_FILEXFER_TYPE_DIRECTORY 2
|
|
|
587 #define SSH_FILEXFER_TYPE_SYMLINK 3
|
|
|
588 #define SSH_FILEXFER_TYPE_SPECIAL 4
|
|
|
589 #define SSH_FILEXFER_TYPE_UNKNOWN 5
|
|
|
590
|
|
|
591 On a POSIX system, these values would be derived from the permission
|
|
|
592 field.
|
|
|
593
|
|
|
594 5.3 Size
|
|
|
595
|
|
|
596 The `size' field specifies the size of the file on disk, in bytes.
|
|
|
597 If it is present during file creation, it should be considered a hint
|
|
|
598 as to the files eventual size.
|
|
|
599
|
|
|
600 Files opened with the SSH_FXF_TEXT flag may have a size that is
|
|
|
601 greater or less than the value of the size field.
|
|
|
602
|
|
|
603 5.4 Owner and Group
|
|
|
604
|
|
|
605 The `owner' and `group' fields are represented as UTF-8 strings; this
|
|
|
606 is the form used by NFS v4. See NFS version 4 Protocol. [3] The
|
|
|
607 following text is selected quotations from section 5.6.
|
|
|
608
|
|
|
609 To avoid a representation that is tied to a particular underlying
|
|
|
610 implementation at the client or server, the use of UTF-8 strings has
|
|
|
611 been chosen. The string should be of the form user@dns_domain".
|
|
|
612 This will allow for a client and server that do not use the same
|
|
|
613
|
|
|
614
|
|
|
615
|
|
|
616 Galbraith, et al. Expires June 18, 2003 [Page 11]
|
|
|
617 �
|
|
|
618 Internet-Draft SSH File Transfer Protocol December 2002
|
|
|
619
|
|
|
620
|
|
|
621 local representation the ability to translate to a common syntax that
|
|
|
622 can be interpreted by both. In the case where there is no
|
|
|
623 translation available to the client or server, the attribute value
|
|
|
624 must be constructed without the "@". Therefore, the absence of the @
|
|
|
625 from the owner or owner_group attribute signifies that no translation
|
|
|
626 was available and the receiver of the attribute should not place any
|
|
|
627 special meaning with the attribute value. Even though the attribute
|
|
|
628 value can not be translated, it may still be useful. In the case of
|
|
|
629 a client, the attribute string may be used for local display of
|
|
|
630 ownership.
|
|
|
631
|
|
|
632 5.5 Permissions
|
|
|
633
|
|
|
634 The `permissions' field contains a bit mask of file permissions as
|
|
|
635 defined by POSIX [1].
|
|
|
636
|
|
|
637 5.6 Times
|
|
|
638
|
|
|
639 The 'atime', 'createtime', and 'mtime' contain the access, creation,
|
|
|
640 and modification times of the files, respectively. They are
|
|
|
641 represented as seconds from Jan 1, 1970 in UTC.
|
|
|
642
|
|
|
643 A negative value indicates number of seconds before Jan 1, 1970. In
|
|
|
644 both cases, if the SSH_FILEXFER_ATTR_SUBSECOND_TIMES flag is set, the
|
|
|
645 nseconds field is to be added to the seconds field for the final time
|
|
|
646 representation. For example, if the time to be represented is
|
|
|
647 one-half second before 0 hour January 1, 1970, the seconds field
|
|
|
648 would have a value of negative one (-1) and the nseconds fields would
|
|
|
649 have a value of one-half second (500000000). Values greater than
|
|
|
650 999,999,999 for nseconds are considered invalid.
|
|
|
651
|
|
|
652 5.7 ACL
|
|
|
653
|
|
|
654 The 'ACL' field contains an ACL similar to that defined in section
|
|
|
655 5.9 of NFS version 4 Protocol [3].
|
|
|
656
|
|
|
657 uint32 ace-count
|
|
|
658
|
|
|
659 repeated ace-count time:
|
|
|
660 uint32 ace-type
|
|
|
661 uint32 ace-flag
|
|
|
662 uint32 ace-mask
|
|
|
663 string who [UTF-8]
|
|
|
664
|
|
|
665 ace-type is one of the following four values (taken from NFS Version
|
|
|
666 4 Protocol [3]:
|
|
|
667
|
|
|
668
|
|
|
669
|
|
|
670
|
|
|
671
|
|
|
672 Galbraith, et al. Expires June 18, 2003 [Page 12]
|
|
|
673 �
|
|
|
674 Internet-Draft SSH File Transfer Protocol December 2002
|
|
|
675
|
|
|
676
|
|
|
677 const ACE4_ACCESS_ALLOWED_ACE_TYPE = 0x00000000;
|
|
|
678 const ACE4_ACCESS_DENIED_ACE_TYPE = 0x00000001;
|
|
|
679 const ACE4_SYSTEM_AUDIT_ACE_TYPE = 0x00000002;
|
|
|
680 const ACE4_SYSTEM_ALARM_ACE_TYPE = 0x00000003;
|
|
|
681
|
|
|
682 ace-flag is a combination of the following flag values. See NFS
|
|
|
683 Version 4 Protocol [3] section 5.9.2:
|
|
|
684
|
|
|
685 const ACE4_FILE_INHERIT_ACE = 0x00000001;
|
|
|
686 const ACE4_DIRECTORY_INHERIT_ACE = 0x00000002;
|
|
|
687 const ACE4_NO_PROPAGATE_INHERIT_ACE = 0x00000004;
|
|
|
688 const ACE4_INHERIT_ONLY_ACE = 0x00000008;
|
|
|
689 const ACE4_SUCCESSFUL_ACCESS_ACE_FLAG = 0x00000010;
|
|
|
690 const ACE4_FAILED_ACCESS_ACE_FLAG = 0x00000020;
|
|
|
691 const ACE4_IDENTIFIER_GROUP = 0x00000040;
|
|
|
692
|
|
|
693 ace-mask is any combination of the following flags (taken from NFS
|
|
|
694 Version 4 Protocol [3] section 5.9.3:
|
|
|
695
|
|
|
696 const ACE4_READ_DATA = 0x00000001;
|
|
|
697 const ACE4_LIST_DIRECTORY = 0x00000001;
|
|
|
698 const ACE4_WRITE_DATA = 0x00000002;
|
|
|
699 const ACE4_ADD_FILE = 0x00000002;
|
|
|
700 const ACE4_APPEND_DATA = 0x00000004;
|
|
|
701 const ACE4_ADD_SUBDIRECTORY = 0x00000004;
|
|
|
702 const ACE4_READ_NAMED_ATTRS = 0x00000008;
|
|
|
703 const ACE4_WRITE_NAMED_ATTRS = 0x00000010;
|
|
|
704 const ACE4_EXECUTE = 0x00000020;
|
|
|
705 const ACE4_DELETE_CHILD = 0x00000040;
|
|
|
706 const ACE4_READ_ATTRIBUTES = 0x00000080;
|
|
|
707 const ACE4_WRITE_ATTRIBUTES = 0x00000100;
|
|
|
708 const ACE4_DELETE = 0x00010000;
|
|
|
709 const ACE4_READ_ACL = 0x00020000;
|
|
|
710 const ACE4_WRITE_ACL = 0x00040000;
|
|
|
711 const ACE4_WRITE_OWNER = 0x00080000;
|
|
|
712 const ACE4_SYNCHRONIZE = 0x00100000;
|
|
|
713
|
|
|
714 who is a UTF-8 string of the form described in 'Owner and Group'
|
|
|
715 (Section 5.4)
|
|
|
716
|
|
|
717 Also, as per '5.9.4 ACE who' [3] there are several identifiers that
|
|
|
718 need to be understood universally. Some of these identifiers cannot
|
|
|
719 be understood when an client access the server, but have meaning when
|
|
|
720 a local process accesses the file. The ability to display and modify
|
|
|
721 these permissions is permitted over SFTP.
|
|
|
722
|
|
|
723 OWNER The owner of the file.
|
|
|
724
|
|
|
725
|
|
|
726
|
|
|
727
|
|
|
728 Galbraith, et al. Expires June 18, 2003 [Page 13]
|
|
|
729 �
|
|
|
730 Internet-Draft SSH File Transfer Protocol December 2002
|
|
|
731
|
|
|
732
|
|
|
733 GROUP The group associated with the file.
|
|
|
734
|
|
|
735 EVERYONE The world.
|
|
|
736
|
|
|
737 INTERACTIVE Accessed from an interactive terminal.
|
|
|
738
|
|
|
739 NETWORK Accessed via the network.
|
|
|
740
|
|
|
741 DIALUP Accessed as a dialup user to the server.
|
|
|
742
|
|
|
743 BATCH Accessed from a batch job.
|
|
|
744
|
|
|
745 ANONYMOUS Accessed without any authentication.
|
|
|
746
|
|
|
747 AUTHENTICATED Any authenticated user (opposite of ANONYMOUS).
|
|
|
748
|
|
|
749 SERVICE Access from a system service.
|
|
|
750
|
|
|
751 To avoid conflict, these special identifiers are distinguish by an
|
|
|
752 appended "@" and should appear in the form "xxxx@" (note: no domain
|
|
|
753 name after the "@"). For example: ANONYMOUS@.
|
|
|
754
|
|
|
755 5.8 Extended attributes
|
|
|
756
|
|
|
757 The SSH_FILEXFER_ATTR_EXTENDED flag provides a general extension
|
|
|
758 mechanism for vendor-specific extensions. If the flag is specified,
|
|
|
759 then the `extended_count' field is present. It specifies the number
|
|
|
760 of extended_type-extended_data pairs that follow. Each of these
|
|
|
761 pairs specifies an extended attribute. For each of the attributes,
|
|
|
762 the extended_type field should be a string of the format
|
|
|
763 "name@domain", where "domain" is a valid, registered domain name and
|
|
|
764 "name" identifies the method. The IETF may later standardize certain
|
|
|
765 names that deviate from this format (e.g., that do not contain the
|
|
|
766 "@" sign). The interpretation of `extended_data' depends on the
|
|
|
767 type. Implementations SHOULD ignore extended data fields that they
|
|
|
768 do not understand.
|
|
|
769
|
|
|
770 Additional fields can be added to the attributes by either defining
|
|
|
771 additional bits to the flags field to indicate their presence, or by
|
|
|
772 defining extended attributes for them. The extended attributes
|
|
|
773 mechanism is recommended for most purposes; additional flags bits
|
|
|
774 should only be defined by an IETF standards action that also
|
|
|
775 increments the protocol version number. The use of such new fields
|
|
|
776 MUST be negotiated by the version number in the protocol exchange.
|
|
|
777 It is a protocol error if a packet with unsupported protocol bits is
|
|
|
778 received.
|
|
|
779
|
|
|
780
|
|
|
781
|
|
|
782
|
|
|
783
|
|
|
784 Galbraith, et al. Expires June 18, 2003 [Page 14]
|
|
|
785 �
|
|
|
786 Internet-Draft SSH File Transfer Protocol December 2002
|
|
|
787
|
|
|
788
|
|
|
789 6. Requests From the Client to the Server
|
|
|
790
|
|
|
791 Requests from the client to the server represent the various file
|
|
|
792 system operations. Each request begins with an `id' field, which is
|
|
|
793 a 32-bit identifier identifying the request (selected by the client).
|
|
|
794 The same identifier will be returned in the response to the request.
|
|
|
795 One possible implementation is a monotonically increasing request
|
|
|
796 sequence number (modulo 2^32).
|
|
|
797
|
|
|
798 Many operations in the protocol operate on open files. The
|
|
|
799 SSH_FXP_OPEN request can return a file handle (which is an opaque
|
|
|
800 variable-length string) which may be used to access the file later
|
|
|
801 (e.g. in a read operation). The client MUST NOT send requests the
|
|
|
802 server with bogus or closed handles. However, the server MUST
|
|
|
803 perform adequate checks on the handle in order to avoid security
|
|
|
804 risks due to fabricated handles.
|
|
|
805
|
|
|
806 This design allows either stateful and stateless server
|
|
|
807 implementation, as well as an implementation which caches state
|
|
|
808 between requests but may also flush it. The contents of the file
|
|
|
809 handle string are entirely up to the server and its design. The
|
|
|
810 client should not modify or attempt to interpret the file handle
|
|
|
811 strings.
|
|
|
812
|
|
|
813 The file handle strings MUST NOT be longer than 256 bytes.
|
|
|
814
|
|
|
815 6.1 Request Synchronization and Reordering
|
|
|
816
|
|
|
817 The protocol and implementations MUST process requests relating to
|
|
|
818 the same file in the order in which they are received. In other
|
|
|
819 words, if an application submits multiple requests to the server, the
|
|
|
820 results in the responses will be the same as if it had sent the
|
|
|
821 requests one at a time and waited for the response in each case. For
|
|
|
822 example, the server may process non-overlapping read/write requests
|
|
|
823 to the same file in parallel, but overlapping reads and writes cannot
|
|
|
824 be reordered or parallelized. However, there are no ordering
|
|
|
825 restrictions on the server for processing requests from two different
|
|
|
826 file transfer connections. The server may interleave and parallelize
|
|
|
827 them at will.
|
|
|
828
|
|
|
829 There are no restrictions on the order in which responses to
|
|
|
830 outstanding requests are delivered to the client, except that the
|
|
|
831 server must ensure fairness in the sense that processing of no
|
|
|
832 request will be indefinitely delayed even if the client is sending
|
|
|
833 other requests so that there are multiple outstanding requests all
|
|
|
834 the time.
|
|
|
835
|
|
|
836
|
|
|
837
|
|
|
838
|
|
|
839
|
|
|
840 Galbraith, et al. Expires June 18, 2003 [Page 15]
|
|
|
841 �
|
|
|
842 Internet-Draft SSH File Transfer Protocol December 2002
|
|
|
843
|
|
|
844
|
|
|
845 6.2 File Names
|
|
|
846
|
|
|
847 This protocol represents file names as strings. File names are
|
|
|
848 assumed to use the slash ('/') character as a directory separator.
|
|
|
849
|
|
|
850 File names starting with a slash are "absolute", and are relative to
|
|
|
851 the root of the file system. Names starting with any other character
|
|
|
852 are relative to the user's default directory (home directory). Note
|
|
|
853 that identifying the user is assumed to take place outside of this
|
|
|
854 protocol.
|
|
|
855
|
|
|
856 Servers SHOULD interpret a path name component ".." as referring to
|
|
|
857 the parent directory, and "." as referring to the current directory.
|
|
|
858 If the server implementation limits access to certain parts of the
|
|
|
859 file system, it must be extra careful in parsing file names when
|
|
|
860 enforcing such restrictions. There have been numerous reported
|
|
|
861 security bugs where a ".." in a path name has allowed access outside
|
|
|
862 the intended area.
|
|
|
863
|
|
|
864 An empty path name is valid, and it refers to the user's default
|
|
|
865 directory (usually the user's home directory).
|
|
|
866
|
|
|
867 Otherwise, no syntax is defined for file names by this specification.
|
|
|
868 Clients should not make any other assumptions; however, they can
|
|
|
869 splice path name components returned by SSH_FXP_READDIR together
|
|
|
870 using a slash ('/') as the separator, and that will work as expected.
|
|
|
871
|
|
|
872 In order to comply with IETF Policy on Character Sets and Languages
|
|
|
873 [2], all filenames are to be encoded in UTF-8. The shortest valid
|
|
|
874 UTF-8 encoding of the UNICODE data MUST be used. The server is
|
|
|
875 responsible for converting the UNICODE data to whatever canonical
|
|
|
876 form it requires.
|
|
|
877
|
|
|
878 For example, if the server requires that precomposed characters
|
|
|
879 always be used, the server MUST NOT assume the filename as sent by
|
|
|
880 the client has this attribute, but must do this normalization itself.
|
|
|
881
|
|
|
882 It is understood that the lack of well-defined semantics for file
|
|
|
883 names may cause interoperability problems between clients and servers
|
|
|
884 using radically different operating systems. However, this approach
|
|
|
885 is known to work acceptably with most systems, and alternative
|
|
|
886 approaches that e.g. treat file names as sequences of structured
|
|
|
887 components are quite complicated.
|
|
|
888
|
|
|
889 6.3 Opening, Creating, and Closing Files
|
|
|
890
|
|
|
891 Files are opened and created using the SSH_FXP_OPEN message, whose
|
|
|
892 data part is as follows:
|
|
|
893
|
|
|
894
|
|
|
895
|
|
|
896 Galbraith, et al. Expires June 18, 2003 [Page 16]
|
|
|
897 �
|
|
|
898 Internet-Draft SSH File Transfer Protocol December 2002
|
|
|
899
|
|
|
900
|
|
|
901 uint32 id
|
|
|
902 string filename [UTF-8]
|
|
|
903 uint32 pflags
|
|
|
904 ATTRS attrs
|
|
|
905
|
|
|
906 The `id' field is the request identifier as for all requests.
|
|
|
907
|
|
|
908 The `filename' field specifies the file name. See Section ``File
|
|
|
909 Names'' for more information.
|
|
|
910
|
|
|
911 The `pflags' field is a bitmask. The following bits have been
|
|
|
912 defined.
|
|
|
913
|
|
|
914 #define SSH_FXF_READ 0x00000001
|
|
|
915 #define SSH_FXF_WRITE 0x00000002
|
|
|
916 #define SSH_FXF_APPEND 0x00000004
|
|
|
917 #define SSH_FXF_CREAT 0x00000008
|
|
|
918 #define SSH_FXF_TRUNC 0x00000010
|
|
|
919 #define SSH_FXF_EXCL 0x00000020
|
|
|
920 #define SSH_FXF_TEXT 0x00000040
|
|
|
921
|
|
|
922 These have the following meanings:
|
|
|
923
|
|
|
924 SSH_FXF_READ
|
|
|
925 Open the file for reading.
|
|
|
926
|
|
|
927 SSH_FXF_WRITE
|
|
|
928 Open the file for writing. If both this and SSH_FXF_READ are
|
|
|
929 specified, the file is opened for both reading and writing.
|
|
|
930
|
|
|
931 SSH_FXF_APPEND
|
|
|
932 Force all writes to append data at the end of the file. The
|
|
|
933 offset parameter to write will be ignored.
|
|
|
934
|
|
|
935 SSH_FXF_CREAT
|
|
|
936 If this flag is specified, then a new file will be created if one
|
|
|
937 does not already exist (if O_TRUNC is specified, the new file will
|
|
|
938 be truncated to zero length if it previously exists).
|
|
|
939
|
|
|
940 SSH_FXF_TRUNC
|
|
|
941 Forces an existing file with the same name to be truncated to zero
|
|
|
942 length when creating a file by specifying SSH_FXF_CREAT.
|
|
|
943 SSH_FXF_CREAT MUST also be specified if this flag is used.
|
|
|
944
|
|
|
945 SSH_FXF_EXCL
|
|
|
946 Causes the request to fail if the named file already exists.
|
|
|
947 SSH_FXF_CREAT MUST also be specified if this flag is used.
|
|
|
948
|
|
|
949
|
|
|
950
|
|
|
951
|
|
|
952 Galbraith, et al. Expires June 18, 2003 [Page 17]
|
|
|
953 �
|
|
|
954 Internet-Draft SSH File Transfer Protocol December 2002
|
|
|
955
|
|
|
956
|
|
|
957 SSH_FXF_TEXT
|
|
|
958 Indicates that the server should treat the file as text and
|
|
|
959 convert it to the canonical newline convention in use. (See
|
|
|
960 Determining Server Newline Convention. (Section 4.3)
|
|
|
961
|
|
|
962 When a file is opened with the FXF_TEXT flag, the offset field in
|
|
|
963 both the read and write function are ignored.
|
|
|
964
|
|
|
965 Servers MUST correctly process multiple parallel reads and writes
|
|
|
966 correctly in this mode. Naturally, it is permissible for them to
|
|
|
967 do this by serializing the requests. It would not be possible for
|
|
|
968 a client to reliably detect a server that does not implement
|
|
|
969 parallel writes in time to prevent damage.
|
|
|
970
|
|
|
971 Clients SHOULD use the SSH_FXF_APPEND flag to append data to a
|
|
|
972 text file rather then using write with a calculated offset.
|
|
|
973
|
|
|
974 To support seeks on text file the following SSH_FXP_EXTENDED
|
|
|
975 packet is defined.
|
|
|
976
|
|
|
977
|
|
|
978
|
|
|
979 string "text-seek"
|
|
|
980 string file-handle
|
|
|
981 uint64 line-number
|
|
|
982
|
|
|
983 line-number is the index of the line number to seek to, where byte
|
|
|
984 0 in the file is line number 0, and the byte directly following
|
|
|
985 the first newline sequence in the file is line number 1 and so on.
|
|
|
986
|
|
|
987 The response to a "text-seek" request is an SSH_FXP_STATUS
|
|
|
988 message.
|
|
|
989
|
|
|
990 An attempt to seek past the end-of-file should result in a
|
|
|
991 SSH_FX_EOF status.
|
|
|
992
|
|
|
993 Servers SHOULD support at least one "text-seek" in order to
|
|
|
994 support resume. However, a client MUST be prepared to receive
|
|
|
995 SSH_FX_OP_UNSUPPORTED when attempting a "text-seek" operation.
|
|
|
996 The client can then try a fall-back strategy, if it has one.
|
|
|
997
|
|
|
998 Clients MUST be prepared to handle SSH_FX_OP_UNSUPPORTED returned
|
|
|
999 for read or write operations that are not sequential.
|
|
|
1000
|
|
|
1001 The `attrs' field specifies the initial attributes for the file.
|
|
|
1002 Default values will be used for those attributes that are not
|
|
|
1003 specified. See Section ``File Attributes'' for more information.
|
|
|
1004
|
|
|
1005
|
|
|
1006
|
|
|
1007
|
|
|
1008 Galbraith, et al. Expires June 18, 2003 [Page 18]
|
|
|
1009 �
|
|
|
1010 Internet-Draft SSH File Transfer Protocol December 2002
|
|
|
1011
|
|
|
1012
|
|
|
1013 The response to this message will be either SSH_FXP_HANDLE (if the
|
|
|
1014 operation is successful) or SSH_FXP_STATUS (if the operation fails).
|
|
|
1015
|
|
|
1016 A file is closed by using the SSH_FXP_CLOSE request. Its data field
|
|
|
1017 has the following format:
|
|
|
1018
|
|
|
1019 uint32 id
|
|
|
1020 string handle
|
|
|
1021
|
|
|
1022 where `id' is the request identifier, and `handle' is a handle
|
|
|
1023 previously returned in the response to SSH_FXP_OPEN or
|
|
|
1024 SSH_FXP_OPENDIR. The handle becomes invalid immediately after this
|
|
|
1025 request has been sent.
|
|
|
1026
|
|
|
1027 The response to this request will be a SSH_FXP_STATUS message. One
|
|
|
1028 should note that on some server platforms even a close can fail.
|
|
|
1029 This can happen e.g. if the server operating system caches writes,
|
|
|
1030 and an error occurs while flushing cached writes during the close.
|
|
|
1031
|
|
|
1032 6.4 Reading and Writing
|
|
|
1033
|
|
|
1034 Once a file has been opened, it can be read using the following
|
|
|
1035 message:
|
|
|
1036
|
|
|
1037 byte SSH_FXP_READ
|
|
|
1038 uint32 id
|
|
|
1039 string handle
|
|
|
1040 uint64 offset
|
|
|
1041 uint32 len
|
|
|
1042
|
|
|
1043 where `id' is the request identifier, `handle' is an open file handle
|
|
|
1044 returned by SSH_FXP_OPEN, `offset' is the offset (in bytes) relative
|
|
|
1045 to the beginning of the file from where to start reading, and `len'
|
|
|
1046 is the maximum number of bytes to read.
|
|
|
1047
|
|
|
1048 In response to this request, the server will read as many bytes as it
|
|
|
1049 can from the file (up to `len'), and return them in a SSH_FXP_DATA
|
|
|
1050 message. If an error occurs or EOF is encountered before reading any
|
|
|
1051 data, the server will respond with SSH_FXP_STATUS.
|
|
|
1052
|
|
|
1053 For normal disk files, it is normally guaranteed that this will read
|
|
|
1054 the specified number of bytes, or up to end of file. However, if the
|
|
|
1055 read length is very long, the server may truncate it if it doesn't
|
|
|
1056 support packets of that length. See General Packet Format (Section
|
|
|
1057 3).
|
|
|
1058
|
|
|
1059 For e.g. device files this may return fewer bytes than requested.
|
|
|
1060
|
|
|
1061
|
|
|
1062
|
|
|
1063
|
|
|
1064 Galbraith, et al. Expires June 18, 2003 [Page 19]
|
|
|
1065 �
|
|
|
1066 Internet-Draft SSH File Transfer Protocol December 2002
|
|
|
1067
|
|
|
1068
|
|
|
1069 Writing to a file is achieved using the following message:
|
|
|
1070
|
|
|
1071 byte SSH_FXP_WRITE
|
|
|
1072 uint32 id
|
|
|
1073 string handle
|
|
|
1074 uint64 offset
|
|
|
1075 string data
|
|
|
1076
|
|
|
1077 where `id' is a request identifier, `handle' is a file handle
|
|
|
1078 returned by SSH_FXP_OPEN, `offset' is the offset (in bytes) from the
|
|
|
1079 beginning of the file where to start writing, and `data' is the data
|
|
|
1080 to be written.
|
|
|
1081
|
|
|
1082 The write will extend the file if writing beyond the end of the file.
|
|
|
1083 It is legal to write way beyond the end of the file; the semantics
|
|
|
1084 are to write zeroes from the end of the file to the specified offset
|
|
|
1085 and then the data. On most operating systems, such writes do not
|
|
|
1086 allocate disk space but instead leave "holes" in the file.
|
|
|
1087
|
|
|
1088 The server responds to a write request with a SSH_FXP_STATUS message.
|
|
|
1089
|
|
|
1090 6.5 Removing and Renaming Files
|
|
|
1091
|
|
|
1092 Files can be removed using the SSH_FXP_REMOVE message. It has the
|
|
|
1093 following format:
|
|
|
1094
|
|
|
1095 uint32 id
|
|
|
1096 string filename [UTF-8]
|
|
|
1097
|
|
|
1098 where `id' is the request identifier and `filename' is the name of
|
|
|
1099 the file to be removed. See Section ``File Names'' for more
|
|
|
1100 information. This request cannot be used to remove directories.
|
|
|
1101
|
|
|
1102 The server will respond to this request with a SSH_FXP_STATUS
|
|
|
1103 message.
|
|
|
1104
|
|
|
1105 Files (and directories) can be renamed using the SSH_FXP_RENAME
|
|
|
1106 message. Its data is as follows:
|
|
|
1107
|
|
|
1108 uint32 id
|
|
|
1109 string oldpath [UTF-8]
|
|
|
1110 string newpath [UTF-8]
|
|
|
1111
|
|
|
1112 where `id' is the request identifier, `oldpath' is the name of an
|
|
|
1113 existing file or directory, and `newpath' is the new name for the
|
|
|
1114 file or directory. It is an error if there already exists a file
|
|
|
1115 with the name specified by newpath. The server may also fail rename
|
|
|
1116 requests in other situations, for example if `oldpath' and `newpath'
|
|
|
1117
|
|
|
1118
|
|
|
1119
|
|
|
1120 Galbraith, et al. Expires June 18, 2003 [Page 20]
|
|
|
1121 �
|
|
|
1122 Internet-Draft SSH File Transfer Protocol December 2002
|
|
|
1123
|
|
|
1124
|
|
|
1125 point to different file systems on the server.
|
|
|
1126
|
|
|
1127 The server will respond to this request with a SSH_FXP_STATUS
|
|
|
1128 message.
|
|
|
1129
|
|
|
1130 6.6 Creating and Deleting Directories
|
|
|
1131
|
|
|
1132 New directories can be created using the SSH_FXP_MKDIR request. It
|
|
|
1133 has the following format:
|
|
|
1134
|
|
|
1135 uint32 id
|
|
|
1136 string path [UTF-8]
|
|
|
1137 ATTRS attrs
|
|
|
1138
|
|
|
1139 where `id' is the request identifier.
|
|
|
1140
|
|
|
1141 `path' specifies the directory to be created. See Section ``File
|
|
|
1142 Names'' for more information on file names.
|
|
|
1143
|
|
|
1144 `attrs' specifies the attributes that should be applied to it upon
|
|
|
1145 creation. Attributes are discussed in more detail in Section ``File
|
|
|
1146 Attributes''.
|
|
|
1147
|
|
|
1148 The server will respond to this request with a SSH_FXP_STATUS
|
|
|
1149 message. If a file or directory with the specified path already
|
|
|
1150 exists, an error will be returned.
|
|
|
1151
|
|
|
1152 Directories can be removed using the SSH_FXP_RMDIR request, which has
|
|
|
1153 the following format:
|
|
|
1154
|
|
|
1155 uint32 id
|
|
|
1156 string path [UTF-8]
|
|
|
1157
|
|
|
1158 where `id' is the request identifier, and `path' specifies the
|
|
|
1159 directory to be removed. See Section ``File Names'' for more
|
|
|
1160 information on file names.
|
|
|
1161
|
|
|
1162 The server responds to this request with a SSH_FXP_STATUS message.
|
|
|
1163 Errors may be returned from this operation for various reasons,
|
|
|
1164 including, but not limited to, the path does not exist, the path does
|
|
|
1165 not refer to a directory object, the directory is not empty, or the
|
|
|
1166 user has insufficient access or permission to perform the requested
|
|
|
1167 operation.
|
|
|
1168
|
|
|
1169 6.7 Scanning Directories
|
|
|
1170
|
|
|
1171 The files in a directory can be listed using the SSH_FXP_OPENDIR and
|
|
|
1172 SSH_FXP_READDIR requests. Each SSH_FXP_READDIR request returns one
|
|
|
1173
|
|
|
1174
|
|
|
1175
|
|
|
1176 Galbraith, et al. Expires June 18, 2003 [Page 21]
|
|
|
1177 �
|
|
|
1178 Internet-Draft SSH File Transfer Protocol December 2002
|
|
|
1179
|
|
|
1180
|
|
|
1181 or more file names with full file attributes for each file. The
|
|
|
1182 client should call SSH_FXP_READDIR repeatedly until it has found the
|
|
|
1183 file it is looking for or until the server responds with a
|
|
|
1184 SSH_FXP_STATUS message indicating an error (normally SSH_FX_EOF if
|
|
|
1185 there are no more files in the directory). The client should then
|
|
|
1186 close the handle using the SSH_FXP_CLOSE request.
|
|
|
1187
|
|
|
1188 The SSH_FXP_OPENDIR opens a directory for reading. It has the
|
|
|
1189 following format:
|
|
|
1190
|
|
|
1191 uint32 id
|
|
|
1192 string path [UTF-8]
|
|
|
1193
|
|
|
1194 where `id' is the request identifier and `path' is the path name of
|
|
|
1195 the directory to be listed (without any trailing slash). See Section
|
|
|
1196 ``File Names'' for more information on file names. This will return
|
|
|
1197 an error if the path does not specify a directory or if the directory
|
|
|
1198 is not readable. The server will respond to this request with either
|
|
|
1199 a SSH_FXP_HANDLE or a SSH_FXP_STATUS message.
|
|
|
1200
|
|
|
1201 Once the directory has been successfully opened, files (and
|
|
|
1202 directories) contained in it can be listed using SSH_FXP_READDIR
|
|
|
1203 requests. These are of the format
|
|
|
1204
|
|
|
1205 uint32 id
|
|
|
1206 string handle
|
|
|
1207
|
|
|
1208 where `id' is the request identifier, and `handle' is a handle
|
|
|
1209 returned by SSH_FXP_OPENDIR. (It is a protocol error to attempt to
|
|
|
1210 use an ordinary file handle returned by SSH_FXP_OPEN.)
|
|
|
1211
|
|
|
1212 The server responds to this request with either a SSH_FXP_NAME or a
|
|
|
1213 SSH_FXP_STATUS message. One or more names may be returned at a time.
|
|
|
1214 Full status information is returned for each name in order to speed
|
|
|
1215 up typical directory listings.
|
|
|
1216
|
|
|
1217 If there are no more names available to be read, the server MUST
|
|
|
1218 respond with a SSH_FXP_STATUS message with error code of SSH_FX_EOF.
|
|
|
1219
|
|
|
1220 When the client no longer wishes to read more names from the
|
|
|
1221 directory, it SHOULD call SSH_FXP_CLOSE for the handle. The handle
|
|
|
1222 should be closed regardless of whether an error has occurred or not.
|
|
|
1223
|
|
|
1224 6.8 Retrieving File Attributes
|
|
|
1225
|
|
|
1226 Very often, file attributes are automatically returned by
|
|
|
1227 SSH_FXP_READDIR. However, sometimes there is need to specifically
|
|
|
1228 retrieve the attributes for a named file. This can be done using the
|
|
|
1229
|
|
|
1230
|
|
|
1231
|
|
|
1232 Galbraith, et al. Expires June 18, 2003 [Page 22]
|
|
|
1233 �
|
|
|
1234 Internet-Draft SSH File Transfer Protocol December 2002
|
|
|
1235
|
|
|
1236
|
|
|
1237 SSH_FXP_STAT, SSH_FXP_LSTAT and SSH_FXP_FSTAT requests.
|
|
|
1238
|
|
|
1239 SSH_FXP_STAT and SSH_FXP_LSTAT only differ in that SSH_FXP_STAT
|
|
|
1240 follows symbolic links on the server, whereas SSH_FXP_LSTAT does not
|
|
|
1241 follow symbolic links. Both have the same format:
|
|
|
1242
|
|
|
1243 uint32 id
|
|
|
1244 string path [UTF-8]
|
|
|
1245 uint32 flags
|
|
|
1246
|
|
|
1247 where `id' is the request identifier, and `path' specifies the file
|
|
|
1248 system object for which status is to be returned. The server
|
|
|
1249 responds to this request with either SSH_FXP_ATTRS or SSH_FXP_STATUS.
|
|
|
1250
|
|
|
1251 The flags field specify the attribute flags in which the client has
|
|
|
1252 particular interest. This is a hint to the server. For example,
|
|
|
1253 because retrieving owner / group and acl information can be an
|
|
|
1254 expensive operation under some operating systems, the server may
|
|
|
1255 choose not to retrieve this information unless the client expresses a
|
|
|
1256 specific interest in it.
|
|
|
1257
|
|
|
1258 The client has no guarantee the server will provide all the fields
|
|
|
1259 that it has expressed an interest in.
|
|
|
1260
|
|
|
1261 SSH_FXP_FSTAT differs from the others in that it returns status
|
|
|
1262 information for an open file (identified by the file handle). Its
|
|
|
1263 format is as follows:
|
|
|
1264
|
|
|
1265 uint32 id
|
|
|
1266 string handle
|
|
|
1267 uint32 flags
|
|
|
1268
|
|
|
1269 where `id' is the request identifier and `handle' is a file handle
|
|
|
1270 returned by SSH_FXP_OPEN. The server responds to this request with
|
|
|
1271 SSH_FXP_ATTRS or SSH_FXP_STATUS.
|
|
|
1272
|
|
|
1273 6.9 Setting File Attributes
|
|
|
1274
|
|
|
1275 File attributes may be modified using the SSH_FXP_SETSTAT and
|
|
|
1276 SSH_FXP_FSETSTAT requests. These requests are used for operations
|
|
|
1277 such as changing the ownership, permissions or access times, as well
|
|
|
1278 as for truncating a file.
|
|
|
1279
|
|
|
1280 The SSH_FXP_SETSTAT request is of the following format:
|
|
|
1281
|
|
|
1282
|
|
|
1283
|
|
|
1284
|
|
|
1285
|
|
|
1286
|
|
|
1287
|
|
|
1288 Galbraith, et al. Expires June 18, 2003 [Page 23]
|
|
|
1289 �
|
|
|
1290 Internet-Draft SSH File Transfer Protocol December 2002
|
|
|
1291
|
|
|
1292
|
|
|
1293 uint32 id
|
|
|
1294 string path [UTF-8]
|
|
|
1295 ATTRS attrs
|
|
|
1296
|
|
|
1297 where `id' is the request identifier, `path' specifies the file
|
|
|
1298 system object (e.g. file or directory) whose attributes are to be
|
|
|
1299 modified, and `attrs' specifies the modifications to be made to its
|
|
|
1300 attributes. Attributes are discussed in more detail in Section
|
|
|
1301 ``File Attributes''.
|
|
|
1302
|
|
|
1303 An error will be returned if the specified file system object does
|
|
|
1304 not exist or the user does not have sufficient rights to modify the
|
|
|
1305 specified attributes. The server responds to this request with a
|
|
|
1306 SSH_FXP_STATUS message.
|
|
|
1307
|
|
|
1308 The SSH_FXP_FSETSTAT request modifies the attributes of a file which
|
|
|
1309 is already open. It has the following format:
|
|
|
1310
|
|
|
1311 uint32 id
|
|
|
1312 string handle
|
|
|
1313 ATTRS attrs
|
|
|
1314
|
|
|
1315 where `id' is the request identifier, `handle' (MUST be returned by
|
|
|
1316 SSH_FXP_OPEN) identifies the file whose attributes are to be
|
|
|
1317 modified, and `attrs' specifies the modifications to be made to its
|
|
|
1318 attributes. Attributes are discussed in more detail in Section
|
|
|
1319 ``File Attributes''. The server will respond to this request with
|
|
|
1320 SSH_FXP_STATUS.
|
|
|
1321
|
|
|
1322 6.10 Dealing with Symbolic links
|
|
|
1323
|
|
|
1324 The SSH_FXP_READLINK request may be used to read the target of a
|
|
|
1325 symbolic link. It would have a data part as follows:
|
|
|
1326
|
|
|
1327 uint32 id
|
|
|
1328 string path [UTF-8]
|
|
|
1329
|
|
|
1330 where `id' is the request identifier and `path' specifies the path
|
|
|
1331 name of the symlink to be read.
|
|
|
1332
|
|
|
1333 The server will respond with a SSH_FXP_NAME packet containing only
|
|
|
1334 one name and a dummy attributes value. The name in the returned
|
|
|
1335 packet contains the target of the link. If an error occurs, the
|
|
|
1336 server may respond with SSH_FXP_STATUS.
|
|
|
1337
|
|
|
1338 The SSH_FXP_SYMLINK request will create a symbolic link on the
|
|
|
1339 server. It is of the following format
|
|
|
1340
|
|
|
1341
|
|
|
1342
|
|
|
1343
|
|
|
1344 Galbraith, et al. Expires June 18, 2003 [Page 24]
|
|
|
1345 �
|
|
|
1346 Internet-Draft SSH File Transfer Protocol December 2002
|
|
|
1347
|
|
|
1348
|
|
|
1349 uint32 id
|
|
|
1350 string linkpath [UTF-8]
|
|
|
1351 string targetpath [UTF-8]
|
|
|
1352
|
|
|
1353 where `id' is the request identifier, `linkpath' specifies the path
|
|
|
1354 name of the symlink to be created and `targetpath' specifies the
|
|
|
1355 target of the symlink. The server shall respond with a
|
|
|
1356 SSH_FXP_STATUS indicating either success (SSH_FX_OK) or an error
|
|
|
1357 condition.
|
|
|
1358
|
|
|
1359 6.11 Canonicalizing the Server-Side Path Name
|
|
|
1360
|
|
|
1361 The SSH_FXP_REALPATH request can be used to have the server
|
|
|
1362 canonicalize any given path name to an absolute path. This is useful
|
|
|
1363 for converting path names containing ".." components or relative
|
|
|
1364 pathnames without a leading slash into absolute paths. The format of
|
|
|
1365 the request is as follows:
|
|
|
1366
|
|
|
1367 uint32 id
|
|
|
1368 string path [UTF-8]
|
|
|
1369
|
|
|
1370 where `id' is the request identifier and `path' specifies the path
|
|
|
1371 name to be canonicalized. The server will respond with a
|
|
|
1372 SSH_FXP_NAME packet containing the name in canonical form and a dummy
|
|
|
1373 attributes value. If an error occurs, the server may also respond
|
|
|
1374 with SSH_FXP_STATUS.
|
|
|
1375
|
|
|
1376 6.11.1 Best practice for dealing with paths
|
|
|
1377
|
|
|
1378 The client SHOULD treat the results of SSH_FXP_REALPATH as a
|
|
|
1379 canonical absolute path, even if the path does not appear to be
|
|
|
1380 absolute. A client that use REALPATH(".") and treats the result as
|
|
|
1381 absolute, even if there is no leading slash, will continue to
|
|
|
1382 function correctly, even when talking to a Windows NT or VMS style
|
|
|
1383 system, where absolute paths may not begin with a slash.
|
|
|
1384
|
|
|
1385 For example, if the client wishes to change directory up, and the
|
|
|
1386 server has returned "c:/x/y/z" from REALPATH, the client SHOULD use
|
|
|
1387 "c:/x/y/z/..".
|
|
|
1388
|
|
|
1389 As a second example, if the client wishes to open the file "x.txt" in
|
|
|
1390 the current directory, and server has returned "dka100:/x/y/z" as the
|
|
|
1391 canonical path of the directory, the client SHOULD open "dka100:/x/y/
|
|
|
1392 z/x.txt"
|
|
|
1393
|
|
|
1394
|
|
|
1395
|
|
|
1396
|
|
|
1397
|
|
|
1398
|
|
|
1399
|
|
|
1400 Galbraith, et al. Expires June 18, 2003 [Page 25]
|
|
|
1401 �
|
|
|
1402 Internet-Draft SSH File Transfer Protocol December 2002
|
|
|
1403
|
|
|
1404
|
|
|
1405 7. Responses from the Server to the Client
|
|
|
1406
|
|
|
1407 The server responds to the client using one of a few response
|
|
|
1408 packets. All requests can return a SSH_FXP_STATUS response upon
|
|
|
1409 failure. When the operation is successful, any of the responses may
|
|
|
1410 be returned (depending on the operation). If no data needs to be
|
|
|
1411 returned to the client, the SSH_FXP_STATUS response with SSH_FX_OK
|
|
|
1412 status is appropriate. Otherwise, the SSH_FXP_HANDLE message is used
|
|
|
1413 to return a file handle (for SSH_FXP_OPEN and SSH_FXP_OPENDIR
|
|
|
1414 requests), SSH_FXP_DATA is used to return data from SSH_FXP_READ,
|
|
|
1415 SSH_FXP_NAME is used to return one or more file names from a
|
|
|
1416 SSH_FXP_READDIR or SSH_FXP_REALPATH request, and SSH_FXP_ATTRS is
|
|
|
1417 used to return file attributes from SSH_FXP_STAT, SSH_FXP_LSTAT, and
|
|
|
1418 SSH_FXP_FSTAT requests.
|
|
|
1419
|
|
|
1420 Exactly one response will be returned for each request. Each
|
|
|
1421 response packet contains a request identifier which can be used to
|
|
|
1422 match each response with the corresponding request. Note that it is
|
|
|
1423 legal to have several requests outstanding simultaneously, and the
|
|
|
1424 server is allowed to send responses to them in a different order from
|
|
|
1425 the order in which the requests were sent (the result of their
|
|
|
1426 execution, however, is guaranteed to be as if they had been processed
|
|
|
1427 one at a time in the order in which the requests were sent).
|
|
|
1428
|
|
|
1429 Response packets are of the same general format as request packets.
|
|
|
1430 Each response packet begins with the request identifier.
|
|
|
1431
|
|
|
1432 The format of the data portion of the SSH_FXP_STATUS response is as
|
|
|
1433 follows:
|
|
|
1434
|
|
|
1435 uint32 id
|
|
|
1436 uint32 error/status code
|
|
|
1437 string error message (ISO-10646 UTF-8 [RFC-2279])
|
|
|
1438 string language tag (as defined in [RFC-1766])
|
|
|
1439
|
|
|
1440 where `id' is the request identifier, and `error/status code'
|
|
|
1441 indicates the result of the requested operation. The value SSH_FX_OK
|
|
|
1442 indicates success, and all other values indicate failure.
|
|
|
1443
|
|
|
1444 Currently, the following values are defined (other values may be
|
|
|
1445 defined by future versions of this protocol):
|
|
|
1446
|
|
|
1447
|
|
|
1448
|
|
|
1449
|
|
|
1450
|
|
|
1451
|
|
|
1452
|
|
|
1453
|
|
|
1454
|
|
|
1455
|
|
|
1456 Galbraith, et al. Expires June 18, 2003 [Page 26]
|
|
|
1457 �
|
|
|
1458 Internet-Draft SSH File Transfer Protocol December 2002
|
|
|
1459
|
|
|
1460
|
|
|
1461 #define SSH_FX_OK 0
|
|
|
1462 #define SSH_FX_EOF 1
|
|
|
1463 #define SSH_FX_NO_SUCH_FILE 2
|
|
|
1464 #define SSH_FX_PERMISSION_DENIED 3
|
|
|
1465 #define SSH_FX_FAILURE 4
|
|
|
1466 #define SSH_FX_BAD_MESSAGE 5
|
|
|
1467 #define SSH_FX_NO_CONNECTION 6
|
|
|
1468 #define SSH_FX_CONNECTION_LOST 7
|
|
|
1469 #define SSH_FX_OP_UNSUPPORTED 8
|
|
|
1470 #define SSH_FX_INVALID_HANDLE 9
|
|
|
1471 #define SSH_FX_NO_SUCH_PATH 10
|
|
|
1472 #define SSH_FX_FILE_ALREADY_EXISTS 11
|
|
|
1473 #define SSH_FX_WRITE_PROTECT 12
|
|
|
1474 #define SSH_FX_NO_MEDIA 13
|
|
|
1475
|
|
|
1476 SSH_FX_OK
|
|
|
1477 Indicates successful completion of the operation.
|
|
|
1478
|
|
|
1479 SSH_FX_EOF
|
|
|
1480 indicates end-of-file condition; for SSH_FX_READ it means that no
|
|
|
1481 more data is available in the file, and for SSH_FX_READDIR it
|
|
|
1482 indicates that no more files are contained in the directory.
|
|
|
1483
|
|
|
1484 SSH_FX_NO_SUCH_FILE
|
|
|
1485 is returned when a reference is made to a file which does not
|
|
|
1486 exist.
|
|
|
1487
|
|
|
1488 SSH_FX_PERMISSION_DENIED
|
|
|
1489 is returned when the authenticated user does not have sufficient
|
|
|
1490 permissions to perform the operation.
|
|
|
1491
|
|
|
1492 SSH_FX_FAILURE
|
|
|
1493 is a generic catch-all error message; it should be returned if an
|
|
|
1494 error occurs for which there is no more specific error code
|
|
|
1495 defined.
|
|
|
1496
|
|
|
1497 SSH_FX_BAD_MESSAGE
|
|
|
1498 may be returned if a badly formatted packet or protocol
|
|
|
1499 incompatibility is detected.
|
|
|
1500
|
|
|
1501 SSH_FX_NO_CONNECTION
|
|
|
1502 is a pseudo-error which indicates that the client has no
|
|
|
1503 connection to the server (it can only be generated locally by the
|
|
|
1504 client, and MUST NOT be returned by servers).
|
|
|
1505
|
|
|
1506 SSH_FX_CONNECTION_LOST
|
|
|
1507 is a pseudo-error which indicates that the connection to the
|
|
|
1508 server has been lost (it can only be generated locally by the
|
|
|
1509
|
|
|
1510
|
|
|
1511
|
|
|
1512 Galbraith, et al. Expires June 18, 2003 [Page 27]
|
|
|
1513 �
|
|
|
1514 Internet-Draft SSH File Transfer Protocol December 2002
|
|
|
1515
|
|
|
1516
|
|
|
1517 client, and MUST NOT be returned by servers).
|
|
|
1518
|
|
|
1519 SSH_FX_OP_UNSUPPORTED
|
|
|
1520 indicates that an attempt was made to perform an operation which
|
|
|
1521 is not supported for the server (it may be generated locally by
|
|
|
1522 the client if e.g. the version number exchange indicates that a
|
|
|
1523 required feature is not supported by the server, or it may be
|
|
|
1524 returned by the server if the server does not implement an
|
|
|
1525 operation).
|
|
|
1526
|
|
|
1527 SSH_FX_INVALID_HANDLE
|
|
|
1528 The handle value was invalid.
|
|
|
1529
|
|
|
1530 SSH_FX_NO_SUCH_PATH
|
|
|
1531 The file path does not exist or is invalid.
|
|
|
1532
|
|
|
1533 SSH_FX_FILE_ALREADY_EXISTS
|
|
|
1534 The file already exists.
|
|
|
1535
|
|
|
1536 SSH_FX_WRITE_PROTECT
|
|
|
1537 The file is on read only media, or the media is write protected.
|
|
|
1538
|
|
|
1539 SSH_FX_NO_MEDIA
|
|
|
1540 The requested operation can not be completed because there is no
|
|
|
1541 media available in the drive.
|
|
|
1542
|
|
|
1543 The SSH_FXP_HANDLE response has the following format:
|
|
|
1544
|
|
|
1545 uint32 id
|
|
|
1546 string handle
|
|
|
1547
|
|
|
1548 where `id' is the request identifier, and `handle' is an arbitrary
|
|
|
1549 string that identifies an open file or directory on the server. The
|
|
|
1550 handle is opaque to the client; the client MUST NOT attempt to
|
|
|
1551 interpret or modify it in any way. The length of the handle string
|
|
|
1552 MUST NOT exceed 256 data bytes.
|
|
|
1553
|
|
|
1554 The SSH_FXP_DATA response has the following format:
|
|
|
1555
|
|
|
1556 uint32 id
|
|
|
1557 string data
|
|
|
1558
|
|
|
1559 where `id' is the request identifier, and `data' is an arbitrary byte
|
|
|
1560 string containing the requested data. The data string may be at most
|
|
|
1561 the number of bytes requested in a SSH_FXP_READ request, but may also
|
|
|
1562 be shorter if end of file is reached or if the read is from something
|
|
|
1563 other than a regular file.
|
|
|
1564
|
|
|
1565
|
|
|
1566
|
|
|
1567
|
|
|
1568 Galbraith, et al. Expires June 18, 2003 [Page 28]
|
|
|
1569 �
|
|
|
1570 Internet-Draft SSH File Transfer Protocol December 2002
|
|
|
1571
|
|
|
1572
|
|
|
1573 The SSH_FXP_NAME response has the following format:
|
|
|
1574
|
|
|
1575 uint32 id
|
|
|
1576 uint32 count
|
|
|
1577 repeats count times:
|
|
|
1578 string filename [UTF-8]
|
|
|
1579 ATTRS attrs
|
|
|
1580
|
|
|
1581 where `id' is the request identifier, `count' is the number of names
|
|
|
1582 returned in this response, and the remaining fields repeat `count'
|
|
|
1583 times (so that all three fields are first included for the first
|
|
|
1584 file, then for the second file, etc). In the repeated part,
|
|
|
1585 `filename' is a file name being returned (for SSH_FXP_READDIR, it
|
|
|
1586 will be a relative name within the directory, without any path
|
|
|
1587 components; for SSH_FXP_REALPATH it will be an absolute path name),
|
|
|
1588 and `attrs' is the attributes of the file as described in Section
|
|
|
1589 ``File Attributes''.
|
|
|
1590
|
|
|
1591 The SSH_FXP_ATTRS response has the following format:
|
|
|
1592
|
|
|
1593 uint32 id
|
|
|
1594 ATTRS attrs
|
|
|
1595
|
|
|
1596 where `id' is the request identifier, and `attrs' is the returned
|
|
|
1597 file attributes as described in Section ``File Attributes''.
|
|
|
1598
|
|
|
1599
|
|
|
1600
|
|
|
1601
|
|
|
1602
|
|
|
1603
|
|
|
1604
|
|
|
1605
|
|
|
1606
|
|
|
1607
|
|
|
1608
|
|
|
1609
|
|
|
1610
|
|
|
1611
|
|
|
1612
|
|
|
1613
|
|
|
1614
|
|
|
1615
|
|
|
1616
|
|
|
1617
|
|
|
1618
|
|
|
1619
|
|
|
1620
|
|
|
1621
|
|
|
1622
|
|
|
1623
|
|
|
1624 Galbraith, et al. Expires June 18, 2003 [Page 29]
|
|
|
1625 �
|
|
|
1626 Internet-Draft SSH File Transfer Protocol December 2002
|
|
|
1627
|
|
|
1628
|
|
|
1629 8. Vendor-Specific Extensions
|
|
|
1630
|
|
|
1631 The SSH_FXP_EXTENDED request provides a generic extension mechanism
|
|
|
1632 for adding vendor-specific commands. The request has the following
|
|
|
1633 format:
|
|
|
1634
|
|
|
1635 uint32 id
|
|
|
1636 string extended-request
|
|
|
1637 ... any request-specific data ...
|
|
|
1638
|
|
|
1639 where `id' is the request identifier, and `extended-request' is a
|
|
|
1640 string of the format "name@domain", where domain is an internet
|
|
|
1641 domain name of the vendor defining the request. The rest of the
|
|
|
1642 request is completely vendor-specific, and servers should only
|
|
|
1643 attempt to interpret it if they recognize the `extended-request'
|
|
|
1644 name.
|
|
|
1645
|
|
|
1646 The server may respond to such requests using any of the response
|
|
|
1647 packets defined in Section ``Responses from the Server to the
|
|
|
1648 Client''. Additionally, the server may also respond with a
|
|
|
1649 SSH_FXP_EXTENDED_REPLY packet, as defined below. If the server does
|
|
|
1650 not recognize the `extended-request' name, then the server MUST
|
|
|
1651 respond with SSH_FXP_STATUS with error/status set to
|
|
|
1652 SSH_FX_OP_UNSUPPORTED.
|
|
|
1653
|
|
|
1654 The SSH_FXP_EXTENDED_REPLY packet can be used to carry arbitrary
|
|
|
1655 extension-specific data from the server to the client. It is of the
|
|
|
1656 following format:
|
|
|
1657
|
|
|
1658 uint32 id
|
|
|
1659 ... any request-specific data ...
|
|
|
1660
|
|
|
1661 There is a range of packet types reserved for use by extensions. In
|
|
|
1662 order to avoid collision, extensions that turn on the use of
|
|
|
1663 additional packet types should determine those numbers dynamically.
|
|
|
1664
|
|
|
1665 The suggested way of doing this is have an extension request from the
|
|
|
1666 client to the server that enables the extension; the extension
|
|
|
1667 response from the server to the client would specify the actual type
|
|
|
1668 values to use, in additional to any other data.
|
|
|
1669
|
|
|
1670 Extension authors should be mindful of the limited range of packet
|
|
|
1671 types available (there are only 45 values available) and avoid
|
|
|
1672 requiring a new packet type where possible.
|
|
|
1673
|
|
|
1674
|
|
|
1675
|
|
|
1676
|
|
|
1677
|
|
|
1678
|
|
|
1679
|
|
|
1680 Galbraith, et al. Expires June 18, 2003 [Page 30]
|
|
|
1681 �
|
|
|
1682 Internet-Draft SSH File Transfer Protocol December 2002
|
|
|
1683
|
|
|
1684
|
|
|
1685 9. Security Considerations
|
|
|
1686
|
|
|
1687 This protocol assumes that it is run over a secure channel and that
|
|
|
1688 the endpoints of the channel have been authenticated. Thus, this
|
|
|
1689 protocol assumes that it is externally protected from network-level
|
|
|
1690 attacks.
|
|
|
1691
|
|
|
1692 This protocol provides file system access to arbitrary files on the
|
|
|
1693 server (only constrained by the server implementation). It is the
|
|
|
1694 responsibility of the server implementation to enforce any access
|
|
|
1695 controls that may be required to limit the access allowed for any
|
|
|
1696 particular user (the user being authenticated externally to this
|
|
|
1697 protocol, typically using the SSH User Authentication Protocol [8].
|
|
|
1698
|
|
|
1699 Care must be taken in the server implementation to check the validity
|
|
|
1700 of received file handle strings. The server should not rely on them
|
|
|
1701 directly; it MUST check the validity of each handle before relying on
|
|
|
1702 it.
|
|
|
1703
|
|
|
1704
|
|
|
1705
|
|
|
1706
|
|
|
1707
|
|
|
1708
|
|
|
1709
|
|
|
1710
|
|
|
1711
|
|
|
1712
|
|
|
1713
|
|
|
1714
|
|
|
1715
|
|
|
1716
|
|
|
1717
|
|
|
1718
|
|
|
1719
|
|
|
1720
|
|
|
1721
|
|
|
1722
|
|
|
1723
|
|
|
1724
|
|
|
1725
|
|
|
1726
|
|
|
1727
|
|
|
1728
|
|
|
1729
|
|
|
1730
|
|
|
1731
|
|
|
1732
|
|
|
1733
|
|
|
1734
|
|
|
1735
|
|
|
1736 Galbraith, et al. Expires June 18, 2003 [Page 31]
|
|
|
1737 �
|
|
|
1738 Internet-Draft SSH File Transfer Protocol December 2002
|
|
|
1739
|
|
|
1740
|
|
|
1741 10. Changes from previous protocol versions
|
|
|
1742
|
|
|
1743 The SSH File Transfer Protocol has changed over time, before it's
|
|
|
1744 standardization. The following is a description of the incompatible
|
|
|
1745 changes between different versions.
|
|
|
1746
|
|
|
1747 10.1 Changes between versions 4 and 3
|
|
|
1748
|
|
|
1749 Many of the changes between version 4 and version 3 are to the
|
|
|
1750 attribute structure to make it more flexible for non-unix platforms.
|
|
|
1751
|
|
|
1752 o Clarify the use of stderr by the server.
|
|
|
1753
|
|
|
1754 o Clarify handling of very large read requests by the server.
|
|
|
1755
|
|
|
1756 o Make all filenames UTF-8.
|
|
|
1757
|
|
|
1758 o Added 'newline' extension.
|
|
|
1759
|
|
|
1760 o Made time fields 64 bit, and optionally have nanosecond resultion.
|
|
|
1761
|
|
|
1762 o Made file attribute owner and group strings so they can actually
|
|
|
1763 be used on disparate systems.
|
|
|
1764
|
|
|
1765 o Added createtime field, and added separate flags for atime,
|
|
|
1766 createtime, and mtime so they can be set separately.
|
|
|
1767
|
|
|
1768 o Split the file type out of the permissions field and into it's own
|
|
|
1769 field (which is always present.)
|
|
|
1770
|
|
|
1771 o Added acl attribute.
|
|
|
1772
|
|
|
1773 o Added SSH_FXF_TEXT file open flag.
|
|
|
1774
|
|
|
1775 o Added flags field to the get stat commands so that the client can
|
|
|
1776 specifically request information the server might not normally
|
|
|
1777 included for performance reasons.
|
|
|
1778
|
|
|
1779 o Removed the long filename from the names structure-- it can now be
|
|
|
1780 built from information available in the attrs structure.
|
|
|
1781
|
|
|
1782 o Added reserved range of packet numbers for extensions.
|
|
|
1783
|
|
|
1784 o Added several additional error codes.
|
|
|
1785
|
|
|
1786
|
|
|
1787
|
|
|
1788
|
|
|
1789
|
|
|
1790
|
|
|
1791
|
|
|
1792 Galbraith, et al. Expires June 18, 2003 [Page 32]
|
|
|
1793 �
|
|
|
1794 Internet-Draft SSH File Transfer Protocol December 2002
|
|
|
1795
|
|
|
1796
|
|
|
1797 10.2 Changes between versions 3 and 2
|
|
|
1798
|
|
|
1799 o The SSH_FXP_READLINK and SSH_FXP_SYMLINK messages were added.
|
|
|
1800
|
|
|
1801 o The SSH_FXP_EXTENDED and SSH_FXP_EXTENDED_REPLY messages were
|
|
|
1802 added.
|
|
|
1803
|
|
|
1804 o The SSH_FXP_STATUS message was changed to include fields `error
|
|
|
1805 message' and `language tag'.
|
|
|
1806
|
|
|
1807
|
|
|
1808 10.3 Changes between versions 2 and 1
|
|
|
1809
|
|
|
1810 o The SSH_FXP_RENAME message was added.
|
|
|
1811
|
|
|
1812
|
|
|
1813 10.4 Changes between versions 1 and 0
|
|
|
1814
|
|
|
1815 o Implementation changes, no actual protocol changes.
|
|
|
1816
|
|
|
1817
|
|
|
1818
|
|
|
1819
|
|
|
1820
|
|
|
1821
|
|
|
1822
|
|
|
1823
|
|
|
1824
|
|
|
1825
|
|
|
1826
|
|
|
1827
|
|
|
1828
|
|
|
1829
|
|
|
1830
|
|
|
1831
|
|
|
1832
|
|
|
1833
|
|
|
1834
|
|
|
1835
|
|
|
1836
|
|
|
1837
|
|
|
1838
|
|
|
1839
|
|
|
1840
|
|
|
1841
|
|
|
1842
|
|
|
1843
|
|
|
1844
|
|
|
1845
|
|
|
1846
|
|
|
1847
|
|
|
1848 Galbraith, et al. Expires June 18, 2003 [Page 33]
|
|
|
1849 �
|
|
|
1850 Internet-Draft SSH File Transfer Protocol December 2002
|
|
|
1851
|
|
|
1852
|
|
|
1853 11. Trademark Issues
|
|
|
1854
|
|
|
1855 "ssh" is a registered trademark of SSH Communications Security Corp
|
|
|
1856 in the United States and/or other countries.
|
|
|
1857
|
|
|
1858
|
|
|
1859
|
|
|
1860
|
|
|
1861
|
|
|
1862
|
|
|
1863
|
|
|
1864
|
|
|
1865
|
|
|
1866
|
|
|
1867
|
|
|
1868
|
|
|
1869
|
|
|
1870
|
|
|
1871
|
|
|
1872
|
|
|
1873
|
|
|
1874
|
|
|
1875
|
|
|
1876
|
|
|
1877
|
|
|
1878
|
|
|
1879
|
|
|
1880
|
|
|
1881
|
|
|
1882
|
|
|
1883
|
|
|
1884
|
|
|
1885
|
|
|
1886
|
|
|
1887
|
|
|
1888
|
|
|
1889
|
|
|
1890
|
|
|
1891
|
|
|
1892
|
|
|
1893
|
|
|
1894
|
|
|
1895
|
|
|
1896
|
|
|
1897
|
|
|
1898
|
|
|
1899
|
|
|
1900
|
|
|
1901
|
|
|
1902
|
|
|
1903
|
|
|
1904 Galbraith, et al. Expires June 18, 2003 [Page 34]
|
|
|
1905 �
|
|
|
1906 Internet-Draft SSH File Transfer Protocol December 2002
|
|
|
1907
|
|
|
1908
|
|
|
1909 References
|
|
|
1910
|
|
|
1911 [1] Dierks, T., Allen, C., Treese, W., Karlton, P., Freier, A. and
|
|
|
1912 P. Kocher, "The TLS Protocol Version 1.0", RFC 2246, January
|
|
|
1913 1999.
|
|
|
1914
|
|
|
1915 [2] Alvestrand, H., "IETF Policy on Character Sets and Languages",
|
|
|
1916 BCP 18, RFC 2277, January 1998.
|
|
|
1917
|
|
|
1918 [3] Shepler, S., Callaghan, B., Robinson, D., Thurlow, R., Beame,
|
|
|
1919 C., Eisler, M. and D. Noveck, "NFS version 4 Protocol", RFC
|
|
|
1920 3010, December 2000.
|
|
|
1921
|
|
|
1922 [4] Institute of Electrical and Electronics Engineers, "Information
|
|
|
1923 Technology - Portable Operating System Interface (POSIX) - Part
|
|
|
1924 1: System Application Program Interface (API) [C Language]",
|
|
|
1925 IEEE Standard 1003.2, 1996.
|
|
|
1926
|
|
|
1927 [5] Rinne, T., Ylonen, T., Kivinen, T., Saarinen, M. and S.
|
|
|
1928 Lehtinen, "SSH Protocol Architecture",
|
|
|
1929 draft-ietf-secsh-architecture-13 (work in progress), September
|
|
|
1930 2002.
|
|
|
1931
|
|
|
1932 [6] Rinne, T., Ylonen, T., Kivinen, T., Saarinen, M. and S.
|
|
|
1933 Lehtinen, "SSH Protocol Transport Protocol",
|
|
|
1934 draft-ietf-secsh-transport-15 (work in progress), September
|
|
|
1935 2002.
|
|
|
1936
|
|
|
1937 [7] Rinne, T., Ylonen, T., Kivinen, T., Saarinen, M. and S.
|
|
|
1938 Lehtinen, "SSH Connection Protocol", draft-ietf-secsh-connect-16
|
|
|
1939 (work in progress), September 2002.
|
|
|
1940
|
|
|
1941 [8] Rinne, T., Ylonen, T., Kivinen, T., Saarinen, M. and S.
|
|
|
1942 Lehtinen, "SSH Authentication Protocol",
|
|
|
1943 draft-ietf-secsh-userauth-16 (work in progress), September 2002.
|
|
|
1944
|
|
|
1945
|
|
|
1946 Authors' Addresses
|
|
|
1947
|
|
|
1948 Joseph Galbraith
|
|
|
1949 VanDyke Software
|
|
|
1950 4848 Tramway Ridge Blvd
|
|
|
1951 Suite 101
|
|
|
1952 Albuquerque, NM 87111
|
|
|
1953 US
|
|
|
1954
|
|
|
1955 Phone: +1 505 332 5700
|
|
|
1956 EMail: galb-list@vandyke.com
|
|
|
1957
|
|
|
1958
|
|
|
1959
|
|
|
1960 Galbraith, et al. Expires June 18, 2003 [Page 35]
|
|
|
1961 �
|
|
|
1962 Internet-Draft SSH File Transfer Protocol December 2002
|
|
|
1963
|
|
|
1964
|
|
|
1965 Tatu Ylonen
|
|
|
1966 SSH Communications Security Corp
|
|
|
1967 Fredrikinkatu 42
|
|
|
1968 HELSINKI FIN-00100
|
|
|
1969 Finland
|
|
|
1970
|
|
|
1971 EMail: ylo@ssh.com
|
|
|
1972
|
|
|
1973
|
|
|
1974 Sami Lehtinen
|
|
|
1975 SSH Communications Security Corp
|
|
|
1976 Fredrikinkatu 42
|
|
|
1977 HELSINKI FIN-00100
|
|
|
1978 Finland
|
|
|
1979
|
|
|
1980 EMail: sjl@ssh.com
|
|
|
1981
|
|
|
1982
|
|
|
1983
|
|
|
1984
|
|
|
1985
|
|
|
1986
|
|
|
1987
|
|
|
1988
|
|
|
1989
|
|
|
1990
|
|
|
1991
|
|
|
1992
|
|
|
1993
|
|
|
1994
|
|
|
1995
|
|
|
1996
|
|
|
1997
|
|
|
1998
|
|
|
1999
|
|
|
2000
|
|
|
2001
|
|
|
2002
|
|
|
2003
|
|
|
2004
|
|
|
2005
|
|
|
2006
|
|
|
2007
|
|
|
2008
|
|
|
2009
|
|
|
2010
|
|
|
2011
|
|
|
2012
|
|
|
2013
|
|
|
2014
|
|
|
2015
|
|
|
2016 Galbraith, et al. Expires June 18, 2003 [Page 36]
|
|
|
2017 �
|
|
|
2018 Internet-Draft SSH File Transfer Protocol December 2002
|
|
|
2019
|
|
|
2020
|
|
|
2021 Intellectual Property Statement
|
|
|
2022
|
|
|
2023 The IETF takes no position regarding the validity or scope of any
|
|
|
2024 intellectual property or other rights that might be claimed to
|
|
|
2025 pertain to the implementation or use of the technology described in
|
|
|
2026 this document or the extent to which any license under such rights
|
|
|
2027 might or might not be available; neither does it represent that it
|
|
|
2028 has made any effort to identify any such rights. Information on the
|
|
|
2029 IETF's procedures with respect to rights in standards-track and
|
|
|
2030 standards-related documentation can be found in BCP-11. Copies of
|
|
|
2031 claims of rights made available for publication and any assurances of
|
|
|
2032 licenses to be made available, or the result of an attempt made to
|
|
|
2033 obtain a general license or permission for the use of such
|
|
|
2034 proprietary rights by implementors or users of this specification can
|
|
|
2035 be obtained from the IETF Secretariat.
|
|
|
2036
|
|
|
2037 The IETF invites any interested party to bring to its attention any
|
|
|
2038 copyrights, patents or patent applications, or other proprietary
|
|
|
2039 rights which may cover technology that may be required to practice
|
|
|
2040 this standard. Please address the information to the IETF Executive
|
|
|
2041 Director.
|
|
|
2042
|
|
|
2043
|
|
|
2044 Full Copyright Statement
|
|
|
2045
|
|
|
2046 Copyright (C) The Internet Society (2002). All Rights Reserved.
|
|
|
2047
|
|
|
2048 This document and translations of it may be copied and furnished to
|
|
|
2049 others, and derivative works that comment on or otherwise explain it
|
|
|
2050 or assist in its implementation may be prepared, copied, published
|
|
|
2051 and distributed, in whole or in part, without restriction of any
|
|
|
2052 kind, provided that the above copyright notice and this paragraph are
|
|
|
2053 included on all such copies and derivative works. However, this
|
|
|
2054 document itself may not be modified in any way, such as by removing
|
|
|
2055 the copyright notice or references to the Internet Society or other
|
|
|
2056 Internet organizations, except as needed for the purpose of
|
|
|
2057 developing Internet standards in which case the procedures for
|
|
|
2058 copyrights defined in the Internet Standards process must be
|
|
|
2059 followed, or as required to translate it into languages other than
|
|
|
2060 English.
|
|
|
2061
|
|
|
2062 The limited permissions granted above are perpetual and will not be
|
|
|
2063 revoked by the Internet Society or its successors or assignees.
|
|
|
2064
|
|
|
2065 This document and the information contained herein is provided on an
|
|
|
2066 "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
|
|
|
2067 TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
|
|
|
2068 BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
|
|
|
2069
|
|
|
2070
|
|
|
2071
|
|
|
2072 Galbraith, et al. Expires June 18, 2003 [Page 37]
|
|
|
2073 �
|
|
|
2074 Internet-Draft SSH File Transfer Protocol December 2002
|
|
|
2075
|
|
|
2076
|
|
|
2077 HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
|
|
|
2078 MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
|
|
|
2079
|
|
|
2080
|
|
|
2081 Acknowledgement
|
|
|
2082
|
|
|
2083 Funding for the RFC Editor function is currently provided by the
|
|
|
2084 Internet Society.
|
|
|
2085
|
|
|
2086
|
|
|
2087
|
|
|
2088
|
|
|
2089
|
|
|
2090
|
|
|
2091
|
|
|
2092
|
|
|
2093
|
|
|
2094
|
|
|
2095
|
|
|
2096
|
|
|
2097
|
|
|
2098
|
|
|
2099
|
|
|
2100
|
|
|
2101
|
|
|
2102
|
|
|
2103
|
|
|
2104
|
|
|
2105
|
|
|
2106
|
|
|
2107
|
|
|
2108
|
|
|
2109
|
|
|
2110
|
|
|
2111
|
|
|
2112
|
|
|
2113
|
|
|
2114
|
|
|
2115
|
|
|
2116
|
|
|
2117
|
|
|
2118
|
|
|
2119
|
|
|
2120
|
|
|
2121
|
|
|
2122
|
|
|
2123
|
|
|
2124
|
|
|
2125
|
|
|
2126
|
|
|
2127
|
|
|
2128 Galbraith, et al. Expires June 18, 2003 [Page 38]
|
|
|
2129 �
|
|
|
2130
|
