Koji Kawamura created NIFI-4040:
-----------------------------------

             Summary: ListSFTP fails to retrieve user home directory for 
certain user accounts
                 Key: NIFI-4040
                 URL: https://issues.apache.org/jira/browse/NIFI-4040
             Project: Apache NiFi
          Issue Type: Bug
          Components: Extensions
            Reporter: Koji Kawamura
            Assignee: Koji Kawamura


For some reason, when ListSFTP tries to get users home directory using 
com.jcraft.jsch.ChannelSftp.getHome() method, it fails with following error 
with certain user accounts:

{code}
2017-04-05 11:33:37,645 ERROR [Timer-Driven Process Thread-20] 
o.a.nifi.processors.standard.ListSFTP 
java.io.IOException: Failed to obtain connection to remote host due to 2: File 
not found 
at 
org.apache.nifi.processors.standard.util.SFTPTransfer.getChannel(SFTPTransfer.java:447)
...
Caused by: com.jcraft.jsch.SftpException: File not found 
at com.jcraft.jsch.ChannelSftp.throwStatusError(ChannelSftp.java:2873) 
~[jsch-0.1.54.jar:na] 
at com.jcraft.jsch.ChannelSftp._realpath(ChannelSftp.java:2367) 
~[jsch-0.1.54.jar:na] 
at com.jcraft.jsch.ChannelSftp.getHome(ChannelSftp.java:2437) 
~[jsch-0.1.54.jar:na] 
at 
org.apache.nifi.processors.standard.util.SFTPTransfer.getChannel(SFTPTransfer.java:443)
 ~[nifi-standard-processors-1.1.0.2.1.1.0-2.jar:1.1.0.2.1.1.0-2] 
{code}

This happens when the library sends SSH_FXP_REALPATH(16) with an empty string. 
Server returned SSH_FXP_STATUS(101). According [SSH File Transfer 
Protocol|https://tools.ietf.org/id/draft-ietf-secsh-filexfer-13.txt] 
specification, 101 means:

{quote}
The server MUST respond with SSH_FXP_STATUS(SSH_FX_OP_UNSUPPORTED) if it 
receives a packet it does not recognize.
{quote}

So, it indicates that client library sends a request packet that the server 
didn't understand. Since this error happens with certain user account, based on 
their home directly, there might be a combination that causes this issue.

Although those user accounts fail with getHome method, they can list files if 
we don't call getHome(). (Confirmed by commenting out the getHome call)

The home directory is used to address a relative 'Remote Path' to a full path 
by PutSFTP and PutFTP. The fullpath is only used for 'Transit URI' for their 
SEND provenance event.

Summary:
* There is no way to alter getHome method behavior from NiFi code base
* Without getHome those user accounts can list the problematic FTP server
* The value retrieved by getHome is only used for provenance event and it works 
without it

>From above observations, I propose to wrap getHome call with try/catch clause, 
>and if it fails just log some message then continue.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to