2019-07-20 10:26:52 +00:00
|
|
|
package sftpd
|
|
|
|
|
|
|
|
import (
|
|
|
|
"fmt"
|
|
|
|
"io"
|
|
|
|
"io/ioutil"
|
|
|
|
"net"
|
|
|
|
"os"
|
|
|
|
"path/filepath"
|
|
|
|
"strings"
|
|
|
|
"sync"
|
|
|
|
"time"
|
|
|
|
|
|
|
|
"github.com/drakkan/sftpgo/utils"
|
2019-08-04 07:37:58 +00:00
|
|
|
"github.com/rs/xid"
|
2019-07-20 10:26:52 +00:00
|
|
|
|
|
|
|
"github.com/drakkan/sftpgo/dataprovider"
|
|
|
|
"github.com/drakkan/sftpgo/logger"
|
|
|
|
"golang.org/x/crypto/ssh"
|
|
|
|
|
|
|
|
"github.com/pkg/sftp"
|
|
|
|
)
|
|
|
|
|
|
|
|
// Connection details for an authenticated user
|
|
|
|
type Connection struct {
|
2019-07-30 18:51:29 +00:00
|
|
|
// Unique identifier for the connection
|
|
|
|
ID string
|
|
|
|
// logged in user's details
|
|
|
|
User dataprovider.User
|
|
|
|
// client's version string
|
2019-07-20 10:26:52 +00:00
|
|
|
ClientVersion string
|
2019-07-30 18:51:29 +00:00
|
|
|
// Remote address for this connection
|
|
|
|
RemoteAddr net.Addr
|
|
|
|
// start time for this connection
|
|
|
|
StartTime time.Time
|
|
|
|
// last activity for this connection
|
|
|
|
lastActivity time.Time
|
2019-08-24 12:41:15 +00:00
|
|
|
protocol string
|
2019-07-30 18:51:29 +00:00
|
|
|
lock *sync.Mutex
|
|
|
|
sshConn *ssh.ServerConn
|
2019-07-20 10:26:52 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// Fileread creates a reader for a file on the system and returns the reader back.
|
|
|
|
func (c Connection) Fileread(request *sftp.Request) (io.ReaderAt, error) {
|
|
|
|
updateConnectionActivity(c.ID)
|
|
|
|
|
|
|
|
if !c.User.HasPerm(dataprovider.PermDownload) {
|
|
|
|
return nil, sftp.ErrSshFxPermissionDenied
|
|
|
|
}
|
|
|
|
|
|
|
|
p, err := c.buildPath(request.Filepath)
|
|
|
|
if err != nil {
|
|
|
|
return nil, sftp.ErrSshFxNoSuchFile
|
|
|
|
}
|
|
|
|
|
|
|
|
c.lock.Lock()
|
|
|
|
defer c.lock.Unlock()
|
|
|
|
|
|
|
|
if _, err := os.Stat(p); os.IsNotExist(err) {
|
|
|
|
return nil, sftp.ErrSshFxNoSuchFile
|
|
|
|
}
|
|
|
|
|
|
|
|
file, err := os.Open(p)
|
|
|
|
if err != nil {
|
2019-09-05 14:21:35 +00:00
|
|
|
logger.Error(logSender, c.ID, "could not open file %#v for reading: %v", p, err)
|
2019-07-20 10:26:52 +00:00
|
|
|
return nil, sftp.ErrSshFxFailure
|
|
|
|
}
|
|
|
|
|
2019-09-05 14:46:50 +00:00
|
|
|
logger.Debug(logSender, c.ID, "fileread requested for path: %#v", p)
|
2019-07-20 10:26:52 +00:00
|
|
|
|
|
|
|
transfer := Transfer{
|
|
|
|
file: file,
|
|
|
|
path: p,
|
|
|
|
start: time.Now(),
|
|
|
|
bytesSent: 0,
|
|
|
|
bytesReceived: 0,
|
|
|
|
user: c.User,
|
|
|
|
connectionID: c.ID,
|
|
|
|
transferType: transferDownload,
|
2019-08-02 13:49:51 +00:00
|
|
|
lastActivity: time.Now(),
|
2019-07-20 10:26:52 +00:00
|
|
|
isNewFile: false,
|
2019-08-24 12:41:15 +00:00
|
|
|
protocol: c.protocol,
|
2019-07-20 10:26:52 +00:00
|
|
|
}
|
|
|
|
addTransfer(&transfer)
|
|
|
|
return &transfer, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// Filewrite handles the write actions for a file on the system.
|
|
|
|
func (c Connection) Filewrite(request *sftp.Request) (io.WriterAt, error) {
|
|
|
|
updateConnectionActivity(c.ID)
|
|
|
|
if !c.User.HasPerm(dataprovider.PermUpload) {
|
|
|
|
return nil, sftp.ErrSshFxPermissionDenied
|
|
|
|
}
|
|
|
|
|
|
|
|
p, err := c.buildPath(request.Filepath)
|
|
|
|
if err != nil {
|
|
|
|
return nil, sftp.ErrSshFxNoSuchFile
|
|
|
|
}
|
|
|
|
|
2019-08-04 07:37:58 +00:00
|
|
|
filePath := p
|
|
|
|
if uploadMode == uploadModeAtomic {
|
|
|
|
filePath = getUploadTempFilePath(p)
|
|
|
|
}
|
|
|
|
|
2019-07-20 10:26:52 +00:00
|
|
|
c.lock.Lock()
|
|
|
|
defer c.lock.Unlock()
|
|
|
|
|
|
|
|
stat, statErr := os.Stat(p)
|
|
|
|
// If the file doesn't exist we need to create it, as well as the directory pathway
|
|
|
|
// leading up to where that file will be created.
|
|
|
|
if os.IsNotExist(statErr) {
|
2019-08-04 07:37:58 +00:00
|
|
|
return c.handleSFTPUploadToNewFile(p, filePath)
|
2019-07-20 10:26:52 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if statErr != nil {
|
2019-09-05 14:21:35 +00:00
|
|
|
logger.Error(logSender, c.ID, "error performing file stat %#v: %v", p, statErr)
|
2019-07-20 10:26:52 +00:00
|
|
|
return nil, sftp.ErrSshFxFailure
|
|
|
|
}
|
|
|
|
|
2019-08-04 07:37:58 +00:00
|
|
|
// This happen if we upload a file that has the same name of an existing directory
|
2019-07-20 10:26:52 +00:00
|
|
|
if stat.IsDir() {
|
2019-09-05 14:21:35 +00:00
|
|
|
logger.Warn(logSender, c.ID, "attempted to open a directory for writing to: %#v", p)
|
2019-07-20 10:26:52 +00:00
|
|
|
return nil, sftp.ErrSshFxOpUnsupported
|
|
|
|
}
|
|
|
|
|
2019-08-04 07:37:58 +00:00
|
|
|
return c.handleSFTPUploadToExistingFile(request.Pflags(), p, filePath, stat.Size())
|
2019-07-20 10:26:52 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// Filecmd hander for basic SFTP system calls related to files, but not anything to do with reading
|
|
|
|
// or writing to those files.
|
|
|
|
func (c Connection) Filecmd(request *sftp.Request) error {
|
|
|
|
updateConnectionActivity(c.ID)
|
|
|
|
|
|
|
|
p, err := c.buildPath(request.Filepath)
|
|
|
|
if err != nil {
|
|
|
|
return sftp.ErrSshFxNoSuchFile
|
|
|
|
}
|
|
|
|
|
2019-07-20 22:19:17 +00:00
|
|
|
target, err := c.getSFTPCmdTargetPath(request.Target)
|
|
|
|
if err != nil {
|
|
|
|
return sftp.ErrSshFxOpUnsupported
|
2019-07-20 10:26:52 +00:00
|
|
|
}
|
|
|
|
|
2019-09-05 14:46:50 +00:00
|
|
|
logger.Debug(logSender, c.ID, "new cmd, method: %v, sourcePath: %#v, targetPath: %#v", request.Method,
|
2019-07-20 22:19:17 +00:00
|
|
|
p, target)
|
2019-07-20 10:26:52 +00:00
|
|
|
|
|
|
|
switch request.Method {
|
|
|
|
case "Setstat":
|
|
|
|
return nil
|
|
|
|
case "Rename":
|
2019-07-20 22:19:17 +00:00
|
|
|
err = c.handleSFTPRename(p, target)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
2019-07-20 10:26:52 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
break
|
|
|
|
case "Rmdir":
|
2019-07-20 22:19:17 +00:00
|
|
|
return c.handleSFTPRmdir(p)
|
2019-07-20 10:26:52 +00:00
|
|
|
|
|
|
|
case "Mkdir":
|
2019-07-20 22:19:17 +00:00
|
|
|
err = c.handleSFTPMkdir(p)
|
2019-07-20 10:26:52 +00:00
|
|
|
if err != nil {
|
2019-07-20 22:19:17 +00:00
|
|
|
return err
|
2019-07-20 10:26:52 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
break
|
|
|
|
case "Symlink":
|
2019-07-20 22:19:17 +00:00
|
|
|
err = c.handleSFTPSymlink(p, target)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
2019-07-20 10:26:52 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
break
|
|
|
|
case "Remove":
|
2019-07-20 22:19:17 +00:00
|
|
|
return c.handleSFTPRemove(p)
|
2019-07-20 10:26:52 +00:00
|
|
|
|
|
|
|
default:
|
|
|
|
return sftp.ErrSshFxOpUnsupported
|
|
|
|
}
|
|
|
|
|
|
|
|
var fileLocation = p
|
|
|
|
if target != "" {
|
|
|
|
fileLocation = target
|
|
|
|
}
|
|
|
|
|
2019-07-20 22:19:17 +00:00
|
|
|
// we return if we remove a file or a dir so source path or target path always exists here
|
2019-07-20 10:26:52 +00:00
|
|
|
utils.SetPathPermissions(fileLocation, c.User.GetUID(), c.User.GetGID())
|
|
|
|
|
|
|
|
return sftp.ErrSshFxOk
|
|
|
|
}
|
|
|
|
|
|
|
|
// Filelist is the handler for SFTP filesystem list calls. This will handle calls to list the contents of
|
|
|
|
// a directory as well as perform file/folder stat calls.
|
|
|
|
func (c Connection) Filelist(request *sftp.Request) (sftp.ListerAt, error) {
|
|
|
|
updateConnectionActivity(c.ID)
|
|
|
|
p, err := c.buildPath(request.Filepath)
|
|
|
|
if err != nil {
|
|
|
|
return nil, sftp.ErrSshFxNoSuchFile
|
|
|
|
}
|
|
|
|
|
|
|
|
switch request.Method {
|
|
|
|
case "List":
|
|
|
|
if !c.User.HasPerm(dataprovider.PermListItems) {
|
|
|
|
return nil, sftp.ErrSshFxPermissionDenied
|
|
|
|
}
|
|
|
|
|
2019-09-05 14:46:50 +00:00
|
|
|
logger.Debug(logSender, c.ID, "requested list file for dir: %#v", p)
|
2019-07-20 10:26:52 +00:00
|
|
|
|
|
|
|
files, err := ioutil.ReadDir(p)
|
|
|
|
if err != nil {
|
2019-09-05 14:21:35 +00:00
|
|
|
logger.Error(logSender, c.ID, "error listing directory: %#v", err)
|
2019-07-20 10:26:52 +00:00
|
|
|
return nil, sftp.ErrSshFxFailure
|
|
|
|
}
|
|
|
|
|
2019-07-30 18:51:29 +00:00
|
|
|
return listerAt(files), nil
|
2019-07-20 10:26:52 +00:00
|
|
|
case "Stat":
|
|
|
|
if !c.User.HasPerm(dataprovider.PermListItems) {
|
|
|
|
return nil, sftp.ErrSshFxPermissionDenied
|
|
|
|
}
|
|
|
|
|
2019-09-05 14:46:50 +00:00
|
|
|
logger.Debug(logSender, c.ID, "requested stat for file: %#v", p)
|
2019-07-20 10:26:52 +00:00
|
|
|
s, err := os.Stat(p)
|
|
|
|
if os.IsNotExist(err) {
|
|
|
|
return nil, sftp.ErrSshFxNoSuchFile
|
|
|
|
} else if err != nil {
|
2019-09-05 14:21:35 +00:00
|
|
|
logger.Error(logSender, c.ID, "error running STAT on file: %#v", err)
|
2019-07-20 10:26:52 +00:00
|
|
|
return nil, sftp.ErrSshFxFailure
|
|
|
|
}
|
|
|
|
|
2019-07-30 18:51:29 +00:00
|
|
|
return listerAt([]os.FileInfo{s}), nil
|
2019-07-20 10:26:52 +00:00
|
|
|
default:
|
|
|
|
return nil, sftp.ErrSshFxOpUnsupported
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-07-20 22:19:17 +00:00
|
|
|
func (c Connection) getSFTPCmdTargetPath(requestTarget string) (string, error) {
|
|
|
|
var target string
|
|
|
|
// If a target is provided in this request validate that it is going to the correct
|
|
|
|
// location for the server. If it is not, return an operation unsupported error. This
|
|
|
|
// is maybe not the best error response, but its not wrong either.
|
|
|
|
if requestTarget != "" {
|
|
|
|
var err error
|
|
|
|
target, err = c.buildPath(requestTarget)
|
|
|
|
if err != nil {
|
|
|
|
return target, sftp.ErrSshFxOpUnsupported
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return target, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c Connection) handleSFTPRename(sourcePath string, targetPath string) error {
|
|
|
|
if !c.User.HasPerm(dataprovider.PermRename) {
|
|
|
|
return sftp.ErrSshFxPermissionDenied
|
|
|
|
}
|
|
|
|
if err := os.Rename(sourcePath, targetPath); err != nil {
|
2019-09-05 14:21:35 +00:00
|
|
|
logger.Error(logSender, c.ID, "failed to rename file, source: %#v target: %#v: %v", sourcePath, targetPath, err)
|
2019-07-20 22:19:17 +00:00
|
|
|
return sftp.ErrSshFxFailure
|
|
|
|
}
|
2019-08-24 12:41:15 +00:00
|
|
|
logger.CommandLog(renameLogSender, sourcePath, targetPath, c.User.Username, c.ID, c.protocol)
|
2019-07-27 07:38:09 +00:00
|
|
|
executeAction(operationRename, c.User.Username, sourcePath, targetPath)
|
2019-07-20 22:19:17 +00:00
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c Connection) handleSFTPRmdir(path string) error {
|
|
|
|
if !c.User.HasPerm(dataprovider.PermDelete) {
|
|
|
|
return sftp.ErrSshFxPermissionDenied
|
|
|
|
}
|
|
|
|
|
2019-07-27 07:38:09 +00:00
|
|
|
numFiles, size, fileList, err := utils.ScanDirContents(path)
|
2019-07-20 22:19:17 +00:00
|
|
|
if err != nil {
|
2019-09-05 14:21:35 +00:00
|
|
|
logger.Error(logSender, c.ID, "failed to remove directory %#v, scanning error: %v", path, err)
|
2019-07-20 22:19:17 +00:00
|
|
|
return sftp.ErrSshFxFailure
|
|
|
|
}
|
|
|
|
if err := os.RemoveAll(path); err != nil {
|
2019-09-05 14:21:35 +00:00
|
|
|
logger.Error(logSender, c.ID, "failed to remove directory %#v: %v", path, err)
|
2019-07-20 22:19:17 +00:00
|
|
|
return sftp.ErrSshFxFailure
|
|
|
|
}
|
|
|
|
|
2019-08-24 12:41:15 +00:00
|
|
|
logger.CommandLog(rmdirLogSender, path, "", c.User.Username, c.ID, c.protocol)
|
2019-07-28 20:04:50 +00:00
|
|
|
dataprovider.UpdateUserQuota(dataProvider, c.User, -numFiles, -size, false)
|
2019-07-27 07:38:09 +00:00
|
|
|
for _, p := range fileList {
|
|
|
|
executeAction(operationDelete, c.User.Username, p, "")
|
|
|
|
}
|
2019-07-20 22:19:17 +00:00
|
|
|
return sftp.ErrSshFxOk
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c Connection) handleSFTPSymlink(sourcePath string, targetPath string) error {
|
|
|
|
if !c.User.HasPerm(dataprovider.PermCreateSymlinks) {
|
|
|
|
return sftp.ErrSshFxPermissionDenied
|
|
|
|
}
|
|
|
|
if err := os.Symlink(sourcePath, targetPath); err != nil {
|
2019-09-05 14:21:35 +00:00
|
|
|
logger.Warn(logSender, c.ID, "failed to create symlink %#v -> %#v: %v", sourcePath, targetPath, err)
|
2019-07-20 22:19:17 +00:00
|
|
|
return sftp.ErrSshFxFailure
|
|
|
|
}
|
|
|
|
|
2019-08-24 12:41:15 +00:00
|
|
|
logger.CommandLog(symlinkLogSender, sourcePath, targetPath, c.User.Username, c.ID, c.protocol)
|
2019-07-20 22:19:17 +00:00
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c Connection) handleSFTPMkdir(path string) error {
|
|
|
|
if !c.User.HasPerm(dataprovider.PermCreateDirs) {
|
|
|
|
return sftp.ErrSshFxPermissionDenied
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := c.createMissingDirs(filepath.Join(path, "testfile")); err != nil {
|
2019-09-05 14:21:35 +00:00
|
|
|
logger.Error(logSender, c.ID, "error making missing dir for path %#v: %v", path, err)
|
2019-07-20 22:19:17 +00:00
|
|
|
return sftp.ErrSshFxFailure
|
|
|
|
}
|
2019-08-24 12:41:15 +00:00
|
|
|
logger.CommandLog(mkdirLogSender, path, "", c.User.Username, c.ID, c.protocol)
|
2019-07-20 22:19:17 +00:00
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c Connection) handleSFTPRemove(path string) error {
|
|
|
|
if !c.User.HasPerm(dataprovider.PermDelete) {
|
|
|
|
return sftp.ErrSshFxPermissionDenied
|
|
|
|
}
|
|
|
|
|
|
|
|
var size int64
|
|
|
|
var fi os.FileInfo
|
|
|
|
var err error
|
|
|
|
if fi, err = os.Lstat(path); err != nil {
|
2019-09-05 14:21:35 +00:00
|
|
|
logger.Error(logSender, c.ID, "failed to remove a file %#v: stat error: %v", path, err)
|
2019-07-20 22:19:17 +00:00
|
|
|
return sftp.ErrSshFxFailure
|
|
|
|
}
|
|
|
|
size = fi.Size()
|
|
|
|
if err := os.Remove(path); err != nil {
|
2019-09-05 14:21:35 +00:00
|
|
|
logger.Error(logSender, c.ID, "failed to remove a file/symlink %#v: %v", path, err)
|
2019-07-20 22:19:17 +00:00
|
|
|
return sftp.ErrSshFxFailure
|
|
|
|
}
|
|
|
|
|
2019-08-24 12:41:15 +00:00
|
|
|
logger.CommandLog(removeLogSender, path, "", c.User.Username, c.ID, c.protocol)
|
2019-07-20 22:19:17 +00:00
|
|
|
if fi.Mode()&os.ModeSymlink != os.ModeSymlink {
|
2019-07-28 20:04:50 +00:00
|
|
|
dataprovider.UpdateUserQuota(dataProvider, c.User, -1, -size, false)
|
2019-07-20 22:19:17 +00:00
|
|
|
}
|
2019-07-27 07:38:09 +00:00
|
|
|
executeAction(operationDelete, c.User.Username, path, "")
|
2019-07-20 22:19:17 +00:00
|
|
|
|
|
|
|
return sftp.ErrSshFxOk
|
|
|
|
}
|
|
|
|
|
2019-08-04 07:37:58 +00:00
|
|
|
func (c Connection) handleSFTPUploadToNewFile(requestPath, filePath string) (io.WriterAt, error) {
|
|
|
|
if !c.hasSpace(true) {
|
2019-09-05 14:21:35 +00:00
|
|
|
logger.Info(logSender, c.ID, "denying file write due to space limit")
|
2019-08-04 07:37:58 +00:00
|
|
|
return nil, sftp.ErrSshFxFailure
|
|
|
|
}
|
|
|
|
|
|
|
|
if _, err := os.Stat(filepath.Dir(requestPath)); os.IsNotExist(err) {
|
|
|
|
if !c.User.HasPerm(dataprovider.PermCreateDirs) {
|
|
|
|
return nil, sftp.ErrSshFxPermissionDenied
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
err := c.createMissingDirs(requestPath)
|
|
|
|
if err != nil {
|
2019-09-05 14:21:35 +00:00
|
|
|
logger.Error(logSender, c.ID, "error making missing dir for path %#v: %v", requestPath, err)
|
2019-08-04 07:37:58 +00:00
|
|
|
return nil, sftp.ErrSshFxFailure
|
|
|
|
}
|
|
|
|
|
|
|
|
file, err := os.Create(filePath)
|
|
|
|
if err != nil {
|
2019-09-05 14:21:35 +00:00
|
|
|
logger.Error(logSender, c.ID, "error creating file %#v: %v", requestPath, err)
|
2019-08-04 07:37:58 +00:00
|
|
|
return nil, sftp.ErrSshFxFailure
|
|
|
|
}
|
|
|
|
|
|
|
|
utils.SetPathPermissions(filePath, c.User.GetUID(), c.User.GetGID())
|
|
|
|
|
|
|
|
transfer := Transfer{
|
|
|
|
file: file,
|
|
|
|
path: requestPath,
|
|
|
|
start: time.Now(),
|
|
|
|
bytesSent: 0,
|
|
|
|
bytesReceived: 0,
|
|
|
|
user: c.User,
|
|
|
|
connectionID: c.ID,
|
|
|
|
transferType: transferUpload,
|
|
|
|
lastActivity: time.Now(),
|
|
|
|
isNewFile: true,
|
2019-08-24 12:41:15 +00:00
|
|
|
protocol: c.protocol,
|
2019-08-04 07:37:58 +00:00
|
|
|
}
|
|
|
|
addTransfer(&transfer)
|
|
|
|
return &transfer, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c Connection) handleSFTPUploadToExistingFile(pflags sftp.FileOpenFlags, requestPath, filePath string,
|
|
|
|
fileSize int64) (io.WriterAt, error) {
|
|
|
|
var err error
|
|
|
|
if !c.hasSpace(false) {
|
2019-09-05 14:21:35 +00:00
|
|
|
logger.Info(logSender, c.ID, "denying file write due to space limit")
|
2019-08-04 07:37:58 +00:00
|
|
|
return nil, sftp.ErrSshFxFailure
|
|
|
|
}
|
|
|
|
|
2019-08-04 09:02:38 +00:00
|
|
|
osFlags := getOSOpenFlags(pflags)
|
2019-08-04 07:37:58 +00:00
|
|
|
|
2019-08-04 09:02:38 +00:00
|
|
|
if osFlags&os.O_TRUNC == 0 {
|
2019-08-04 07:37:58 +00:00
|
|
|
// see https://github.com/pkg/sftp/issues/295
|
2019-09-05 14:46:50 +00:00
|
|
|
logger.Info(logSender, c.ID, "upload resume is not supported, returning error for file: %#v", requestPath)
|
2019-08-04 07:37:58 +00:00
|
|
|
return nil, sftp.ErrSshFxOpUnsupported
|
|
|
|
}
|
|
|
|
|
|
|
|
if uploadMode == uploadModeAtomic {
|
|
|
|
err = os.Rename(requestPath, filePath)
|
|
|
|
if err != nil {
|
2019-09-05 14:21:35 +00:00
|
|
|
logger.Error(logSender, c.ID, "error renaming existing file for atomic upload, source: %#v, dest: %#v, err: %v",
|
2019-08-04 07:37:58 +00:00
|
|
|
requestPath, filePath, err)
|
|
|
|
return nil, sftp.ErrSshFxFailure
|
|
|
|
}
|
|
|
|
}
|
|
|
|
// we use 0666 so the umask is applied
|
|
|
|
file, err := os.OpenFile(filePath, osFlags, 0666)
|
|
|
|
if err != nil {
|
2019-09-05 14:21:35 +00:00
|
|
|
logger.Error(logSender, c.ID, "error opening existing file, flags: %v, source: %#v, err: %v", pflags, filePath, err)
|
2019-08-04 07:37:58 +00:00
|
|
|
return nil, sftp.ErrSshFxFailure
|
|
|
|
}
|
|
|
|
|
|
|
|
// FIXME: this need to be changed when we add upload resume support
|
|
|
|
// the file is truncated so we need to decrease quota size but not quota files
|
|
|
|
dataprovider.UpdateUserQuota(dataProvider, c.User, 0, -fileSize, false)
|
|
|
|
|
|
|
|
utils.SetPathPermissions(filePath, c.User.GetUID(), c.User.GetGID())
|
|
|
|
|
|
|
|
transfer := Transfer{
|
|
|
|
file: file,
|
|
|
|
path: requestPath,
|
|
|
|
start: time.Now(),
|
|
|
|
bytesSent: 0,
|
|
|
|
bytesReceived: 0,
|
|
|
|
user: c.User,
|
|
|
|
connectionID: c.ID,
|
|
|
|
transferType: transferUpload,
|
|
|
|
lastActivity: time.Now(),
|
|
|
|
isNewFile: false,
|
2019-08-24 12:41:15 +00:00
|
|
|
protocol: c.protocol,
|
2019-08-04 07:37:58 +00:00
|
|
|
}
|
|
|
|
addTransfer(&transfer)
|
|
|
|
return &transfer, nil
|
|
|
|
}
|
|
|
|
|
2019-07-20 10:26:52 +00:00
|
|
|
func (c Connection) hasSpace(checkFiles bool) bool {
|
|
|
|
if (checkFiles && c.User.QuotaFiles > 0) || c.User.QuotaSize > 0 {
|
2019-07-26 11:07:08 +00:00
|
|
|
numFile, size, err := dataprovider.GetUsedQuota(dataProvider, c.User.Username)
|
2019-07-20 10:26:52 +00:00
|
|
|
if err != nil {
|
|
|
|
if _, ok := err.(*dataprovider.MethodDisabledError); ok {
|
2019-09-05 14:21:35 +00:00
|
|
|
logger.Warn(logSender, c.ID, "quota enforcement not possible for user %v: %v", c.User.Username, err)
|
2019-07-20 10:26:52 +00:00
|
|
|
return true
|
|
|
|
}
|
2019-09-05 14:21:35 +00:00
|
|
|
logger.Warn(logSender, c.ID, "error getting used quota for %v: %v", c.User.Username, err)
|
2019-07-20 10:26:52 +00:00
|
|
|
return false
|
|
|
|
}
|
2019-07-28 20:04:50 +00:00
|
|
|
if (checkFiles && c.User.QuotaFiles > 0 && numFile >= c.User.QuotaFiles) ||
|
|
|
|
(c.User.QuotaSize > 0 && size >= c.User.QuotaSize) {
|
2019-09-05 14:21:35 +00:00
|
|
|
logger.Debug(logSender, c.ID, "quota exceed for user %v, num files: %v/%v, size: %v/%v check files: %v",
|
2019-07-20 10:26:52 +00:00
|
|
|
c.User.Username, numFile, c.User.QuotaFiles, size, c.User.QuotaSize, checkFiles)
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
|
|
|
|
// Normalizes a directory we get from the SFTP request to ensure the user is not able to escape
|
|
|
|
// from their data directory. After normalization if the directory is still within their home
|
|
|
|
// path it is returned. If they managed to "escape" an error will be returned.
|
|
|
|
func (c Connection) buildPath(rawPath string) (string, error) {
|
|
|
|
r := filepath.Clean(filepath.Join(c.User.HomeDir, rawPath))
|
|
|
|
p, err := filepath.EvalSymlinks(r)
|
|
|
|
if err != nil && !os.IsNotExist(err) {
|
|
|
|
return "", err
|
|
|
|
} else if os.IsNotExist(err) {
|
|
|
|
// The requested directory doesn't exist, so at this point we need to iterate up the
|
|
|
|
// path chain until we hit a directory that _does_ exist and can be validated.
|
|
|
|
_, err = c.findFirstExistingDir(r)
|
|
|
|
if err != nil {
|
2019-09-05 14:21:35 +00:00
|
|
|
logger.Warn(logSender, c.ID, "error resolving not existent path: %#v", err)
|
2019-07-20 10:26:52 +00:00
|
|
|
}
|
|
|
|
return r, err
|
|
|
|
}
|
|
|
|
|
|
|
|
err = c.isSubDir(p)
|
|
|
|
if err != nil {
|
2019-09-05 14:21:35 +00:00
|
|
|
logger.Warn(logSender, c.ID, "Invalid path resolution, dir: %#v outside user home: %#v err: %v", p, c.User.HomeDir, err)
|
2019-07-20 10:26:52 +00:00
|
|
|
}
|
|
|
|
return r, err
|
|
|
|
}
|
|
|
|
|
|
|
|
// iterate up the path chain until we hit a directory that does exist and can be validated.
|
|
|
|
// all nonexistent directories will be returned
|
|
|
|
func (c Connection) findNonexistentDirs(path string) ([]string, error) {
|
|
|
|
results := []string{}
|
|
|
|
cleanPath := filepath.Clean(path)
|
|
|
|
parent := filepath.Dir(cleanPath)
|
|
|
|
_, err := os.Stat(parent)
|
|
|
|
|
|
|
|
for os.IsNotExist(err) {
|
|
|
|
results = append(results, parent)
|
|
|
|
parent = filepath.Dir(parent)
|
|
|
|
_, err = os.Stat(parent)
|
|
|
|
}
|
|
|
|
if err != nil {
|
|
|
|
return results, err
|
|
|
|
}
|
|
|
|
p, err := filepath.EvalSymlinks(parent)
|
|
|
|
if err != nil {
|
|
|
|
return results, err
|
|
|
|
}
|
|
|
|
err = c.isSubDir(p)
|
|
|
|
if err != nil {
|
2019-09-05 14:21:35 +00:00
|
|
|
logger.Warn(logSender, c.ID, "Error finding non existing dir: %v", err)
|
2019-07-20 10:26:52 +00:00
|
|
|
}
|
|
|
|
return results, err
|
|
|
|
}
|
|
|
|
|
|
|
|
// iterate up the path chain until we hit a directory that does exist and can be validated.
|
|
|
|
func (c Connection) findFirstExistingDir(path string) (string, error) {
|
|
|
|
results, err := c.findNonexistentDirs(path)
|
|
|
|
if err != nil {
|
2019-09-05 14:21:35 +00:00
|
|
|
logger.Warn(logSender, c.ID, "unable to find non existent dirs: %v", err)
|
2019-07-20 10:26:52 +00:00
|
|
|
return "", err
|
|
|
|
}
|
|
|
|
var parent string
|
|
|
|
if len(results) > 0 {
|
|
|
|
lastMissingDir := results[len(results)-1]
|
|
|
|
parent = filepath.Dir(lastMissingDir)
|
|
|
|
} else {
|
|
|
|
parent = c.User.GetHomeDir()
|
|
|
|
}
|
|
|
|
p, err := filepath.EvalSymlinks(parent)
|
|
|
|
if err != nil {
|
|
|
|
return "", err
|
|
|
|
}
|
|
|
|
fileInfo, err := os.Stat(p)
|
|
|
|
if err != nil {
|
|
|
|
return "", err
|
|
|
|
}
|
|
|
|
if !fileInfo.IsDir() {
|
2019-09-05 13:39:19 +00:00
|
|
|
return "", fmt.Errorf("resolved path is not a dir: %#v", p)
|
2019-07-20 10:26:52 +00:00
|
|
|
}
|
|
|
|
err = c.isSubDir(p)
|
|
|
|
return p, err
|
|
|
|
}
|
|
|
|
|
|
|
|
// checks if sub is a subpath of the user home dir.
|
|
|
|
// EvalSymlink must be used on sub before calling this method
|
|
|
|
func (c Connection) isSubDir(sub string) error {
|
|
|
|
// home dir must exist and it is already a validated absolute path
|
|
|
|
parent, err := filepath.EvalSymlinks(c.User.HomeDir)
|
|
|
|
if err != nil {
|
2019-09-05 14:21:35 +00:00
|
|
|
logger.Warn(logSender, c.ID, "invalid home dir %#v: %v", c.User.HomeDir, err)
|
2019-07-20 10:26:52 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
if !strings.HasPrefix(sub, parent) {
|
2019-09-05 14:21:35 +00:00
|
|
|
logger.Warn(logSender, c.ID, "dir %#v is not inside: %#v ", sub, parent)
|
2019-09-05 13:39:19 +00:00
|
|
|
return fmt.Errorf("dir %#v is not inside: %#v", sub, parent)
|
2019-07-20 10:26:52 +00:00
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
2019-07-20 22:19:17 +00:00
|
|
|
|
|
|
|
func (c Connection) createMissingDirs(filePath string) error {
|
|
|
|
dirsToCreate, err := c.findNonexistentDirs(filePath)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
last := len(dirsToCreate) - 1
|
|
|
|
for i := range dirsToCreate {
|
|
|
|
d := dirsToCreate[last-i]
|
|
|
|
if err := os.Mkdir(d, 0777); err != nil {
|
2019-09-05 14:21:35 +00:00
|
|
|
logger.Error(logSender, c.ID, "error creating missing dir: %#v", d)
|
2019-07-20 22:19:17 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
utils.SetPathPermissions(d, c.User.GetUID(), c.User.GetGID())
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2019-08-04 09:02:38 +00:00
|
|
|
func getOSOpenFlags(requestFlags sftp.FileOpenFlags) (flags int) {
|
2019-07-20 22:19:17 +00:00
|
|
|
var osFlags int
|
|
|
|
if requestFlags.Read && requestFlags.Write {
|
|
|
|
osFlags |= os.O_RDWR
|
|
|
|
} else if requestFlags.Write {
|
|
|
|
osFlags |= os.O_WRONLY
|
|
|
|
}
|
|
|
|
if requestFlags.Append {
|
|
|
|
osFlags |= os.O_APPEND
|
|
|
|
}
|
|
|
|
if requestFlags.Creat {
|
|
|
|
osFlags |= os.O_CREATE
|
|
|
|
}
|
|
|
|
if requestFlags.Trunc {
|
|
|
|
osFlags |= os.O_TRUNC
|
|
|
|
}
|
|
|
|
if requestFlags.Excl {
|
|
|
|
osFlags |= os.O_EXCL
|
|
|
|
}
|
2019-08-04 09:02:38 +00:00
|
|
|
return osFlags
|
2019-07-20 22:19:17 +00:00
|
|
|
}
|
2019-08-04 07:37:58 +00:00
|
|
|
|
|
|
|
func getUploadTempFilePath(path string) string {
|
|
|
|
dir := filepath.Dir(path)
|
|
|
|
guid := xid.New().String()
|
|
|
|
return filepath.Join(dir, ".sftpgo-upload."+guid+"."+filepath.Base(path))
|
|
|
|
}
|