Mirrors/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-07 14:50:55 +03:00
Code Issues Packages Projects Releases Wiki Activity

check permissions against sftp path

Browse Source 
instead of building filesystem paths and then checking permissions against
path relative to the home dir that is the initial sftp path
This commit is contained in:
Nicola Murino
2020-01-05 11:41:25 +01:00
parent eb2ddc4798
commit e046b35b97
6 changed files with 111 additions and 104 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
sftpd/ssh_cmd.go
View File

@@ -129,7 +129,7 @@ func (c *sshCommand) handleHashCommands() error {
if err != nil {
return c.sendErrorResponse(err)
}
if !c.connection.User.HasPerm(dataprovider.PermListItems, path) {
if !c.connection.User.HasPerm(dataprovider.PermListItems, sshPath) {
return c.sendErrorResponse(errPermissionDenied)
}
hash, err := computeHashForFile(h, path)
@@ -149,7 +149,7 @@ func (c *sshCommand) executeSystemCommand(command systemCommand) error {
}
perms := []string{dataprovider.PermDownload, dataprovider.PermUpload, dataprovider.PermCreateDirs, dataprovider.PermListItems,
dataprovider.PermOverwrite, dataprovider.PermDelete, dataprovider.PermRename}
if !c.connection.User.HasPerms(perms, command.realPath) {
if !c.connection.User.HasPerms(perms, c.getDestPath()) {
return c.sendErrorResponse(errPermissionDenied)
}
@@ -299,7 +299,7 @@ func (c *sshCommand) getSystemCommand() (systemCommand, error) {
// the home dir.
// If the user cannot create symlinks we add the option --munge-links, if it is not
// already set. This should make symlinks unusable (but manually recoverable)
if c.connection.User.HasPerm(dataprovider.PermCreateSymlinks, path) {
if c.connection.User.HasPerm(dataprovider.PermCreateSymlinks, c.getDestPath()) {
if !utils.IsStringInSlice("--safe-links", args) {
args = append([]string{"--safe-links"}, args...)
}