Mirrors/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-06 22:30:56 +03:00
Code Issues Packages Projects Releases Wiki Activity

add hide policy to pattern filters

Browse Source 
Disallowed files/dirs can be completly hidden. This may cause performance
issues for large directories

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
This commit is contained in:
Nicola Murino
2022-01-15 17:16:49 +01:00
parent 9b6b9cca3d
commit c3831de94e
20 changed files with 358 additions and 139 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
sftpd/handler.go
View File

@@ -63,9 +63,9 @@ func (c *Connection) Fileread(request *sftp.Request) (io.ReaderAt, error) {
return nil, sftp.ErrSSHFxPermissionDenied
}
if !c.User.IsFileAllowed(request.Filepath) {
if ok, policy := c.User.IsFileAllowed(request.Filepath); !ok {
c.Log(logger.LevelWarn, "reading file %#v is not allowed", request.Filepath)
return nil, sftp.ErrSSHFxPermissionDenied
return nil, c.GetErrorForDeniedFile(policy)
}
fs, p, err := c.GetFsAndResolvedPath(request.Filepath)
@@ -104,9 +104,9 @@ func (c *Connection) Filewrite(request *sftp.Request) (io.WriterAt, error) {
func (c *Connection) handleFilewrite(request *sftp.Request) (sftp.WriterAtReaderAt, error) {
c.UpdateLastActivity()
if !c.User.IsFileAllowed(request.Filepath) {
if ok, _ := c.User.IsFileAllowed(request.Filepath); !ok {
c.Log(logger.LevelWarn, "writing file %#v is not allowed", request.Filepath)
return nil, sftp.ErrSSHFxPermissionDenied
return nil, c.GetPermissionDeniedError()
}
fs, p, err := c.GetFsAndResolvedPath(request.Filepath)
@@ -175,7 +175,7 @@ func (c *Connection) Filecmd(request *sftp.Request) error {
case "Rmdir":
return c.RemoveDir(request.Filepath)
case "Mkdir":
err := c.CreateDir(request.Filepath)
err := c.CreateDir(request.Filepath, true)
if err != nil {
return err
}
@@ -214,7 +214,7 @@ func (c *Connection) Filelist(request *sftp.Request) (sftp.ListerAt, error) {
return nil, sftp.ErrSSHFxPermissionDenied
}
s, err := c.DoStat(request.Filepath, 0)
s, err := c.DoStat(request.Filepath, 0, true)
if err != nil {
return nil, err
}
@@ -255,7 +255,7 @@ func (c *Connection) Lstat(request *sftp.Request) (sftp.ListerAt, error) {
return nil, sftp.ErrSSHFxPermissionDenied
}
s, err := c.DoStat(request.Filepath, 1)
s, err := c.DoStat(request.Filepath, 1, true)
if err != nil {
return nil, err
}