SFTP and FTP: allow logging in with an arbitrary cap URI as root directory #1356

New Issue

tahoe-lafs · 2011-02-04T03:30:47Z

davidsarah commented

2011-02-04 03:30:47 +00:00

The SFTP and FTP frontends should allow logging in with username uri, and password an arbitrary cap URI.

Implementing this for SFTP can then be used to support a tahoe mount command (#1357), as suggested in /tahoe-lafs/trac-2024-07-25/issues/6415#comment:82623. For both SFTP and FTP, it is potentially useful to be able to log in with a root URI without having set up an account for it in the ftp.accounts file. (SFTP and FTP use the same code in source:src/allmydata/frontends/auth.py to handle logins, so it is simpler for them to behave the same.)

Note that you can already access an arbitrary cap URI via the /uri/ directory, but that does not have nearly as nice usability properties, because you can't access aliases that way. (Allowing access to aliases would provide ambient authority and so is not capability-secure.)

The SFTP and FTP frontends should allow logging in with username `uri`, and password an arbitrary cap URI. Implementing this for SFTP can then be used to support a `tahoe mount` command (#1357), as suggested in [/tahoe-lafs/trac-2024-07-25/issues/6415](/tahoe-lafs/trac-2024-07-25/issues/6415)#[comment:82623](/tahoe-lafs/trac-2024-07-25/issues/1356#issuecomment-82623). For both SFTP and FTP, it is potentially useful to be able to log in with a root URI without having set up an account for it in the `ftp.accounts` file. (SFTP and FTP use the same code in source:src/allmydata/frontends/auth.py to handle logins, so it is simpler for them to behave the same.) Note that you can already access an arbitrary cap URI via the `/uri/` directory, but that does not have nearly as nice usability properties, because you can't access aliases that way. (Allowing access to aliases would provide ambient authority and so is not capability-secure.)

tahoe-lafs added the

labels 2011-02-04 03:30:47 +00:00

tahoe-lafs added this to the 1.9.0 milestone 2011-02-04 03:30:47 +00:00

tahoe-lafs changed title from ~~SFTP: allow logging in with an arbitrary cap URI as root~~ to SFTP: allow logging in with an arbitrary cap URI as root directory

2011-02-04 04:03:22 +00:00

tahoe-lafs changed title from ~~SFTP: allow logging in with an arbitrary cap URI as root directory~~ to SFTP and FTP: allow logging in with an arbitrary cap URI as root directory

2011-02-04 22:34:22 +00:00

davidsarah commented

2011-02-04 22:49:39 +00:00

Attachment uri-login.darcs.2.patch (31886 bytes) added

SFTP and FTP: allow logging in with an arbitrary cap URI as root directory. refs #1356

**Attachment** uri-login.darcs.2.patch (31886 bytes) added SFTP and FTP: allow logging in with an arbitrary cap URI as root directory. refs #1356

uri-login.darcs.2.patch

31 KiB

davidsarah commented

2011-02-04 23:43:54 +00:00

I have manually tested that this patch works for SFTP with FileZilla, and the OpenSSH command-line sftp client. I have not yet checked that it works with sshfs. I have not checked FTP (which I can't get to work at all because of #1360).

Note that if you give an incorrect root URI as the password, the login will succeed but subsequent operations will fail. This is the same behaviour as when an incorrect root URI is given for the account in the ftp.accounts file. Perhaps the login should fail in both cases.

I have manually tested that this patch works for SFTP with FileZilla, and the OpenSSH command-line sftp client. I have not yet checked that it works with sshfs. I have not checked FTP (which I can't get to work at all because of #1360). Note that if you give an incorrect root URI as the password, the login will succeed but subsequent operations will fail. This is the same behaviour as when an incorrect root URI is given for the account in the `ftp.accounts` file. Perhaps the login should fail in both cases.

Zarutian commented

2011-06-05 02:20:46 +00:00

Replying to davidsarah:

-snip-

Note that if you give an incorrect root URI as the password, the login will succeed but subsequent operations will fail. This is the same behaviour as when an incorrect root URI is given for the account in the ftp.accounts file. Perhaps the login should fail in both cases.

It is a good behaviour to fail the soonest when some problem occurs. If login failed then it should be reported there and then and not at the next operation. So, I say Aye to the last sentance in the quoted comment.

Replying to [davidsarah](/tahoe-lafs/trac-2024-07-25/issues/1356#issuecomment-82623): -snip- > > Note that if you give an incorrect root URI as the password, the login will succeed but subsequent operations will fail. This is the same behaviour as when an incorrect root URI is given for the account in the `ftp.accounts` file. Perhaps the login should fail in both cases. It is a good behaviour to fail the soonest when some problem occurs. If login failed then it should be reported there and then and not at the next operation. So, I say Aye to the last sentance in the quoted comment.

zooko commented

2011-06-23 21:20:52 +00:00

Removing the tag design-reviewed because it matches this search for reviewed: http://tahoe-lafs.org/trac/tahoe-lafs/query?status=!closed&keywords=~reviewed&order=priority , which query I use to find patches that I should apply to trunk.

Removing the tag `design-reviewed` because it matches this search for `reviewed`: <http://tahoe-lafs.org/trac/tahoe-lafs/query?status=!closed&keywords=~reviewed&order=priority> , which query I use to find patches that I should apply to trunk.

davidsarah commented

2011-07-24 22:40:26 +00:00

Since the main motivation for this is the proposed tahoe mount command, which is not ready for 1.9, I'm bumping this out of 1.9 as well.

Since the main motivation for this is the proposed `tahoe mount` command, which is not ready for 1.9, I'm bumping this out of 1.9 as well.

tahoe-lafs modified the milestone from 1.9.0 to 1.10.0

2011-07-24 22:40:26 +00:00

tahoe-lafs modified the milestone from 1.11.0 to 1.10.0

2012-04-01 03:49:21 +00:00

tahoe-lafs added

enhancement

and removed

defect

labels 2012-09-04 16:44:24 +00:00

tahoe-lafs modified the milestone from 1.10.0 to soon

2012-09-04 16:44:24 +00:00

tahoe-lafs modified the milestone from soon to 1.12.0

2013-08-13 23:04:31 +00:00

warner added

code-frontend-ftp-sftp

and removed

code-frontend

labels 2014-12-02 19:44:52 +00:00

daira commented

2015-03-20 17:39:42 +00:00

This will not work with sshfs due to https://bugs.launchpad.net/ubuntu/+source/sshfs-fuse/+bug/1406840.

This will not work with sshfs due to <https://bugs.launchpad.net/ubuntu/+source/sshfs-fuse/+bug/1406840>.

daira commented

2015-04-14 17:24:53 +00:00

Replying to daira:

This will not work with sshfs due to https://bugs.launchpad.net/ubuntu/+source/sshfs-fuse/+bug/1406840.

Fixed by http://sourceforge.net/p/fuse/sshfs/ci/e4e14109ade6398ecae5ae882635410b606b2649/ (unreleased).

Replying to [daira](/tahoe-lafs/trac-2024-07-25/issues/1356#issuecomment-82635): > This will not work with sshfs due to <https://bugs.launchpad.net/ubuntu/+source/sshfs-fuse/+bug/1406840>. Fixed by <http://sourceforge.net/p/fuse/sshfs/ci/e4e14109ade6398ecae5ae882635410b606b2649/> (unreleased).

warner commented

2016-03-22 05:02:25 +00:00

Milestone renamed

warner modified the milestone from 1.12.0 to 1.13.0

2016-03-22 05:02:25 +00:00

warner commented

2016-06-28 18:17:14 +00:00

renaming milestone

warner modified the milestone from 1.13.0 to 1.14.0

2016-06-28 18:17:14 +00:00

exarkun commented

2020-06-30 14:45:13 +00:00