mirror of
https://github.com/drakkan/sftpgo.git
synced 2024-11-25 09:00:27 +00:00
sftpfs: try to detect if an SFTP user point to itself
this will cause an infinite loop on login. The check should be improved
This commit is contained in:
parent
e1c66d96a1
commit
3bfd7e4d17
2 changed files with 23 additions and 4 deletions
|
@ -1081,10 +1081,10 @@ func getVirtualFolderIfInvalid(folder *vfs.BaseVirtualFolder) *vfs.BaseVirtualFo
|
|||
return folder
|
||||
}
|
||||
|
||||
func hasSFTPLoopForFolder(user *User, folder *vfs.BaseVirtualFolder) bool {
|
||||
if folder.FsConfig.Provider == vfs.SFTPFilesystemProvider {
|
||||
func hasSFTPLoop(user *User, fs *vfs.Filesystem) bool {
|
||||
if fs.Provider == vfs.SFTPFilesystemProvider {
|
||||
// FIXME: this could be inaccurate, it is not easy to check the endpoint too
|
||||
if folder.FsConfig.SFTPConfig.Username == user.Username {
|
||||
if fs.SFTPConfig.Username == user.Username {
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
@ -1111,7 +1111,7 @@ func validateUserVirtualFolders(user *User) error {
|
|||
if err := ValidateFolder(folder); err != nil {
|
||||
return err
|
||||
}
|
||||
if hasSFTPLoopForFolder(user, folder) {
|
||||
if hasSFTPLoop(user, &folder.FsConfig) {
|
||||
return &ValidationError{err: fmt.Sprintf("SFTP folder %#v could point to the same SFTPGo account, this is not allowed",
|
||||
folder.Name)}
|
||||
}
|
||||
|
@ -1527,6 +1527,10 @@ func ValidateUser(user *User) error {
|
|||
if err := validateFilesystemConfig(&user.FsConfig, user); err != nil {
|
||||
return err
|
||||
}
|
||||
if hasSFTPLoop(user, &user.FsConfig) {
|
||||
return &ValidationError{err: fmt.Sprintf("SFTP fs for user %#v could point to the same SFTPGo account, this is not allowed",
|
||||
user.Username)}
|
||||
}
|
||||
if err := validateUserVirtualFolders(user); err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
|
@ -738,6 +738,21 @@ func TestUserRedactedPassword(t *testing.T) {
|
|||
assert.NoError(t, err)
|
||||
}
|
||||
|
||||
func TestSFTPSelf(t *testing.T) {
|
||||
u := getTestUser()
|
||||
u.FsConfig = vfs.Filesystem{
|
||||
Provider: vfs.SFTPFilesystemProvider,
|
||||
SFTPConfig: vfs.SFTPFsConfig{
|
||||
Endpoint: "localhost:2022",
|
||||
Username: defaultUsername,
|
||||
Password: kms.NewPlainSecret(defaultPassword),
|
||||
},
|
||||
}
|
||||
_, resp, err := httpdtest.AddUser(u, http.StatusBadRequest)
|
||||
assert.NoError(t, err, string(resp))
|
||||
assert.Contains(t, string(resp), "could point to the same SFTPGo account")
|
||||
}
|
||||
|
||||
func TestAddUserInvalidVirtualFolders(t *testing.T) {
|
||||
u := getTestUser()
|
||||
folderName := "fname"
|
||||
|
|
Loading…
Reference in a new issue