improved readlink handling

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2025-12-07 23:00:55 +03:00 · 2022-04-27 18:38:46 +02:00
parent 16a44a144b
commit 4a44a7dfe1
9 changed files with 244 additions and 73 deletions
--- a/sftpd/internal_test.go
+++ b/sftpd/internal_test.go
@@ -2195,3 +2195,34 @@ func TestMaxUserSessions(t *testing.T) {
 	common.Connections.Remove(connection.GetID())
 	assert.Len(t, common.Connections.GetStats(), 0)
 }
+
+func TestCanReadSymlink(t *testing.T) {
+	connection := &Connection{
+		BaseConnection: common.NewBaseConnection(xid.New().String(), common.ProtocolSFTP, "", "", dataprovider.User{
+			BaseUser: sdk.BaseUser{
+				Username: "user_can_read_symlink",
+				HomeDir:  filepath.Clean(os.TempDir()),
+				Permissions: map[string][]string{
+					"/":    {dataprovider.PermAny},
+					"/sub": {dataprovider.PermUpload},
+				},
+			},
+			Filters: dataprovider.UserFilters{
+				BaseUserFilters: sdk.BaseUserFilters{
+					FilePatterns: []sdk.PatternsFilter{
+						{
+							Path:           "/denied",
+							DeniedPatterns: []string{"*.txt"},
+							DenyPolicy:     sdk.DenyPolicyHide,
+						},
+					},
+				},
+			},
+		}),
+	}
+	err := connection.canReadLink("/sub/link")
+	assert.ErrorIs(t, err, sftp.ErrSSHFxPermissionDenied)
+
+	err = connection.canReadLink("/denied/file.txt")
+	assert.ErrorIs(t, err, sftp.ErrSSHFxNoSuchFile)
+}