2019-07-20 10:26:52 +00:00
|
|
|
package dataprovider
|
|
|
|
|
|
|
|
import (
|
|
|
|
"encoding/json"
|
2019-10-07 16:19:01 +00:00
|
|
|
"fmt"
|
2019-07-20 10:26:52 +00:00
|
|
|
"path/filepath"
|
2019-10-07 16:19:01 +00:00
|
|
|
"strconv"
|
2019-07-20 10:26:52 +00:00
|
|
|
|
|
|
|
"github.com/drakkan/sftpgo/utils"
|
|
|
|
)
|
|
|
|
|
2019-07-30 18:51:29 +00:00
|
|
|
// Available permissions for SFTP users
|
2019-07-20 10:26:52 +00:00
|
|
|
const (
|
2019-07-30 18:51:29 +00:00
|
|
|
// All permissions are granted
|
|
|
|
PermAny = "*"
|
|
|
|
// List items such as files and directories is allowed
|
|
|
|
PermListItems = "list"
|
|
|
|
// download files is allowed
|
|
|
|
PermDownload = "download"
|
|
|
|
// upload files is allowed
|
|
|
|
PermUpload = "upload"
|
2019-09-17 06:53:45 +00:00
|
|
|
// overwrite an existing file, while uploading, is allowed
|
|
|
|
// upload permission is required to allow file overwrite
|
|
|
|
PermOverwrite = "overwrite"
|
2019-07-30 18:51:29 +00:00
|
|
|
// delete files or directories is allowed
|
|
|
|
PermDelete = "delete"
|
|
|
|
// rename files or directories is allowed
|
|
|
|
PermRename = "rename"
|
|
|
|
// create directories is allowed
|
|
|
|
PermCreateDirs = "create_dirs"
|
|
|
|
// create symbolic links is allowed
|
2019-07-20 10:26:52 +00:00
|
|
|
PermCreateSymlinks = "create_symlinks"
|
2019-11-15 11:15:07 +00:00
|
|
|
// changing file or directory permissions is allowed
|
|
|
|
PermChmod = "chmod"
|
|
|
|
// changing file or directory owner is allowed
|
|
|
|
PermChown = "chown"
|
2019-07-20 10:26:52 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
// User defines an SFTP user
|
|
|
|
type User struct {
|
2019-07-30 18:51:29 +00:00
|
|
|
// Database unique identifier
|
|
|
|
ID int64 `json:"id"`
|
2019-11-13 10:36:21 +00:00
|
|
|
// 1 enabled, 0 disabled (login is not allowed)
|
|
|
|
Status int `json:"status"`
|
2019-07-30 18:51:29 +00:00
|
|
|
// Username
|
|
|
|
Username string `json:"username"`
|
2019-11-13 10:36:21 +00:00
|
|
|
// Account expiration date as unix timestamp in milliseconds. An expired account cannot login.
|
|
|
|
// 0 means no expiration
|
|
|
|
ExpirationDate int64 `json:"expiration_date"`
|
2019-07-30 18:51:29 +00:00
|
|
|
// Password used for password authentication.
|
|
|
|
// For users created using SFTPGo REST API the password is be stored using argon2id hashing algo.
|
2019-11-13 10:36:21 +00:00
|
|
|
// Checking passwords stored with bcrypt, pbkdf2 and sha512crypt is supported too.
|
2019-07-30 18:51:29 +00:00
|
|
|
Password string `json:"password,omitempty"`
|
2019-08-07 21:41:10 +00:00
|
|
|
// PublicKeys used for public key authentication. At least one between password and a public key is mandatory
|
|
|
|
PublicKeys []string `json:"public_keys,omitempty"`
|
2019-07-30 18:51:29 +00:00
|
|
|
// The user cannot upload or download files outside this directory. Must be an absolute path
|
|
|
|
HomeDir string `json:"home_dir"`
|
|
|
|
// If sftpgo runs as root system user then the created files and directories will be assigned to this system UID
|
|
|
|
UID int `json:"uid"`
|
|
|
|
// If sftpgo runs as root system user then the created files and directories will be assigned to this system GID
|
|
|
|
GID int `json:"gid"`
|
|
|
|
// Maximum concurrent sessions. 0 means unlimited
|
|
|
|
MaxSessions int `json:"max_sessions"`
|
|
|
|
// Maximum size allowed as bytes. 0 means unlimited
|
|
|
|
QuotaSize int64 `json:"quota_size"`
|
|
|
|
// Maximum number of files allowed. 0 means unlimited
|
|
|
|
QuotaFiles int `json:"quota_files"`
|
|
|
|
// List of the granted permissions
|
|
|
|
Permissions []string `json:"permissions"`
|
|
|
|
// Used quota as bytes
|
|
|
|
UsedQuotaSize int64 `json:"used_quota_size"`
|
|
|
|
// Used quota as number of files
|
|
|
|
UsedQuotaFiles int `json:"used_quota_files"`
|
|
|
|
// Last quota update as unix timestamp in milliseconds
|
|
|
|
LastQuotaUpdate int64 `json:"last_quota_update"`
|
|
|
|
// Maximum upload bandwidth as KB/s, 0 means unlimited
|
|
|
|
UploadBandwidth int64 `json:"upload_bandwidth"`
|
|
|
|
// Maximum download bandwidth as KB/s, 0 means unlimited
|
|
|
|
DownloadBandwidth int64 `json:"download_bandwidth"`
|
2019-11-13 10:36:21 +00:00
|
|
|
// Last login as unix timestamp in milliseconds
|
|
|
|
LastLogin int64 `json:"last_login"`
|
2019-07-20 10:26:52 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// HasPerm returns true if the user has the given permission or any permission
|
|
|
|
func (u *User) HasPerm(permission string) bool {
|
|
|
|
if utils.IsStringInSlice(PermAny, u.Permissions) {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
return utils.IsStringInSlice(permission, u.Permissions)
|
|
|
|
}
|
|
|
|
|
2019-07-30 18:51:29 +00:00
|
|
|
// GetPermissionsAsJSON returns the permissions as json byte array
|
2019-07-20 10:26:52 +00:00
|
|
|
func (u *User) GetPermissionsAsJSON() ([]byte, error) {
|
|
|
|
return json.Marshal(u.Permissions)
|
|
|
|
}
|
|
|
|
|
2019-08-01 20:42:46 +00:00
|
|
|
// GetPublicKeysAsJSON returns the public keys as json byte array
|
|
|
|
func (u *User) GetPublicKeysAsJSON() ([]byte, error) {
|
2019-08-07 21:41:10 +00:00
|
|
|
return json.Marshal(u.PublicKeys)
|
2019-08-01 20:42:46 +00:00
|
|
|
}
|
|
|
|
|
2019-07-30 18:51:29 +00:00
|
|
|
// GetUID returns a validate uid, suitable for use with os.Chown
|
2019-07-20 10:26:52 +00:00
|
|
|
func (u *User) GetUID() int {
|
|
|
|
if u.UID <= 0 || u.UID > 65535 {
|
|
|
|
return -1
|
|
|
|
}
|
|
|
|
return u.UID
|
|
|
|
}
|
|
|
|
|
2019-07-30 18:51:29 +00:00
|
|
|
// GetGID returns a validate gid, suitable for use with os.Chown
|
2019-07-20 10:26:52 +00:00
|
|
|
func (u *User) GetGID() int {
|
|
|
|
if u.GID <= 0 || u.GID > 65535 {
|
|
|
|
return -1
|
|
|
|
}
|
|
|
|
return u.GID
|
|
|
|
}
|
|
|
|
|
2019-07-30 18:51:29 +00:00
|
|
|
// GetHomeDir returns the shortest path name equivalent to the user's home directory
|
2019-07-20 10:26:52 +00:00
|
|
|
func (u *User) GetHomeDir() string {
|
|
|
|
return filepath.Clean(u.HomeDir)
|
|
|
|
}
|
2019-07-28 20:04:50 +00:00
|
|
|
|
2019-07-30 18:51:29 +00:00
|
|
|
// HasQuotaRestrictions returns true if there is a quota restriction on number of files or size or both
|
2019-07-28 20:04:50 +00:00
|
|
|
func (u *User) HasQuotaRestrictions() bool {
|
|
|
|
return u.QuotaFiles > 0 || u.QuotaSize > 0
|
|
|
|
}
|
2019-08-08 17:33:16 +00:00
|
|
|
|
|
|
|
// GetRelativePath returns the path for a file relative to the user's home dir.
|
|
|
|
// This is the path as seen by SFTP users
|
|
|
|
func (u *User) GetRelativePath(path string) string {
|
|
|
|
rel, err := filepath.Rel(u.GetHomeDir(), path)
|
|
|
|
if err != nil {
|
|
|
|
return ""
|
|
|
|
}
|
|
|
|
return "/" + filepath.ToSlash(rel)
|
|
|
|
}
|
2019-10-07 16:19:01 +00:00
|
|
|
|
|
|
|
// GetQuotaSummary returns used quota and limits if defined
|
|
|
|
func (u *User) GetQuotaSummary() string {
|
|
|
|
var result string
|
|
|
|
result = "Files: " + strconv.Itoa(u.UsedQuotaFiles)
|
|
|
|
if u.QuotaFiles > 0 {
|
|
|
|
result += "/" + strconv.Itoa(u.QuotaFiles)
|
|
|
|
}
|
|
|
|
if u.UsedQuotaSize > 0 || u.QuotaSize > 0 {
|
|
|
|
result += ". Size: " + utils.ByteCountSI(u.UsedQuotaSize)
|
|
|
|
if u.QuotaSize > 0 {
|
|
|
|
result += "/" + utils.ByteCountSI(u.QuotaSize)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return result
|
|
|
|
}
|
|
|
|
|
|
|
|
// GetPermissionsAsString returns the user's permissions as comma separated string
|
|
|
|
func (u *User) GetPermissionsAsString() string {
|
|
|
|
var result string
|
|
|
|
for _, p := range u.Permissions {
|
|
|
|
if len(result) > 0 {
|
|
|
|
result += ", "
|
|
|
|
}
|
|
|
|
result += p
|
|
|
|
}
|
|
|
|
return result
|
|
|
|
}
|
|
|
|
|
|
|
|
// GetBandwidthAsString returns bandwidth limits if defines
|
|
|
|
func (u *User) GetBandwidthAsString() string {
|
|
|
|
result := "Download: "
|
|
|
|
if u.DownloadBandwidth > 0 {
|
|
|
|
result += utils.ByteCountSI(u.DownloadBandwidth*1000) + "/s."
|
|
|
|
} else {
|
|
|
|
result += "ulimited."
|
|
|
|
}
|
|
|
|
result += " Upload: "
|
|
|
|
if u.UploadBandwidth > 0 {
|
|
|
|
result += utils.ByteCountSI(u.UploadBandwidth*1000) + "/s."
|
|
|
|
} else {
|
|
|
|
result += "ulimited."
|
|
|
|
}
|
|
|
|
return result
|
|
|
|
}
|
|
|
|
|
|
|
|
// GetInfoString returns user's info as string.
|
|
|
|
// Number of public keys, max sessions, uid and gid are returned
|
|
|
|
func (u *User) GetInfoString() string {
|
|
|
|
var result string
|
2019-11-13 10:36:21 +00:00
|
|
|
if u.LastLogin > 0 {
|
|
|
|
t := utils.GetTimeFromMsecSinceEpoch(u.LastLogin)
|
|
|
|
result += fmt.Sprintf("Last login: %v ", t.Format("2006-01-02 15:04:05")) // YYYY-MM-DD HH:MM:SS
|
|
|
|
}
|
2019-10-07 16:19:01 +00:00
|
|
|
if len(u.PublicKeys) > 0 {
|
|
|
|
result += fmt.Sprintf("Public keys: %v ", len(u.PublicKeys))
|
|
|
|
}
|
|
|
|
if u.MaxSessions > 0 {
|
|
|
|
result += fmt.Sprintf("Max sessions: %v ", u.MaxSessions)
|
|
|
|
}
|
|
|
|
if u.UID > 0 {
|
|
|
|
result += fmt.Sprintf("UID: %v ", u.UID)
|
|
|
|
}
|
|
|
|
if u.GID > 0 {
|
|
|
|
result += fmt.Sprintf("GID: %v ", u.GID)
|
|
|
|
}
|
|
|
|
return result
|
|
|
|
}
|
2019-10-25 16:37:12 +00:00
|
|
|
|
2019-11-13 10:36:21 +00:00
|
|
|
// GetExpirationDateAsString returns expiration date formatted as YYYY-MM-DD
|
|
|
|
func (u *User) GetExpirationDateAsString() string {
|
|
|
|
if u.ExpirationDate > 0 {
|
|
|
|
t := utils.GetTimeFromMsecSinceEpoch(u.ExpirationDate)
|
|
|
|
return t.Format("2006-01-02")
|
|
|
|
}
|
|
|
|
return ""
|
|
|
|
}
|
|
|
|
|
2019-10-25 16:37:12 +00:00
|
|
|
func (u *User) getACopy() User {
|
|
|
|
pubKeys := make([]string, len(u.PublicKeys))
|
|
|
|
copy(pubKeys, u.PublicKeys)
|
|
|
|
permissions := make([]string, len(u.Permissions))
|
|
|
|
copy(permissions, u.Permissions)
|
|
|
|
return User{
|
|
|
|
ID: u.ID,
|
|
|
|
Username: u.Username,
|
|
|
|
Password: u.Password,
|
|
|
|
PublicKeys: pubKeys,
|
|
|
|
HomeDir: u.HomeDir,
|
|
|
|
UID: u.UID,
|
|
|
|
GID: u.GID,
|
|
|
|
MaxSessions: u.MaxSessions,
|
|
|
|
QuotaSize: u.QuotaSize,
|
|
|
|
QuotaFiles: u.QuotaFiles,
|
|
|
|
Permissions: permissions,
|
|
|
|
UsedQuotaSize: u.UsedQuotaSize,
|
|
|
|
UsedQuotaFiles: u.UsedQuotaFiles,
|
|
|
|
LastQuotaUpdate: u.LastQuotaUpdate,
|
|
|
|
UploadBandwidth: u.UploadBandwidth,
|
|
|
|
DownloadBandwidth: u.DownloadBandwidth,
|
2019-11-13 10:36:21 +00:00
|
|
|
Status: u.Status,
|
|
|
|
ExpirationDate: u.ExpirationDate,
|
|
|
|
LastLogin: u.LastLogin,
|
2019-10-25 16:37:12 +00:00
|
|
|
}
|
|
|
|
}
|
2019-11-14 10:06:03 +00:00
|
|
|
|
|
|
|
func (u *User) getNotificationFieldsAsSlice() []string {
|
|
|
|
return []string{u.Username,
|
|
|
|
strconv.FormatInt(u.ID, 10),
|
|
|
|
strconv.FormatInt(int64(u.Status), 10),
|
|
|
|
strconv.FormatInt(int64(u.ExpirationDate), 10),
|
|
|
|
u.HomeDir,
|
|
|
|
strconv.FormatInt(int64(u.UID), 10),
|
|
|
|
strconv.FormatInt(int64(u.GID), 10),
|
|
|
|
}
|
|
|
|
}
|