SFTP and FTP: allow logging in with an arbitrary cap URI as root directory #1356
Labels
No labels
0.2.0
0.3.0
0.4.0
0.5.0
0.5.1
0.6.0
0.6.1
0.7.0
0.8.0
0.9.0
1.0.0
1.1.0
1.10.0
1.10.1
1.10.2
1.10a2
1.11.0
1.12.0
1.12.1
1.13.0
1.14.0
1.15.0
1.15.1
1.2.0
1.3.0
1.4.1
1.5.0
1.6.0
1.6.1
1.7.0
1.7.1
1.7β
1.8.0
1.8.1
1.8.2
1.8.3
1.8β
1.9.0
1.9.0-s3branch
1.9.0a1
1.9.0a2
1.9.0b1
1.9.1
1.9.2
1.9.2a1
LeastAuthority.com automation
blocker
cannot reproduce
cloud-branch
code
code-dirnodes
code-encoding
code-frontend
code-frontend-cli
code-frontend-ftp-sftp
code-frontend-magic-folder
code-frontend-web
code-mutable
code-network
code-nodeadmin
code-peerselection
code-storage
contrib
critical
defect
dev-infrastructure
documentation
duplicate
enhancement
fixed
invalid
major
minor
n/a
normal
operational
packaging
somebody else's problem
supercritical
task
trivial
unknown
was already fixed
website
wontfix
worksforme
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference: tahoe-lafs/trac-2024-07-25#1356
Loading…
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
The SFTP and FTP frontends should allow logging in with username
uri, and password an arbitrary cap URI.Implementing this for SFTP can then be used to support a
tahoe mountcommand (#1357), as suggested in /tahoe-lafs/trac-2024-07-25/issues/8858#comment:124232. For both SFTP and FTP, it is potentially useful to be able to log in with a root URI without having set up an account for it in theftp.accountsfile. (SFTP and FTP use the same code in source:src/allmydata/frontends/auth.py to handle logins, so it is simpler for them to behave the same.)Note that you can already access an arbitrary cap URI via the
/uri/directory, but that does not have nearly as nice usability properties, because you can't access aliases that way. (Allowing access to aliases would provide ambient authority and so is not capability-secure.)SFTP: allow logging in with an arbitrary cap URI as rootto SFTP: allow logging in with an arbitrary cap URI as root directorySFTP: allow logging in with an arbitrary cap URI as root directoryto SFTP and FTP: allow logging in with an arbitrary cap URI as root directoryAttachment uri-login.darcs.2.patch (31886 bytes) added
SFTP and FTP: allow logging in with an arbitrary cap URI as root directory. refs #1356
I have manually tested that this patch works for SFTP with FileZilla, and the OpenSSH command-line sftp client. I have not yet checked that it works with sshfs. I have not checked FTP (which I can't get to work at all because of #1360).
Note that if you give an incorrect root URI as the password, the login will succeed but subsequent operations will fail. This is the same behaviour as when an incorrect root URI is given for the account in the
ftp.accountsfile. Perhaps the login should fail in both cases.Replying to davidsarah:
-snip-
It is a good behaviour to fail the soonest when some problem occurs. If login failed then it should be reported there and then and not at the next operation. So, I say Aye to the last sentance in the quoted comment.
Removing the tag
design-reviewedbecause it matches this search forreviewed: http://tahoe-lafs.org/trac/tahoe-lafs/query?status=!closed&keywords=~reviewed&order=priority , which query I use to find patches that I should apply to trunk.Since the main motivation for this is the proposed
tahoe mountcommand, which is not ready for 1.9, I'm bumping this out of 1.9 as well.This will not work with sshfs due to https://bugs.launchpad.net/ubuntu/+source/sshfs-fuse/+bug/1406840.
Replying to daira:
Fixed by http://sourceforge.net/p/fuse/sshfs/ci/e4e14109ade6398ecae5ae882635410b606b2649/ (unreleased).
Milestone renamed
renaming milestone
Moving open issues out of closed milestones.
Ticket retargeted after milestone closed