[FFmpeg-cvslog] lavf/libssh: add private_key option
Lukasz Marek
git at videolan.org
Wed Jan 22 01:35:26 CET 2014
ffmpeg | branch: master | Lukasz Marek <lukasz.m.luki at gmail.com> | Mon Jan 20 22:57:57 2014 +0100| [7e8f3048464ff15d54b0e7d1972b3e3d2263cf7c] | committer: Lukasz Marek
lavf/libssh: add private_key option
Allows to specify private key to use during authorization.
Signed-off-by: Lukasz Marek <lukasz.m.luki at gmail.com>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7e8f3048464ff15d54b0e7d1972b3e3d2263cf7c
---
doc/protocols.texi | 4 ++++
libavformat/libssh.c | 61 +++++++++++++++++++++++++++++++++++++++++--------
libavformat/version.h | 2 +-
3 files changed, 56 insertions(+), 11 deletions(-)
diff --git a/doc/protocols.texi b/doc/protocols.texi
index f37feeb..2c84265 100644
--- a/doc/protocols.texi
+++ b/doc/protocols.texi
@@ -552,6 +552,10 @@ is not specified.
Truncate existing files on write, if set to 1. A value of 0 prevents
truncating. Default value is 1.
+ at item private_key
+Specify the path of the file containing private key to use during authorization.
+By default libssh searches for keys in the @file{~/.ssh/} directory.
+
@end table
Example: Play a file stored on remote server.
diff --git a/libavformat/libssh.c b/libavformat/libssh.c
index aa9b060..fabc024 100644
--- a/libavformat/libssh.c
+++ b/libavformat/libssh.c
@@ -22,6 +22,7 @@
#include <libssh/sftp.h>
#include "libavutil/avstring.h"
#include "libavutil/opt.h"
+#include "libavutil/attributes.h"
#include "avformat.h"
#include "internal.h"
#include "url.h"
@@ -34,8 +35,55 @@ typedef struct {
int64_t filesize;
int rw_timeout;
int trunc;
+ char *priv_key;
} LIBSSHContext;
+static av_cold int libssh_authentication(LIBSSHContext *libssh, const char *user, const char *password)
+{
+ int authorized = 0;
+ int auth_methods;
+
+ if (user)
+ ssh_options_set(libssh->session, SSH_OPTIONS_USER, user);
+
+ auth_methods = ssh_userauth_list(libssh->session, NULL);
+
+ if (auth_methods & SSH_AUTH_METHOD_PUBLICKEY) {
+ if (libssh->priv_key) {
+ ssh_string pub_key;
+ ssh_private_key priv_key;
+ int type;
+ if (!ssh_try_publickey_from_file(libssh->session, libssh->priv_key, &pub_key, &type)) {
+ priv_key = privatekey_from_file(libssh->session, libssh->priv_key, type, password);
+ if (ssh_userauth_pubkey(libssh->session, NULL, pub_key, priv_key) == SSH_AUTH_SUCCESS) {
+ av_log(libssh, AV_LOG_DEBUG, "Authentication successful with selected private key.\n");
+ authorized = 1;
+ }
+ } else {
+ av_log(libssh, AV_LOG_DEBUG, "Invalid key is provided.\n");
+ return AVERROR(EACCES);
+ }
+ } else if (ssh_userauth_autopubkey(libssh->session, password) == SSH_AUTH_SUCCESS) {
+ av_log(libssh, AV_LOG_DEBUG, "Authentication successful with auto selected key.\n");
+ authorized = 1;
+ }
+ }
+
+ if (!authorized && (auth_methods & SSH_AUTH_METHOD_PASSWORD)) {
+ if (ssh_userauth_password(libssh->session, NULL, password) == SSH_AUTH_SUCCESS) {
+ av_log(libssh, AV_LOG_DEBUG, "Authentication successful with password.\n");
+ authorized = 1;
+ }
+ }
+
+ if (!authorized) {
+ av_log(libssh, AV_LOG_ERROR, "Authentication failed.\n");
+ return AVERROR(EACCES);
+ }
+
+ return 0;
+}
+
static int libssh_close(URLContext *h)
{
LIBSSHContext *s = h->priv_data;
@@ -82,8 +130,6 @@ static int libssh_open(URLContext *h, const char *url, int flags)
ssh_options_set(s->session, SSH_OPTIONS_LOG_VERBOSITY, &verbosity);
if (timeout > 0)
ssh_options_set(s->session, SSH_OPTIONS_TIMEOUT_USEC, &timeout);
- if (user)
- ssh_options_set(s->session, SSH_OPTIONS_USER, user);
if (ssh_connect(s->session) != SSH_OK) {
av_log(h, AV_LOG_ERROR, "Connection failed. %s\n", ssh_get_error(s->session));
@@ -91,14 +137,8 @@ static int libssh_open(URLContext *h, const char *url, int flags)
goto fail;
}
- if (ssh_userauth_autopubkey(s->session, pass) != SSH_AUTH_SUCCESS) {
- av_log(s, AV_LOG_DEBUG, "Authentication using public key failed, trying password method.\n");
- if (ssh_userauth_password(s->session, NULL, pass) != SSH_AUTH_SUCCESS) {
- av_log(h, AV_LOG_ERROR, "Authentication failed.\n");
- ret = AVERROR(EACCES);
- goto fail;
- }
- }
+ if ((ret = libssh_authentication(s, user, pass)) < 0)
+ goto fail;
if (!(s->sftp = sftp_new(s->session))) {
av_log(h, AV_LOG_ERROR, "SFTP session creation failed: %s\n", ssh_get_error(s->session));
@@ -210,6 +250,7 @@ static int libssh_write(URLContext *h, const unsigned char *buf, int size)
static const AVOption options[] = {
{"timeout", "set timeout of socket I/O operations", OFFSET(rw_timeout), AV_OPT_TYPE_INT, {.i64 = -1}, -1, INT_MAX, D|E },
{"truncate", "Truncate existing files on write", OFFSET(trunc), AV_OPT_TYPE_INT, { .i64 = 1 }, 0, 1, E },
+ {"private_key", "set path to private key", OFFSET(priv_key), AV_OPT_TYPE_STRING, { .str = NULL }, 0, 0, D|E },
{NULL}
};
diff --git a/libavformat/version.h b/libavformat/version.h
index 0609e4f..4ad624d 100644
--- a/libavformat/version.h
+++ b/libavformat/version.h
@@ -31,7 +31,7 @@
#define LIBAVFORMAT_VERSION_MAJOR 55
#define LIBAVFORMAT_VERSION_MINOR 25
-#define LIBAVFORMAT_VERSION_MICRO 100
+#define LIBAVFORMAT_VERSION_MICRO 101
#define LIBAVFORMAT_VERSION_INT AV_VERSION_INT(LIBAVFORMAT_VERSION_MAJOR, \
LIBAVFORMAT_VERSION_MINOR, \
More information about the ffmpeg-cvslog
mailing list