mirror of
https://gitlab.freedesktop.org/gstreamer/gstreamer.git
synced 2025-01-15 03:45:38 +00:00
496 lines
16 KiB
C
496 lines
16 KiB
C
/* GStreamer
|
|
* Copyright (C) 2011 Axis Communications <dev-gstreamer@axis.com>
|
|
*
|
|
* This library is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU Library General Public
|
|
* License as published by the Free Software Foundation; either
|
|
* version 2 of the License, or (at your option) any later version.
|
|
*
|
|
* This library is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* Library General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Library General Public
|
|
* License along with this library; if not, write to the
|
|
* Free Software Foundation, Inc., 51 Franklin St, Fifth Floor,
|
|
* Boston, MA 02110-1301, USA.
|
|
*/
|
|
|
|
/**
|
|
* SECTION:element-curlsshsink
|
|
* @short_description: sink that uploads data to a server using libcurl
|
|
* @see_also:
|
|
*
|
|
* This is a network sink that uses libcurl.
|
|
*
|
|
*/
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
#include "config.h"
|
|
#endif
|
|
|
|
#include "gstcurlbasesink.h"
|
|
#include "gstcurlsshsink.h"
|
|
|
|
#include <curl/curl.h>
|
|
#include <string.h>
|
|
#include <stdio.h>
|
|
|
|
#ifdef G_OS_WIN32
|
|
#include <winsock2.h>
|
|
#else
|
|
#include <sys/socket.h>
|
|
#include <netinet/in.h>
|
|
#include <netinet/ip.h>
|
|
#include <netinet/tcp.h>
|
|
#endif
|
|
#include <sys/types.h>
|
|
#include <unistd.h>
|
|
#include <sys/stat.h>
|
|
#include <fcntl.h>
|
|
|
|
/* Default values */
|
|
#define GST_CAT_DEFAULT gst_curl_ssh_sink_debug
|
|
|
|
/* Plugin specific settings */
|
|
|
|
GST_DEBUG_CATEGORY_STATIC (gst_curl_ssh_sink_debug);
|
|
|
|
enum
|
|
{
|
|
PROP_0,
|
|
PROP_SSH_AUTH_TYPE,
|
|
PROP_SSH_PUB_KEYFILE,
|
|
PROP_SSH_PRIV_KEYFILE,
|
|
PROP_SSH_KEY_PASSPHRASE,
|
|
PROP_SSH_KNOWNHOSTS,
|
|
PROP_SSH_HOST_PUBLIC_KEY_MD5,
|
|
PROP_SSH_ACCEPT_UNKNOWNHOST
|
|
};
|
|
|
|
|
|
/* curl SSH-key matching callback */
|
|
static gint curl_ssh_sink_sshkey_cb (CURL * easy_handle,
|
|
const struct curl_khkey *knownkey, const struct curl_khkey *foundkey,
|
|
enum curl_khmatch, void *clientp);
|
|
|
|
|
|
/* Object class function declarations */
|
|
|
|
static void gst_curl_ssh_sink_set_property (GObject * object, guint prop_id,
|
|
const GValue * value, GParamSpec * pspec);
|
|
static void gst_curl_ssh_sink_get_property (GObject * object, guint prop_id,
|
|
GValue * value, GParamSpec * pspec);
|
|
static void gst_curl_ssh_sink_finalize (GObject * gobject);
|
|
static gboolean gst_curl_ssh_sink_set_options_unlocked (GstCurlBaseSink *
|
|
bcsink);
|
|
|
|
|
|
/* private functions */
|
|
|
|
#define gst_curl_ssh_sink_parent_class parent_class
|
|
G_DEFINE_TYPE (GstCurlSshSink, gst_curl_ssh_sink, GST_TYPE_CURL_BASE_SINK);
|
|
|
|
/* Register the auth types with the GLib type system */
|
|
#define GST_TYPE_CURL_SSH_SINK_AUTH_TYPE (gst_curl_ssh_sink_auth_get_type ())
|
|
static GType
|
|
gst_curl_ssh_sink_auth_get_type (void)
|
|
{
|
|
static GType gtype = 0;
|
|
|
|
if (!gtype) {
|
|
static const GEnumValue auth_types[] = {
|
|
{GST_CURLSSH_AUTH_NONE, "Not allowed", "none"},
|
|
{GST_CURLSSH_AUTH_PUBLICKEY, "Public/private key files", "pubkey"},
|
|
{GST_CURLSSH_AUTH_PASSWORD, "Password authentication", "password"},
|
|
{0, NULL, NULL}
|
|
};
|
|
gtype = g_enum_register_static ("GstCurlSshAuthType", auth_types);
|
|
}
|
|
return gtype;
|
|
}
|
|
|
|
static void
|
|
gst_curl_ssh_sink_class_init (GstCurlSshSinkClass * klass)
|
|
{
|
|
GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
|
|
GstElementClass *element_class = GST_ELEMENT_CLASS (klass);
|
|
|
|
GST_DEBUG_CATEGORY_INIT (gst_curl_ssh_sink_debug, "curlsshsink", 0,
|
|
"curl ssh sink element");
|
|
|
|
GST_DEBUG_OBJECT (klass, "class_init");
|
|
|
|
gst_element_class_set_static_metadata (element_class,
|
|
"Curl SSH sink", "Sink/Network",
|
|
"Upload data over SSH/SFTP using libcurl", "Sorin L. <sorin@axis.com>");
|
|
|
|
gobject_class->finalize = GST_DEBUG_FUNCPTR (gst_curl_ssh_sink_finalize);
|
|
|
|
gobject_class->set_property = gst_curl_ssh_sink_set_property;
|
|
gobject_class->get_property = gst_curl_ssh_sink_get_property;
|
|
|
|
klass->set_options_unlocked = gst_curl_ssh_sink_set_options_unlocked;
|
|
|
|
g_object_class_install_property (gobject_class, PROP_SSH_AUTH_TYPE,
|
|
g_param_spec_enum ("ssh-auth-type", "SSH authentication type",
|
|
"SSH authentication method to authenticate on the SSH/SFTP server",
|
|
GST_TYPE_CURL_SSH_SINK_AUTH_TYPE, GST_CURLSSH_AUTH_NONE,
|
|
G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS));
|
|
|
|
g_object_class_install_property (gobject_class, PROP_SSH_PUB_KEYFILE,
|
|
g_param_spec_string ("ssh-pub-keyfile",
|
|
"SSH public key file",
|
|
"The complete path & filename of the SSH public key file",
|
|
NULL, G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS));
|
|
|
|
g_object_class_install_property (gobject_class, PROP_SSH_PRIV_KEYFILE,
|
|
g_param_spec_string ("ssh-priv-keyfile",
|
|
"SSH private key file",
|
|
"The complete path & filename of the SSH private key file",
|
|
NULL, G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS));
|
|
|
|
g_object_class_install_property (gobject_class, PROP_SSH_KEY_PASSPHRASE,
|
|
g_param_spec_string ("ssh-key-passphrase", "Passphrase of the priv key",
|
|
"The passphrase used to protect the SSH private key file",
|
|
NULL, G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS));
|
|
|
|
g_object_class_install_property (gobject_class, PROP_SSH_KNOWNHOSTS,
|
|
g_param_spec_string ("ssh-knownhosts",
|
|
"SSH known hosts",
|
|
"The complete path & filename of the SSH 'known_hosts' file",
|
|
NULL, G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS));
|
|
|
|
g_object_class_install_property (gobject_class, PROP_SSH_HOST_PUBLIC_KEY_MD5,
|
|
g_param_spec_string ("ssh-host-pubkey-md5",
|
|
"MD5 checksum of the remote host's public key",
|
|
"MD5 checksum (32 hexadecimal digits, case-insensitive) of the "
|
|
"remote host's public key",
|
|
NULL, G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS));
|
|
|
|
g_object_class_install_property (gobject_class, PROP_SSH_ACCEPT_UNKNOWNHOST,
|
|
g_param_spec_boolean ("ssh-accept-unknownhost",
|
|
"SSH accept unknown host",
|
|
"Accept an unknown remote public host key",
|
|
FALSE, G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS));
|
|
}
|
|
|
|
static void
|
|
gst_curl_ssh_sink_init (GstCurlSshSink * sink)
|
|
{
|
|
sink->ssh_auth_type = CURLSSH_AUTH_NONE;
|
|
sink->ssh_pub_keyfile = NULL;
|
|
sink->ssh_priv_keyfile = NULL;
|
|
sink->ssh_key_passphrase = NULL;
|
|
sink->ssh_knownhosts = NULL;
|
|
sink->ssh_host_public_key_md5 = NULL;
|
|
sink->ssh_accept_unknownhost = FALSE;
|
|
}
|
|
|
|
static void
|
|
gst_curl_ssh_sink_finalize (GObject * gobject)
|
|
{
|
|
GstCurlSshSink *this = GST_CURL_SSH_SINK (gobject);
|
|
|
|
GST_DEBUG ("finalizing curlsshsink");
|
|
|
|
g_free (this->ssh_pub_keyfile);
|
|
g_free (this->ssh_priv_keyfile);
|
|
g_free (this->ssh_key_passphrase);
|
|
g_free (this->ssh_knownhosts);
|
|
g_free (this->ssh_host_public_key_md5);
|
|
|
|
G_OBJECT_CLASS (parent_class)->finalize (gobject);
|
|
}
|
|
|
|
static void
|
|
gst_curl_ssh_sink_set_property (GObject * object, guint prop_id,
|
|
const GValue * value, GParamSpec * pspec)
|
|
{
|
|
GstCurlSshSink *sink;
|
|
GstState cur_state;
|
|
|
|
g_return_if_fail (GST_IS_CURL_SSH_SINK (object));
|
|
sink = GST_CURL_SSH_SINK (object);
|
|
|
|
gst_element_get_state (GST_ELEMENT (sink), &cur_state, NULL, 0);
|
|
|
|
if (cur_state == GST_STATE_PLAYING || cur_state == GST_STATE_PAUSED) {
|
|
return;
|
|
}
|
|
|
|
GST_OBJECT_LOCK (sink);
|
|
switch (prop_id) {
|
|
case PROP_SSH_AUTH_TYPE:
|
|
sink->ssh_auth_type = g_value_get_enum (value);
|
|
GST_DEBUG_OBJECT (sink, "ssh_auth_type set to %d", sink->ssh_auth_type);
|
|
break;
|
|
|
|
case PROP_SSH_PUB_KEYFILE:
|
|
g_free (sink->ssh_pub_keyfile);
|
|
sink->ssh_pub_keyfile = g_value_dup_string (value);
|
|
GST_DEBUG_OBJECT (sink, "ssh_pub_keyfile set to %s",
|
|
sink->ssh_pub_keyfile);
|
|
break;
|
|
|
|
case PROP_SSH_PRIV_KEYFILE:
|
|
g_free (sink->ssh_priv_keyfile);
|
|
sink->ssh_priv_keyfile = g_value_dup_string (value);
|
|
GST_DEBUG_OBJECT (sink, "ssh_priv_keyfile set to %s",
|
|
sink->ssh_priv_keyfile);
|
|
break;
|
|
|
|
case PROP_SSH_KEY_PASSPHRASE:
|
|
g_free (sink->ssh_key_passphrase);
|
|
sink->ssh_key_passphrase = g_value_dup_string (value);
|
|
GST_DEBUG_OBJECT (sink, "ssh_key_passphrase set to %s",
|
|
sink->ssh_key_passphrase);
|
|
break;
|
|
|
|
case PROP_SSH_KNOWNHOSTS:
|
|
g_free (sink->ssh_knownhosts);
|
|
sink->ssh_knownhosts = g_value_dup_string (value);
|
|
GST_DEBUG_OBJECT (sink, "ssh_knownhosts set to %s", sink->ssh_knownhosts);
|
|
break;
|
|
|
|
case PROP_SSH_HOST_PUBLIC_KEY_MD5:
|
|
g_free (sink->ssh_host_public_key_md5);
|
|
sink->ssh_host_public_key_md5 = g_value_dup_string (value);
|
|
GST_DEBUG_OBJECT (sink, "ssh_host_public_key_md5 set to %s",
|
|
sink->ssh_host_public_key_md5);
|
|
break;
|
|
|
|
case PROP_SSH_ACCEPT_UNKNOWNHOST:
|
|
sink->ssh_accept_unknownhost = g_value_get_boolean (value);
|
|
GST_DEBUG_OBJECT (sink, "ssh_accept_unknownhost set to %d",
|
|
sink->ssh_accept_unknownhost);
|
|
break;
|
|
|
|
default:
|
|
GST_DEBUG_OBJECT (sink, "invalid property id %d", prop_id);
|
|
break;
|
|
}
|
|
GST_OBJECT_UNLOCK (sink);
|
|
}
|
|
|
|
static void
|
|
gst_curl_ssh_sink_get_property (GObject * object, guint prop_id,
|
|
GValue * value, GParamSpec * pspec)
|
|
{
|
|
GstCurlSshSink *sink;
|
|
|
|
g_return_if_fail (GST_IS_CURL_SSH_SINK (object));
|
|
sink = GST_CURL_SSH_SINK (object);
|
|
|
|
switch (prop_id) {
|
|
case PROP_SSH_AUTH_TYPE:
|
|
g_value_set_enum (value, sink->ssh_auth_type);
|
|
break;
|
|
|
|
case PROP_SSH_PUB_KEYFILE:
|
|
g_value_set_string (value, sink->ssh_pub_keyfile);
|
|
break;
|
|
|
|
case PROP_SSH_PRIV_KEYFILE:
|
|
g_value_set_string (value, sink->ssh_priv_keyfile);
|
|
break;
|
|
|
|
case PROP_SSH_KEY_PASSPHRASE:
|
|
g_value_set_string (value, sink->ssh_key_passphrase);
|
|
break;
|
|
|
|
case PROP_SSH_KNOWNHOSTS:
|
|
g_value_set_string (value, sink->ssh_knownhosts);
|
|
break;
|
|
|
|
case PROP_SSH_HOST_PUBLIC_KEY_MD5:
|
|
g_value_set_string (value, sink->ssh_host_public_key_md5);
|
|
break;
|
|
|
|
case PROP_SSH_ACCEPT_UNKNOWNHOST:
|
|
g_value_set_boolean (value, sink->ssh_accept_unknownhost);
|
|
break;
|
|
|
|
default:
|
|
GST_DEBUG_OBJECT (sink, "invalid property id");
|
|
break;
|
|
}
|
|
}
|
|
|
|
static gboolean
|
|
gst_curl_ssh_sink_set_options_unlocked (GstCurlBaseSink * bcsink)
|
|
{
|
|
GstCurlSshSink *sink = GST_CURL_SSH_SINK (bcsink);
|
|
CURLcode curl_err = CURLE_OK;
|
|
|
|
/* set SSH specific options here */
|
|
if (sink->ssh_pub_keyfile) {
|
|
if ((curl_err = curl_easy_setopt (bcsink->curl, CURLOPT_SSH_PUBLIC_KEYFILE,
|
|
sink->ssh_pub_keyfile)) != CURLE_OK) {
|
|
bcsink->error = g_strdup_printf ("failed to set public key file: %s",
|
|
curl_easy_strerror (curl_err));
|
|
return FALSE;
|
|
}
|
|
}
|
|
|
|
if (sink->ssh_priv_keyfile) {
|
|
if ((curl_err = curl_easy_setopt (bcsink->curl, CURLOPT_SSH_PRIVATE_KEYFILE,
|
|
sink->ssh_priv_keyfile)) != CURLE_OK) {
|
|
bcsink->error = g_strdup_printf ("failed to set private key file: %s",
|
|
curl_easy_strerror (curl_err));
|
|
return FALSE;
|
|
}
|
|
}
|
|
|
|
if (sink->ssh_knownhosts) {
|
|
if ((curl_err = curl_easy_setopt (bcsink->curl, CURLOPT_SSH_KNOWNHOSTS,
|
|
sink->ssh_knownhosts)) != CURLE_OK) {
|
|
bcsink->error = g_strdup_printf ("failed to set known_hosts file: %s",
|
|
curl_easy_strerror (curl_err));
|
|
return FALSE;
|
|
}
|
|
}
|
|
|
|
if (sink->ssh_host_public_key_md5) {
|
|
/* libcurl is freaking tricky. If the input string is not exactly 32
|
|
* hexdigits long it silently ignores CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 and
|
|
* performs the transfer without authenticating the server! */
|
|
if (strlen (sink->ssh_host_public_key_md5) != 32) {
|
|
bcsink->error = g_strdup ("MD5-hash string has invalid length, "
|
|
"must be exactly 32 hexdigits!");
|
|
return FALSE;
|
|
}
|
|
|
|
if ((curl_err =
|
|
curl_easy_setopt (bcsink->curl, CURLOPT_SSH_HOST_PUBLIC_KEY_MD5,
|
|
sink->ssh_host_public_key_md5)) != CURLE_OK) {
|
|
bcsink->error = g_strdup_printf ("failed to set remote host's public "
|
|
"key MD5: %s", curl_easy_strerror (curl_err));
|
|
return FALSE;
|
|
}
|
|
}
|
|
|
|
/* make sure we only accept PASSWORD or PUBLICKEY auth methods
|
|
* (can be extended later) */
|
|
if (sink->ssh_auth_type == CURLSSH_AUTH_PASSWORD ||
|
|
sink->ssh_auth_type == CURLSSH_AUTH_PUBLICKEY) {
|
|
|
|
/* set the SSH_AUTH_TYPE */
|
|
if ((curl_err = curl_easy_setopt (bcsink->curl, CURLOPT_SSH_AUTH_TYPES,
|
|
sink->ssh_auth_type)) != CURLE_OK) {
|
|
bcsink->error = g_strdup_printf ("failed to set authentication type: %s",
|
|
curl_easy_strerror (curl_err));
|
|
return FALSE;
|
|
}
|
|
|
|
/* if key authentication -> provide the private key passphrase as well */
|
|
if (sink->ssh_auth_type == CURLSSH_AUTH_PUBLICKEY) {
|
|
if (sink->ssh_key_passphrase) {
|
|
if ((curl_err = curl_easy_setopt (bcsink->curl, CURLOPT_KEYPASSWD,
|
|
sink->ssh_key_passphrase)) != CURLE_OK) {
|
|
bcsink->error = g_strdup_printf ("failed to set private key "
|
|
"passphrase: %s", curl_easy_strerror (curl_err));
|
|
return FALSE;
|
|
}
|
|
} else {
|
|
/* The user did not provide the passphrase for the private key.
|
|
* This can still be a valid situation, if (s)he chose not to
|
|
* protect the private key with a passphrase - but not recommended! */
|
|
GST_WARNING_OBJECT (sink, "Warning: key authentication chosen but "
|
|
"'ssh-key-passphrase' not provided!");
|
|
}
|
|
}
|
|
|
|
} else {
|
|
bcsink->error = g_strdup_printf ("Error: unsupported authentication type: "
|
|
"%d.", sink->ssh_auth_type);
|
|
return FALSE;
|
|
}
|
|
|
|
/* Install the SSH_KEYFUNCTION callback...
|
|
* IMPORTANT: this callback gets called only if CURLOPT_SSH_KNOWNHOSTS
|
|
* is also set! */
|
|
if ((curl_err = curl_easy_setopt (bcsink->curl, CURLOPT_SSH_KEYFUNCTION,
|
|
curl_ssh_sink_sshkey_cb)) != CURLE_OK) {
|
|
bcsink->error = g_strdup_printf ("failed to set SSH_KEYFUNCTION callback: "
|
|
"%s", curl_easy_strerror (curl_err));
|
|
return FALSE;
|
|
} else {
|
|
/* SSH_KEYFUNCTION callback successfully installed so go on and
|
|
* set the '*clientp' parameter as well */
|
|
if ((curl_err =
|
|
curl_easy_setopt (bcsink->curl, CURLOPT_SSH_KEYDATA,
|
|
sink)) != CURLE_OK) {
|
|
bcsink->error = g_strdup_printf ("failed to set CURLOPT_SSH_KEYDATA: %s",
|
|
curl_easy_strerror (curl_err));
|
|
return FALSE;
|
|
}
|
|
}
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
|
|
/* A 'curl_sshkey_cb' callback function. It gets called when the known_host
|
|
* matching has been done, to allow the application to act and decide for
|
|
* libcurl how to proceed.
|
|
* The callback will only be called if CURLOPT_SSH_KNOWNHOSTS is also set!
|
|
* NOTE:
|
|
* * use CURLOPT_SSH_KEYFUNCTION to install the callback func
|
|
* * use CURLOPT_SSH_KEYDATA to pass in the actual "*clientp"
|
|
*/
|
|
static gint
|
|
curl_ssh_sink_sshkey_cb (CURL * easy_handle, /* easy handle */
|
|
const struct curl_khkey *knownkey, /* known - key from known_hosts */
|
|
const struct curl_khkey *foundkey, /* found - key from remote end */
|
|
enum curl_khmatch match, /* libcurl's view on the keys */
|
|
void *clientp)
|
|
{
|
|
GstCurlSshSink *sink = (GstCurlSshSink *) clientp;
|
|
|
|
/* the default action to be taken upon pub key matching */
|
|
guint res_action = CURLKHSTAT_REJECT;
|
|
|
|
switch (match) {
|
|
case CURLKHMATCH_OK:
|
|
res_action = CURLKHSTAT_FINE;
|
|
GST_INFO_OBJECT (sink,
|
|
"Remote public host key is matching known_hosts, OK to proceed.");
|
|
break;
|
|
|
|
case CURLKHMATCH_MISMATCH:
|
|
GST_WARNING_OBJECT (sink,
|
|
"Remote public host key mismatch in known_hosts, aborting "
|
|
"connection.");
|
|
/* Reject the connection. The old mismatching key has to be manually
|
|
* removed from 'known_hosts' before being able to connect again to
|
|
* the respective host. */
|
|
break;
|
|
|
|
case CURLKHMATCH_MISSING:
|
|
GST_OBJECT_LOCK (sink);
|
|
if (sink->ssh_accept_unknownhost == TRUE) {
|
|
/* the key was not found in known_hosts but the user chose to
|
|
* accept it */
|
|
res_action = CURLKHSTAT_FINE_ADD_TO_FILE;
|
|
GST_INFO_OBJECT (sink, "Accepting and adding new public host key to "
|
|
"known_hosts.");
|
|
} else {
|
|
/* the key was not found in known_hosts and the user chose not
|
|
* to accept connections to unknown hosts */
|
|
GST_WARNING_OBJECT (sink,
|
|
"Remote public host key is unknown, rejecting connection.");
|
|
}
|
|
GST_OBJECT_UNLOCK (sink);
|
|
break;
|
|
|
|
default:
|
|
/* something went wrong, we got some bogus key match result */
|
|
GST_CURL_BASE_SINK (sink)->error =
|
|
g_strdup ("libcurl internal error during known_host matching");
|
|
break;
|
|
}
|
|
|
|
return res_action;
|
|
}
|