EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Can I upload a file without the 'Truncate' flag?

Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.
#11780
Posted: 11/23/2009 05:54:49
by Tom Marshall (Basic support level)
Joined: 11/13/2009
Posts: 11

Hi,

I am trying to upload a file to a client server. However, they have some very strict security rules that secureBlackbox is having trouble complying with. Every other SFTP client I have tried works fine ( PuTTY, FileZilla, WinSCP..).

It seems that they may be rejecting the 'open' command that is initiated as part of the secureBlackbox 'uploadStream' funtion. They do not allow our user to overwrite files, and the open command being sent by secureBlackbox has a flag of 'truncate' and an SSH_FILEXFER_ATTR_PERMISSIONS value of 0666, which means full read/write access.

I have tried changing the transfer method on the upload Stream command to be ftmSkip instead of ftmOverwrite, but this does not actually change the open command (still includes 'truncate' and 0666). It just seems to add an extra 'stat' command first to check if the specfied file exists or not.

Is there a way of suppressing the truncate flag, or altering the SSH_FILEXFER_ATTR_PERMISSIONS attribute secureBlackbox is using when sending files?

Many Thanks,
Tom
#11784
Posted: 11/23/2009 06:22:15
by Ken Ivanov (EldoS Corp.)

Thank you for contacting us.

Unfortunately, there is no way to suppress the Truncate flag at the moment. We will implement means for doing this in the future build update.

Regarding the permissions -- SBB does not request them at all, forcing the server to create the file under the default permissions. So the 0666 value is chosen by the server and is unlikely to be the reason for the problem.
#11785
Posted: 11/23/2009 06:23:04
by Eugene Mayevski (EldoS Corp.)

First of all, you can call OpenFile yourself with the needed flag, then use WriteFile and CloseHandle to write the data. This is what the component does behind the scene.

If you use AppendToEnd or Resume mode, Truncate flag is removed, but you need to ensure that the file doesn't exist or has zero length before using these modes. You can delete the file if it exists.


Sincerely yours
Eugene Mayevski
#11820
Posted: 11/27/2009 04:31:26
by Tom Marshall (Basic support level)
Joined: 11/13/2009
Posts: 11

Thanks Eugene,

I have followed your advice and re-created the uploadStream method manually.

We now perform the open command with just 'fmWrite' and 'fmCreate', which removes the truncate flag resulting in:

Code
Nov 26 10:25:21 gbintp02 internal-sftp[6344]: open "UAR_AFA_20091104_In.csv" flags WRITE,CREATE mode 0666


However, this command is still being rejected by the sftp proxy we are connecting to. After asking the proxy admin, we got the following response:

Quote

Regarding these file transfers, it looks like commands SSH_FXP_OPEN or SSH_FXP_STAT are from a different version than SFTP V3.

It confirms my first hypothesis on the issue. Whatever configuration your client uses, it looks like your version settings (switched from V6 to V3) do not cover every part of your process. Please, could you have a look in your sftp client and see if there is no other parameters you have to update when forcing SFTP V3?


At the moment, we are forcing v3 with the following:

Code
supportedVersions := [sbSFTP3];
FClient.Versions :=   supportedVersions;


Have you got any suggestions as to other things we could try?

Many Thanks,
Tom
#11822
Posted: 11/27/2009 05:11:20
by Eugene Mayevski (EldoS Corp.)

I would rather say that their SFTP proxy is not exactly standard-compliant in version 3, because version 3 is the most widely used one and SecureBlackbox has no problems transferring data using this version (the only problems that appear, are related to buffer size and use of pipelining, but both are solvable).

BTW it can be that you need to change buffer sizes too. BTW you can set AutoAdjustBufferSize to false, set pipelining to 1, AND also change SftpBufferSize (decrease it's value by 50%, for example) and UploadBlockSize.

Also (forgive me if I asked already, but there are many similar questions regarding SFTP so things are mixed up in memory), is it possible for us to have some test access to this server (if you have a contact with proxy admin, maybe we can arrange this in some way)?
If no, is it possible for us to get a copy of this proxy for testing?


Sincerely yours
Eugene Mayevski
#11824
Posted: 11/27/2009 05:29:04
by Tom Marshall (Basic support level)
Joined: 11/13/2009
Posts: 11

This appears to be failing on the 'OpenFile' command, which comes before the 'Write' commands. Therefore, wouldn't the UploadBlockSize be irrelavant? We are manually writing the file using the 'Write' command in chunks of 1024 bytes.

However, I can try these changes though if you feel it would be worthwile?

Unfortunalty, due to out client's security policy, we do not have access to their SFTP server, or Proxy. We need to request any information we require from their end specifically.

Furthemore, they will not divulge what type of proxy they are using, so we can not even create a test instance.
#11826
Posted: 11/27/2009 05:46:14
by Eugene Mayevski (EldoS Corp.)

Quote
Tom Marshall wrote:
This appears to be failing on the 'OpenFile' command, which comes before the 'Write' commands. Therefore, wouldn't the UploadBlockSize be irrelavant? We are manually writing the file using the 'Write' command in chunks of 1024 bytes.


You are right, if it fails during Open, this has nothing to do with buffer sizes. This was just a guess. Unfortunately I don't see what we can do in this situation - we would spend weeks trying to guess what kind of incompatibility their unknown proxy has.


Sincerely yours
Eugene Mayevski
#11835
Posted: 11/27/2009 08:44:22
by Ken Ivanov (EldoS Corp.)

BTW -- just a guess -- can you please re-check that you are passing the right file path (either relative or absolute) to the OpenFile/UploadStream method? The easiest way to check this is to try to upload the file using the SimpleSFTPDemo sample.
Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages

Reply

Statistics

Topic viewed 3795 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!