IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Please publish the attached draft-galb-filexfer-extensions-00.txt
Thanks,
Joseph
Secure Shell Working Group J. Galbraith
Internet-Draft VanDyke Software
Expires: April 8, 2006 O. Saarenmaa
F-Secure
October 5, 2005
SSH File Transfer Protocol
draft-galb-filexfer-extensions-00.txt
Status of this Memo
By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on April 8, 2006.
Copyright Notice
Copyright (C) The Internet Society (2005).
Abstract
The SSH File Transfer Protocol provides a rich infrastructure for
sharing information about files. This document describes several
optional extensions that build on this infrastructure.
Galbraith & Saarenmaa Expires April 8, 2006 [Page 1]
�
Internet-Draft SSH File Transfer Protocol October 2005
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Vendor Id . . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. File Hashing . . . . . . . . . . . . . . . . . . . . . . . . . 3
4. Querying Available Space . . . . . . . . . . . . . . . . . . . 5
5. Querying User Home Directory . . . . . . . . . . . . . . . . . 6
6. Security Considerations . . . . . . . . . . . . . . . . . . . 7
7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 7
7.1. Normative References . . . . . . . . . . . . . . . . . . . 7
7.2. Informative References . . . . . . . . . . . . . . . . . . 8
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 9
Intellectual Property and Copyright Statements . . . . . . . . . . 10
Galbraith & Saarenmaa Expires April 8, 2006 [Page 2]
�
Internet-Draft SSH File Transfer Protocol October 2005
1. Introduction
This is a collection of optional extensions to the SSH File Transfer
Protocol [I-D.ietf-secsh-filexfer]. This extensions make it possible
for clients to query the server for additional information which may
not be widely supported, but can increase the quality of the users
experience when the server can support them.
2. Vendor Id
It is often necessary to detect the version of the server so that
bugs can be worked around. This extension allows the client to do
so. (It may also be sent by the client using an EXTENDED request.)
string "vendor-id"
string vendor-structure
string vendor-name [UTF-8]
string product-name [UTF-8]
string product-version [UTF-8]
uint64 product-build-number
vendor-name
Arbitrary name identifying the maker of the product.
product-name
Arbitrary name identifying the product.
product-name
Arbitrary string identifying the version of the product.
product-build-number
A build-number for the product, such that if a bug is fixed in
build-number 'x', it can be assumed that (barring regression in
the product) it is fixed in all build-numbers > 'x'.
3. File Hashing
This extension allows a client to easily check if a file (or portion
thereof) that it already has matches what is on the server.
Galbraith & Saarenmaa Expires April 8, 2006 [Page 3]
�
Internet-Draft SSH File Transfer Protocol October 2005
byte SSH_FXP_EXTENDED
uint32 request-id
string "check-file-handle" / "check-file-name"
string handle / name
string hash-algorithm-list
uint64 start-offset
uint64 length
uint32 block-size
handle
For "check-file-handle", 'handle' is an open file handle returned
by SSH_FXP_OPEN. If 'handle' is not a handle returned by
SSH_FXP_OPEN, the server MUST return SSH_FX_INVALID_HANDLE. If
ACE4_READ_DATA was not included when the file was opened, the
server MUST return STATUS_PERMISSION_DENIED.
If this file handle was opened in SSH_FXF_ACCESS_TEXT_MODE mode,
the check must be performed on the data as it would be sent on the
wire.
name
For "check-file-name", 'name' is the path to the file to check.
If 'check-file-name' is a directory, SSH_FX_FILE_IS_A_DIRECTORY
SHOULD be returned. If 'check-file-name' refers to a
SSH_FILEXFER_TYPE_SYMLINK, the target should be opened. The
results are undefined file types other than
SSH_FILEXFER_TYPE_REGULAR.
The file MUST be opened without the SSH_FXF_ACCESS_TEXT_MODE
access flag (in binary mode.)
hash-algorithm-list
A comma separated list of hash algorithms the client is willing to
accept for this operation. The server MUST pick the first hash on
the list that it supports.
Currently defined algorithms are "md5", "sha1", "sha224",
"sha256", "sha384", "sha512", and "crc32". Additional algorithms
may be added by following the DNS extensibility naming convention
outlined in [I-D.ietf-secsh-architecture].
MD5 is described in [RFC1321]. SHA-1, SHA-224, SHA-256, SHA-384,
and SHA-512 are described in [FIPS-180-2]. [ISO.3309.1991]
describes crc32, and is the same algorithm used in [RFC1510]
Galbraith & Saarenmaa Expires April 8, 2006 [Page 4]
�
Internet-Draft SSH File Transfer Protocol October 2005
start-offset
The starting offset of the data to include in the hash.
length
The length of data to include in the hash. If length is zero, all
the data from start-offset to the end-of-file should be included.
block-size
An independent hash MUST be computed over every block in the file.
The size of blocks is specified by block-size. The block-size
MUST NOT be smaller than 256 bytes. If the block-size is 0, then
only one hash, over the entire range, MUST be made.
The response is either a SSH_FXP_STATUS packet, indicating an error,
or the following extended reply packet:
byte SSH_FXP_EXTENDED_REPLY
uint32 request-id
string "check-file"
string hash-algo-used
byte hash[n][block-count]
hash-algo-used
The hash algorithm that was actually used.
hash
The computed hashes. The hash algorithm used determines the size
of n. The number of block-size chunks of data in the file
determines block-count. The hashes are placed in the packet one
after another, with no decoration.
Note that if the length of the range is not an even multiple of
block-size, the last hash will have been computed over only the
remainder of the range instead of a full block.
4. Querying Available Space
The following extension provides a way to discover the available
space for an arbitrary path.
byte SSH_FXP_EXTENDED
uint32 request-id
string "space-available"
string path [UTF-8]
Galbraith & Saarenmaa Expires April 8, 2006 [Page 5]
�
Internet-Draft SSH File Transfer Protocol October 2005
path
'path' for which the available space should be reported. This
'path' is not required to be the mount point path, but MAY be a
directory or file contained within the mount.
The reply to the request is as follows:
byte SSH_FXP_EXTENDED_REPLY
uint32 request-id
uint64 bytes-on-device
uint64 unused-bytes-on-device
uint64 bytes-available-to-user
uint64 unused-bytes-available-to-user
uint32 bytes-per-allocation-unit
bytes-on-device
The total number of bytes on the device which stores 'path', both
used and unused, or 0 if unknown.
unused-bytes-on-device
The total number of unused bytes available on the device which
stores 'path', or 0 if unknown.
bytes-available-to-user
The total number of bytes, both used and unused, available to the
authenticated user on the device which stores 'path', or 0 if
unknown.
unused-bytes-available-to-user
The total number of unused bytes available to the authenticated
user on the device which stores 'path', or 0 if unknown.
bytes-per-allocation-unit
The number of bytes in each allocation unit on the device, or in
other words, the minimum number of bytes that a file allocation
size can grow or shrink by. If the server does not know this
information, or the file-system in use does not use allocation
blocks, this value MUST be 0.
5. Querying User Home Directory
Many users are used to being able to type '~' as an alias for their
home directory, or ~username as an alias for another user's home
directory. To support this feature, a server MAY support following
extension.
Galbraith & Saarenmaa Expires April 8, 2006 [Page 6]
�
Internet-Draft SSH File Transfer Protocol October 2005
byte SSH_FXP_EXTENDED
uint32 request-id
string "home-directory"
string username [UTF-8]
username
Username whose home directory path is being requested. An empty
string implies the current user.
The reply to the request is either a SSH_FXP_STATUS packet or the
following extended reply:
byte SSH_FXP_EXTENDED_REPLY
uint32 request-id
string "home-directory"
string absolute-pathname
absolute-pathname
Absolute pathname of the specified user's home directory, suitable
for use in operations such as REALPATH or OPENDIR.
6. Security Considerations
The home directory extension could be used to discover whether a
given user is valid; however, since users are assumed to be
authenticated by the underlying protocol, this is probably not
significant in most situations. If a server would not normally allow
an authenticated user to query the existance of another user, the
server MUST NOT allow the "home-directory" extension.
7. References
7.1. Normative References
[RFC1321] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321,
April 1992.
[RFC1510] Kohl, J. and B. Neuman, "The Kerberos Network
Authentication Service (V5)", RFC 1510, September 1993.
[I-D.ietf-secsh-architecture]
Ylonen, T. and C. Lonvick, "SSH Protocol Architecture",
draft-ietf-secsh-architecture-22 (work in progress),
March 2005.
Galbraith & Saarenmaa Expires April 8, 2006 [Page 7]
�
Internet-Draft SSH File Transfer Protocol October 2005
[I-D.ietf-secsh-transport]
Lonvick, C., "SSH Transport Layer Protocol",
draft-ietf-secsh-transport-24 (work in progress),
March 2005.
[I-D.ietf-secsh-filexfer]
Galbraith, J., "SSH File Transfer Protocol",
draft-ietf-secsh-filexfer-09 (work in progress),
June 2005.
[FIPS-180-2]
National Institute of Standards and Technology, "Secure
Hash Standard (SHS)", Federal Information Processing
Standards Publication 180-2, August 2002.
[ISO.3309.1991]
International Organization for Standardization,
"Information Technology - Telecommunications and
information exchange between systems - High-level data
link control (HDLC) procedures - Frame structure",
ISO Standard 3309, June 1991.
7.2. Informative References
Trademark notice
"ssh" is a registered trademark in the United States and/or other
countries.
Galbraith & Saarenmaa Expires April 8, 2006 [Page 8]
�
Internet-Draft SSH File Transfer Protocol October 2005
Authors' Addresses
Joseph Galbraith
VanDyke Software
4848 Tramway Ridge Blvd
Suite 101
Albuquerque, NM 87111
US
Phone: +1 505 332 5700
Email: galb-list%vandyke.com@localhost
Oskari Saarenmaa
F-Secure
Tammasaarenkatu 7
Helsinki 00180
FI
Email: oskari.saarenmaa%f-secure.com@localhost
Galbraith & Saarenmaa Expires April 8, 2006 [Page 9]
�
Internet-Draft SSH File Transfer Protocol October 2005
Intellectual Property Statement
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr%ietf.org@localhost.
Disclaimer of Validity
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Copyright Statement
Copyright (C) The Internet Society (2005). This document is subject
to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights.
Acknowledgment
Funding for the RFC Editor function is currently provided by the
Internet Society.
Galbraith & Saarenmaa Expires April 8, 2006 [Page 10]
�
Home |
Main Index |
Thread Index |
Old Index