[FFmpeg-devel] [PATCH] avformat/libssh: add AVOptions for authentication

Nicolas George george at nsup.org
Tue Jul 14 21:16:29 EEST 2020


Thanks for the patch. I thnink it is a good idea. See preliminary
comments below.

I do not know if Lukasz, who wrote this file, still reads the list. If
he does not appear in the next few days, try Ccing him.


Nicolas Frattaroli (12020-07-14):
> This introduces two new AVOption options for the SFTP protocol,
> one named sftp_user to supply the username to be used for auth,
> one named sftp_password to supply the password to be used for auth.

Since the options are specific to the protocol, there is probably no
need to namespace them.

> These are useful for when an API user does not wish to deal with
> URL manipulation and percent encoding.
> 
> Setting them while also having credentials in the URL will use the
> credentials from the URL. The rationale for this is that credentials
> embedded in the URL are probably more specific to what the user is
> trying to do than anything set by some API user.

I am not really comfortable with that. I think returning an error for
conflicting options would be best.

> 
> Signed-off-by: Nicolas Frattaroli <ffmpeg at fratti.ch>
> ---
>  doc/protocols.texi   |  8 ++++++++
>  libavformat/libssh.c | 17 +++++++++++++----
>  2 files changed, 21 insertions(+), 4 deletions(-)
> 
> diff --git a/doc/protocols.texi b/doc/protocols.texi
> index 64ad3f05d6..40c8c572e5 100644
> --- a/doc/protocols.texi
> +++ b/doc/protocols.texi
> @@ -880,6 +880,14 @@ truncating. Default value is 1.
>  Specify the path of the file containing private key to use during authorization.
>  By default libssh searches for keys in the @file{~/.ssh/} directory.
>  
> + at item sftp_user
> +Set a user to be used for authenticating to the SSH daemon. This is overridden by the
> +user in the SFTP URL.
> +
> + at item sftp_password
> +Set a password to be used for authenticating to the SSH daemon. This is overridden by
> +the password in the SFTP URL.
> +
>  @end table
>  
>  Example: Play a file stored on remote server.
> diff --git a/libavformat/libssh.c b/libavformat/libssh.c
> index 21474f0f0a..a673e49a3a 100644
> --- a/libavformat/libssh.c
> +++ b/libavformat/libssh.c
> @@ -39,6 +39,8 @@ typedef struct {
>      int rw_timeout;
>      int trunc;
>      char *priv_key;
> +    const char *option_user;
> +    const char *option_password;
>  } LIBSSHContext;
>  
>  static av_cold int libssh_create_ssh_session(LIBSSHContext *libssh, const char* hostname, unsigned int port)
> @@ -192,13 +194,13 @@ static av_cold int libssh_close(URLContext *h)
>  static av_cold int libssh_connect(URLContext *h, const char *url, char *path, size_t path_size)
>  {
>      LIBSSHContext *libssh = h->priv_data;

> -    char proto[10], hostname[1024], credencials[1024];
> +    char proto[10], hostname[1024], credentials[1024];

Usually, we require this kind of change to be in a separate patch. But
for such a minimal change I think we could dispense.

>      int port = 22, ret;
>      const char *user = NULL, *pass = NULL;
>      char *end = NULL;
>  
>      av_url_split(proto, sizeof(proto),
> -                 credencials, sizeof(credencials),
> +                 credentials, sizeof(credentials),
>                   hostname, sizeof(hostname),
>                   &port,
>                   path, path_size,
> @@ -214,8 +216,13 @@ static av_cold int libssh_connect(URLContext *h, const char *url, char *path, si
>      if ((ret = libssh_create_ssh_session(libssh, hostname, port)) < 0)
>          return ret;
>  
> -    user = av_strtok(credencials, ":", &end);
> -    pass = av_strtok(end, ":", &end);

> +    if(!*credentials) {

Nit: spaces between if and (.

> +        user = libssh->option_user;
> +        pass = libssh->option_password;
> +    } else {
> +        user = av_strtok(credentials, ":", &end);
> +        pass = av_strtok(end, ":", &end);
> +    }
>  
>      if ((ret = libssh_authentication(libssh, user, pass)) < 0)
>          return ret;
> @@ -479,6 +486,8 @@ static const AVOption options[] = {
>      {"timeout", "set timeout of socket I/O operations", OFFSET(rw_timeout), AV_OPT_TYPE_INT, {.i64 = -1}, -1, INT_MAX, D|E },
>      {"truncate", "Truncate existing files on write", OFFSET(trunc), AV_OPT_TYPE_INT, { .i64 = 1 }, 0, 1, E },
>      {"private_key", "set path to private key", OFFSET(priv_key), AV_OPT_TYPE_STRING, { .str = NULL }, 0, 0, D|E },
> +    {"sftp_user", "user for SFTP login. Overridden by whatever is in the URL.", OFFSET(option_user), AV_OPT_TYPE_STRING, { 0 }, 0, 0, D|E },
> +    {"sftp_password", "password for SFTP login. Overridden by whatever is in the URL.", OFFSET(option_password), AV_OPT_TYPE_STRING, { 0 }, 0, 0, D|E },
>      {NULL}
>  };
>  

Regards,

-- 
  Nicolas George
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20200714/cf284d9a/attachment.sig>


More information about the ffmpeg-devel mailing list