docs/libcurl/opts/CURLOPT_SSH_KEYFUNCTION.3 - platform/external/curl - Git at Google

 .\" **************************************************************************
 .\" *                                  _   _ ____  _
 .\" *  Project                     ___| | | |  _ \| |
 .\" *                             / __| | | | |_) | |
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
 .\" * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
 .\" * are also available at https://curl.se/docs/copyright.html.
 .\" *
 .\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 .\" * copies of the Software, and permit persons to whom the Software is
 .\" * furnished to do so, under the terms of the COPYING file.
 .\" *
 .\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
 .\" * KIND, either express or implied.
 .\" *
 .\" **************************************************************************
 .\"
 .TH CURLOPT_SSH_KEYFUNCTION 3 "November 04, 2020" "libcurl 7.78.0" "curl_easy_setopt options"

 .SH NAME
 CURLOPT_SSH_KEYFUNCTION \- callback for known host matching logic
 .SH SYNOPSIS
 .nf
 #include <curl/curl.h>

 enum curl_khstat {
   CURLKHSTAT_FINE_ADD_TO_FILE,
   CURLKHSTAT_FINE,
   CURLKHSTAT_REJECT, /* reject the connection, return an error */
   CURLKHSTAT_DEFER,  /* do not accept it, but we can't answer right
                         now so this causes a CURLE_DEFER error but
                         otherwise the connection will be left intact
                         etc */
   CURLKHSTAT_FINE_REPLACE
 };

 enum curl_khmatch {
   CURLKHMATCH_OK,       /* match */
   CURLKHMATCH_MISMATCH, /* host found, key mismatch! */
   CURLKHMATCH_MISSING,  /* no matching host/key found */
 };

 struct curl_khkey {
   const char *key; /* points to a null-terminated string encoded with
                       base64 if len is zero, otherwise to the "raw"
                       data */
   size_t len;
   enum curl_khtype keytype;
 };

 int ssh_keycallback(CURL *easy,
                     const struct curl_khkey *knownkey,
                     const struct curl_khkey *foundkey,
                     enum curl_khmatch,
                     void *clientp);

 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSH_KEYFUNCTION,
                           ssh_keycallback);
 .SH DESCRIPTION
 Pass a pointer to your callback function, which should match the prototype
 shown above.

 It gets called when the known_host matching has been done, to allow the
 application to act and decide for libcurl how to proceed. The callback will
 only be called if \fICURLOPT_SSH_KNOWNHOSTS(3)\fP is also set.

 This callback function gets passed the CURL handle, the key from the
 known_hosts file \fIknownkey\fP, the key from the remote site \fIfoundkey\fP,
 info from libcurl on the matching status and a custom pointer (set with
 \fICURLOPT_SSH_KEYDATA(3)\fP). It MUST return one of the following return
 codes to tell libcurl how to act:
 .IP CURLKHSTAT_FINE_REPLACE
 The new host+key is accepted and libcurl will replace the old host+key into
 the known_hosts file before continuing with the connection.  This will also
 add the new host+key combo to the known_host pool kept in memory if it wasn't
 already present there. The adding of data to the file is done by completely
 replacing the file with a new copy, so the permissions of the file must allow
 this. (Added in 7.73.0)
 .IP CURLKHSTAT_FINE_ADD_TO_FILE
 The host+key is accepted and libcurl will append it to the known_hosts file
 before continuing with the connection. This will also add the host+key combo
 to the known_host pool kept in memory if it wasn't already present there. The
 adding of data to the file is done by completely replacing the file with a new
 copy, so the permissions of the file must allow this.
 .IP CURLKHSTAT_FINE
 The host+key is accepted libcurl will continue with the connection. This will
 also add the host+key combo to the known_host pool kept in memory if it wasn't
 already present there.
 .IP CURLKHSTAT_REJECT
 The host+key is rejected. libcurl will deny the connection to continue and it
 will be closed.
 .IP CURLKHSTAT_DEFER
 The host+key is rejected, but the SSH connection is asked to be kept alive.
 This feature could be used when the app wants to somehow return back and act
 on the host+key situation and then retry without needing the overhead of
 setting it up from scratch again.
 .SH DEFAULT
 NULL
 .SH PROTOCOLS
 SFTP and SCP
 .SH EXAMPLE
 .nf
 static int keycb(CURL *easy,
                  const struct curl_khkey *knownkey,
                  const struct curl_khkey *foundkey,
                  enum curl_khmatch,
                  void *clientp)
 {
   /* 'clientp' points to the callback_data struct */
   /* investigate the situation and return the correct value */
   return CURLKHSTAT_FINE_ADD_TO_FILE;
 }
 {
   curl_easy_setopt(curl, CURLOPT_URL, "sftp://example.com/thisfile.txt");
   curl_easy_setopt(curl, CURLOPT_SSH_KEYFUNCTION, keycb);
   curl_easy_setopt(curl, CURLOPT_SSH_KEYDATA, &callback_data);
   curl_easy_setopt(curl, CURLOPT_SSH_KNOWNHOSTS, "/home/user/known_hosts");

   curl_easy_perform(curl);
 }
 .fi
 .SH AVAILABILITY
 Added in 7.19.6
 .SH RETURN VALUE
 Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.
 .SH "SEE ALSO"
 .BR CURLOPT_SSH_KEYDATA "(3), " CURLOPT_SSH_KNOWNHOSTS "(3), "
	.\" **************************************************************************
	.\" * _ _ ____ _
	.\" * Project ___\| \| \| \| _ \\| \|
	.\" * / __\| \| \| \| \|_) \| \|
	.\" * \| (__\| \|_\| \| _ <\| \|___
	.\" * \___\|\___/\|_\| \_\_____\|
	.\" *
	.\" * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
	.\" *
	.\" * This software is licensed as described in the file COPYING, which
	.\" * you should have received as part of this distribution. The terms
	.\" * are also available at https://curl.se/docs/copyright.html.
	.\" *
	.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell
	.\" * copies of the Software, and permit persons to whom the Software is
	.\" * furnished to do so, under the terms of the COPYING file.
	.\" *
	.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
	.\" * KIND, either express or implied.
	.\" *
	.\" **************************************************************************
	.\"
	.TH CURLOPT_SSH_KEYFUNCTION 3 "November 04, 2020" "libcurl 7.78.0" "curl_easy_setopt options"

	.SH NAME
	CURLOPT_SSH_KEYFUNCTION \- callback for known host matching logic
	.SH SYNOPSIS
	.nf
	#include <curl/curl.h>

	enum curl_khstat {
	CURLKHSTAT_FINE_ADD_TO_FILE,
	CURLKHSTAT_FINE,
	CURLKHSTAT_REJECT, /* reject the connection, return an error */
	CURLKHSTAT_DEFER, /* do not accept it, but we can't answer right
	now so this causes a CURLE_DEFER error but
	otherwise the connection will be left intact
	etc */
	CURLKHSTAT_FINE_REPLACE
	};

	enum curl_khmatch {
	CURLKHMATCH_OK, /* match */
	CURLKHMATCH_MISMATCH, /* host found, key mismatch! */
	CURLKHMATCH_MISSING, /* no matching host/key found */
	};

	struct curl_khkey {
	const char key; / points to a null-terminated string encoded with
	base64 if len is zero, otherwise to the "raw"
	data */
	size_t len;
	enum curl_khtype keytype;
	};

	int ssh_keycallback(CURL *easy,
	const struct curl_khkey *knownkey,
	const struct curl_khkey *foundkey,
	enum curl_khmatch,
	void *clientp);

	CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSH_KEYFUNCTION,
	ssh_keycallback);
	.SH DESCRIPTION
	Pass a pointer to your callback function, which should match the prototype
	shown above.

	It gets called when the known_host matching has been done, to allow the
	application to act and decide for libcurl how to proceed. The callback will
	only be called if \fICURLOPT_SSH_KNOWNHOSTS(3)\fP is also set.

	This callback function gets passed the CURL handle, the key from the
	known_hosts file \fIknownkey\fP, the key from the remote site \fIfoundkey\fP,
	info from libcurl on the matching status and a custom pointer (set with
	\fICURLOPT_SSH_KEYDATA(3)\fP). It MUST return one of the following return
	codes to tell libcurl how to act:
	.IP CURLKHSTAT_FINE_REPLACE
	The new host+key is accepted and libcurl will replace the old host+key into
	the known_hosts file before continuing with the connection. This will also
	add the new host+key combo to the known_host pool kept in memory if it wasn't
	already present there. The adding of data to the file is done by completely
	replacing the file with a new copy, so the permissions of the file must allow
	this. (Added in 7.73.0)
	.IP CURLKHSTAT_FINE_ADD_TO_FILE
	The host+key is accepted and libcurl will append it to the known_hosts file
	before continuing with the connection. This will also add the host+key combo
	to the known_host pool kept in memory if it wasn't already present there. The
	adding of data to the file is done by completely replacing the file with a new
	copy, so the permissions of the file must allow this.
	.IP CURLKHSTAT_FINE
	The host+key is accepted libcurl will continue with the connection. This will
	also add the host+key combo to the known_host pool kept in memory if it wasn't
	already present there.
	.IP CURLKHSTAT_REJECT
	The host+key is rejected. libcurl will deny the connection to continue and it
	will be closed.
	.IP CURLKHSTAT_DEFER
	The host+key is rejected, but the SSH connection is asked to be kept alive.
	This feature could be used when the app wants to somehow return back and act
	on the host+key situation and then retry without needing the overhead of
	setting it up from scratch again.
	.SH DEFAULT
	NULL
	.SH PROTOCOLS
	SFTP and SCP
	.SH EXAMPLE
	.nf
	static int keycb(CURL *easy,
	const struct curl_khkey *knownkey,
	const struct curl_khkey *foundkey,
	enum curl_khmatch,
	void *clientp)
	{
	/* 'clientp' points to the callback_data struct */
	/* investigate the situation and return the correct value */
	return CURLKHSTAT_FINE_ADD_TO_FILE;
	}
	{
	curl_easy_setopt(curl, CURLOPT_URL, "sftp://example.com/thisfile.txt");
	curl_easy_setopt(curl, CURLOPT_SSH_KEYFUNCTION, keycb);
	curl_easy_setopt(curl, CURLOPT_SSH_KEYDATA, &callback_data);
	curl_easy_setopt(curl, CURLOPT_SSH_KNOWNHOSTS, "/home/user/known_hosts");

	curl_easy_perform(curl);
	}
	.fi
	.SH AVAILABILITY
	Added in 7.19.6
	.SH RETURN VALUE
	Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.
	.SH "SEE ALSO"
	.BR CURLOPT_SSH_KEYDATA "(3), " CURLOPT_SSH_KNOWNHOSTS "(3), "