beenull/sftpgo-mirror
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2024-11-22 07:30:25 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
sftpgo-mirror/sftpd/sftpd_test.go

5445 lines
172 KiB
Go
Raw Normal View History

first version
2019-07-20 10:26:52 +00:00
package sftpd_test
import (
sftpd test: add a debug log The git push test sometime fails when running on travis. The issue cannot be replicated locally so print the logs to try to understand what is happening
2019-12-29 22:27:32 +00:00
"bufio"
sftpd: add support for upload resume we support resume only if the client sets the correct offset while resuming the upload. Based on the specs the offset is optional for resume, but all the tested clients sets a right offset. If an invalid offset is given we interrupt the transfer with the error "Invalid write offset ..." See https://github.com/pkg/sftp/issues/295 This commit add a new upload mode: "atomic with resume support", this acts as atomic but if there is an upload error the temporary file is renamed to the requested path and not deleted, this way a client can reconnect and resume the upload
2019-10-09 15:33:30 +00:00
"bytes"
first version
2019-07-20 10:26:52 +00:00
"crypto/rand"
sftpd: add support for upload resume we support resume only if the client sets the correct offset while resuming the upload. Based on the specs the offset is optional for resume, but all the tested clients sets a right offset. If an invalid offset is given we interrupt the transfer with the error "Invalid write offset ..." See https://github.com/pkg/sftp/issues/295 This commit add a new upload mode: "atomic with resume support", this acts as atomic but if there is an upload error the temporary file is renamed to the requested path and not deleted, this way a client can reconnect and resume the upload
2019-10-09 15:33:30 +00:00
"crypto/sha256"
sftpd: add support for some SSH commands md5sum, sha1sum are used by rclone. cd, pwd improve the support for RemoteFiles mobile app. These commands are all implemented inside SFTPGo so they work even if the matching system commands are not available, for example on Windows
2019-11-18 22:30:37 +00:00
"crypto/sha512"
add support for authentication using external programs Fixes #62
2020-01-06 20:42:41 +00:00
"encoding/json"
first version
2019-07-20 10:26:52 +00:00
"fmt"
sftpd: add support for some SSH commands md5sum, sha1sum are used by rclone. cd, pwd improve the support for RemoteFiles mobile app. These commands are all implemented inside SFTPGo so they work even if the matching system commands are not available, for example on Windows
2019-11-18 22:30:37 +00:00
"hash"
first version
2019-07-20 10:26:52 +00:00
"io"
"io/ioutil"
sftpd: add support for chtimes This improve rclone compatibility
2019-11-16 09:23:41 +00:00
"math"
first version
2019-07-20 10:26:52 +00:00
"net"
"net/http"
"os"
add SCP support SCP is an experimental feature, we have our own SCP implementation since we can't rely on scp system command to proper handle permissions, quota and user's home dir restrictions. The SCP protocol is quite simple but there is no official docs about it, so we need more testing and feedbacks before enabling it by default. We may not handle some borderline cases or have sneaky bugs. This commit contains some breaking changes to the REST API. SFTPGo API should be stable now and I hope no more breaking changes before the first stable release.
2019-08-24 12:41:15 +00:00
"os/exec"
"path"
first version
2019-07-20 10:26:52 +00:00
"path/filepath"
"runtime"
sftpd: add support for chmod/chown added matching permissions too and a new setting "setstat_mode". Setting setstat_mode to 1 you can keep the previous behaviour that silently ignore setstat requests
2019-11-15 11:15:07 +00:00
"strings"
first version
2019-07-20 10:26:52 +00:00
"testing"
Improve test cases and logging
2019-07-26 09:34:44 +00:00
"time"
_ "github.com/go-sql-driver/mysql"
_ "github.com/lib/pq"
_ "github.com/mattn/go-sqlite3"
first version
2019-07-20 10:26:52 +00:00
"golang.org/x/crypto/ssh"
Improve test cases and logging
2019-07-26 09:34:44 +00:00
"github.com/drakkan/sftpgo/config"
first version
2019-07-20 10:26:52 +00:00
"github.com/drakkan/sftpgo/dataprovider"
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
"github.com/drakkan/sftpgo/httpd"
Improve test cases and logging
2019-07-26 09:34:44 +00:00
"github.com/drakkan/sftpgo/logger"
"github.com/drakkan/sftpgo/sftpd"
dataprovider: add support for user status and expiration an user can now be disabled or expired. If you are using an SQL database as dataprovider please remember to execute the sql update script inside "sql" folder. Fixes #57
2019-11-13 10:36:21 +00:00
"github.com/drakkan/sftpgo/utils"
add basic S3-Compatible Object Storage support we have now an interface for filesystem backeds, this make easy to add new filesystem backends
2020-01-19 06:41:05 +00:00
"github.com/drakkan/sftpgo/vfs"
first version
2019-07-20 10:26:52 +00:00
"github.com/pkg/sftp"
Improve test cases and logging
2019-07-26 09:34:44 +00:00
"github.com/rs/zerolog"
first version
2019-07-20 10:26:52 +00:00
)
const (
Add documentation and tests for multiple public keys support
2019-07-31 15:06:12 +00:00
logSender = "sftpdTesting"
sftpServerAddr = "127.0.0.1:2022"
defaultUsername = "test_user_sftp"
defaultPassword = "test_password"
testPubKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC03jj0D+djk7pxIf/0OhrxrchJTRZklofJ1NoIu4752Sq02mdXmarMVsqJ1cAjV5LBVy3D1F5U6XW4rppkXeVtd04Pxb09ehtH0pRRPaoHHlALiJt8CoMpbKYMA8b3KXPPriGxgGomvtU2T2RMURSwOZbMtpsugfjYSWenyYX+VORYhylWnSXL961LTyC21ehd6d6QnW9G7E5hYMITMY9TuQZz3bROYzXiTsgN0+g6Hn7exFQp50p45StUMfV/SftCMdCxlxuyGny2CrN/vfjO7xxOo2uv7q1qm10Q46KPWJQv+pgZ/OfL+EDjy07n5QVSKHlbx+2nT4Q0EgOSQaCTYwn3YjtABfIxWwgAFdyj6YlPulCL22qU4MYhDcA6PSBwDdf8hvxBfvsiHdM+JcSHvv8/VeJhk6CmnZxGY0fxBupov27z3yEO8nAg8k+6PaUiW1MSUfuGMF/ktB8LOstXsEPXSszuyXiOv4DaryOXUiSn7bmRqKcEFlJusO6aZP0= nicola@p1"
testPubKey1 = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCd60+/j+y8f0tLftihWV1YN9RSahMI9btQMDIMqts/jeNbD8jgoogM3nhF7KxfcaMKURuD47KC4Ey6iAJUJ0sWkSNNxOcIYuvA+5MlspfZDsa8Ag76Fe1vyz72WeHMHMeh/hwFo2TeIeIXg480T1VI6mzfDrVp2GzUx0SS0dMsQBjftXkuVR8YOiOwMCAH2a//M1OrvV7d/NBk6kBN0WnuIBb2jKm15PAA7+jQQG7tzwk2HedNH3jeL5GH31xkSRwlBczRK0xsCQXehAlx6cT/e/s44iJcJTHfpPKoSk6UAhPJYe7Z1QnuoawY9P9jQaxpyeImBZxxUEowhjpj2avBxKdRGBVK8R7EL8tSOeLbhdyWe5Mwc1+foEbq9Zz5j5Kd+hn3Wm1UnsGCrXUUUoZp1jnlNl0NakCto+5KmqnT9cHxaY+ix2RLUWAZyVFlRq71OYux1UHJnEJPiEI1/tr4jFBSL46qhQZv/TfpkfVW8FLz0lErfqu0gQEZnNHr3Fc= nicola@p1"
testPrivateKey = `-----BEGIN OPENSSH PRIVATE KEY-----
first version
2019-07-20 10:26:52 +00:00
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
NhAAAAAwEAAQAAAYEAtN449A/nY5O6cSH/9Doa8a3ISU0WZJaHydTaCLuO+dkqtNpnV5mq
zFbKidXAI1eSwVctw9ReVOl1uK6aZF3lbXdOD8W9PXobR9KUUT2qBx5QC4ibfAqDKWymDA
PG9ylzz64hsYBqJr7VNk9kTFEUsDmWzLabLoH42Elnp8mF/lTkWIcpVp0ly/etS08gttXo
XenekJ1vRuxOYWDCEzGPU7kGc920TmM14k7IDdPoOh5+3sRUKedKeOUrVDH1f0n7QjHQsZ
cbshp8tgqzf734zu8cTqNrr+6taptdEOOij1iUL/qYGfzny/hA48tO5+UFUih5W8ftp0+E
NBIDkkGgk2MJ92I7QAXyMVsIABXco+mJT7pQi9tqlODGIQ3AOj0gcA3X/Ib8QX77Ih3TPi
XEh77/P1XiYZOgpp2cRmNH8QbqaL9u898hDvJwIPJPuj2lIltTElH7hjBf5LQfCzrLV7BD
10rM7sl4jr+A2q8jl1Ikp+25kainBBZSbrDummT9AAAFgDU/VLk1P1S5AAAAB3NzaC1yc2
EAAAGBALTeOPQP52OTunEh//Q6GvGtyElNFmSWh8nU2gi7jvnZKrTaZ1eZqsxWyonVwCNX
ksFXLcPUXlTpdbiummRd5W13Tg/FvT16G0fSlFE9qgceUAuIm3wKgylspgwDxvcpc8+uIb
GAaia+1TZPZExRFLA5lsy2my6B+NhJZ6fJhf5U5FiHKVadJcv3rUtPILbV6F3p3pCdb0bs
TmFgwhMxj1O5BnPdtE5jNeJOyA3T6Doeft7EVCnnSnjlK1Qx9X9J+0Ix0LGXG7IafLYKs3
+9+M7vHE6ja6/urWqbXRDjoo9YlC/6mBn858v4QOPLTuflBVIoeVvH7adPhDQSA5JBoJNj
CfdiO0AF8jFbCAAV3KPpiU+6UIvbapTgxiENwDo9IHAN1/yG/EF++yId0z4lxIe+/z9V4m
GToKadnEZjR/EG6mi/bvPfIQ7ycCDyT7o9pSJbUxJR+4YwX+S0Hws6y1ewQ9dKzO7JeI6/
gNqvI5dSJKftuZGopwQWUm6w7ppk/QAAAAMBAAEAAAGAHKnC+Nq0XtGAkIFE4N18e6SAwy
0WSWaZqmCzFQM0S2AhJnweOIG/0ZZHjsRzKKauOTmppQk40dgVsejpytIek9R+aH172gxJ
2n4Cx0UwduRU5x8FFQlNc/kl722B0JWfJuB/snOZXv6LJ4o5aObIkozt2w9tVFeAqjYn2S
1UsNOfRHBXGsTYwpRDwFWP56nKo2d2wBBTHDhCy6fb2dLW1fvSi/YspueOGIlHpvlYKi2/
CWqvs9xVrwcScMtiDoQYq0khhO0efLCxvg/o+W9CLMVM2ms4G1zoSUQKN0oYWWQJyW4+VI
YneWO8UpN0J3ElXKi7bhgAat7dBaM1g9IrAzk153DiEFZNsPxGOgL/+YdQN7zUBx/z7EkI
jyv80RV7fpUXvcq2p+qNl6UVig3VSzRrnsaJkUWu/A0u59ha7ocv6NxDIXjxpIDJme16GF
quiGVBQNnYJymS/vFEbGf6bgf7iRmMCRUMG4nqLA6fPYP9uAtch+CmDfVLZC/fIdC5AAAA
wQCDissV4zH6bfqgxJSuYNk8Vbb+19cF3b7gH1rVlB3zxpCAgcRgMHC+dP1z2NRx7UW9MR
nye6kjpkzZZ0OigLqo7TtEq8uTglD9o6W7mRXqhy5A/ySOmqPL3ernHHQhGuoNODYAHkOU
u2Rh8HXi+VLwKZcLInPOYJvcuLG4DxN8WfeVvlMHwhAOaTNNOtL4XZDHQeIPc4qHmJymmv
sV7GuyQ6yW5C10uoGdxRPd90Bh4z4h2bKfZFjvEBbSBVkqrlAAAADBAN/zNtNayd/dX7Cr
Nb4sZuzCh+CW4BH8GOePZWNCATwBbNXBVb5cR+dmuTqYm+Ekz0VxVQRA1TvKncluJOQpoa
Xj8r0xdIgqkehnfDPMKtYVor06B9Fl1jrXtXU0Vrr6QcBWruSVyK1ZxqcmcNK/+KolVepe
A6vcl/iKaG4U7su166nxLST06M2EgcSVsFJHpKn5+WAXC+X0Gx8kNjWIIb3GpiChdc0xZD
mq02xZthVJrTCVw/e7gfDoB2QRsNV8HwAAAMEAzsCghZVp+0YsYg9oOrw4tEqcbEXEMhwY
0jW8JNL8Spr1Ibp5Dw6bRSk5azARjmJtnMJhJ3oeHfF0eoISqcNuQXGndGQbVM9YzzAzc1
NbbCNsVroqKlChT5wyPNGS+phi2bPARBno7WSDvshTZ7dAVEP2c9MJW0XwoSevwKlhgSdt
RLFFQ/5nclJSdzPBOmQouC0OBcMFSrYtMeknJ4VvueVvve5HcHFaEsaMc7ABAGaLYaBQOm
iixITGvaNZh/tjAAAACW5pY29sYUBwMQE=
-----END OPENSSH PRIVATE KEY-----`
add new test cases
2019-07-31 12:11:44 +00:00
configDir = ".."
first version
2019-07-20 10:26:52 +00:00
)
var (
Support for HAProxy PROXY protocol you can proxy and/or load balance the SFTP/SCP service without losing the information about the client's address.
2020-02-27 08:21:30 +00:00
allPerms = []string{dataprovider.PermAny}
homeBasePath string
scpPath string
gitPath string
sshPath string
pubKeyPath string
privateKeyPath string
gitWrapPath string
extAuthPath string
keyIntAuthPath string
preLoginPath string
logFilePath string
first version
2019-07-20 10:26:52 +00:00
)
Improve test cases and logging
2019-07-26 09:34:44 +00:00
func TestMain(m *testing.M) {
sftpd test: add a debug log The git push test sometime fails when running on travis. The issue cannot be replicated locally so print the logs to try to understand what is happening
2019-12-29 22:27:32 +00:00
logFilePath = filepath.Join(configDir, "sftpgo_sftpd_test.log")
sftpd: add configuration options for allowed ciphers, MACs and KEX algorithms add support for login banner too Fixes #32
2019-09-03 10:08:09 +00:00
loginBannerFileName := "login_banner"
loginBannerFile := filepath.Join(configDir, loginBannerFileName)
ioutil.WriteFile(loginBannerFile, []byte("simple login banner\n"), 0777)
sftpd test: add a debug log The git push test sometime fails when running on travis. The issue cannot be replicated locally so print the logs to try to understand what is happening
2019-12-29 22:27:32 +00:00
logger.InitLogger(logFilePath, 5, 1, 28, false, zerolog.DebugLevel)
switch to viper for configuration and use cobra for cli
2019-08-07 20:46:13 +00:00
config.LoadConfig(configDir, "")
Improve test cases and logging
2019-07-26 09:34:44 +00:00
providerConf := config.GetProviderConf()
err := dataprovider.Initialize(providerConf, configDir)
if err != nil {
Add connectionID to as many entries as possible Signed-off-by: Jo Vandeginste <Jo.Vandeginste@kuleuven.be>
2019-09-05 14:21:35 +00:00
logger.Warn(logSender, "", "error initializing data provider: %v", err)
Improve test cases and logging
2019-07-26 09:34:44 +00:00
os.Exit(1)
}
dataProvider := dataprovider.GetProvider()
sftpdConf := config.GetSFTPDConfig()
httpdConf := config.GetHTTPDConfig()
add version info
2019-08-08 08:01:33 +00:00
sftpdConf.BindPort = 2022
sftpd: add configuration options for allowed ciphers, MACs and KEX algorithms add support for login banner too Fixes #32
2019-09-03 10:08:09 +00:00
sftpdConf.KexAlgorithms = []string{"curve25519-sha256@libssh.org", "ecdh-sha2-nistp256",
"ecdh-sha2-nistp384"}
sftpdConf.Ciphers = []string{"chacha20-poly1305@openssh.com", "aes128-gcm@openssh.com",
"aes256-ctr"}
sftpdConf.MACs = []string{"hmac-sha2-256-etm@openssh.com", "hmac-sha2-256"}
sftpdConf.LoginBannerFile = loginBannerFileName
sftpd: add support for some SSH commands md5sum, sha1sum are used by rclone. cd, pwd improve the support for RemoteFiles mobile app. These commands are all implemented inside SFTPGo so they work even if the matching system commands are not available, for example on Windows
2019-11-18 22:30:37 +00:00
// we need to test all supported ssh commands
sftpdConf.EnabledSSHCommands = []string{"*"}
sftpd: add support for upload resume we support resume only if the client sets the correct offset while resuming the upload. Based on the specs the offset is optional for resume, but all the tested clients sets a right offset. If an invalid offset is given we interrupt the transfer with the error "Invalid write offset ..." See https://github.com/pkg/sftp/issues/295 This commit add a new upload mode: "atomic with resume support", this acts as atomic but if there is an upload error the temporary file is renamed to the requested path and not deleted, this way a client can reconnect and resume the upload
2019-10-09 15:33:30 +00:00
// we run the test cases with UploadMode atomic and resume support. The non atomic code path
add support for atomic upload Atomic uploads are now configurable. The default upload mode remains non atomic
2019-08-04 07:37:58 +00:00
// simply does not execute some code so if it works in atomic mode will
// work in non atomic mode too
sftpd: add support for upload resume we support resume only if the client sets the correct offset while resuming the upload. Based on the specs the offset is optional for resume, but all the tested clients sets a right offset. If an invalid offset is given we interrupt the transfer with the error "Invalid write offset ..." See https://github.com/pkg/sftp/issues/295 This commit add a new upload mode: "atomic with resume support", this acts as atomic but if there is an upload error the temporary file is renamed to the requested path and not deleted, this way a client can reconnect and resume the upload
2019-10-09 15:33:30 +00:00
sftpdConf.UploadMode = 2
add backup/restore REST API
2019-12-27 22:12:44 +00:00
homeBasePath = os.TempDir()
add support for Git over SSH We use the system commands "git-receive-pack", "git-upload-pack" and "git-upload-archive". they need to be installed and in your system's PATH. Since we execute system commands we have no direct control on file creation/deletion and so quota check is suboptimal: if quota is enabled, the number of files is checked at the command begin and not while new files are created. The allowed size is calculated as the difference between the max quota and the used one. The command is aborted if it uploads more bytes than the remaining allowed size calculated at the command start. Quotas are recalculated at the command end with a full home directory scan, this could be heavy for big directories.
2019-11-26 21:26:42 +00:00
var scriptArgs string
add support for custom actions Configurable custom commands and/or HTTP notifications on SFTP upload, download, delete or rename
2019-07-27 07:38:09 +00:00
if runtime.GOOS == "windows" {
add support for Git over SSH We use the system commands "git-receive-pack", "git-upload-pack" and "git-upload-archive". they need to be installed and in your system's PATH. Since we execute system commands we have no direct control on file creation/deletion and so quota check is suboptimal: if quota is enabled, the number of files is checked at the command begin and not while new files are created. The allowed size is calculated as the difference between the max quota and the used one. The command is aborted if it uploads more bytes than the remaining allowed size calculated at the command start. Quotas are recalculated at the command end with a full home directory scan, this could be heavy for big directories.
2019-11-26 21:26:42 +00:00
scriptArgs = "%*"
add support for custom actions Configurable custom commands and/or HTTP notifications on SFTP upload, download, delete or rename
2019-07-27 07:38:09 +00:00
} else {
add support for Git over SSH We use the system commands "git-receive-pack", "git-upload-pack" and "git-upload-archive". they need to be installed and in your system's PATH. Since we execute system commands we have no direct control on file creation/deletion and so quota check is suboptimal: if quota is enabled, the number of files is checked at the command begin and not while new files are created. The allowed size is calculated as the difference between the max quota and the used one. The command is aborted if it uploads more bytes than the remaining allowed size calculated at the command start. Quotas are recalculated at the command end with a full home directory scan, this could be heavy for big directories.
2019-11-26 21:26:42 +00:00
sftpdConf.Actions.ExecuteOn = []string{"download", "upload", "rename", "delete", "ssh_cmd"}
add version info
2019-08-08 08:01:33 +00:00
sftpdConf.Actions.Command = "/usr/bin/true"
update deps and simplify some code
2020-01-31 22:26:56 +00:00
sftpdConf.Actions.HTTPNotificationURL = "http://127.0.0.1:8083/"
add support for Git over SSH We use the system commands "git-receive-pack", "git-upload-pack" and "git-upload-archive". they need to be installed and in your system's PATH. Since we execute system commands we have no direct control on file creation/deletion and so quota check is suboptimal: if quota is enabled, the number of files is checked at the command begin and not while new files are created. The allowed size is calculated as the difference between the max quota and the used one. The command is aborted if it uploads more bytes than the remaining allowed size calculated at the command start. Quotas are recalculated at the command end with a full home directory scan, this could be heavy for big directories.
2019-11-26 21:26:42 +00:00
scriptArgs = "$@"
add support for custom actions Configurable custom commands and/or HTTP notifications on SFTP upload, download, delete or rename
2019-07-27 07:38:09 +00:00
}
add support for keyboard interactive authentication Fixes #64
2020-01-21 09:54:05 +00:00
keyIntAuthPath = filepath.Join(homeBasePath, "keyintauth.sh")
ioutil.WriteFile(keyIntAuthPath, getKeyboardInteractiveScriptContent([]string{"1", "2"}, 0, false, 1), 0755)
add HTTP hooks external auth, pre-login user modification and keyboard interactive authentication is now supported via HTTP requests too
2020-04-01 21:25:23 +00:00
sftpdConf.KeyboardInteractiveHook = keyIntAuthPath
add support for Git over SSH We use the system commands "git-receive-pack", "git-upload-pack" and "git-upload-archive". they need to be installed and in your system's PATH. Since we execute system commands we have no direct control on file creation/deletion and so quota check is suboptimal: if quota is enabled, the number of files is checked at the command begin and not while new files are created. The allowed size is calculated as the difference between the max quota and the used one. The command is aborted if it uploads more bytes than the remaining allowed size calculated at the command start. Quotas are recalculated at the command end with a full home directory scan, this could be heavy for big directories.
2019-11-26 21:26:42 +00:00
scpPath, err = exec.LookPath("scp")
if err != nil {
logger.Warn(logSender, "", "unable to get scp command. SCP tests will be skipped, err: %v", err)
logger.WarnToConsole("unable to get scp command. SCP tests will be skipped, err: %v", err)
scpPath = ""
}
gitPath, err = exec.LookPath("git")
if err != nil {
logger.Warn(logSender, "", "unable to get git command. GIT tests will be skipped, err: %v", err)
logger.WarnToConsole("unable to get git command. GIT tests will be skipped, err: %v", err)
gitPath = ""
}
sshPath, err = exec.LookPath("ssh")
if err != nil {
logger.Warn(logSender, "", "unable to get ssh command. GIT tests will be skipped, err: %v", err)
logger.WarnToConsole("unable to get ssh command. GIT tests will be skipped, err: %v", err)
gitPath = ""
}
add SCP support SCP is an experimental feature, we have our own SCP implementation since we can't rely on scp system command to proper handle permissions, quota and user's home dir restrictions. The SCP protocol is quite simple but there is no official docs about it, so we need more testing and feedbacks before enabling it by default. We may not handle some borderline cases or have sneaky bugs. This commit contains some breaking changes to the REST API. SFTPGo API should be stable now and I hope no more breaking changes before the first stable release.
2019-08-24 12:41:15 +00:00
pubKeyPath = filepath.Join(homeBasePath, "ssh_key.pub")
privateKeyPath = filepath.Join(homeBasePath, "ssh_key")
add support for Git over SSH We use the system commands "git-receive-pack", "git-upload-pack" and "git-upload-archive". they need to be installed and in your system's PATH. Since we execute system commands we have no direct control on file creation/deletion and so quota check is suboptimal: if quota is enabled, the number of files is checked at the command begin and not while new files are created. The allowed size is calculated as the difference between the max quota and the used one. The command is aborted if it uploads more bytes than the remaining allowed size calculated at the command start. Quotas are recalculated at the command end with a full home directory scan, this could be heavy for big directories.
2019-11-26 21:26:42 +00:00
gitWrapPath = filepath.Join(homeBasePath, "gitwrap.sh")
add support for authentication using external programs Fixes #62
2020-01-06 20:42:41 +00:00
extAuthPath = filepath.Join(homeBasePath, "extauth.sh")
Rename before_login_program to pre_login_program and some documentation update
2020-02-25 15:07:38 +00:00
preLoginPath = filepath.Join(homeBasePath, "prelogin.sh")
add SCP support SCP is an experimental feature, we have our own SCP implementation since we can't rely on scp system command to proper handle permissions, quota and user's home dir restrictions. The SCP protocol is quite simple but there is no official docs about it, so we need more testing and feedbacks before enabling it by default. We may not handle some borderline cases or have sneaky bugs. This commit contains some breaking changes to the REST API. SFTPGo API should be stable now and I hope no more breaking changes before the first stable release.
2019-08-24 12:41:15 +00:00
err = ioutil.WriteFile(pubKeyPath, []byte(testPubKey+"\n"), 0600)
if err != nil {
logger.WarnToConsole("unable to save public key to file: %v", err)
}
err = ioutil.WriteFile(privateKeyPath, []byte(testPrivateKey+"\n"), 0600)
if err != nil {
logger.WarnToConsole("unable to save private key to file: %v", err)
}
add support for Git over SSH We use the system commands "git-receive-pack", "git-upload-pack" and "git-upload-archive". they need to be installed and in your system's PATH. Since we execute system commands we have no direct control on file creation/deletion and so quota check is suboptimal: if quota is enabled, the number of files is checked at the command begin and not while new files are created. The allowed size is calculated as the difference between the max quota and the used one. The command is aborted if it uploads more bytes than the remaining allowed size calculated at the command start. Quotas are recalculated at the command end with a full home directory scan, this could be heavy for big directories.
2019-11-26 21:26:42 +00:00
err = ioutil.WriteFile(gitWrapPath, []byte(fmt.Sprintf("%v -i %v -oStrictHostKeyChecking=no %v\n",
sshPath, privateKeyPath, scriptArgs)), 0755)
if err != nil {
logger.WarnToConsole("unable to save gitwrap shell script: %v", err)
}
Improve test cases and logging
2019-07-26 09:34:44 +00:00
sftpd.SetDataProvider(dataProvider)
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
httpd.SetDataProvider(dataProvider)
Improve test cases and logging
2019-07-26 09:34:44 +00:00
go func() {
Add connectionID to as many entries as possible Signed-off-by: Jo Vandeginste <Jo.Vandeginste@kuleuven.be>
2019-09-05 14:21:35 +00:00
logger.Debug(logSender, "", "initializing SFTP server with config %+v", sftpdConf)
Improve test cases and logging
2019-07-26 09:34:44 +00:00
if err := sftpdConf.Initialize(configDir); err != nil {
Add connectionID to as many entries as possible Signed-off-by: Jo Vandeginste <Jo.Vandeginste@kuleuven.be>
2019-09-05 14:21:35 +00:00
logger.Error(logSender, "", "could not start SFTP server: %v", err)
Improve test cases and logging
2019-07-26 09:34:44 +00:00
}
}()
go func() {
add profiler support profiling is now available via the HTTP base URL /debug/pprof/ examples, use this URL to start and download a 30 seconds CPU profile: /debug/pprof/profile?seconds=30 use this URL to profile used memory: /debug/pprof/heap?gc=1 use this URL to profile allocated memory: /debug/pprof/allocs?gc=1 Full docs here: https://golang.org/pkg/net/http/pprof/
2020-03-15 14:16:35 +00:00
if err := httpdConf.Initialize(configDir, false); err != nil {
Add connectionID to as many entries as possible Signed-off-by: Jo Vandeginste <Jo.Vandeginste@kuleuven.be>
2019-09-05 14:21:35 +00:00
logger.Error(logSender, "", "could not start HTTP server: %v", err)
Improve test cases and logging
2019-07-26 09:34:44 +00:00
}
}()
waitTCPListening(fmt.Sprintf("%s:%d", sftpdConf.BindAddress, sftpdConf.BindPort))
waitTCPListening(fmt.Sprintf("%s:%d", httpdConf.BindAddress, httpdConf.BindPort))
Support for HAProxy PROXY protocol you can proxy and/or load balance the SFTP/SCP service without losing the information about the client's address.
2020-02-27 08:21:30 +00:00
sftpdConf.BindPort = 2222
sftpdConf.ProxyProtocol = 1
go func() {
logger.Debug(logSender, "", "initializing SFTP server with config %+v", sftpdConf)
if err := sftpdConf.Initialize(configDir); err != nil {
logger.Error(logSender, "", "could not start SFTP server: %v", err)
}
}()
waitTCPListening(fmt.Sprintf("%s:%d", sftpdConf.BindAddress, sftpdConf.BindPort))
proxy protocol: added an option to make the proxy header required now we can configure SFTPGo to accept or reject requests without the proxy header when the proxy protocol is enabled
2020-02-28 23:02:06 +00:00
sftpdConf.BindPort = 2224
sftpdConf.ProxyProtocol = 2
go func() {
logger.Debug(logSender, "", "initializing SFTP server with config %+v", sftpdConf)
if err := sftpdConf.Initialize(configDir); err != nil {
logger.Error(logSender, "", "could not start SFTP server: %v", err)
}
}()
waitTCPListening(fmt.Sprintf("%s:%d", sftpdConf.BindAddress, sftpdConf.BindPort))
Improve test cases and logging
2019-07-26 09:34:44 +00:00
exitCode := m.Run()
sftpd test: add a debug log The git push test sometime fails when running on travis. The issue cannot be replicated locally so print the logs to try to understand what is happening
2019-12-29 22:27:32 +00:00
os.Remove(logFilePath)
sftpd: add configuration options for allowed ciphers, MACs and KEX algorithms add support for login banner too Fixes #32
2019-09-03 10:08:09 +00:00
os.Remove(loginBannerFile)
add support for Git over SSH We use the system commands "git-receive-pack", "git-upload-pack" and "git-upload-archive". they need to be installed and in your system's PATH. Since we execute system commands we have no direct control on file creation/deletion and so quota check is suboptimal: if quota is enabled, the number of files is checked at the command begin and not while new files are created. The allowed size is calculated as the difference between the max quota and the used one. The command is aborted if it uploads more bytes than the remaining allowed size calculated at the command start. Quotas are recalculated at the command end with a full home directory scan, this could be heavy for big directories.
2019-11-26 21:26:42 +00:00
os.Remove(pubKeyPath)
os.Remove(privateKeyPath)
os.Remove(gitWrapPath)
add support for authentication using external programs Fixes #62
2020-01-06 20:42:41 +00:00
os.Remove(extAuthPath)
Rename before_login_program to pre_login_program and some documentation update
2020-02-25 15:07:38 +00:00
os.Remove(preLoginPath)
add support for keyboard interactive authentication Fixes #64
2020-01-21 09:54:05 +00:00
os.Remove(keyIntAuthPath)
Improve test cases and logging
2019-07-26 09:34:44 +00:00
os.Exit(exitCode)
}
add new test cases
2019-07-31 12:11:44 +00:00
func TestInitialization(t *testing.T) {
switch to viper for configuration and use cobra for cli
2019-08-07 20:46:13 +00:00
config.LoadConfig(configDir, "")
add new test cases
2019-07-31 12:11:44 +00:00
sftpdConf := config.GetSFTPDConfig()
sftpdConf.Umask = "invalid umask"
add version info
2019-08-08 08:01:33 +00:00
sftpdConf.BindPort = 2022
sftpd: add configuration options for allowed ciphers, MACs and KEX algorithms add support for login banner too Fixes #32
2019-09-03 10:08:09 +00:00
sftpdConf.LoginBannerFile = "invalid_file"
sftpd: add support for some SSH commands md5sum, sha1sum are used by rclone. cd, pwd improve the support for RemoteFiles mobile app. These commands are all implemented inside SFTPGo so they work even if the matching system commands are not available, for example on Windows
2019-11-18 22:30:37 +00:00
sftpdConf.EnabledSSHCommands = append(sftpdConf.EnabledSSHCommands, "ls")
add new test cases
2019-07-31 12:11:44 +00:00
err := sftpdConf.Initialize(configDir)
if err == nil {
httpd: add support for basic auth and HTTPS
2020-02-03 23:08:00 +00:00
t.Error("Inizialize must fail, a SFTP server should be already running")
add new test cases
2019-07-31 12:11:44 +00:00
}
add HTTP hooks external auth, pre-login user modification and keyboard interactive authentication is now supported via HTTP requests too
2020-04-01 21:25:23 +00:00
sftpdConf.KeyboardInteractiveHook = "invalid_file"
add support for keyboard interactive authentication Fixes #64
2020-01-21 09:54:05 +00:00
err = sftpdConf.Initialize(configDir)
if err == nil {
httpd: add support for basic auth and HTTPS
2020-02-03 23:08:00 +00:00
t.Error("Inizialize must fail, a SFTP server should be already running")
add support for keyboard interactive authentication Fixes #64
2020-01-21 09:54:05 +00:00
}
add HTTP hooks external auth, pre-login user modification and keyboard interactive authentication is now supported via HTTP requests too
2020-04-01 21:25:23 +00:00
sftpdConf.KeyboardInteractiveHook = filepath.Join(homeBasePath, "invalid_file")
add support for keyboard interactive authentication Fixes #64
2020-01-21 09:54:05 +00:00
err = sftpdConf.Initialize(configDir)
if err == nil {
httpd: add support for basic auth and HTTPS
2020-02-03 23:08:00 +00:00
t.Error("Inizialize must fail, a SFTP server should be already running")
add support for keyboard interactive authentication Fixes #64
2020-01-21 09:54:05 +00:00
}
proxy protocol: add list of allowed IP addresses and IP ranges "proxy_allowed" setting allows to specify the allowed IP address and IP ranges that can send the proxy header. This setting combined with "proxy_protocol" allows to ignore the header or to reject connections that send the proxy header from a non listed IP
2020-03-01 22:12:28 +00:00
sftpdConf.BindPort = 4444
sftpdConf.ProxyProtocol = 1
sftpdConf.ProxyAllowed = []string{"1270.0.0.1"}
err = sftpdConf.Initialize(configDir)
if err == nil {
t.Error("Inizialize must fail, proxy IP allowed is invalid")
}
add new test cases
2019-07-31 12:11:44 +00:00
}
first version
2019-07-20 10:26:52 +00:00
func TestBasicSFTPHandling(t *testing.T) {
usePubKey := false
set track_quota to 2 as default
2019-08-01 07:24:35 +00:00
u := getTestUser(usePubKey)
u.QuotaSize = 6553600
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
user, _, err := httpd.AddUser(u, http.StatusOK)
first version
2019-07-20 10:26:52 +00:00
if err != nil {
t.Errorf("unable to add user: %v", err)
}
sftpd: add support for upload resume we support resume only if the client sets the correct offset while resuming the upload. Based on the specs the offset is optional for resume, but all the tested clients sets a right offset. If an invalid offset is given we interrupt the transfer with the error "Invalid write offset ..." See https://github.com/pkg/sftp/issues/295 This commit add a new upload mode: "atomic with resume support", this acts as atomic but if there is an upload error the temporary file is renamed to the requested path and not deleted, this way a client can reconnect and resume the upload
2019-10-09 15:33:30 +00:00
os.RemoveAll(user.GetHomeDir())
first version
2019-07-20 10:26:52 +00:00
client, err := getSftpClient(user, usePubKey)
if err != nil {
t.Errorf("unable to create sftp client: %v", err)
} else {
defer client.Close()
testFileName := "test_file.dat"
testFilePath := filepath.Join(homeBasePath, testFileName)
testFileSize := int64(65535)
expectedQuotaSize := user.UsedQuotaSize + testFileSize
expectedQuotaFiles := user.UsedQuotaFiles + 1
add memory data provider and use it for portable mode
2019-10-25 16:37:12 +00:00
createTestFile(testFilePath, testFileSize)
sftpd: make file/dir removal and creation more standard - remove a non empty directory. Before: the directory contents were removed recursively. Now: removing a non empty directory fails. - make a directory in a non existent path: Before: any necessary parents were created. Now: it fails. - remove a file. Before: files, directories and symlinks were removed. Now: only files and symlink are removed, removing a directory using "Remove" instead of "Rmdir" fails. Upload a file in a non existent directory. Before: any necessary parents were created. Now: it fails. Now SFTPGo behaves as OpenSSH.
2019-10-16 05:48:22 +00:00
err = sftpUploadFile(testFilePath, path.Join("/missing_dir", testFileName), testFileSize, client)
if err == nil {
t.Errorf("upload a file to a missing dir must fail")
first version
2019-07-20 10:26:52 +00:00
}
err = sftpUploadFile(testFilePath, testFileName, testFileSize, client)
if err != nil {
t.Errorf("file upload error: %v", err)
}
localDownloadPath := filepath.Join(homeBasePath, "test_download.dat")
err = sftpDownloadFile(testFileName, localDownloadPath, testFileSize, client)
if err != nil {
t.Errorf("file download error: %v", err)
}
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
user, _, err = httpd.GetUserByID(user.ID, http.StatusOK)
first version
2019-07-20 10:26:52 +00:00
if err != nil {
t.Errorf("error getting user: %v", err)
}
if expectedQuotaFiles != user.UsedQuotaFiles {
t.Errorf("quota files does not match, expected: %v, actual: %v", expectedQuotaFiles, user.UsedQuotaFiles)
}
if expectedQuotaSize != user.UsedQuotaSize {
t.Errorf("quota size does not match, expected: %v, actual: %v", expectedQuotaSize, user.UsedQuotaSize)
}
err = client.Remove(testFileName)
if err != nil {
t.Errorf("error removing uploaded file: %v", err)
}
_, err = client.Lstat(testFileName)
if err == nil {
t.Errorf("stat for deleted file must not succeed")
}
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
user, _, err = httpd.GetUserByID(user.ID, http.StatusOK)
first version
2019-07-20 10:26:52 +00:00
if err != nil {
t.Errorf("error getting user: %v", err)
}
if (expectedQuotaFiles - 1) != user.UsedQuotaFiles {
t.Errorf("quota files does not match after delete, expected: %v, actual: %v", expectedQuotaFiles-1, user.UsedQuotaFiles)
}
if (expectedQuotaSize - testFileSize) != user.UsedQuotaSize {
t.Errorf("quota size does not match, expected: %v, actual: %v", expectedQuotaSize-testFileSize, user.UsedQuotaSize)
}
add support for Git over SSH We use the system commands "git-receive-pack", "git-upload-pack" and "git-upload-archive". they need to be installed and in your system's PATH. Since we execute system commands we have no direct control on file creation/deletion and so quota check is suboptimal: if quota is enabled, the number of files is checked at the command begin and not while new files are created. The allowed size is calculated as the difference between the max quota and the used one. The command is aborted if it uploads more bytes than the remaining allowed size calculated at the command start. Quotas are recalculated at the command end with a full home directory scan, this could be heavy for big directories.
2019-11-26 21:26:42 +00:00
os.Remove(testFilePath)
os.Remove(localDownloadPath)
simplify some code
2019-07-20 22:19:17 +00:00
}
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
_, err = httpd.RemoveUser(user, http.StatusOK)
simplify some code
2019-07-20 22:19:17 +00:00
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
atomic upload mode: remove temporary file on error If a transfer error is detected, then the partial temporary file will be removed and not renamed to requested path
2019-09-10 16:47:21 +00:00
os.RemoveAll(user.GetHomeDir())
simplify some code
2019-07-20 22:19:17 +00:00
}
Support for HAProxy PROXY protocol you can proxy and/or load balance the SFTP/SCP service without losing the information about the client's address.
2020-02-27 08:21:30 +00:00
func TestProxyProtocol(t *testing.T) {
usePubKey := false
user, _, err := httpd.AddUser(getTestUser(usePubKey), http.StatusOK)
if err != nil {
t.Errorf("unable to add user: %v", err)
}
// remove the home dir to test auto creation
os.RemoveAll(user.HomeDir)
client, err := getSftpClientWithAddr(user, usePubKey, "127.0.0.1:2222")
if err != nil {
t.Errorf("unable to create sftp client: %v", err)
} else {
defer client.Close()
_, err = client.Getwd()
if err != nil {
t.Errorf("error mkdir: %v", err)
}
}
proxy protocol: added an option to make the proxy header required now we can configure SFTPGo to accept or reject requests without the proxy header when the proxy protocol is enabled
2020-02-28 23:02:06 +00:00
client, err = getSftpClientWithAddr(user, usePubKey, "127.0.0.1:2224")
if err == nil {
t.Error("request without a proxy header must be rejected")
}
Support for HAProxy PROXY protocol you can proxy and/or load balance the SFTP/SCP service without losing the information about the client's address.
2020-02-27 08:21:30 +00:00
httpd.RemoveUser(user, http.StatusOK)
os.RemoveAll(user.GetHomeDir())
}
sftpd: add support for upload resume we support resume only if the client sets the correct offset while resuming the upload. Based on the specs the offset is optional for resume, but all the tested clients sets a right offset. If an invalid offset is given we interrupt the transfer with the error "Invalid write offset ..." See https://github.com/pkg/sftp/issues/295 This commit add a new upload mode: "atomic with resume support", this acts as atomic but if there is an upload error the temporary file is renamed to the requested path and not deleted, this way a client can reconnect and resume the upload
2019-10-09 15:33:30 +00:00
func TestUploadResume(t *testing.T) {
usePubKey := false
u := getTestUser(usePubKey)
user, _, err := httpd.AddUser(u, http.StatusOK)
if err != nil {
t.Errorf("unable to add user: %v", err)
}
os.RemoveAll(user.GetHomeDir())
client, err := getSftpClient(user, usePubKey)
if err != nil {
t.Errorf("unable to create sftp client: %v", err)
} else {
defer client.Close()
testFileName := "test_file.dat"
testFilePath := filepath.Join(homeBasePath, testFileName)
testFileSize := int64(65535)
appendDataSize := int64(65535)
err = createTestFile(testFilePath, testFileSize)
if err != nil {
t.Errorf("unable to create test file: %v", err)
}
err = sftpUploadFile(testFilePath, testFileName, testFileSize, client)
if err != nil {
t.Errorf("file upload error: %v", err)
}
err = appendToTestFile(testFilePath, appendDataSize)
if err != nil {
t.Errorf("unable to append to test file: %v", err)
}
err = sftpUploadResumeFile(testFilePath, testFileName, testFileSize+appendDataSize, false, client)
if err != nil {
t.Errorf("file upload resume error: %v", err)
}
localDownloadPath := filepath.Join(homeBasePath, "test_download.dat")
err = sftpDownloadFile(testFileName, localDownloadPath, testFileSize+appendDataSize, client)
if err != nil {
t.Errorf("file download error: %v", err)
}
sftpd: add support for some SSH commands md5sum, sha1sum are used by rclone. cd, pwd improve the support for RemoteFiles mobile app. These commands are all implemented inside SFTPGo so they work even if the matching system commands are not available, for example on Windows
2019-11-18 22:30:37 +00:00
initialHash, err := computeHashForFile(sha256.New(), testFilePath)
sftpd: add support for upload resume we support resume only if the client sets the correct offset while resuming the upload. Based on the specs the offset is optional for resume, but all the tested clients sets a right offset. If an invalid offset is given we interrupt the transfer with the error "Invalid write offset ..." See https://github.com/pkg/sftp/issues/295 This commit add a new upload mode: "atomic with resume support", this acts as atomic but if there is an upload error the temporary file is renamed to the requested path and not deleted, this way a client can reconnect and resume the upload
2019-10-09 15:33:30 +00:00
if err != nil {
t.Errorf("error computing file hash: %v", err)
}
sftpd: add support for some SSH commands md5sum, sha1sum are used by rclone. cd, pwd improve the support for RemoteFiles mobile app. These commands are all implemented inside SFTPGo so they work even if the matching system commands are not available, for example on Windows
2019-11-18 22:30:37 +00:00
donwloadedFileHash, err := computeHashForFile(sha256.New(), localDownloadPath)
sftpd: add support for upload resume we support resume only if the client sets the correct offset while resuming the upload. Based on the specs the offset is optional for resume, but all the tested clients sets a right offset. If an invalid offset is given we interrupt the transfer with the error "Invalid write offset ..." See https://github.com/pkg/sftp/issues/295 This commit add a new upload mode: "atomic with resume support", this acts as atomic but if there is an upload error the temporary file is renamed to the requested path and not deleted, this way a client can reconnect and resume the upload
2019-10-09 15:33:30 +00:00
if err != nil {
t.Errorf("error computing downloaded file hash: %v", err)
}
if donwloadedFileHash != initialHash {
t.Errorf("resume failed: file hash does not match")
}
err = sftpUploadResumeFile(testFilePath, testFileName, testFileSize+appendDataSize, true, client)
if err == nil {
t.Errorf("file upload resume with invalid offset must fail")
}
add support for Git over SSH We use the system commands "git-receive-pack", "git-upload-pack" and "git-upload-archive". they need to be installed and in your system's PATH. Since we execute system commands we have no direct control on file creation/deletion and so quota check is suboptimal: if quota is enabled, the number of files is checked at the command begin and not while new files are created. The allowed size is calculated as the difference between the max quota and the used one. The command is aborted if it uploads more bytes than the remaining allowed size calculated at the command start. Quotas are recalculated at the command end with a full home directory scan, this could be heavy for big directories.
2019-11-26 21:26:42 +00:00
os.Remove(testFilePath)
os.Remove(localDownloadPath)
sftpd: add support for upload resume we support resume only if the client sets the correct offset while resuming the upload. Based on the specs the offset is optional for resume, but all the tested clients sets a right offset. If an invalid offset is given we interrupt the transfer with the error "Invalid write offset ..." See https://github.com/pkg/sftp/issues/295 This commit add a new upload mode: "atomic with resume support", this acts as atomic but if there is an upload error the temporary file is renamed to the requested path and not deleted, this way a client can reconnect and resume the upload
2019-10-09 15:33:30 +00:00
}
_, err = httpd.RemoveUser(user, http.StatusOK)
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
os.RemoveAll(user.GetHomeDir())
}
simplify some code
2019-07-20 22:19:17 +00:00
func TestDirCommands(t *testing.T) {
usePubKey := false
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
user, _, err := httpd.AddUser(getTestUser(usePubKey), http.StatusOK)
simplify some code
2019-07-20 22:19:17 +00:00
if err != nil {
t.Errorf("unable to add user: %v", err)
}
sftpd: improve test cases
2019-07-26 14:15:42 +00:00
// remove the home dir to test auto creation
sftpd: make file/dir removal and creation more standard - remove a non empty directory. Before: the directory contents were removed recursively. Now: removing a non empty directory fails. - make a directory in a non existent path: Before: any necessary parents were created. Now: it fails. - remove a file. Before: files, directories and symlinks were removed. Now: only files and symlink are removed, removing a directory using "Remove" instead of "Rmdir" fails. Upload a file in a non existent directory. Before: any necessary parents were created. Now: it fails. Now SFTPGo behaves as OpenSSH.
2019-10-16 05:48:22 +00:00
os.RemoveAll(user.HomeDir)
simplify some code
2019-07-20 22:19:17 +00:00
client, err := getSftpClient(user, usePubKey)
if err != nil {
t.Errorf("unable to create sftp client: %v", err)
} else {
defer client.Close()
fix posix rename update pkg/sftp to a git revision that includes: https://github.com/pkg/sftp/pull/316 add a test case here too and update other deps
2019-11-08 07:43:27 +00:00
err = client.Mkdir("test1")
first version
2019-07-20 10:26:52 +00:00
if err != nil {
t.Errorf("error mkdir: %v", err)
}
fix posix rename update pkg/sftp to a git revision that includes: https://github.com/pkg/sftp/pull/316 add a test case here too and update other deps
2019-11-08 07:43:27 +00:00
err = client.Rename("test1", "test")
first version
2019-07-20 10:26:52 +00:00
if err != nil {
t.Errorf("error rename: %v", err)
}
fix posix rename update pkg/sftp to a git revision that includes: https://github.com/pkg/sftp/pull/316 add a test case here too and update other deps
2019-11-08 07:43:27 +00:00
_, err = client.Lstat("/test1")
if err == nil {
t.Errorf("stat for renamed dir must not succeed")
}
err = client.PosixRename("test", "test1")
if err != nil {
t.Errorf("error posix rename: %v", err)
}
first version
2019-07-20 10:26:52 +00:00
err = client.Remove("test1")
if err != nil {
t.Errorf("error rmdir: %v", err)
}
add support for atomic upload Atomic uploads are now configurable. The default upload mode remains non atomic
2019-08-04 07:37:58 +00:00
err = client.Mkdir("/test/test1")
sftpd: make file/dir removal and creation more standard - remove a non empty directory. Before: the directory contents were removed recursively. Now: removing a non empty directory fails. - make a directory in a non existent path: Before: any necessary parents were created. Now: it fails. - remove a file. Before: files, directories and symlinks were removed. Now: only files and symlink are removed, removing a directory using "Remove" instead of "Rmdir" fails. Upload a file in a non existent directory. Before: any necessary parents were created. Now: it fails. Now SFTPGo behaves as OpenSSH.
2019-10-16 05:48:22 +00:00
if err == nil {
t.Errorf("recursive mkdir must fail")
}
client.Mkdir("/test")
err = client.Mkdir("/test/test1")
first version
2019-07-20 10:26:52 +00:00
if err != nil {
sftpd: make file/dir removal and creation more standard - remove a non empty directory. Before: the directory contents were removed recursively. Now: removing a non empty directory fails. - make a directory in a non existent path: Before: any necessary parents were created. Now: it fails. - remove a file. Before: files, directories and symlinks were removed. Now: only files and symlink are removed, removing a directory using "Remove" instead of "Rmdir" fails. Upload a file in a non existent directory. Before: any necessary parents were created. Now: it fails. Now SFTPGo behaves as OpenSSH.
2019-10-16 05:48:22 +00:00
t.Errorf("mkdir dir error: %v", err)
first version
2019-07-20 10:26:52 +00:00
}
simplify scp upload code and add some test cases
2019-08-24 20:44:01 +00:00
_, err = client.ReadDir("/this/dir/does/not/exist")
if err == nil {
t.Errorf("reading a missing dir must fail")
}
sftpd: make file/dir removal and creation more standard - remove a non empty directory. Before: the directory contents were removed recursively. Now: removing a non empty directory fails. - make a directory in a non existent path: Before: any necessary parents were created. Now: it fails. - remove a file. Before: files, directories and symlinks were removed. Now: only files and symlink are removed, removing a directory using "Remove" instead of "Rmdir" fails. Upload a file in a non existent directory. Before: any necessary parents were created. Now: it fails. Now SFTPGo behaves as OpenSSH.
2019-10-16 05:48:22 +00:00
err = client.RemoveDirectory("/test/test1")
if err != nil {
t.Errorf("remove dir error: %v", err)
}
err = client.RemoveDirectory("/test")
if err != nil {
t.Errorf("remove dir error: %v", err)
}
_, err = client.Lstat("/test")
if err == nil {
t.Errorf("stat for deleted dir must not succeed")
}
err = client.RemoveDirectory("/test")
if err == nil {
t.Errorf("remove missing path must fail")
}
}
fix posix rename update pkg/sftp to a git revision that includes: https://github.com/pkg/sftp/pull/316 add a test case here too and update other deps
2019-11-08 07:43:27 +00:00
httpd.RemoveUser(user, http.StatusOK)
sftpd: make file/dir removal and creation more standard - remove a non empty directory. Before: the directory contents were removed recursively. Now: removing a non empty directory fails. - make a directory in a non existent path: Before: any necessary parents were created. Now: it fails. - remove a file. Before: files, directories and symlinks were removed. Now: only files and symlink are removed, removing a directory using "Remove" instead of "Rmdir" fails. Upload a file in a non existent directory. Before: any necessary parents were created. Now: it fails. Now SFTPGo behaves as OpenSSH.
2019-10-16 05:48:22 +00:00
os.RemoveAll(user.GetHomeDir())
}
func TestRemove(t *testing.T) {
usePubKey := true
user, _, err := httpd.AddUser(getTestUser(usePubKey), http.StatusOK)
if err != nil {
t.Errorf("unable to add user: %v", err)
}
client, err := getSftpClient(user, usePubKey)
if err != nil {
t.Errorf("unable to create sftp client: %v", err)
} else {
defer client.Close()
err = client.Mkdir("test")
if err != nil {
t.Errorf("error mkdir: %v", err)
}
err = client.Mkdir("/test/test1")
if err != nil {
t.Errorf("error mkdir subdir: %v", err)
}
add support for atomic upload Atomic uploads are now configurable. The default upload mode remains non atomic
2019-08-04 07:37:58 +00:00
testFileName := "/test_file.dat"
testFilePath := filepath.Join(homeBasePath, testFileName)
testFileSize := int64(65535)
err = createTestFile(testFilePath, testFileSize)
if err != nil {
t.Errorf("unable to create test file: %v", err)
}
sftpd_test: use path.Join for SFTP/SCP path filepath.Join could use an OS dependent separator
2019-10-16 10:57:06 +00:00
err = sftpUploadFile(testFilePath, path.Join("/test", testFileName), testFileSize, client)
add support for atomic upload Atomic uploads are now configurable. The default upload mode remains non atomic
2019-08-04 07:37:58 +00:00
if err != nil {
t.Errorf("file upload error: %v", err)
}
first version
2019-07-20 10:26:52 +00:00
err = client.Remove("/test")
sftpd: make file/dir removal and creation more standard - remove a non empty directory. Before: the directory contents were removed recursively. Now: removing a non empty directory fails. - make a directory in a non existent path: Before: any necessary parents were created. Now: it fails. - remove a file. Before: files, directories and symlinks were removed. Now: only files and symlink are removed, removing a directory using "Remove" instead of "Rmdir" fails. Upload a file in a non existent directory. Before: any necessary parents were created. Now: it fails. Now SFTPGo behaves as OpenSSH.
2019-10-16 05:48:22 +00:00
if err == nil {
t.Errorf("remove non empty dir must fail")
}
sftpd_test: use path.Join for SFTP/SCP path filepath.Join could use an OS dependent separator
2019-10-16 10:57:06 +00:00
err = client.RemoveDirectory(path.Join("/test", testFileName))
sftpd: make file/dir removal and creation more standard - remove a non empty directory. Before: the directory contents were removed recursively. Now: removing a non empty directory fails. - make a directory in a non existent path: Before: any necessary parents were created. Now: it fails. - remove a file. Before: files, directories and symlinks were removed. Now: only files and symlink are removed, removing a directory using "Remove" instead of "Rmdir" fails. Upload a file in a non existent directory. Before: any necessary parents were created. Now: it fails. Now SFTPGo behaves as OpenSSH.
2019-10-16 05:48:22 +00:00
if err == nil {
sftpd: add support for chmod/chown added matching permissions too and a new setting "setstat_mode". Setting setstat_mode to 1 you can keep the previous behaviour that silently ignore setstat requests
2019-11-15 11:15:07 +00:00
t.Errorf("remove a file with rmdir must fail")
sftpd: make file/dir removal and creation more standard - remove a non empty directory. Before: the directory contents were removed recursively. Now: removing a non empty directory fails. - make a directory in a non existent path: Before: any necessary parents were created. Now: it fails. - remove a file. Before: files, directories and symlinks were removed. Now: only files and symlink are removed, removing a directory using "Remove" instead of "Rmdir" fails. Upload a file in a non existent directory. Before: any necessary parents were created. Now: it fails. Now SFTPGo behaves as OpenSSH.
2019-10-16 05:48:22 +00:00
}
sftpd_test: use path.Join for SFTP/SCP path filepath.Join could use an OS dependent separator
2019-10-16 10:57:06 +00:00
err = client.Remove(path.Join("/test", testFileName))
first version
2019-07-20 10:26:52 +00:00
if err != nil {
sftpd: make file/dir removal and creation more standard - remove a non empty directory. Before: the directory contents were removed recursively. Now: removing a non empty directory fails. - make a directory in a non existent path: Before: any necessary parents were created. Now: it fails. - remove a file. Before: files, directories and symlinks were removed. Now: only files and symlink are removed, removing a directory using "Remove" instead of "Rmdir" fails. Upload a file in a non existent directory. Before: any necessary parents were created. Now: it fails. Now SFTPGo behaves as OpenSSH.
2019-10-16 05:48:22 +00:00
t.Errorf("remove file error: %v", err)
first version
2019-07-20 10:26:52 +00:00
}
sftpd_test: use path.Join for SFTP/SCP path filepath.Join could use an OS dependent separator
2019-10-16 10:57:06 +00:00
err = client.Remove(path.Join("/test", testFileName))
first version
2019-07-20 10:26:52 +00:00
if err == nil {
sftpd: make file/dir removal and creation more standard - remove a non empty directory. Before: the directory contents were removed recursively. Now: removing a non empty directory fails. - make a directory in a non existent path: Before: any necessary parents were created. Now: it fails. - remove a file. Before: files, directories and symlinks were removed. Now: only files and symlink are removed, removing a directory using "Remove" instead of "Rmdir" fails. Upload a file in a non existent directory. Before: any necessary parents were created. Now: it fails. Now SFTPGo behaves as OpenSSH.
2019-10-16 05:48:22 +00:00
t.Errorf("remove missing file must fail")
}
err = client.Remove("/test/test1")
if err != nil {
t.Errorf("remove dir error: %v", err)
first version
2019-07-20 10:26:52 +00:00
}
add support for atomic upload Atomic uploads are now configurable. The default upload mode remains non atomic
2019-08-04 07:37:58 +00:00
err = client.Remove("/test")
sftpd: make file/dir removal and creation more standard - remove a non empty directory. Before: the directory contents were removed recursively. Now: removing a non empty directory fails. - make a directory in a non existent path: Before: any necessary parents were created. Now: it fails. - remove a file. Before: files, directories and symlinks were removed. Now: only files and symlink are removed, removing a directory using "Remove" instead of "Rmdir" fails. Upload a file in a non existent directory. Before: any necessary parents were created. Now: it fails. Now SFTPGo behaves as OpenSSH.
2019-10-16 05:48:22 +00:00
if err != nil {
t.Errorf("remove dir error: %v", err)
add support for atomic upload Atomic uploads are now configurable. The default upload mode remains non atomic
2019-08-04 07:37:58 +00:00
}
add support for Git over SSH We use the system commands "git-receive-pack", "git-upload-pack" and "git-upload-archive". they need to be installed and in your system's PATH. Since we execute system commands we have no direct control on file creation/deletion and so quota check is suboptimal: if quota is enabled, the number of files is checked at the command begin and not while new files are created. The allowed size is calculated as the difference between the max quota and the used one. The command is aborted if it uploads more bytes than the remaining allowed size calculated at the command start. Quotas are recalculated at the command end with a full home directory scan, this could be heavy for big directories.
2019-11-26 21:26:42 +00:00
os.Remove(testFilePath)
first version
2019-07-20 10:26:52 +00:00
}
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
_, err = httpd.RemoveUser(user, http.StatusOK)
first version
2019-07-20 10:26:52 +00:00
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
atomic upload mode: remove temporary file on error If a transfer error is detected, then the partial temporary file will be removed and not renamed to requested path
2019-09-10 16:47:21 +00:00
os.RemoveAll(user.GetHomeDir())
first version
2019-07-20 10:26:52 +00:00
}
update pkg/sftp to the latest master Our pull request to handle transfer errors is now merged, so updating pkg/sftp should fix #36
2019-09-13 06:30:22 +00:00
func TestLink(t *testing.T) {
simplify some code
2019-07-20 22:19:17 +00:00
usePubKey := false
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
user, _, err := httpd.AddUser(getTestUser(usePubKey), http.StatusOK)
simplify some code
2019-07-20 22:19:17 +00:00
if err != nil {
t.Errorf("unable to add user: %v", err)
}
client, err := getSftpClient(user, usePubKey)
if err != nil {
t.Errorf("unable to create sftp client: %v", err)
} else {
defer client.Close()
testFileName := "test_file.dat"
testFilePath := filepath.Join(homeBasePath, testFileName)
testFileSize := int64(65535)
err = createTestFile(testFilePath, testFileSize)
if err != nil {
t.Errorf("unable to create test file: %v", err)
}
err = sftpUploadFile(testFilePath, testFileName, testFileSize, client)
if err != nil {
t.Errorf("file upload error: %v", err)
}
err = client.Symlink(testFileName, testFileName+".link")
if err != nil {
t.Errorf("error creating symlink: %v", err)
}
simplify scp upload code and add some test cases
2019-08-24 20:44:01 +00:00
_, err = client.ReadLink(testFileName + ".link")
if err == nil {
t.Errorf("readlink is currently not implemented so must fail")
}
version: only git commit and build date must be modifiable Improved some test cases too
2019-08-08 19:42:07 +00:00
err = client.Symlink(testFileName, testFileName+".link")
if err == nil {
t.Errorf("creating a symlink to an existing one must fail")
update pkg/sftp to the latest master Our pull request to handle transfer errors is now merged, so updating pkg/sftp should fix #36
2019-09-13 06:30:22 +00:00
}
err = client.Link(testFileName, testFileName+".hlink")
if err == nil {
t.Errorf("hard link is not supported and must fail")
version: only git commit and build date must be modifiable Improved some test cases too
2019-08-08 19:42:07 +00:00
}
simplify some code
2019-07-20 22:19:17 +00:00
err = client.Remove(testFileName + ".link")
if err != nil {
t.Errorf("error removing symlink: %v", err)
}
err = client.Remove(testFileName)
if err != nil {
t.Errorf("error removing uploaded file: %v", err)
}
add support for Git over SSH We use the system commands "git-receive-pack", "git-upload-pack" and "git-upload-archive". they need to be installed and in your system's PATH. Since we execute system commands we have no direct control on file creation/deletion and so quota check is suboptimal: if quota is enabled, the number of files is checked at the command begin and not while new files are created. The allowed size is calculated as the difference between the max quota and the used one. The command is aborted if it uploads more bytes than the remaining allowed size calculated at the command start. Quotas are recalculated at the command end with a full home directory scan, this could be heavy for big directories.
2019-11-26 21:26:42 +00:00
os.Remove(testFilePath)
simplify some code
2019-07-20 22:19:17 +00:00
}
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
_, err = httpd.RemoveUser(user, http.StatusOK)
simplify some code
2019-07-20 22:19:17 +00:00
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
atomic upload mode: remove temporary file on error If a transfer error is detected, then the partial temporary file will be removed and not renamed to requested path
2019-09-10 16:47:21 +00:00
os.RemoveAll(user.GetHomeDir())
simplify some code
2019-07-20 22:19:17 +00:00
}
add support for atomic upload Atomic uploads are now configurable. The default upload mode remains non atomic
2019-08-04 07:37:58 +00:00
func TestStat(t *testing.T) {
sftpd: test case for SetStat SetStat is silently ignored. Ownership and permissions are configured globally or per account
2019-07-26 15:18:51 +00:00
usePubKey := false
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
user, _, err := httpd.AddUser(getTestUser(usePubKey), http.StatusOK)
minor fixes
2019-11-15 11:26:52 +00:00
if err != nil {
t.Errorf("unable to add user: %v", err)
}
sftpd: test case for SetStat SetStat is silently ignored. Ownership and permissions are configured globally or per account
2019-07-26 15:18:51 +00:00
client, err := getSftpClient(user, usePubKey)
if err != nil {
t.Errorf("unable to create sftp client: %v", err)
} else {
defer client.Close()
testFileName := "test_file.dat"
testFilePath := filepath.Join(homeBasePath, testFileName)
testFileSize := int64(65535)
minor fixes
2019-11-15 11:26:52 +00:00
createTestFile(testFilePath, testFileSize)
sftpd: test case for SetStat SetStat is silently ignored. Ownership and permissions are configured globally or per account
2019-07-26 15:18:51 +00:00
err = sftpUploadFile(testFilePath, testFileName, testFileSize, client)
if err != nil {
t.Errorf("file upload error: %v", err)
}
sftpd: add support for chmod/chown added matching permissions too and a new setting "setstat_mode". Setting setstat_mode to 1 you can keep the previous behaviour that silently ignore setstat requests
2019-11-15 11:15:07 +00:00
_, err := client.Lstat(testFileName)
sftpd: test case for SetStat SetStat is silently ignored. Ownership and permissions are configured globally or per account
2019-07-26 15:18:51 +00:00
if err != nil {
t.Errorf("stat error: %v", err)
}
sftpd: document chmod/chown on Windows chmod is partially supported and chown is not supported on Windows. Skip unsupported test cases on Windows
2019-11-15 16:09:00 +00:00
// mode 0666 and 0444 works on Windows too
newPerm := os.FileMode(0666)
err = client.Chmod(testFileName, newPerm)
if err != nil {
t.Errorf("chmod error: %v", err)
}
newFi, err := client.Lstat(testFileName)
if err != nil {
t.Errorf("stat error: %v", err)
}
if newPerm != newFi.Mode().Perm() {
t.Errorf("chmod failed expected: %v, actual: %v", newPerm, newFi.Mode().Perm())
}
newPerm = os.FileMode(0444)
err = client.Chmod(testFileName, newPerm)
if err != nil {
t.Errorf("chmod error: %v", err)
}
newFi, err = client.Lstat(testFileName)
if err != nil {
t.Errorf("stat error: %v", err)
}
if newPerm != newFi.Mode().Perm() {
t.Errorf("chmod failed expected: %v, actual: %v", newPerm, newFi.Mode().Perm())
}
_, err = client.ReadLink(testFileName)
if err == nil {
t.Errorf("readlink is not supported and must fail")
}
sftpd: add support for chtimes This improve rclone compatibility
2019-11-16 09:23:41 +00:00
err = client.Truncate(testFileName, 0)
sftpd: document chmod/chown on Windows chmod is partially supported and chown is not supported on Windows. Skip unsupported test cases on Windows
2019-11-15 16:09:00 +00:00
if err != nil {
sftpd: add support for chtimes This improve rclone compatibility
2019-11-16 09:23:41 +00:00
t.Errorf("truncate must be silently ignored: %v", err)
sftpd: document chmod/chown on Windows chmod is partially supported and chown is not supported on Windows. Skip unsupported test cases on Windows
2019-11-15 16:09:00 +00:00
}
add support for Git over SSH We use the system commands "git-receive-pack", "git-upload-pack" and "git-upload-archive". they need to be installed and in your system's PATH. Since we execute system commands we have no direct control on file creation/deletion and so quota check is suboptimal: if quota is enabled, the number of files is checked at the command begin and not while new files are created. The allowed size is calculated as the difference between the max quota and the used one. The command is aborted if it uploads more bytes than the remaining allowed size calculated at the command start. Quotas are recalculated at the command end with a full home directory scan, this could be heavy for big directories.
2019-11-26 21:26:42 +00:00
os.Remove(testFilePath)
sftpd: document chmod/chown on Windows chmod is partially supported and chown is not supported on Windows. Skip unsupported test cases on Windows
2019-11-15 16:09:00 +00:00
}
_, err = httpd.RemoveUser(user, http.StatusOK)
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
os.RemoveAll(user.GetHomeDir())
}
func TestStatChownChmod(t *testing.T) {
if runtime.GOOS == "windows" {
t.Skip("chown is not supported on Windows, chmod is partially supported")
}
usePubKey := true
user, _, err := httpd.AddUser(getTestUser(usePubKey), http.StatusOK)
if err != nil {
t.Errorf("unable to add user: %v", err)
}
client, err := getSftpClient(user, usePubKey)
if err != nil {
t.Errorf("unable to create sftp client: %v", err)
} else {
defer client.Close()
testFileName := "test_file.dat"
testFilePath := filepath.Join(homeBasePath, testFileName)
testFileSize := int64(65535)
createTestFile(testFilePath, testFileSize)
err = sftpUploadFile(testFilePath, testFileName, testFileSize, client)
if err != nil {
t.Errorf("file upload error: %v", err)
}
sftpd: add support for chmod/chown added matching permissions too and a new setting "setstat_mode". Setting setstat_mode to 1 you can keep the previous behaviour that silently ignore setstat requests
2019-11-15 11:15:07 +00:00
err = client.Chown(testFileName, os.Getuid(), os.Getgid())
sftpd: test case for SetStat SetStat is silently ignored. Ownership and permissions are configured globally or per account
2019-07-26 15:18:51 +00:00
if err != nil {
t.Errorf("chown error: %v", err)
}
sftpd: add support for chmod/chown added matching permissions too and a new setting "setstat_mode". Setting setstat_mode to 1 you can keep the previous behaviour that silently ignore setstat requests
2019-11-15 11:15:07 +00:00
newPerm := os.FileMode(0600)
err = client.Chmod(testFileName, newPerm)
sftpd: test case for SetStat SetStat is silently ignored. Ownership and permissions are configured globally or per account
2019-07-26 15:18:51 +00:00
if err != nil {
t.Errorf("chmod error: %v", err)
}
newFi, err := client.Lstat(testFileName)
if err != nil {
t.Errorf("stat error: %v", err)
}
sftpd: add support for chmod/chown added matching permissions too and a new setting "setstat_mode". Setting setstat_mode to 1 you can keep the previous behaviour that silently ignore setstat requests
2019-11-15 11:15:07 +00:00
if newPerm != newFi.Mode().Perm() {
t.Errorf("chown failed expected: %v, actual: %v", newPerm, newFi.Mode().Perm())
sftpd: test case for SetStat SetStat is silently ignored. Ownership and permissions are configured globally or per account
2019-07-26 15:18:51 +00:00
}
err = client.Remove(testFileName)
if err != nil {
t.Errorf("error removing uploaded file: %v", err)
}
sftpd: add support for chmod/chown added matching permissions too and a new setting "setstat_mode". Setting setstat_mode to 1 you can keep the previous behaviour that silently ignore setstat requests
2019-11-15 11:15:07 +00:00
// l'errore viene riconvertito da sftp.ErrSSHFxNoSuchFile in os.ErrNotExist
err = client.Chmod(testFileName, newPerm)
if err != os.ErrNotExist {
t.Errorf("unexpected chmod error: %v expected: %v", err, os.ErrNotExist)
}
err = client.Chown(testFileName, os.Getuid(), os.Getgid())
if err != os.ErrNotExist {
t.Errorf("unexpected chown error: %v expected: %v", err, os.ErrNotExist)
}
add support for Git over SSH We use the system commands "git-receive-pack", "git-upload-pack" and "git-upload-archive". they need to be installed and in your system's PATH. Since we execute system commands we have no direct control on file creation/deletion and so quota check is suboptimal: if quota is enabled, the number of files is checked at the command begin and not while new files are created. The allowed size is calculated as the difference between the max quota and the used one. The command is aborted if it uploads more bytes than the remaining allowed size calculated at the command start. Quotas are recalculated at the command end with a full home directory scan, this could be heavy for big directories.
2019-11-26 21:26:42 +00:00
os.Remove(testFilePath)
sftpd: test case for SetStat SetStat is silently ignored. Ownership and permissions are configured globally or per account
2019-07-26 15:18:51 +00:00
}
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
_, err = httpd.RemoveUser(user, http.StatusOK)
minor fixes
2019-11-15 11:26:52 +00:00
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
atomic upload mode: remove temporary file on error If a transfer error is detected, then the partial temporary file will be removed and not renamed to requested path
2019-09-10 16:47:21 +00:00
os.RemoveAll(user.GetHomeDir())
sftpd: test case for SetStat SetStat is silently ignored. Ownership and permissions are configured globally or per account
2019-07-26 15:18:51 +00:00
}
sftpd: add support for chtimes This improve rclone compatibility
2019-11-16 09:23:41 +00:00
func TestChtimes(t *testing.T) {
usePubKey := false
user, _, err := httpd.AddUser(getTestUser(usePubKey), http.StatusOK)
if err != nil {
t.Errorf("unable to add user: %v", err)
}
client, err := getSftpClient(user, usePubKey)
if err != nil {
t.Errorf("unable to create sftp client: %v", err)
} else {
defer client.Close()
testFileName := "test_file.dat"
testFilePath := filepath.Join(homeBasePath, testFileName)
testFileSize := int64(65535)
testDir := "test"
createTestFile(testFilePath, testFileSize)
err = sftpUploadFile(testFilePath, testFileName, testFileSize, client)
if err != nil {
t.Errorf("file upload error: %v", err)
}
acmodTime := time.Now()
err = client.Chtimes(testFileName, acmodTime, acmodTime)
if err != nil {
t.Errorf("error changing file times")
}
newFi, err := client.Lstat(testFileName)
if err != nil {
t.Errorf("file stat error: %v", err)
}
diff := math.Abs(newFi.ModTime().Sub(acmodTime).Seconds())
if diff > 1 {
t.Errorf("diff between wanted and real modification time too big: %v", diff)
}
err = client.Chtimes("invalidFile", acmodTime, acmodTime)
if !os.IsNotExist(err) {
t.Errorf("unexpected error: %v", err)
}
err = client.Mkdir(testDir)
if err != nil {
t.Errorf("unable to create dir: %v", err)
}
err = client.Chtimes(testDir, acmodTime, acmodTime)
if err != nil {
t.Errorf("error changing dir times")
}
newFi, err = client.Lstat(testDir)
if err != nil {
t.Errorf("dir stat error: %v", err)
}
diff = math.Abs(newFi.ModTime().Sub(acmodTime).Seconds())
if diff > 1 {
t.Errorf("diff between wanted and real modification time too big: %v", diff)
}
add support for Git over SSH We use the system commands "git-receive-pack", "git-upload-pack" and "git-upload-archive". they need to be installed and in your system's PATH. Since we execute system commands we have no direct control on file creation/deletion and so quota check is suboptimal: if quota is enabled, the number of files is checked at the command begin and not while new files are created. The allowed size is calculated as the difference between the max quota and the used one. The command is aborted if it uploads more bytes than the remaining allowed size calculated at the command start. Quotas are recalculated at the command end with a full home directory scan, this could be heavy for big directories.
2019-11-26 21:26:42 +00:00
os.Remove(testFilePath)
sftpd: add support for chtimes This improve rclone compatibility
2019-11-16 09:23:41 +00:00
}
_, err = httpd.RemoveUser(user, http.StatusOK)
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
os.RemoveAll(user.GetHomeDir())
}
first version
2019-07-20 10:26:52 +00:00
// basic tests to verify virtual chroot, should be improved to cover more cases ...
func TestEscapeHomeDir(t *testing.T) {
usePubKey := true
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
user, _, err := httpd.AddUser(getTestUser(usePubKey), http.StatusOK)
first version
2019-07-20 10:26:52 +00:00
if err != nil {
t.Errorf("unable to add user: %v", err)
}
client, err := getSftpClient(user, usePubKey)
if err != nil {
t.Errorf("unable to create sftp client: %v", err)
} else {
defer client.Close()
_, err := client.Getwd()
if err != nil {
t.Errorf("unable to get working dir: %v", err)
}
testDir := "testDir"
linkPath := filepath.Join(homeBasePath, defaultUsername, testDir)
err = os.Symlink(homeBasePath, linkPath)
if err != nil {
t.Errorf("error making local symlink: %v", err)
}
_, err = client.ReadDir(testDir)
if err == nil {
fix another misspell
2019-07-20 19:20:16 +00:00
t.Errorf("reading a symbolic link outside home dir should not succeeded")
first version
2019-07-20 10:26:52 +00:00
}
os.Remove(linkPath)
testFileName := "test_file.dat"
testFilePath := filepath.Join(homeBasePath, testFileName)
testFileSize := int64(65535)
err = createTestFile(testFilePath, testFileSize)
if err != nil {
t.Errorf("unable to create test file: %v", err)
}
sftpd_test: use path.Join for SFTP/SCP path filepath.Join could use an OS dependent separator
2019-10-16 10:57:06 +00:00
remoteDestPath := path.Join("..", "..", testFileName)
first version
2019-07-20 10:26:52 +00:00
err = sftpUploadFile(testFilePath, remoteDestPath, testFileSize, client)
if err != nil {
t.Errorf("file upload error: %v", err)
}
_, err = client.Lstat(testFileName)
if err != nil {
t.Errorf("file stat error: %v the file was created outside the user dir!", err)
}
err = client.Remove(testFileName)
if err != nil {
t.Errorf("error removing uploaded file: %v", err)
}
add support for atomic upload Atomic uploads are now configurable. The default upload mode remains non atomic
2019-08-04 07:37:58 +00:00
linkPath = filepath.Join(homeBasePath, defaultUsername, testFileName)
err = os.Symlink(homeBasePath, linkPath)
if err != nil {
t.Errorf("error making local symlink: %v", err)
}
err = sftpDownloadFile(testFileName, testFilePath, 0, client)
if err == nil {
t.Errorf("download file outside home dir must fail")
}
err = sftpUploadFile(testFilePath, remoteDestPath, testFileSize, client)
if err == nil {
t.Errorf("overwrite a file outside home dir must fail")
}
err = client.Chmod(remoteDestPath, 0644)
if err == nil {
t.Errorf("setstat on a file outside home dir must fail")
}
os.Remove(linkPath)
add support for Git over SSH We use the system commands "git-receive-pack", "git-upload-pack" and "git-upload-archive". they need to be installed and in your system's PATH. Since we execute system commands we have no direct control on file creation/deletion and so quota check is suboptimal: if quota is enabled, the number of files is checked at the command begin and not while new files are created. The allowed size is calculated as the difference between the max quota and the used one. The command is aborted if it uploads more bytes than the remaining allowed size calculated at the command start. Quotas are recalculated at the command end with a full home directory scan, this could be heavy for big directories.
2019-11-26 21:26:42 +00:00
os.Remove(testFilePath)
first version
2019-07-20 10:26:52 +00:00
}
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
_, err = httpd.RemoveUser(user, http.StatusOK)
first version
2019-07-20 10:26:52 +00:00
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
atomic upload mode: remove temporary file on error If a transfer error is detected, then the partial temporary file will be removed and not renamed to requested path
2019-09-10 16:47:21 +00:00
os.RemoveAll(user.GetHomeDir())
first version
2019-07-20 10:26:52 +00:00
}
func TestHomeSpecialChars(t *testing.T) {
usePubKey := true
u := getTestUser(usePubKey)
u.HomeDir = filepath.Join(homeBasePath, "abc açà#&%lk")
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
user, _, err := httpd.AddUser(u, http.StatusOK)
first version
2019-07-20 10:26:52 +00:00
if err != nil {
t.Errorf("unable to add user: %v", err)
}
client, err := getSftpClient(user, usePubKey)
if err != nil {
t.Errorf("unable to create sftp client: %v", err)
} else {
defer client.Close()
_, err := client.Getwd()
if err != nil {
t.Errorf("unable to get working dir: %v", err)
}
testFileName := "test_file.dat"
testFilePath := filepath.Join(homeBasePath, testFileName)
testFileSize := int64(65535)
err = createTestFile(testFilePath, testFileSize)
if err != nil {
t.Errorf("unable to create test file: %v", err)
}
err = sftpUploadFile(testFilePath, testFileName, testFileSize, client)
if err != nil {
t.Errorf("file upload error: %v", err)
}
files, err := client.ReadDir(".")
if err != nil {
t.Errorf("unable to read remote dir: %v", err)
}
if len(files) < 1 {
t.Errorf("expected at least 1 file in this dir")
}
err = client.Remove(testFileName)
if err != nil {
t.Errorf("error removing uploaded file: %v", err)
}
add support for Git over SSH We use the system commands "git-receive-pack", "git-upload-pack" and "git-upload-archive". they need to be installed and in your system's PATH. Since we execute system commands we have no direct control on file creation/deletion and so quota check is suboptimal: if quota is enabled, the number of files is checked at the command begin and not while new files are created. The allowed size is calculated as the difference between the max quota and the used one. The command is aborted if it uploads more bytes than the remaining allowed size calculated at the command start. Quotas are recalculated at the command end with a full home directory scan, this could be heavy for big directories.
2019-11-26 21:26:42 +00:00
os.Remove(testFilePath)
first version
2019-07-20 10:26:52 +00:00
}
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
_, err = httpd.RemoveUser(user, http.StatusOK)
first version
2019-07-20 10:26:52 +00:00
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
atomic upload mode: remove temporary file on error If a transfer error is detected, then the partial temporary file will be removed and not renamed to requested path
2019-09-10 16:47:21 +00:00
os.RemoveAll(user.GetHomeDir())
first version
2019-07-20 10:26:52 +00:00
}
add new test cases
2019-07-31 12:11:44 +00:00
func TestLogin(t *testing.T) {
u := getTestUser(false)
rename public_key in public_keys remove compatibility layer to convert public keys newline delimited in json list
2019-08-07 21:41:10 +00:00
u.PublicKeys = []string{testPubKey}
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
user, _, err := httpd.AddUser(u, http.StatusOK)
first version
2019-07-20 10:26:52 +00:00
if err != nil {
t.Errorf("unable to add user: %v", err)
}
add new test cases
2019-07-31 12:11:44 +00:00
client, err := getSftpClient(user, false)
first version
2019-07-20 10:26:52 +00:00
if err != nil {
t.Errorf("unable to create sftp client: %v", err)
} else {
defer client.Close()
_, err := client.Getwd()
if err != nil {
add new test cases
2019-07-31 12:11:44 +00:00
t.Errorf("sftp client with valid password must work")
first version
2019-07-20 10:26:52 +00:00
}
dataprovider: add support for user status and expiration an user can now be disabled or expired. If you are using an SQL database as dataprovider please remember to execute the sql update script inside "sql" folder. Fixes #57
2019-11-13 10:36:21 +00:00
user, _, err = httpd.GetUserByID(user.ID, http.StatusOK)
if err != nil {
t.Errorf("error getting user: %v", err)
}
if user.LastLogin <= 0 {
t.Errorf("last login must be updated after a successful login: %v", user.LastLogin)
}
add new test cases
2019-07-31 12:11:44 +00:00
}
client, err = getSftpClient(user, true)
if err != nil {
t.Errorf("unable to create sftp client: %v", err)
} else {
defer client.Close()
_, err := client.Getwd()
first version
2019-07-20 10:26:52 +00:00
if err != nil {
add new test cases
2019-07-31 12:11:44 +00:00
t.Errorf("sftp client with valid public key must work")
first version
2019-07-20 10:26:52 +00:00
}
}
add new test cases
2019-07-31 12:11:44 +00:00
user.Password = "invalid password"
client, err = getSftpClient(user, false)
if err == nil {
t.Errorf("login with invalid password must fail")
defer client.Close()
}
Add documentation and tests for multiple public keys support
2019-07-31 15:06:12 +00:00
// testPubKey1 is not authorized
rename public_key in public_keys remove compatibility layer to convert public keys newline delimited in json list
2019-08-07 21:41:10 +00:00
user.PublicKeys = []string{testPubKey1}
add new test cases
2019-07-31 12:11:44 +00:00
user.Password = ""
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
_, _, err = httpd.UpdateUser(user, http.StatusOK)
add new test cases
2019-07-31 12:11:44 +00:00
if err != nil {
t.Errorf("unable to update user: %v", err)
}
client, err = getSftpClient(user, true)
if err == nil {
t.Errorf("login with invalid public key must fail")
defer client.Close()
}
Add documentation and tests for multiple public keys support
2019-07-31 15:06:12 +00:00
// login a user with multiple public keys, only the second one is valid
rename public_key in public_keys remove compatibility layer to convert public keys newline delimited in json list
2019-08-07 21:41:10 +00:00
user.PublicKeys = []string{testPubKey1, testPubKey}
Add documentation and tests for multiple public keys support
2019-07-31 15:06:12 +00:00
user.Password = ""
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
_, _, err = httpd.UpdateUser(user, http.StatusOK)
Add documentation and tests for multiple public keys support
2019-07-31 15:06:12 +00:00
if err != nil {
t.Errorf("unable to update user: %v", err)
}
client, err = getSftpClient(user, true)
if err != nil {
t.Errorf("unable to create sftp client: %v", err)
} else {
defer client.Close()
_, err := client.Getwd()
if err != nil {
t.Errorf("sftp client with multiple public key must work if at least one public key is valid")
}
}
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
_, err = httpd.RemoveUser(user, http.StatusOK)
first version
2019-07-20 10:26:52 +00:00
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
atomic upload mode: remove temporary file on error If a transfer error is detected, then the partial temporary file will be removed and not renamed to requested path
2019-09-10 16:47:21 +00:00
os.RemoveAll(user.GetHomeDir())
first version
2019-07-20 10:26:52 +00:00
}
dataprovider: add support for user status and expiration an user can now be disabled or expired. If you are using an SQL database as dataprovider please remember to execute the sql update script inside "sql" folder. Fixes #57
2019-11-13 10:36:21 +00:00
func TestLoginUserStatus(t *testing.T) {
usePubKey := true
user, _, err := httpd.AddUser(getTestUser(usePubKey), http.StatusOK)
if err != nil {
t.Errorf("unable to add user: %v", err)
}
client, err := getSftpClient(user, usePubKey)
if err != nil {
t.Errorf("unable to create sftp client: %v", err)
} else {
defer client.Close()
_, err := client.Getwd()
if err != nil {
t.Errorf("sftp client with valid credentials must work")
}
user, _, err = httpd.GetUserByID(user.ID, http.StatusOK)
if err != nil {
t.Errorf("error getting user: %v", err)
}
if user.LastLogin <= 0 {
t.Errorf("last login must be updated after a successful login: %v", user.LastLogin)
}
}
user.Status = 0
user, _, err = httpd.UpdateUser(user, http.StatusOK)
if err != nil {
t.Errorf("unable to update user: %v", err)
}
client, err = getSftpClient(user, usePubKey)
if err == nil {
t.Errorf("login for a disabled user must fail")
defer client.Close()
}
_, err = httpd.RemoveUser(user, http.StatusOK)
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
os.RemoveAll(user.GetHomeDir())
}
func TestLoginUserExpiration(t *testing.T) {
usePubKey := true
user, _, err := httpd.AddUser(getTestUser(usePubKey), http.StatusOK)
if err != nil {
t.Errorf("unable to add user: %v", err)
}
client, err := getSftpClient(user, usePubKey)
if err != nil {
t.Errorf("unable to create sftp client: %v", err)
} else {
defer client.Close()
_, err := client.Getwd()
if err != nil {
t.Errorf("sftp client with valid credentials must work")
}
user, _, err = httpd.GetUserByID(user.ID, http.StatusOK)
if err != nil {
t.Errorf("error getting user: %v", err)
}
if user.LastLogin <= 0 {
t.Errorf("last login must be updated after a successful login: %v", user.LastLogin)
}
}
user.ExpirationDate = utils.GetTimeAsMsSinceEpoch(time.Now()) - 120000
user, _, err = httpd.UpdateUser(user, http.StatusOK)
if err != nil {
t.Errorf("unable to update user: %v", err)
}
client, err = getSftpClient(user, usePubKey)
if err == nil {
t.Errorf("login for an expired user must fail")
defer client.Close()
}
user.ExpirationDate = utils.GetTimeAsMsSinceEpoch(time.Now()) + 120000
_, _, err = httpd.UpdateUser(user, http.StatusOK)
if err != nil {
t.Errorf("unable to update user: %v", err)
}
client, err = getSftpClient(user, usePubKey)
if err != nil {
t.Errorf("login for a non expired user must succeed: %v", err)
} else {
defer client.Close()
}
_, err = httpd.RemoveUser(user, http.StatusOK)
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
os.RemoveAll(user.GetHomeDir())
}
add basic S3-Compatible Object Storage support we have now an interface for filesystem backeds, this make easy to add new filesystem backends
2020-01-19 06:41:05 +00:00
func TestLoginInvalidFs(t *testing.T) {
if runtime.GOOS == "windows" {
t.Skip("this test is not available on Windows")
}
config.LoadConfig(configDir, "")
providerConf := config.GetProviderConf()
if providerConf.Driver != dataprovider.SQLiteDataProviderName {
t.Skip("this test require sqlite provider")
}
dbPath := providerConf.Name
if !filepath.IsAbs(dbPath) {
dbPath = filepath.Join(configDir, dbPath)
}
usePubKey := true
u := getTestUser(usePubKey)
user, _, err := httpd.AddUser(u, http.StatusOK)
if err != nil {
t.Errorf("unable to add user: %v", err)
}
pre-login program: allow to create a new user too clarify the difference between dynamic user creation/update and external authentication
2020-03-27 22:26:22 +00:00
// we update the database using sqlite3 CLI since we cannot add a user with an invalid config
add support for serving Google Cloud Storage over SFTP/SCP Each user can be mapped with a Google Cloud Storage bucket or a bucket virtual folder
2020-01-31 18:04:00 +00:00
time.Sleep(200 * time.Millisecond)
add basic S3-Compatible Object Storage support we have now an interface for filesystem backeds, this make easy to add new filesystem backends
2020-01-19 06:41:05 +00:00
updateUserQuery := fmt.Sprintf("UPDATE users SET filesystem='{\"provider\":1}' WHERE id=%v", user.ID)
cmd := exec.Command("sqlite3", dbPath, updateUserQuery)
out, err := cmd.CombinedOutput()
if err != nil {
t.Errorf("unexpected error: %v, cmd out: %v", err, string(out))
}
time.Sleep(200 * time.Millisecond)
_, err = getSftpClient(user, usePubKey)
if err == nil {
t.Error("login must fail, the user has an invalid filesystem config")
}
_, err = httpd.RemoveUser(user, http.StatusOK)
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
os.RemoveAll(user.GetHomeDir())
}
add support for per user authentication methods You can, for example, deny one or more authentication methods to one or more users.
2020-02-19 21:39:30 +00:00
func TestDeniedLoginMethods(t *testing.T) {
u := getTestUser(true)
u.Filters.DeniedLoginMethods = []string{dataprovider.SSHLoginMethodPublicKey, dataprovider.SSHLoginMethodPassword}
user, _, err := httpd.AddUser(u, http.StatusOK)
if err != nil {
t.Errorf("unable to add user: %v", err)
}
_, err = getSftpClient(user, true)
if err == nil {
t.Error("public key login is disabled, authentication must fail")
}
user.Filters.DeniedLoginMethods = []string{dataprovider.SSHLoginMethodKeyboardInteractive, dataprovider.SSHLoginMethodPassword}
user, _, err = httpd.UpdateUser(user, http.StatusOK)
if err != nil {
t.Errorf("unable to update user: %v", err)
}
client, err := getSftpClient(user, true)
if err != nil {
t.Errorf("unable to create sftp client: %v", err)
} else {
client.Close()
}
user.Password = defaultPassword
user, _, err = httpd.UpdateUser(user, http.StatusOK)
if err != nil {
t.Errorf("unable to update user: %v", err)
}
_, err = getSftpClient(user, false)
if err == nil {
t.Error("password login is disabled, authentication must fail")
}
user.Filters.DeniedLoginMethods = []string{dataprovider.SSHLoginMethodKeyboardInteractive, dataprovider.SSHLoginMethodPublicKey}
user, _, err = httpd.UpdateUser(user, http.StatusOK)
if err != nil {
t.Errorf("unable to update user: %v", err)
}
client, err = getSftpClient(user, false)
if err != nil {
t.Errorf("unable to create sftp client: %v", err)
} else {
client.Close()
}
_, err = httpd.RemoveUser(user, http.StatusOK)
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
os.RemoveAll(user.GetHomeDir())
}
Add support for allowed/denied IP/Mask Login can be restricted to specific ranges of IP address or to a specific IP address. Please apply the appropriate SQL upgrade script to add the filter field to your database. The filter database field will allow to add other filters without requiring a new database migration
2019-12-30 17:37:50 +00:00
func TestLoginWithIPFilters(t *testing.T) {
usePubKey := true
u := getTestUser(usePubKey)
u.Filters.DeniedIP = []string{"192.167.0.0/24", "172.18.0.0/16"}
u.Filters.AllowedIP = []string{}
user, _, err := httpd.AddUser(u, http.StatusOK)
if err != nil {
t.Errorf("unable to add user: %v", err)
}
client, err := getSftpClient(user, usePubKey)
if err != nil {
t.Errorf("unable to create sftp client: %v", err)
} else {
defer client.Close()
_, err := client.Getwd()
if err != nil {
t.Errorf("sftp client with valid credentials must work")
}
user, _, err = httpd.GetUserByID(user.ID, http.StatusOK)
if err != nil {
t.Errorf("error getting user: %v", err)
}
if user.LastLogin <= 0 {
t.Errorf("last login must be updated after a successful login: %v", user.LastLogin)
}
}
user.Filters.AllowedIP = []string{"127.0.0.0/8"}
_, _, err = httpd.UpdateUser(user, http.StatusOK)
if err != nil {
t.Errorf("unable to update user: %v", err)
}
client, err = getSftpClient(user, usePubKey)
if err != nil {
t.Errorf("login from an allowed IP must succeed: %v", err)
} else {
defer client.Close()
}
user.Filters.AllowedIP = []string{"172.19.0.0/16"}
_, _, err = httpd.UpdateUser(user, http.StatusOK)
if err != nil {
t.Errorf("unable to update user: %v", err)
}
client, err = getSftpClient(user, usePubKey)
if err == nil {
t.Errorf("login from an not allowed IP must fail")
client.Close()
}
_, err = httpd.RemoveUser(user, http.StatusOK)
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
os.RemoveAll(user.GetHomeDir())
}
first version
2019-07-20 10:26:52 +00:00
func TestLoginAfterUserUpdateEmptyPwd(t *testing.T) {
usePubKey := false
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
user, _, err := httpd.AddUser(getTestUser(usePubKey), http.StatusOK)
first version
2019-07-20 10:26:52 +00:00
if err != nil {
t.Errorf("unable to add user: %v", err)
}
user.Password = ""
rename public_key in public_keys remove compatibility layer to convert public keys newline delimited in json list
2019-08-07 21:41:10 +00:00
user.PublicKeys = []string{}
first version
2019-07-20 10:26:52 +00:00
// password and public key should remain unchanged
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
_, _, err = httpd.UpdateUser(user, http.StatusOK)
first version
2019-07-20 10:26:52 +00:00
if err != nil {
t.Errorf("unable to update user: %v", err)
}
client, err := getSftpClient(user, usePubKey)
if err != nil {
t.Errorf("unable to create sftp client: %v", err)
} else {
defer client.Close()
_, err := client.Getwd()
if err != nil {
t.Errorf("unable to get working dir: %v", err)
}
_, err = client.ReadDir(".")
if err != nil {
t.Errorf("unable to read remote dir: %v", err)
}
}
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
_, err = httpd.RemoveUser(user, http.StatusOK)
first version
2019-07-20 10:26:52 +00:00
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
atomic upload mode: remove temporary file on error If a transfer error is detected, then the partial temporary file will be removed and not renamed to requested path
2019-09-10 16:47:21 +00:00
os.RemoveAll(user.GetHomeDir())
first version
2019-07-20 10:26:52 +00:00
}
func TestLoginAfterUserUpdateEmptyPubKey(t *testing.T) {
usePubKey := true
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
user, _, err := httpd.AddUser(getTestUser(usePubKey), http.StatusOK)
first version
2019-07-20 10:26:52 +00:00
if err != nil {
t.Errorf("unable to add user: %v", err)
}
user.Password = ""
rename public_key in public_keys remove compatibility layer to convert public keys newline delimited in json list
2019-08-07 21:41:10 +00:00
user.PublicKeys = []string{}
first version
2019-07-20 10:26:52 +00:00
// password and public key should remain unchanged
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
_, _, err = httpd.UpdateUser(user, http.StatusOK)
first version
2019-07-20 10:26:52 +00:00
if err != nil {
t.Errorf("unable to update user: %v", err)
}
client, err := getSftpClient(user, usePubKey)
if err != nil {
t.Errorf("unable to create sftp client: %v", err)
} else {
defer client.Close()
_, err := client.Getwd()
if err != nil {
t.Errorf("unable to get working dir: %v", err)
}
_, err = client.ReadDir(".")
if err != nil {
t.Errorf("unable to read remote dir: %v", err)
}
}
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
_, err = httpd.RemoveUser(user, http.StatusOK)
first version
2019-07-20 10:26:52 +00:00
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
atomic upload mode: remove temporary file on error If a transfer error is detected, then the partial temporary file will be removed and not renamed to requested path
2019-09-10 16:47:21 +00:00
os.RemoveAll(user.GetHomeDir())
first version
2019-07-20 10:26:52 +00:00
}
add support for keyboard interactive authentication Fixes #64
2020-01-21 09:54:05 +00:00
func TestLoginKeyboardInteractiveAuth(t *testing.T) {
if runtime.GOOS == "windows" {
t.Skip("this test is not available on Windows")
}
user, _, err := httpd.AddUser(getTestUser(false), http.StatusOK)
if err != nil {
t.Errorf("unable to add user: %v", err)
}
ioutil.WriteFile(keyIntAuthPath, getKeyboardInteractiveScriptContent([]string{"1", "2"}, 0, false, 1), 0755)
client, err := getKeyboardInteractiveSftpClient(user, []string{"1", "2"})
if err != nil {
t.Errorf("unable to create sftp client: %v", err)
} else {
defer client.Close()
_, err := client.Getwd()
if err != nil {
t.Errorf("unable to get working dir: %v", err)
}
_, err = client.ReadDir(".")
if err != nil {
t.Errorf("unable to read remote dir: %v", err)
}
}
add support for dynamic users modifications A custom program can be executed before the users login to modify the configurations for the user trying to login. You can, for example, allow login based on time range. Fixes #77
2020-02-23 17:50:59 +00:00
user.Status = 0
user, _, err = httpd.UpdateUser(user, http.StatusOK)
if err != nil {
t.Errorf("error updating user: %v", err)
}
client, err = getKeyboardInteractiveSftpClient(user, []string{"1", "2"})
if err == nil {
t.Error("keyboard interactive auth must fail the user is disabled")
}
user.Status = 1
user, _, err = httpd.UpdateUser(user, http.StatusOK)
if err != nil {
t.Errorf("error updating user: %v", err)
}
add support for keyboard interactive authentication Fixes #64
2020-01-21 09:54:05 +00:00
ioutil.WriteFile(keyIntAuthPath, getKeyboardInteractiveScriptContent([]string{"1", "2"}, 0, false, -1), 0755)
client, err = getKeyboardInteractiveSftpClient(user, []string{"1", "2"})
if err == nil {
t.Error("keyboard interactive auth must fail the script returned -1")
}
ioutil.WriteFile(keyIntAuthPath, getKeyboardInteractiveScriptContent([]string{"1", "2"}, 0, true, 1), 0755)
client, err = getKeyboardInteractiveSftpClient(user, []string{"1", "2"})
if err == nil {
t.Error("keyboard interactive auth must fail the script returned bad json")
}
ioutil.WriteFile(keyIntAuthPath, getKeyboardInteractiveScriptContent([]string{"1", "2"}, 5, true, 1), 0755)
client, err = getKeyboardInteractiveSftpClient(user, []string{"1", "2"})
if err == nil {
t.Error("keyboard interactive auth must fail the script returned bad json")
}
_, err = httpd.RemoveUser(user, http.StatusOK)
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
os.RemoveAll(user.GetHomeDir())
}
Rename before_login_program to pre_login_program and some documentation update
2020-02-25 15:07:38 +00:00
func TestPreLoginScript(t *testing.T) {
add support for dynamic users modifications A custom program can be executed before the users login to modify the configurations for the user trying to login. You can, for example, allow login based on time range. Fixes #77
2020-02-23 17:50:59 +00:00
if runtime.GOOS == "windows" {
t.Skip("this test is not available on Windows")
}
usePubKey := true
u := getTestUser(usePubKey)
dataProvider := dataprovider.GetProvider()
dataprovider.Close(dataProvider)
config.LoadConfig(configDir, "")
providerConf := config.GetProviderConf()
Rename before_login_program to pre_login_program and some documentation update
2020-02-25 15:07:38 +00:00
ioutil.WriteFile(preLoginPath, getPreLoginScriptContent(u, false), 0755)
add HTTP hooks external auth, pre-login user modification and keyboard interactive authentication is now supported via HTTP requests too
2020-04-01 21:25:23 +00:00
providerConf.PreLoginHook = preLoginPath
add support for dynamic users modifications A custom program can be executed before the users login to modify the configurations for the user trying to login. You can, for example, allow login based on time range. Fixes #77
2020-02-23 17:50:59 +00:00
err := dataprovider.Initialize(providerConf, configDir)
if err != nil {
t.Errorf("error initializing data provider")
}
httpd.SetDataProvider(dataprovider.GetProvider())
sftpd.SetDataProvider(dataprovider.GetProvider())
user, _, err := httpd.AddUser(u, http.StatusOK)
if err != nil {
t.Errorf("unable to add user: %v", err)
}
client, err := getSftpClient(u, usePubKey)
if err != nil {
t.Errorf("unable to create sftp client: %v", err)
} else {
defer client.Close()
_, err = client.Getwd()
if err != nil {
t.Errorf("unable to get working dir: %v", err)
}
}
Rename before_login_program to pre_login_program and some documentation update
2020-02-25 15:07:38 +00:00
ioutil.WriteFile(preLoginPath, getPreLoginScriptContent(user, true), 0755)
add support for dynamic users modifications A custom program can be executed before the users login to modify the configurations for the user trying to login. You can, for example, allow login based on time range. Fixes #77
2020-02-23 17:50:59 +00:00
_, err = getSftpClient(u, usePubKey)
if err == nil {
pre-login program: allow to create a new user too clarify the difference between dynamic user creation/update and external authentication
2020-03-27 22:26:22 +00:00
t.Error("pre-login script returned a non json response, login must fail")
add support for dynamic users modifications A custom program can be executed before the users login to modify the configurations for the user trying to login. You can, for example, allow login based on time range. Fixes #77
2020-02-23 17:50:59 +00:00
}
user.Status = 0
Rename before_login_program to pre_login_program and some documentation update
2020-02-25 15:07:38 +00:00
ioutil.WriteFile(preLoginPath, getPreLoginScriptContent(user, false), 0755)
add support for dynamic users modifications A custom program can be executed before the users login to modify the configurations for the user trying to login. You can, for example, allow login based on time range. Fixes #77
2020-02-23 17:50:59 +00:00
_, err = getSftpClient(u, usePubKey)
if err == nil {
pre-login program: allow to create a new user too clarify the difference between dynamic user creation/update and external authentication
2020-03-27 22:26:22 +00:00
t.Error("pre-login script returned a disabled user, login must fail")
add support for dynamic users modifications A custom program can be executed before the users login to modify the configurations for the user trying to login. You can, for example, allow login based on time range. Fixes #77
2020-02-23 17:50:59 +00:00
}
_, err = httpd.RemoveUser(user, http.StatusOK)
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
os.RemoveAll(user.GetHomeDir())
dataProvider = dataprovider.GetProvider()
dataprovider.Close(dataProvider)
config.LoadConfig(configDir, "")
providerConf = config.GetProviderConf()
err = dataprovider.Initialize(providerConf, configDir)
if err != nil {
t.Errorf("error initializing data provider")
}
httpd.SetDataProvider(dataprovider.GetProvider())
pre-login program: allow to create a new user too clarify the difference between dynamic user creation/update and external authentication
2020-03-27 22:26:22 +00:00
sftpd.SetDataProvider(dataprovider.GetProvider())
os.Remove(preLoginPath)
}
func TestPreLoginUserCreation(t *testing.T) {
if runtime.GOOS == "windows" {
t.Skip("this test is not available on Windows")
}
usePubKey := false
u := getTestUser(usePubKey)
dataProvider := dataprovider.GetProvider()
dataprovider.Close(dataProvider)
config.LoadConfig(configDir, "")
providerConf := config.GetProviderConf()
ioutil.WriteFile(preLoginPath, getPreLoginScriptContent(u, false), 0755)
add HTTP hooks external auth, pre-login user modification and keyboard interactive authentication is now supported via HTTP requests too
2020-04-01 21:25:23 +00:00
providerConf.PreLoginHook = preLoginPath
pre-login program: allow to create a new user too clarify the difference between dynamic user creation/update and external authentication
2020-03-27 22:26:22 +00:00
err := dataprovider.Initialize(providerConf, configDir)
if err != nil {
t.Errorf("error initializing data provider")
}
httpd.SetDataProvider(dataprovider.GetProvider())
sftpd.SetDataProvider(dataprovider.GetProvider())
users, out, err := httpd.GetUsers(0, 0, defaultUsername, http.StatusOK)
if err != nil {
t.Errorf("unable to get users: %v, out: %v", err, string(out))
}
if len(users) != 0 {
t.Errorf("number of users mismatch, expected: 0, actual: %v", len(users))
}
client, err := getSftpClient(u, usePubKey)
if err != nil {
t.Errorf("unable to create sftp client: %v", err)
} else {
defer client.Close()
_, err = client.Getwd()
if err != nil {
t.Errorf("unable to get working dir: %v", err)
}
}
users, out, err = httpd.GetUsers(0, 0, defaultUsername, http.StatusOK)
if err != nil {
t.Errorf("unable to get users: %v, out: %v", err, string(out))
}
if len(users) != 1 {
t.Errorf("number of users mismatch, expected: 1, actual: %v", len(users))
}
user := users[0]
os.RemoveAll(user.GetHomeDir())
dataProvider = dataprovider.GetProvider()
dataprovider.Close(dataProvider)
config.LoadConfig(configDir, "")
providerConf = config.GetProviderConf()
err = dataprovider.Initialize(providerConf, configDir)
if err != nil {
t.Errorf("error initializing data provider")
}
httpd.SetDataProvider(dataprovider.GetProvider())
add support for dynamic users modifications A custom program can be executed before the users login to modify the configurations for the user trying to login. You can, for example, allow login based on time range. Fixes #77
2020-02-23 17:50:59 +00:00
sftpd.SetDataProvider(dataprovider.GetProvider())
Rename before_login_program to pre_login_program and some documentation update
2020-02-25 15:07:38 +00:00
os.Remove(preLoginPath)
add support for dynamic users modifications A custom program can be executed before the users login to modify the configurations for the user trying to login. You can, for example, allow login based on time range. Fixes #77
2020-02-23 17:50:59 +00:00
}
add support for authentication using external programs Fixes #62
2020-01-06 20:42:41 +00:00
func TestLoginExternalAuthPwdAndPubKey(t *testing.T) {
if runtime.GOOS == "windows" {
t.Skip("this test is not available on Windows")
}
usePubKey := true
u := getTestUser(usePubKey)
u.QuotaFiles = 1000
dataProvider := dataprovider.GetProvider()
dataprovider.Close(dataProvider)
config.LoadConfig(configDir, "")
providerConf := config.GetProviderConf()
ioutil.WriteFile(extAuthPath, getExtAuthScriptContent(u, 0, false), 0755)
add HTTP hooks external auth, pre-login user modification and keyboard interactive authentication is now supported via HTTP requests too
2020-04-01 21:25:23 +00:00
providerConf.ExternalAuthHook = extAuthPath
add support for authentication using external programs Fixes #62
2020-01-06 20:42:41 +00:00
providerConf.ExternalAuthScope = 0
err := dataprovider.Initialize(providerConf, configDir)
if err != nil {
improve docs and test cases
2020-01-07 08:39:20 +00:00
t.Errorf("error initializing data provider")
add support for authentication using external programs Fixes #62
2020-01-06 20:42:41 +00:00
}
httpd.SetDataProvider(dataprovider.GetProvider())
sftpd.SetDataProvider(dataprovider.GetProvider())
client, err := getSftpClient(u, usePubKey)
if err != nil {
t.Errorf("unable to create sftp client: %v", err)
} else {
defer client.Close()
testFileName := "test_file.dat"
testFilePath := filepath.Join(homeBasePath, testFileName)
testFileSize := int64(65535)
err = createTestFile(testFilePath, testFileSize)
if err != nil {
t.Errorf("unable to create test file: %v", err)
}
err = sftpUploadFile(testFilePath, testFileName, testFileSize, client)
if err != nil {
t.Errorf("file upload error: %v", err)
}
improve docs and test cases
2020-01-07 08:39:20 +00:00
os.Remove(testFilePath)
add support for authentication using external programs Fixes #62
2020-01-06 20:42:41 +00:00
}
u.Username = defaultUsername + "1"
client, err = getSftpClient(u, usePubKey)
if err == nil {
t.Error("external auth login with invalid user must fail")
}
usePubKey = false
u = getTestUser(usePubKey)
u.PublicKeys = []string{}
ioutil.WriteFile(extAuthPath, getExtAuthScriptContent(u, 0, false), 0755)
client, err = getSftpClient(u, usePubKey)
if err != nil {
t.Errorf("unable to create sftp client: %v", err)
} else {
defer client.Close()
_, err := client.Getwd()
if err != nil {
t.Errorf("unable to get working dir: %v", err)
}
}
users, out, err := httpd.GetUsers(0, 0, defaultUsername, http.StatusOK)
if err != nil {
t.Errorf("unable to get users: %v, out: %v", err, string(out))
}
if len(users) != 1 {
t.Errorf("number of users mismatch, expected: 1, actual: %v", len(users))
}
user := users[0]
if len(user.PublicKeys) != 0 {
t.Errorf("number of public keys mismatch, expected: 0, actual: %v", len(user.PublicKeys))
}
if user.UsedQuotaSize == 0 {
t.Error("quota size must be > 0")
}
_, err = httpd.RemoveUser(user, http.StatusOK)
if err != nil {
t.Errorf("unable to remove: %v", err)
}
os.RemoveAll(user.GetHomeDir())
dataProvider = dataprovider.GetProvider()
dataprovider.Close(dataProvider)
config.LoadConfig(configDir, "")
providerConf = config.GetProviderConf()
err = dataprovider.Initialize(providerConf, configDir)
if err != nil {
t.Errorf("error initializing data provider")
}
httpd.SetDataProvider(dataprovider.GetProvider())
sftpd.SetDataProvider(dataprovider.GetProvider())
os.Remove(extAuthPath)
}
func TestLoginExternalAuthPwd(t *testing.T) {
if runtime.GOOS == "windows" {
t.Skip("this test is not available on Windows")
}
usePubKey := false
u := getTestUser(usePubKey)
dataProvider := dataprovider.GetProvider()
dataprovider.Close(dataProvider)
config.LoadConfig(configDir, "")
providerConf := config.GetProviderConf()
ioutil.WriteFile(extAuthPath, getExtAuthScriptContent(u, 0, false), 0755)
add HTTP hooks external auth, pre-login user modification and keyboard interactive authentication is now supported via HTTP requests too
2020-04-01 21:25:23 +00:00
providerConf.ExternalAuthHook = extAuthPath
add support for authentication using external programs Fixes #62
2020-01-06 20:42:41 +00:00
providerConf.ExternalAuthScope = 1
err := dataprovider.Initialize(providerConf, configDir)
if err != nil {
improve docs and test cases
2020-01-07 08:39:20 +00:00
t.Errorf("error initializing data provider")
add support for authentication using external programs Fixes #62
2020-01-06 20:42:41 +00:00
}
httpd.SetDataProvider(dataprovider.GetProvider())
sftpd.SetDataProvider(dataprovider.GetProvider())
client, err := getSftpClient(u, usePubKey)
if err != nil {
t.Errorf("unable to create sftp client: %v", err)
} else {
defer client.Close()
_, err := client.Getwd()
if err != nil {
t.Errorf("unable to get working dir: %v", err)
}
}
u.Username = defaultUsername + "1"
client, err = getSftpClient(u, usePubKey)
if err == nil {
t.Error("external auth login with invalid user must fail")
}
usePubKey = true
u = getTestUser(usePubKey)
client, err = getSftpClient(u, usePubKey)
if err == nil {
t.Error("external auth login with valid user but invalid auth scope must fail")
}
users, out, err := httpd.GetUsers(0, 0, defaultUsername, http.StatusOK)
if err != nil {
t.Errorf("unable to get users: %v, out: %v", err, string(out))
}
if len(users) != 1 {
t.Errorf("number of users mismatch, expected: 1, actual: %v", len(users))
}
user := users[0]
_, err = httpd.RemoveUser(user, http.StatusOK)
if err != nil {
t.Errorf("unable to remove: %v", err)
}
os.RemoveAll(user.GetHomeDir())
dataProvider = dataprovider.GetProvider()
dataprovider.Close(dataProvider)
config.LoadConfig(configDir, "")
providerConf = config.GetProviderConf()
err = dataprovider.Initialize(providerConf, configDir)
if err != nil {
t.Errorf("error initializing data provider")
}
httpd.SetDataProvider(dataprovider.GetProvider())
sftpd.SetDataProvider(dataprovider.GetProvider())
os.Remove(extAuthPath)
}
func TestLoginExternalAuthPubKey(t *testing.T) {
if runtime.GOOS == "windows" {
t.Skip("this test is not available on Windows")
}
usePubKey := true
u := getTestUser(usePubKey)
dataProvider := dataprovider.GetProvider()
dataprovider.Close(dataProvider)
config.LoadConfig(configDir, "")
providerConf := config.GetProviderConf()
ioutil.WriteFile(extAuthPath, getExtAuthScriptContent(u, 0, false), 0755)
add HTTP hooks external auth, pre-login user modification and keyboard interactive authentication is now supported via HTTP requests too
2020-04-01 21:25:23 +00:00
providerConf.ExternalAuthHook = extAuthPath
add support for authentication using external programs Fixes #62
2020-01-06 20:42:41 +00:00
providerConf.ExternalAuthScope = 2
err := dataprovider.Initialize(providerConf, configDir)
if err != nil {
improve docs and test cases
2020-01-07 08:39:20 +00:00
t.Errorf("error initializing data provider")
add support for authentication using external programs Fixes #62
2020-01-06 20:42:41 +00:00
}
httpd.SetDataProvider(dataprovider.GetProvider())
sftpd.SetDataProvider(dataprovider.GetProvider())
client, err := getSftpClient(u, usePubKey)
if err != nil {
t.Errorf("unable to create sftp client: %v", err)
} else {
defer client.Close()
_, err := client.Getwd()
if err != nil {
t.Errorf("unable to get working dir: %v", err)
}
}
u.Username = defaultUsername + "1"
client, err = getSftpClient(u, usePubKey)
if err == nil {
t.Error("external auth login with invalid user must fail")
}
usePubKey = false
u = getTestUser(usePubKey)
client, err = getSftpClient(u, usePubKey)
if err == nil {
t.Error("external auth login with valid user but invalid auth scope must fail")
}
users, out, err := httpd.GetUsers(0, 0, defaultUsername, http.StatusOK)
if err != nil {
t.Errorf("unable to get users: %v, out: %v", err, string(out))
}
if len(users) != 1 {
t.Errorf("number of users mismatch, expected: 1, actual: %v", len(users))
}
user := users[0]
_, err = httpd.RemoveUser(user, http.StatusOK)
if err != nil {
t.Errorf("unable to remove: %v", err)
}
os.RemoveAll(user.GetHomeDir())
dataProvider = dataprovider.GetProvider()
dataprovider.Close(dataProvider)
config.LoadConfig(configDir, "")
providerConf = config.GetProviderConf()
err = dataprovider.Initialize(providerConf, configDir)
if err != nil {
t.Errorf("error initializing data provider")
}
httpd.SetDataProvider(dataprovider.GetProvider())
sftpd.SetDataProvider(dataprovider.GetProvider())
os.Remove(extAuthPath)
}
add support for keyboard interactive authentication Fixes #64
2020-01-21 09:54:05 +00:00
func TestLoginExternalAuthInteractive(t *testing.T) {
if runtime.GOOS == "windows" {
t.Skip("this test is not available on Windows")
}
usePubKey := false
u := getTestUser(usePubKey)
dataProvider := dataprovider.GetProvider()
dataprovider.Close(dataProvider)
config.LoadConfig(configDir, "")
providerConf := config.GetProviderConf()
ioutil.WriteFile(extAuthPath, getExtAuthScriptContent(u, 0, false), 0755)
add HTTP hooks external auth, pre-login user modification and keyboard interactive authentication is now supported via HTTP requests too
2020-04-01 21:25:23 +00:00
providerConf.ExternalAuthHook = extAuthPath
add support for keyboard interactive authentication Fixes #64
2020-01-21 09:54:05 +00:00
providerConf.ExternalAuthScope = 4
err := dataprovider.Initialize(providerConf, configDir)
if err != nil {
t.Errorf("error initializing data provider")
}
httpd.SetDataProvider(dataprovider.GetProvider())
sftpd.SetDataProvider(dataprovider.GetProvider())
ioutil.WriteFile(keyIntAuthPath, getKeyboardInteractiveScriptContent([]string{"1", "2"}, 0, false, 1), 0755)
client, err := getKeyboardInteractiveSftpClient(u, []string{"1", "2"})
if err != nil {
t.Errorf("unable to create sftp client: %v", err)
} else {
defer client.Close()
_, err := client.Getwd()
if err != nil {
t.Errorf("unable to get working dir: %v", err)
}
}
u.Username = defaultUsername + "1"
client, err = getKeyboardInteractiveSftpClient(u, []string{"1", "2"})
if err == nil {
t.Error("external auth login with invalid user must fail")
}
usePubKey = true
u = getTestUser(usePubKey)
client, err = getSftpClient(u, usePubKey)
if err == nil {
t.Error("external auth login with valid user but invalid auth scope must fail")
}
users, out, err := httpd.GetUsers(0, 0, defaultUsername, http.StatusOK)
if err != nil {
t.Errorf("unable to get users: %v, out: %v", err, string(out))
}
if len(users) != 1 {
t.Errorf("number of users mismatch, expected: 1, actual: %v", len(users))
}
user := users[0]
_, err = httpd.RemoveUser(user, http.StatusOK)
if err != nil {
t.Errorf("unable to remove: %v", err)
}
os.RemoveAll(user.GetHomeDir())
dataProvider = dataprovider.GetProvider()
dataprovider.Close(dataProvider)
config.LoadConfig(configDir, "")
providerConf = config.GetProviderConf()
err = dataprovider.Initialize(providerConf, configDir)
if err != nil {
t.Errorf("error initializing data provider")
}
httpd.SetDataProvider(dataprovider.GetProvider())
sftpd.SetDataProvider(dataprovider.GetProvider())
os.Remove(extAuthPath)
}
add support for authentication using external programs Fixes #62
2020-01-06 20:42:41 +00:00
func TestLoginExternalAuthErrors(t *testing.T) {
if runtime.GOOS == "windows" {
t.Skip("this test is not available on Windows")
}
usePubKey := true
u := getTestUser(usePubKey)
dataProvider := dataprovider.GetProvider()
dataprovider.Close(dataProvider)
config.LoadConfig(configDir, "")
providerConf := config.GetProviderConf()
ioutil.WriteFile(extAuthPath, getExtAuthScriptContent(u, 0, true), 0755)
add HTTP hooks external auth, pre-login user modification and keyboard interactive authentication is now supported via HTTP requests too
2020-04-01 21:25:23 +00:00
providerConf.ExternalAuthHook = extAuthPath
add support for authentication using external programs Fixes #62
2020-01-06 20:42:41 +00:00
providerConf.ExternalAuthScope = 0
err := dataprovider.Initialize(providerConf, configDir)
if err != nil {
improve docs and test cases
2020-01-07 08:39:20 +00:00
t.Errorf("error initializing data provider")
add support for authentication using external programs Fixes #62
2020-01-06 20:42:41 +00:00
}
httpd.SetDataProvider(dataprovider.GetProvider())
sftpd.SetDataProvider(dataprovider.GetProvider())
_, err = getSftpClient(u, usePubKey)
if err == nil {
t.Error("login must fail, external auth returns a non json response")
}
usePubKey = false
u = getTestUser(usePubKey)
_, err = getSftpClient(u, usePubKey)
if err == nil {
t.Error("login must fail, external auth returns a non json response")
}
users, out, err := httpd.GetUsers(0, 0, defaultUsername, http.StatusOK)
if err != nil {
t.Errorf("unable to get users: %v, out: %v", err, string(out))
}
if len(users) != 0 {
t.Errorf("number of users mismatch, expected: 0, actual: %v", len(users))
}
dataProvider = dataprovider.GetProvider()
dataprovider.Close(dataProvider)
config.LoadConfig(configDir, "")
providerConf = config.GetProviderConf()
err = dataprovider.Initialize(providerConf, configDir)
if err != nil {
t.Errorf("error initializing data provider")
}
httpd.SetDataProvider(dataprovider.GetProvider())
sftpd.SetDataProvider(dataprovider.GetProvider())
os.Remove(extAuthPath)
}
improve docs and test cases
2020-01-07 08:39:20 +00:00
func TestQuotaDisabledError(t *testing.T) {
dataProvider := dataprovider.GetProvider()
dataprovider.Close(dataProvider)
config.LoadConfig(configDir, "")
providerConf := config.GetProviderConf()
providerConf.TrackQuota = 0
err := dataprovider.Initialize(providerConf, configDir)
if err != nil {
t.Errorf("error initializing data provider")
}
httpd.SetDataProvider(dataprovider.GetProvider())
sftpd.SetDataProvider(dataprovider.GetProvider())
usePubKey := false
u := getTestUser(usePubKey)
u.QuotaFiles = 10
user, _, err := httpd.AddUser(u, http.StatusOK)
if err != nil {
t.Errorf("unable to add user: %v", err)
}
client, err := getSftpClient(user, usePubKey)
if err != nil {
t.Errorf("unable to create sftp client: %v", err)
} else {
defer client.Close()
testFileName := "test_file.dat"
testFilePath := filepath.Join(homeBasePath, testFileName)
testFileSize := int64(65535)
err = createTestFile(testFilePath, testFileSize)
if err != nil {
t.Errorf("unable to create test file: %v", err)
}
err = sftpUploadFile(testFilePath, testFileName, testFileSize, client)
if err != nil {
t.Errorf("file upload error: %v", err)
}
os.Remove(testFilePath)
}
_, err = httpd.RemoveUser(user, http.StatusOK)
if err != nil {
t.Errorf("unable to remove: %v", err)
}
os.RemoveAll(user.GetHomeDir())
dataProvider = dataprovider.GetProvider()
dataprovider.Close(dataProvider)
config.LoadConfig(configDir, "")
providerConf = config.GetProviderConf()
err = dataprovider.Initialize(providerConf, configDir)
if err != nil {
t.Errorf("error initializing data provider")
}
httpd.SetDataProvider(dataprovider.GetProvider())
sftpd.SetDataProvider(dataprovider.GetProvider())
}
first version
2019-07-20 10:26:52 +00:00
func TestMaxSessions(t *testing.T) {
usePubKey := false
u := getTestUser(usePubKey)
vfs: store root dir so we don't need to pass it over and over
2020-01-19 12:58:55 +00:00
u.Username += "1"
first version
2019-07-20 10:26:52 +00:00
u.MaxSessions = 1
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
user, _, err := httpd.AddUser(u, http.StatusOK)
first version
2019-07-20 10:26:52 +00:00
if err != nil {
t.Errorf("unable to add user: %v", err)
}
client, err := getSftpClient(user, usePubKey)
if err != nil {
t.Errorf("unable to create sftp client: %v", err)
} else {
defer client.Close()
_, err := client.Getwd()
if err != nil {
t.Errorf("unable to get working dir: %v", err)
}
_, err = client.ReadDir(".")
if err != nil {
t.Errorf("unable to read remote dir: %v", err)
}
_, err = getSftpClient(user, usePubKey)
if err == nil {
t.Errorf("max sessions exceeded, new login should not succeed")
}
}
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
_, err = httpd.RemoveUser(user, http.StatusOK)
first version
2019-07-20 10:26:52 +00:00
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
atomic upload mode: remove temporary file on error If a transfer error is detected, then the partial temporary file will be removed and not renamed to requested path
2019-09-10 16:47:21 +00:00
os.RemoveAll(user.GetHomeDir())
first version
2019-07-20 10:26:52 +00:00
}
quota tracking: fix concurrent updates added a test case to check quota size for upload that replace an existing file
2019-07-28 11:24:46 +00:00
func TestQuotaFileReplace(t *testing.T) {
usePubKey := false
set track_quota to 2 as default
2019-08-01 07:24:35 +00:00
u := getTestUser(usePubKey)
u.QuotaFiles = 1000
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
user, _, err := httpd.AddUser(u, http.StatusOK)
quota tracking: fix concurrent updates added a test case to check quota size for upload that replace an existing file
2019-07-28 11:24:46 +00:00
if err != nil {
t.Errorf("unable to add user: %v", err)
}
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
os.RemoveAll(user.GetHomeDir())
add new test cases
2019-07-31 12:11:44 +00:00
testFileSize := int64(65535)
testFileName := "test_file.dat"
testFilePath := filepath.Join(homeBasePath, testFileName)
quota tracking: fix concurrent updates added a test case to check quota size for upload that replace an existing file
2019-07-28 11:24:46 +00:00
client, err := getSftpClient(user, usePubKey)
if err != nil {
t.Errorf("unable to create sftp client: %v", err)
} else {
defer client.Close()
expectedQuotaSize := user.UsedQuotaSize + testFileSize
expectedQuotaFiles := user.UsedQuotaFiles + 1
err = createTestFile(testFilePath, testFileSize)
if err != nil {
t.Errorf("unable to create test file: %v", err)
}
err = sftpUploadFile(testFilePath, testFileName, testFileSize, client)
if err != nil {
t.Errorf("file upload error: %v", err)
}
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
user, _, err = httpd.GetUserByID(user.ID, http.StatusOK)
quota tracking: fix concurrent updates added a test case to check quota size for upload that replace an existing file
2019-07-28 11:24:46 +00:00
if err != nil {
t.Errorf("error getting user: %v", err)
}
// now replace the same file, the quota must not change
err = sftpUploadFile(testFilePath, testFileName, testFileSize, client)
if err != nil {
t.Errorf("file upload error: %v", err)
}
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
user, _, err = httpd.GetUserByID(user.ID, http.StatusOK)
quota tracking: fix concurrent updates added a test case to check quota size for upload that replace an existing file
2019-07-28 11:24:46 +00:00
if err != nil {
t.Errorf("error getting user: %v", err)
}
if expectedQuotaFiles != user.UsedQuotaFiles {
t.Errorf("quota files does not match, expected: %v, actual: %v", expectedQuotaFiles, user.UsedQuotaFiles)
}
if expectedQuotaSize != user.UsedQuotaSize {
t.Errorf("quota size does not match, expected: %v, actual: %v", expectedQuotaSize, user.UsedQuotaSize)
}
add new test cases
2019-07-31 12:11:44 +00:00
}
add support for Git over SSH We use the system commands "git-receive-pack", "git-upload-pack" and "git-upload-archive". they need to be installed and in your system's PATH. Since we execute system commands we have no direct control on file creation/deletion and so quota check is suboptimal: if quota is enabled, the number of files is checked at the command begin and not while new files are created. The allowed size is calculated as the difference between the max quota and the used one. The command is aborted if it uploads more bytes than the remaining allowed size calculated at the command start. Quotas are recalculated at the command end with a full home directory scan, this could be heavy for big directories.
2019-11-26 21:26:42 +00:00
// now set a quota size restriction and upload the same file, upload should fail for space limit exceeded
add new test cases
2019-07-31 12:11:44 +00:00
user.QuotaSize = testFileSize - 1
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
user, _, err = httpd.UpdateUser(user, http.StatusOK)
add new test cases
2019-07-31 12:11:44 +00:00
if err != nil {
t.Errorf("error updating user: %v", err)
}
client, err = getSftpClient(user, usePubKey)
if err != nil {
t.Errorf("unable to create sftp client: %v", err)
} else {
err = sftpUploadFile(testFilePath, testFileName, testFileSize, client)
if err == nil {
t.Errorf("quota size exceeded, file upload must fail")
}
quota tracking: fix concurrent updates added a test case to check quota size for upload that replace an existing file
2019-07-28 11:24:46 +00:00
err = client.Remove(testFileName)
if err != nil {
t.Errorf("error removing uploaded file: %v", err)
}
}
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
_, err = httpd.RemoveUser(user, http.StatusOK)
quota tracking: fix concurrent updates added a test case to check quota size for upload that replace an existing file
2019-07-28 11:24:46 +00:00
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
add support for Git over SSH We use the system commands "git-receive-pack", "git-upload-pack" and "git-upload-archive". they need to be installed and in your system's PATH. Since we execute system commands we have no direct control on file creation/deletion and so quota check is suboptimal: if quota is enabled, the number of files is checked at the command begin and not while new files are created. The allowed size is calculated as the difference between the max quota and the used one. The command is aborted if it uploads more bytes than the remaining allowed size calculated at the command start. Quotas are recalculated at the command end with a full home directory scan, this could be heavy for big directories.
2019-11-26 21:26:42 +00:00
os.Remove(testFilePath)
atomic upload mode: remove temporary file on error If a transfer error is detected, then the partial temporary file will be removed and not renamed to requested path
2019-09-10 16:47:21 +00:00
os.RemoveAll(user.GetHomeDir())
quota tracking: fix concurrent updates added a test case to check quota size for upload that replace an existing file
2019-07-28 11:24:46 +00:00
}
first version
2019-07-20 10:26:52 +00:00
func TestQuotaScan(t *testing.T) {
usePubKey := false
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
user, _, err := httpd.AddUser(getTestUser(usePubKey), http.StatusOK)
first version
2019-07-20 10:26:52 +00:00
if err != nil {
t.Errorf("unable to add user: %v", err)
}
testFileSize := int64(65535)
expectedQuotaSize := user.UsedQuotaSize + testFileSize
expectedQuotaFiles := user.UsedQuotaFiles + 1
client, err := getSftpClient(user, usePubKey)
if err != nil {
t.Errorf("unable to create sftp client: %v", err)
} else {
defer client.Close()
testFileName := "test_file.dat"
testFilePath := filepath.Join(homeBasePath, testFileName)
err = createTestFile(testFilePath, testFileSize)
if err != nil {
t.Errorf("unable to create test file: %v", err)
}
err = sftpUploadFile(testFilePath, testFileName, testFileSize, client)
if err != nil {
t.Errorf("file upload error: %v", err)
}
add support for Git over SSH We use the system commands "git-receive-pack", "git-upload-pack" and "git-upload-archive". they need to be installed and in your system's PATH. Since we execute system commands we have no direct control on file creation/deletion and so quota check is suboptimal: if quota is enabled, the number of files is checked at the command begin and not while new files are created. The allowed size is calculated as the difference between the max quota and the used one. The command is aborted if it uploads more bytes than the remaining allowed size calculated at the command start. Quotas are recalculated at the command end with a full home directory scan, this could be heavy for big directories.
2019-11-26 21:26:42 +00:00
os.Remove(testFilePath)
first version
2019-07-20 10:26:52 +00:00
}
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
_, err = httpd.RemoveUser(user, http.StatusOK)
first version
2019-07-20 10:26:52 +00:00
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
// create user with the same home dir, so there is at least an untracked file
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
user, _, err = httpd.AddUser(getTestUser(usePubKey), http.StatusOK)
first version
2019-07-20 10:26:52 +00:00
if err != nil {
t.Errorf("unable to add user: %v", err)
}
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
_, err = httpd.StartQuotaScan(user, http.StatusCreated)
first version
2019-07-20 10:26:52 +00:00
if err != nil {
t.Errorf("error starting quota scan: %v", err)
}
add support for Git over SSH We use the system commands "git-receive-pack", "git-upload-pack" and "git-upload-archive". they need to be installed and in your system's PATH. Since we execute system commands we have no direct control on file creation/deletion and so quota check is suboptimal: if quota is enabled, the number of files is checked at the command begin and not while new files are created. The allowed size is calculated as the difference between the max quota and the used one. The command is aborted if it uploads more bytes than the remaining allowed size calculated at the command start. Quotas are recalculated at the command end with a full home directory scan, this could be heavy for big directories.
2019-11-26 21:26:42 +00:00
err = waitQuotaScans()
first version
2019-07-20 10:26:52 +00:00
if err != nil {
add support for Git over SSH We use the system commands "git-receive-pack", "git-upload-pack" and "git-upload-archive". they need to be installed and in your system's PATH. Since we execute system commands we have no direct control on file creation/deletion and so quota check is suboptimal: if quota is enabled, the number of files is checked at the command begin and not while new files are created. The allowed size is calculated as the difference between the max quota and the used one. The command is aborted if it uploads more bytes than the remaining allowed size calculated at the command start. Quotas are recalculated at the command end with a full home directory scan, this could be heavy for big directories.
2019-11-26 21:26:42 +00:00
t.Errorf("error waiting for active quota scans: %v", err)
first version
2019-07-20 10:26:52 +00:00
}
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
user, _, err = httpd.GetUserByID(user.ID, http.StatusOK)
first version
2019-07-20 10:26:52 +00:00
if err != nil {
t.Errorf("error getting user: %v", err)
}
if expectedQuotaFiles != user.UsedQuotaFiles {
t.Errorf("quota files does not match after scan, expected: %v, actual: %v", expectedQuotaFiles, user.UsedQuotaFiles)
}
if expectedQuotaSize != user.UsedQuotaSize {
t.Errorf("quota size does not match after scan, expected: %v, actual: %v", expectedQuotaSize, user.UsedQuotaSize)
}
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
_, err = httpd.RemoveUser(user, http.StatusOK)
first version
2019-07-20 10:26:52 +00:00
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
atomic upload mode: remove temporary file on error If a transfer error is detected, then the partial temporary file will be removed and not renamed to requested path
2019-09-10 16:47:21 +00:00
os.RemoveAll(user.GetHomeDir())
first version
2019-07-20 10:26:52 +00:00
}
add more test cases
2019-07-26 13:08:08 +00:00
func TestMultipleQuotaScans(t *testing.T) {
if !sftpd.AddQuotaScan(defaultUsername) {
t.Errorf("add quota failed")
}
if sftpd.AddQuotaScan(defaultUsername) {
t.Errorf("add quota must fail if another scan is already active")
}
add support for Git over SSH We use the system commands "git-receive-pack", "git-upload-pack" and "git-upload-archive". they need to be installed and in your system's PATH. Since we execute system commands we have no direct control on file creation/deletion and so quota check is suboptimal: if quota is enabled, the number of files is checked at the command begin and not while new files are created. The allowed size is calculated as the difference between the max quota and the used one. The command is aborted if it uploads more bytes than the remaining allowed size calculated at the command start. Quotas are recalculated at the command end with a full home directory scan, this could be heavy for big directories.
2019-11-26 21:26:42 +00:00
sftpd.RemoveQuotaScan(defaultUsername)
activeScans := sftpd.GetQuotaScans()
if len(activeScans) > 0 {
t.Errorf("no quota scan must be active: %v", len(activeScans))
}
add more test cases
2019-07-26 13:08:08 +00:00
}
func TestQuotaSize(t *testing.T) {
usePubKey := false
testFileSize := int64(65535)
u := getTestUser(usePubKey)
u.QuotaFiles = 1
u.QuotaSize = testFileSize - 1
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
user, _, err := httpd.AddUser(u, http.StatusOK)
add more test cases
2019-07-26 13:08:08 +00:00
if err != nil {
t.Errorf("unable to add user: %v", err)
}
client, err := getSftpClient(user, usePubKey)
if err != nil {
t.Errorf("unable to create sftp client: %v", err)
} else {
defer client.Close()
testFileName := "test_file.dat"
testFilePath := filepath.Join(homeBasePath, testFileName)
err = createTestFile(testFilePath, testFileSize)
if err != nil {
t.Errorf("unable to create test file: %v", err)
}
quota tracking: fix concurrent updates added a test case to check quota size for upload that replace an existing file
2019-07-28 11:24:46 +00:00
err = sftpUploadFile(testFilePath, testFileName+".quota", testFileSize, client)
add more test cases
2019-07-26 13:08:08 +00:00
if err != nil {
t.Errorf("file upload error: %v", err)
}
quota tracking: fix concurrent updates added a test case to check quota size for upload that replace an existing file
2019-07-28 11:24:46 +00:00
err = sftpUploadFile(testFilePath, testFileName+".quota.1", testFileSize, client)
add more test cases
2019-07-26 13:08:08 +00:00
if err == nil {
t.Errorf("user is over quota file upload must fail")
}
quota tracking: fix concurrent updates added a test case to check quota size for upload that replace an existing file
2019-07-28 11:24:46 +00:00
err = client.Remove(testFileName + ".quota")
if err != nil {
t.Errorf("error removing uploaded file: %v", err)
}
add support for Git over SSH We use the system commands "git-receive-pack", "git-upload-pack" and "git-upload-archive". they need to be installed and in your system's PATH. Since we execute system commands we have no direct control on file creation/deletion and so quota check is suboptimal: if quota is enabled, the number of files is checked at the command begin and not while new files are created. The allowed size is calculated as the difference between the max quota and the used one. The command is aborted if it uploads more bytes than the remaining allowed size calculated at the command start. Quotas are recalculated at the command end with a full home directory scan, this could be heavy for big directories.
2019-11-26 21:26:42 +00:00
os.Remove(testFilePath)
add more test cases
2019-07-26 13:08:08 +00:00
}
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
_, err = httpd.RemoveUser(user, http.StatusOK)
add more test cases
2019-07-26 13:08:08 +00:00
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
atomic upload mode: remove temporary file on error If a transfer error is detected, then the partial temporary file will be removed and not renamed to requested path
2019-09-10 16:47:21 +00:00
os.RemoveAll(user.GetHomeDir())
add more test cases
2019-07-26 13:08:08 +00:00
}
func TestBandwidthAndConnections(t *testing.T) {
usePubKey := false
testFileSize := int64(131072)
u := getTestUser(usePubKey)
u.UploadBandwidth = 30
u.DownloadBandwidth = 25
wantedUploadElapsed := 1000 * (testFileSize / 1000) / u.UploadBandwidth
wantedDownloadElapsed := 1000 * (testFileSize / 1000) / u.DownloadBandwidth
// 100 ms tolerance
wantedUploadElapsed -= 100
wantedDownloadElapsed -= 100
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
user, _, err := httpd.AddUser(u, http.StatusOK)
add more test cases
2019-07-26 13:08:08 +00:00
if err != nil {
t.Errorf("unable to add user: %v", err)
}
client, err := getSftpClient(user, usePubKey)
if err != nil {
t.Errorf("unable to create sftp client: %v", err)
} else {
defer client.Close()
testFileName := "test_file.dat"
testFilePath := filepath.Join(homeBasePath, testFileName)
err = createTestFile(testFilePath, testFileSize)
if err != nil {
t.Errorf("unable to create test file: %v", err)
}
startTime := time.Now()
err = sftpUploadFile(testFilePath, testFileName, testFileSize, client)
if err != nil {
t.Errorf("file upload error: %v", err)
}
elapsed := time.Since(startTime).Nanoseconds() / 1000000
if elapsed < (wantedUploadElapsed) {
t.Errorf("upload bandwidth throttling not respected, elapsed: %v, wanted: %v", elapsed, wantedUploadElapsed)
}
startTime = time.Now()
localDownloadPath := filepath.Join(homeBasePath, "test_download.dat")
c := sftpDownloadNonBlocking(testFileName, localDownloadPath, testFileSize, client)
waitForActiveTransfer()
add support for custom actions Configurable custom commands and/or HTTP notifications on SFTP upload, download, delete or rename
2019-07-27 07:38:09 +00:00
// wait some additional arbitrary time to wait for transfer activity to happen
// it is need to reach all the code in CheckIdleConnections
time.Sleep(100 * time.Millisecond)
sftpd.CheckIdleConnections()
add more test cases
2019-07-26 13:08:08 +00:00
err = <-c
if err != nil {
t.Errorf("file download error: %v", err)
}
elapsed = time.Since(startTime).Nanoseconds() / 1000000
if elapsed < (wantedDownloadElapsed) {
t.Errorf("download bandwidth throttling not respected, elapsed: %v, wanted: %v", elapsed, wantedDownloadElapsed)
}
// test disconnection
windows: fix test cases
2019-07-27 19:19:30 +00:00
c = sftpUploadNonBlocking(testFilePath, testFileName+"_partial", testFileSize, client)
add more test cases
2019-07-26 13:08:08 +00:00
waitForActiveTransfer()
add support for custom actions Configurable custom commands and/or HTTP notifications on SFTP upload, download, delete or rename
2019-07-27 07:38:09 +00:00
time.Sleep(100 * time.Millisecond)
add more test cases
2019-07-26 13:08:08 +00:00
sftpd.CheckIdleConnections()
stats := sftpd.GetConnectionsStats()
for _, stat := range stats {
sftpd.CloseActiveConnection(stat.ConnectionID)
}
err = <-c
if err == nil {
t.Errorf("connection closed upload must fail")
}
add support for Git over SSH We use the system commands "git-receive-pack", "git-upload-pack" and "git-upload-archive". they need to be installed and in your system's PATH. Since we execute system commands we have no direct control on file creation/deletion and so quota check is suboptimal: if quota is enabled, the number of files is checked at the command begin and not while new files are created. The allowed size is calculated as the difference between the max quota and the used one. The command is aborted if it uploads more bytes than the remaining allowed size calculated at the command start. Quotas are recalculated at the command end with a full home directory scan, this could be heavy for big directories.
2019-11-26 21:26:42 +00:00
os.Remove(testFilePath)
os.Remove(localDownloadPath)
add more test cases
2019-07-26 13:08:08 +00:00
}
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
_, err = httpd.RemoveUser(user, http.StatusOK)
add more test cases
2019-07-26 13:08:08 +00:00
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
atomic upload mode: remove temporary file on error If a transfer error is detected, then the partial temporary file will be removed and not renamed to requested path
2019-09-10 16:47:21 +00:00
os.RemoveAll(user.GetHomeDir())
add more test cases
2019-07-26 13:08:08 +00:00
}
filters: we can now set allowed and denied files extensions
2020-03-01 21:10:29 +00:00
func TestExtensionsFilters(t *testing.T) {
usePubKey := true
u := getTestUser(usePubKey)
user, _, err := httpd.AddUser(u, http.StatusOK)
if err != nil {
t.Errorf("unable to add user: %v", err)
}
testFileSize := int64(131072)
testFileName := "test_file.dat"
testFilePath := filepath.Join(homeBasePath, testFileName)
localDownloadPath := filepath.Join(homeBasePath, "test_download.dat")
client, err := getSftpClient(user, usePubKey)
if err != nil {
t.Errorf("unable to create sftp client: %v", err)
} else {
defer client.Close()
err = createTestFile(testFilePath, testFileSize)
if err != nil {
t.Errorf("unable to create test file: %v", err)
}
err = sftpUploadFile(testFilePath, testFileName, testFileSize, client)
if err != nil {
t.Errorf("file upload error: %v", err)
}
}
user.Filters.FileExtensions = []dataprovider.ExtensionsFilter{
update deps we now use git master for pkg/sftp: it includes the performance patches from my copy branch.
2020-03-02 09:13:49 +00:00
{
filters: we can now set allowed and denied files extensions
2020-03-01 21:10:29 +00:00
Path: "/",
AllowedExtensions: []string{".zip"},
DeniedExtensions: []string{},
},
}
_, _, err = httpd.UpdateUser(user, http.StatusOK)
if err != nil {
t.Errorf("unable to update user: %v", err)
}
client, err = getSftpClient(user, usePubKey)
if err != nil {
t.Errorf("unable to create sftp client: %v", err)
} else {
defer client.Close()
err = sftpUploadFile(testFilePath, testFileName, testFileSize, client)
if err == nil {
t.Error("file upload must fail")
}
err = sftpDownloadFile(testFileName, localDownloadPath, testFileSize, client)
if err == nil {
t.Error("file download must fail")
}
err = client.Rename(testFileName, testFileName+"1")
if err == nil {
t.Error("rename must fail")
}
err = client.Remove(testFileName)
if err == nil {
t.Error("remove must fail")
}
err = client.Mkdir("dir.zip")
if err != nil {
t.Errorf("unexpected error: %v", err)
}
err = client.Rename("dir.zip", "dir1.zip")
if err != nil {
t.Errorf("unexpected error: %v", err)
}
}
_, err = httpd.RemoveUser(user, http.StatusOK)
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
os.Remove(testFilePath)
os.Remove(localDownloadPath)
os.RemoveAll(user.GetHomeDir())
}
add support for virtual folders directories outside the user home directory can be exposed as virtual folders
2020-02-23 10:30:26 +00:00
func TestVirtualFolders(t *testing.T) {
usePubKey := true
u := getTestUser(usePubKey)
mappedPath := filepath.Join(os.TempDir(), "vdir")
vdirPath := "/vdir"
u.VirtualFolders = append(u.VirtualFolders, vfs.VirtualFolder{
VirtualPath: vdirPath,
MappedPath: mappedPath,
})
os.MkdirAll(mappedPath, 0777)
user, _, err := httpd.AddUser(u, http.StatusOK)
if err != nil {
t.Errorf("unable to add user: %v", err)
}
client, err := getSftpClient(user, usePubKey)
if err != nil {
t.Errorf("unable to create sftp client: %v", err)
} else {
defer client.Close()
testFileSize := int64(131072)
testFileName := "test_file.dat"
testFilePath := filepath.Join(homeBasePath, testFileName)
err = createTestFile(testFilePath, testFileSize)
if err != nil {
t.Errorf("unable to create test file: %v", err)
}
localDownloadPath := filepath.Join(homeBasePath, "test_download.dat")
err = sftpUploadFile(testFilePath, path.Join(vdirPath, testFileName), testFileSize, client)
if err != nil {
t.Errorf("file upload error: %v", err)
}
err = sftpDownloadFile(path.Join(vdirPath, testFileName), localDownloadPath, testFileSize, client)
if err != nil {
t.Errorf("file download error: %v", err)
}
err = client.Rename(vdirPath, "new_name")
if err == nil {
t.Error("renaming a virtual folder must fail")
}
err = client.RemoveDirectory(vdirPath)
if err == nil {
t.Error("removing a virtual folder must fail")
}
err = client.Mkdir(vdirPath)
if err == nil {
t.Error("creating a virtual folder must fail")
}
err = client.Symlink(path.Join(vdirPath, testFileName), vdirPath)
if err == nil {
t.Error("symlink to a virtual folder must fail")
}
os.Remove(testFilePath)
os.Remove(localDownloadPath)
}
_, err = httpd.RemoveUser(user, http.StatusOK)
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
os.RemoveAll(user.GetHomeDir())
os.RemoveAll(mappedPath)
}
added test case that checks quota for files inside virtual folders
2020-03-29 09:10:03 +00:00
func TestVirtualFoldersQuota(t *testing.T) {
usePubKey := false
u := getTestUser(usePubKey)
u.QuotaFiles = 100
mappedPath1 := filepath.Join(os.TempDir(), "vdir1")
vdirPath1 := "/vdir1"
mappedPath2 := filepath.Join(os.TempDir(), "vdir2")
vdirPath2 := "/vdir2"
u.VirtualFolders = append(u.VirtualFolders, vfs.VirtualFolder{
VirtualPath: vdirPath1,
MappedPath: mappedPath1,
})
u.VirtualFolders = append(u.VirtualFolders, vfs.VirtualFolder{
VirtualPath: vdirPath2,
MappedPath: mappedPath2,
})
os.MkdirAll(mappedPath1, 0777)
os.MkdirAll(mappedPath2, 0777)
user, _, err := httpd.AddUser(u, http.StatusOK)
if err != nil {
t.Errorf("unable to add user: %v", err)
}
client, err := getSftpClient(user, usePubKey)
if err != nil {
t.Errorf("unable to create sftp client: %v", err)
} else {
defer client.Close()
testFileName := "test_file.dat"
testFileSize := int64(131072)
testFilePath := filepath.Join(homeBasePath, testFileName)
err = createTestFile(testFilePath, testFileSize)
if err != nil {
t.Errorf("unable to create test file: %v", err)
}
err = sftpUploadFile(testFilePath, testFileName, testFileSize, client)
if err != nil {
t.Errorf("file upload error: %v", err)
}
err = sftpUploadFile(testFilePath, path.Join(vdirPath1, testFileName), testFileSize, client)
if err != nil {
t.Errorf("file upload error: %v", err)
}
err = sftpUploadFile(testFilePath, path.Join(vdirPath2, testFileName), testFileSize, client)
if err != nil {
t.Errorf("file upload error: %v", err)
}
expectedQuotaFiles := 3
expectedQuotaSize := testFileSize * 3
user, _, err = httpd.GetUserByID(user.ID, http.StatusOK)
if err != nil {
t.Errorf("error getting user: %v", err)
}
if expectedQuotaFiles != user.UsedQuotaFiles {
t.Errorf("quota files does not match, expected: %v, actual: %v", expectedQuotaFiles, user.UsedQuotaFiles)
}
if expectedQuotaSize != user.UsedQuotaSize {
t.Errorf("quota size does not match, expected: %v, actual: %v", expectedQuotaSize, user.UsedQuotaSize)
}
}
_, err = httpd.RemoveUser(user, http.StatusOK)
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
os.RemoveAll(user.GetHomeDir())
os.RemoveAll(mappedPath1)
os.RemoveAll(mappedPath2)
}
add support for atomic upload Atomic uploads are now configurable. The default upload mode remains non atomic
2019-08-04 07:37:58 +00:00
func TestMissingFile(t *testing.T) {
usePubKey := false
u := getTestUser(usePubKey)
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
user, _, err := httpd.AddUser(u, http.StatusOK)
add support for atomic upload Atomic uploads are now configurable. The default upload mode remains non atomic
2019-08-04 07:37:58 +00:00
if err != nil {
t.Errorf("unable to add user: %v", err)
}
client, err := getSftpClient(user, usePubKey)
if err != nil {
t.Errorf("unable to create sftp client: %v", err)
} else {
defer client.Close()
localDownloadPath := filepath.Join(homeBasePath, "test_download.dat")
err = sftpDownloadFile("missing_file", localDownloadPath, 0, client)
if err == nil {
t.Errorf("download missing file must fail")
}
add per directory permissions we can now have permissions such as these ones {"/":["*"],"/somedir":["list","download"]} The old permissions are automatically converted to the new structure, no database migration is needed
2019-12-25 17:20:19 +00:00
os.Remove(localDownloadPath)
add support for atomic upload Atomic uploads are now configurable. The default upload mode remains non atomic
2019-08-04 07:37:58 +00:00
}
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
_, err = httpd.RemoveUser(user, http.StatusOK)
add support for atomic upload Atomic uploads are now configurable. The default upload mode remains non atomic
2019-08-04 07:37:58 +00:00
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
atomic upload mode: remove temporary file on error If a transfer error is detected, then the partial temporary file will be removed and not renamed to requested path
2019-09-10 16:47:21 +00:00
os.RemoveAll(user.GetHomeDir())
add support for atomic upload Atomic uploads are now configurable. The default upload mode remains non atomic
2019-08-04 07:37:58 +00:00
}
sftpd: return sftp.ErrSSHFxNoSuchFile if the client ask the file for a missing path some clients expected this error and not the generic one if the path is missing
2019-11-14 13:18:43 +00:00
func TestOpenError(t *testing.T) {
if runtime.GOOS == "windows" {
t.Skip("this test is not available on Windows")
}
usePubKey := false
u := getTestUser(usePubKey)
user, _, err := httpd.AddUser(u, http.StatusOK)
if err != nil {
t.Errorf("unable to add user: %v", err)
}
os.RemoveAll(user.GetHomeDir())
client, err := getSftpClient(user, usePubKey)
if err != nil {
t.Errorf("unable to create sftp client: %v", err)
} else {
defer client.Close()
os.Chmod(user.GetHomeDir(), 0001)
_, err = client.ReadDir(".")
if err == nil {
t.Errorf("read dir must fail if we have no filesystem read permissions")
}
os.Chmod(user.GetHomeDir(), 0755)
testFileSize := int64(65535)
testFileName := "test_file.dat"
testFilePath := filepath.Join(user.GetHomeDir(), testFileName)
err = createTestFile(testFilePath, testFileSize)
if err != nil {
t.Errorf("unable to create test file: %v", err)
}
_, err = client.Stat(testFileName)
if err != nil {
t.Errorf("file stat error: %v", err)
}
localDownloadPath := filepath.Join(homeBasePath, "test_download.dat")
err = sftpDownloadFile(testFileName, localDownloadPath, testFileSize, client)
if err != nil {
t.Errorf("file download error: %v", err)
}
os.Chmod(testFilePath, 0001)
err = sftpDownloadFile(testFileName, localDownloadPath, testFileSize, client)
if err == nil {
t.Errorf("file download must fail if we have no filesystem read permissions")
}
err = sftpUploadFile(localDownloadPath, testFileName, testFileSize, client)
if err == nil {
t.Errorf("upload must fail if we have no filesystem write permissions")
}
sftpd: add support for chmod/chown added matching permissions too and a new setting "setstat_mode". Setting setstat_mode to 1 you can keep the previous behaviour that silently ignore setstat requests
2019-11-15 11:15:07 +00:00
err = client.Mkdir("test")
if err != nil {
t.Errorf("error making dir: %v", err)
}
sftpd: return sftp.ErrSSHFxNoSuchFile if the client ask the file for a missing path some clients expected this error and not the generic one if the path is missing
2019-11-14 13:18:43 +00:00
os.Chmod(user.GetHomeDir(), 0000)
_, err = client.Lstat(testFileName)
if err == nil {
t.Errorf("file stat must fail if we have no filesystem read permissions")
}
os.Chmod(user.GetHomeDir(), 0755)
sftpd: add support for chmod/chown added matching permissions too and a new setting "setstat_mode". Setting setstat_mode to 1 you can keep the previous behaviour that silently ignore setstat requests
2019-11-15 11:15:07 +00:00
os.Chmod(filepath.Join(user.GetHomeDir(), "test"), 0000)
err = client.Rename(testFileName, path.Join("test", testFileName))
if err == nil || !strings.Contains(err.Error(), sftp.ErrSSHFxPermissionDenied.Error()) {
t.Errorf("unexpected error: %v expected: %v", err, sftp.ErrSSHFxPermissionDenied)
}
os.Chmod(filepath.Join(user.GetHomeDir(), "test"), 0755)
add support for Git over SSH We use the system commands "git-receive-pack", "git-upload-pack" and "git-upload-archive". they need to be installed and in your system's PATH. Since we execute system commands we have no direct control on file creation/deletion and so quota check is suboptimal: if quota is enabled, the number of files is checked at the command begin and not while new files are created. The allowed size is calculated as the difference between the max quota and the used one. The command is aborted if it uploads more bytes than the remaining allowed size calculated at the command start. Quotas are recalculated at the command end with a full home directory scan, this could be heavy for big directories.
2019-11-26 21:26:42 +00:00
os.Remove(testFilePath)
os.Remove(localDownloadPath)
sftpd: return sftp.ErrSSHFxNoSuchFile if the client ask the file for a missing path some clients expected this error and not the generic one if the path is missing
2019-11-14 13:18:43 +00:00
}
_, err = httpd.RemoveUser(user, http.StatusOK)
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
os.RemoveAll(user.GetHomeDir())
}
add support for atomic upload Atomic uploads are now configurable. The default upload mode remains non atomic
2019-08-04 07:37:58 +00:00
func TestOverwriteDirWithFile(t *testing.T) {
usePubKey := false
u := getTestUser(usePubKey)
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
user, _, err := httpd.AddUser(u, http.StatusOK)
add support for atomic upload Atomic uploads are now configurable. The default upload mode remains non atomic
2019-08-04 07:37:58 +00:00
if err != nil {
t.Errorf("unable to add user: %v", err)
}
client, err := getSftpClient(user, usePubKey)
if err != nil {
t.Errorf("unable to create sftp client: %v", err)
} else {
defer client.Close()
testFileSize := int64(65535)
testFileName := "test_file.dat"
testDirName := "test_dir"
testFilePath := filepath.Join(homeBasePath, testFileName)
err = createTestFile(testFilePath, testFileSize)
if err != nil {
t.Errorf("unable to create test file: %v", err)
}
err = client.Mkdir(testDirName)
if err != nil {
t.Errorf("mkdir error: %v", err)
}
err = sftpUploadFile(testFilePath, testDirName, testFileSize, client)
if err == nil {
t.Errorf("copying a file over an existing dir must fail")
}
err = sftpUploadFile(testFilePath, testFileName, testFileSize, client)
if err != nil {
t.Errorf("file upload error: %v", err)
}
err = client.Rename(testFileName, testDirName)
if err == nil {
t.Errorf("rename a file over an existing dir must fail")
}
err = client.RemoveDirectory(testDirName)
if err != nil {
t.Errorf("dir remove error: %v", err)
}
err = client.Remove(testFileName)
if err != nil {
t.Errorf("error removing uploaded file: %v", err)
}
add support for Git over SSH We use the system commands "git-receive-pack", "git-upload-pack" and "git-upload-archive". they need to be installed and in your system's PATH. Since we execute system commands we have no direct control on file creation/deletion and so quota check is suboptimal: if quota is enabled, the number of files is checked at the command begin and not while new files are created. The allowed size is calculated as the difference between the max quota and the used one. The command is aborted if it uploads more bytes than the remaining allowed size calculated at the command start. Quotas are recalculated at the command end with a full home directory scan, this could be heavy for big directories.
2019-11-26 21:26:42 +00:00
os.Remove(testFilePath)
add support for atomic upload Atomic uploads are now configurable. The default upload mode remains non atomic
2019-08-04 07:37:58 +00:00
}
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
_, err = httpd.RemoveUser(user, http.StatusOK)
add support for atomic upload Atomic uploads are now configurable. The default upload mode remains non atomic
2019-08-04 07:37:58 +00:00
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
atomic upload mode: remove temporary file on error If a transfer error is detected, then the partial temporary file will be removed and not renamed to requested path
2019-09-10 16:47:21 +00:00
os.RemoveAll(user.GetHomeDir())
add support for atomic upload Atomic uploads are now configurable. The default upload mode remains non atomic
2019-08-04 07:37:58 +00:00
}
add test cases for password stored using bcrypt and pbkdf2
2019-08-17 14:54:02 +00:00
func TestPasswordsHashPbkdf2Sha1(t *testing.T) {
pbkdf2Pwd := "$pbkdf2-sha1$150000$DveVjgYUD05R$X6ydQZdyMeOvpgND2nqGR/0GGic="
pbkdf2ClearPwd := "password"
usePubKey := false
u := getTestUser(usePubKey)
u.Password = pbkdf2Pwd
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
user, _, err := httpd.AddUser(u, http.StatusOK)
add test cases for password stored using bcrypt and pbkdf2
2019-08-17 14:54:02 +00:00
if err != nil {
t.Errorf("unable to add user: %v", err)
}
user.Password = pbkdf2ClearPwd
client, err := getSftpClient(user, usePubKey)
if err != nil {
t.Errorf("unable to login with pkkdf2 sha1 password: %v", err)
} else {
defer client.Close()
_, err = client.Getwd()
if err != nil {
t.Errorf("unable to get working dir with pkkdf2 sha1 password: %v", err)
}
}
user.Password = pbkdf2Pwd
_, err = getSftpClient(user, usePubKey)
if err == nil {
t.Errorf("login with wrong password must fail")
}
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
_, err = httpd.RemoveUser(user, http.StatusOK)
add test cases for password stored using bcrypt and pbkdf2
2019-08-17 14:54:02 +00:00
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
atomic upload mode: remove temporary file on error If a transfer error is detected, then the partial temporary file will be removed and not renamed to requested path
2019-09-10 16:47:21 +00:00
os.RemoveAll(user.GetHomeDir())
add test cases for password stored using bcrypt and pbkdf2
2019-08-17 14:54:02 +00:00
}
func TestPasswordsHashPbkdf2Sha256(t *testing.T) {
pbkdf2Pwd := "$pbkdf2-sha256$150000$E86a9YMX3zC7$R5J62hsSq+pYw00hLLPKBbcGXmq7fj5+/M0IFoYtZbo="
pbkdf2ClearPwd := "password"
usePubKey := false
u := getTestUser(usePubKey)
u.Password = pbkdf2Pwd
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
user, _, err := httpd.AddUser(u, http.StatusOK)
add test cases for password stored using bcrypt and pbkdf2
2019-08-17 14:54:02 +00:00
if err != nil {
t.Errorf("unable to add user: %v", err)
}
user.Password = pbkdf2ClearPwd
client, err := getSftpClient(user, usePubKey)
if err != nil {
pbkdf2: fix password comparison the key len for the derived function must be equal to the len of the expected key
2020-03-28 15:09:06 +00:00
t.Errorf("unable to login with pkkdf2 sha256 password: %v", err)
add test cases for password stored using bcrypt and pbkdf2
2019-08-17 14:54:02 +00:00
} else {
defer client.Close()
_, err = client.Getwd()
if err != nil {
pbkdf2: fix password comparison the key len for the derived function must be equal to the len of the expected key
2020-03-28 15:09:06 +00:00
t.Errorf("unable to get working dir with pkkdf2 sha256 password: %v", err)
add test cases for password stored using bcrypt and pbkdf2
2019-08-17 14:54:02 +00:00
}
}
user.Password = pbkdf2Pwd
_, err = getSftpClient(user, usePubKey)
if err == nil {
t.Errorf("login with wrong password must fail")
}
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
_, err = httpd.RemoveUser(user, http.StatusOK)
add test cases for password stored using bcrypt and pbkdf2
2019-08-17 14:54:02 +00:00
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
atomic upload mode: remove temporary file on error If a transfer error is detected, then the partial temporary file will be removed and not renamed to requested path
2019-09-10 16:47:21 +00:00
os.RemoveAll(user.GetHomeDir())
add test cases for password stored using bcrypt and pbkdf2
2019-08-17 14:54:02 +00:00
}
func TestPasswordsHashPbkdf2Sha512(t *testing.T) {
pbkdf2Pwd := "$pbkdf2-sha512$150000$dsu7T5R3IaVQ$1hFXPO1ntRBcoWkSLKw+s4sAP09Xtu4Ya7CyxFq64jM9zdUg8eRJVr3NcR2vQgb0W9HHvZaILHsL4Q/Vr6arCg=="
pbkdf2ClearPwd := "password"
usePubKey := false
u := getTestUser(usePubKey)
u.Password = pbkdf2Pwd
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
user, _, err := httpd.AddUser(u, http.StatusOK)
add test cases for password stored using bcrypt and pbkdf2
2019-08-17 14:54:02 +00:00
if err != nil {
t.Errorf("unable to add user: %v", err)
}
user.Password = pbkdf2ClearPwd
client, err := getSftpClient(user, usePubKey)
if err != nil {
pbkdf2: fix password comparison the key len for the derived function must be equal to the len of the expected key
2020-03-28 15:09:06 +00:00
t.Errorf("unable to login with pkkdf2 sha512 password: %v", err)
add test cases for password stored using bcrypt and pbkdf2
2019-08-17 14:54:02 +00:00
} else {
defer client.Close()
_, err = client.Getwd()
if err != nil {
pbkdf2: fix password comparison the key len for the derived function must be equal to the len of the expected key
2020-03-28 15:09:06 +00:00
t.Errorf("unable to get working dir with pkkdf2 sha512 password: %v", err)
add test cases for password stored using bcrypt and pbkdf2
2019-08-17 14:54:02 +00:00
}
}
user.Password = pbkdf2Pwd
_, err = getSftpClient(user, usePubKey)
if err == nil {
t.Errorf("login with wrong password must fail")
}
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
_, err = httpd.RemoveUser(user, http.StatusOK)
add test cases for password stored using bcrypt and pbkdf2
2019-08-17 14:54:02 +00:00
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
atomic upload mode: remove temporary file on error If a transfer error is detected, then the partial temporary file will be removed and not renamed to requested path
2019-09-10 16:47:21 +00:00
os.RemoveAll(user.GetHomeDir())
add test cases for password stored using bcrypt and pbkdf2
2019-08-17 14:54:02 +00:00
}
func TestPasswordsHashBcrypt(t *testing.T) {
bcryptPwd := "$2a$14$ajq8Q7fbtFRQvXpdCq7Jcuy.Rx1h/L4J60Otx.gyNLbAYctGMJ9tK"
bcryptClearPwd := "secret"
usePubKey := false
u := getTestUser(usePubKey)
u.Password = bcryptPwd
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
user, _, err := httpd.AddUser(u, http.StatusOK)
add test cases for password stored using bcrypt and pbkdf2
2019-08-17 14:54:02 +00:00
if err != nil {
t.Errorf("unable to add user: %v", err)
}
user.Password = bcryptClearPwd
client, err := getSftpClient(user, usePubKey)
if err != nil {
t.Errorf("unable to login with bcrypt password: %v", err)
} else {
defer client.Close()
_, err = client.Getwd()
if err != nil {
t.Errorf("unable to get working dir with bcrypt password: %v", err)
}
}
user.Password = bcryptPwd
_, err = getSftpClient(user, usePubKey)
if err == nil {
t.Errorf("login with wrong password must fail")
}
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
_, err = httpd.RemoveUser(user, http.StatusOK)
add test cases for password stored using bcrypt and pbkdf2
2019-08-17 14:54:02 +00:00
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
atomic upload mode: remove temporary file on error If a transfer error is detected, then the partial temporary file will be removed and not renamed to requested path
2019-09-10 16:47:21 +00:00
os.RemoveAll(user.GetHomeDir())
add test cases for password stored using bcrypt and pbkdf2
2019-08-17 14:54:02 +00:00
}
add a test case and document sha512crypt passwords support
2019-09-15 10:23:27 +00:00
func TestPasswordsHashSHA512Crypt(t *testing.T) {
sha512CryptPwd := "$6$459ead56b72e44bc$uog86fUxscjt28BZxqFBE2pp2QD8P/1e98MNF75Z9xJfQvOckZnQ/1YJqiq1XeytPuDieHZvDAMoP7352ELkO1"
clearPwd := "secret"
usePubKey := false
u := getTestUser(usePubKey)
u.Password = sha512CryptPwd
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
user, _, err := httpd.AddUser(u, http.StatusOK)
add a test case and document sha512crypt passwords support
2019-09-15 10:23:27 +00:00
if err != nil {
t.Errorf("unable to add user: %v", err)
}
user.Password = clearPwd
client, err := getSftpClient(user, usePubKey)
if err != nil {
t.Errorf("unable to login with sha512 crypt password: %v", err)
} else {
defer client.Close()
_, err = client.Getwd()
if err != nil {
t.Errorf("unable to get working dir with sha512 crypt password: %v", err)
}
}
user.Password = sha512CryptPwd
_, err = getSftpClient(user, usePubKey)
if err == nil {
t.Errorf("login with wrong password must fail")
}
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
_, err = httpd.RemoveUser(user, http.StatusOK)
add a test case and document sha512crypt passwords support
2019-09-15 10:23:27 +00:00
if err != nil {
t.Errorf("unable to remove user: %v", err)
add support for checking passwords in md5crypt ($1$) format this is an old and unsafe schema but it is still useful to import users from legacy systems
2019-12-29 06:43:59 +00:00
}
os.RemoveAll(user.GetHomeDir())
}
func TestPasswordsHashMD5Crypt(t *testing.T) {
md5CryptPwd := "$1$b5caebda$VODr/nyhGWgZaY8sJ4x05."
clearPwd := "password"
usePubKey := false
u := getTestUser(usePubKey)
u.Password = md5CryptPwd
user, _, err := httpd.AddUser(u, http.StatusOK)
if err != nil {
t.Errorf("unable to add user: %v", err)
}
user.Password = clearPwd
client, err := getSftpClient(user, usePubKey)
if err != nil {
t.Errorf("unable to login with md5 crypt password: %v", err)
} else {
defer client.Close()
_, err = client.Getwd()
if err != nil {
t.Errorf("unable to get working dir with md5 crypt password: %v", err)
}
}
user.Password = md5CryptPwd
_, err = getSftpClient(user, usePubKey)
if err == nil {
t.Errorf("login with wrong password must fail")
}
_, err = httpd.RemoveUser(user, http.StatusOK)
if err != nil {
t.Errorf("unable to remove user: %v", err)
add a test case and document sha512crypt passwords support
2019-09-15 10:23:27 +00:00
}
os.RemoveAll(user.GetHomeDir())
}
httpd: add support for basic auth and HTTPS
2020-02-03 23:08:00 +00:00
func TestPasswordsHashMD5CryptApr1(t *testing.T) {
md5CryptPwd := "$apr1$OBWLeSme$WoJbB736e7kKxMBIAqilb1"
clearPwd := "password"
usePubKey := false
u := getTestUser(usePubKey)
u.Password = md5CryptPwd
user, _, err := httpd.AddUser(u, http.StatusOK)
if err != nil {
t.Errorf("unable to add user: %v", err)
}
user.Password = clearPwd
client, err := getSftpClient(user, usePubKey)
if err != nil {
t.Errorf("unable to login with md5 crypt password: %v", err)
} else {
defer client.Close()
_, err = client.Getwd()
if err != nil {
t.Errorf("unable to get working dir with md5 crypt password: %v", err)
}
}
user.Password = md5CryptPwd
_, err = getSftpClient(user, usePubKey)
if err == nil {
t.Errorf("login with wrong password must fail")
}
_, err = httpd.RemoveUser(user, http.StatusOK)
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
os.RemoveAll(user.GetHomeDir())
}
first version
2019-07-20 10:26:52 +00:00
func TestPermList(t *testing.T) {
usePubKey := true
u := getTestUser(usePubKey)
add per directory permissions we can now have permissions such as these ones {"/":["*"],"/somedir":["list","download"]} The old permissions are automatically converted to the new structure, no database migration is needed
2019-12-25 17:20:19 +00:00
u.Permissions["/"] = []string{dataprovider.PermDownload, dataprovider.PermUpload, dataprovider.PermDelete, dataprovider.PermRename,
sftpd: add support for chtimes This improve rclone compatibility
2019-11-16 09:23:41 +00:00
dataprovider.PermCreateDirs, dataprovider.PermCreateSymlinks, dataprovider.PermOverwrite, dataprovider.PermChmod,
dataprovider.PermChown, dataprovider.PermChtimes}
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
user, _, err := httpd.AddUser(u, http.StatusOK)
first version
2019-07-20 10:26:52 +00:00
if err != nil {
t.Errorf("unable to add user: %v", err)
}
client, err := getSftpClient(user, usePubKey)
if err != nil {
t.Errorf("unable to create sftp client: %v", err)
} else {
defer client.Close()
_, err = client.ReadDir(".")
if err == nil {
t.Errorf("read remote dir without permission should not succeed")
}
sftpd: improve test cases
2019-07-26 14:15:42 +00:00
_, err = client.Stat("test_file")
if err == nil {
t.Errorf("stat remote file without permission should not succeed")
}
first version
2019-07-20 10:26:52 +00:00
}
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
_, err = httpd.RemoveUser(user, http.StatusOK)
first version
2019-07-20 10:26:52 +00:00
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
atomic upload mode: remove temporary file on error If a transfer error is detected, then the partial temporary file will be removed and not renamed to requested path
2019-09-10 16:47:21 +00:00
os.RemoveAll(user.GetHomeDir())
first version
2019-07-20 10:26:52 +00:00
}
func TestPermDownload(t *testing.T) {
usePubKey := true
u := getTestUser(usePubKey)
add per directory permissions we can now have permissions such as these ones {"/":["*"],"/somedir":["list","download"]} The old permissions are automatically converted to the new structure, no database migration is needed
2019-12-25 17:20:19 +00:00
u.Permissions["/"] = []string{dataprovider.PermListItems, dataprovider.PermUpload, dataprovider.PermDelete, dataprovider.PermRename,
sftpd: add support for chtimes This improve rclone compatibility
2019-11-16 09:23:41 +00:00
dataprovider.PermCreateDirs, dataprovider.PermCreateSymlinks, dataprovider.PermOverwrite, dataprovider.PermChmod,
dataprovider.PermChown, dataprovider.PermChtimes}
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
user, _, err := httpd.AddUser(u, http.StatusOK)
first version
2019-07-20 10:26:52 +00:00
if err != nil {
t.Errorf("unable to add user: %v", err)
}
client, err := getSftpClient(user, usePubKey)
if err != nil {
t.Errorf("unable to create sftp client: %v", err)
} else {
defer client.Close()
testFileName := "test_file.dat"
testFilePath := filepath.Join(homeBasePath, testFileName)
testFileSize := int64(65535)
err = createTestFile(testFilePath, testFileSize)
if err != nil {
t.Errorf("unable to create test file: %v", err)
}
err = sftpUploadFile(testFilePath, testFileName, testFileSize, client)
if err != nil {
t.Errorf("file upload error: %v", err)
}
localDownloadPath := filepath.Join(homeBasePath, "test_download.dat")
err = sftpDownloadFile(testFileName, localDownloadPath, testFileSize, client)
if err == nil {
t.Errorf("file download without permission should not succeed")
}
err = client.Remove(testFileName)
if err != nil {
t.Errorf("error removing uploaded file: %v", err)
}
add support for Git over SSH We use the system commands "git-receive-pack", "git-upload-pack" and "git-upload-archive". they need to be installed and in your system's PATH. Since we execute system commands we have no direct control on file creation/deletion and so quota check is suboptimal: if quota is enabled, the number of files is checked at the command begin and not while new files are created. The allowed size is calculated as the difference between the max quota and the used one. The command is aborted if it uploads more bytes than the remaining allowed size calculated at the command start. Quotas are recalculated at the command end with a full home directory scan, this could be heavy for big directories.
2019-11-26 21:26:42 +00:00
os.Remove(testFilePath)
os.Remove(localDownloadPath)
first version
2019-07-20 10:26:52 +00:00
}
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
_, err = httpd.RemoveUser(user, http.StatusOK)
first version
2019-07-20 10:26:52 +00:00
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
atomic upload mode: remove temporary file on error If a transfer error is detected, then the partial temporary file will be removed and not renamed to requested path
2019-09-10 16:47:21 +00:00
os.RemoveAll(user.GetHomeDir())
first version
2019-07-20 10:26:52 +00:00
}
func TestPermUpload(t *testing.T) {
usePubKey := false
u := getTestUser(usePubKey)
add per directory permissions we can now have permissions such as these ones {"/":["*"],"/somedir":["list","download"]} The old permissions are automatically converted to the new structure, no database migration is needed
2019-12-25 17:20:19 +00:00
u.Permissions["/"] = []string{dataprovider.PermListItems, dataprovider.PermDownload, dataprovider.PermDelete, dataprovider.PermRename,
sftpd: add support for chtimes This improve rclone compatibility
2019-11-16 09:23:41 +00:00
dataprovider.PermCreateDirs, dataprovider.PermCreateSymlinks, dataprovider.PermOverwrite, dataprovider.PermChmod,
dataprovider.PermChown, dataprovider.PermChtimes}
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
user, _, err := httpd.AddUser(u, http.StatusOK)
first version
2019-07-20 10:26:52 +00:00
if err != nil {
t.Errorf("unable to add user: %v", err)
}
client, err := getSftpClient(user, usePubKey)
if err != nil {
t.Errorf("unable to create sftp client: %v", err)
} else {
defer client.Close()
testFileName := "test_file.dat"
testFilePath := filepath.Join(homeBasePath, testFileName)
testFileSize := int64(65535)
err = createTestFile(testFilePath, testFileSize)
if err != nil {
t.Errorf("unable to create test file: %v", err)
}
err = sftpUploadFile(testFilePath, testFileName, testFileSize, client)
if err == nil {
t.Errorf("file upload without permission should not succeed")
}
add support for Git over SSH We use the system commands "git-receive-pack", "git-upload-pack" and "git-upload-archive". they need to be installed and in your system's PATH. Since we execute system commands we have no direct control on file creation/deletion and so quota check is suboptimal: if quota is enabled, the number of files is checked at the command begin and not while new files are created. The allowed size is calculated as the difference between the max quota and the used one. The command is aborted if it uploads more bytes than the remaining allowed size calculated at the command start. Quotas are recalculated at the command end with a full home directory scan, this could be heavy for big directories.
2019-11-26 21:26:42 +00:00
os.Remove(testFilePath)
first version
2019-07-20 10:26:52 +00:00
}
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
_, err = httpd.RemoveUser(user, http.StatusOK)
first version
2019-07-20 10:26:52 +00:00
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
atomic upload mode: remove temporary file on error If a transfer error is detected, then the partial temporary file will be removed and not renamed to requested path
2019-09-10 16:47:21 +00:00
os.RemoveAll(user.GetHomeDir())
first version
2019-07-20 10:26:52 +00:00
}
add a new permission for overwriting existing files The upload permission is required to allow file overwrite
2019-09-17 06:53:45 +00:00
func TestPermOverwrite(t *testing.T) {
usePubKey := false
u := getTestUser(usePubKey)
add per directory permissions we can now have permissions such as these ones {"/":["*"],"/somedir":["list","download"]} The old permissions are automatically converted to the new structure, no database migration is needed
2019-12-25 17:20:19 +00:00
u.Permissions["/"] = []string{dataprovider.PermListItems, dataprovider.PermDownload, dataprovider.PermUpload, dataprovider.PermDelete,
sftpd: add support for chtimes This improve rclone compatibility
2019-11-16 09:23:41 +00:00
dataprovider.PermRename, dataprovider.PermCreateDirs, dataprovider.PermCreateSymlinks, dataprovider.PermChmod,
dataprovider.PermChown, dataprovider.PermChtimes}
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
user, _, err := httpd.AddUser(u, http.StatusOK)
add a new permission for overwriting existing files The upload permission is required to allow file overwrite
2019-09-17 06:53:45 +00:00
if err != nil {
t.Errorf("unable to add user: %v", err)
}
client, err := getSftpClient(user, usePubKey)
if err != nil {
t.Errorf("unable to create sftp client: %v", err)
} else {
defer client.Close()
testFileName := "test_file.dat"
testFilePath := filepath.Join(homeBasePath, testFileName)
testFileSize := int64(65535)
err = createTestFile(testFilePath, testFileSize)
if err != nil {
t.Errorf("unable to create test file: %v", err)
}
err = sftpUploadFile(testFilePath, testFileName, testFileSize, client)
if err != nil {
t.Errorf("error uploading file: %v", err)
}
err = sftpUploadFile(testFilePath, testFileName, testFileSize, client)
if err == nil {
t.Errorf("file overwrite without permission should not succeed")
}
add support for Git over SSH We use the system commands "git-receive-pack", "git-upload-pack" and "git-upload-archive". they need to be installed and in your system's PATH. Since we execute system commands we have no direct control on file creation/deletion and so quota check is suboptimal: if quota is enabled, the number of files is checked at the command begin and not while new files are created. The allowed size is calculated as the difference between the max quota and the used one. The command is aborted if it uploads more bytes than the remaining allowed size calculated at the command start. Quotas are recalculated at the command end with a full home directory scan, this could be heavy for big directories.
2019-11-26 21:26:42 +00:00
os.Remove(testFilePath)
add a new permission for overwriting existing files The upload permission is required to allow file overwrite
2019-09-17 06:53:45 +00:00
}
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
_, err = httpd.RemoveUser(user, http.StatusOK)
add a new permission for overwriting existing files The upload permission is required to allow file overwrite
2019-09-17 06:53:45 +00:00
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
os.RemoveAll(user.GetHomeDir())
}
first version
2019-07-20 10:26:52 +00:00
func TestPermDelete(t *testing.T) {
usePubKey := false
u := getTestUser(usePubKey)
add per directory permissions we can now have permissions such as these ones {"/":["*"],"/somedir":["list","download"]} The old permissions are automatically converted to the new structure, no database migration is needed
2019-12-25 17:20:19 +00:00
u.Permissions["/"] = []string{dataprovider.PermListItems, dataprovider.PermDownload, dataprovider.PermUpload, dataprovider.PermRename,
sftpd: add support for chtimes This improve rclone compatibility
2019-11-16 09:23:41 +00:00
dataprovider.PermCreateDirs, dataprovider.PermCreateSymlinks, dataprovider.PermOverwrite, dataprovider.PermChmod,
dataprovider.PermChown, dataprovider.PermChtimes}
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
user, _, err := httpd.AddUser(u, http.StatusOK)
first version
2019-07-20 10:26:52 +00:00
if err != nil {
t.Errorf("unable to add user: %v", err)
}
client, err := getSftpClient(user, usePubKey)
if err != nil {
t.Errorf("unable to create sftp client: %v", err)
} else {
defer client.Close()
testFileName := "test_file.dat"
testFilePath := filepath.Join(homeBasePath, testFileName)
testFileSize := int64(65535)
err = createTestFile(testFilePath, testFileSize)
if err != nil {
t.Errorf("unable to create test file: %v", err)
}
err = sftpUploadFile(testFilePath, testFileName, testFileSize, client)
if err != nil {
t.Errorf("file upload error: %v", err)
}
err = client.Remove(testFileName)
if err == nil {
t.Errorf("delete without permission should not succeed")
}
add support for Git over SSH We use the system commands "git-receive-pack", "git-upload-pack" and "git-upload-archive". they need to be installed and in your system's PATH. Since we execute system commands we have no direct control on file creation/deletion and so quota check is suboptimal: if quota is enabled, the number of files is checked at the command begin and not while new files are created. The allowed size is calculated as the difference between the max quota and the used one. The command is aborted if it uploads more bytes than the remaining allowed size calculated at the command start. Quotas are recalculated at the command end with a full home directory scan, this could be heavy for big directories.
2019-11-26 21:26:42 +00:00
os.Remove(testFilePath)
first version
2019-07-20 10:26:52 +00:00
}
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
_, err = httpd.RemoveUser(user, http.StatusOK)
first version
2019-07-20 10:26:52 +00:00
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
atomic upload mode: remove temporary file on error If a transfer error is detected, then the partial temporary file will be removed and not renamed to requested path
2019-09-10 16:47:21 +00:00
os.RemoveAll(user.GetHomeDir())
first version
2019-07-20 10:26:52 +00:00
}
func TestPermRename(t *testing.T) {
usePubKey := false
u := getTestUser(usePubKey)
add per directory permissions we can now have permissions such as these ones {"/":["*"],"/somedir":["list","download"]} The old permissions are automatically converted to the new structure, no database migration is needed
2019-12-25 17:20:19 +00:00
u.Permissions["/"] = []string{dataprovider.PermListItems, dataprovider.PermDownload, dataprovider.PermUpload, dataprovider.PermDelete,
sftpd: add support for chtimes This improve rclone compatibility
2019-11-16 09:23:41 +00:00
dataprovider.PermCreateDirs, dataprovider.PermCreateSymlinks, dataprovider.PermOverwrite, dataprovider.PermChmod,
dataprovider.PermChown, dataprovider.PermChtimes}
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
user, _, err := httpd.AddUser(u, http.StatusOK)
first version
2019-07-20 10:26:52 +00:00
if err != nil {
t.Errorf("unable to add user: %v", err)
}
client, err := getSftpClient(user, usePubKey)
if err != nil {
t.Errorf("unable to create sftp client: %v", err)
} else {
defer client.Close()
testFileName := "test_file.dat"
testFilePath := filepath.Join(homeBasePath, testFileName)
testFileSize := int64(65535)
err = createTestFile(testFilePath, testFileSize)
if err != nil {
t.Errorf("unable to create test file: %v", err)
}
err = sftpUploadFile(testFilePath, testFileName, testFileSize, client)
if err != nil {
t.Errorf("file upload error: %v", err)
}
err = client.Rename(testFileName, testFileName+".rename")
if err == nil {
t.Errorf("rename without permission should not succeed")
}
err = client.Remove(testFileName)
if err != nil {
t.Errorf("error removing uploaded file: %v", err)
}
add support for Git over SSH We use the system commands "git-receive-pack", "git-upload-pack" and "git-upload-archive". they need to be installed and in your system's PATH. Since we execute system commands we have no direct control on file creation/deletion and so quota check is suboptimal: if quota is enabled, the number of files is checked at the command begin and not while new files are created. The allowed size is calculated as the difference between the max quota and the used one. The command is aborted if it uploads more bytes than the remaining allowed size calculated at the command start. Quotas are recalculated at the command end with a full home directory scan, this could be heavy for big directories.
2019-11-26 21:26:42 +00:00
os.Remove(testFilePath)
first version
2019-07-20 10:26:52 +00:00
}
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
_, err = httpd.RemoveUser(user, http.StatusOK)
first version
2019-07-20 10:26:52 +00:00
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
atomic upload mode: remove temporary file on error If a transfer error is detected, then the partial temporary file will be removed and not renamed to requested path
2019-09-10 16:47:21 +00:00
os.RemoveAll(user.GetHomeDir())
first version
2019-07-20 10:26:52 +00:00
}
func TestPermCreateDirs(t *testing.T) {
usePubKey := false
u := getTestUser(usePubKey)
add per directory permissions we can now have permissions such as these ones {"/":["*"],"/somedir":["list","download"]} The old permissions are automatically converted to the new structure, no database migration is needed
2019-12-25 17:20:19 +00:00
u.Permissions["/"] = []string{dataprovider.PermListItems, dataprovider.PermDownload, dataprovider.PermUpload, dataprovider.PermDelete,
sftpd: add support for chtimes This improve rclone compatibility
2019-11-16 09:23:41 +00:00
dataprovider.PermRename, dataprovider.PermCreateSymlinks, dataprovider.PermOverwrite, dataprovider.PermChmod,
dataprovider.PermChown, dataprovider.PermChtimes}
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
user, _, err := httpd.AddUser(u, http.StatusOK)
first version
2019-07-20 10:26:52 +00:00
if err != nil {
t.Errorf("unable to add user: %v", err)
}
client, err := getSftpClient(user, usePubKey)
if err != nil {
t.Errorf("unable to create sftp client: %v", err)
} else {
defer client.Close()
err = client.Mkdir("testdir")
if err == nil {
t.Errorf("mkdir without permission should not succeed")
}
}
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
_, err = httpd.RemoveUser(user, http.StatusOK)
first version
2019-07-20 10:26:52 +00:00
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
atomic upload mode: remove temporary file on error If a transfer error is detected, then the partial temporary file will be removed and not renamed to requested path
2019-09-10 16:47:21 +00:00
os.RemoveAll(user.GetHomeDir())
first version
2019-07-20 10:26:52 +00:00
}
func TestPermSymlink(t *testing.T) {
usePubKey := false
u := getTestUser(usePubKey)
add per directory permissions we can now have permissions such as these ones {"/":["*"],"/somedir":["list","download"]} The old permissions are automatically converted to the new structure, no database migration is needed
2019-12-25 17:20:19 +00:00
u.Permissions["/"] = []string{dataprovider.PermListItems, dataprovider.PermDownload, dataprovider.PermUpload, dataprovider.PermDelete,
sftpd: add support for chtimes This improve rclone compatibility
2019-11-16 09:23:41 +00:00
dataprovider.PermRename, dataprovider.PermCreateDirs, dataprovider.PermOverwrite, dataprovider.PermChmod, dataprovider.PermChown,
dataprovider.PermChtimes}
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
user, _, err := httpd.AddUser(u, http.StatusOK)
first version
2019-07-20 10:26:52 +00:00
if err != nil {
t.Errorf("unable to add user: %v", err)
}
client, err := getSftpClient(user, usePubKey)
if err != nil {
t.Errorf("unable to create sftp client: %v", err)
} else {
defer client.Close()
testFileName := "test_file.dat"
testFilePath := filepath.Join(homeBasePath, testFileName)
testFileSize := int64(65535)
err = createTestFile(testFilePath, testFileSize)
if err != nil {
t.Errorf("unable to create test file: %v", err)
}
err = sftpUploadFile(testFilePath, testFileName, testFileSize, client)
if err != nil {
t.Errorf("file upload error: %v", err)
}
err = client.Symlink(testFilePath, testFilePath+".symlink")
if err == nil {
t.Errorf("symlink without permission should not succeed")
}
err = client.Remove(testFileName)
if err != nil {
t.Errorf("error removing uploaded file: %v", err)
}
add support for Git over SSH We use the system commands "git-receive-pack", "git-upload-pack" and "git-upload-archive". they need to be installed and in your system's PATH. Since we execute system commands we have no direct control on file creation/deletion and so quota check is suboptimal: if quota is enabled, the number of files is checked at the command begin and not while new files are created. The allowed size is calculated as the difference between the max quota and the used one. The command is aborted if it uploads more bytes than the remaining allowed size calculated at the command start. Quotas are recalculated at the command end with a full home directory scan, this could be heavy for big directories.
2019-11-26 21:26:42 +00:00
os.Remove(testFilePath)
first version
2019-07-20 10:26:52 +00:00
}
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
_, err = httpd.RemoveUser(user, http.StatusOK)
first version
2019-07-20 10:26:52 +00:00
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
atomic upload mode: remove temporary file on error If a transfer error is detected, then the partial temporary file will be removed and not renamed to requested path
2019-09-10 16:47:21 +00:00
os.RemoveAll(user.GetHomeDir())
first version
2019-07-20 10:26:52 +00:00
}
add more test cases
2019-07-26 13:08:08 +00:00
sftpd: add support for chmod/chown added matching permissions too and a new setting "setstat_mode". Setting setstat_mode to 1 you can keep the previous behaviour that silently ignore setstat requests
2019-11-15 11:15:07 +00:00
func TestPermChmod(t *testing.T) {
usePubKey := false
u := getTestUser(usePubKey)
add per directory permissions we can now have permissions such as these ones {"/":["*"],"/somedir":["list","download"]} The old permissions are automatically converted to the new structure, no database migration is needed
2019-12-25 17:20:19 +00:00
u.Permissions["/"] = []string{dataprovider.PermListItems, dataprovider.PermDownload, dataprovider.PermUpload, dataprovider.PermDelete,
sftpd: add support for chmod/chown added matching permissions too and a new setting "setstat_mode". Setting setstat_mode to 1 you can keep the previous behaviour that silently ignore setstat requests
2019-11-15 11:15:07 +00:00
dataprovider.PermRename, dataprovider.PermCreateDirs, dataprovider.PermCreateSymlinks, dataprovider.PermOverwrite,
sftpd: add support for chtimes This improve rclone compatibility
2019-11-16 09:23:41 +00:00
dataprovider.PermChown, dataprovider.PermChtimes}
sftpd: add support for chmod/chown added matching permissions too and a new setting "setstat_mode". Setting setstat_mode to 1 you can keep the previous behaviour that silently ignore setstat requests
2019-11-15 11:15:07 +00:00
user, _, err := httpd.AddUser(u, http.StatusOK)
if err != nil {
t.Errorf("unable to add user: %v", err)
}
client, err := getSftpClient(user, usePubKey)
if err != nil {
t.Errorf("unable to create sftp client: %v", err)
} else {
defer client.Close()
testFileName := "test_file.dat"
testFilePath := filepath.Join(homeBasePath, testFileName)
testFileSize := int64(65535)
err = createTestFile(testFilePath, testFileSize)
if err != nil {
t.Errorf("unable to create test file: %v", err)
}
err = sftpUploadFile(testFilePath, testFileName, testFileSize, client)
if err != nil {
t.Errorf("file upload error: %v", err)
}
err = client.Chmod(testFileName, 0666)
if err == nil {
t.Errorf("chmod without permission should not succeed")
}
err = client.Remove(testFileName)
if err != nil {
t.Errorf("error removing uploaded file: %v", err)
}
add support for Git over SSH We use the system commands "git-receive-pack", "git-upload-pack" and "git-upload-archive". they need to be installed and in your system's PATH. Since we execute system commands we have no direct control on file creation/deletion and so quota check is suboptimal: if quota is enabled, the number of files is checked at the command begin and not while new files are created. The allowed size is calculated as the difference between the max quota and the used one. The command is aborted if it uploads more bytes than the remaining allowed size calculated at the command start. Quotas are recalculated at the command end with a full home directory scan, this could be heavy for big directories.
2019-11-26 21:26:42 +00:00
os.Remove(testFilePath)
sftpd: add support for chmod/chown added matching permissions too and a new setting "setstat_mode". Setting setstat_mode to 1 you can keep the previous behaviour that silently ignore setstat requests
2019-11-15 11:15:07 +00:00
}
_, err = httpd.RemoveUser(user, http.StatusOK)
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
os.RemoveAll(user.GetHomeDir())
}
func TestPermChown(t *testing.T) {
usePubKey := false
u := getTestUser(usePubKey)
add per directory permissions we can now have permissions such as these ones {"/":["*"],"/somedir":["list","download"]} The old permissions are automatically converted to the new structure, no database migration is needed
2019-12-25 17:20:19 +00:00
u.Permissions["/"] = []string{dataprovider.PermListItems, dataprovider.PermDownload, dataprovider.PermUpload, dataprovider.PermDelete,
sftpd: add support for chmod/chown added matching permissions too and a new setting "setstat_mode". Setting setstat_mode to 1 you can keep the previous behaviour that silently ignore setstat requests
2019-11-15 11:15:07 +00:00
dataprovider.PermRename, dataprovider.PermCreateDirs, dataprovider.PermCreateSymlinks, dataprovider.PermOverwrite,
sftpd: add support for chtimes This improve rclone compatibility
2019-11-16 09:23:41 +00:00
dataprovider.PermChmod, dataprovider.PermChtimes}
sftpd: add support for chmod/chown added matching permissions too and a new setting "setstat_mode". Setting setstat_mode to 1 you can keep the previous behaviour that silently ignore setstat requests
2019-11-15 11:15:07 +00:00
user, _, err := httpd.AddUser(u, http.StatusOK)
if err != nil {
t.Errorf("unable to add user: %v", err)
}
client, err := getSftpClient(user, usePubKey)
if err != nil {
t.Errorf("unable to create sftp client: %v", err)
} else {
defer client.Close()
testFileName := "test_file.dat"
testFilePath := filepath.Join(homeBasePath, testFileName)
testFileSize := int64(65535)
err = createTestFile(testFilePath, testFileSize)
if err != nil {
t.Errorf("unable to create test file: %v", err)
}
err = sftpUploadFile(testFilePath, testFileName, testFileSize, client)
if err != nil {
t.Errorf("file upload error: %v", err)
}
add support for Git over SSH We use the system commands "git-receive-pack", "git-upload-pack" and "git-upload-archive". they need to be installed and in your system's PATH. Since we execute system commands we have no direct control on file creation/deletion and so quota check is suboptimal: if quota is enabled, the number of files is checked at the command begin and not while new files are created. The allowed size is calculated as the difference between the max quota and the used one. The command is aborted if it uploads more bytes than the remaining allowed size calculated at the command start. Quotas are recalculated at the command end with a full home directory scan, this could be heavy for big directories.
2019-11-26 21:26:42 +00:00
err = client.Chown(testFileName, os.Getuid(), os.Getgid())
sftpd: add support for chmod/chown added matching permissions too and a new setting "setstat_mode". Setting setstat_mode to 1 you can keep the previous behaviour that silently ignore setstat requests
2019-11-15 11:15:07 +00:00
if err == nil {
t.Errorf("chown without permission should not succeed")
}
err = client.Remove(testFileName)
if err != nil {
t.Errorf("error removing uploaded file: %v", err)
}
add support for Git over SSH We use the system commands "git-receive-pack", "git-upload-pack" and "git-upload-archive". they need to be installed and in your system's PATH. Since we execute system commands we have no direct control on file creation/deletion and so quota check is suboptimal: if quota is enabled, the number of files is checked at the command begin and not while new files are created. The allowed size is calculated as the difference between the max quota and the used one. The command is aborted if it uploads more bytes than the remaining allowed size calculated at the command start. Quotas are recalculated at the command end with a full home directory scan, this could be heavy for big directories.
2019-11-26 21:26:42 +00:00
os.Remove(testFilePath)
sftpd: add support for chmod/chown added matching permissions too and a new setting "setstat_mode". Setting setstat_mode to 1 you can keep the previous behaviour that silently ignore setstat requests
2019-11-15 11:15:07 +00:00
}
_, err = httpd.RemoveUser(user, http.StatusOK)
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
os.RemoveAll(user.GetHomeDir())
}
sftpd: add support for chtimes This improve rclone compatibility
2019-11-16 09:23:41 +00:00
func TestPermChtimes(t *testing.T) {
usePubKey := false
u := getTestUser(usePubKey)
add per directory permissions we can now have permissions such as these ones {"/":["*"],"/somedir":["list","download"]} The old permissions are automatically converted to the new structure, no database migration is needed
2019-12-25 17:20:19 +00:00
u.Permissions["/"] = []string{dataprovider.PermListItems, dataprovider.PermDownload, dataprovider.PermUpload, dataprovider.PermDelete,
sftpd: add support for chtimes This improve rclone compatibility
2019-11-16 09:23:41 +00:00
dataprovider.PermRename, dataprovider.PermCreateDirs, dataprovider.PermCreateSymlinks, dataprovider.PermOverwrite,
dataprovider.PermChmod, dataprovider.PermChown}
user, _, err := httpd.AddUser(u, http.StatusOK)
if err != nil {
t.Errorf("unable to add user: %v", err)
}
client, err := getSftpClient(user, usePubKey)
if err != nil {
t.Errorf("unable to create sftp client: %v", err)
} else {
defer client.Close()
testFileName := "test_file.dat"
testFilePath := filepath.Join(homeBasePath, testFileName)
testFileSize := int64(65535)
err = createTestFile(testFilePath, testFileSize)
if err != nil {
t.Errorf("unable to create test file: %v", err)
}
err = sftpUploadFile(testFilePath, testFileName, testFileSize, client)
if err != nil {
t.Errorf("file upload error: %v", err)
}
err = client.Chtimes(testFileName, time.Now(), time.Now())
if err == nil {
t.Errorf("chtimes without permission should not succeed")
}
err = client.Remove(testFileName)
if err != nil {
t.Errorf("error removing uploaded file: %v", err)
}
add support for Git over SSH We use the system commands "git-receive-pack", "git-upload-pack" and "git-upload-archive". they need to be installed and in your system's PATH. Since we execute system commands we have no direct control on file creation/deletion and so quota check is suboptimal: if quota is enabled, the number of files is checked at the command begin and not while new files are created. The allowed size is calculated as the difference between the max quota and the used one. The command is aborted if it uploads more bytes than the remaining allowed size calculated at the command start. Quotas are recalculated at the command end with a full home directory scan, this could be heavy for big directories.
2019-11-26 21:26:42 +00:00
os.Remove(testFilePath)
sftpd: add support for chtimes This improve rclone compatibility
2019-11-16 09:23:41 +00:00
}
_, err = httpd.RemoveUser(user, http.StatusOK)
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
os.RemoveAll(user.GetHomeDir())
}
add per directory permissions we can now have permissions such as these ones {"/":["*"],"/somedir":["list","download"]} The old permissions are automatically converted to the new structure, no database migration is needed
2019-12-25 17:20:19 +00:00
func TestSubDirsUploads(t *testing.T) {
usePubKey := true
u := getTestUser(usePubKey)
u.Permissions["/"] = []string{dataprovider.PermAny}
u.Permissions["/subdir"] = []string{dataprovider.PermChtimes, dataprovider.PermDownload}
user, _, err := httpd.AddUser(u, http.StatusOK)
if err != nil {
t.Errorf("unable to add user: %v", err)
}
client, err := getSftpClient(user, usePubKey)
if err != nil {
t.Errorf("unable to create sftp client: %v", err)
} else {
defer client.Close()
err = client.Mkdir("subdir")
if err != nil {
t.Errorf("unexpected mkdir error: %v", err)
}
testFileName := "test_file.dat"
testFileNameSub := "/subdir/test_file_dat"
testFilePath := filepath.Join(homeBasePath, testFileName)
testFileSize := int64(65535)
err = createTestFile(testFilePath, testFileSize)
if err != nil {
t.Errorf("unable to create test file: %v", err)
}
err = sftpUploadFile(testFilePath, testFileName, testFileSize, client)
if err != nil {
t.Errorf("file upload error: %v", err)
}
err = sftpUploadFile(testFilePath, testFileNameSub, testFileSize, client)
if !strings.Contains(err.Error(), "Permission Denied") {
t.Errorf("unexpected upload error: %v", err)
}
err = client.Symlink(testFileName, testFileNameSub+".link")
if !strings.Contains(err.Error(), "Permission Denied") {
t.Errorf("unexpected upload error: %v", err)
}
err = client.Symlink(testFileName, testFileName+".link")
if err != nil {
t.Errorf("symlink error: %v", err)
}
err = client.Rename(testFileName, testFileNameSub+".rename")
if !strings.Contains(err.Error(), "Permission Denied") {
t.Errorf("unexpected rename error: %v", err)
}
err = client.Rename(testFileName, testFileName+".rename")
if err != nil {
t.Errorf("rename error: %v", err)
}
err = client.Remove(testFileNameSub)
if !strings.Contains(err.Error(), "Permission Denied") {
t.Errorf("unexpected upload error: %v", err)
}
err = client.Remove(testFileName + ".rename")
if err != nil {
t.Errorf("remove error: %v", err)
}
os.Remove(testFilePath)
}
httpd.RemoveUser(user, http.StatusOK)
os.RemoveAll(user.GetHomeDir())
}
func TestSubDirsOverwrite(t *testing.T) {
usePubKey := true
u := getTestUser(usePubKey)
u.Permissions["/"] = []string{dataprovider.PermAny}
u.Permissions["/subdir"] = []string{dataprovider.PermOverwrite, dataprovider.PermListItems}
user, _, err := httpd.AddUser(u, http.StatusOK)
if err != nil {
t.Errorf("unable to add user: %v", err)
}
client, err := getSftpClient(user, usePubKey)
if err != nil {
t.Errorf("unable to create sftp client: %v", err)
} else {
defer client.Close()
testFileName := "/subdir/test_file.dat"
testFilePath := filepath.Join(homeBasePath, "test_file.dat")
testFileSFTPPath := filepath.Join(u.GetHomeDir(), "subdir", "test_file.dat")
testFileSize := int64(65535)
err = createTestFile(testFilePath, testFileSize)
if err != nil {
t.Errorf("unable to create test file: %v", err)
}
err = createTestFile(testFileSFTPPath, 16384)
if err != nil {
t.Errorf("unable to create test file: %v", err)
}
err = sftpUploadFile(testFilePath, testFileName+".new", testFileSize, client)
if !strings.Contains(err.Error(), "Permission Denied") {
t.Errorf("unexpected upload error: %v", err)
}
err = sftpUploadFile(testFilePath, testFileName, testFileSize, client)
if err != nil {
t.Errorf("unexpected overwrite error: %v", err)
}
os.Remove(testFilePath)
}
httpd.RemoveUser(user, http.StatusOK)
os.RemoveAll(user.GetHomeDir())
}
func TestSubDirsDownloads(t *testing.T) {
usePubKey := true
u := getTestUser(usePubKey)
u.Permissions["/"] = []string{dataprovider.PermAny}
u.Permissions["/subdir"] = []string{dataprovider.PermChmod, dataprovider.PermUpload, dataprovider.PermListItems}
user, _, err := httpd.AddUser(u, http.StatusOK)
if err != nil {
t.Errorf("unable to add user: %v", err)
}
client, err := getSftpClient(user, usePubKey)
if err != nil {
t.Errorf("unable to create sftp client: %v", err)
} else {
defer client.Close()
err = client.Mkdir("subdir")
if err != nil {
t.Errorf("unexpected mkdir error: %v", err)
}
testFileName := "/subdir/test_file.dat"
testFilePath := filepath.Join(homeBasePath, "test_file.dat")
testFileSize := int64(65535)
err = createTestFile(testFilePath, testFileSize)
if err != nil {
t.Errorf("unable to create test file: %v", err)
}
err = sftpUploadFile(testFilePath, testFileName, testFileSize, client)
if err != nil {
t.Errorf("file upload error: %v", err)
}
localDownloadPath := filepath.Join(homeBasePath, "test_download.dat")
err = sftpDownloadFile(testFileName, localDownloadPath, testFileSize, client)
if !strings.Contains(err.Error(), "Permission Denied") {
t.Errorf("unexpected upload error: %v", err)
}
err = sftpUploadFile(testFilePath, testFileName, testFileSize, client)
if !strings.Contains(err.Error(), "Permission Denied") {
t.Errorf("unexpected overwrite error: %v", err)
}
err = client.Chtimes(testFileName, time.Now(), time.Now())
if !strings.Contains(err.Error(), "Permission Denied") {
t.Errorf("unexpected chtimes error: %v", err)
}
err = client.Rename(testFileName, testFileName+".rename")
if !strings.Contains(err.Error(), "Permission Denied") {
t.Errorf("unexpected rename error: %v", err)
}
err = client.Symlink(testFileName, testFileName+".link")
if !strings.Contains(err.Error(), "Permission Denied") {
t.Errorf("unexpected symlink error: %v", err)
}
err = client.Remove(testFileName)
if !strings.Contains(err.Error(), "Permission Denied") {
t.Errorf("unexpected remove error: %v", err)
}
os.Remove(localDownloadPath)
os.Remove(testFilePath)
}
httpd.RemoveUser(user, http.StatusOK)
os.RemoveAll(user.GetHomeDir())
}
func TestPermsSubDirsSetstat(t *testing.T) {
// for setstat we check the parent dir permission if the requested path is a dir
// otherwise the path permission
usePubKey := true
u := getTestUser(usePubKey)
u.Permissions["/"] = []string{dataprovider.PermListItems, dataprovider.PermCreateDirs}
u.Permissions["/subdir"] = []string{dataprovider.PermAny}
user, _, err := httpd.AddUser(u, http.StatusOK)
if err != nil {
t.Errorf("unable to add user: %v", err)
}
client, err := getSftpClient(user, usePubKey)
if err != nil {
t.Errorf("unable to create sftp client: %v", err)
} else {
defer client.Close()
err = client.Mkdir("subdir")
if err != nil {
t.Errorf("unexpected mkdir error: %v", err)
}
testFileName := "/subdir/test_file.dat"
testFilePath := filepath.Join(homeBasePath, "test_file.dat")
testFileSize := int64(65535)
err = createTestFile(testFilePath, testFileSize)
if err != nil {
t.Errorf("unable to create test file: %v", err)
}
err = sftpUploadFile(testFilePath, testFileName, testFileSize, client)
if err != nil {
t.Errorf("file upload error: %v", err)
}
err = client.Chtimes("/subdir/", time.Now(), time.Now())
if !strings.Contains(err.Error(), "Permission Denied") {
t.Errorf("unexpected chtimes error: %v", err)
}
err = client.Chtimes("subdir/", time.Now(), time.Now())
if !strings.Contains(err.Error(), "Permission Denied") {
t.Errorf("unexpected chtimes error: %v", err)
}
err = client.Chtimes(testFileName, time.Now(), time.Now())
if err != nil {
t.Errorf("unexpected chtimes error: %v", err)
}
os.Remove(testFilePath)
}
httpd.RemoveUser(user, http.StatusOK)
os.RemoveAll(user.GetHomeDir())
}
func TestPermsSubDirsCommands(t *testing.T) {
usePubKey := true
u := getTestUser(usePubKey)
u.Permissions["/"] = []string{dataprovider.PermAny}
u.Permissions["/subdir"] = []string{dataprovider.PermDownload, dataprovider.PermUpload}
user, _, err := httpd.AddUser(u, http.StatusOK)
if err != nil {
t.Errorf("unable to add user: %v", err)
}
client, err := getSftpClient(user, usePubKey)
if err != nil {
t.Errorf("unable to create sftp client: %v", err)
} else {
defer client.Close()
client.Mkdir("subdir")
acmodTime := time.Now()
err = client.Chtimes("/subdir", acmodTime, acmodTime)
if err != nil {
t.Errorf("unexpected chtimes error: %v", err)
}
_, err = client.Stat("/subdir")
if err != nil {
t.Errorf("unexpected stat error: %v", err)
}
_, err = client.ReadDir("/")
if err != nil {
t.Errorf("unexpected readdir error: %v", err)
}
_, err = client.ReadDir("/subdir")
if !strings.Contains(err.Error(), "Permission Denied") {
t.Errorf("unexpected error: %v", err)
}
err = client.RemoveDirectory("/subdir/dir")
if !strings.Contains(err.Error(), "Permission Denied") {
t.Errorf("unexpected error: %v", err)
}
err = client.Mkdir("/subdir/dir")
if !strings.Contains(err.Error(), "Permission Denied") {
t.Errorf("unexpected error: %v", err)
}
client.Mkdir("/otherdir")
err = client.Rename("/otherdir", "/subdir/otherdir")
if !strings.Contains(err.Error(), "Permission Denied") {
t.Errorf("unexpected error: %v", err)
}
err = client.Symlink("/otherdir", "/subdir/otherdir")
if !strings.Contains(err.Error(), "Permission Denied") {
t.Errorf("unexpected error: %v", err)
}
err = client.Symlink("/otherdir", "/otherdir_link")
if err != nil {
t.Errorf("unexpected rename dir error: %v", err)
}
err = client.Rename("/otherdir", "/otherdir1")
if err != nil {
t.Errorf("unexpected rename dir error: %v", err)
}
err = client.RemoveDirectory("/subdir")
if err != nil {
t.Errorf("unexpected remove dir error: %v", err)
}
}
httpd.RemoveUser(user, http.StatusOK)
os.RemoveAll(user.GetHomeDir())
}
sftpd: explicitly disallow some commands on root directory It was possible to remove an empty root dir or create a symlink to it. We now return a Permission Denied error if we detect an attempt to remove, renaming or symlinking the root directory
2019-12-25 22:37:37 +00:00
func TestRootDirCommands(t *testing.T) {
usePubKey := true
u := getTestUser(usePubKey)
u.Permissions["/"] = []string{dataprovider.PermAny}
u.Permissions["/subdir"] = []string{dataprovider.PermDownload, dataprovider.PermUpload}
user, _, err := httpd.AddUser(u, http.StatusOK)
if err != nil {
t.Errorf("unable to add user: %v", err)
}
client, err := getSftpClient(user, usePubKey)
if err != nil {
t.Errorf("unable to create sftp client: %v", err)
} else {
defer client.Close()
err = client.Rename("/", "rootdir")
if !strings.Contains(err.Error(), "Permission Denied") {
t.Errorf("unexpected error renaming root dir: %v", err)
}
err = client.Symlink("/", "rootdir")
if !strings.Contains(err.Error(), "Permission Denied") {
t.Errorf("unexpected error symlinking root dir: %v", err)
}
err = client.RemoveDirectory("/")
if !strings.Contains(err.Error(), "Permission Denied") {
t.Errorf("unexpected error removing root dir: %v", err)
}
}
httpd.RemoveUser(user, http.StatusOK)
os.RemoveAll(user.GetHomeDir())
}
add per directory permissions we can now have permissions such as these ones {"/":["*"],"/somedir":["list","download"]} The old permissions are automatically converted to the new structure, no database migration is needed
2019-12-25 17:20:19 +00:00
func TestRelativePaths(t *testing.T) {
user := getTestUser(true)
S3: add support for serving virtual folders inside the same bucket each user can be assigned to a virtual folder. This is similar to a chroot directory for local filesystem
2020-01-19 22:23:09 +00:00
var path, rel string
add support for virtual folders directories outside the user home directory can be exposed as virtual folders
2020-02-23 10:30:26 +00:00
filesystems := []vfs.Fs{vfs.NewOsFs("", user.GetHomeDir(), user.VirtualFolders)}
memory provider: load users from a dump file The `memory` provider can load users from a dump obtained using the `dumpdata` REST API. This dump file can be configured using the dataprovider `name` configuration key. It will be loaded at startup and can be reloaded on demand using a `SIGHUP` on Unix based systems and a `paramchange` request to the running service on Windows. Fixes #66
2020-02-02 21:20:39 +00:00
keyPrefix := strings.TrimPrefix(user.GetHomeDir(), "/") + "/"
S3: add support for serving virtual folders inside the same bucket each user can be assigned to a virtual folder. This is similar to a chroot directory for local filesystem
2020-01-19 22:23:09 +00:00
s3config := vfs.S3FsConfig{
memory provider: load users from a dump file The `memory` provider can load users from a dump obtained using the `dumpdata` REST API. This dump file can be configured using the dataprovider `name` configuration key. It will be loaded at startup and can be reloaded on demand using a `SIGHUP` on Unix based systems and a `paramchange` request to the running service on Windows. Fixes #66
2020-02-02 21:20:39 +00:00
KeyPrefix: keyPrefix,
S3: add support for serving virtual folders inside the same bucket each user can be assigned to a virtual folder. This is similar to a chroot directory for local filesystem
2020-01-19 22:23:09 +00:00
}
s3fs, _ := vfs.NewS3Fs("", user.GetHomeDir(), s3config)
add support for serving Google Cloud Storage over SFTP/SCP Each user can be mapped with a Google Cloud Storage bucket or a bucket virtual folder
2020-01-31 18:04:00 +00:00
gcsConfig := vfs.GCSFsConfig{
memory provider: load users from a dump file The `memory` provider can load users from a dump obtained using the `dumpdata` REST API. This dump file can be configured using the dataprovider `name` configuration key. It will be loaded at startup and can be reloaded on demand using a `SIGHUP` on Unix based systems and a `paramchange` request to the running service on Windows. Fixes #66
2020-02-02 21:20:39 +00:00
KeyPrefix: keyPrefix,
add support for serving Google Cloud Storage over SFTP/SCP Each user can be mapped with a Google Cloud Storage bucket or a bucket virtual folder
2020-01-31 18:04:00 +00:00
}
gcsfs, _ := vfs.NewGCSFs("", user.GetHomeDir(), gcsConfig)
fix test cases on Windows We have to rework TestRelativePaths and TestResolvePaths if we want to run them for Cloud Storage on Windows too: we use filesystem path while Cloud Storage providers expect Unix paths. On Windows is important to check the local filesystem so skip Cloud Storage providers test cases for now
2020-02-02 21:40:10 +00:00
if runtime.GOOS != "windows" {
filesystems = append(filesystems, s3fs, gcsfs)
}
S3: add support for serving virtual folders inside the same bucket each user can be assigned to a virtual folder. This is similar to a chroot directory for local filesystem
2020-01-19 22:23:09 +00:00
for _, fs := range filesystems {
path = filepath.Join(user.HomeDir, "/")
rel = fs.GetRelativePath(path)
if rel != "/" {
memory provider: load users from a dump file The `memory` provider can load users from a dump obtained using the `dumpdata` REST API. This dump file can be configured using the dataprovider `name` configuration key. It will be loaded at startup and can be reloaded on demand using a `SIGHUP` on Unix based systems and a `paramchange` request to the running service on Windows. Fixes #66
2020-02-02 21:20:39 +00:00
t.Errorf("Unexpected relative path: %v fs: %v", rel, fs.Name())
S3: add support for serving virtual folders inside the same bucket each user can be assigned to a virtual folder. This is similar to a chroot directory for local filesystem
2020-01-19 22:23:09 +00:00
}
path = filepath.Join(user.HomeDir, "//")
rel = fs.GetRelativePath(path)
if rel != "/" {
memory provider: load users from a dump file The `memory` provider can load users from a dump obtained using the `dumpdata` REST API. This dump file can be configured using the dataprovider `name` configuration key. It will be loaded at startup and can be reloaded on demand using a `SIGHUP` on Unix based systems and a `paramchange` request to the running service on Windows. Fixes #66
2020-02-02 21:20:39 +00:00
t.Errorf("Unexpected relative path: %v fs: %v", rel, fs.Name())
S3: add support for serving virtual folders inside the same bucket each user can be assigned to a virtual folder. This is similar to a chroot directory for local filesystem
2020-01-19 22:23:09 +00:00
}
path = filepath.Join(user.HomeDir, "../..")
rel = fs.GetRelativePath(path)
if rel != "/" {
memory provider: load users from a dump file The `memory` provider can load users from a dump obtained using the `dumpdata` REST API. This dump file can be configured using the dataprovider `name` configuration key. It will be loaded at startup and can be reloaded on demand using a `SIGHUP` on Unix based systems and a `paramchange` request to the running service on Windows. Fixes #66
2020-02-02 21:20:39 +00:00
t.Errorf("Unexpected relative path: %v path: %v fs: %v", rel, path, fs.Name())
S3: add support for serving virtual folders inside the same bucket each user can be assigned to a virtual folder. This is similar to a chroot directory for local filesystem
2020-01-19 22:23:09 +00:00
}
path = filepath.Join(user.HomeDir, "../../../../../")
rel = fs.GetRelativePath(path)
if rel != "/" {
memory provider: load users from a dump file The `memory` provider can load users from a dump obtained using the `dumpdata` REST API. This dump file can be configured using the dataprovider `name` configuration key. It will be loaded at startup and can be reloaded on demand using a `SIGHUP` on Unix based systems and a `paramchange` request to the running service on Windows. Fixes #66
2020-02-02 21:20:39 +00:00
t.Errorf("Unexpected relative path: %v fs: %v", rel, fs.Name())
S3: add support for serving virtual folders inside the same bucket each user can be assigned to a virtual folder. This is similar to a chroot directory for local filesystem
2020-01-19 22:23:09 +00:00
}
path = filepath.Join(user.HomeDir, "/..")
rel = fs.GetRelativePath(path)
if rel != "/" {
memory provider: load users from a dump file The `memory` provider can load users from a dump obtained using the `dumpdata` REST API. This dump file can be configured using the dataprovider `name` configuration key. It will be loaded at startup and can be reloaded on demand using a `SIGHUP` on Unix based systems and a `paramchange` request to the running service on Windows. Fixes #66
2020-02-02 21:20:39 +00:00
t.Errorf("Unexpected relative path: %v path: %v fs: %v", rel, path, fs.Name())
S3: add support for serving virtual folders inside the same bucket each user can be assigned to a virtual folder. This is similar to a chroot directory for local filesystem
2020-01-19 22:23:09 +00:00
}
path = filepath.Join(user.HomeDir, "/../../../..")
rel = fs.GetRelativePath(path)
if rel != "/" {
memory provider: load users from a dump file The `memory` provider can load users from a dump obtained using the `dumpdata` REST API. This dump file can be configured using the dataprovider `name` configuration key. It will be loaded at startup and can be reloaded on demand using a `SIGHUP` on Unix based systems and a `paramchange` request to the running service on Windows. Fixes #66
2020-02-02 21:20:39 +00:00
t.Errorf("Unexpected relative path: %v fs: %v", rel, fs.Name())
S3: add support for serving virtual folders inside the same bucket each user can be assigned to a virtual folder. This is similar to a chroot directory for local filesystem
2020-01-19 22:23:09 +00:00
}
path = filepath.Join(user.HomeDir, "")
rel = fs.GetRelativePath(path)
if rel != "/" {
memory provider: load users from a dump file The `memory` provider can load users from a dump obtained using the `dumpdata` REST API. This dump file can be configured using the dataprovider `name` configuration key. It will be loaded at startup and can be reloaded on demand using a `SIGHUP` on Unix based systems and a `paramchange` request to the running service on Windows. Fixes #66
2020-02-02 21:20:39 +00:00
t.Errorf("Unexpected relative path: %v fs: %v", rel, fs.Name())
S3: add support for serving virtual folders inside the same bucket each user can be assigned to a virtual folder. This is similar to a chroot directory for local filesystem
2020-01-19 22:23:09 +00:00
}
path = filepath.Join(user.HomeDir, ".")
rel = fs.GetRelativePath(path)
if rel != "/" {
memory provider: load users from a dump file The `memory` provider can load users from a dump obtained using the `dumpdata` REST API. This dump file can be configured using the dataprovider `name` configuration key. It will be loaded at startup and can be reloaded on demand using a `SIGHUP` on Unix based systems and a `paramchange` request to the running service on Windows. Fixes #66
2020-02-02 21:20:39 +00:00
t.Errorf("Unexpected relative path: %v fs: %v", rel, fs.Name())
S3: add support for serving virtual folders inside the same bucket each user can be assigned to a virtual folder. This is similar to a chroot directory for local filesystem
2020-01-19 22:23:09 +00:00
}
path = filepath.Join(user.HomeDir, "somedir")
rel = fs.GetRelativePath(path)
if rel != "/somedir" {
memory provider: load users from a dump file The `memory` provider can load users from a dump obtained using the `dumpdata` REST API. This dump file can be configured using the dataprovider `name` configuration key. It will be loaded at startup and can be reloaded on demand using a `SIGHUP` on Unix based systems and a `paramchange` request to the running service on Windows. Fixes #66
2020-02-02 21:20:39 +00:00
t.Errorf("Unexpected relative path: %v fs: %v", rel, fs.Name())
S3: add support for serving virtual folders inside the same bucket each user can be assigned to a virtual folder. This is similar to a chroot directory for local filesystem
2020-01-19 22:23:09 +00:00
}
path = filepath.Join(user.HomeDir, "/somedir/subdir")
rel = fs.GetRelativePath(path)
if rel != "/somedir/subdir" {
memory provider: load users from a dump file The `memory` provider can load users from a dump obtained using the `dumpdata` REST API. This dump file can be configured using the dataprovider `name` configuration key. It will be loaded at startup and can be reloaded on demand using a `SIGHUP` on Unix based systems and a `paramchange` request to the running service on Windows. Fixes #66
2020-02-02 21:20:39 +00:00
t.Errorf("Unexpected relative path: %v fs: %v", rel, fs.Name())
S3: add support for serving virtual folders inside the same bucket each user can be assigned to a virtual folder. This is similar to a chroot directory for local filesystem
2020-01-19 22:23:09 +00:00
}
add per directory permissions we can now have permissions such as these ones {"/":["*"],"/somedir":["list","download"]} The old permissions are automatically converted to the new structure, no database migration is needed
2019-12-25 17:20:19 +00:00
}
}
S3: add support for serving virtual folders inside the same bucket each user can be assigned to a virtual folder. This is similar to a chroot directory for local filesystem
2020-01-19 22:23:09 +00:00
func TestResolvePaths(t *testing.T) {
user := getTestUser(true)
var path, resolved string
var err error
add support for virtual folders directories outside the user home directory can be exposed as virtual folders
2020-02-23 10:30:26 +00:00
filesystems := []vfs.Fs{vfs.NewOsFs("", user.GetHomeDir(), user.VirtualFolders)}
fix test cases on Windows We have to rework TestRelativePaths and TestResolvePaths if we want to run them for Cloud Storage on Windows too: we use filesystem path while Cloud Storage providers expect Unix paths. On Windows is important to check the local filesystem so skip Cloud Storage providers test cases for now
2020-02-02 21:40:10 +00:00
keyPrefix := strings.TrimPrefix(user.GetHomeDir(), "/") + "/"
S3: add support for serving virtual folders inside the same bucket each user can be assigned to a virtual folder. This is similar to a chroot directory for local filesystem
2020-01-19 22:23:09 +00:00
s3config := vfs.S3FsConfig{
fix test cases on Windows We have to rework TestRelativePaths and TestResolvePaths if we want to run them for Cloud Storage on Windows too: we use filesystem path while Cloud Storage providers expect Unix paths. On Windows is important to check the local filesystem so skip Cloud Storage providers test cases for now
2020-02-02 21:40:10 +00:00
KeyPrefix: keyPrefix,
S3: add support for serving virtual folders inside the same bucket each user can be assigned to a virtual folder. This is similar to a chroot directory for local filesystem
2020-01-19 22:23:09 +00:00
}
os.MkdirAll(user.GetHomeDir(), 0777)
s3fs, _ := vfs.NewS3Fs("", user.GetHomeDir(), s3config)
add support for serving Google Cloud Storage over SFTP/SCP Each user can be mapped with a Google Cloud Storage bucket or a bucket virtual folder
2020-01-31 18:04:00 +00:00
gcsConfig := vfs.GCSFsConfig{
fix test cases on Windows We have to rework TestRelativePaths and TestResolvePaths if we want to run them for Cloud Storage on Windows too: we use filesystem path while Cloud Storage providers expect Unix paths. On Windows is important to check the local filesystem so skip Cloud Storage providers test cases for now
2020-02-02 21:40:10 +00:00
KeyPrefix: keyPrefix,
add support for serving Google Cloud Storage over SFTP/SCP Each user can be mapped with a Google Cloud Storage bucket or a bucket virtual folder
2020-01-31 18:04:00 +00:00
}
gcsfs, _ := vfs.NewGCSFs("", user.GetHomeDir(), gcsConfig)
fix test cases on Windows We have to rework TestRelativePaths and TestResolvePaths if we want to run them for Cloud Storage on Windows too: we use filesystem path while Cloud Storage providers expect Unix paths. On Windows is important to check the local filesystem so skip Cloud Storage providers test cases for now
2020-02-02 21:40:10 +00:00
if runtime.GOOS != "windows" {
filesystems = append(filesystems, s3fs, gcsfs)
}
S3: add support for serving virtual folders inside the same bucket each user can be assigned to a virtual folder. This is similar to a chroot directory for local filesystem
2020-01-19 22:23:09 +00:00
for _, fs := range filesystems {
path = "/"
resolved, _ = fs.ResolvePath(filepath.ToSlash(path))
if resolved != fs.Join(user.GetHomeDir(), "/") {
t.Errorf("Unexpected resolved path: %v for: %v, fs: %v", resolved, path, fs.Name())
}
path = "."
resolved, _ = fs.ResolvePath(filepath.ToSlash(path))
if resolved != fs.Join(user.GetHomeDir(), "/") {
t.Errorf("Unexpected resolved path: %v for: %v, fs: %v", resolved, path, fs.Name())
}
path = "test/sub"
resolved, _ = fs.ResolvePath(filepath.ToSlash(path))
if resolved != fs.Join(user.GetHomeDir(), "/test/sub") {
t.Errorf("Unexpected resolved path: %v for: %v, fs: %v", resolved, path, fs.Name())
}
path = "../test/sub"
resolved, err = fs.ResolvePath(filepath.ToSlash(path))
S3: fix quota update after an upload error S3 uploads are atomic, if the upload fails we have no partial file so we have to update the user quota only if the upload succeed
2020-01-23 09:19:56 +00:00
if vfs.IsLocalOsFs(fs) {
S3: add support for serving virtual folders inside the same bucket each user can be assigned to a virtual folder. This is similar to a chroot directory for local filesystem
2020-01-19 22:23:09 +00:00
if err == nil {
t.Errorf("Unexpected resolved path: %v for: %v, fs: %v", resolved, path, fs.Name())
}
} else {
if resolved != fs.Join(user.GetHomeDir(), "/test/sub") && err == nil {
t.Errorf("Unexpected resolved path: %v for: %v, fs: %v", resolved, path, fs.Name())
}
}
path = "../../../test/../sub"
resolved, err = fs.ResolvePath(filepath.ToSlash(path))
S3: fix quota update after an upload error S3 uploads are atomic, if the upload fails we have no partial file so we have to update the user quota only if the upload succeed
2020-01-23 09:19:56 +00:00
if vfs.IsLocalOsFs(fs) {
S3: add support for serving virtual folders inside the same bucket each user can be assigned to a virtual folder. This is similar to a chroot directory for local filesystem
2020-01-19 22:23:09 +00:00
if err == nil {
t.Errorf("Unexpected resolved path: %v for: %v, fs: %v", resolved, path, fs.Name())
}
} else {
if resolved != fs.Join(user.GetHomeDir(), "/sub") && err == nil {
t.Errorf("Unexpected resolved path: %v for: %v, fs: %v", resolved, path, fs.Name())
}
}
}
os.RemoveAll(user.GetHomeDir())
}
add support for virtual folders directories outside the user home directory can be exposed as virtual folders
2020-02-23 10:30:26 +00:00
func TestVirtualRelativePaths(t *testing.T) {
user := getTestUser(true)
mappedPath := filepath.Join(os.TempDir(), "vdir")
vdirPath := "/vdir"
user.VirtualFolders = append(user.VirtualFolders, vfs.VirtualFolder{
VirtualPath: vdirPath,
MappedPath: mappedPath,
})
os.MkdirAll(mappedPath, 0777)
fs := vfs.NewOsFs("", user.GetHomeDir(), user.VirtualFolders)
rel := fs.GetRelativePath(mappedPath)
if rel != vdirPath {
t.Errorf("Unexpected relative path: %v", rel)
}
rel = fs.GetRelativePath(filepath.Join(mappedPath, ".."))
if rel != "/" {
t.Errorf("Unexpected relative path: %v", rel)
}
// path outside home and virtual dir
rel = fs.GetRelativePath(filepath.Join(mappedPath, "../vdir1"))
if rel != "/" {
t.Errorf("Unexpected relative path: %v", rel)
}
rel = fs.GetRelativePath(filepath.Join(mappedPath, "../vdir/file.txt"))
if rel != "/vdir/file.txt" {
t.Errorf("Unexpected relative path: %v", rel)
}
rel = fs.GetRelativePath(filepath.Join(user.HomeDir, "vdir1/file.txt"))
if rel != "/vdir1/file.txt" {
t.Errorf("Unexpected relative path: %v", rel)
}
}
func TestResolveVirtualPaths(t *testing.T) {
user := getTestUser(true)
mappedPath := filepath.Join(os.TempDir(), "vdir")
vdirPath := "/vdir"
user.VirtualFolders = append(user.VirtualFolders, vfs.VirtualFolder{
VirtualPath: vdirPath,
MappedPath: mappedPath,
})
os.MkdirAll(mappedPath, 0777)
fs := vfs.NewOsFs("", user.GetHomeDir(), user.VirtualFolders)
osFs := fs.(*vfs.OsFs)
b, f := osFs.GetFsPaths("/vdir/a.txt")
if b != mappedPath {
t.Errorf("unexpected base path: %#v expected: %#v", b, mappedPath)
}
if f != filepath.Join(mappedPath, "a.txt") {
t.Errorf("unexpected fs path: %#v expected: %#v", f, filepath.Join(mappedPath, "a.txt"))
}
b, f = osFs.GetFsPaths("/vdir/sub with space & spécial chars/a.txt")
if b != mappedPath {
t.Errorf("unexpected base path: %#v expected: %#v", b, mappedPath)
}
if f != filepath.Join(mappedPath, "sub with space & spécial chars/a.txt") {
t.Errorf("unexpected fs path: %#v expected: %#v", f, filepath.Join(mappedPath, "sub with space & spécial chars/a.txt"))
}
b, f = osFs.GetFsPaths("/vdir/../a.txt")
if b != user.GetHomeDir() {
t.Errorf("unexpected base path: %#v expected: %#v", b, user.GetHomeDir())
}
if f != filepath.Join(user.GetHomeDir(), "a.txt") {
t.Errorf("unexpected fs path: %#v expected: %#v", f, filepath.Join(user.GetHomeDir(), "a.txt"))
}
b, f = osFs.GetFsPaths("/vdir1/a.txt")
if b != user.GetHomeDir() {
t.Errorf("unexpected base path: %#v expected: %#v", b, user.GetHomeDir())
}
if f != filepath.Join(user.GetHomeDir(), "/vdir1/a.txt") {
t.Errorf("unexpected fs path: %#v expected: %#v", f, filepath.Join(user.GetHomeDir(), "/vdir1/a.txt"))
}
}
add per directory permissions we can now have permissions such as these ones {"/":["*"],"/somedir":["list","download"]} The old permissions are automatically converted to the new structure, no database migration is needed
2019-12-25 17:20:19 +00:00
func TestUserPerms(t *testing.T) {
user := getTestUser(true)
user.Permissions = make(map[string][]string)
user.Permissions["/"] = []string{dataprovider.PermListItems}
user.Permissions["/p"] = []string{dataprovider.PermDelete}
user.Permissions["/p/1"] = []string{dataprovider.PermDownload, dataprovider.PermUpload}
user.Permissions["/p/2"] = []string{dataprovider.PermCreateDirs}
user.Permissions["/p/3"] = []string{dataprovider.PermChmod}
user.Permissions["/p/3/4"] = []string{dataprovider.PermChtimes}
user.Permissions["/tmp"] = []string{dataprovider.PermRename}
check permissions against sftp path instead of building filesystem paths and then checking permissions against path relative to the home dir that is the initial sftp path
2020-01-05 10:41:25 +00:00
if !user.HasPerm(dataprovider.PermListItems, "/") {
add per directory permissions we can now have permissions such as these ones {"/":["*"],"/somedir":["list","download"]} The old permissions are automatically converted to the new structure, no database migration is needed
2019-12-25 17:20:19 +00:00
t.Error("expected permission not found")
}
check permissions against sftp path instead of building filesystem paths and then checking permissions against path relative to the home dir that is the initial sftp path
2020-01-05 10:41:25 +00:00
if !user.HasPerm(dataprovider.PermListItems, ".") {
add per directory permissions we can now have permissions such as these ones {"/":["*"],"/somedir":["list","download"]} The old permissions are automatically converted to the new structure, no database migration is needed
2019-12-25 17:20:19 +00:00
t.Error("expected permission not found")
}
check permissions against sftp path instead of building filesystem paths and then checking permissions against path relative to the home dir that is the initial sftp path
2020-01-05 10:41:25 +00:00
if !user.HasPerm(dataprovider.PermListItems, "") {
add per directory permissions we can now have permissions such as these ones {"/":["*"],"/somedir":["list","download"]} The old permissions are automatically converted to the new structure, no database migration is needed
2019-12-25 17:20:19 +00:00
t.Error("expected permission not found")
}
check permissions against sftp path instead of building filesystem paths and then checking permissions against path relative to the home dir that is the initial sftp path
2020-01-05 10:41:25 +00:00
if !user.HasPerm(dataprovider.PermListItems, "../") {
add per directory permissions we can now have permissions such as these ones {"/":["*"],"/somedir":["list","download"]} The old permissions are automatically converted to the new structure, no database migration is needed
2019-12-25 17:20:19 +00:00
t.Error("expected permission not found")
}
// path p and /p are the same
check permissions against sftp path instead of building filesystem paths and then checking permissions against path relative to the home dir that is the initial sftp path
2020-01-05 10:41:25 +00:00
if !user.HasPerm(dataprovider.PermDelete, "/p") {
add per directory permissions we can now have permissions such as these ones {"/":["*"],"/somedir":["list","download"]} The old permissions are automatically converted to the new structure, no database migration is needed
2019-12-25 17:20:19 +00:00
t.Error("expected permission not found")
}
check permissions against sftp path instead of building filesystem paths and then checking permissions against path relative to the home dir that is the initial sftp path
2020-01-05 10:41:25 +00:00
if !user.HasPerm(dataprovider.PermDownload, "/p/1") {
add per directory permissions we can now have permissions such as these ones {"/":["*"],"/somedir":["list","download"]} The old permissions are automatically converted to the new structure, no database migration is needed
2019-12-25 17:20:19 +00:00
t.Error("expected permission not found")
}
check permissions against sftp path instead of building filesystem paths and then checking permissions against path relative to the home dir that is the initial sftp path
2020-01-05 10:41:25 +00:00
if !user.HasPerm(dataprovider.PermCreateDirs, "p/2") {
add per directory permissions we can now have permissions such as these ones {"/":["*"],"/somedir":["list","download"]} The old permissions are automatically converted to the new structure, no database migration is needed
2019-12-25 17:20:19 +00:00
t.Error("expected permission not found")
}
check permissions against sftp path instead of building filesystem paths and then checking permissions against path relative to the home dir that is the initial sftp path
2020-01-05 10:41:25 +00:00
if !user.HasPerm(dataprovider.PermChmod, "/p/3") {
add per directory permissions we can now have permissions such as these ones {"/":["*"],"/somedir":["list","download"]} The old permissions are automatically converted to the new structure, no database migration is needed
2019-12-25 17:20:19 +00:00
t.Error("expected permission not found")
}
check permissions against sftp path instead of building filesystem paths and then checking permissions against path relative to the home dir that is the initial sftp path
2020-01-05 10:41:25 +00:00
if !user.HasPerm(dataprovider.PermChtimes, "p/3/4/") {
add per directory permissions we can now have permissions such as these ones {"/":["*"],"/somedir":["list","download"]} The old permissions are automatically converted to the new structure, no database migration is needed
2019-12-25 17:20:19 +00:00
t.Error("expected permission not found")
}
check permissions against sftp path instead of building filesystem paths and then checking permissions against path relative to the home dir that is the initial sftp path
2020-01-05 10:41:25 +00:00
if !user.HasPerm(dataprovider.PermChtimes, "p/3/4/../4") {
add per directory permissions we can now have permissions such as these ones {"/":["*"],"/somedir":["list","download"]} The old permissions are automatically converted to the new structure, no database migration is needed
2019-12-25 17:20:19 +00:00
t.Error("expected permission not found")
}
// undefined paths have permissions of the nearest path
check permissions against sftp path instead of building filesystem paths and then checking permissions against path relative to the home dir that is the initial sftp path
2020-01-05 10:41:25 +00:00
if !user.HasPerm(dataprovider.PermListItems, "/p34") {
add per directory permissions we can now have permissions such as these ones {"/":["*"],"/somedir":["list","download"]} The old permissions are automatically converted to the new structure, no database migration is needed
2019-12-25 17:20:19 +00:00
t.Error("expected permission not found")
}
check permissions against sftp path instead of building filesystem paths and then checking permissions against path relative to the home dir that is the initial sftp path
2020-01-05 10:41:25 +00:00
if !user.HasPerm(dataprovider.PermListItems, "/p34/p1/file.dat") {
add per directory permissions we can now have permissions such as these ones {"/":["*"],"/somedir":["list","download"]} The old permissions are automatically converted to the new structure, no database migration is needed
2019-12-25 17:20:19 +00:00
t.Error("expected permission not found")
}
check permissions against sftp path instead of building filesystem paths and then checking permissions against path relative to the home dir that is the initial sftp path
2020-01-05 10:41:25 +00:00
if !user.HasPerm(dataprovider.PermChtimes, "/p/3/4/5/6") {
add per directory permissions we can now have permissions such as these ones {"/":["*"],"/somedir":["list","download"]} The old permissions are automatically converted to the new structure, no database migration is needed
2019-12-25 17:20:19 +00:00
t.Error("expected permission not found")
}
check permissions against sftp path instead of building filesystem paths and then checking permissions against path relative to the home dir that is the initial sftp path
2020-01-05 10:41:25 +00:00
if !user.HasPerm(dataprovider.PermDownload, "/p/1/test/file.dat") {
add per directory permissions we can now have permissions such as these ones {"/":["*"],"/somedir":["list","download"]} The old permissions are automatically converted to the new structure, no database migration is needed
2019-12-25 17:20:19 +00:00
t.Error("expected permission not found")
}
}
filters: we can now set allowed and denied files extensions
2020-03-01 21:10:29 +00:00
func TestFilterFileExtensions(t *testing.T) {
user := getTestUser(true)
extension := dataprovider.ExtensionsFilter{
Path: "/test",
AllowedExtensions: []string{".jpg", ".png"},
DeniedExtensions: []string{".pdf"},
}
filters := dataprovider.UserFilters{
FileExtensions: []dataprovider.ExtensionsFilter{extension},
}
user.Filters = filters
if !user.IsFileAllowed("/test/test.jPg") {
t.Error("this file must be allowed")
}
if user.IsFileAllowed("/test/test.pdf") {
t.Error("this file must be denied")
}
if !user.IsFileAllowed("/test.pDf") {
t.Error("this file must be allowed")
}
filters.FileExtensions = append(filters.FileExtensions, dataprovider.ExtensionsFilter{
Path: "/",
AllowedExtensions: []string{".zip", ".rar", ".pdf"},
DeniedExtensions: []string{".gz"},
})
user.Filters = filters
if user.IsFileAllowed("/test1/test.gz") {
t.Error("this file must be denied")
}
if !user.IsFileAllowed("/test1/test.zip") {
t.Error("this file must be allowed")
}
if user.IsFileAllowed("/test/sub/test.pdf") {
t.Error("this file must be denied")
}
if user.IsFileAllowed("/test1/test.png") {
t.Error("this file must be denied")
}
filters.FileExtensions = append(filters.FileExtensions, dataprovider.ExtensionsFilter{
Path: "/test/sub",
DeniedExtensions: []string{".tar"},
})
user.Filters = filters
if user.IsFileAllowed("/test/sub/sub/test.tar") {
t.Error("this file must be denied")
}
if !user.IsFileAllowed("/test/sub/test.gz") {
t.Error("this file must be allowed")
}
if user.IsFileAllowed("/test/test.zip") {
t.Error("this file must be denied")
}
}
subdir perms: allow empty perms empty perms will allow nothing on the specified subdir. Non empty permissions for the "/" dir are still required. Fixes #70
2020-02-10 18:28:35 +00:00
func TestUserEmptySubDirPerms(t *testing.T) {
user := getTestUser(true)
user.Permissions = make(map[string][]string)
user.Permissions["/emptyperms"] = []string{}
for _, p := range dataprovider.ValidPerms {
if user.HasPerm(p, "/emptyperms") {
t.Errorf("unexpected permission %#v for dir /emptyperms", p)
}
}
}
Add support for allowed/denied IP/Mask Login can be restricted to specific ranges of IP address or to a specific IP address. Please apply the appropriate SQL upgrade script to add the filter field to your database. The filter database field will allow to add other filters without requiring a new database migration
2019-12-30 17:37:50 +00:00
func TestUserFiltersIPMaskConditions(t *testing.T) {
user := getTestUser(true)
// with no filter login must be allowed even if the remoteIP is invalid
add support for per user authentication methods You can, for example, deny one or more authentication methods to one or more users.
2020-02-19 21:39:30 +00:00
if !user.IsLoginFromAddrAllowed("192.168.1.5") {
Add support for allowed/denied IP/Mask Login can be restricted to specific ranges of IP address or to a specific IP address. Please apply the appropriate SQL upgrade script to add the filter field to your database. The filter database field will allow to add other filters without requiring a new database migration
2019-12-30 17:37:50 +00:00
t.Error("unexpected login denied")
}
add support for per user authentication methods You can, for example, deny one or more authentication methods to one or more users.
2020-02-19 21:39:30 +00:00
if !user.IsLoginFromAddrAllowed("invalid") {
Add support for allowed/denied IP/Mask Login can be restricted to specific ranges of IP address or to a specific IP address. Please apply the appropriate SQL upgrade script to add the filter field to your database. The filter database field will allow to add other filters without requiring a new database migration
2019-12-30 17:37:50 +00:00
t.Error("unexpected login denied")
}
user.Filters.DeniedIP = append(user.Filters.DeniedIP, "192.168.1.0/24")
add support for per user authentication methods You can, for example, deny one or more authentication methods to one or more users.
2020-02-19 21:39:30 +00:00
if user.IsLoginFromAddrAllowed("192.168.1.5") {
Add support for allowed/denied IP/Mask Login can be restricted to specific ranges of IP address or to a specific IP address. Please apply the appropriate SQL upgrade script to add the filter field to your database. The filter database field will allow to add other filters without requiring a new database migration
2019-12-30 17:37:50 +00:00
t.Error("unexpected login allowed")
}
add support for per user authentication methods You can, for example, deny one or more authentication methods to one or more users.
2020-02-19 21:39:30 +00:00
if !user.IsLoginFromAddrAllowed("192.168.2.6") {
Add support for allowed/denied IP/Mask Login can be restricted to specific ranges of IP address or to a specific IP address. Please apply the appropriate SQL upgrade script to add the filter field to your database. The filter database field will allow to add other filters without requiring a new database migration
2019-12-30 17:37:50 +00:00
t.Error("unexpected login denied")
}
user.Filters.AllowedIP = append(user.Filters.AllowedIP, "192.168.1.5/32")
// if the same ip/mask is both denied and allowed then login must be denied
add support for per user authentication methods You can, for example, deny one or more authentication methods to one or more users.
2020-02-19 21:39:30 +00:00
if user.IsLoginFromAddrAllowed("192.168.1.5") {
Add support for allowed/denied IP/Mask Login can be restricted to specific ranges of IP address or to a specific IP address. Please apply the appropriate SQL upgrade script to add the filter field to your database. The filter database field will allow to add other filters without requiring a new database migration
2019-12-30 17:37:50 +00:00
t.Error("unexpected login allowed")
}
add support for per user authentication methods You can, for example, deny one or more authentication methods to one or more users.
2020-02-19 21:39:30 +00:00
if user.IsLoginFromAddrAllowed("192.168.3.6") {
Add support for allowed/denied IP/Mask Login can be restricted to specific ranges of IP address or to a specific IP address. Please apply the appropriate SQL upgrade script to add the filter field to your database. The filter database field will allow to add other filters without requiring a new database migration
2019-12-30 17:37:50 +00:00
t.Error("unexpected login allowed")
}
user.Filters.DeniedIP = []string{}
add support for per user authentication methods You can, for example, deny one or more authentication methods to one or more users.
2020-02-19 21:39:30 +00:00
if !user.IsLoginFromAddrAllowed("192.168.1.5") {
Add support for allowed/denied IP/Mask Login can be restricted to specific ranges of IP address or to a specific IP address. Please apply the appropriate SQL upgrade script to add the filter field to your database. The filter database field will allow to add other filters without requiring a new database migration
2019-12-30 17:37:50 +00:00
t.Error("unexpected login denied")
}
add support for per user authentication methods You can, for example, deny one or more authentication methods to one or more users.
2020-02-19 21:39:30 +00:00
if user.IsLoginFromAddrAllowed("192.168.1.6") {
Add support for allowed/denied IP/Mask Login can be restricted to specific ranges of IP address or to a specific IP address. Please apply the appropriate SQL upgrade script to add the filter field to your database. The filter database field will allow to add other filters without requiring a new database migration
2019-12-30 17:37:50 +00:00
t.Error("unexpected login allowed")
}
user.Filters.DeniedIP = []string{"192.168.0.0/16", "172.16.0.0/16"}
user.Filters.AllowedIP = []string{}
add support for per user authentication methods You can, for example, deny one or more authentication methods to one or more users.
2020-02-19 21:39:30 +00:00
if user.IsLoginFromAddrAllowed("192.168.5.255") {
Add support for allowed/denied IP/Mask Login can be restricted to specific ranges of IP address or to a specific IP address. Please apply the appropriate SQL upgrade script to add the filter field to your database. The filter database field will allow to add other filters without requiring a new database migration
2019-12-30 17:37:50 +00:00
t.Error("unexpected login allowed")
}
add support for per user authentication methods You can, for example, deny one or more authentication methods to one or more users.
2020-02-19 21:39:30 +00:00
if user.IsLoginFromAddrAllowed("172.16.1.2") {
Add support for allowed/denied IP/Mask Login can be restricted to specific ranges of IP address or to a specific IP address. Please apply the appropriate SQL upgrade script to add the filter field to your database. The filter database field will allow to add other filters without requiring a new database migration
2019-12-30 17:37:50 +00:00
t.Error("unexpected login allowed")
}
add support for per user authentication methods You can, for example, deny one or more authentication methods to one or more users.
2020-02-19 21:39:30 +00:00
if !user.IsLoginFromAddrAllowed("172.18.2.1") {
Add support for allowed/denied IP/Mask Login can be restricted to specific ranges of IP address or to a specific IP address. Please apply the appropriate SQL upgrade script to add the filter field to your database. The filter database field will allow to add other filters without requiring a new database migration
2019-12-30 17:37:50 +00:00
t.Error("unexpected login denied")
}
user.Filters.AllowedIP = []string{"10.4.4.0/24"}
add support for per user authentication methods You can, for example, deny one or more authentication methods to one or more users.
2020-02-19 21:39:30 +00:00
if user.IsLoginFromAddrAllowed("10.5.4.2") {
Add support for allowed/denied IP/Mask Login can be restricted to specific ranges of IP address or to a specific IP address. Please apply the appropriate SQL upgrade script to add the filter field to your database. The filter database field will allow to add other filters without requiring a new database migration
2019-12-30 17:37:50 +00:00
t.Error("unexpected login allowed")
}
add support for per user authentication methods You can, for example, deny one or more authentication methods to one or more users.
2020-02-19 21:39:30 +00:00
if !user.IsLoginFromAddrAllowed("10.4.4.2") {
Add support for allowed/denied IP/Mask Login can be restricted to specific ranges of IP address or to a specific IP address. Please apply the appropriate SQL upgrade script to add the filter field to your database. The filter database field will allow to add other filters without requiring a new database migration
2019-12-30 17:37:50 +00:00
t.Error("unexpected login denied")
}
add support for per user authentication methods You can, for example, deny one or more authentication methods to one or more users.
2020-02-19 21:39:30 +00:00
if !user.IsLoginFromAddrAllowed("invalid") {
Add support for allowed/denied IP/Mask Login can be restricted to specific ranges of IP address or to a specific IP address. Please apply the appropriate SQL upgrade script to add the filter field to your database. The filter database field will allow to add other filters without requiring a new database migration
2019-12-30 17:37:50 +00:00
t.Error("unexpected login denied")
}
}
sftpd: add support for some SSH commands md5sum, sha1sum are used by rclone. cd, pwd improve the support for RemoteFiles mobile app. These commands are all implemented inside SFTPGo so they work even if the matching system commands are not available, for example on Windows
2019-11-18 22:30:37 +00:00
func TestSSHCommands(t *testing.T) {
sftpd: improve test cases
2019-07-26 14:15:42 +00:00
usePubKey := false
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
user, _, err := httpd.AddUser(getTestUser(usePubKey), http.StatusOK)
sftpd: improve test cases
2019-07-26 14:15:42 +00:00
if err != nil {
t.Errorf("unable to add user: %v", err)
}
sftpd: add support for some SSH commands md5sum, sha1sum are used by rclone. cd, pwd improve the support for RemoteFiles mobile app. These commands are all implemented inside SFTPGo so they work even if the matching system commands are not available, for example on Windows
2019-11-18 22:30:37 +00:00
_, err = runSSHCommand("ls", user, usePubKey)
sftpd: improve test cases
2019-07-26 14:15:42 +00:00
if err == nil {
sftpd: add support for some SSH commands md5sum, sha1sum are used by rclone. cd, pwd improve the support for RemoteFiles mobile app. These commands are all implemented inside SFTPGo so they work even if the matching system commands are not available, for example on Windows
2019-11-18 22:30:37 +00:00
t.Errorf("unsupported ssh command must fail")
}
_, err = runSSHCommand("cd", user, usePubKey)
if err != nil {
t.Errorf("unexpected error for ssh cd command: %v", err)
}
out, err := runSSHCommand("pwd", user, usePubKey)
if err != nil {
t.Errorf("unexpected error: %v", err)
t.Fail()
}
if string(out) != "/\n" {
t.Errorf("invalid response for ssh pwd command: %v", string(out))
}
out, err = runSSHCommand("md5sum", user, usePubKey)
if err != nil {
t.Errorf("unexpected error: %v", err)
t.Fail()
}
// echo -n '' | md5sum
if !strings.Contains(string(out), "d41d8cd98f00b204e9800998ecf8427e") {
t.Errorf("invalid md5sum: %v", string(out))
}
out, err = runSSHCommand("sha1sum", user, usePubKey)
if err != nil {
t.Errorf("unexpected error: %v", err)
t.Fail()
}
if !strings.Contains(string(out), "da39a3ee5e6b4b0d3255bfef95601890afd80709") {
t.Errorf("invalid sha1sum: %v", string(out))
}
out, err = runSSHCommand("sha256sum", user, usePubKey)
if err != nil {
t.Errorf("unexpected error: %v", err)
t.Fail()
}
if !strings.Contains(string(out), "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855") {
t.Errorf("invalid sha256sum: %v", string(out))
}
out, err = runSSHCommand("sha384sum", user, usePubKey)
if err != nil {
t.Errorf("unexpected error: %v", err)
t.Fail()
}
if !strings.Contains(string(out), "38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b") {
t.Errorf("invalid sha384sum: %v", string(out))
sftpd: improve test cases
2019-07-26 14:15:42 +00:00
}
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
_, err = httpd.RemoveUser(user, http.StatusOK)
sftpd: improve test cases
2019-07-26 14:15:42 +00:00
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
}
sftpd: add support for some SSH commands md5sum, sha1sum are used by rclone. cd, pwd improve the support for RemoteFiles mobile app. These commands are all implemented inside SFTPGo so they work even if the matching system commands are not available, for example on Windows
2019-11-18 22:30:37 +00:00
func TestSSHFileHash(t *testing.T) {
usePubKey := true
user, _, err := httpd.AddUser(getTestUser(usePubKey), http.StatusOK)
if err != nil {
t.Errorf("unable to add user: %v", err)
}
client, err := getSftpClient(user, usePubKey)
if err != nil {
t.Errorf("unable to create sftp client: %v", err)
} else {
defer client.Close()
testFileName := "test_file.dat"
testFilePath := filepath.Join(homeBasePath, testFileName)
testFileSize := int64(65535)
err = createTestFile(testFilePath, testFileSize)
if err != nil {
t.Errorf("unable to create test file: %v", err)
}
err = sftpUploadFile(testFilePath, testFileName, testFileSize, client)
if err != nil {
t.Errorf("file upload error: %v", err)
}
add per directory permissions we can now have permissions such as these ones {"/":["*"],"/somedir":["list","download"]} The old permissions are automatically converted to the new structure, no database migration is needed
2019-12-25 17:20:19 +00:00
user.Permissions = make(map[string][]string)
user.Permissions["/"] = []string{dataprovider.PermUpload}
_, _, err = httpd.UpdateUser(user, http.StatusOK)
if err != nil {
t.Errorf("unable to update user: %v", err)
}
_, err = runSSHCommand("sha512sum "+testFileName, user, usePubKey)
if err == nil {
t.Errorf("hash command with no list permission must fail")
}
user.Permissions["/"] = []string{dataprovider.PermAny}
_, _, err = httpd.UpdateUser(user, http.StatusOK)
if err != nil {
t.Errorf("unable to update user: %v", err)
}
sftpd: add support for some SSH commands md5sum, sha1sum are used by rclone. cd, pwd improve the support for RemoteFiles mobile app. These commands are all implemented inside SFTPGo so they work even if the matching system commands are not available, for example on Windows
2019-11-18 22:30:37 +00:00
initialHash, err := computeHashForFile(sha512.New(), testFilePath)
if err != nil {
t.Errorf("error computing file hash: %v", err)
}
out, err := runSSHCommand("sha512sum "+testFileName, user, usePubKey)
if err != nil {
t.Errorf("unexpected error: %v", err)
t.Fail()
}
if !strings.Contains(string(out), initialHash) {
t.Errorf("invalid sha512sum: %v", string(out))
}
_, err = runSSHCommand("sha512sum invalid_path", user, usePubKey)
if err == nil {
t.Errorf("hash for an invalid path must fail")
}
add support for Git over SSH We use the system commands "git-receive-pack", "git-upload-pack" and "git-upload-archive". they need to be installed and in your system's PATH. Since we execute system commands we have no direct control on file creation/deletion and so quota check is suboptimal: if quota is enabled, the number of files is checked at the command begin and not while new files are created. The allowed size is calculated as the difference between the max quota and the used one. The command is aborted if it uploads more bytes than the remaining allowed size calculated at the command start. Quotas are recalculated at the command end with a full home directory scan, this could be heavy for big directories.
2019-11-26 21:26:42 +00:00
os.Remove(testFilePath)
}
_, err = httpd.RemoveUser(user, http.StatusOK)
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
os.RemoveAll(user.GetHomeDir())
}
func TestBasicGitCommands(t *testing.T) {
if len(gitPath) == 0 || len(sshPath) == 0 {
t.Skip("git and/or ssh command not found, unable to execute this test")
}
usePubKey := true
u := getTestUser(usePubKey)
user, _, err := httpd.AddUser(u, http.StatusOK)
if err != nil {
t.Errorf("unable to add user: %v", err)
}
repoName := "testrepo"
clonePath := filepath.Join(homeBasePath, repoName)
os.RemoveAll(user.GetHomeDir())
os.RemoveAll(filepath.Join(homeBasePath, repoName))
out, err := initGitRepo(filepath.Join(user.HomeDir, repoName))
if err != nil {
t.Errorf("unexpected error: %v out: %v", err, string(out))
}
out, err = cloneGitRepo(homeBasePath, "/"+repoName, user.Username)
if err != nil {
t.Errorf("unexpected error: %v out: %v", err, string(out))
}
out, err = addFileToGitRepo(clonePath, 128)
if err != nil {
t.Errorf("unexpected error: %v out: %v", err, string(out))
}
user.QuotaFiles = 100000
_, _, err = httpd.UpdateUser(user, http.StatusOK)
if err != nil {
t.Errorf("unable to update user: %v", err)
}
out, err = pushToGitRepo(clonePath)
if err != nil {
t.Errorf("unexpected error: %v out: %v", err, string(out))
sftpd test: add a debug log The git push test sometime fails when running on travis. The issue cannot be replicated locally so print the logs to try to understand what is happening
2019-12-29 22:27:32 +00:00
printLatestLogs(10)
add support for Git over SSH We use the system commands "git-receive-pack", "git-upload-pack" and "git-upload-archive". they need to be installed and in your system's PATH. Since we execute system commands we have no direct control on file creation/deletion and so quota check is suboptimal: if quota is enabled, the number of files is checked at the command begin and not while new files are created. The allowed size is calculated as the difference between the max quota and the used one. The command is aborted if it uploads more bytes than the remaining allowed size calculated at the command start. Quotas are recalculated at the command end with a full home directory scan, this could be heavy for big directories.
2019-11-26 21:26:42 +00:00
}
err = waitQuotaScans()
if err != nil {
t.Errorf("error waiting for active quota scans: %v", err)
}
user, _, err = httpd.GetUserByID(user.ID, http.StatusOK)
if err != nil {
t.Errorf("unable to get user: %v", err)
}
user.QuotaSize = user.UsedQuotaSize - 1
_, _, err = httpd.UpdateUser(user, http.StatusOK)
if err != nil {
t.Errorf("unable to update user: %v", err)
}
out, err = pushToGitRepo(clonePath)
if err == nil {
t.Errorf("git push must fail if quota is exceeded, out: %v", string(out))
}
_, err = httpd.RemoveUser(user, http.StatusOK)
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
os.RemoveAll(user.GetHomeDir())
os.RemoveAll(clonePath)
}
func TestGitErrors(t *testing.T) {
if len(gitPath) == 0 || len(sshPath) == 0 {
t.Skip("git and/or ssh command not found, unable to execute this test")
}
usePubKey := true
u := getTestUser(usePubKey)
user, _, err := httpd.AddUser(u, http.StatusOK)
if err != nil {
t.Errorf("unable to add user: %v", err)
}
repoName := "testrepo"
clonePath := filepath.Join(homeBasePath, repoName)
os.RemoveAll(user.GetHomeDir())
os.RemoveAll(filepath.Join(homeBasePath, repoName))
out, err := cloneGitRepo(homeBasePath, "/"+repoName, user.Username)
if err == nil {
t.Errorf("cloning a missing repo must fail, out: %v", string(out))
sftpd: add support for some SSH commands md5sum, sha1sum are used by rclone. cd, pwd improve the support for RemoteFiles mobile app. These commands are all implemented inside SFTPGo so they work even if the matching system commands are not available, for example on Windows
2019-11-18 22:30:37 +00:00
}
_, err = httpd.RemoveUser(user, http.StatusOK)
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
os.RemoveAll(user.GetHomeDir())
add support for Git over SSH We use the system commands "git-receive-pack", "git-upload-pack" and "git-upload-archive". they need to be installed and in your system's PATH. Since we execute system commands we have no direct control on file creation/deletion and so quota check is suboptimal: if quota is enabled, the number of files is checked at the command begin and not while new files are created. The allowed size is calculated as the difference between the max quota and the used one. The command is aborted if it uploads more bytes than the remaining allowed size calculated at the command start. Quotas are recalculated at the command end with a full home directory scan, this could be heavy for big directories.
2019-11-26 21:26:42 +00:00
os.RemoveAll(clonePath)
sftpd: add support for some SSH commands md5sum, sha1sum are used by rclone. cd, pwd improve the support for RemoteFiles mobile app. These commands are all implemented inside SFTPGo so they work even if the matching system commands are not available, for example on Windows
2019-11-18 22:30:37 +00:00
}
add SCP support SCP is an experimental feature, we have our own SCP implementation since we can't rely on scp system command to proper handle permissions, quota and user's home dir restrictions. The SCP protocol is quite simple but there is no official docs about it, so we need more testing and feedbacks before enabling it by default. We may not handle some borderline cases or have sneaky bugs. This commit contains some breaking changes to the REST API. SFTPGo API should be stable now and I hope no more breaking changes before the first stable release.
2019-08-24 12:41:15 +00:00
// Start SCP tests
func TestSCPBasicHandling(t *testing.T) {
if len(scpPath) == 0 {
t.Skip("scp command not found, unable to execute this test")
}
usePubKey := true
u := getTestUser(usePubKey)
u.QuotaSize = 6553600
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
user, _, err := httpd.AddUser(u, http.StatusOK)
add SCP support SCP is an experimental feature, we have our own SCP implementation since we can't rely on scp system command to proper handle permissions, quota and user's home dir restrictions. The SCP protocol is quite simple but there is no official docs about it, so we need more testing and feedbacks before enabling it by default. We may not handle some borderline cases or have sneaky bugs. This commit contains some breaking changes to the REST API. SFTPGo API should be stable now and I hope no more breaking changes before the first stable release.
2019-08-24 12:41:15 +00:00
if err != nil {
t.Errorf("unable to add user: %v", err)
}
testFileName := "test_file.dat"
testFilePath := filepath.Join(homeBasePath, testFileName)
testFileSize := int64(131074)
expectedQuotaSize := user.UsedQuotaSize + testFileSize
expectedQuotaFiles := user.UsedQuotaFiles + 1
err = createTestFile(testFilePath, testFileSize)
if err != nil {
t.Errorf("unable to create test file: %v", err)
}
remoteUpPath := fmt.Sprintf("%v@127.0.0.1:%v", user.Username, "/")
remoteDownPath := fmt.Sprintf("%v@127.0.0.1:%v", user.Username, path.Join("/", testFileName))
localPath := filepath.Join(homeBasePath, "scp_download.dat")
// test to download a missing file
err = scpDownload(localPath, remoteDownPath, false, false)
if err == nil {
t.Errorf("downloading a missing file via scp must fail")
}
scp: add test case and document remote to remote transfers
2019-08-25 11:51:54 +00:00
err = scpUpload(testFilePath, remoteUpPath, false, false)
add SCP support SCP is an experimental feature, we have our own SCP implementation since we can't rely on scp system command to proper handle permissions, quota and user's home dir restrictions. The SCP protocol is quite simple but there is no official docs about it, so we need more testing and feedbacks before enabling it by default. We may not handle some borderline cases or have sneaky bugs. This commit contains some breaking changes to the REST API. SFTPGo API should be stable now and I hope no more breaking changes before the first stable release.
2019-08-24 12:41:15 +00:00
if err != nil {
t.Errorf("error uploading file via scp: %v", err)
}
err = scpDownload(localPath, remoteDownPath, false, false)
if err != nil {
t.Errorf("error downloading file via scp: %v", err)
}
fi, err := os.Stat(localPath)
if err != nil {
t.Errorf("stat for the downloaded file must succeed")
} else {
if fi.Size() != testFileSize {
add support for serving Google Cloud Storage over SFTP/SCP Each user can be mapped with a Google Cloud Storage bucket or a bucket virtual folder
2020-01-31 18:04:00 +00:00
t.Errorf("size of the file downloaded via SCP does not match the expected one: %v/%v",
fi.Size(), testFileSize)
add SCP support SCP is an experimental feature, we have our own SCP implementation since we can't rely on scp system command to proper handle permissions, quota and user's home dir restrictions. The SCP protocol is quite simple but there is no official docs about it, so we need more testing and feedbacks before enabling it by default. We may not handle some borderline cases or have sneaky bugs. This commit contains some breaking changes to the REST API. SFTPGo API should be stable now and I hope no more breaking changes before the first stable release.
2019-08-24 12:41:15 +00:00
}
}
os.Remove(localPath)
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
user, _, err = httpd.GetUserByID(user.ID, http.StatusOK)
add SCP support SCP is an experimental feature, we have our own SCP implementation since we can't rely on scp system command to proper handle permissions, quota and user's home dir restrictions. The SCP protocol is quite simple but there is no official docs about it, so we need more testing and feedbacks before enabling it by default. We may not handle some borderline cases or have sneaky bugs. This commit contains some breaking changes to the REST API. SFTPGo API should be stable now and I hope no more breaking changes before the first stable release.
2019-08-24 12:41:15 +00:00
if err != nil {
t.Errorf("error getting user: %v", err)
}
if expectedQuotaFiles != user.UsedQuotaFiles {
t.Errorf("quota files does not match, expected: %v, actual: %v", expectedQuotaFiles, user.UsedQuotaFiles)
}
if expectedQuotaSize != user.UsedQuotaSize {
t.Errorf("quota size does not match, expected: %v, actual: %v", expectedQuotaSize, user.UsedQuotaSize)
}
err = os.RemoveAll(user.GetHomeDir())
if err != nil {
t.Errorf("error removing uploaded files")
}
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
_, err = httpd.RemoveUser(user, http.StatusOK)
add SCP support SCP is an experimental feature, we have our own SCP implementation since we can't rely on scp system command to proper handle permissions, quota and user's home dir restrictions. The SCP protocol is quite simple but there is no official docs about it, so we need more testing and feedbacks before enabling it by default. We may not handle some borderline cases or have sneaky bugs. This commit contains some breaking changes to the REST API. SFTPGo API should be stable now and I hope no more breaking changes before the first stable release.
2019-08-24 12:41:15 +00:00
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
add support for Git over SSH We use the system commands "git-receive-pack", "git-upload-pack" and "git-upload-archive". they need to be installed and in your system's PATH. Since we execute system commands we have no direct control on file creation/deletion and so quota check is suboptimal: if quota is enabled, the number of files is checked at the command begin and not while new files are created. The allowed size is calculated as the difference between the max quota and the used one. The command is aborted if it uploads more bytes than the remaining allowed size calculated at the command start. Quotas are recalculated at the command end with a full home directory scan, this could be heavy for big directories.
2019-11-26 21:26:42 +00:00
os.Remove(testFilePath)
add SCP support SCP is an experimental feature, we have our own SCP implementation since we can't rely on scp system command to proper handle permissions, quota and user's home dir restrictions. The SCP protocol is quite simple but there is no official docs about it, so we need more testing and feedbacks before enabling it by default. We may not handle some borderline cases or have sneaky bugs. This commit contains some breaking changes to the REST API. SFTPGo API should be stable now and I hope no more breaking changes before the first stable release.
2019-08-24 12:41:15 +00:00
}
func TestSCPUploadFileOverwrite(t *testing.T) {
if len(scpPath) == 0 {
t.Skip("scp command not found, unable to execute this test")
}
usePubKey := true
u := getTestUser(usePubKey)
scp: fix quota update after file overwrite added a test case too
2019-09-02 21:12:41 +00:00
u.QuotaFiles = 1000
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
user, _, err := httpd.AddUser(u, http.StatusOK)
add SCP support SCP is an experimental feature, we have our own SCP implementation since we can't rely on scp system command to proper handle permissions, quota and user's home dir restrictions. The SCP protocol is quite simple but there is no official docs about it, so we need more testing and feedbacks before enabling it by default. We may not handle some borderline cases or have sneaky bugs. This commit contains some breaking changes to the REST API. SFTPGo API should be stable now and I hope no more breaking changes before the first stable release.
2019-08-24 12:41:15 +00:00
if err != nil {
t.Errorf("unable to add user: %v", err)
}
scp: fix quota update after file overwrite added a test case too
2019-09-02 21:12:41 +00:00
os.RemoveAll(user.GetHomeDir())
add SCP support SCP is an experimental feature, we have our own SCP implementation since we can't rely on scp system command to proper handle permissions, quota and user's home dir restrictions. The SCP protocol is quite simple but there is no official docs about it, so we need more testing and feedbacks before enabling it by default. We may not handle some borderline cases or have sneaky bugs. This commit contains some breaking changes to the REST API. SFTPGo API should be stable now and I hope no more breaking changes before the first stable release.
2019-08-24 12:41:15 +00:00
testFileName := "test_file.dat"
testFilePath := filepath.Join(homeBasePath, testFileName)
testFileSize := int64(32760)
err = createTestFile(testFilePath, testFileSize)
if err != nil {
t.Errorf("unable to create test file: %v", err)
}
sftpd_test: use path.Join for SFTP/SCP path filepath.Join could use an OS dependent separator
2019-10-16 10:57:06 +00:00
remoteUpPath := fmt.Sprintf("%v@127.0.0.1:%v", user.Username, path.Join("/", testFileName))
scp: add test case and document remote to remote transfers
2019-08-25 11:51:54 +00:00
err = scpUpload(testFilePath, remoteUpPath, true, false)
add SCP support SCP is an experimental feature, we have our own SCP implementation since we can't rely on scp system command to proper handle permissions, quota and user's home dir restrictions. The SCP protocol is quite simple but there is no official docs about it, so we need more testing and feedbacks before enabling it by default. We may not handle some borderline cases or have sneaky bugs. This commit contains some breaking changes to the REST API. SFTPGo API should be stable now and I hope no more breaking changes before the first stable release.
2019-08-24 12:41:15 +00:00
if err != nil {
t.Errorf("error uploading file via scp: %v", err)
}
// test a new upload that must overwrite the existing file
scp: add test case and document remote to remote transfers
2019-08-25 11:51:54 +00:00
err = scpUpload(testFilePath, remoteUpPath, true, false)
add SCP support SCP is an experimental feature, we have our own SCP implementation since we can't rely on scp system command to proper handle permissions, quota and user's home dir restrictions. The SCP protocol is quite simple but there is no official docs about it, so we need more testing and feedbacks before enabling it by default. We may not handle some borderline cases or have sneaky bugs. This commit contains some breaking changes to the REST API. SFTPGo API should be stable now and I hope no more breaking changes before the first stable release.
2019-08-24 12:41:15 +00:00
if err != nil {
t.Errorf("error uploading existing file via scp: %v", err)
}
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
user, _, err = httpd.GetUserByID(user.ID, http.StatusOK)
scp: fix quota update after file overwrite added a test case too
2019-09-02 21:12:41 +00:00
if err != nil {
t.Errorf("error getting user: %v", err)
}
if user.UsedQuotaSize != testFileSize || user.UsedQuotaFiles != 1 {
t.Errorf("update quota error on file overwrite, actual size: %v, expected: %v actual files: %v, expected: 1",
user.UsedQuotaSize, testFileSize, user.UsedQuotaFiles)
}
add SCP support SCP is an experimental feature, we have our own SCP implementation since we can't rely on scp system command to proper handle permissions, quota and user's home dir restrictions. The SCP protocol is quite simple but there is no official docs about it, so we need more testing and feedbacks before enabling it by default. We may not handle some borderline cases or have sneaky bugs. This commit contains some breaking changes to the REST API. SFTPGo API should be stable now and I hope no more breaking changes before the first stable release.
2019-08-24 12:41:15 +00:00
remoteDownPath := fmt.Sprintf("%v@127.0.0.1:%v", user.Username, path.Join("/", testFileName))
localPath := filepath.Join(homeBasePath, "scp_download.dat")
err = scpDownload(localPath, remoteDownPath, false, false)
if err != nil {
t.Errorf("error downloading file via scp: %v", err)
}
fi, err := os.Stat(localPath)
if err != nil {
t.Errorf("stat for the downloaded file must succeed")
} else {
if fi.Size() != testFileSize {
add support for serving Google Cloud Storage over SFTP/SCP Each user can be mapped with a Google Cloud Storage bucket or a bucket virtual folder
2020-01-31 18:04:00 +00:00
t.Errorf("size of the file downloaded via SCP does not match the expected one: %v/%v",
fi.Size(), testFileSize)
add SCP support SCP is an experimental feature, we have our own SCP implementation since we can't rely on scp system command to proper handle permissions, quota and user's home dir restrictions. The SCP protocol is quite simple but there is no official docs about it, so we need more testing and feedbacks before enabling it by default. We may not handle some borderline cases or have sneaky bugs. This commit contains some breaking changes to the REST API. SFTPGo API should be stable now and I hope no more breaking changes before the first stable release.
2019-08-24 12:41:15 +00:00
}
}
os.Remove(localPath)
add support for Git over SSH We use the system commands "git-receive-pack", "git-upload-pack" and "git-upload-archive". they need to be installed and in your system's PATH. Since we execute system commands we have no direct control on file creation/deletion and so quota check is suboptimal: if quota is enabled, the number of files is checked at the command begin and not while new files are created. The allowed size is calculated as the difference between the max quota and the used one. The command is aborted if it uploads more bytes than the remaining allowed size calculated at the command start. Quotas are recalculated at the command end with a full home directory scan, this could be heavy for big directories.
2019-11-26 21:26:42 +00:00
os.Remove(testFilePath)
add SCP support SCP is an experimental feature, we have our own SCP implementation since we can't rely on scp system command to proper handle permissions, quota and user's home dir restrictions. The SCP protocol is quite simple but there is no official docs about it, so we need more testing and feedbacks before enabling it by default. We may not handle some borderline cases or have sneaky bugs. This commit contains some breaking changes to the REST API. SFTPGo API should be stable now and I hope no more breaking changes before the first stable release.
2019-08-24 12:41:15 +00:00
err = os.RemoveAll(user.GetHomeDir())
if err != nil {
t.Errorf("error removing uploaded files")
}
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
_, err = httpd.RemoveUser(user, http.StatusOK)
add SCP support SCP is an experimental feature, we have our own SCP implementation since we can't rely on scp system command to proper handle permissions, quota and user's home dir restrictions. The SCP protocol is quite simple but there is no official docs about it, so we need more testing and feedbacks before enabling it by default. We may not handle some borderline cases or have sneaky bugs. This commit contains some breaking changes to the REST API. SFTPGo API should be stable now and I hope no more breaking changes before the first stable release.
2019-08-24 12:41:15 +00:00
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
}
func TestSCPRecursive(t *testing.T) {
if len(scpPath) == 0 {
t.Skip("scp command not found, unable to execute this test")
}
usePubKey := true
u := getTestUser(usePubKey)
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
user, _, err := httpd.AddUser(u, http.StatusOK)
add SCP support SCP is an experimental feature, we have our own SCP implementation since we can't rely on scp system command to proper handle permissions, quota and user's home dir restrictions. The SCP protocol is quite simple but there is no official docs about it, so we need more testing and feedbacks before enabling it by default. We may not handle some borderline cases or have sneaky bugs. This commit contains some breaking changes to the REST API. SFTPGo API should be stable now and I hope no more breaking changes before the first stable release.
2019-08-24 12:41:15 +00:00
if err != nil {
t.Errorf("unable to add user: %v", err)
}
testFileName := "test_file.dat"
testBaseDirName := "test_dir"
testBaseDirPath := filepath.Join(homeBasePath, testBaseDirName)
testBaseDirDownName := "test_dir_down"
testBaseDirDownPath := filepath.Join(homeBasePath, testBaseDirDownName)
testFilePath := filepath.Join(homeBasePath, testBaseDirName, testFileName)
testFilePath1 := filepath.Join(homeBasePath, testBaseDirName, testBaseDirName, testFileName)
testFileSize := int64(131074)
createTestFile(testFilePath, testFileSize)
createTestFile(testFilePath1, testFileSize)
remoteDownPath := fmt.Sprintf("%v@127.0.0.1:%v", user.Username, path.Join("/", testBaseDirName))
// test to download a missing dir
err = scpDownload(testBaseDirDownPath, remoteDownPath, true, true)
if err == nil {
t.Errorf("downloading a missing dir via scp must fail")
}
remoteUpPath := fmt.Sprintf("%v@127.0.0.1:%v", user.Username, "/")
scp: add test case and document remote to remote transfers
2019-08-25 11:51:54 +00:00
err = scpUpload(testBaseDirPath, remoteUpPath, true, false)
add SCP support SCP is an experimental feature, we have our own SCP implementation since we can't rely on scp system command to proper handle permissions, quota and user's home dir restrictions. The SCP protocol is quite simple but there is no official docs about it, so we need more testing and feedbacks before enabling it by default. We may not handle some borderline cases or have sneaky bugs. This commit contains some breaking changes to the REST API. SFTPGo API should be stable now and I hope no more breaking changes before the first stable release.
2019-08-24 12:41:15 +00:00
if err != nil {
t.Errorf("error uploading dir via scp: %v", err)
}
virtual folders fixes scp now properly handles virtual folders. rsync is disabled for users with virtual folders: we execute a system command and it is not aware about virtual folders. git is not allowed if the repo path is inside a virtual folder
2020-02-24 17:54:35 +00:00
// overwrite existing dir
err = scpUpload(testBaseDirPath, remoteUpPath, true, false)
if err != nil {
t.Errorf("error uploading dir via scp: %v", err)
}
add SCP support SCP is an experimental feature, we have our own SCP implementation since we can't rely on scp system command to proper handle permissions, quota and user's home dir restrictions. The SCP protocol is quite simple but there is no official docs about it, so we need more testing and feedbacks before enabling it by default. We may not handle some borderline cases or have sneaky bugs. This commit contains some breaking changes to the REST API. SFTPGo API should be stable now and I hope no more breaking changes before the first stable release.
2019-08-24 12:41:15 +00:00
err = scpDownload(testBaseDirDownPath, remoteDownPath, true, true)
if err != nil {
t.Errorf("error downloading dir via scp: %v", err)
}
// test download without passing -r
err = scpDownload(testBaseDirDownPath, remoteDownPath, true, false)
if err == nil {
t.Errorf("recursive download without -r must fail")
}
fi, err := os.Stat(filepath.Join(testBaseDirDownPath, testFileName))
if err != nil {
t.Errorf("error downloading file using scp recursive: %v", err)
} else {
if fi.Size() != testFileSize {
t.Errorf("size for file downloaded using recursive scp does not match, actual: %v, expected: %v", fi.Size(), testFileSize)
}
}
fi, err = os.Stat(filepath.Join(testBaseDirDownPath, testBaseDirName, testFileName))
if err != nil {
t.Errorf("error downloading file using scp recursive: %v", err)
} else {
if fi.Size() != testFileSize {
t.Errorf("size for file downloaded using recursive scp does not match, actual: %v, expected: %v", fi.Size(), testFileSize)
}
}
// upload to a non existent dir
remoteUpPath = fmt.Sprintf("%v@127.0.0.1:%v", user.Username, "/non_existent_dir")
scp: add test case and document remote to remote transfers
2019-08-25 11:51:54 +00:00
err = scpUpload(testBaseDirPath, remoteUpPath, true, false)
add SCP support SCP is an experimental feature, we have our own SCP implementation since we can't rely on scp system command to proper handle permissions, quota and user's home dir restrictions. The SCP protocol is quite simple but there is no official docs about it, so we need more testing and feedbacks before enabling it by default. We may not handle some borderline cases or have sneaky bugs. This commit contains some breaking changes to the REST API. SFTPGo API should be stable now and I hope no more breaking changes before the first stable release.
2019-08-24 12:41:15 +00:00
if err == nil {
t.Errorf("uploading via scp to a non existent dir must fail")
}
os.RemoveAll(testBaseDirPath)
os.RemoveAll(testBaseDirDownPath)
err = os.RemoveAll(user.GetHomeDir())
if err != nil {
t.Errorf("error removing uploaded files")
}
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
_, err = httpd.RemoveUser(user, http.StatusOK)
add SCP support SCP is an experimental feature, we have our own SCP implementation since we can't rely on scp system command to proper handle permissions, quota and user's home dir restrictions. The SCP protocol is quite simple but there is no official docs about it, so we need more testing and feedbacks before enabling it by default. We may not handle some borderline cases or have sneaky bugs. This commit contains some breaking changes to the REST API. SFTPGo API should be stable now and I hope no more breaking changes before the first stable release.
2019-08-24 12:41:15 +00:00
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
}
filters: we can now set allowed and denied files extensions
2020-03-01 21:10:29 +00:00
func TestSCPExtensionsFilter(t *testing.T) {
if len(scpPath) == 0 {
t.Skip("scp command not found, unable to execute this test")
}
usePubKey := true
u := getTestUser(usePubKey)
user, _, err := httpd.AddUser(u, http.StatusOK)
if err != nil {
t.Errorf("unable to add user: %v", err)
}
testFileSize := int64(131072)
testFileName := "test_file.dat"
testFilePath := filepath.Join(homeBasePath, testFileName)
localPath := filepath.Join(homeBasePath, "scp_download.dat")
remoteUpPath := fmt.Sprintf("%v@127.0.0.1:%v", user.Username, "/")
remoteDownPath := fmt.Sprintf("%v@127.0.0.1:%v", user.Username, path.Join("/", testFileName))
err = createTestFile(testFilePath, testFileSize)
if err != nil {
t.Errorf("unable to create test file: %v", err)
}
err = scpUpload(testFilePath, remoteUpPath, false, false)
if err != nil {
t.Errorf("error uploading file via scp: %v", err)
}
user.Filters.FileExtensions = []dataprovider.ExtensionsFilter{
update deps we now use git master for pkg/sftp: it includes the performance patches from my copy branch.
2020-03-02 09:13:49 +00:00
{
filters: we can now set allowed and denied files extensions
2020-03-01 21:10:29 +00:00
Path: "/",
AllowedExtensions: []string{".zip"},
DeniedExtensions: []string{},
},
}
_, _, err = httpd.UpdateUser(user, http.StatusOK)
if err != nil {
t.Errorf("unable to update user: %v", err)
}
err = scpDownload(localPath, remoteDownPath, false, false)
if err == nil {
t.Errorf("scp download must fail")
}
err = scpUpload(testFilePath, remoteUpPath, false, false)
if err == nil {
t.Error("scp upload must fail")
}
_, err = httpd.RemoveUser(user, http.StatusOK)
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
os.Remove(testFilePath)
os.Remove(localPath)
os.RemoveAll(user.GetHomeDir())
}
add support for virtual folders directories outside the user home directory can be exposed as virtual folders
2020-02-23 10:30:26 +00:00
func TestSCPVirtualFolders(t *testing.T) {
if len(scpPath) == 0 {
t.Skip("scp command not found, unable to execute this test")
}
usePubKey := true
u := getTestUser(usePubKey)
mappedPath := filepath.Join(os.TempDir(), "vdir")
vdirPath := "/vdir"
u.VirtualFolders = append(u.VirtualFolders, vfs.VirtualFolder{
VirtualPath: vdirPath,
MappedPath: mappedPath,
})
os.MkdirAll(mappedPath, 0777)
user, _, err := httpd.AddUser(u, http.StatusOK)
if err != nil {
t.Errorf("unable to add user: %v", err)
}
testFileName := "test_file.dat"
testBaseDirName := "test_dir"
testBaseDirPath := filepath.Join(homeBasePath, testBaseDirName)
testBaseDirDownName := "test_dir_down"
testBaseDirDownPath := filepath.Join(homeBasePath, testBaseDirDownName)
testFilePath := filepath.Join(homeBasePath, testBaseDirName, testFileName)
testFilePath1 := filepath.Join(homeBasePath, testBaseDirName, testBaseDirName, testFileName)
testFileSize := int64(131074)
createTestFile(testFilePath, testFileSize)
createTestFile(testFilePath1, testFileSize)
remoteDownPath := fmt.Sprintf("%v@127.0.0.1:%v", user.Username, path.Join("/", vdirPath))
remoteUpPath := fmt.Sprintf("%v@127.0.0.1:%v", user.Username, vdirPath)
err = scpUpload(testBaseDirPath, remoteUpPath, true, false)
if err != nil {
t.Errorf("error uploading dir via scp: %v", err)
}
err = scpDownload(testBaseDirDownPath, remoteDownPath, true, true)
if err != nil {
t.Errorf("error downloading dir via scp: %v", err)
}
_, err = httpd.RemoveUser(user, http.StatusOK)
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
os.RemoveAll(testBaseDirPath)
os.RemoveAll(testBaseDirDownPath)
os.RemoveAll(user.GetHomeDir())
os.RemoveAll(mappedPath)
}
add per directory permissions we can now have permissions such as these ones {"/":["*"],"/somedir":["list","download"]} The old permissions are automatically converted to the new structure, no database migration is needed
2019-12-25 17:20:19 +00:00
func TestSCPPermsSubDirs(t *testing.T) {
if len(scpPath) == 0 {
t.Skip("scp command not found, unable to execute this test")
}
usePubKey := true
u := getTestUser(usePubKey)
u.Permissions["/"] = []string{dataprovider.PermAny}
u.Permissions["/somedir"] = []string{dataprovider.PermListItems, dataprovider.PermUpload}
user, _, err := httpd.AddUser(u, http.StatusOK)
if err != nil {
t.Errorf("unable to add user: %v", err)
}
localPath := filepath.Join(homeBasePath, "scp_download.dat")
subPath := filepath.Join(user.GetHomeDir(), "somedir")
testFileSize := int64(65535)
os.MkdirAll(subPath, 0777)
remoteDownPath := fmt.Sprintf("%v@127.0.0.1:%v", user.Username, "/somedir")
err = scpDownload(localPath, remoteDownPath, false, true)
if err == nil {
t.Error("download a dir with no permissions must fail")
}
os.Remove(subPath)
err = createTestFile(subPath, testFileSize)
if err != nil {
t.Errorf("unable to create test file: %v", err)
}
err = scpDownload(localPath, remoteDownPath, false, false)
if err != nil {
t.Errorf("unexpected download error: %v", err)
}
os.Chmod(subPath, 0001)
err = scpDownload(localPath, remoteDownPath, false, false)
if err == nil {
t.Error("download a file with no system permissions must fail")
}
os.Chmod(subPath, 0755)
os.Remove(localPath)
os.RemoveAll(user.GetHomeDir())
_, err = httpd.RemoveUser(user, http.StatusOK)
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
}
add SCP support SCP is an experimental feature, we have our own SCP implementation since we can't rely on scp system command to proper handle permissions, quota and user's home dir restrictions. The SCP protocol is quite simple but there is no official docs about it, so we need more testing and feedbacks before enabling it by default. We may not handle some borderline cases or have sneaky bugs. This commit contains some breaking changes to the REST API. SFTPGo API should be stable now and I hope no more breaking changes before the first stable release.
2019-08-24 12:41:15 +00:00
func TestSCPPermCreateDirs(t *testing.T) {
if len(scpPath) == 0 {
t.Skip("scp command not found, unable to execute this test")
}
usePubKey := true
u := getTestUser(usePubKey)
add per directory permissions we can now have permissions such as these ones {"/":["*"],"/somedir":["list","download"]} The old permissions are automatically converted to the new structure, no database migration is needed
2019-12-25 17:20:19 +00:00
u.Permissions["/"] = []string{dataprovider.PermDownload, dataprovider.PermUpload}
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
user, _, err := httpd.AddUser(u, http.StatusOK)
add SCP support SCP is an experimental feature, we have our own SCP implementation since we can't rely on scp system command to proper handle permissions, quota and user's home dir restrictions. The SCP protocol is quite simple but there is no official docs about it, so we need more testing and feedbacks before enabling it by default. We may not handle some borderline cases or have sneaky bugs. This commit contains some breaking changes to the REST API. SFTPGo API should be stable now and I hope no more breaking changes before the first stable release.
2019-08-24 12:41:15 +00:00
if err != nil {
t.Errorf("unable to add user: %v", err)
}
testFileName := "test_file.dat"
testFilePath := filepath.Join(homeBasePath, testFileName)
testFileSize := int64(32760)
testBaseDirName := "test_dir"
testBaseDirPath := filepath.Join(homeBasePath, testBaseDirName)
testFilePath1 := filepath.Join(homeBasePath, testBaseDirName, testFileName)
err = createTestFile(testFilePath, testFileSize)
if err != nil {
t.Errorf("unable to create test file: %v", err)
}
err = createTestFile(testFilePath1, testFileSize)
if err != nil {
t.Errorf("unable to create test file: %v", err)
}
remoteUpPath := fmt.Sprintf("%v@127.0.0.1:%v", user.Username, "/tmp/")
scp: add test case and document remote to remote transfers
2019-08-25 11:51:54 +00:00
err = scpUpload(testFilePath, remoteUpPath, true, false)
add SCP support SCP is an experimental feature, we have our own SCP implementation since we can't rely on scp system command to proper handle permissions, quota and user's home dir restrictions. The SCP protocol is quite simple but there is no official docs about it, so we need more testing and feedbacks before enabling it by default. We may not handle some borderline cases or have sneaky bugs. This commit contains some breaking changes to the REST API. SFTPGo API should be stable now and I hope no more breaking changes before the first stable release.
2019-08-24 12:41:15 +00:00
if err == nil {
add per directory permissions we can now have permissions such as these ones {"/":["*"],"/somedir":["list","download"]} The old permissions are automatically converted to the new structure, no database migration is needed
2019-12-25 17:20:19 +00:00
t.Errorf("scp upload must fail, the user cannot create files in a missing dir")
add SCP support SCP is an experimental feature, we have our own SCP implementation since we can't rely on scp system command to proper handle permissions, quota and user's home dir restrictions. The SCP protocol is quite simple but there is no official docs about it, so we need more testing and feedbacks before enabling it by default. We may not handle some borderline cases or have sneaky bugs. This commit contains some breaking changes to the REST API. SFTPGo API should be stable now and I hope no more breaking changes before the first stable release.
2019-08-24 12:41:15 +00:00
}
scp: add test case and document remote to remote transfers
2019-08-25 11:51:54 +00:00
err = scpUpload(testBaseDirPath, remoteUpPath, true, false)
add SCP support SCP is an experimental feature, we have our own SCP implementation since we can't rely on scp system command to proper handle permissions, quota and user's home dir restrictions. The SCP protocol is quite simple but there is no official docs about it, so we need more testing and feedbacks before enabling it by default. We may not handle some borderline cases or have sneaky bugs. This commit contains some breaking changes to the REST API. SFTPGo API should be stable now and I hope no more breaking changes before the first stable release.
2019-08-24 12:41:15 +00:00
if err == nil {
t.Errorf("scp upload must fail, the user cannot create new dirs")
}
err = os.Remove(testFilePath)
if err != nil {
t.Errorf("error removing test file")
}
os.RemoveAll(testBaseDirPath)
err = os.RemoveAll(user.GetHomeDir())
if err != nil {
t.Errorf("error removing uploaded files")
}
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
_, err = httpd.RemoveUser(user, http.StatusOK)
add SCP support SCP is an experimental feature, we have our own SCP implementation since we can't rely on scp system command to proper handle permissions, quota and user's home dir restrictions. The SCP protocol is quite simple but there is no official docs about it, so we need more testing and feedbacks before enabling it by default. We may not handle some borderline cases or have sneaky bugs. This commit contains some breaking changes to the REST API. SFTPGo API should be stable now and I hope no more breaking changes before the first stable release.
2019-08-24 12:41:15 +00:00
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
}
func TestSCPPermUpload(t *testing.T) {
if len(scpPath) == 0 {
t.Skip("scp command not found, unable to execute this test")
}
usePubKey := true
u := getTestUser(usePubKey)
add per directory permissions we can now have permissions such as these ones {"/":["*"],"/somedir":["list","download"]} The old permissions are automatically converted to the new structure, no database migration is needed
2019-12-25 17:20:19 +00:00
u.Permissions["/"] = []string{dataprovider.PermDownload, dataprovider.PermCreateDirs}
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
user, _, err := httpd.AddUser(u, http.StatusOK)
add SCP support SCP is an experimental feature, we have our own SCP implementation since we can't rely on scp system command to proper handle permissions, quota and user's home dir restrictions. The SCP protocol is quite simple but there is no official docs about it, so we need more testing and feedbacks before enabling it by default. We may not handle some borderline cases or have sneaky bugs. This commit contains some breaking changes to the REST API. SFTPGo API should be stable now and I hope no more breaking changes before the first stable release.
2019-08-24 12:41:15 +00:00
if err != nil {
t.Errorf("unable to add user: %v", err)
}
testFileName := "test_file.dat"
testFilePath := filepath.Join(homeBasePath, testFileName)
testFileSize := int64(65536)
err = createTestFile(testFilePath, testFileSize)
if err != nil {
t.Errorf("unable to create test file: %v", err)
}
remoteUpPath := fmt.Sprintf("%v@127.0.0.1:%v", user.Username, "/tmp")
scp: add test case and document remote to remote transfers
2019-08-25 11:51:54 +00:00
err = scpUpload(testFilePath, remoteUpPath, true, false)
add SCP support SCP is an experimental feature, we have our own SCP implementation since we can't rely on scp system command to proper handle permissions, quota and user's home dir restrictions. The SCP protocol is quite simple but there is no official docs about it, so we need more testing and feedbacks before enabling it by default. We may not handle some borderline cases or have sneaky bugs. This commit contains some breaking changes to the REST API. SFTPGo API should be stable now and I hope no more breaking changes before the first stable release.
2019-08-24 12:41:15 +00:00
if err == nil {
t.Errorf("scp upload must fail, the user cannot upload")
}
err = os.Remove(testFilePath)
if err != nil {
t.Errorf("error removing test file")
}
err = os.RemoveAll(user.GetHomeDir())
if err != nil {
t.Errorf("error removing uploaded files")
}
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
_, err = httpd.RemoveUser(user, http.StatusOK)
add SCP support SCP is an experimental feature, we have our own SCP implementation since we can't rely on scp system command to proper handle permissions, quota and user's home dir restrictions. The SCP protocol is quite simple but there is no official docs about it, so we need more testing and feedbacks before enabling it by default. We may not handle some borderline cases or have sneaky bugs. This commit contains some breaking changes to the REST API. SFTPGo API should be stable now and I hope no more breaking changes before the first stable release.
2019-08-24 12:41:15 +00:00
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
}
add a new permission for overwriting existing files The upload permission is required to allow file overwrite
2019-09-17 06:53:45 +00:00
func TestSCPPermOverwrite(t *testing.T) {
if len(scpPath) == 0 {
t.Skip("scp command not found, unable to execute this test")
}
usePubKey := true
u := getTestUser(usePubKey)
add per directory permissions we can now have permissions such as these ones {"/":["*"],"/somedir":["list","download"]} The old permissions are automatically converted to the new structure, no database migration is needed
2019-12-25 17:20:19 +00:00
u.Permissions["/"] = []string{dataprovider.PermUpload, dataprovider.PermCreateDirs}
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
user, _, err := httpd.AddUser(u, http.StatusOK)
add a new permission for overwriting existing files The upload permission is required to allow file overwrite
2019-09-17 06:53:45 +00:00
if err != nil {
t.Errorf("unable to add user: %v", err)
}
testFileName := "test_file.dat"
testFilePath := filepath.Join(homeBasePath, testFileName)
testFileSize := int64(65536)
err = createTestFile(testFilePath, testFileSize)
if err != nil {
t.Errorf("unable to create test file: %v", err)
}
remoteUpPath := fmt.Sprintf("%v@127.0.0.1:%v", user.Username, "/tmp")
err = scpUpload(testFilePath, remoteUpPath, true, false)
if err != nil {
t.Errorf("scp upload error: %v", err)
}
err = scpUpload(testFilePath, remoteUpPath, true, false)
if err == nil {
t.Errorf("scp upload must fail, the user cannot ovewrite existing files")
}
err = os.Remove(testFilePath)
if err != nil {
t.Errorf("error removing test file")
}
err = os.RemoveAll(user.GetHomeDir())
if err != nil {
t.Errorf("error removing uploaded files")
}
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
_, err = httpd.RemoveUser(user, http.StatusOK)
add a new permission for overwriting existing files The upload permission is required to allow file overwrite
2019-09-17 06:53:45 +00:00
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
}
add SCP support SCP is an experimental feature, we have our own SCP implementation since we can't rely on scp system command to proper handle permissions, quota and user's home dir restrictions. The SCP protocol is quite simple but there is no official docs about it, so we need more testing and feedbacks before enabling it by default. We may not handle some borderline cases or have sneaky bugs. This commit contains some breaking changes to the REST API. SFTPGo API should be stable now and I hope no more breaking changes before the first stable release.
2019-08-24 12:41:15 +00:00
func TestSCPPermDownload(t *testing.T) {
if len(scpPath) == 0 {
t.Skip("scp command not found, unable to execute this test")
}
usePubKey := true
u := getTestUser(usePubKey)
add per directory permissions we can now have permissions such as these ones {"/":["*"],"/somedir":["list","download"]} The old permissions are automatically converted to the new structure, no database migration is needed
2019-12-25 17:20:19 +00:00
u.Permissions["/"] = []string{dataprovider.PermUpload, dataprovider.PermCreateDirs}
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
user, _, err := httpd.AddUser(u, http.StatusOK)
add SCP support SCP is an experimental feature, we have our own SCP implementation since we can't rely on scp system command to proper handle permissions, quota and user's home dir restrictions. The SCP protocol is quite simple but there is no official docs about it, so we need more testing and feedbacks before enabling it by default. We may not handle some borderline cases or have sneaky bugs. This commit contains some breaking changes to the REST API. SFTPGo API should be stable now and I hope no more breaking changes before the first stable release.
2019-08-24 12:41:15 +00:00
if err != nil {
t.Errorf("unable to add user: %v", err)
}
testFileName := "test_file.dat"
testFilePath := filepath.Join(homeBasePath, testFileName)
testFileSize := int64(65537)
err = createTestFile(testFilePath, testFileSize)
if err != nil {
t.Errorf("unable to create test file: %v", err)
}
add per directory permissions we can now have permissions such as these ones {"/":["*"],"/somedir":["list","download"]} The old permissions are automatically converted to the new structure, no database migration is needed
2019-12-25 17:20:19 +00:00
remoteUpPath := fmt.Sprintf("%v@127.0.0.1:%v", user.Username, "/")
scp: add test case and document remote to remote transfers
2019-08-25 11:51:54 +00:00
err = scpUpload(testFilePath, remoteUpPath, true, false)
add SCP support SCP is an experimental feature, we have our own SCP implementation since we can't rely on scp system command to proper handle permissions, quota and user's home dir restrictions. The SCP protocol is quite simple but there is no official docs about it, so we need more testing and feedbacks before enabling it by default. We may not handle some borderline cases or have sneaky bugs. This commit contains some breaking changes to the REST API. SFTPGo API should be stable now and I hope no more breaking changes before the first stable release.
2019-08-24 12:41:15 +00:00
if err != nil {
t.Errorf("error uploading existing file via scp: %v", err)
}
add per directory permissions we can now have permissions such as these ones {"/":["*"],"/somedir":["list","download"]} The old permissions are automatically converted to the new structure, no database migration is needed
2019-12-25 17:20:19 +00:00
remoteDownPath := fmt.Sprintf("%v@127.0.0.1:%v", user.Username, path.Join("/", testFileName))
add SCP support SCP is an experimental feature, we have our own SCP implementation since we can't rely on scp system command to proper handle permissions, quota and user's home dir restrictions. The SCP protocol is quite simple but there is no official docs about it, so we need more testing and feedbacks before enabling it by default. We may not handle some borderline cases or have sneaky bugs. This commit contains some breaking changes to the REST API. SFTPGo API should be stable now and I hope no more breaking changes before the first stable release.
2019-08-24 12:41:15 +00:00
localPath := filepath.Join(homeBasePath, "scp_download.dat")
err = scpDownload(localPath, remoteDownPath, false, false)
if err == nil {
t.Errorf("scp download must fail, the user cannot download")
}
err = os.Remove(testFilePath)
if err != nil {
t.Errorf("error removing test file")
}
err = os.RemoveAll(user.GetHomeDir())
if err != nil {
t.Errorf("error removing uploaded files")
}
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
_, err = httpd.RemoveUser(user, http.StatusOK)
add SCP support SCP is an experimental feature, we have our own SCP implementation since we can't rely on scp system command to proper handle permissions, quota and user's home dir restrictions. The SCP protocol is quite simple but there is no official docs about it, so we need more testing and feedbacks before enabling it by default. We may not handle some borderline cases or have sneaky bugs. This commit contains some breaking changes to the REST API. SFTPGo API should be stable now and I hope no more breaking changes before the first stable release.
2019-08-24 12:41:15 +00:00
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
}
func TestSCPQuotaSize(t *testing.T) {
if len(scpPath) == 0 {
t.Skip("scp command not found, unable to execute this test")
}
usePubKey := true
testFileSize := int64(65535)
u := getTestUser(usePubKey)
u.QuotaFiles = 1
u.QuotaSize = testFileSize - 1
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
user, _, err := httpd.AddUser(u, http.StatusOK)
add SCP support SCP is an experimental feature, we have our own SCP implementation since we can't rely on scp system command to proper handle permissions, quota and user's home dir restrictions. The SCP protocol is quite simple but there is no official docs about it, so we need more testing and feedbacks before enabling it by default. We may not handle some borderline cases or have sneaky bugs. This commit contains some breaking changes to the REST API. SFTPGo API should be stable now and I hope no more breaking changes before the first stable release.
2019-08-24 12:41:15 +00:00
if err != nil {
t.Errorf("unable to add user: %v", err)
}
testFileName := "test_file.dat"
testFilePath := filepath.Join(homeBasePath, testFileName)
err = createTestFile(testFilePath, testFileSize)
if err != nil {
t.Errorf("unable to create test file: %v", err)
}
remoteUpPath := fmt.Sprintf("%v@127.0.0.1:%v", user.Username, path.Join("/", testFileName))
scp: add test case and document remote to remote transfers
2019-08-25 11:51:54 +00:00
err = scpUpload(testFilePath, remoteUpPath, true, false)
add SCP support SCP is an experimental feature, we have our own SCP implementation since we can't rely on scp system command to proper handle permissions, quota and user's home dir restrictions. The SCP protocol is quite simple but there is no official docs about it, so we need more testing and feedbacks before enabling it by default. We may not handle some borderline cases or have sneaky bugs. This commit contains some breaking changes to the REST API. SFTPGo API should be stable now and I hope no more breaking changes before the first stable release.
2019-08-24 12:41:15 +00:00
if err != nil {
t.Errorf("error uploading existing file via scp: %v", err)
}
scp: add test case and document remote to remote transfers
2019-08-25 11:51:54 +00:00
err = scpUpload(testFilePath, remoteUpPath+".quota", true, false)
add SCP support SCP is an experimental feature, we have our own SCP implementation since we can't rely on scp system command to proper handle permissions, quota and user's home dir restrictions. The SCP protocol is quite simple but there is no official docs about it, so we need more testing and feedbacks before enabling it by default. We may not handle some borderline cases or have sneaky bugs. This commit contains some breaking changes to the REST API. SFTPGo API should be stable now and I hope no more breaking changes before the first stable release.
2019-08-24 12:41:15 +00:00
if err == nil {
t.Errorf("user is over quota scp upload must fail")
}
err = os.Remove(testFilePath)
if err != nil {
t.Errorf("error removing test file")
}
err = os.RemoveAll(user.GetHomeDir())
if err != nil {
t.Errorf("error removing uploaded files")
}
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
_, err = httpd.RemoveUser(user, http.StatusOK)
add SCP support SCP is an experimental feature, we have our own SCP implementation since we can't rely on scp system command to proper handle permissions, quota and user's home dir restrictions. The SCP protocol is quite simple but there is no official docs about it, so we need more testing and feedbacks before enabling it by default. We may not handle some borderline cases or have sneaky bugs. This commit contains some breaking changes to the REST API. SFTPGo API should be stable now and I hope no more breaking changes before the first stable release.
2019-08-24 12:41:15 +00:00
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
}
func TestSCPEscapeHomeDir(t *testing.T) {
if len(scpPath) == 0 {
t.Skip("scp command not found, unable to execute this test")
}
usePubKey := true
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
user, _, err := httpd.AddUser(getTestUser(usePubKey), http.StatusOK)
add SCP support SCP is an experimental feature, we have our own SCP implementation since we can't rely on scp system command to proper handle permissions, quota and user's home dir restrictions. The SCP protocol is quite simple but there is no official docs about it, so we need more testing and feedbacks before enabling it by default. We may not handle some borderline cases or have sneaky bugs. This commit contains some breaking changes to the REST API. SFTPGo API should be stable now and I hope no more breaking changes before the first stable release.
2019-08-24 12:41:15 +00:00
if err != nil {
t.Errorf("unable to add user: %v", err)
}
os.MkdirAll(user.GetHomeDir(), 0777)
testDir := "testDir"
linkPath := filepath.Join(homeBasePath, defaultUsername, testDir)
err = os.Symlink(homeBasePath, linkPath)
if err != nil {
t.Errorf("error making local symlink: %v", err)
}
testFileName := "test_file.dat"
testFilePath := filepath.Join(homeBasePath, testFileName)
testFileSize := int64(65535)
err = createTestFile(testFilePath, testFileSize)
if err != nil {
t.Errorf("unable to create test file: %v", err)
}
remoteUpPath := fmt.Sprintf("%v@127.0.0.1:%v", user.Username, path.Join(testDir, testDir))
scp: add test case and document remote to remote transfers
2019-08-25 11:51:54 +00:00
err = scpUpload(testFilePath, remoteUpPath, false, false)
add SCP support SCP is an experimental feature, we have our own SCP implementation since we can't rely on scp system command to proper handle permissions, quota and user's home dir restrictions. The SCP protocol is quite simple but there is no official docs about it, so we need more testing and feedbacks before enabling it by default. We may not handle some borderline cases or have sneaky bugs. This commit contains some breaking changes to the REST API. SFTPGo API should be stable now and I hope no more breaking changes before the first stable release.
2019-08-24 12:41:15 +00:00
if err == nil {
t.Errorf("uploading to a dir with a symlink outside home dir must fail")
}
remoteDownPath := fmt.Sprintf("%v@127.0.0.1:%v", user.Username, path.Join("/", testDir, testFileName))
localPath := filepath.Join(homeBasePath, "scp_download.dat")
err = scpDownload(localPath, remoteDownPath, false, false)
if err == nil {
t.Errorf("scp download must fail, the requested file has a symlink outside user home")
}
remoteDownPath = fmt.Sprintf("%v@127.0.0.1:%v", user.Username, path.Join("/", testDir))
err = scpDownload(homeBasePath, remoteDownPath, false, true)
if err == nil {
t.Errorf("scp download must fail, the requested dir is a symlink outside user home")
}
err = os.Remove(testFilePath)
if err != nil {
t.Errorf("error removing test file")
}
err = os.RemoveAll(user.GetHomeDir())
if err != nil {
t.Errorf("error removing uploaded files")
}
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
_, err = httpd.RemoveUser(user, http.StatusOK)
add SCP support SCP is an experimental feature, we have our own SCP implementation since we can't rely on scp system command to proper handle permissions, quota and user's home dir restrictions. The SCP protocol is quite simple but there is no official docs about it, so we need more testing and feedbacks before enabling it by default. We may not handle some borderline cases or have sneaky bugs. This commit contains some breaking changes to the REST API. SFTPGo API should be stable now and I hope no more breaking changes before the first stable release.
2019-08-24 12:41:15 +00:00
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
}
func TestSCPUploadPaths(t *testing.T) {
if len(scpPath) == 0 {
t.Skip("scp command not found, unable to execute this test")
}
usePubKey := true
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
user, _, err := httpd.AddUser(getTestUser(usePubKey), http.StatusOK)
add SCP support SCP is an experimental feature, we have our own SCP implementation since we can't rely on scp system command to proper handle permissions, quota and user's home dir restrictions. The SCP protocol is quite simple but there is no official docs about it, so we need more testing and feedbacks before enabling it by default. We may not handle some borderline cases or have sneaky bugs. This commit contains some breaking changes to the REST API. SFTPGo API should be stable now and I hope no more breaking changes before the first stable release.
2019-08-24 12:41:15 +00:00
if err != nil {
t.Errorf("unable to add user: %v", err)
}
testFileName := "test_file.dat"
testFilePath := filepath.Join(homeBasePath, testFileName)
testFileSize := int64(65535)
testDirName := "testDir"
testDirPath := filepath.Join(user.GetHomeDir(), testDirName)
os.MkdirAll(testDirPath, 0777)
err = createTestFile(testFilePath, testFileSize)
if err != nil {
t.Errorf("unable to create test file: %v", err)
}
remoteUpPath := fmt.Sprintf("%v@127.0.0.1:%v", user.Username, testDirName)
remoteDownPath := fmt.Sprintf("%v@127.0.0.1:%v", user.Username, path.Join(testDirName, testFileName))
localPath := filepath.Join(homeBasePath, "scp_download.dat")
scp: add test case and document remote to remote transfers
2019-08-25 11:51:54 +00:00
err = scpUpload(testFilePath, remoteUpPath, false, false)
add SCP support SCP is an experimental feature, we have our own SCP implementation since we can't rely on scp system command to proper handle permissions, quota and user's home dir restrictions. The SCP protocol is quite simple but there is no official docs about it, so we need more testing and feedbacks before enabling it by default. We may not handle some borderline cases or have sneaky bugs. This commit contains some breaking changes to the REST API. SFTPGo API should be stable now and I hope no more breaking changes before the first stable release.
2019-08-24 12:41:15 +00:00
if err != nil {
t.Errorf("scp upload error: %v", err)
}
err = scpDownload(localPath, remoteDownPath, false, false)
if err != nil {
t.Errorf("scp download error: %v", err)
}
// upload a file to a missing dir
remoteUpPath = fmt.Sprintf("%v@127.0.0.1:%v", user.Username, path.Join(testDirName, testDirName, testFileName))
scp: add test case and document remote to remote transfers
2019-08-25 11:51:54 +00:00
err = scpUpload(testFilePath, remoteUpPath, false, false)
add SCP support SCP is an experimental feature, we have our own SCP implementation since we can't rely on scp system command to proper handle permissions, quota and user's home dir restrictions. The SCP protocol is quite simple but there is no official docs about it, so we need more testing and feedbacks before enabling it by default. We may not handle some borderline cases or have sneaky bugs. This commit contains some breaking changes to the REST API. SFTPGo API should be stable now and I hope no more breaking changes before the first stable release.
2019-08-24 12:41:15 +00:00
if err == nil {
t.Errorf("scp upload to a missing dir must fail")
}
err = os.RemoveAll(user.GetHomeDir())
if err != nil {
t.Errorf("error removing uploaded files")
}
add support for Git over SSH We use the system commands "git-receive-pack", "git-upload-pack" and "git-upload-archive". they need to be installed and in your system's PATH. Since we execute system commands we have no direct control on file creation/deletion and so quota check is suboptimal: if quota is enabled, the number of files is checked at the command begin and not while new files are created. The allowed size is calculated as the difference between the max quota and the used one. The command is aborted if it uploads more bytes than the remaining allowed size calculated at the command start. Quotas are recalculated at the command end with a full home directory scan, this could be heavy for big directories.
2019-11-26 21:26:42 +00:00
os.Remove(localPath)
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
_, err = httpd.RemoveUser(user, http.StatusOK)
add SCP support SCP is an experimental feature, we have our own SCP implementation since we can't rely on scp system command to proper handle permissions, quota and user's home dir restrictions. The SCP protocol is quite simple but there is no official docs about it, so we need more testing and feedbacks before enabling it by default. We may not handle some borderline cases or have sneaky bugs. This commit contains some breaking changes to the REST API. SFTPGo API should be stable now and I hope no more breaking changes before the first stable release.
2019-08-24 12:41:15 +00:00
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
}
func TestSCPOverwriteDirWithFile(t *testing.T) {
if len(scpPath) == 0 {
t.Skip("scp command not found, unable to execute this test")
}
usePubKey := true
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
user, _, err := httpd.AddUser(getTestUser(usePubKey), http.StatusOK)
add SCP support SCP is an experimental feature, we have our own SCP implementation since we can't rely on scp system command to proper handle permissions, quota and user's home dir restrictions. The SCP protocol is quite simple but there is no official docs about it, so we need more testing and feedbacks before enabling it by default. We may not handle some borderline cases or have sneaky bugs. This commit contains some breaking changes to the REST API. SFTPGo API should be stable now and I hope no more breaking changes before the first stable release.
2019-08-24 12:41:15 +00:00
if err != nil {
t.Errorf("unable to add user: %v", err)
}
testFileName := "test_file.dat"
testFilePath := filepath.Join(homeBasePath, testFileName)
testFileSize := int64(65535)
testDirPath := filepath.Join(user.GetHomeDir(), testFileName)
os.MkdirAll(testDirPath, 0777)
err = createTestFile(testFilePath, testFileSize)
if err != nil {
t.Errorf("unable to create test file: %v", err)
}
remoteUpPath := fmt.Sprintf("%v@127.0.0.1:%v", user.Username, "/")
scp: add test case and document remote to remote transfers
2019-08-25 11:51:54 +00:00
err = scpUpload(testFilePath, remoteUpPath, false, false)
add SCP support SCP is an experimental feature, we have our own SCP implementation since we can't rely on scp system command to proper handle permissions, quota and user's home dir restrictions. The SCP protocol is quite simple but there is no official docs about it, so we need more testing and feedbacks before enabling it by default. We may not handle some borderline cases or have sneaky bugs. This commit contains some breaking changes to the REST API. SFTPGo API should be stable now and I hope no more breaking changes before the first stable release.
2019-08-24 12:41:15 +00:00
if err == nil {
t.Errorf("copying a file over an existing dir must fail")
}
err = os.RemoveAll(user.GetHomeDir())
if err != nil {
t.Errorf("error removing uploaded files")
}
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
_, err = httpd.RemoveUser(user, http.StatusOK)
add SCP support SCP is an experimental feature, we have our own SCP implementation since we can't rely on scp system command to proper handle permissions, quota and user's home dir restrictions. The SCP protocol is quite simple but there is no official docs about it, so we need more testing and feedbacks before enabling it by default. We may not handle some borderline cases or have sneaky bugs. This commit contains some breaking changes to the REST API. SFTPGo API should be stable now and I hope no more breaking changes before the first stable release.
2019-08-24 12:41:15 +00:00
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
}
scp: add test case and document remote to remote transfers
2019-08-25 11:51:54 +00:00
func TestSCPRemoteToRemote(t *testing.T) {
if len(scpPath) == 0 {
t.Skip("scp command not found, unable to execute this test")
}
usePubKey := true
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
user, _, err := httpd.AddUser(getTestUser(usePubKey), http.StatusOK)
scp: add test case and document remote to remote transfers
2019-08-25 11:51:54 +00:00
if err != nil {
t.Errorf("unable to add user: %v", err)
}
u := getTestUser(usePubKey)
u.Username += "1"
u.HomeDir += "1"
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
user1, _, err := httpd.AddUser(u, http.StatusOK)
scp: add test case and document remote to remote transfers
2019-08-25 11:51:54 +00:00
if err != nil {
t.Errorf("unable to add user: %v", err)
}
testFileName := "test_file.dat"
testFilePath := filepath.Join(homeBasePath, testFileName)
testFileSize := int64(65535)
err = createTestFile(testFilePath, testFileSize)
if err != nil {
t.Errorf("unable to create test file: %v", err)
}
remoteUpPath := fmt.Sprintf("%v@127.0.0.1:%v", user.Username, path.Join("/", testFileName))
remote1UpPath := fmt.Sprintf("%v@127.0.0.1:%v", user1.Username, path.Join("/", testFileName))
err = scpUpload(testFilePath, remoteUpPath, false, false)
if err != nil {
t.Errorf("scp upload error: %v", err)
}
err = scpUpload(remoteUpPath, remote1UpPath, false, true)
if err != nil {
t.Errorf("scp upload remote to remote error: %v", err)
}
err = os.RemoveAll(user.GetHomeDir())
if err != nil {
t.Errorf("error removing uploaded files")
}
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
_, err = httpd.RemoveUser(user, http.StatusOK)
scp: add test case and document remote to remote transfers
2019-08-25 11:51:54 +00:00
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
err = os.RemoveAll(user1.GetHomeDir())
if err != nil {
t.Errorf("error removing uploaded files for user1")
}
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
_, err = httpd.RemoveUser(user1, http.StatusOK)
scp: add test case and document remote to remote transfers
2019-08-25 11:51:54 +00:00
if err != nil {
t.Errorf("unable to remove user1: %v", err)
}
}
actions: don't execute actions on errors detect upload/download errors and don't execute actions if a transfer error happen. To detect SFTP errors this patch is needed: https://github.com/pkg/sftp/pull/307
2019-09-07 21:10:20 +00:00
func TestSCPErrors(t *testing.T) {
if len(scpPath) == 0 {
t.Skip("scp command not found, unable to execute this test")
}
u := getTestUser(true)
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
user, _, err := httpd.AddUser(u, http.StatusOK)
actions: don't execute actions on errors detect upload/download errors and don't execute actions if a transfer error happen. To detect SFTP errors this patch is needed: https://github.com/pkg/sftp/pull/307
2019-09-07 21:10:20 +00:00
if err != nil {
t.Errorf("unable to add user: %v", err)
}
testFileSize := int64(524288)
testFileName := "test_file.dat"
testFilePath := filepath.Join(homeBasePath, testFileName)
err = createTestFile(testFilePath, testFileSize)
if err != nil {
t.Errorf("unable to create test file: %v", err)
}
remoteUpPath := fmt.Sprintf("%v@127.0.0.1:%v", user.Username, "/")
remoteDownPath := fmt.Sprintf("%v@127.0.0.1:%v", user.Username, path.Join("/", testFileName))
localPath := filepath.Join(homeBasePath, "scp_download.dat")
err = scpUpload(testFilePath, remoteUpPath, false, false)
if err != nil {
t.Errorf("error uploading file via scp: %v", err)
}
improve transfer error log and TestSCPErrors
2019-09-09 06:57:11 +00:00
user.UploadBandwidth = 512
user.DownloadBandwidth = 512
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
_, _, err = httpd.UpdateUser(user, http.StatusOK)
improve transfer error log and TestSCPErrors
2019-09-09 06:57:11 +00:00
if err != nil {
t.Errorf("unable to update user: %v", err)
}
actions: don't execute actions on errors detect upload/download errors and don't execute actions if a transfer error happen. To detect SFTP errors this patch is needed: https://github.com/pkg/sftp/pull/307
2019-09-07 21:10:20 +00:00
cmd := getScpDownloadCommand(localPath, remoteDownPath, false, false)
go func() {
if cmd.Run() == nil {
t.Errorf("SCP download must fail")
}
}()
waitForActiveTransfer()
// wait some additional arbitrary time to wait for transfer activity to happen
// it is need to reach all the code in CheckIdleConnections
time.Sleep(100 * time.Millisecond)
cmd.Process.Kill()
atomic upload mode: remove temporary file on error If a transfer error is detected, then the partial temporary file will be removed and not renamed to requested path
2019-09-10 16:47:21 +00:00
waitForNoActiveTransfer()
actions: don't execute actions on errors detect upload/download errors and don't execute actions if a transfer error happen. To detect SFTP errors this patch is needed: https://github.com/pkg/sftp/pull/307
2019-09-07 21:10:20 +00:00
cmd = getScpUploadCommand(testFilePath, remoteUpPath, false, false)
go func() {
if cmd.Run() == nil {
t.Errorf("SCP upload must fail")
}
}()
waitForActiveTransfer()
// wait some additional arbitrary time to wait for transfer activity to happen
// it is need to reach all the code in CheckIdleConnections
time.Sleep(100 * time.Millisecond)
cmd.Process.Kill()
atomic upload mode: remove temporary file on error If a transfer error is detected, then the partial temporary file will be removed and not renamed to requested path
2019-09-10 16:47:21 +00:00
waitForNoActiveTransfer()
actions: don't execute actions on errors detect upload/download errors and don't execute actions if a transfer error happen. To detect SFTP errors this patch is needed: https://github.com/pkg/sftp/pull/307
2019-09-07 21:10:20 +00:00
err = os.Remove(testFilePath)
if err != nil {
t.Errorf("error removing test file")
}
add support for Git over SSH We use the system commands "git-receive-pack", "git-upload-pack" and "git-upload-archive". they need to be installed and in your system's PATH. Since we execute system commands we have no direct control on file creation/deletion and so quota check is suboptimal: if quota is enabled, the number of files is checked at the command begin and not while new files are created. The allowed size is calculated as the difference between the max quota and the used one. The command is aborted if it uploads more bytes than the remaining allowed size calculated at the command start. Quotas are recalculated at the command end with a full home directory scan, this could be heavy for big directories.
2019-11-26 21:26:42 +00:00
os.Remove(localPath)
actions: don't execute actions on errors detect upload/download errors and don't execute actions if a transfer error happen. To detect SFTP errors this patch is needed: https://github.com/pkg/sftp/pull/307
2019-09-07 21:10:20 +00:00
err = os.RemoveAll(user.GetHomeDir())
if err != nil {
t.Errorf("error removing uploaded files")
}
add a basic web interface The builtin web interface allows to manage users and connections
2019-10-07 16:19:01 +00:00
_, err = httpd.RemoveUser(user, http.StatusOK)
actions: don't execute actions on errors detect upload/download errors and don't execute actions if a transfer error happen. To detect SFTP errors this patch is needed: https://github.com/pkg/sftp/pull/307
2019-09-07 21:10:20 +00:00
if err != nil {
t.Errorf("unable to remove user: %v", err)
}
}
add SCP support SCP is an experimental feature, we have our own SCP implementation since we can't rely on scp system command to proper handle permissions, quota and user's home dir restrictions. The SCP protocol is quite simple but there is no official docs about it, so we need more testing and feedbacks before enabling it by default. We may not handle some borderline cases or have sneaky bugs. This commit contains some breaking changes to the REST API. SFTPGo API should be stable now and I hope no more breaking changes before the first stable release.
2019-08-24 12:41:15 +00:00
// End SCP tests
add more test cases
2019-07-26 13:08:08 +00:00
func waitTCPListening(address string) {
for {
conn, err := net.Dial("tcp", address)
if err != nil {
add new test cases
2019-07-31 12:11:44 +00:00
logger.WarnToConsole("tcp server %v not listening: %v\n", address, err)
add more test cases
2019-07-26 13:08:08 +00:00
time.Sleep(100 * time.Millisecond)
continue
}
add new test cases
2019-07-31 12:11:44 +00:00
logger.InfoToConsole("tcp server %v now listening\n", address)
add more test cases
2019-07-26 13:08:08 +00:00
defer conn.Close()
break
}
}
sftpd: improve test cases
2019-07-26 14:15:42 +00:00
func getTestUser(usePubKey bool) dataprovider.User {
user := dataprovider.User{
dataprovider: add support for user status and expiration an user can now be disabled or expired. If you are using an SQL database as dataprovider please remember to execute the sql update script inside "sql" folder. Fixes #57
2019-11-13 10:36:21 +00:00
Username: defaultUsername,
Password: defaultPassword,
HomeDir: filepath.Join(homeBasePath, defaultUsername),
Status: 1,
ExpirationDate: 0,
sftpd: improve test cases
2019-07-26 14:15:42 +00:00
}
add per directory permissions we can now have permissions such as these ones {"/":["*"],"/somedir":["list","download"]} The old permissions are automatically converted to the new structure, no database migration is needed
2019-12-25 17:20:19 +00:00
user.Permissions = make(map[string][]string)
user.Permissions["/"] = allPerms
sftpd: improve test cases
2019-07-26 14:15:42 +00:00
if usePubKey {
rename public_key in public_keys remove compatibility layer to convert public keys newline delimited in json list
2019-08-07 21:41:10 +00:00
user.PublicKeys = []string{testPubKey}
sftpd: improve test cases
2019-07-26 14:15:42 +00:00
user.Password = ""
}
return user
}
sftpd: add support for some SSH commands md5sum, sha1sum are used by rclone. cd, pwd improve the support for RemoteFiles mobile app. These commands are all implemented inside SFTPGo so they work even if the matching system commands are not available, for example on Windows
2019-11-18 22:30:37 +00:00
func runSSHCommand(command string, user dataprovider.User, usePubKey bool) ([]byte, error) {
sftpd: improve test cases
2019-07-26 14:15:42 +00:00
var sshSession *ssh.Session
sftpd: add support for some SSH commands md5sum, sha1sum are used by rclone. cd, pwd improve the support for RemoteFiles mobile app. These commands are all implemented inside SFTPGo so they work even if the matching system commands are not available, for example on Windows
2019-11-18 22:30:37 +00:00
var output []byte
sftpd: improve test cases
2019-07-26 14:15:42 +00:00
config := &ssh.ClientConfig{
User: defaultUsername,
HostKeyCallback: func(hostname string, remote net.Addr, key ssh.PublicKey) error {
return nil
},
}
if usePubKey {
key, err := ssh.ParsePrivateKey([]byte(testPrivateKey))
if err != nil {
sftpd: add support for some SSH commands md5sum, sha1sum are used by rclone. cd, pwd improve the support for RemoteFiles mobile app. These commands are all implemented inside SFTPGo so they work even if the matching system commands are not available, for example on Windows
2019-11-18 22:30:37 +00:00
return output, err
sftpd: improve test cases
2019-07-26 14:15:42 +00:00
}
config.Auth = []ssh.AuthMethod{ssh.PublicKeys(key)}
} else {
config.Auth = []ssh.AuthMethod{ssh.Password(defaultPassword)}
}
conn, err := ssh.Dial("tcp", sftpServerAddr, config)
if err != nil {
sftpd: add support for some SSH commands md5sum, sha1sum are used by rclone. cd, pwd improve the support for RemoteFiles mobile app. These commands are all implemented inside SFTPGo so they work even if the matching system commands are not available, for example on Windows
2019-11-18 22:30:37 +00:00
return output, err
sftpd: improve test cases
2019-07-26 14:15:42 +00:00
}
defer conn.Close()
sshSession, err = conn.NewSession()
if err != nil {
sftpd: add support for some SSH commands md5sum, sha1sum are used by rclone. cd, pwd improve the support for RemoteFiles mobile app. These commands are all implemented inside SFTPGo so they work even if the matching system commands are not available, for example on Windows
2019-11-18 22:30:37 +00:00
return output, err
sftpd: improve test cases
2019-07-26 14:15:42 +00:00
}
sftpd: add support for some SSH commands md5sum, sha1sum are used by rclone. cd, pwd improve the support for RemoteFiles mobile app. These commands are all implemented inside SFTPGo so they work even if the matching system commands are not available, for example on Windows
2019-11-18 22:30:37 +00:00
var stdout, stderr bytes.Buffer
sshSession.Stdout = &stdout
sshSession.Stderr = &stderr
err = sshSession.Run(command)
if err != nil {
return nil, fmt.Errorf("failed to run command %v: %v", command, stderr.Bytes())
}
return stdout.Bytes(), err
sftpd: improve test cases
2019-07-26 14:15:42 +00:00
}
Support for HAProxy PROXY protocol you can proxy and/or load balance the SFTP/SCP service without losing the information about the client's address.
2020-02-27 08:21:30 +00:00
func getSftpClientWithAddr(user dataprovider.User, usePubKey bool, addr string) (*sftp.Client, error) {
add more test cases
2019-07-26 13:08:08 +00:00
var sftpClient *sftp.Client
config := &ssh.ClientConfig{
add new test cases
2019-07-31 12:11:44 +00:00
User: user.Username,
add more test cases
2019-07-26 13:08:08 +00:00
HostKeyCallback: func(hostname string, remote net.Addr, key ssh.PublicKey) error {
return nil
},
}
if usePubKey {
key, err := ssh.ParsePrivateKey([]byte(testPrivateKey))
if err != nil {
return nil, err
}
config.Auth = []ssh.AuthMethod{ssh.PublicKeys(key)}
} else {
add new test cases
2019-07-31 12:11:44 +00:00
if len(user.Password) > 0 {
config.Auth = []ssh.AuthMethod{ssh.Password(user.Password)}
} else {
config.Auth = []ssh.AuthMethod{ssh.Password(defaultPassword)}
}
add more test cases
2019-07-26 13:08:08 +00:00
}
Support for HAProxy PROXY protocol you can proxy and/or load balance the SFTP/SCP service without losing the information about the client's address.
2020-02-27 08:21:30 +00:00
conn, err := ssh.Dial("tcp", addr, config)
add more test cases
2019-07-26 13:08:08 +00:00
if err != nil {
return sftpClient, err
}
sftpClient, err = sftp.NewClient(conn)
return sftpClient, err
}
Support for HAProxy PROXY protocol you can proxy and/or load balance the SFTP/SCP service without losing the information about the client's address.
2020-02-27 08:21:30 +00:00
func getSftpClient(user dataprovider.User, usePubKey bool) (*sftp.Client, error) {
return getSftpClientWithAddr(user, usePubKey, sftpServerAddr)
}
add support for keyboard interactive authentication Fixes #64
2020-01-21 09:54:05 +00:00
func getKeyboardInteractiveSftpClient(user dataprovider.User, answers []string) (*sftp.Client, error) {
var sftpClient *sftp.Client
config := &ssh.ClientConfig{
User: user.Username,
HostKeyCallback: func(hostname string, remote net.Addr, key ssh.PublicKey) error {
return nil
},
Auth: []ssh.AuthMethod{
ssh.KeyboardInteractive(func(user, instruction string, questions []string, echos []bool) ([]string, error) {
return answers, nil
}),
},
}
conn, err := ssh.Dial("tcp", sftpServerAddr, config)
if err != nil {
return sftpClient, err
}
sftpClient, err = sftp.NewClient(conn)
return sftpClient, err
}
add more test cases
2019-07-26 13:08:08 +00:00
func createTestFile(path string, size int64) error {
add SCP support SCP is an experimental feature, we have our own SCP implementation since we can't rely on scp system command to proper handle permissions, quota and user's home dir restrictions. The SCP protocol is quite simple but there is no official docs about it, so we need more testing and feedbacks before enabling it by default. We may not handle some borderline cases or have sneaky bugs. This commit contains some breaking changes to the REST API. SFTPGo API should be stable now and I hope no more breaking changes before the first stable release.
2019-08-24 12:41:15 +00:00
baseDir := filepath.Dir(path)
if _, err := os.Stat(baseDir); os.IsNotExist(err) {
os.MkdirAll(baseDir, 0777)
}
add more test cases
2019-07-26 13:08:08 +00:00
content := make([]byte, size)
_, err := rand.Read(content)
if err != nil {
return err
}
return ioutil.WriteFile(path, content, 0666)
}
sftpd: add support for upload resume we support resume only if the client sets the correct offset while resuming the upload. Based on the specs the offset is optional for resume, but all the tested clients sets a right offset. If an invalid offset is given we interrupt the transfer with the error "Invalid write offset ..." See https://github.com/pkg/sftp/issues/295 This commit add a new upload mode: "atomic with resume support", this acts as atomic but if there is an upload error the temporary file is renamed to the requested path and not deleted, this way a client can reconnect and resume the upload
2019-10-09 15:33:30 +00:00
func appendToTestFile(path string, size int64) error {
content := make([]byte, size)
_, err := rand.Read(content)
if err != nil {
return err
}
f, err := os.OpenFile(path, os.O_APPEND|os.O_WRONLY, 0666)
if err != nil {
return err
}
written, err := io.Copy(f, bytes.NewReader(content))
if err != nil {
return err
}
if int64(written) != size {
return fmt.Errorf("write error, written: %v/%v", written, size)
}
return nil
}
add more test cases
2019-07-26 13:08:08 +00:00
func sftpUploadFile(localSourcePath string, remoteDestPath string, expectedSize int64, client *sftp.Client) error {
srcFile, err := os.Open(localSourcePath)
if err != nil {
return err
}
defer srcFile.Close()
destFile, err := client.Create(remoteDestPath)
if err != nil {
return err
}
_, err = io.Copy(destFile, srcFile)
add support for atomic upload Atomic uploads are now configurable. The default upload mode remains non atomic
2019-08-04 07:37:58 +00:00
if err != nil {
destFile.Close()
return err
}
// we need to close the file to trigger the close method on server
add per directory permissions we can now have permissions such as these ones {"/":["*"],"/somedir":["list","download"]} The old permissions are automatically converted to the new structure, no database migration is needed
2019-12-25 17:20:19 +00:00
// we cannot defer closing or Lstat will fail for uploads in atomic mode
add support for atomic upload Atomic uploads are now configurable. The default upload mode remains non atomic
2019-08-04 07:37:58 +00:00
destFile.Close()
add more test cases
2019-07-26 13:08:08 +00:00
if expectedSize > 0 {
add per directory permissions we can now have permissions such as these ones {"/":["*"],"/somedir":["list","download"]} The old permissions are automatically converted to the new structure, no database migration is needed
2019-12-25 17:20:19 +00:00
fi, err := client.Stat(remoteDestPath)
add more test cases
2019-07-26 13:08:08 +00:00
if err != nil {
return err
}
if fi.Size() != expectedSize {
return fmt.Errorf("uploaded file size does not match, actual: %v, expected: %v", fi.Size(), expectedSize)
}
}
return err
}
sftpd: add support for upload resume we support resume only if the client sets the correct offset while resuming the upload. Based on the specs the offset is optional for resume, but all the tested clients sets a right offset. If an invalid offset is given we interrupt the transfer with the error "Invalid write offset ..." See https://github.com/pkg/sftp/issues/295 This commit add a new upload mode: "atomic with resume support", this acts as atomic but if there is an upload error the temporary file is renamed to the requested path and not deleted, this way a client can reconnect and resume the upload
2019-10-09 15:33:30 +00:00
func sftpUploadResumeFile(localSourcePath string, remoteDestPath string, expectedSize int64, invalidOffset bool,
client *sftp.Client) error {
srcFile, err := os.Open(localSourcePath)
if err != nil {
return err
}
defer srcFile.Close()
fi, err := client.Lstat(remoteDestPath)
if err != nil {
return err
}
if !invalidOffset {
_, err = srcFile.Seek(fi.Size(), 0)
if err != nil {
return err
}
}
destFile, err := client.OpenFile(remoteDestPath, os.O_WRONLY|os.O_APPEND)
if err != nil {
return err
}
if !invalidOffset {
_, err = destFile.Seek(fi.Size(), 0)
if err != nil {
return err
}
}
_, err = io.Copy(destFile, srcFile)
if err != nil {
destFile.Close()
return err
}
// we need to close the file to trigger the close method on server
// we cannot defer closing or Lstat will fail for upload atomic mode
destFile.Close()
if expectedSize > 0 {
fi, err := client.Lstat(remoteDestPath)
if err != nil {
return err
}
if fi.Size() != expectedSize {
return fmt.Errorf("uploaded file size does not match, actual: %v, expected: %v", fi.Size(), expectedSize)
}
}
return err
}
add more test cases
2019-07-26 13:08:08 +00:00
func sftpDownloadFile(remoteSourcePath string, localDestPath string, expectedSize int64, client *sftp.Client) error {
downloadDest, err := os.Create(localDestPath)
if err != nil {
return err
}
defer downloadDest.Close()
sftpSrcFile, err := client.Open(remoteSourcePath)
if err != nil {
return err
}
defer sftpSrcFile.Close()
_, err = io.Copy(downloadDest, sftpSrcFile)
if err != nil {
return err
}
err = downloadDest.Sync()
if err != nil {
return err
}
if expectedSize > 0 {
fi, err := downloadDest.Stat()
if err != nil {
return err
}
if fi.Size() != expectedSize {
return fmt.Errorf("downloaded file size does not match, actual: %v, expected: %v", fi.Size(), expectedSize)
}
}
return err
}
func sftpUploadNonBlocking(localSourcePath string, remoteDestPath string, expectedSize int64, client *sftp.Client) <-chan error {
c := make(chan error)
go func() {
c <- sftpUploadFile(localSourcePath, remoteDestPath, expectedSize, client)
}()
return c
}
func sftpDownloadNonBlocking(remoteSourcePath string, localDestPath string, expectedSize int64, client *sftp.Client) <-chan error {
c := make(chan error)
go func() {
c <- sftpDownloadFile(remoteSourcePath, localDestPath, expectedSize, client)
}()
return c
}
scp: add test case and document remote to remote transfers
2019-08-25 11:51:54 +00:00
func scpUpload(localPath, remotePath string, preserveTime, remoteToRemote bool) error {
actions: don't execute actions on errors detect upload/download errors and don't execute actions if a transfer error happen. To detect SFTP errors this patch is needed: https://github.com/pkg/sftp/pull/307
2019-09-07 21:10:20 +00:00
cmd := getScpUploadCommand(localPath, remotePath, preserveTime, remoteToRemote)
return cmd.Run()
}
func scpDownload(localPath, remotePath string, preserveTime, recursive bool) error {
cmd := getScpDownloadCommand(localPath, remotePath, preserveTime, recursive)
return cmd.Run()
}
func getScpDownloadCommand(localPath, remotePath string, preserveTime, recursive bool) *exec.Cmd {
add SCP support SCP is an experimental feature, we have our own SCP implementation since we can't rely on scp system command to proper handle permissions, quota and user's home dir restrictions. The SCP protocol is quite simple but there is no official docs about it, so we need more testing and feedbacks before enabling it by default. We may not handle some borderline cases or have sneaky bugs. This commit contains some breaking changes to the REST API. SFTPGo API should be stable now and I hope no more breaking changes before the first stable release.
2019-08-24 12:41:15 +00:00
var args []string
if preserveTime {
args = append(args, "-p")
}
actions: don't execute actions on errors detect upload/download errors and don't execute actions if a transfer error happen. To detect SFTP errors this patch is needed: https://github.com/pkg/sftp/pull/307
2019-09-07 21:10:20 +00:00
if recursive {
args = append(args, "-r")
add SCP support SCP is an experimental feature, we have our own SCP implementation since we can't rely on scp system command to proper handle permissions, quota and user's home dir restrictions. The SCP protocol is quite simple but there is no official docs about it, so we need more testing and feedbacks before enabling it by default. We may not handle some borderline cases or have sneaky bugs. This commit contains some breaking changes to the REST API. SFTPGo API should be stable now and I hope no more breaking changes before the first stable release.
2019-08-24 12:41:15 +00:00
}
args = append(args, "-P")
args = append(args, "2022")
args = append(args, "-o")
args = append(args, "StrictHostKeyChecking=no")
args = append(args, "-i")
args = append(args, privateKeyPath)
args = append(args, remotePath)
actions: don't execute actions on errors detect upload/download errors and don't execute actions if a transfer error happen. To detect SFTP errors this patch is needed: https://github.com/pkg/sftp/pull/307
2019-09-07 21:10:20 +00:00
args = append(args, localPath)
return exec.Command(scpPath, args...)
add SCP support SCP is an experimental feature, we have our own SCP implementation since we can't rely on scp system command to proper handle permissions, quota and user's home dir restrictions. The SCP protocol is quite simple but there is no official docs about it, so we need more testing and feedbacks before enabling it by default. We may not handle some borderline cases or have sneaky bugs. This commit contains some breaking changes to the REST API. SFTPGo API should be stable now and I hope no more breaking changes before the first stable release.
2019-08-24 12:41:15 +00:00
}
actions: don't execute actions on errors detect upload/download errors and don't execute actions if a transfer error happen. To detect SFTP errors this patch is needed: https://github.com/pkg/sftp/pull/307
2019-09-07 21:10:20 +00:00
func getScpUploadCommand(localPath, remotePath string, preserveTime, remoteToRemote bool) *exec.Cmd {
add SCP support SCP is an experimental feature, we have our own SCP implementation since we can't rely on scp system command to proper handle permissions, quota and user's home dir restrictions. The SCP protocol is quite simple but there is no official docs about it, so we need more testing and feedbacks before enabling it by default. We may not handle some borderline cases or have sneaky bugs. This commit contains some breaking changes to the REST API. SFTPGo API should be stable now and I hope no more breaking changes before the first stable release.
2019-08-24 12:41:15 +00:00
var args []string
actions: don't execute actions on errors detect upload/download errors and don't execute actions if a transfer error happen. To detect SFTP errors this patch is needed: https://github.com/pkg/sftp/pull/307
2019-09-07 21:10:20 +00:00
if remoteToRemote {
args = append(args, "-3")
}
add SCP support SCP is an experimental feature, we have our own SCP implementation since we can't rely on scp system command to proper handle permissions, quota and user's home dir restrictions. The SCP protocol is quite simple but there is no official docs about it, so we need more testing and feedbacks before enabling it by default. We may not handle some borderline cases or have sneaky bugs. This commit contains some breaking changes to the REST API. SFTPGo API should be stable now and I hope no more breaking changes before the first stable release.
2019-08-24 12:41:15 +00:00
if preserveTime {
args = append(args, "-p")
}
actions: don't execute actions on errors detect upload/download errors and don't execute actions if a transfer error happen. To detect SFTP errors this patch is needed: https://github.com/pkg/sftp/pull/307
2019-09-07 21:10:20 +00:00
fi, err := os.Stat(localPath)
if err == nil {
if fi.IsDir() {
args = append(args, "-r")
}
add SCP support SCP is an experimental feature, we have our own SCP implementation since we can't rely on scp system command to proper handle permissions, quota and user's home dir restrictions. The SCP protocol is quite simple but there is no official docs about it, so we need more testing and feedbacks before enabling it by default. We may not handle some borderline cases or have sneaky bugs. This commit contains some breaking changes to the REST API. SFTPGo API should be stable now and I hope no more breaking changes before the first stable release.
2019-08-24 12:41:15 +00:00
}
args = append(args, "-P")
args = append(args, "2022")
args = append(args, "-o")
args = append(args, "StrictHostKeyChecking=no")
args = append(args, "-i")
args = append(args, privateKeyPath)
args = append(args, localPath)
actions: don't execute actions on errors detect upload/download errors and don't execute actions if a transfer error happen. To detect SFTP errors this patch is needed: https://github.com/pkg/sftp/pull/307
2019-09-07 21:10:20 +00:00
args = append(args, remotePath)
return exec.Command(scpPath, args...)
add SCP support SCP is an experimental feature, we have our own SCP implementation since we can't rely on scp system command to proper handle permissions, quota and user's home dir restrictions. The SCP protocol is quite simple but there is no official docs about it, so we need more testing and feedbacks before enabling it by default. We may not handle some borderline cases or have sneaky bugs. This commit contains some breaking changes to the REST API. SFTPGo API should be stable now and I hope no more breaking changes before the first stable release.
2019-08-24 12:41:15 +00:00
}
sftpd: add support for some SSH commands md5sum, sha1sum are used by rclone. cd, pwd improve the support for RemoteFiles mobile app. These commands are all implemented inside SFTPGo so they work even if the matching system commands are not available, for example on Windows
2019-11-18 22:30:37 +00:00
func computeHashForFile(hasher hash.Hash, path string) (string, error) {
sftpd: add support for upload resume we support resume only if the client sets the correct offset while resuming the upload. Based on the specs the offset is optional for resume, but all the tested clients sets a right offset. If an invalid offset is given we interrupt the transfer with the error "Invalid write offset ..." See https://github.com/pkg/sftp/issues/295 This commit add a new upload mode: "atomic with resume support", this acts as atomic but if there is an upload error the temporary file is renamed to the requested path and not deleted, this way a client can reconnect and resume the upload
2019-10-09 15:33:30 +00:00
hash := ""
f, err := os.Open(path)
if err != nil {
return hash, err
}
defer f.Close()
sftpd: add support for some SSH commands md5sum, sha1sum are used by rclone. cd, pwd improve the support for RemoteFiles mobile app. These commands are all implemented inside SFTPGo so they work even if the matching system commands are not available, for example on Windows
2019-11-18 22:30:37 +00:00
_, err = io.Copy(hasher, f)
if err == nil {
hash = fmt.Sprintf("%x", hasher.Sum(nil))
sftpd: add support for upload resume we support resume only if the client sets the correct offset while resuming the upload. Based on the specs the offset is optional for resume, but all the tested clients sets a right offset. If an invalid offset is given we interrupt the transfer with the error "Invalid write offset ..." See https://github.com/pkg/sftp/issues/295 This commit add a new upload mode: "atomic with resume support", this acts as atomic but if there is an upload error the temporary file is renamed to the requested path and not deleted, this way a client can reconnect and resume the upload
2019-10-09 15:33:30 +00:00
}
return hash, err
}
atomic upload mode: remove temporary file on error If a transfer error is detected, then the partial temporary file will be removed and not renamed to requested path
2019-09-10 16:47:21 +00:00
func waitForNoActiveTransfer() {
for len(sftpd.GetConnectionsStats()) > 0 {
time.Sleep(100 * time.Millisecond)
}
}
add more test cases
2019-07-26 13:08:08 +00:00
func waitForActiveTransfer() {
stats := sftpd.GetConnectionsStats()
for len(stats) < 1 {
stats = sftpd.GetConnectionsStats()
}
activeTransferFound := false
for !activeTransferFound {
stats = sftpd.GetConnectionsStats()
if len(stats) == 0 {
break
}
for _, stat := range stats {
if len(stat.Transfers) > 0 {
activeTransferFound = true
}
}
}
}
add support for Git over SSH We use the system commands "git-receive-pack", "git-upload-pack" and "git-upload-archive". they need to be installed and in your system's PATH. Since we execute system commands we have no direct control on file creation/deletion and so quota check is suboptimal: if quota is enabled, the number of files is checked at the command begin and not while new files are created. The allowed size is calculated as the difference between the max quota and the used one. The command is aborted if it uploads more bytes than the remaining allowed size calculated at the command start. Quotas are recalculated at the command end with a full home directory scan, this could be heavy for big directories.
2019-11-26 21:26:42 +00:00
func waitQuotaScans() error {
time.Sleep(100 * time.Millisecond)
scans, _, err := httpd.GetQuotaScans(http.StatusOK)
if err != nil {
return err
}
for len(scans) > 0 {
time.Sleep(100 * time.Millisecond)
scans, _, err = httpd.GetQuotaScans(http.StatusOK)
if err != nil {
return err
}
}
return nil
}
func initGitRepo(path string) ([]byte, error) {
os.MkdirAll(path, 0777)
args := []string{"init", "--bare"}
cmd := exec.Command(gitPath, args...)
cmd.Dir = path
return cmd.CombinedOutput()
}
func pushToGitRepo(repoPath string) ([]byte, error) {
cmd := exec.Command(gitPath, "push")
cmd.Dir = repoPath
cmd.Env = append(os.Environ(),
fmt.Sprintf("GIT_SSH=%v", gitWrapPath))
return cmd.CombinedOutput()
}
func cloneGitRepo(basePath, remotePath, username string) ([]byte, error) {
remoteUrl := fmt.Sprintf("ssh://%v@127.0.0.1:2022%v", username, remotePath)
args := []string{"clone", remoteUrl}
cmd := exec.Command(gitPath, args...)
cmd.Dir = basePath
cmd.Env = append(os.Environ(),
fmt.Sprintf("GIT_SSH=%v", gitWrapPath))
return cmd.CombinedOutput()
}
func addFileToGitRepo(repoPath string, fileSize int64) ([]byte, error) {
path := filepath.Join(repoPath, "test")
err := createTestFile(path, fileSize)
if err != nil {
return []byte(""), err
}
cmd := exec.Command(gitPath, "config", "user.email", "testuser@example.com")
cmd.Dir = repoPath
out, err := cmd.CombinedOutput()
if err != nil {
return out, err
}
cmd = exec.Command(gitPath, "config", "user.name", "testuser")
cmd.Dir = repoPath
out, err = cmd.CombinedOutput()
if err != nil {
return out, err
}
cmd = exec.Command(gitPath, "add", "test")
cmd.Dir = repoPath
out, err = cmd.CombinedOutput()
if err != nil {
return out, err
}
cmd = exec.Command(gitPath, "commit", "-am", "test")
cmd.Dir = repoPath
return cmd.CombinedOutput()
}
sftpd test: add a debug log The git push test sometime fails when running on travis. The issue cannot be replicated locally so print the logs to try to understand what is happening
2019-12-29 22:27:32 +00:00
add support for keyboard interactive authentication Fixes #64
2020-01-21 09:54:05 +00:00
func getKeyboardInteractiveScriptContent(questions []string, sleepTime int, nonJsonResponse bool, result int) []byte {
content := []byte("#!/bin/sh\n\n")
q, _ := json.Marshal(questions)
echos := []bool{}
S3: fix quota update after an upload error S3 uploads are atomic, if the upload fails we have no partial file so we have to update the user quota only if the upload succeed
2020-01-23 09:19:56 +00:00
for index := range questions {
add support for keyboard interactive authentication Fixes #64
2020-01-21 09:54:05 +00:00
echos = append(echos, index%2 == 0)
}
e, _ := json.Marshal(echos)
if nonJsonResponse {
content = append(content, []byte(fmt.Sprintf("echo 'questions: %v echos: %v\n", string(q), string(e)))...)
} else {
content = append(content, []byte(fmt.Sprintf("echo '{\"questions\":%v,\"echos\":%v}'\n", string(q), string(e)))...)
}
S3: fix quota update after an upload error S3 uploads are atomic, if the upload fails we have no partial file so we have to update the user quota only if the upload succeed
2020-01-23 09:19:56 +00:00
for index := range questions {
add support for keyboard interactive authentication Fixes #64
2020-01-21 09:54:05 +00:00
content = append(content, []byte(fmt.Sprintf("read ANSWER%v\n", index))...)
}
if sleepTime > 0 {
content = append(content, []byte(fmt.Sprintf("sleep %v\n", sleepTime))...)
}
content = append(content, []byte(fmt.Sprintf("echo '{\"auth_result\":%v}'\n", result))...)
return content
}
add support for authentication using external programs Fixes #62
2020-01-06 20:42:41 +00:00
func getExtAuthScriptContent(user dataprovider.User, sleepTime int, nonJsonResponse bool) []byte {
extAuthContent := []byte("#!/bin/sh\n\n")
u, _ := json.Marshal(user)
extAuthContent = append(extAuthContent, []byte(fmt.Sprintf("if test \"$SFTPGO_AUTHD_USERNAME\" = \"%v\"; then\n", user.Username))...)
if nonJsonResponse {
extAuthContent = append(extAuthContent, []byte("echo 'text response'\n")...)
} else {
extAuthContent = append(extAuthContent, []byte(fmt.Sprintf("echo '%v'\n", string(u)))...)
}
extAuthContent = append(extAuthContent, []byte("else\n")...)
if nonJsonResponse {
extAuthContent = append(extAuthContent, []byte("echo 'text response'\n")...)
} else {
extAuthContent = append(extAuthContent, []byte("echo '{\"username\":\"\"}'\n")...)
}
extAuthContent = append(extAuthContent, []byte("fi\n")...)
if sleepTime > 0 {
extAuthContent = append(extAuthContent, []byte(fmt.Sprintf("sleep %v\n", sleepTime))...)
}
return extAuthContent
}
Rename before_login_program to pre_login_program and some documentation update
2020-02-25 15:07:38 +00:00
func getPreLoginScriptContent(user dataprovider.User, nonJsonResponse bool) []byte {
add support for dynamic users modifications A custom program can be executed before the users login to modify the configurations for the user trying to login. You can, for example, allow login based on time range. Fixes #77
2020-02-23 17:50:59 +00:00
content := []byte("#!/bin/sh\n\n")
if nonJsonResponse {
content = append(content, []byte("echo 'text response'\n")...)
return content
}
if len(user.Username) > 0 {
u, _ := json.Marshal(user)
content = append(content, []byte(fmt.Sprintf("echo '%v'\n", string(u)))...)
}
return content
}
sftpd test: add a debug log The git push test sometime fails when running on travis. The issue cannot be replicated locally so print the logs to try to understand what is happening
2019-12-29 22:27:32 +00:00
func printLatestLogs(maxNumberOfLines int) {
var lines []string
f, err := os.Open(logFilePath)
if err != nil {
return
}
defer f.Close()
scanner := bufio.NewScanner(f)
for scanner.Scan() {
lines = append(lines, scanner.Text()+"\r\n")
for len(lines) > maxNumberOfLines {
lines = lines[1:]
}
}
if scanner.Err() != nil {
logger.WarnToConsole("Unable to print latest logs: %v", scanner.Err())
return
}
for _, line := range lines {
logger.DebugToConsole(line)
}
}
Reference in a new issue Copy permalink