Compare commits

...

102 Commits

Author SHA1 Message Date
dependabot[bot] 38272eaf2e Bump the github-actions group across 1 directory with 2 updates
Bumps the github-actions group with 2 updates in the / directory: [actions/checkout](https://github.com/actions/checkout) and [vmactions/freebsd-vm](https://github.com/vmactions/freebsd-vm).


Updates `actions/checkout` from 6.0.2 to 6.0.3
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/de0fac2e4500dabe0009e67214ff5f5447ce83dd...df4cb1c069e1874edd31b4311f1884172cec0e10)

Updates `vmactions/freebsd-vm` from 1.4.5 to 1.4.6
- [Release notes](https://github.com/vmactions/freebsd-vm/releases)
- [Commits](https://github.com/vmactions/freebsd-vm/compare/d1e65811565151536c0c894fff74f06351ed26e6...a6de9343ef5747433d9c25784c90e84998b9d69a)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: vmactions/freebsd-vm
  dependency-version: 1.4.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-06-20 10:12:27 +00:00
h4sh 8bf7f92cd8 introduce dependency cooldown 2026-06-07 12:18:20 +10:00
h4sh 7a2d988775 Merge pull request #363 from libfuse/3.7.6-release
prep for 3.7.6
2026-05-30 09:35:39 +10:00
h4sh5 879f15a83b prep for 3.7.6 2026-05-30 09:22:08 +10:00
h4sh 6678accb85 Merge pull request #362 from abhinavagarwal07/advisory-fix-1
reject hostname option injection via bracketed mount source
2026-05-30 09:12:11 +10:00
Abhinav Agarwal 6893c3a51b Merge pull request #361 from abhinavagarwal07/contain-symlinks
add contain_symlinks option to prevent symlink escape attacks
2026-05-29 16:06:54 -07:00
Abhinav Agarwal 29bb565ea6 reject hostname option injection via bracketed mount source
A source like [-oProxyCommand=CMD]:/path passes the bracket-parsing
check in find_base_path() and ends up as -oProxyCommand=CMD in the
ssh argv.  When sftp_server is a path, ssh gets a destination argument
and executes the injected ProxyCommand before connecting.

Reject hostnames starting with - after bracket stripping, and add --
before the hostname in the ssh command line so positional args can't
be misread as options.
2026-05-29 16:00:27 -07:00
h4sh b6b23b7482 Merge pull request #358 from abhinavagarwal07/ci-platform-coverage
ci: add platform build coverage
2026-05-30 08:56:57 +10:00
Abhinav Agarwal bcd132f17c add contain_symlinks option to prevent symlink escape attacks
A malicious SFTP server can return symlink targets that the local
kernel VFS resolves outside the mount root, enabling local file reads
or writes through ordinary operations like cp following a symlink.

Add a contain_symlinks option (default on) that rejects absolute
symlink targets and any target containing a `..` component, returning
EPERM. Users who need legacy pass-through for trusted servers can opt
out with -o no_contain_symlinks.

The check is purely lexical and deliberately strict: in an adversarial
filesystem the server controls intermediate path components, so any
non-`..` component could be a symlink anywhere, making lexical depth
tracking unreliable. Rejecting absolute and any `..` is the simplest
rule that is provably complete against the threat model.

transform_symlinks composes poorly with containment because transformed
results often contain `..`; a warning is emitted when both are enabled.

Tests cover default-on containment (readlink + open/stat traversal),
opt-out behavior, transform_symlinks interaction (both arms), and
option precedence.
2026-05-29 15:54:21 -07:00
Abhinav Agarwal 8711fa13a2 ci: add platform build coverage 2026-05-22 10:21:17 -07:00
Abhinav Agarwal 25b58aad4d Merge pull request #359 from libfuse/fix-null-deref-strict-warnings
fix null-deref warning in tokenize_on_space, promote strict-warnings to required
2026-05-21 17:28:01 -07:00
Abhinav Agarwal c71eea8e68 fix null-deref warning in tokenize_on_space and promote strict-warnings to required 2026-05-20 23:48:08 -07:00
Abhinav Agarwal afbdf92fa6 Merge pull request #353 from abhinavagarwal07/ci-werror-clang
ci: add gcc/clang matrix with -Werror
2026-05-20 23:41:00 -07:00
Abhinav Agarwal daac34f7c8 ci: add gcc/clang matrix with -Werror
- Expand build job into gcc/clang matrix with fail-fast: false
- Pass -Dwerror=true so compiler warnings fail the build
- Pin all actions to Node 24-capable full SHAs (checkout v6.0.2, setup-python v6.2.0, upload-artifact v7.0.1)
- Add least-privilege permissions, concurrency cancellation
- Pin python-version to 3.12, pin runner to ubuntu-24.04
- Add explicit SSH setup with sshd start, hard-fail FUSE preflight
- Add pytest --timeout=300, --maxfail=99, JUnit XML, test result artifacts per compiler
2026-05-20 23:28:17 -07:00
h4sh 88692b79eb Merge pull request #352 from abhinavagarwal07/ci-hygiene
ci: harden workflow with SHA pins, permissions, timeouts, and dependabot
2026-05-19 16:48:12 +10:00
Abhinav Agarwal 035dcde9ba ci: harden workflow with SHA pins, permissions, timeouts, and dependabot
- Pin all actions to Node 24-capable full SHAs (checkout v6.0.2, setup-python v6.2.0, upload-artifact v7.0.1)
- Add least-privilege permissions (contents: read) and concurrency cancellation
- Pin python-version to 3.12, pin runner to ubuntu-24.04
- Add pytest --timeout=300, --maxfail=99 (overrides pytest.ini -x), JUnit XML output
- Add explicit SSH setup with sshd start and connectivity preflight
- Hard-fail FUSE preflight (job stops if /dev/fuse or fusermount3 missing)
- Upload test results and meson logs as artifacts
- Add dependabot config for weekly action version updates
2026-05-18 21:04:29 -07:00
h4sh cc14ae1c79 Merge pull request #351 from abhinavagarwal07/fix-conntab-null-deref
fix conntab lookup after rename in sshfs_release
2026-05-18 12:39:06 +10:00
h4sh 78f807b3dd Merge pull request #350 from abhinavagarwal07/fix-statfs-div-by-zero
fix statfs divide-by-zero when blksize is 0
2026-05-18 12:38:39 +10:00
h4sh fd885f023c Merge pull request #349 from abhinavagarwal07/fix-sftp-read-buffer-safety
fix malformed SFTP reply handling
2026-05-18 12:37:56 +10:00
Abhinav Agarwal 033a1d48f5 fix conntab lookup after rename in sshfs_release
sshfs_release looked up the conntab entry by path, but sshfs_rename
moves that entry to the new path. Closing the original handle after a
rename can miss the entry and dereference NULL.

Store the conntab_entry pointer on sshfs_file and use it for release
and open-failure cleanup. Add a regression test for open -> rename -> close.
2026-05-17 18:58:06 -07:00
Abhinav Agarwal 82285f9c28 fix statfs divide-by-zero when blksize is 0
On macOS, sshfs.blksize is set to 0. The statfs fallback path
(used when the server lacks the statvfs extension) divides by
f_frsize, which inherits that zero. Use 4096 as the default.
2026-05-17 18:17:23 -07:00
Abhinav Agarwal 43b2708186 fix malformed SFTP reply handling 2026-05-17 18:12:57 -07:00
h4sh d749988c80 Merge pull request #348 from abhinavagarwal07/add-tests-round-2
add tests for error paths, option coverage, and fix existing test bugs
2026-05-18 07:28:44 +10:00
Abhinav Agarwal 7921230f83 add tests for error paths, option coverage, and fix existing test bugs 2026-05-16 22:48:04 -07:00
h4sh ea60e3466e Merge pull request #347 from abhinavagarwal07/add-tests-rename-chmod-fsync-statvfs
add tests for rename, chmod, fsync, and statvfs values
2026-05-16 06:18:44 +10:00
Abhinav Agarwal 033a88349c add tests for rename, chmod, fsync, and statvfs values 2026-05-15 11:27:49 -07:00
h4sh5 1cd6995713 remove basically unused -v and --verbose flag 2026-04-15 14:49:05 +10:00
h4sh5 9e35c39ba8 version bump and new changelog 2025-11-12 05:46:43 +10:00
h4sh bf540dd68b Merge pull request #336 from libfuse/ipv6-connect
ipv6 support for directport connection
2025-11-11 23:09:38 +10:00
h4sh5 882d3a0185 add documentation on bypassing SSH 2025-11-11 17:53:52 +10:00
h4sh5 113882adda ipv6 support for directport connection 2025-11-11 16:30:19 +10:00
Benjamin Fleischer ccb6821019 Disable macOS specific FUSE API extensions
Some macOS specific features require FUSE API modifications and
extensions that break compatibility with the vanilla FUSE API. Setting
the compile-time flag FUSE_DARWIN_ENABLE_EXTENSIONS to 0, when building
a file system, disables those API extensions. By default, the macOS
specific API modifications and extensions are enabled.
2025-03-09 00:10:32 +01:00
Benjamin Fleischer ed0825440c Mountpoint does not have to exist on macOS
macFUSE will create the mounpoint (in case it does not exist) before
mounting the volume. This allows unprivileged users to mount volumes
under /Volumes.
2025-03-09 00:10:32 +01:00
Benjamin Fleischer a9eb71cb1c Remove conditional fuse_darwin.h include
The header file is no longer available in macFUSE 4.
2025-03-09 00:10:32 +01:00
Benjamin Fleischer b1715a5a62 Remove fuse_opt compatibility code
The fuse_opt compatibility code is no longer needed on macOS. Remove
it since it is not included on any other platform.
2025-03-09 00:10:32 +01:00
h4sh5 21fdcad6fb bump to upload-artifact@v4 2025-03-09 08:58:15 +10:00
Haoxi Tan ef94977c5a Merge pull request #314 from manu0401/windows_openssh
Windows native OpenSSH fix
2024-11-30 08:25:19 +10:00
Emmanuel Dreyfus d78a624756 Windows native OpenSSH fix
Windows native OpenSSH has alternative behavior for standard I/O
descriptors, which can be selected through the OPENSSH_STDIO_MODE
environement variable. Setting it to "nonsock" is required for
sshfs compatibility.

See https://github.com/PowerShell/openssh-portable/pull/759
for details.
2024-11-20 16:00:40 +01:00
Haoxi Tan ddf1e42ce7 Merge pull request #306 from jpalus/fill-stat-info-from-cache
Fill stat info when returning cached data for readdir
2024-11-05 08:07:34 +10:00
Haoxi Tan 1a52814a4e Merge branch 'master' into fill-stat-info-from-cache 2024-11-05 08:05:23 +10:00
Haoxi Tan c9bf8ad451 Merge pull request #305 from jpalus/fix-link-leak
Fix memleak in cache after readlink
2024-11-05 08:01:26 +10:00
Jan Palus 5f767dec5b Fill stat info when returning cached data for readdir
Uncached and cached results for readdir were inconsistent -- the former
returned correct stat info for directory entries while the latter
didn't. That's because only names of entries were saved in cache without
stat info. In turn this leads to issues like
https://github.com/junegunn/fzf/issues/3832 since directory traversal
library (https://github.com/charlievieth/fastwalk in this case) relies
on proper stat info returned by readdir. Hence when unchached result was
returned it gave proper outcome, while with cached result it was wrong.

Cache stat info next to entry name to fix the issue. While file
attributes are saved in cache already, they use full path as key. To
avoid potentially plenty of allocations, string copying and cache
lookups to get each attr, let's keep a copy of stat struct independently
to be on the fast path.
2024-06-17 11:48:44 +02:00
Jan Palus 8bb9d33d16 Fix memleak in cache after readlink 2024-06-17 00:10:02 +02:00
Haoxi Tan eadf7f104a Merge pull request #295 from libfuse/rm-rst
remove README.rst file since README.md file exists
2024-02-27 14:09:05 +10:00
h4sh5 1af815b7dc remove README.rst file since README.md file exists 2024-02-27 14:04:42 +10:00
Thomas Merz 683b8c2454 👷 use latest major version for actions/checkout (#289) 2023-12-22 18:05:32 +00:00
Haoxi Tan 70c8fd9031 Merge pull request #277 from g-easy/master
Implement connect to vsock.
2023-11-06 19:55:14 +10:00
h4sh 47a580dd77 test improvements 2023-09-23 23:05:21 +10:00
h4sh e5f4fcaad7 github action build+test 2023-09-23 23:00:12 +10:00
Haoxi Tan 8c97da5b16 Update README.md 2023-09-23 22:52:14 +10:00
Haoxi Tan 551752c3a5 No longer orphaned 2023-09-23 22:51:16 +10:00
Nikolaus Rath c91eb9a9a9 Released 3.7.3 2022-05-26 14:23:35 +01:00
Peter Wienemann 103c6ba68b Fix typo: occured -> occurred (#280) 2022-03-07 19:41:43 +00:00
easy 3aa3efcb52 Implement connect to vsock.
"sshfs -o vsock=CID:PORT" will cause sshfs to connect directly to the
given vsock, bypassing ssh, and allowing high performance sshfs mounts
of a VM guest.
2022-02-15 14:45:26 +11:00
Matthew Berginski a2054a2b73 Typo Fix (#274) 2021-12-27 11:27:40 +00:00
Kim Brose fd02499b4c add missing backtick (#270) 2021-10-30 13:04:15 +01:00
Antonio Rojas c2715f7453 Fix typo in ssh_opts (#269)
Add a missing comma that prevents using the PubkeyAcceptedKeyTypes option
2021-10-06 08:19:22 +01:00
Nikolaus Rath 1abde6e779 Clarify the need for libfuse3. 2021-09-24 13:36:56 +01:00
Cam Cope a181b9b60b add .git-blame-ignore-revs (#261) 2021-08-30 18:08:07 +01:00
Cam Cope d54c7ecbd6 Fixup whitespace and configure CI to keep it that way 2021-08-30 15:35:33 +01:00
a1346054 803e0e65cf Fix script issues identified through shellcheck (#258)
* Fix spelling

* Fix shellcheck-identified warnings in shell scripts
2021-08-25 14:45:42 +02:00
Nikolaus Rath 9700b35370 Released 3.7.2 2021-06-08 09:52:08 +01:00
Andrew Stone 6c1b92df81 Fix deadlock in conn cleanup (#244)
Calling through to request_free() from clean_req() causes deadlock since
sshfs.lock is already held by the caller of clean_req().
2021-02-25 12:13:30 +00:00
Nikolaus Rath d18869a307 Update to newer CI environment.
The current one causes build failures since recent pytest versions are incompatble with
Python 3.5.
2021-01-19 10:17:10 +00:00
Peter Belm dfd4cba385 Workaround for mkdir on existing directory (#242)
Added a secondary check so if a mkdir request fails with EPERM an access request will be tried - returning EEXIST if the access was successful. This matches the correct behaviour expected by applications such as git.

Co-authored-by: Peter Belm <peter.belm@dataalchemist.co.uk>
2021-01-19 10:13:09 +00:00
Nikolaus Rath 8059e2ce63 Released 3.7.1 2020-11-09 09:52:00 +00:00
Junichi Uekawa 9e01ffd161 Rename option to 'passive' and add some example in manual. (#232) 2020-11-02 10:51:48 +00:00
Fabrice Fontaine de0504e45b sshfs.c: fix build with gcc 4.8 (#233)
Fix the following build failure with gcc 4.8:

../sshfs.c:1092:2: error: 'for' loop initial declarations are only allowed in C99 mode
  for (int i = 0; i < sshfs.max_conns; i++) {
  ^

This build failure has been added with
https://github.com/libfuse/sshfs/commit/8822b60d9dbd9907065e7999f616b11ddce6d584

Fixes:
 - http://autobuild.buildroot.org/results/2dbdc579c55543175716d5f739cabe2ad0864ed6

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
2020-11-02 09:31:23 +00:00
Junichi Uekawa 6625146af9 Update sshfs.rst (#220)
This / is probably meant to be a .
2020-09-04 12:06:30 +01:00
Simon Arlott 76ffb37444 Unset OLDPWD environment variable (#227)
If ssh is configured to use "Match exec" and the previous working
directory is the mount point, then the shell (bash) hangs calling
stat() on OLDPWD.

Unset OLDPWD so that this doesn't happen.

Fixes #206.
2020-09-03 08:13:24 +01:00
Nikolaus Rath a96e521474 Remove pointer to professional consulting offers
I do not want to offer this actively anymore.
2020-08-10 19:57:05 +01:00
bjoe2k4 11df8874dc Fix typo in docs (#213) 2020-05-17 10:30:59 +01:00
Nikolaus Rath a7e1038203 Released 3.7.0 2020-01-03 11:04:02 +00:00
Dominique Martinet 8340a67b31 sftp_init_reply_ok: fix small memory leak (#198)
The leak was identified with ASAN: configure the project with
meson -Db_sanitize=address to reproduce.
2019-11-30 11:42:40 +00:00
Nikolaus Rath ab0e339e80 Protect changes to conn->req_count with mutex. 2019-11-27 20:35:38 +00:00
Nikolaus Rath b19e3b8001 Fix memory leak in conntab
References need to be counted per-path, rather than per connection.
2019-11-27 20:35:38 +00:00
Nikolaus Rath e910453156 Disable buflimit workaround by default.
The corresponding bug in OpenSSH has been fixed in
2007 (cf. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=365541#37), so this shouldn't
be needed anymore.
2019-11-27 10:30:35 +00:00
Nikolaus Rath 28c22270f8 Add missing mutex lock/unlocks when accessing conntab
(problem introduced in parent commit).
2019-11-27 09:42:30 +00:00
Timo Savola 8822b60d9d Add support for using multiple connections
The -o max_conns=N option causes multiple SSH processes and response processing threads to
be created. This means that e.g. reading a large file no longer blocks all access to the
filesystem.

The connection is chosen by checking the per-connection statistics:

  1. Choose connection with least outstanding requests; if it's a tie,
  2. choose connection with least directory handles; if it's a tie,
  3. choose connection with least file handles; if it's a tie,
  4. choose connection which has already been established.

The implementation assumes that the max_conns values will be small; it
uses linear search.

Example benchmark:

With single connection:

$ sshfs -o max_conns=1,workaround=nobuflimit ebox: mnt
$ cat mnt/tmp/bigfile > /dev/null &
$ time find mnt > /dev/null

real	1m50.432s
user	0m0.133s
sys	0m0.467s

With multiple connections:

$ ~/in-progress/sshfs/build/sshfs -o max_conns=5,workaround=nobuflimit ebox: mnt
$ cat mnt/tmp/bigfile > /dev/null &
$ time find mnt > /dev/null

real	1m15.338s
user	0m0.142s
sys	0m0.491s

This feature was implemented to large extend by Timo Savola <timo.savola@iki.fi>. Thanks
to CEA.fr for sponsoring the remaining work to complete this feature and integrate it into
SSHFS!
2019-11-24 12:01:01 +00:00
Nikolaus Rath 0f3ab4fd4f Drop reference counter for struct sshfs_file
Variables of this kind are created in sshfs_open_common() and freed
in sshfs_release(). Since sshfs_release() calls sshfs_flush(), there
can be no pending write requests before at the time of freeing, so
there is no need for reference counting.
2019-11-24 10:23:42 +00:00
Nikolaus Rath ddd968b025 Do not fail tests if connecting to localhost for first time. 2019-11-24 10:19:13 +00:00
Nikolaus Rath 2421675f3f Added build/ to gitignore.
This is the default build directory.
2019-11-23 20:58:41 +00:00
jeg139 eade8feb05 fix some whitespace and indentation (#194) 2019-11-23 11:07:19 +00:00
Michael Forney 4d866526dc Fix some inconsistent whitespace (#192) 2019-11-23 11:06:05 +00:00
Nikolaus Rath 6935b49eea Add documentation of permission handling to manpage.
Fixes: #182
2019-11-03 13:39:23 +00:00
Nikolaus Rath a548abd1f3 Fix markup. 2019-11-03 09:38:31 +00:00
Nikolaus Rath a1e5f12c53 Released 3.6.0 2019-11-03 09:34:29 +00:00
kalvdans 011986306b Remedy gcc 7.4.0 warnings (#187)
* Use logical not for booleans

Fixes a gcc 7.4.0 complaint:

sshfs.c:1743:28: warning: ‘~’ on a boolean expression [-Wbool-operation]
sshfs.c:1743:28: note: did you mean to use logical not?

* strdup argument to keep it alive after function return

Fixes gcc 7.4.0 complaint:

sshfs.c: In function ‘sshfs_opt_proc’:
sshfs.c:3488:50: warning: assignment discards ‘const’ qualifier from pointer target type [-Wdiscarded-qualifiers]
2019-11-03 09:28:36 +00:00
sunwire e1a9050c61 Added direct_io option (#173) 2019-10-19 20:26:10 +01:00
kalvdans af63f35ac1 Free addrinfo and close socket when returning error (#186) 2019-10-19 20:23:45 +01:00
Viktor Szakats 667cf34622 sshfs: fix another instance preventing use of global I/O size on macOS (#185)
Following-up on [1], there was another instance where blksize
was set to a non-zero value, thus making it impossible to
configure global I/O size on macOS, and using [2] the hard-wired
value of 4096 bytes instead, resulting in uniformly poor
performance [3].

With this patch, setting I/O size to a reasonable large value,
will result in much improved performance, e.g.:
  -o iosize=1048576

[1] https://github.com/osxfuse/sshfs/commit/5c0dbfe3eb40100f9277e863926f2e7d7c9a5a4c
[2] https://github.com/libfuse/sshfs/blob/4c21d696e9d46bebae0a936e2aec72326c5954ea/sshfs.c#L812
[3] https://github.com/libfuse/sshfs/issues/11#issuecomment-339407557
2019-09-12 05:33:32 -07:00
Michael Forney 4c21d696e9 Include poll.h instead of sys/poll.h (#178)
The standard header for the poll(3) interface is poll.h[0]. This prevents
a warning when building with musl libc:

    In file included from sshfs.c:44:
    /usr/include/sys/poll.h:1:2: warning: #warning redirecting incorrect #include <sys/poll.h> to <poll.h> [-Wcpp]
     #warning redirecting incorrect #include <sys/poll.h> to <poll.h>
      ^~~~~~~

[0] https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/poll.h.html
2019-06-30 10:12:19 +01:00
Galen Getsov 469c96b6d2 Add --verbose option 2019-06-30 10:10:41 +01:00
Nikolaus Rath c4485188c9 Update issue templates 2019-04-30 06:06:39 -07:00
Nikolaus Rath 4dc9b612ec Documented development status. 2019-04-29 11:58:52 -07:00
Nikolaus Rath 695cd8916f Released 3.5.2 2019-04-13 09:25:45 +01:00
mssalvatore 7364b73e80 Gracefully handle multiple spaces in ssh_command option (#169)
When using the "ssh_command" option, commands with multiple spaces in a
row will not be properly parsed. Example:

Properly parsed:
    ssh_command = "ssh -o IdentityFile=~/.ssh/id_rsa"

Improperly parsed:
    ssh_command = "ssh -o      IdentityFile=~/.ssh/id_rsa"

This commit changes the ssh_command parsing logic so that both of the
above examples are considered valid and properly handled. 

Fixes: #114.
2019-04-08 21:50:10 +01:00
DrDaveD 1dbc89f959 allow /dev/fd/N as a mountpoint (#166) 2019-03-31 04:57:21 -04:00
Nikolaus Rath d299217510 Travis CI: Use Xenial instead of Trusty. 2019-02-27 21:27:39 +00:00
mssalvatore fda6c8f862 Update clean_req() to match the definition of GHRFunc (#160)
The current definition of the clean_req() function produces a compiler
warning as it expects 2 parameters but GHRFunc expects 3. This commit
resolves issue #157.
2019-02-25 21:00:53 +00:00
Clayton G. Hobbs 6b10b3c8c0 Also remap GID under non-MacOS
The manpage says that -o idmap=user maps the UID and GID, but it
apparently only mapped the UID.  The code was in place to map the GID as
well, but it was hidden behind #ifdef __APPLE__.  This commit removes
those #ifdefs, and in a couple of cases the code inside an #else, to
make the option behave as documented.
2019-01-04 19:39:47 +00:00
Nikolaus Rath d3c6c338ae Bump meson dependency
build_by_default arg in custom_target needs 0.40.0
2018-12-22 14:34:39 +00:00
29 changed files with 2389 additions and 1247 deletions
+1
View File
@@ -0,0 +1 @@
d54c7ecbd618afb4df524e0d96dec7fe7cc2935d
+17
View File
@@ -0,0 +1,17 @@
---
name: Issue report
about: Create a report to help us improve
title: ''
labels: ''
assignees: ''
---
PLEASE READ BEFORE REPORTING AN ISSUE
SSHFS does not have any active, regular contributors or developers. The current maintainer continues to apply pull requests and tries to make regular releases, but unfortunately has no capacity to do any development beyond addressing high-impact issues. When reporting bugs, please understand that unless you are including a pull request or are reporting a critical issue, you will probably not get a response.
To prevent the issue tracker from being flooded with issues that no-one is intending to work on, and to give more visibility to critical issues that users should be aware of and that most urgently need attention, I will also close most bug reports once they've been inactive for a while.
Please note that this isn't meant to imply that you haven't found a bug - you most likely have and I'm grateful that you took the time to report it. Unfortunately, SSHFS is a purely volunteer driven project,
and at the moment there simply aren't any volunteers.
+12
View File
@@ -0,0 +1,12 @@
version: 2
updates:
- package-ecosystem: github-actions
directory: /
schedule:
interval: weekly
cooldown:
default-days: 14
groups:
github-actions:
patterns:
- "*"
+149
View File
@@ -0,0 +1,149 @@
name: platform builds
on:
push:
pull_request:
workflow_dispatch:
permissions:
contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
linux-compat:
name: ${{ matrix.name }}
runs-on: ${{ matrix.runner }}
timeout-minutes: 15
strategy:
fail-fast: false
matrix:
include:
- name: ubuntu-latest
runner: ubuntu-latest
run_tests: true
- name: ubuntu-22.04
runner: ubuntu-22.04
run_tests: true
- name: ubuntu-24.04-arm
runner: ubuntu-24.04-arm
run_tests: true
- name: ubuntu-24.04-release
runner: ubuntu-24.04
buildtype: release
- name: ubuntu-24.04-debug
runner: ubuntu-24.04
buildtype: debug
- name: ubuntu-24.04-hardened
runner: ubuntu-24.04
extra_cflags: "-D_FORTIFY_SOURCE=3 -fstack-protector-strong"
steps:
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
- name: Set up Python
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
with:
python-version: '3.12'
- name: Install dependencies
run: |
sudo apt-get update
sudo apt-get install -y gcc ninja-build pkg-config libglib2.0-dev libfuse3-dev ${{ matrix.run_tests && 'openssh-server openssh-client fuse3' || '' }}
pip3 install meson ${{ matrix.run_tests && 'pytest pytest-timeout' || '' }}
- name: Build
env:
CFLAGS: ${{ matrix.extra_cflags || '' }}
run: |
meson setup build ${{ matrix.buildtype && format('--buildtype={0}', matrix.buildtype) || '' }}
ninja -C build
- name: Setup SSH
if: matrix.run_tests
run: |
chmod go-w ~
mkdir -p ~/.ssh
chmod 700 ~/.ssh
ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519 -q -N ""
cat ~/.ssh/id_ed25519.pub > ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
sudo sed -i 's/^#*PubkeyAuthentication.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config
sudo systemctl restart ssh || sudo service ssh restart
ssh -o StrictHostKeyChecking=no -o BatchMode=yes localhost true
- name: Check FUSE availability
if: matrix.run_tests
run: |
test -e /dev/fuse
command -v fusermount3
- name: Run tests
if: matrix.run_tests
timeout-minutes: 20
run: |
cd build
python3 -m pytest test/ --timeout=300 --maxfail=99 --junitxml=test-results.xml
- name: Upload test results
if: matrix.run_tests && always()
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: test-results-${{ matrix.name }}
path: |
build/test-results.xml
build/meson-logs/
- name: Upload build logs
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
if: failure()
with:
name: build-logs-${{ matrix.name }}
path: build/meson-logs/
alpine-musl:
name: alpine-musl
runs-on: ubuntu-24.04
timeout-minutes: 15
steps:
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
- name: Build in Alpine container
run: |
docker run --rm -v "$PWD:/work" -w /work alpine:3.21@sha256:48b0309ca019d89d40f670aa1bc06e426dc0931948452e8491e3d65087abc07d sh -euxc '
apk add --no-cache gcc musl-dev meson ninja pkgconf glib-dev fuse3-dev
meson setup build-alpine
ninja -C build-alpine
'
- name: Upload build logs
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
if: failure()
with:
name: build-logs-alpine-musl
path: build-alpine/meson-logs/
freebsd:
name: freebsd-14
runs-on: ubuntu-24.04
timeout-minutes: 20
steps:
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
- name: Build on FreeBSD
uses: vmactions/freebsd-vm@a6de9343ef5747433d9c25784c90e84998b9d69a # v1.4.6
with:
usesh: true
prepare: |
pkg install -y fusefs-libs3 glib meson ninja pkgconf
run: |
meson setup build-freebsd
ninja -C build-freebsd
- name: Upload build logs
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
if: failure()
with:
name: build-logs-freebsd
path: build-freebsd/meson-logs/
+143
View File
@@ -0,0 +1,143 @@
name: build and test
on:
push:
pull_request:
workflow_dispatch: # this is a nice option that will enable a button w/ inputs
inputs:
git-ref:
description: Git Ref (Optional)
required: false
permissions:
contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
build-and-test:
name: ${{ matrix.compiler }} / ${{ matrix.buildtype }}
runs-on: ubuntu-24.04
timeout-minutes: 30
strategy:
fail-fast: false
matrix:
compiler: [gcc, clang]
buildtype: [debugoptimized, release]
include:
- compiler: gcc
cc: gcc
- compiler: clang
cc: clang
steps:
- name: Checkout code
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
- name: Set up Python
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
with:
python-version: '3.12'
- name: Install build dependencies
run: |
sudo apt-get update
sudo apt-get install -y gcc clang ninja-build libglib2.0-dev libfuse3-dev openssh-server openssh-client fuse3
- name: Install meson
run: pip3 install meson pytest pytest-timeout
- name: Print tool versions
run: |
${{ matrix.cc }} --version
meson --version
- name: Setup SSH
run: |
mkdir -p ~/.ssh
chmod 700 ~/.ssh
ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519 -q -N ""
cat ~/.ssh/id_ed25519.pub > ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
sudo systemctl start ssh || sudo service ssh start
ssh -o StrictHostKeyChecking=no -o BatchMode=yes localhost true
- name: Check FUSE availability
run: |
test -e /dev/fuse
command -v fusermount3
- name: Build
env:
CC: ${{ matrix.cc }}
run: |
meson setup build --buildtype=${{ matrix.buildtype }} -Dwerror=true
ninja -C build
- name: Upload build artifact
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: sshfs-${{ matrix.compiler }}-${{ matrix.buildtype }}
path: build/sshfs
if-no-files-found: ignore
- name: Run tests
timeout-minutes: 20
run: |
cd build
python3 -m pytest --maxfail=99 --timeout=300 --junitxml=test-results.xml test/
- name: Upload test results
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
if: always()
with:
name: test-results-${{ matrix.compiler }}-${{ matrix.buildtype }}
path: |
build/test-results.xml
build/meson-logs/
strict-warnings:
name: ${{ matrix.compiler }} / strict warnings
runs-on: ubuntu-24.04
timeout-minutes: 20
strategy:
fail-fast: false
matrix:
include:
- compiler: gcc
cc: gcc
extra_cflags: "-Wformat=2 -Wformat-security -Wundef -Wstrict-prototypes -Wold-style-definition -Wmissing-prototypes -Wnull-dereference"
- compiler: clang
cc: clang
extra_cflags: "-Wformat=2 -Wformat-security -Wundef -Wstrict-prototypes -Wold-style-definition -Wmissing-prototypes -Wnull-dereference"
steps:
- name: Checkout code
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
- name: Set up Python
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
with:
python-version: '3.12'
- name: Install build dependencies
run: |
sudo apt-get update
sudo apt-get install -y gcc clang ninja-build libglib2.0-dev libfuse3-dev
- name: Install meson
run: pip3 install meson
- name: Print tool versions
run: |
${{ matrix.cc }} --version
meson --version
- name: Build with strict warnings
env:
CC: ${{ matrix.cc }}
CFLAGS: ${{ matrix.extra_cflags }}
run: |
meson setup build -Dwerror=true
ninja -C build
+1
View File
@@ -34,3 +34,4 @@ sshfs.1
/patches
/m4
.deps/
/build
+14
View File
@@ -0,0 +1,14 @@
# See https://pre-commit.com for more information
# See https://pre-commit.com/hooks.html for more hooks
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.0.1
hooks:
- id: trailing-whitespace
- id: end-of-file-fixer
- id: check-yaml
- id: check-added-large-files
- repo: https://github.com/jumanjihouse/pre-commit-hooks
rev: 2.1.5
hooks:
- id: shellcheck
+22 -10
View File
@@ -1,19 +1,31 @@
sudo: required
dist: trusty
dist: focal
language: c
cache:
- pip
language:
- c
addons:
apt:
sources:
- ubuntu-toolchain-r-test
packages:
- shellcheck
- valgrind
- clang
- gcc
- gcc-6
- clang
- python-docutils
- python3-pip
install: test/travis-install.sh
script: test/travis-build.sh
- python3-setuptools
- ninja-build
- meson
- python3-pytest
- libglib2.0-dev
install: test/travis-install.sh
jobs:
include:
- name: Lint
script: ./test/lint.sh
install: skip
- name: Build + Test
script: test/travis-build.sh
+29 -3
View File
@@ -1,41 +1,64 @@
Current Maintainer
Current Maintainers
------------------
Nikolaus Rath <Nikolaus@rath.org>
Haoxi Tan <h4sh5@pm.me>
Abhinav Agarwal <abhinavagarwal1996@gmail.com>
Past Maintainers
----------------
Nikolaus Rath <Nikolaus@rath.org> (until 05/2022)
Miklos Szeredi <miklos@szeredi.hu> (until 12/2015)
Contributors (autogenerated list)
---------------------------------
a1346054 <36859588+a1346054@users.noreply.github.com>
Alan Jenkins <alan.christopher.jenkins@gmail.com>
Alexander Neumann <alexander@bumpern.de>
Anatol Pomozov <anatol.pomozov@gmail.com>
Andrew Stone <a@stne.dev>
Antonio Rojas <arojas@archlinux.org>
Benjamin Fleischer <fleiben@gmail.com>
Berserker <berserker.troll@yandex.com>
Bill Zissimopoulos <billziss@navimatics.com>
bjoe2k4 <bjoe2k4@users.noreply.github.com>
Brandon Carter <b-carter@users.noreply.github.com>
Cam Cope <github@camcope.me>
Chris Wolfe <cwolfe@chromium.org>
Clayton G. Hobbs <clay@lakeserv.net>
Daniel Lublin <daniel@lublin.se>
Dominique Martinet <asmadeus@codewreck.org>
DrDaveD <2129743+DrDaveD@users.noreply.github.com>
Fabrice Fontaine <fontaine.fabrice@gmail.com>
gala <gala132@users.noreply.github.com>
Galen Getsov <4815620+ggetsov@users.noreply.github.com>
George Vlahavas <vlahavas@gmail.com>
G.raud Meyer <graud@gmx.com>
harrim4n <git@harrim4n.com>
Jakub Jelen <jjelen@redhat.com>
jeg139 <54814784+jeg139@users.noreply.github.com>
Josh Triplett <josh@joshtriplett.org>
Julio Merino <jmmv@google.com>
Julio Merino <jmmv@meroh.net>
Junichi Uekawa <dancerj@gmail.com>
Junichi Uekawa <dancer@netfort.gr.jp>
kalvdans <github@kalvdans.no-ip.org>
Kim Brose <kim.brose@rwth-aachen.de>
Matthew Berginski <matthew.berginski@gmail.com>
Michael Forney <mforney@mforney.org>
Mike Kelly <mike@pair.com>
Mike Salvatore <mike.s.salvatore@gmail.com>
Miklos Szeredi <miklos@szeredi.hu>
Miklos Szeredi <mszeredi@suse.cz>
mssalvatore <mike.s.salvatore@gmail.com>
Nikolaus Rath <Nikolaus@rath.org>
Percy Jahn <email@percyjahn.de>
Peter Belm <peterbelm@gmail.com>
Peter Wienemann <peter.wienemann@uni-bonn.de>
Qais Patankar <qaisjp@gmail.com>
Quentin Rameau <quinq@fifth.space>
Reid Wagner <wagnerreid@gmail.com>
@@ -43,8 +66,11 @@ Rian Hunter <rian@alum.mit.edu>
Rian Hunter <rianhunter@users.noreply.github.com>
Samuel Murray <samuel.murray@outlook.com>
S. D. Cloudt <s.d.cloudt@student.tue.nl>
Simon Arlott <70171+nomis@users.noreply.github.com>
smheidrich <smheidrich@weltenfunktion.de>
sunwire <50745572+sunwire@users.noreply.github.com>
Tim Harder <radhermit@gmail.com>
Timo Savola <timo.savola@iki.fi>
tpoindessous <thomas@poindessous.com>
Viktor Szakats <vszakats@users.noreply.github.com>
Zoltan Kuscsik <zoltan.kuscsik@linaro.org>
+90 -6
View File
@@ -1,3 +1,87 @@
Release 3.7.6 (2026-05-30)
--------------------------
* Added new maintainer: abhinavagarwal07 Abhinav Agarwal
* Fixed critical vulnerability CVE-2026-47187 - Symlink Escape: Rogue SFTP Server to Local File Read/Write), credit to abhinavagarwal07
* New -o contain_symlinks and -o no_contain_symlinks to control symlink containment behavior
* Fixed high severity vulnerability CVE-2026-48711 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection'), credit to abhinavagarwal07
* Fixed null-deref warning in tokenize_on_space, promote strict-warnings to required
* Added a number of tests in CI, including rename, chmod, fsync, statvfs values, error paths, option coverage
* Fixed malformed SFTP reply handling
* Hardened Github Actions workflow with SHA pins, permissions, timeouts, and dependabot
Release 3.7.5 (2025-11-11)
--------------------------
* New maintainers added
* Main documentation updates to using Markdown
* Updated Windows and macOS support
* Added IPv6 support in -o directport
* Added -o vsock option
* Minor bugfixes
Release 3.7.3 (2022-05-26)
--------------------------
* Minor bugfixes.
* This is the last release from the current maintainer. SSHFS is now no longer maintained
or developed. Github issue tracking and pull requests have therefore been disabled. The
mailing list (see below) is still available for use.
If you would like to take over this project, you are welcome to do so. Please fork it
and develop the fork for a while. Once there has been 6 months of reasonable activity,
please contact Nikolaus@rath.org and I'll be happy to give you ownership of this
repository or replace with a pointer to the fork.
Release 3.7.2 (2021-06-08)
--------------------------
* Added a secondary check so if a mkdir request fails with EPERM an access request will be
tried - returning EEXIST if the access was successful.
Fixes: https://github.com/libfuse/sshfs/issues/243
Release 3.7.1 (2020-11-09)
--------------------------
* Minor bugfixes.
Release 3.7.0 (2020-01-03)
--------------------------
* New max_conns option enables the use of multiple connections to improve responsiveness
during large file transfers. Thanks to Timo Savola for doing most of the implementation
work, and thanks to CEA.fr for sponsoring remaining bugfixes and cleanups!
* The `buflimit` workaround is now disabled by default. The corresponding bug in OpenSSH
has been fixed in 2007
(cf. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=365541#37), so this shouldn't be
needed anymore. If you depend on this workaround, please let the SSHFS maintainers know,
otherwise support for the workaround will be removed completely in a future version.
Release 3.6.0 (2019-11-03)
--------------------------
* Added "-o direct_io" option.
This option disables the use of page cache in kernel.
This is useful for example if the file size is not known before reading it.
For example if you mount /proc dir from a remote host without the direct_io
option, the read always will return zero bytes instead of actual data.
* Added --verbose option.
* Fixed a number of compiler warnings.
* Improved performance under OS X.
Release 3.5.2 (2019-04-13)
--------------------------
* Fixed "-o idmap=user" to map both UID and GID on all OSs.
* Fixed improper handling of sequential spaces spaces in "ssh_command" option
Release 3.5.1 (2018-12-22)
--------------------------
@@ -61,13 +145,13 @@ Release 3.1.0 (2017-08-04)
* For improved backwards compatibility, SSHFS now also silently
accepts the old ``-o cache_*`` options.
Release 3.0.0 (2017-07-08)
--------------------------
* sshfs now requires libfuse 3.1.0 or newer.
* When supported by the kernel, sshfs now uses writeback caching.
* The `cache` option has been renamed to `dir_cache` for clarity.
* The `cache` option has been renamed to `dir_cache` for clarity.
* Added unit tests
* --debug now behaves like -o debug_sshfs, i.e. it enables sshfs
debugging messages rather than libfuse debugging messages.
@@ -82,7 +166,7 @@ Release 3.0.0 (2017-07-08)
* Removed support for `-o workaround=all`. Workarounds should always
enabled explicitly and only when needed. There is no point in always
enabling a potentially changing set of workarounds.
Release 2.9 (2017-04-17)
------------------------
@@ -121,14 +205,14 @@ Release 2.4 (2012-03-08)
------------------------
* New `slave` option.
* New `idmap`, `uidmap` and `gidmap` options.
* New `idmap`, `uidmap` and `gidmap` options.
* Various small bugfixes.
Release 2.3 (2011-07-01)
------------------------
* Support hard link creation if server is OpenSSH 5.7 or later
* Small improvements and bug fixes
* Small improvements and bug fixes
* Check mount point and options before connecting to ssh server
* New 'delay_connect' option
@@ -141,7 +225,7 @@ Release 2.2 (2008-10-20)
Release 2.1 (2008-07-11)
------------------------
* Small improvements and bug fixes
* Small improvements and bug fixes
Release 2.0 (2008-04-23)
------------------------
+142
View File
@@ -0,0 +1,142 @@
# SSHFS
## About
SSHFS allows you to mount a remote filesystem using SFTP. Most SSH
servers support and enable this SFTP access by default, so SSHFS is
very simple to use - there's nothing to do on the server-side.
## Development Status
SSHFS is shipped by all major Linux distributions and has been in
production use across a wide range of systems for many years. However,
at present SSHFS does not have any active, regular contributors, and
there are a number of known issues (see the [bugtracker](https://github.com/libfuse/sshfs/issues)).
The current maintainer continues to apply pull requests and makes regular
releases, but unfortunately has no capacity to do any development
beyond addressing high-impact issues. When reporting bugs, please
understand that unless you are including a pull request or are
reporting a critical issue, you will probably not get a response.
## How to use
Once sshfs is installed (see next section) running it is very simple:
```
sshfs [user@]hostname:[directory] mountpoint
```
It is recommended to run SSHFS as regular user (not as root). For
this to work the mountpoint must be owned by the user. If username is
omitted SSHFS will use the local username. If the directory is
omitted, SSHFS will mount the (remote) home directory. If you need to
enter a password sshfs will ask for it (actually it just runs ssh
which asks for the password if needed).
Also many ssh options can be specified (see the manual pages for
*sftp(1)* and *ssh_config(5)*), including the remote port number
(`-oport=PORT`)
To unmount the filesystem:
```
fusermount -u mountpoint
```
On BSD and macOS, to unmount the filesystem:
```
umount mountpoint
```
### Bypassing SSH
#### Using directport
Using direct connections to sftp-server to bypass SSH for performance is also possible. To do this, start a network service using sftp-server (part of OpenSSH) on a server, then connect directly using `-o directport=PORT` option.
On server (listen on port 1234 using socat):
`socat tcp-listen:1234,reuseaddr,fork exec:/usr/lib/openssh/sftp-server`
On client:
`sshfs -o directport=1234 127.0.0.1:/tmp /tmp/mnt`
Note that this is insecure as connection will happen without encryption. Only use this on localhost or trusted networks. This option is sometimes used by other projects to mount folders inside VMs.
IPv6 is also possible:
`socat tcp6-listen:1234,reuseaddr,fork exec:/usr/lib/openssh/sftp-server`
`sshfs -o directport=1234 [::1]:/tmp /tmp/mnt`
#### Using vsock
Similarly to above, Linux [vsock](https://man7.org/linux/man-pages/man7/vsock.7.html) can be used to connect directly to sockets within VMs using `-o vsock=CID:PORT`.
```
# on the host
socat VSOCK-LISTEN:12345 EXEC:"/usr/lib/openssh/sftp-server",nofork
# on the clientside
sshfs -o vsock=2:12345 unused_host: ./tmp
```
## Installation
First, download the latest SSHFS release from
https://github.com/libfuse/sshfs/releases. You also need [libfuse](http://github.com/libfuse/libfuse) 3.1.0 or newer (or a
similar library that provides a libfuse3 compatible interface for your operating
system). Finally, you need the [Glib](https://developer.gnome.org/glib/stable/) library with development headers (which should be
available from your operating system's package manager).
To build and install, we recommend to use [Meson](http://mesonbuild.com/) (version 0.38 or
newer) and [Ninja](https://ninja-build.org/). After extracting the sshfs tarball, create a
(temporary) build directory and run Meson:
```
$ mkdir build; cd build
$ meson ..
```
Normally, the default build options will work fine. If you
nevertheless want to adjust them, you can do so with the *mesonconf*
command:
```
$ mesonconf # list options
$ mesonconf -D strip=true # set an option
```
To build, test and install SSHFS, you then use Ninja (running the
tests requires the [py.test](http://www.pytest.org/) Python module):
```
$ ninja
$ python3 -m pytest test/ # optional, but recommended
$ sudo ninja install
```
## Getting Help
If you need help, please ask on the <fuse-sshfs@lists.sourceforge.net>
mailing list (subscribe at
https://lists.sourceforge.net/lists/listinfo/fuse-sshfs).
Please report any bugs on the GitHub issue tracker at
https://github.com/libfuse/sshfs/issues.
## Packaging Status
<a href="https://repology.org/project/fusefs:sshfs/versions">
<img src="https://repology.org/badge/vertical-allrepos/fusefs:sshfs.svg" alt="Packaging status" >
</a>
-94
View File
@@ -1,94 +0,0 @@
SSHFS
=====
About
-----
SSHFS allows you to mount a remote filesystem using SFTP. Most SSH
servers support and enable this SFTP access by default, so SSHFS is
very simple to use - there's nothing to do on the server-side.
How to use
----------
Once sshfs is installed (see next section) running it is very simple::
sshfs [user@]hostname:[directory] mountpoint
It is recommended to run SSHFS as regular user (not as root). For
this to work the mountpoint must be owned by the user. If username is
omitted SSHFS will use the local username. If the directory is
omitted, SSHFS will mount the (remote) home directory. If you need to
enter a password sshfs will ask for it (actually it just runs ssh
which ask for the password if needed).
Also many ssh options can be specified (see the manual pages for
*sftp(1)* and *ssh_config(5)*), including the remote port number
(``-oport=PORT``)
To unmount the filesystem::
fusermount -u mountpoint
On BSD and macOS, to unmount the filesystem::
umount mountpoint
Installation
------------
First, download the latest SSHFS release from
https://github.com/libfuse/sshfs/releases. On Linux and BSD, you will
also need to install libfuse_ 3.1.0 or newer. On macOS, you need
OSXFUSE_ instead. Finally, you need the Glib_ library with development
headers (which should be available from your operating system's
package manager).
To build and install, we recommend to use Meson_ (version 0.38 or
newer) and Ninja_. After extracting the sshfs tarball, create a
(temporary) build directory and run Meson::
$ mkdir build; cd build
$ meson ..
Normally, the default build options will work fine. If you
nevertheless want to adjust them, you can do so with the *mesonconf*
command::
$ mesonconf # list options
$ mesonconf -D strip=true # set an option
To build, test and install SSHFS, you then use Ninja (running the
tests requires the `py.test`_ Python module)::
$ ninja
$ python3 -m pytest test/ # optional, but recommended
$ sudo ninja install
.. _libfuse: http://github.com/libfuse/libfuse
.. _OSXFUSE: https://osxfuse.github.io/
.. _Glib: https://developer.gnome.org/glib/stable/
.. _Meson: http://mesonbuild.com/
.. _Ninja: https://ninja-build.org/
.. _`py.test`: http://www.pytest.org/
Getting Help
------------
If you need help, please ask on the <fuse-sshfs@lists.sourceforge.net>
mailing list (subscribe at
https://lists.sourceforge.net/lists/listinfo/fuse-sshfs).
Please report any bugs on the GitHub issue tracker at
https://github.com/libfuse/libfuse/issues.
Professional Support
--------------------
Professional support is offered via `Rath Consulting`_.
.. _`Rath Consulting`: http://www.rath-consulting.biz
+41 -19
View File
@@ -14,6 +14,7 @@
#include <errno.h>
#include <glib.h>
#include <pthread.h>
#include <sys/stat.h>
#define DEFAULT_CACHE_TIMEOUT_SECS 20
#define DEFAULT_MAX_CACHE_SIZE 10000
@@ -40,7 +41,7 @@ static struct cache cache;
struct node {
struct stat stat;
time_t stat_valid;
char **dir;
GPtrArray *dir;
time_t dir_valid;
char *link;
time_t link_valid;
@@ -63,13 +64,28 @@ struct file_handle {
unsigned long fs_fh;
};
struct cache_dirent {
char *name;
struct stat stat;
};
static void free_node(gpointer node_)
{
struct node *node = (struct node *) node_;
g_strfreev(node->dir);
if (node->dir != NULL) {
g_ptr_array_free(node->dir, TRUE);
}
g_free(node);
}
static void free_cache_dirent(gpointer data) {
struct cache_dirent *cache_dirent = (struct cache_dirent *) data;
if (cache_dirent != NULL) {
g_free(cache_dirent->name);
g_free(cache_dirent);
}
}
static int cache_clean_entry(void *key_, struct node *node, time_t *now)
{
(void) key_;
@@ -186,13 +202,15 @@ void cache_add_attr(const char *path, const struct stat *stbuf, uint64_t wrctr)
pthread_mutex_unlock(&cache.lock);
}
static void cache_add_dir(const char *path, char **dir)
static void cache_add_dir(const char *path, GPtrArray *dir)
{
struct node *node;
pthread_mutex_lock(&cache.lock);
node = cache_get(path);
g_strfreev(node->dir);
if (node->dir != NULL) {
g_ptr_array_free(node->dir, TRUE);
}
node->dir = dir;
node->dir_valid = time(NULL) + cache.dir_timeout_secs;
if (node->dir_valid > node->valid)
@@ -256,9 +274,9 @@ static void *cache_init(struct fuse_conn_info *conn,
{
void *res;
res = cache.next_oper->init(conn, cfg);
// Cache requires a path for each request
cfg->nullpath_ok = 0;
cfg->nullpath_ok = 0;
return res;
}
@@ -318,9 +336,9 @@ static int cache_releasedir(const char *path, struct fuse_file_info *fi)
{
int err;
struct file_handle *cfi;
cfi = (struct file_handle*) fi->fh;
if(cfi->is_open) {
fi->fh = cfi->fs_fh;
err = cache.next_oper->releasedir(path, fi);
@@ -341,7 +359,10 @@ static int cache_dirfill (void *buf, const char *name,
ch = (struct readdir_handle*) buf;
err = ch->filler(ch->buf, name, stbuf, off, flags);
if (!err) {
g_ptr_array_add(ch->dir, g_strdup(name));
struct cache_dirent *cdent = g_malloc(sizeof(struct cache_dirent));
cdent->name = g_strdup(name);
cdent->stat = *stbuf;
g_ptr_array_add(ch->dir, cdent);
if (stbuf->st_mode & S_IFMT) {
char *fullpath;
const char *basepath = !ch->path[1] ? "" : ch->path;
@@ -361,19 +382,20 @@ static int cache_readdir(const char *path, void *buf, fuse_fill_dir_t filler,
struct readdir_handle ch;
struct file_handle *cfi;
int err;
char **dir;
GPtrArray *dir;
struct node *node;
struct cache_dirent **cdent;
assert(offset == 0);
pthread_mutex_lock(&cache.lock);
node = cache_lookup(path);
if (node != NULL && node->dir != NULL) {
time_t now = time(NULL);
if (node->dir_valid - now >= 0) {
for(dir = node->dir; *dir != NULL; dir++)
// FIXME: What about st_mode?
filler(buf, *dir, NULL, 0, 0);
for(cdent = (struct cache_dirent**)node->dir->pdata; *cdent != NULL; cdent++) {
filler(buf, (*cdent)->name, &(*cdent)->stat, 0, 0);
}
pthread_mutex_unlock(&cache.lock);
return 0;
}
@@ -391,22 +413,22 @@ static int cache_readdir(const char *path, void *buf, fuse_fill_dir_t filler,
}
cfi->is_open = 1;
cfi->fs_fh = fi->fh;
}
}
ch.path = path;
ch.buf = buf;
ch.filler = filler;
ch.dir = g_ptr_array_new();
g_ptr_array_set_free_func(ch.dir, free_cache_dirent);
ch.wrctr = cache_get_write_ctr();
err = cache.next_oper->readdir(path, &ch, cache_dirfill, offset, fi, flags);
g_ptr_array_add(ch.dir, NULL);
dir = (char **) ch.dir->pdata;
dir = ch.dir;
if (!err) {
cache_add_dir(path, dir);
} else {
g_strfreev(dir);
g_ptr_array_free(dir, TRUE);
}
g_ptr_array_free(ch.dir, FALSE);
return err;
}
-364
View File
@@ -1,364 +0,0 @@
/*
FUSE: Filesystem in Userspace
Copyright (C) 2001-2006 Miklos Szeredi <miklos@szeredi.hu>
This program can be distributed under the terms of the GNU LGPL.
See the file COPYING.LIB
*/
#include "fuse_opt.h"
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <assert.h>
struct fuse_opt_context {
void *data;
const struct fuse_opt *opt;
fuse_opt_proc_t proc;
int argctr;
int argc;
char **argv;
struct fuse_args outargs;
char *opts;
int nonopt;
};
void fuse_opt_free_args(struct fuse_args *args)
{
if (args && args->argv && args->allocated) {
int i;
for (i = 0; i < args->argc; i++)
free(args->argv[i]);
free(args->argv);
args->argv = NULL;
args->allocated = 0;
}
}
static int alloc_failed(void)
{
fprintf(stderr, "fuse: memory allocation failed\n");
return -1;
}
int fuse_opt_add_arg(struct fuse_args *args, const char *arg)
{
char **newargv;
char *newarg;
assert(!args->argv || args->allocated);
newargv = realloc(args->argv, (args->argc + 2) * sizeof(char *));
newarg = newargv ? strdup(arg) : NULL;
if (!newargv || !newarg)
return alloc_failed();
args->argv = newargv;
args->allocated = 1;
args->argv[args->argc++] = newarg;
args->argv[args->argc] = NULL;
return 0;
}
int fuse_opt_insert_arg(struct fuse_args *args, int pos, const char *arg)
{
assert(pos <= args->argc);
if (fuse_opt_add_arg(args, arg) == -1)
return -1;
if (pos != args->argc - 1) {
char *newarg = args->argv[args->argc - 1];
memmove(&args->argv[pos + 1], &args->argv[pos],
sizeof(char *) * (args->argc - pos - 1));
args->argv[pos] = newarg;
}
return 0;
}
static int next_arg(struct fuse_opt_context *ctx, const char *opt)
{
if (ctx->argctr + 1 >= ctx->argc) {
fprintf(stderr, "fuse: missing argument after `%s'\n", opt);
return -1;
}
ctx->argctr++;
return 0;
}
static int add_arg(struct fuse_opt_context *ctx, const char *arg)
{
return fuse_opt_add_arg(&ctx->outargs, arg);
}
int fuse_opt_add_opt(char **opts, const char *opt)
{
char *newopts;
if (!*opts)
newopts = strdup(opt);
else {
unsigned oldlen = strlen(*opts);
newopts = realloc(*opts, oldlen + 1 + strlen(opt) + 1);
if (newopts) {
newopts[oldlen] = ',';
strcpy(newopts + oldlen + 1, opt);
}
}
if (!newopts)
return alloc_failed();
*opts = newopts;
return 0;
}
static int add_opt(struct fuse_opt_context *ctx, const char *opt)
{
return fuse_opt_add_opt(&ctx->opts, opt);
}
static int call_proc(struct fuse_opt_context *ctx, const char *arg, int key,
int iso)
{
if (key == FUSE_OPT_KEY_DISCARD)
return 0;
if (key != FUSE_OPT_KEY_KEEP && ctx->proc) {
int res = ctx->proc(ctx->data, arg, key, &ctx->outargs);
if (res == -1 || !res)
return res;
}
if (iso)
return add_opt(ctx, arg);
else
return add_arg(ctx, arg);
}
static int match_template(const char *t, const char *arg, unsigned *sepp)
{
int arglen = strlen(arg);
const char *sep = strchr(t, '=');
sep = sep ? sep : strchr(t, ' ');
if (sep && (!sep[1] || sep[1] == '%')) {
int tlen = sep - t;
if (sep[0] == '=')
tlen ++;
if (arglen >= tlen && strncmp(arg, t, tlen) == 0) {
*sepp = sep - t;
return 1;
}
}
if (strcmp(t, arg) == 0) {
*sepp = 0;
return 1;
}
return 0;
}
static const struct fuse_opt *find_opt(const struct fuse_opt *opt,
const char *arg, unsigned *sepp)
{
for (; opt && opt->templ; opt++)
if (match_template(opt->templ, arg, sepp))
return opt;
return NULL;
}
int fuse_opt_match(const struct fuse_opt *opts, const char *opt)
{
unsigned dummy;
return find_opt(opts, opt, &dummy) ? 1 : 0;
}
static int process_opt_param(void *var, const char *format, const char *param,
const char *arg)
{
assert(format[0] == '%');
if (format[1] == 's') {
char *copy = strdup(param);
if (!copy)
return alloc_failed();
*(char **) var = copy;
} else {
if (sscanf(param, format, var) != 1) {
fprintf(stderr, "fuse: invalid parameter in option `%s'\n", arg);
return -1;
}
}
return 0;
}
static int process_opt(struct fuse_opt_context *ctx,
const struct fuse_opt *opt, unsigned sep,
const char *arg, int iso)
{
if (opt->offset == -1U) {
if (call_proc(ctx, arg, opt->value, iso) == -1)
return -1;
} else {
void *var = ctx->data + opt->offset;
if (sep && opt->templ[sep + 1]) {
const char *param = arg + sep;
if (opt->templ[sep] == '=')
param ++;
if (process_opt_param(var, opt->templ + sep + 1,
param, arg) == -1)
return -1;
} else
*(int *)var = opt->value;
}
return 0;
}
static int process_opt_sep_arg(struct fuse_opt_context *ctx,
const struct fuse_opt *opt, unsigned sep,
const char *arg, int iso)
{
int res;
char *newarg;
char *param;
if (next_arg(ctx, arg) == -1)
return -1;
param = ctx->argv[ctx->argctr];
newarg = malloc(sep + strlen(param) + 1);
if (!newarg)
return alloc_failed();
memcpy(newarg, arg, sep);
strcpy(newarg + sep, param);
res = process_opt(ctx, opt, sep, newarg, iso);
free(newarg);
return res;
}
static int process_gopt(struct fuse_opt_context *ctx, const char *arg, int iso)
{
unsigned sep;
const struct fuse_opt *opt = find_opt(ctx->opt, arg, &sep);
if (opt) {
for (; opt; opt = find_opt(opt + 1, arg, &sep)) {
int res;
if (sep && opt->templ[sep] == ' ' && !arg[sep])
res = process_opt_sep_arg(ctx, opt, sep, arg, iso);
else
res = process_opt(ctx, opt, sep, arg, iso);
if (res == -1)
return -1;
}
return 0;
} else
return call_proc(ctx, arg, FUSE_OPT_KEY_OPT, iso);
}
static int process_real_option_group(struct fuse_opt_context *ctx, char *opts)
{
char *sep;
do {
int res;
sep = strchr(opts, ',');
if (sep)
*sep = '\0';
res = process_gopt(ctx, opts, 1);
if (res == -1)
return -1;
opts = sep + 1;
} while (sep);
return 0;
}
static int process_option_group(struct fuse_opt_context *ctx, const char *opts)
{
int res;
char *copy;
const char *sep = strchr(opts, ',');
if (!sep)
return process_gopt(ctx, opts, 1);
copy = strdup(opts);
if (!copy) {
fprintf(stderr, "fuse: memory allocation failed\n");
return -1;
}
res = process_real_option_group(ctx, copy);
free(copy);
return res;
}
static int process_one(struct fuse_opt_context *ctx, const char *arg)
{
if (ctx->nonopt || arg[0] != '-')
return call_proc(ctx, arg, FUSE_OPT_KEY_NONOPT, 0);
else if (arg[1] == 'o') {
if (arg[2])
return process_option_group(ctx, arg + 2);
else {
if (next_arg(ctx, arg) == -1)
return -1;
return process_option_group(ctx, ctx->argv[ctx->argctr]);
}
} else if (arg[1] == '-' && !arg[2]) {
if (add_arg(ctx, arg) == -1)
return -1;
ctx->nonopt = ctx->outargs.argc;
return 0;
} else
return process_gopt(ctx, arg, 0);
}
static int opt_parse(struct fuse_opt_context *ctx)
{
if (ctx->argc) {
if (add_arg(ctx, ctx->argv[0]) == -1)
return -1;
}
for (ctx->argctr = 1; ctx->argctr < ctx->argc; ctx->argctr++)
if (process_one(ctx, ctx->argv[ctx->argctr]) == -1)
return -1;
if (ctx->opts) {
if (fuse_opt_insert_arg(&ctx->outargs, 1, "-o") == -1 ||
fuse_opt_insert_arg(&ctx->outargs, 2, ctx->opts) == -1)
return -1;
}
if (ctx->nonopt && ctx->nonopt == ctx->outargs.argc) {
free(ctx->outargs.argv[ctx->outargs.argc - 1]);
ctx->outargs.argv[--ctx->outargs.argc] = NULL;
}
return 0;
}
int fuse_opt_parse(struct fuse_args *args, void *data,
const struct fuse_opt opts[], fuse_opt_proc_t proc)
{
int res;
struct fuse_opt_context ctx = {
.data = data,
.opt = opts,
.proc = proc,
};
if (!args || !args->argv || !args->argc)
return 0;
ctx.argc = args->argc;
ctx.argv = args->argv;
res = opt_parse(&ctx);
if (res != -1) {
struct fuse_args tmp = *args;
*args = ctx.outargs;
ctx.outargs = tmp;
}
free(ctx.opts);
fuse_opt_free_args(&ctx.outargs);
return res;
}
-258
View File
@@ -1,258 +0,0 @@
/*
FUSE: Filesystem in Userspace
Copyright (C) 2001-2006 Miklos Szeredi <miklos@szeredi.hu>
This program can be distributed under the terms of the GNU GPL.
See the file COPYING.
*/
#ifndef _FUSE_OPT_H_
#define _FUSE_OPT_H_
/* This file defines the option parsing interface of FUSE */
#ifdef __cplusplus
extern "C" {
#endif
/**
* Option description
*
* This structure describes a single option, and and action associated
* with it, in case it matches.
*
* More than one such match may occur, in which case the action for
* each match is executed.
*
* There are three possible actions in case of a match:
*
* i) An integer (int or unsigned) variable determined by 'offset' is
* set to 'value'
*
* ii) The processing function is called, with 'value' as the key
*
* iii) An integer (any) or string (char *) variable determined by
* 'offset' is set to the value of an option parameter
*
* 'offset' should normally be either set to
*
* - 'offsetof(struct foo, member)' actions i) and iii)
*
* - -1 action ii)
*
* The 'offsetof()' macro is defined in the <stddef.h> header.
*
* The template determines which options match, and also have an
* effect on the action. Normally the action is either i) or ii), but
* if a format is present in the template, then action iii) is
* performed.
*
* The types of templates are:
*
* 1) "-x", "-foo", "--foo", "--foo-bar", etc. These match only
* themselves. Invalid values are "--" and anything beginning
* with "-o"
*
* 2) "foo", "foo-bar", etc. These match "-ofoo", "-ofoo-bar" or
* the relevant option in a comma separated option list
*
* 3) "bar=", "--foo=", etc. These are variations of 1) and 2)
* which have a parameter
*
* 4) "bar=%s", "--foo=%lu", etc. Same matching as above but perform
* action iii).
*
* 5) "-x ", etc. Matches either "-xparam" or "-x param" as
* two separate arguments
*
* 6) "-x %s", etc. Combination of 4) and 5)
*
* If the format is "%s", memory is allocated for the string unlike
* with scanf().
*/
struct fuse_opt {
/** Matching template and optional parameter formatting */
const char *templ;
/**
* Offset of variable within 'data' parameter of fuse_opt_parse()
* or -1
*/
unsigned long offset;
/**
* Value to set the variable to, or to be passed as 'key' to the
* processing function. Ignored if template has a format
*/
int value;
};
/**
* Key option. In case of a match, the processing function will be
* called with the specified key.
*/
#define FUSE_OPT_KEY(templ, key) { templ, -1U, key }
/**
* Last option. An array of 'struct fuse_opt' must end with a NULL
* template value
*/
#define FUSE_OPT_END { .templ = NULL }
/**
* Argument list
*/
struct fuse_args {
/** Argument count */
int argc;
/** Argument vector. NULL terminated */
char **argv;
/** Is 'argv' allocated? */
int allocated;
};
/**
* Initializer for 'struct fuse_args'
*/
#define FUSE_ARGS_INIT(argc, argv) { argc, argv, 0 }
/**
* Key value passed to the processing function if an option did not
* match any template
*/
#define FUSE_OPT_KEY_OPT -1
/**
* Key value passed to the processing function for all non-options
*
* Non-options are the arguments beginning with a charater other than
* '-' or all arguments after the special '--' option
*/
#define FUSE_OPT_KEY_NONOPT -2
/**
* Special key value for options to keep
*
* Argument is not passed to processing function, but behave as if the
* processing function returned 1
*/
#define FUSE_OPT_KEY_KEEP -3
/**
* Special key value for options to discard
*
* Argument is not passed to processing function, but behave as if the
* processing function returned zero
*/
#define FUSE_OPT_KEY_DISCARD -4
/**
* Processing function
*
* This function is called if
* - option did not match any 'struct fuse_opt'
* - argument is a non-option
* - option did match and offset was set to -1
*
* The 'arg' parameter will always contain the whole argument or
* option including the parameter if exists. A two-argument option
* ("-x foo") is always converted to single arguemnt option of the
* form "-xfoo" before this function is called.
*
* Options of the form '-ofoo' are passed to this function without the
* '-o' prefix.
*
* The return value of this function determines whether this argument
* is to be inserted into the output argument vector, or discarded.
*
* @param data is the user data passed to the fuse_opt_parse() function
* @param arg is the whole argument or option
* @param key determines why the processing function was called
* @param outargs the current output argument list
* @return -1 on error, 0 if arg is to be discarded, 1 if arg should be kept
*/
typedef int (*fuse_opt_proc_t)(void *data, const char *arg, int key,
struct fuse_args *outargs);
/**
* Option parsing function
*
* If 'args' was returned from a previous call to fuse_opt_parse() or
* it was constructed from
*
* A NULL 'args' is equivalent to an empty argument vector
*
* A NULL 'opts' is equivalent to an 'opts' array containing a single
* end marker
*
* A NULL 'proc' is equivalent to a processing function always
* returning '1'
*
* @param args is the input and output argument list
* @param data is the user data
* @param opts is the option description array
* @param proc is the processing function
* @return -1 on error, 0 on success
*/
int fuse_opt_parse(struct fuse_args *args, void *data,
const struct fuse_opt opts[], fuse_opt_proc_t proc);
/**
* Add an option to a comma separated option list
*
* @param opts is a pointer to an option list, may point to a NULL value
* @param opt is the option to add
* @return -1 on allocation error, 0 on success
*/
int fuse_opt_add_opt(char **opts, const char *opt);
/**
* Add an argument to a NULL terminated argument vector
*
* @param args is the structure containing the current argument list
* @param arg is the new argument to add
* @return -1 on allocation error, 0 on success
*/
int fuse_opt_add_arg(struct fuse_args *args, const char *arg);
/**
* Add an argument at the specified position in a NULL terminated
* argument vector
*
* Adds the argument to the N-th position. This is useful for adding
* options at the beggining of the array which must not come after the
* special '--' option.
*
* @param args is the structure containing the current argument list
* @param pos is the position at which to add the argument
* @param arg is the new argument to add
* @return -1 on allocation error, 0 on success
*/
int fuse_opt_insert_arg(struct fuse_args *args, int pos, const char *arg);
/**
* Free the contents of argument list
*
* The structure itself is not freed
*
* @param args is the structure containing the argument list
*/
void fuse_opt_free_args(struct fuse_args *args);
/**
* Check if an option matches
*
* @param opts is the option description array
* @param opt is the option to match
* @return 1 if a match is found, 0 if not
*/
int fuse_opt_match(const struct fuse_opt opts[], const char *opt);
#ifdef __cplusplus
}
#endif
#endif /* _FUSE_OPT_H_ */
-1
View File
@@ -27,4 +27,3 @@ gpg --armor --detach-sign "${TAG}.tar.xz"
PREV_TAG="$(git tag --list 'sshfs-3*' --sort=-taggerdate --merged "${TAG}^"| head -1)"
echo "Contributors from ${PREV_TAG} to ${TAG}:"
git log --pretty="format:%an <%aE>" "${PREV_TAG}..${TAG}" | sort -u
+5 -5
View File
@@ -1,5 +1,5 @@
project('sshfs', 'c', version: '3.5.1',
meson_version: '>= 0.38',
project('sshfs', 'c', version: '3.7.6',
meson_version: '>= 0.40',
default_options: [ 'buildtype=debugoptimized' ])
add_global_arguments('-D_REENTRANT', '-DHAVE_CONFIG_H',
@@ -26,7 +26,7 @@ endif
rst2man = find_program('rst2man', 'rst2man.py', required: false)
cfg = configuration_data()
cfg.set_quoted('PACKAGE_VERSION', meson.project_version())
@@ -34,8 +34,9 @@ cfg.set_quoted('PACKAGE_VERSION', meson.project_version())
include_dirs = [ include_directories('.') ]
sshfs_sources = ['sshfs.c', 'cache.c']
if target_machine.system() == 'darwin'
add_global_arguments('-DFUSE_DARWIN_ENABLE_EXTENSIONS=0', language: 'c')
cfg.set_quoted('IDMAP_DEFAULT', 'user')
sshfs_sources += [ 'compat/fuse_opt.c', 'compat/darwin_compat.c' ]
sshfs_sources += [ 'compat/darwin_compat.c' ]
include_dirs += [ include_directories('compat') ]
else
cfg.set_quoted('IDMAP_DEFAULT', 'none')
@@ -69,4 +70,3 @@ meson.add_install_script('utils/install_helper.sh',
subdir('test')
+733 -289
View File
File diff suppressed because it is too large Load Diff
+69 -22
View File
@@ -27,21 +27,24 @@ To unmount it::
Description
===========
SSHFS allows you to mount a remote filesystem using SSH (more
precisely, the SFTP subsystem). Most SSH servers support and enable
this SFTP access by default, so SSHFS is very simple to use - there's
nothing to do on the server-side.
SSHFS allows you to mount a remote filesystem using SSH (more precisely, the SFTP
subsystem). Most SSH servers support and enable this SFTP access by default, so SSHFS is
very simple to use - there's nothing to do on the server-side.
SSHFS uses FUSE (Filesystem in Userspace) and should work on any
operating system that provides a FUSE implementation. Currently,
this includes Linux, FreeBSD and Mac OS X.
By default, file permissions are ignored by SSHFS. Any user that can access the filesystem
will be able to perform any operation that the remote server permits - based on the
credentials that were used to connect to the server. If this is undesired, local
permission checking can be enabled with ``-o default_permissions``.
It is recommended to run SSHFS as regular user (not as root). For
this to work the mountpoint must be owned by the user. If username is
omitted SSHFS will use the local username. If the directory is
omitted, SSHFS will mount the (remote) home directory. If you need to
enter a password sshfs will ask for it (actually it just runs ssh
which ask for the password if needed).
By default, only the mounting user will be able to access the filesystem. Access for other
users can be enabled by passing ``-o allow_other``. In this case you most likely also
want to use ``-o default_permissions``.
It is recommended to run SSHFS as regular user (not as root). For this to work the
mountpoint must be owned by the user. If username is omitted SSHFS will use the local
username. If the directory is omitted, SSHFS will mount the (remote) home directory. If
you need to enter a password sshfs will ask for it (actually it just runs ssh which ask
for the password if needed).
Options
@@ -153,8 +156,14 @@ Options
-o directport=PORT
directly connect to PORT bypassing ssh
-o slave
communicate over stdin and stdout bypassing network
-o vsock=CID:PORT
directly connect using a vsock to CID:PORT bypassing ssh
-o passive
communicate over stdin and stdout bypassing network. Useful for
mounting local filesystem on the remote side. An example using
dpipe command would be ``dpipe /usr/lib/openssh/sftp-server = ssh
RemoteHostname sshfs :/directory/to/be/shared ~/mnt/src -o passive``
-o disable_hardlink
With this option set, attempts to call `link(2)` will fail with
@@ -166,6 +175,21 @@ Options
``/foo/bar/com`` is a symlink to ``/foo/blub``, SSHFS will
transform the link target to ``../blub`` on the client side.
-o contain_symlinks
reject symlink targets that are absolute or contain ``..``
components. When a blocked symlink is encountered, readlink
returns EPERM. This is enabled by default to prevent a
malicious server from inducing local file reads or writes
through crafted symlink targets. Note that this is stricter
than ``transform_symlinks``: the two options should not normally
be combined, since transformed results often contain ``..``
and would be rejected by containment.
-o no_contain_symlinks
disable symlink containment and allow all symlink targets
through unchanged, including absolute paths and paths
containing ``..``. Only use this with fully trusted servers.
-o follow_symlinks
follow symlinks on the server, i.e. present them as regular
files on the client. If a symlink is dangling (i.e, the target does
@@ -184,17 +208,17 @@ Options
directory cache holds the names of directory entries. Enabling it
allows `readdir(3)` system calls to be processed without network
access.
-o dcache_max_size=N
sets the maximum size of the directory cache.
-o dcache_timeout=N
sets timeout for directory cache in seconds.
-o dcache_{stat,link,dir}_timeout=N
sets separate timeout for {attributes, symlinks, names} in the
directory cache.
-o dcache_clean_interval=N
sets the interval for automatic cleaning of the directory cache.
@@ -202,6 +226,27 @@ Options
sets the interval for forced cleaning of the directory cache
when full.
-o direct_io
This option disables the use of page cache (file content cache) in
the kernel for this filesystem.
This has several affects:
1. Each read() or write() system call will initiate one or more read or
write operations, data will not be cached in the kernel.
2. The return value of the read() and write() system calls will correspond
to the return values of the read and write operations. This is useful
for example if the file size is not known in advance (before reading it).
e.g. /proc filesystem
-o max_conns=N
sets the maximum number of simultaneous SSH connections
to use. Each connection is established with a separate SSH process.
The primary purpose of this feature is to improve the responsiveness of the
file system during large file transfers. When using more than once
connection, the *password_stdin* and *passive* options can not be
used, and the *buflimit* workaround is not supported.
In addition, SSHFS accepts several options common to all FUSE file
systems. These are described in the `mount.fuse` manpage (look
for "general", "libfuse specific", and "high-level API" options).
@@ -247,7 +292,7 @@ SSHFS hangs for no apparent reason
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In some cases, attempts to access the SSHFS mountpoint may freeze if
no filesystem activity has occured for some time. This is typically
no filesystem activity has occurred for some time. This is typically
caused by the SSH connection being dropped because of inactivity
without SSHFS being informed about that. As a workaround, you can try
to mount with ``-o ServerAliveInterval=15``. This will force the SSH
@@ -284,7 +329,7 @@ interrupted.
Mounting from /etc/fstab
========================
To mount an SSHFS filesystem from ``/etc/fstab``, simply use ``sshfs`
To mount an SSHFS filesystem from ``/etc/fstab``, simply use ``sshfs``
as the file system type. (For backwards compatibility, you may also
use ``fuse.sshfs``).
@@ -308,9 +353,11 @@ https://github.com/libfuse/libfuse/issues.
Authors
=======
SSHFS is currently maintained by Nikolaus Rath <Nikolaus@rath.org>,
SSHFS was maintained by Nikolaus Rath <Nikolaus@rath.org>,
and was created by Miklos Szeredi <miklos@szeredi.hu>.
See https://github.com/libfuse/sshfs for new maintainer information.
This man page was originally written by Bartosz Fenski
<fenio@debian.org> for the Debian GNU/Linux distribution (but it may
be used by others).
+3 -2
View File
@@ -1,7 +1,8 @@
#!/bin/bash
set -e
machine=$(uname -m)
mkdir build-$machine
cd build-$machine
mkdir "build-$machine"
cd "build-$machine"
meson ..
ninja
+44 -21
View File
@@ -3,24 +3,28 @@ import pytest
import time
import re
# If a test fails, wait a moment before retrieving the captured
# stdout/stderr. When using a server process, this makes sure that we capture
# any potential output of the server that comes *after* a test has failed. For
# example, if a request handler raises an exception, the server first signals an
# error to FUSE (causing the test to fail), and then logs the exception. Without
# the extra delay, the exception will go into nowhere.
@pytest.mark.hookwrapper
# If a test fails, wait a moment before retrieving the captured stdout/stderr.
# When using a server process, this makes sure that we capture any potential
# output of the server that comes *after* a test has failed. For example, if a
# request handler raises an exception, the server first signals an error to
# FUSE (causing the test to fail), and then logs the exception. Without the
# extra delay, the exception will go into nowhere.
@pytest.hookimpl(hookwrapper=True)
def pytest_pyfunc_call(pyfuncitem):
outcome = yield
failed = outcome.excinfo is not None
if failed:
time.sleep(1)
@pytest.fixture()
def pass_capfd(request, capfd):
'''Provide capfd object to UnitTest instances'''
"""Provide capfd object to UnitTest instances"""
request.instance.capfd = capfd
def check_test_output(capfd):
(stdout, stderr) = capfd.readouterr()
@@ -31,39 +35,57 @@ def check_test_output(capfd):
# Strip out false positives
for (pattern, flags, count) in capfd.false_positives:
cp = re.compile(pattern, flags)
(stdout, cnt) = cp.subn('', stdout, count=count)
(stdout, cnt) = cp.subn("", stdout, count=count)
if count == 0 or count - cnt > 0:
stderr = cp.sub('', stderr, count=count - cnt)
stderr = cp.sub("", stderr, count=count - cnt)
patterns = [ r'\b{}\b'.format(x) for x in
('exception', 'error', 'warning', 'fatal', 'traceback',
'fault', 'crash(?:ed)?', 'abort(?:ed)',
'uninitiali[zs]ed') ]
patterns += ['^==[0-9]+== ']
patterns = [
r"\b{}\b".format(x)
for x in (
"exception",
"error",
"warning",
"fatal",
"traceback",
"fault",
"crash(?:ed)?",
"abort(?:ed)",
"uninitiali[zs]ed",
)
]
patterns += ["^==[0-9]+== "]
for pattern in patterns:
cp = re.compile(pattern, re.IGNORECASE | re.MULTILINE)
hit = cp.search(stderr)
if hit:
raise AssertionError('Suspicious output to stderr (matched "%s")' % hit.group(0))
raise AssertionError(
'Suspicious output to stderr (matched "%s")' % hit.group(0)
)
hit = cp.search(stdout)
if hit:
raise AssertionError('Suspicious output to stdout (matched "%s")' % hit.group(0))
raise AssertionError(
'Suspicious output to stdout (matched "%s")' % hit.group(0)
)
def register_output(self, pattern, count=1, flags=re.MULTILINE):
'''Register *pattern* as false positive for output checking
"""Register *pattern* as false positive for output checking
This prevents the test from failing because the output otherwise
appears suspicious.
'''
"""
self.false_positives.append((pattern, flags, count))
# This is a terrible hack that allows us to access the fixtures from the
# pytest_runtest_call hook. Among a lot of other hidden assumptions, it probably
# relies on tests running sequential (i.e., don't dare to use e.g. the xdist
# plugin)
current_capfd = None
@pytest.yield_fixture(autouse=True)
@pytest.fixture(autouse=True)
def save_cap_fixtures(request, capfd):
global current_capfd
capfd.false_positives = []
@@ -71,7 +93,7 @@ def save_cap_fixtures(request, capfd):
# Monkeypatch in a function to register false positives
type(capfd).register_output = register_output
if request.config.getoption('capture') == 'no':
if request.config.getoption("capture") == "no":
capfd = None
current_capfd = capfd
bak = current_capfd
@@ -82,6 +104,7 @@ def save_cap_fixtures(request, capfd):
assert bak is current_capfd
current_capfd = None
@pytest.hookimpl(trylast=True)
def pytest_runtest_call(item):
capfd = current_capfd
Executable
+4
View File
@@ -0,0 +1,4 @@
#!/bin/bash
set -e
pip3 install --user pre-commit
pre-commit run --all-files --show-diff-on-failure
+2 -2
View File
@@ -1,8 +1,8 @@
test_scripts = [ 'conftest.py', 'pytest.ini', 'test_sshfs.py',
'util.py' ]
'test_hostname_validation.py', 'util.py' ]
custom_target('test_scripts', input: test_scripts,
output: test_scripts, build_by_default: true,
command: ['cp', '-fPp',
command: ['cp', '-fPp',
'@INPUT@', meson.current_build_dir() ])
# Provide something helpful when running 'ninja test'
+2
View File
@@ -1,2 +1,4 @@
[pytest]
addopts = --verbose --assert=rewrite --tb=native -x -r a
markers = uses_fuse: Mark to indicate that FUSE is available on the system running the test
+60
View File
@@ -0,0 +1,60 @@
#!/usr/bin/env python3
"""Tests for hostname validation — no FUSE mount required."""
if __name__ == "__main__":
import pytest
import sys
sys.exit(pytest.main([__file__] + sys.argv[1:]))
import subprocess
from util import base_cmdline, basename
from os.path import join as pjoin
def test_reject_option_injection_in_hostname(tmpdir):
"""Bracketed source that resolves to a dash-prefixed host must be rejected."""
mnt_dir = str(tmpdir.mkdir("mnt"))
malicious = "[-oProxyCommand=echo pwned]:/path"
cmdline = base_cmdline + [
pjoin(basename, "sshfs"),
"-f",
malicious,
mnt_dir,
]
res = subprocess.run(
cmdline,
stdin=subprocess.DEVNULL,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
timeout=10,
text=True,
)
assert res.returncode != 0
assert "invalid hostname" in res.stderr
def test_reject_dash_host_after_doubledash(tmpdir):
"""Non-bracketed dash-prefixed source after -- must also be rejected."""
mnt_dir = str(tmpdir.mkdir("mnt"))
cmdline = base_cmdline + [
pjoin(basename, "sshfs"),
"-f",
"--",
"-oProxyCommand=echo pwned:/path",
mnt_dir,
]
res = subprocess.run(
cmdline,
stdin=subprocess.DEVNULL,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
timeout=10,
text=True,
)
assert res.returncode != 0
assert "invalid hostname" in res.stderr
+742 -104
View File
File diff suppressed because it is too large Load Diff
+12 -8
View File
@@ -6,36 +6,40 @@ set -e
# that we still need to fix
export ASAN_OPTIONS="detect_leaks=0"
export LSAN_OPTIONS="suppressions=$(pwd)/test/lsan_suppress.txt"
export LSAN_OPTIONS="suppressions=${PWD}/test/lsan_suppress.txt"
export CC
TEST_CMD="python3 -m pytest --maxfail=99 test/"
# Standard build with Valgrind
for CC in gcc gcc-6 clang; do
mkdir build-${CC}; cd build-${CC}
if [ ${CC} == 'gcc-6' ]; then
for CC in gcc clang; do
(
mkdir "build-${CC}"; cd "build-${CC}"
if [ "${CC}" == 'gcc-6' ]; then
build_opts='-D b_lundef=false'
else
build_opts=''
fi
# shellcheck disable=SC2086
meson -D werror=true ${build_opts} ../
ninja
TEST_WITH_VALGRIND=true ${TEST_CMD}
cd ..
)
done
(cd build-$CC; sudo ninja install)
(cd "build-${CC}"; sudo ninja install)
# Sanitized build
CC=clang
for san in undefined address; do
mkdir build-${san}; cd build-${san}
(
mkdir "build-${san}"
cd "build-${san}"
# b_lundef=false is required to work around clang
# bug, cf. https://groups.google.com/forum/#!topic/mesonbuild/tgEdAXIIdC4
meson -D b_sanitize=${san} -D b_lundef=false -D werror=true ..
ninja
${TEST_CMD}
sudo ninja install
cd ..
)
done
+2 -14
View File
@@ -2,34 +2,22 @@
set -e
# Meson 0.45 requires Python 3.5 or newer
sudo python3 -m pip install pytest meson==0.44
wget https://github.com/ninja-build/ninja/releases/download/v1.7.2/ninja-linux.zip
unzip ninja-linux.zip
chmod 755 ninja
sudo chown root:root ninja
sudo mv -fv ninja /usr/local/bin
valgrind --version
ninja --version
meson --version
# Install fuse
wget https://github.com/libfuse/libfuse/archive/master.zip
unzip master.zip
cd libfuse-master
mkdir build
cd build
export CC=gcc-6
meson ..
ninja
sudo ninja install
test -e /usr/local/lib/pkgconfig || sudo mkdir /usr/local/lib/pkgconfig
sudo mv /usr/local/lib/*/pkgconfig/* /usr/local/lib/pkgconfig/
ls -d1 /usr/local/lib/*-linux-gnu | sudo tee /etc/ld.so.conf.d/usrlocal.conf
printf '%s\n' /usr/local/lib/*-linux-gnu | sudo tee /etc/ld.so.conf.d/usrlocal.conf
sudo ldconfig
# Setup ssh
ssh-keygen -b 768 -t rsa -f ~/.ssh/id_rsa -P ''
ssh-keygen -b 1024 -t rsa -f ~/.ssh/id_rsa -P ''
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
ssh -o "StrictHostKeyChecking=no" localhost echo "SSH connection succeeded"
+50 -25
View File
@@ -5,34 +5,51 @@ import os
import stat
import time
from os.path import join as pjoin
from contextlib import contextmanager
basename = pjoin(os.path.dirname(__file__), '..')
basename = pjoin(os.path.dirname(__file__), "..")
def wait_for_mount(mount_process, mnt_dir,
test_fn=os.path.ismount):
def os_create(name):
os.close(os.open(name, os.O_CREAT | os.O_RDWR))
@contextmanager
def os_open(name, flags):
fd = os.open(name, flags)
try:
yield fd
finally:
os.close(fd)
def wait_for_mount(mount_process, mnt_dir, test_fn=os.path.ismount):
elapsed = 0
while elapsed < 30:
if test_fn(mnt_dir):
return True
if mount_process.poll() is not None:
pytest.fail('file system process terminated prematurely')
pytest.fail("file system process terminated prematurely")
time.sleep(0.1)
elapsed += 0.1
pytest.fail("mountpoint failed to come up")
def cleanup(mount_process, mnt_dir):
subprocess.call(['fusermount', '-z', '-u', mnt_dir],
stdout=subprocess.DEVNULL,
stderr=subprocess.STDOUT)
subprocess.call(
["fusermount", "-z", "-u", mnt_dir],
stdout=subprocess.DEVNULL,
stderr=subprocess.STDOUT,
)
mount_process.terminate()
try:
mount_process.wait(1)
except subprocess.TimeoutExpired:
mount_process.kill()
def umount(mount_process, mnt_dir):
subprocess.check_call(['fusermount3', '-z', '-u', mnt_dir ])
subprocess.check_call(["fusermount3", "-z", "-u", mnt_dir])
assert not os.path.ismount(mnt_dir)
# Give mount process a little while to terminate. Popen.wait(timeout)
@@ -43,18 +60,19 @@ def umount(mount_process, mnt_dir):
if code is not None:
if code == 0:
return
pytest.fail('file system process terminated with code %s' % (code,))
pytest.fail(f"file system process terminated with code {code}")
time.sleep(0.1)
elapsed += 0.1
pytest.fail('mount process did not terminate')
pytest.fail("mount process did not terminate")
def safe_sleep(secs):
'''Like time.sleep(), but sleep for at least *secs*
"""Like time.sleep(), but sleep for at least *secs*
`time.sleep` may sleep less than the given period if a signal is
received. This function ensures that we sleep for at least the
desired time.
'''
"""
now = time.time()
end = now + secs
@@ -62,24 +80,27 @@ def safe_sleep(secs):
time.sleep(end - now)
now = time.time()
def fuse_test_marker():
'''Return a pytest.marker that indicates FUSE availability
"""Return a pytest.marker that indicates FUSE availability
If system/user/environment does not support FUSE, return
a `pytest.mark.skip` object with more details. If FUSE is
supported, return `pytest.mark.uses_fuse()`.
'''
"""
skip = lambda x: pytest.mark.skip(reason=x)
def skip(reason: str):
return pytest.mark.skip(reason=reason)
with subprocess.Popen(['which', 'fusermount'], stdout=subprocess.PIPE,
universal_newlines=True) as which:
with subprocess.Popen(
["which", "fusermount"], stdout=subprocess.PIPE, universal_newlines=True
) as which:
fusermount_path = which.communicate()[0].strip()
if not fusermount_path or which.returncode != 0:
return skip("Can't find fusermount executable")
if not os.path.exists('/dev/fuse'):
if not os.path.exists("/dev/fuse"):
return skip("FUSE kernel module does not seem to be loaded")
if os.getuid() == 0:
@@ -87,20 +108,24 @@ def fuse_test_marker():
mode = os.stat(fusermount_path).st_mode
if mode & stat.S_ISUID == 0:
return skip('fusermount executable not setuid, and we are not root.')
return skip("fusermount executable not setuid, and we are not root.")
try:
fd = os.open('/dev/fuse', os.O_RDWR)
fd = os.open("/dev/fuse", os.O_RDWR)
except OSError as exc:
return skip('Unable to open /dev/fuse: %s' % exc.strerror)
return skip(f"Unable to open /dev/fuse: {exc.strerror}")
else:
os.close(fd)
return pytest.mark.uses_fuse()
# Use valgrind if requested
if os.environ.get('TEST_WITH_VALGRIND', 'no').lower().strip() \
not in ('no', 'false', '0'):
base_cmdline = [ 'valgrind', '-q', '--' ]
if os.environ.get("TEST_WITH_VALGRIND", "no").lower().strip() not in (
"no",
"false",
"0",
):
base_cmdline = ["valgrind", "-q", "--"]
else:
base_cmdline = []