2024-01-01 10:31:45 +00:00
|
|
|
// Copyright (C) 2019 Nicola Murino
|
2022-07-17 18:16:00 +00:00
|
|
|
//
|
|
|
|
// This program is free software: you can redistribute it and/or modify
|
|
|
|
// it under the terms of the GNU Affero General Public License as published
|
|
|
|
// by the Free Software Foundation, version 3.
|
|
|
|
//
|
|
|
|
// This program is distributed in the hope that it will be useful,
|
|
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
// GNU Affero General Public License for more details.
|
|
|
|
//
|
|
|
|
// You should have received a copy of the GNU Affero General Public License
|
2023-01-03 09:18:30 +00:00
|
|
|
// along with this program. If not, see <https://www.gnu.org/licenses/>.
|
2022-07-17 18:16:00 +00:00
|
|
|
|
2019-07-20 10:26:52 +00:00
|
|
|
package sftpd
|
|
|
|
|
|
|
|
import (
|
|
|
|
"io"
|
|
|
|
"net"
|
|
|
|
"os"
|
2020-01-05 10:41:25 +00:00
|
|
|
"path"
|
2019-07-20 10:26:52 +00:00
|
|
|
"time"
|
|
|
|
|
2020-05-06 17:36:34 +00:00
|
|
|
"github.com/pkg/sftp"
|
2022-04-27 16:38:46 +00:00
|
|
|
"github.com/sftpgo/sdk"
|
2019-07-20 10:26:52 +00:00
|
|
|
|
2022-07-24 14:18:54 +00:00
|
|
|
"github.com/drakkan/sftpgo/v2/internal/common"
|
|
|
|
"github.com/drakkan/sftpgo/v2/internal/dataprovider"
|
|
|
|
"github.com/drakkan/sftpgo/v2/internal/logger"
|
|
|
|
"github.com/drakkan/sftpgo/v2/internal/util"
|
|
|
|
"github.com/drakkan/sftpgo/v2/internal/vfs"
|
2019-07-20 10:26:52 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
// Connection details for an authenticated user
|
|
|
|
type Connection struct {
|
2020-07-24 21:39:38 +00:00
|
|
|
*common.BaseConnection
|
2019-07-30 18:51:29 +00:00
|
|
|
// client's version string
|
2019-07-20 10:26:52 +00:00
|
|
|
ClientVersion string
|
2019-07-30 18:51:29 +00:00
|
|
|
// Remote address for this connection
|
2024-07-22 17:21:26 +00:00
|
|
|
RemoteAddr net.Addr
|
|
|
|
LocalAddr net.Addr
|
|
|
|
channel io.ReadWriteCloser
|
|
|
|
command string
|
2019-07-20 10:26:52 +00:00
|
|
|
}
|
|
|
|
|
2020-07-24 21:39:38 +00:00
|
|
|
// GetClientVersion returns the connected client's version
|
|
|
|
func (c *Connection) GetClientVersion() string {
|
|
|
|
return c.ClientVersion
|
|
|
|
}
|
|
|
|
|
2021-07-24 18:11:17 +00:00
|
|
|
// GetLocalAddress returns local connection address
|
|
|
|
func (c *Connection) GetLocalAddress() string {
|
|
|
|
if c.LocalAddr == nil {
|
|
|
|
return ""
|
|
|
|
}
|
|
|
|
return c.LocalAddr.String()
|
|
|
|
}
|
|
|
|
|
|
|
|
// GetRemoteAddress returns the connected client's address
|
2020-07-24 21:39:38 +00:00
|
|
|
func (c *Connection) GetRemoteAddress() string {
|
2021-06-01 20:28:43 +00:00
|
|
|
if c.RemoteAddr == nil {
|
|
|
|
return ""
|
|
|
|
}
|
2020-07-24 21:39:38 +00:00
|
|
|
return c.RemoteAddr.String()
|
|
|
|
}
|
|
|
|
|
|
|
|
// GetCommand returns the SSH command, if any
|
|
|
|
func (c *Connection) GetCommand() string {
|
|
|
|
return c.command
|
2019-09-06 09:23:06 +00:00
|
|
|
}
|
|
|
|
|
2019-07-20 10:26:52 +00:00
|
|
|
// Fileread creates a reader for a file on the system and returns the reader back.
|
2020-07-24 21:39:38 +00:00
|
|
|
func (c *Connection) Fileread(request *sftp.Request) (io.ReaderAt, error) {
|
|
|
|
c.UpdateLastActivity()
|
2019-07-20 10:26:52 +00:00
|
|
|
|
2020-01-05 10:41:25 +00:00
|
|
|
if !c.User.HasPerm(dataprovider.PermDownload, path.Dir(request.Filepath)) {
|
|
|
|
return nil, sftp.ErrSSHFxPermissionDenied
|
|
|
|
}
|
2022-01-30 10:42:36 +00:00
|
|
|
transferQuota := c.GetTransferQuota()
|
|
|
|
if !transferQuota.HasDownloadSpace() {
|
|
|
|
c.Log(logger.LevelInfo, "denying file read due to quota limits")
|
|
|
|
return nil, c.GetReadQuotaExceededError()
|
|
|
|
}
|
2020-01-05 10:41:25 +00:00
|
|
|
|
2022-01-15 16:16:49 +00:00
|
|
|
if ok, policy := c.User.IsFileAllowed(request.Filepath); !ok {
|
2023-02-09 08:33:33 +00:00
|
|
|
c.Log(logger.LevelWarn, "reading file %q is not allowed", request.Filepath)
|
2022-01-15 16:16:49 +00:00
|
|
|
return nil, c.GetErrorForDeniedFile(policy)
|
2020-03-01 21:10:29 +00:00
|
|
|
}
|
|
|
|
|
2021-03-21 18:15:47 +00:00
|
|
|
fs, p, err := c.GetFsAndResolvedPath(request.Filepath)
|
2019-07-20 10:26:52 +00:00
|
|
|
if err != nil {
|
2021-03-21 18:15:47 +00:00
|
|
|
return nil, err
|
2019-07-20 10:26:52 +00:00
|
|
|
}
|
|
|
|
|
2023-01-02 14:59:00 +00:00
|
|
|
if _, err := common.ExecutePreAction(c.BaseConnection, common.OperationPreDownload, p, request.Filepath, 0, 0); err != nil {
|
2023-02-09 08:33:33 +00:00
|
|
|
c.Log(logger.LevelDebug, "download for file %q denied by pre action: %v", request.Filepath, err)
|
2021-05-26 05:48:37 +00:00
|
|
|
return nil, c.GetPermissionDeniedError()
|
|
|
|
}
|
|
|
|
|
2021-03-21 18:15:47 +00:00
|
|
|
file, r, cancelFn, err := fs.Open(p, 0)
|
2019-07-20 10:26:52 +00:00
|
|
|
if err != nil {
|
2023-02-09 08:33:33 +00:00
|
|
|
c.Log(logger.LevelError, "could not open file %q for reading: %+v", p, err)
|
2021-03-21 18:15:47 +00:00
|
|
|
return nil, c.GetFsError(fs, err)
|
2020-07-24 21:39:38 +00:00
|
|
|
}
|
|
|
|
|
2021-05-31 19:45:29 +00:00
|
|
|
baseTransfer := common.NewBaseTransfer(file, c.BaseConnection, cancelFn, p, p, request.Filepath, common.TransferDownload,
|
2022-01-30 10:42:36 +00:00
|
|
|
0, 0, 0, 0, false, fs, transferQuota)
|
2020-08-31 04:45:22 +00:00
|
|
|
t := newTransfer(baseTransfer, nil, r, nil)
|
2020-07-24 21:39:38 +00:00
|
|
|
|
|
|
|
return t, nil
|
2019-07-20 10:26:52 +00:00
|
|
|
}
|
|
|
|
|
2020-08-31 04:45:22 +00:00
|
|
|
// OpenFile implements OpenFileWriter interface
|
|
|
|
func (c *Connection) OpenFile(request *sftp.Request) (sftp.WriterAtReaderAt, error) {
|
|
|
|
return c.handleFilewrite(request)
|
|
|
|
}
|
|
|
|
|
2019-07-20 10:26:52 +00:00
|
|
|
// Filewrite handles the write actions for a file on the system.
|
2020-07-24 21:39:38 +00:00
|
|
|
func (c *Connection) Filewrite(request *sftp.Request) (io.WriterAt, error) {
|
2020-08-31 04:45:22 +00:00
|
|
|
return c.handleFilewrite(request)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c *Connection) handleFilewrite(request *sftp.Request) (sftp.WriterAtReaderAt, error) {
|
2020-07-24 21:39:38 +00:00
|
|
|
c.UpdateLastActivity()
|
2020-03-01 21:10:29 +00:00
|
|
|
|
2022-01-15 16:16:49 +00:00
|
|
|
if ok, _ := c.User.IsFileAllowed(request.Filepath); !ok {
|
2023-02-09 08:33:33 +00:00
|
|
|
c.Log(logger.LevelWarn, "writing file %q is not allowed", request.Filepath)
|
2022-01-15 16:16:49 +00:00
|
|
|
return nil, c.GetPermissionDeniedError()
|
2020-03-01 21:10:29 +00:00
|
|
|
}
|
|
|
|
|
2021-03-21 18:15:47 +00:00
|
|
|
fs, p, err := c.GetFsAndResolvedPath(request.Filepath)
|
2019-07-20 10:26:52 +00:00
|
|
|
if err != nil {
|
2021-03-21 18:15:47 +00:00
|
|
|
return nil, err
|
2019-07-20 10:26:52 +00:00
|
|
|
}
|
|
|
|
|
2019-08-04 07:37:58 +00:00
|
|
|
filePath := p
|
2021-03-21 18:15:47 +00:00
|
|
|
if common.Config.IsAtomicUploadEnabled() && fs.IsAtomicUploadSupported() {
|
|
|
|
filePath = fs.GetAtomicUploadPath(p)
|
2019-08-04 07:37:58 +00:00
|
|
|
}
|
|
|
|
|
2020-08-31 04:45:22 +00:00
|
|
|
var errForRead error
|
2021-04-03 14:00:55 +00:00
|
|
|
if !vfs.HasOpenRWSupport(fs) && request.Pflags().Read {
|
2020-08-31 04:45:22 +00:00
|
|
|
// read and write mode is only supported for local filesystem
|
|
|
|
errForRead = sftp.ErrSSHFxOpUnsupported
|
|
|
|
}
|
|
|
|
if !c.User.HasPerm(dataprovider.PermDownload, path.Dir(request.Filepath)) {
|
|
|
|
// we can try to read only for local fs here, see above.
|
|
|
|
// os.ErrPermission will become sftp.ErrSSHFxPermissionDenied when sent to
|
|
|
|
// the client
|
|
|
|
errForRead = os.ErrPermission
|
|
|
|
}
|
|
|
|
|
2021-03-21 18:15:47 +00:00
|
|
|
stat, statErr := fs.Lstat(p)
|
|
|
|
if (statErr == nil && stat.Mode()&os.ModeSymlink != 0) || fs.IsNotExist(statErr) {
|
2020-01-05 10:41:25 +00:00
|
|
|
if !c.User.HasPerm(dataprovider.PermUpload, path.Dir(request.Filepath)) {
|
2019-12-25 17:20:19 +00:00
|
|
|
return nil, sftp.ErrSSHFxPermissionDenied
|
|
|
|
}
|
2022-02-16 15:05:56 +00:00
|
|
|
return c.handleSFTPUploadToNewFile(fs, request.Pflags(), p, filePath, request.Filepath, errForRead)
|
2019-07-20 10:26:52 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if statErr != nil {
|
2023-02-09 08:33:33 +00:00
|
|
|
c.Log(logger.LevelError, "error performing file stat %q: %+v", p, statErr)
|
2021-03-21 18:15:47 +00:00
|
|
|
return nil, c.GetFsError(fs, statErr)
|
2019-07-20 10:26:52 +00:00
|
|
|
}
|
|
|
|
|
2019-08-04 07:37:58 +00:00
|
|
|
// This happen if we upload a file that has the same name of an existing directory
|
2019-07-20 10:26:52 +00:00
|
|
|
if stat.IsDir() {
|
2023-02-09 08:33:33 +00:00
|
|
|
c.Log(logger.LevelError, "attempted to open a directory for writing to: %q", p)
|
2019-10-14 20:44:57 +00:00
|
|
|
return nil, sftp.ErrSSHFxOpUnsupported
|
2019-07-20 10:26:52 +00:00
|
|
|
}
|
|
|
|
|
2020-01-05 10:41:25 +00:00
|
|
|
if !c.User.HasPerm(dataprovider.PermOverwrite, path.Dir(request.Filepath)) {
|
2019-10-14 20:44:57 +00:00
|
|
|
return nil, sftp.ErrSSHFxPermissionDenied
|
2019-09-17 06:53:45 +00:00
|
|
|
}
|
|
|
|
|
2021-03-21 18:15:47 +00:00
|
|
|
return c.handleSFTPUploadToExistingFile(fs, request.Pflags(), p, filePath, stat.Size(), request.Filepath, errForRead)
|
2019-07-20 10:26:52 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// Filecmd hander for basic SFTP system calls related to files, but not anything to do with reading
|
|
|
|
// or writing to those files.
|
2020-07-24 21:39:38 +00:00
|
|
|
func (c *Connection) Filecmd(request *sftp.Request) error {
|
|
|
|
c.UpdateLastActivity()
|
2019-07-20 10:26:52 +00:00
|
|
|
|
|
|
|
switch request.Method {
|
|
|
|
case "Setstat":
|
2021-03-21 18:15:47 +00:00
|
|
|
return c.handleSFTPSetstat(request)
|
2019-07-20 10:26:52 +00:00
|
|
|
case "Rename":
|
2021-03-21 18:15:47 +00:00
|
|
|
if err := c.Rename(request.Filepath, request.Target); err != nil {
|
2019-07-20 22:19:17 +00:00
|
|
|
return err
|
2019-07-20 10:26:52 +00:00
|
|
|
}
|
|
|
|
case "Rmdir":
|
2021-03-21 18:15:47 +00:00
|
|
|
return c.RemoveDir(request.Filepath)
|
2019-07-20 10:26:52 +00:00
|
|
|
case "Mkdir":
|
2022-01-15 16:16:49 +00:00
|
|
|
err := c.CreateDir(request.Filepath, true)
|
2019-07-20 10:26:52 +00:00
|
|
|
if err != nil {
|
2019-07-20 22:19:17 +00:00
|
|
|
return err
|
2019-07-20 10:26:52 +00:00
|
|
|
}
|
|
|
|
case "Symlink":
|
2021-03-21 18:15:47 +00:00
|
|
|
if err := c.CreateSymlink(request.Filepath, request.Target); err != nil {
|
2019-07-20 22:19:17 +00:00
|
|
|
return err
|
2019-07-20 10:26:52 +00:00
|
|
|
}
|
|
|
|
case "Remove":
|
2021-03-21 18:15:47 +00:00
|
|
|
return c.handleSFTPRemove(request)
|
2019-07-20 10:26:52 +00:00
|
|
|
default:
|
2019-10-14 20:44:57 +00:00
|
|
|
return sftp.ErrSSHFxOpUnsupported
|
2019-07-20 10:26:52 +00:00
|
|
|
}
|
|
|
|
|
2019-10-14 20:44:57 +00:00
|
|
|
return sftp.ErrSSHFxOk
|
2019-07-20 10:26:52 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// Filelist is the handler for SFTP filesystem list calls. This will handle calls to list the contents of
|
|
|
|
// a directory as well as perform file/folder stat calls.
|
2020-07-24 21:39:38 +00:00
|
|
|
func (c *Connection) Filelist(request *sftp.Request) (sftp.ListerAt, error) {
|
|
|
|
c.UpdateLastActivity()
|
2019-07-20 10:26:52 +00:00
|
|
|
|
|
|
|
switch request.Method {
|
|
|
|
case "List":
|
2024-02-15 19:53:56 +00:00
|
|
|
lister, err := c.ListDir(request.Filepath)
|
2019-11-15 11:15:07 +00:00
|
|
|
if err != nil {
|
2020-07-24 21:39:38 +00:00
|
|
|
return nil, err
|
2019-07-20 10:26:52 +00:00
|
|
|
}
|
2022-08-16 15:59:13 +00:00
|
|
|
modTime := time.Unix(0, 0)
|
2024-07-22 17:21:26 +00:00
|
|
|
if request.Filepath != "/" {
|
2024-02-15 19:53:56 +00:00
|
|
|
lister.Add(vfs.NewFileInfo("..", true, 0, modTime, false))
|
2021-07-31 07:42:23 +00:00
|
|
|
}
|
2024-02-15 19:53:56 +00:00
|
|
|
lister.Add(vfs.NewFileInfo(".", true, 0, modTime, false))
|
|
|
|
return lister, nil
|
2019-07-20 10:26:52 +00:00
|
|
|
case "Stat":
|
2020-01-05 10:41:25 +00:00
|
|
|
if !c.User.HasPerm(dataprovider.PermListItems, path.Dir(request.Filepath)) {
|
2019-10-14 20:44:57 +00:00
|
|
|
return nil, sftp.ErrSSHFxPermissionDenied
|
2019-07-20 10:26:52 +00:00
|
|
|
}
|
|
|
|
|
2022-01-15 16:16:49 +00:00
|
|
|
s, err := c.DoStat(request.Filepath, 0, true)
|
2019-11-15 11:15:07 +00:00
|
|
|
if err != nil {
|
2021-03-21 18:15:47 +00:00
|
|
|
return nil, err
|
2019-07-20 10:26:52 +00:00
|
|
|
}
|
|
|
|
|
2019-07-30 18:51:29 +00:00
|
|
|
return listerAt([]os.FileInfo{s}), nil
|
2022-10-16 16:29:42 +00:00
|
|
|
default:
|
|
|
|
return nil, sftp.ErrSSHFxOpUnsupported
|
|
|
|
}
|
|
|
|
}
|
2020-08-22 12:52:17 +00:00
|
|
|
|
2022-10-16 16:29:42 +00:00
|
|
|
// Readlink implements the ReadlinkFileLister interface
|
|
|
|
func (c *Connection) Readlink(filePath string) (string, error) {
|
|
|
|
if err := c.canReadLink(filePath); err != nil {
|
|
|
|
return "", err
|
|
|
|
}
|
2021-03-21 18:15:47 +00:00
|
|
|
|
2022-10-16 16:29:42 +00:00
|
|
|
fs, p, err := c.GetFsAndResolvedPath(filePath)
|
|
|
|
if err != nil {
|
|
|
|
return "", err
|
|
|
|
}
|
2020-08-22 12:52:17 +00:00
|
|
|
|
2022-10-16 16:29:42 +00:00
|
|
|
s, err := fs.Readlink(p)
|
|
|
|
if err != nil {
|
2023-02-09 08:33:33 +00:00
|
|
|
c.Log(logger.LevelDebug, "error running readlink on path %q: %+v", p, err)
|
2022-10-16 16:29:42 +00:00
|
|
|
return "", c.GetFsError(fs, err)
|
|
|
|
}
|
2020-08-22 12:52:17 +00:00
|
|
|
|
2022-10-16 16:29:42 +00:00
|
|
|
if err := c.canReadLink(s); err != nil {
|
|
|
|
return "", err
|
2019-07-20 10:26:52 +00:00
|
|
|
}
|
2022-10-16 16:29:42 +00:00
|
|
|
return s, nil
|
2019-07-20 10:26:52 +00:00
|
|
|
}
|
|
|
|
|
2020-09-11 07:30:25 +00:00
|
|
|
// Lstat implements LstatFileLister interface
|
|
|
|
func (c *Connection) Lstat(request *sftp.Request) (sftp.ListerAt, error) {
|
|
|
|
c.UpdateLastActivity()
|
|
|
|
|
|
|
|
if !c.User.HasPerm(dataprovider.PermListItems, path.Dir(request.Filepath)) {
|
|
|
|
return nil, sftp.ErrSSHFxPermissionDenied
|
|
|
|
}
|
|
|
|
|
2022-01-15 16:16:49 +00:00
|
|
|
s, err := c.DoStat(request.Filepath, 1, true)
|
2020-09-11 07:30:25 +00:00
|
|
|
if err != nil {
|
2021-03-21 18:15:47 +00:00
|
|
|
return nil, err
|
2020-09-11 07:30:25 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return listerAt([]os.FileInfo{s}), nil
|
|
|
|
}
|
|
|
|
|
2022-07-17 14:02:45 +00:00
|
|
|
// RealPath implements the RealPathFileLister interface
|
|
|
|
func (c *Connection) RealPath(p string) (string, error) {
|
|
|
|
if !c.User.HasPerm(dataprovider.PermListItems, path.Dir(p)) {
|
|
|
|
return "", sftp.ErrSSHFxPermissionDenied
|
|
|
|
}
|
|
|
|
|
|
|
|
if c.User.Filters.StartDirectory == "" {
|
|
|
|
p = util.CleanPath(p)
|
|
|
|
} else {
|
|
|
|
p = util.CleanPathWithBase(c.User.Filters.StartDirectory, p)
|
|
|
|
}
|
|
|
|
fs, fsPath, err := c.GetFsAndResolvedPath(p)
|
|
|
|
if err != nil {
|
|
|
|
return "", err
|
|
|
|
}
|
|
|
|
if realPather, ok := fs.(vfs.FsRealPather); ok {
|
|
|
|
realPath, err := realPather.RealPath(fsPath)
|
|
|
|
if err != nil {
|
|
|
|
return "", c.GetFsError(fs, err)
|
|
|
|
}
|
|
|
|
return realPath, nil
|
|
|
|
}
|
|
|
|
return p, nil
|
|
|
|
}
|
|
|
|
|
2021-02-11 18:45:52 +00:00
|
|
|
// StatVFS implements StatVFSFileCmder interface
|
|
|
|
func (c *Connection) StatVFS(r *sftp.Request) (*sftp.StatVFS, error) {
|
|
|
|
c.UpdateLastActivity()
|
|
|
|
|
|
|
|
// we are assuming that r.Filepath is a dir, this could be wrong but should
|
|
|
|
// not produce any side effect here.
|
|
|
|
// we don't consider c.User.Filters.MaxUploadFileSize, we return disk stats here
|
|
|
|
// not the limit for a single file upload
|
2022-01-30 10:42:36 +00:00
|
|
|
quotaResult, _ := c.HasSpace(true, true, path.Join(r.Filepath, "fakefile.txt"))
|
2021-02-11 18:45:52 +00:00
|
|
|
|
2021-03-21 18:15:47 +00:00
|
|
|
fs, p, err := c.GetFsAndResolvedPath(r.Filepath)
|
2021-02-11 18:45:52 +00:00
|
|
|
if err != nil {
|
2021-03-21 18:15:47 +00:00
|
|
|
return nil, err
|
2021-02-11 18:45:52 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if !quotaResult.HasSpace {
|
2022-05-14 12:53:26 +00:00
|
|
|
return c.getStatVFSFromQuotaResult(fs, p, quotaResult)
|
2021-02-11 18:45:52 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if quotaResult.QuotaSize == 0 && quotaResult.QuotaFiles == 0 {
|
|
|
|
// no quota restrictions
|
2021-03-21 18:15:47 +00:00
|
|
|
statvfs, err := fs.GetAvailableDiskSize(p)
|
2021-02-11 18:45:52 +00:00
|
|
|
if err == vfs.ErrStorageSizeUnavailable {
|
2022-05-14 12:53:26 +00:00
|
|
|
return c.getStatVFSFromQuotaResult(fs, p, quotaResult)
|
2021-02-11 18:45:52 +00:00
|
|
|
}
|
|
|
|
return statvfs, err
|
|
|
|
}
|
|
|
|
|
|
|
|
// there is free space but some limits are configured
|
2022-05-14 12:53:26 +00:00
|
|
|
return c.getStatVFSFromQuotaResult(fs, p, quotaResult)
|
2019-07-20 22:19:17 +00:00
|
|
|
}
|
|
|
|
|
2022-04-27 16:38:46 +00:00
|
|
|
func (c *Connection) canReadLink(name string) error {
|
|
|
|
if !c.User.HasPerm(dataprovider.PermListItems, path.Dir(name)) {
|
|
|
|
return sftp.ErrSSHFxPermissionDenied
|
|
|
|
}
|
|
|
|
ok, policy := c.User.IsFileAllowed(name)
|
|
|
|
if !ok && policy == sdk.DenyPolicyHide {
|
|
|
|
return sftp.ErrSSHFxNoSuchFile
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2021-03-21 18:15:47 +00:00
|
|
|
func (c *Connection) handleSFTPSetstat(request *sftp.Request) error {
|
2020-07-24 21:39:38 +00:00
|
|
|
attrs := common.StatAttributes{
|
|
|
|
Flags: 0,
|
2019-12-25 17:20:19 +00:00
|
|
|
}
|
2024-02-17 19:08:07 +00:00
|
|
|
if request.Attributes() != nil {
|
|
|
|
if request.AttrFlags().Permissions {
|
|
|
|
attrs.Flags |= common.StatAttrPerms
|
|
|
|
attrs.Mode = request.Attributes().FileMode()
|
|
|
|
}
|
|
|
|
if request.AttrFlags().UidGid {
|
|
|
|
attrs.Flags |= common.StatAttrUIDGID
|
|
|
|
attrs.UID = int(request.Attributes().UID)
|
|
|
|
attrs.GID = int(request.Attributes().GID)
|
|
|
|
}
|
|
|
|
if request.AttrFlags().Acmodtime {
|
|
|
|
attrs.Flags |= common.StatAttrTimes
|
|
|
|
attrs.Atime = time.Unix(int64(request.Attributes().Atime), 0)
|
|
|
|
attrs.Mtime = time.Unix(int64(request.Attributes().Mtime), 0)
|
|
|
|
}
|
|
|
|
if request.AttrFlags().Size {
|
|
|
|
attrs.Flags |= common.StatAttrSize
|
|
|
|
attrs.Size = int64(request.Attributes().Size)
|
|
|
|
}
|
2020-08-20 11:54:36 +00:00
|
|
|
}
|
2019-07-20 22:19:17 +00:00
|
|
|
|
2021-03-21 18:15:47 +00:00
|
|
|
return c.SetStat(request.Filepath, &attrs)
|
2019-07-20 22:19:17 +00:00
|
|
|
}
|
|
|
|
|
2021-03-21 18:15:47 +00:00
|
|
|
func (c *Connection) handleSFTPRemove(request *sftp.Request) error {
|
|
|
|
fs, fsPath, err := c.GetFsAndResolvedPath(request.Filepath)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2019-07-20 22:19:17 +00:00
|
|
|
var fi os.FileInfo
|
2021-03-21 18:15:47 +00:00
|
|
|
if fi, err = fs.Lstat(fsPath); err != nil {
|
2023-02-09 08:33:33 +00:00
|
|
|
c.Log(logger.LevelDebug, "failed to remove file %q: stat error: %+v", fsPath, err)
|
2021-03-21 18:15:47 +00:00
|
|
|
return c.GetFsError(fs, err)
|
2019-07-20 22:19:17 +00:00
|
|
|
}
|
2020-11-17 18:36:39 +00:00
|
|
|
if fi.IsDir() && fi.Mode()&os.ModeSymlink == 0 {
|
2023-02-09 08:33:33 +00:00
|
|
|
c.Log(logger.LevelDebug, "cannot remove %q is not a file/symlink", fsPath)
|
2019-10-16 05:48:22 +00:00
|
|
|
return sftp.ErrSSHFxFailure
|
|
|
|
}
|
2020-03-01 21:10:29 +00:00
|
|
|
|
2021-03-21 18:15:47 +00:00
|
|
|
return c.RemoveFile(fs, fsPath, request.Filepath, fi)
|
2019-07-20 22:19:17 +00:00
|
|
|
}
|
|
|
|
|
2022-02-16 15:05:56 +00:00
|
|
|
func (c *Connection) handleSFTPUploadToNewFile(fs vfs.Fs, pflags sftp.FileOpenFlags, resolvedPath, filePath, requestPath string, errForRead error) (sftp.WriterAtReaderAt, error) {
|
2022-01-30 10:42:36 +00:00
|
|
|
diskQuota, transferQuota := c.HasSpace(true, false, requestPath)
|
|
|
|
if !diskQuota.HasSpace || !transferQuota.HasUploadSpace() {
|
2020-07-24 21:39:38 +00:00
|
|
|
c.Log(logger.LevelInfo, "denying file write due to quota limits")
|
2021-08-08 17:30:21 +00:00
|
|
|
return nil, c.GetQuotaExceededError()
|
2019-08-04 07:37:58 +00:00
|
|
|
}
|
|
|
|
|
2023-01-02 14:59:00 +00:00
|
|
|
if _, err := common.ExecutePreAction(c.BaseConnection, common.OperationPreUpload, resolvedPath, requestPath, 0, 0); err != nil {
|
2023-02-09 08:33:33 +00:00
|
|
|
c.Log(logger.LevelDebug, "upload for file %q denied by pre action: %v", requestPath, err)
|
2021-05-26 05:48:37 +00:00
|
|
|
return nil, c.GetPermissionDeniedError()
|
|
|
|
}
|
|
|
|
|
2022-02-16 15:05:56 +00:00
|
|
|
osFlags := getOSOpenFlags(pflags)
|
2023-10-22 14:09:30 +00:00
|
|
|
file, w, cancelFn, err := fs.Create(filePath, osFlags, c.GetCreateChecks(requestPath, true, false))
|
2019-08-04 07:37:58 +00:00
|
|
|
if err != nil {
|
2023-02-09 08:33:33 +00:00
|
|
|
c.Log(logger.LevelError, "error creating file %q, os flags %d, pflags %+v: %+v", resolvedPath, osFlags, pflags, err)
|
2021-03-21 18:15:47 +00:00
|
|
|
return nil, c.GetFsError(fs, err)
|
2020-07-24 21:39:38 +00:00
|
|
|
}
|
|
|
|
|
2021-03-21 18:15:47 +00:00
|
|
|
vfs.SetPathPermissions(fs, filePath, c.User.GetUID(), c.User.GetGID())
|
2020-07-24 21:39:38 +00:00
|
|
|
|
2020-08-16 18:17:02 +00:00
|
|
|
// we can get an error only for resume
|
2022-01-30 10:42:36 +00:00
|
|
|
maxWriteSize, _ := c.GetMaxWriteSize(diskQuota, false, 0, fs.IsUploadResumeSupported())
|
2020-08-16 18:17:02 +00:00
|
|
|
|
2021-05-31 19:45:29 +00:00
|
|
|
baseTransfer := common.NewBaseTransfer(file, c.BaseConnection, cancelFn, resolvedPath, filePath, requestPath,
|
2022-01-30 10:42:36 +00:00
|
|
|
common.TransferUpload, 0, 0, maxWriteSize, 0, true, fs, transferQuota)
|
2020-08-31 04:45:22 +00:00
|
|
|
t := newTransfer(baseTransfer, w, nil, errForRead)
|
2020-07-24 21:39:38 +00:00
|
|
|
|
|
|
|
return t, nil
|
2019-08-04 07:37:58 +00:00
|
|
|
}
|
|
|
|
|
2021-03-21 18:15:47 +00:00
|
|
|
func (c *Connection) handleSFTPUploadToExistingFile(fs vfs.Fs, pflags sftp.FileOpenFlags, resolvedPath, filePath string,
|
2020-08-31 04:45:22 +00:00
|
|
|
fileSize int64, requestPath string, errForRead error) (sftp.WriterAtReaderAt, error) {
|
2019-08-04 07:37:58 +00:00
|
|
|
var err error
|
2022-01-30 10:42:36 +00:00
|
|
|
diskQuota, transferQuota := c.HasSpace(false, false, requestPath)
|
|
|
|
if !diskQuota.HasSpace || !transferQuota.HasUploadSpace() {
|
2020-07-24 21:39:38 +00:00
|
|
|
c.Log(logger.LevelInfo, "denying file write due to quota limits")
|
2021-08-08 17:30:21 +00:00
|
|
|
return nil, c.GetQuotaExceededError()
|
2019-08-04 07:37:58 +00:00
|
|
|
}
|
|
|
|
|
2021-05-31 20:40:47 +00:00
|
|
|
osFlags := getOSOpenFlags(pflags)
|
2019-10-09 15:33:30 +00:00
|
|
|
minWriteOffset := int64(0)
|
2020-08-22 08:12:00 +00:00
|
|
|
isTruncate := osFlags&os.O_TRUNC != 0
|
2021-05-15 06:39:01 +00:00
|
|
|
// for upload resumes OpenSSH sets the APPEND flag while WinSCP does not set it,
|
|
|
|
// so we suppose this is an upload resume if the TRUNCATE flag is not set
|
|
|
|
isResume := !isTruncate
|
2020-08-22 08:12:00 +00:00
|
|
|
// if there is a size limit the remaining size cannot be 0 here, since quotaResult.HasSpace
|
|
|
|
// will return false in this case and we deny the upload before.
|
|
|
|
// For Cloud FS GetMaxWriteSize will return unsupported operation
|
2023-10-22 14:09:30 +00:00
|
|
|
maxWriteSize, err := c.GetMaxWriteSize(diskQuota, isResume, fileSize, vfs.IsUploadResumeSupported(fs, fileSize))
|
2020-08-16 18:17:02 +00:00
|
|
|
if err != nil {
|
2023-10-17 16:06:52 +00:00
|
|
|
c.Log(logger.LevelDebug, "unable to get max write size for file %q is resume? %t: %v",
|
|
|
|
requestPath, isResume, err)
|
2020-08-16 18:17:02 +00:00
|
|
|
return nil, err
|
2020-01-19 06:41:05 +00:00
|
|
|
}
|
|
|
|
|
2023-01-02 14:59:00 +00:00
|
|
|
if _, err := common.ExecutePreAction(c.BaseConnection, common.OperationPreUpload, resolvedPath, requestPath, fileSize, osFlags); err != nil {
|
2023-02-09 08:33:33 +00:00
|
|
|
c.Log(logger.LevelDebug, "upload for file %q denied by pre action: %v", requestPath, err)
|
2021-05-31 20:40:47 +00:00
|
|
|
return nil, c.GetPermissionDeniedError()
|
|
|
|
}
|
|
|
|
|
2021-03-21 18:15:47 +00:00
|
|
|
if common.Config.IsAtomicUploadEnabled() && fs.IsAtomicUploadSupported() {
|
2023-01-06 11:33:50 +00:00
|
|
|
_, _, err = fs.Rename(resolvedPath, filePath)
|
2019-08-04 07:37:58 +00:00
|
|
|
if err != nil {
|
2023-02-09 08:33:33 +00:00
|
|
|
c.Log(logger.LevelError, "error renaming existing file for atomic upload, source: %q, dest: %q, err: %+v",
|
2020-06-07 21:30:18 +00:00
|
|
|
resolvedPath, filePath, err)
|
2021-03-21 18:15:47 +00:00
|
|
|
return nil, c.GetFsError(fs, err)
|
2019-08-04 07:37:58 +00:00
|
|
|
}
|
|
|
|
}
|
2020-01-19 06:41:05 +00:00
|
|
|
|
2023-10-22 14:09:30 +00:00
|
|
|
file, w, cancelFn, err := fs.Create(filePath, osFlags, c.GetCreateChecks(requestPath, false, isResume))
|
2019-08-04 07:37:58 +00:00
|
|
|
if err != nil {
|
2023-02-09 08:33:33 +00:00
|
|
|
c.Log(logger.LevelError, "error opening existing file, os flags %v, pflags: %+v, source: %q, err: %+v",
|
2022-02-17 17:22:27 +00:00
|
|
|
osFlags, pflags, filePath, err)
|
2021-03-21 18:15:47 +00:00
|
|
|
return nil, c.GetFsError(fs, err)
|
2019-08-04 07:37:58 +00:00
|
|
|
}
|
|
|
|
|
2020-01-23 09:19:56 +00:00
|
|
|
initialSize := int64(0)
|
2022-01-20 17:19:20 +00:00
|
|
|
truncatedSize := int64(0) // bytes truncated and not included in quota
|
2020-08-16 18:17:02 +00:00
|
|
|
if isResume {
|
2023-02-09 08:33:33 +00:00
|
|
|
c.Log(logger.LevelDebug, "resuming upload requested, file path %q initial size: %d, has append flag %t",
|
2021-05-15 06:39:01 +00:00
|
|
|
filePath, fileSize, pflags.Append)
|
2023-10-22 14:09:30 +00:00
|
|
|
// enforce min write offset only if the client passed the APPEND flag or the filesystem
|
|
|
|
// supports emulated resume
|
|
|
|
if pflags.Append || !fs.IsUploadResumeSupported() {
|
2021-05-15 06:39:01 +00:00
|
|
|
minWriteOffset = fileSize
|
|
|
|
}
|
2020-08-22 08:12:00 +00:00
|
|
|
initialSize = fileSize
|
2019-10-09 15:33:30 +00:00
|
|
|
} else {
|
2022-06-11 08:41:34 +00:00
|
|
|
if isTruncate && vfs.HasTruncateSupport(fs) {
|
2023-10-22 14:09:30 +00:00
|
|
|
c.updateQuotaAfterTruncate(requestPath, fileSize)
|
2020-01-23 09:19:56 +00:00
|
|
|
} else {
|
|
|
|
initialSize = fileSize
|
2022-01-20 17:19:20 +00:00
|
|
|
truncatedSize = fileSize
|
2020-01-23 09:19:56 +00:00
|
|
|
}
|
2019-10-09 15:33:30 +00:00
|
|
|
}
|
2019-08-04 07:37:58 +00:00
|
|
|
|
2021-03-21 18:15:47 +00:00
|
|
|
vfs.SetPathPermissions(fs, filePath, c.User.GetUID(), c.User.GetGID())
|
2020-06-07 21:30:18 +00:00
|
|
|
|
2021-05-31 19:45:29 +00:00
|
|
|
baseTransfer := common.NewBaseTransfer(file, c.BaseConnection, cancelFn, resolvedPath, filePath, requestPath,
|
2022-01-30 10:42:36 +00:00
|
|
|
common.TransferUpload, minWriteOffset, initialSize, maxWriteSize, truncatedSize, false, fs, transferQuota)
|
2020-08-31 04:45:22 +00:00
|
|
|
t := newTransfer(baseTransfer, w, nil, errForRead)
|
2020-06-16 20:49:18 +00:00
|
|
|
|
2020-07-24 21:39:38 +00:00
|
|
|
return t, nil
|
2019-07-20 10:26:52 +00:00
|
|
|
}
|
|
|
|
|
2022-04-14 17:07:41 +00:00
|
|
|
// Disconnect disconnects the client by closing the channel
|
2020-07-24 21:39:38 +00:00
|
|
|
func (c *Connection) Disconnect() error {
|
2022-04-14 17:07:41 +00:00
|
|
|
if c.channel == nil {
|
|
|
|
c.Log(logger.LevelWarn, "cannot disconnect a nil channel")
|
|
|
|
return nil
|
|
|
|
}
|
2020-09-18 08:52:53 +00:00
|
|
|
return c.channel.Close()
|
2019-09-11 10:46:21 +00:00
|
|
|
}
|
|
|
|
|
2022-05-14 12:53:26 +00:00
|
|
|
func (c *Connection) getStatVFSFromQuotaResult(fs vfs.Fs, name string, quotaResult vfs.QuotaCheckResult) (*sftp.StatVFS, error) {
|
|
|
|
s, err := fs.GetAvailableDiskSize(name)
|
|
|
|
if err == nil {
|
|
|
|
if quotaResult.QuotaSize == 0 || quotaResult.QuotaSize > int64(s.TotalSpace()) {
|
|
|
|
quotaResult.QuotaSize = int64(s.TotalSpace())
|
|
|
|
}
|
|
|
|
if quotaResult.QuotaFiles == 0 || quotaResult.QuotaFiles > int(s.Files) {
|
|
|
|
quotaResult.QuotaFiles = int(s.Files)
|
2021-02-11 18:45:52 +00:00
|
|
|
}
|
2022-05-14 12:53:26 +00:00
|
|
|
} else if err != vfs.ErrStorageSizeUnavailable {
|
|
|
|
return nil, err
|
2021-02-11 18:45:52 +00:00
|
|
|
}
|
|
|
|
// if we are unable to get quota size or quota files we add some arbitrary values
|
|
|
|
if quotaResult.QuotaSize == 0 {
|
|
|
|
quotaResult.QuotaSize = quotaResult.UsedSize + 8*1024*1024*1024*1024 // 8TB
|
|
|
|
}
|
|
|
|
if quotaResult.QuotaFiles == 0 {
|
|
|
|
quotaResult.QuotaFiles = quotaResult.UsedFiles + 1000000 // 1 million
|
|
|
|
}
|
|
|
|
|
|
|
|
bsize := uint64(4096)
|
|
|
|
for bsize > uint64(quotaResult.QuotaSize) {
|
2021-02-16 18:11:36 +00:00
|
|
|
bsize /= 4
|
2021-02-11 18:45:52 +00:00
|
|
|
}
|
|
|
|
blocks := uint64(quotaResult.QuotaSize) / bsize
|
|
|
|
bfree := uint64(quotaResult.QuotaSize-quotaResult.UsedSize) / bsize
|
|
|
|
files := uint64(quotaResult.QuotaFiles)
|
|
|
|
ffree := uint64(quotaResult.QuotaFiles - quotaResult.UsedFiles)
|
|
|
|
if !quotaResult.HasSpace {
|
|
|
|
bfree = 0
|
|
|
|
ffree = 0
|
|
|
|
}
|
|
|
|
|
|
|
|
return &sftp.StatVFS{
|
|
|
|
Bsize: bsize,
|
|
|
|
Frsize: bsize,
|
|
|
|
Blocks: blocks,
|
|
|
|
Bfree: bfree,
|
|
|
|
Bavail: bfree,
|
|
|
|
Files: files,
|
|
|
|
Ffree: ffree,
|
|
|
|
Favail: ffree,
|
|
|
|
Namemax: 255,
|
2022-05-14 12:53:26 +00:00
|
|
|
}, nil
|
2021-02-11 18:45:52 +00:00
|
|
|
}
|
|
|
|
|
2023-10-22 14:09:30 +00:00
|
|
|
func (c *Connection) updateQuotaAfterTruncate(requestPath string, fileSize int64) {
|
|
|
|
vfolder, err := c.User.GetVirtualFolderForPath(path.Dir(requestPath))
|
|
|
|
if err == nil {
|
|
|
|
dataprovider.UpdateVirtualFolderQuota(&vfolder.BaseVirtualFolder, 0, -fileSize, false) //nolint:errcheck
|
|
|
|
if vfolder.IsIncludedInUserQuota() {
|
|
|
|
dataprovider.UpdateUserQuota(&c.User, 0, -fileSize, false) //nolint:errcheck
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
dataprovider.UpdateUserQuota(&c.User, 0, -fileSize, false) //nolint:errcheck
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-08-04 09:02:38 +00:00
|
|
|
func getOSOpenFlags(requestFlags sftp.FileOpenFlags) (flags int) {
|
2019-07-20 22:19:17 +00:00
|
|
|
var osFlags int
|
|
|
|
if requestFlags.Read && requestFlags.Write {
|
|
|
|
osFlags |= os.O_RDWR
|
|
|
|
} else if requestFlags.Write {
|
|
|
|
osFlags |= os.O_WRONLY
|
|
|
|
}
|
2019-10-09 15:33:30 +00:00
|
|
|
// we ignore Append flag since pkg/sftp use WriteAt that cannot work with os.O_APPEND
|
|
|
|
/*if requestFlags.Append {
|
2019-07-20 22:19:17 +00:00
|
|
|
osFlags |= os.O_APPEND
|
2019-10-09 15:33:30 +00:00
|
|
|
}*/
|
2019-07-20 22:19:17 +00:00
|
|
|
if requestFlags.Creat {
|
|
|
|
osFlags |= os.O_CREATE
|
|
|
|
}
|
|
|
|
if requestFlags.Trunc {
|
|
|
|
osFlags |= os.O_TRUNC
|
|
|
|
}
|
|
|
|
if requestFlags.Excl {
|
|
|
|
osFlags |= os.O_EXCL
|
|
|
|
}
|
2019-08-04 09:02:38 +00:00
|
|
|
return osFlags
|
2019-07-20 22:19:17 +00:00
|
|
|
}
|