The attached archive sftp-mv_patches.tar.gz contains a patch to introduce additional commands into sftp ( mvput , mvget ).

Both commands delete the source after successful transfer and use a dotted unique filename for write during upload – once upload is finished successfully, the temporary (hidden) filename is renamed, to what was given on the command line. Thus miming atomicity of mv command.

To manually apply the patch(es) and specs-file(s) supplied in sftp-mv_patches.tar.gz to the following (instructions also in info.txt ):

# install the original SuSE source-package  openssh-4.2p1-18.36.src.rpm
# (or  openssh-5.2p1)  and patch it as shown below
# after un-tar-ing on /usr/local/src do:

:  cp /usr/local/src/sftp/openssh-4.2p1.spec /usr/src/packages/SPECS/openssh-specs
:  cp /usr/local/src/sftp/openssh-4.2p1-CVE-2010-mvputget.patch /usr/src/packages/SOURCES
:  cd /usr/src/packages/SPECS
:  rpmbuild -bb openssh.spec
:  cp /usr/src/packages/BUILD/openssh-4.2p1/sftp  /usr/bin/sftp-mv
   or install the whole new rpm-package
# done

As base source to be patched install either openssh-4.2p1 (SLES10) or openssh-5.2p1.

Part of the new sftp-commands, mvput and mvget the resulting sftp-binary also got a new option:
-p <status-prompt > ( -p “mystat” or -p 999 )

With this, sftp will print out an additional status-line before the usual prompt, which can be used to easily control sftp from within a shell-script (example script included).

If you start the command with -p 999, then it would print old ftp-like numeric status-codes (226 success or 550 error ) – or with -p “mystat” (or any other string) it would just print “mystat success” or “mystat error” , which at least gives a recognizable prompt, different from the regular sftp-prompt.

The sftp-session output looks like this:

# sftp -p 999   remuser@remhost
  Connecting to  remuser@remhost...
  226 success
  sftp >  cd /home/gpo/in
  Couldn't canonicalise: No such file or directory
  550 error
  sftp >  cd out
  226 success
  sftp >  mvput cron.gpo                                            /* new command invoked */
  Uploading cron.gpo to /home/gpo/out/.31348.xXG8fU
  cron.gpo                                      100%  392     0.4KB/s   00:00
  Renaming /home/gpo/out/.31348.xXG8fU to /home/gpo/out/cron.gpo
  Deleting local file cron.gpo                                  /* deletes only on success - of course */
  Transferred cron.gpo to /home/gpo/out/cron.gpo
  226 updone cron.gpo to /home/gpo/out/cron.gpo
  226 success
  sftp > 

For more details on status-codes (updone, upfail, dndone, dnfail, renfail, delfail ) and their usage have a look into “sftp_poll” function in the included script example_sftp-mv.sh.

The shell-function sftp_poll() is generic, but to start it you need to adjust path/file names.

Wouldn’t it be a nice new feature – a solution cool enough – to be included into standard?

BTW – there was a memory-leak in the old openssh-4.2p1 source ( tmp pointer never release ) – this is corrected as well in the patch.

(Visited 1 times, 1 visits today)

Leave a Reply

Your email address will not be published. Required fields are marked *

No comments yet