/
handler.go
303 lines (284 loc) · 9.91 KB
/
handler.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
package sftp
import (
"io"
"os"
"path/filepath"
"strings"
"sync"
"emperror.dev/errors"
"github.com/apex/log"
"github.com/pkg/sftp"
"golang.org/x/crypto/ssh"
"github.com/blademindeu/wings/config"
"github.com/blademindeu/wings/server"
"github.com/blademindeu/wings/server/filesystem"
)
const (
PermissionFileRead = "file.read"
PermissionFileReadContent = "file.read-content"
PermissionFileCreate = "file.create"
PermissionFileUpdate = "file.update"
PermissionFileDelete = "file.delete"
)
type Handler struct {
mu sync.Mutex
server *server.Server
fs *filesystem.Filesystem
events *eventHandler
permissions []string
logger *log.Entry
ro bool
}
// NewHandler returns a new connection handler for the SFTP server. This allows a given user
// to access the underlying filesystem.
func NewHandler(sc *ssh.ServerConn, srv *server.Server) (*Handler, error) {
uuid, ok := sc.Permissions.Extensions["user"]
if !ok {
return nil, errors.New("sftp: mismatched Wings and Panel versions — Panel 1.10 is required for this version of Wings.")
}
events := eventHandler{
ip: sc.RemoteAddr().String(),
user: uuid,
server: srv.ID(),
}
return &Handler{
permissions: strings.Split(sc.Permissions.Extensions["permissions"], ","),
server: srv,
fs: srv.Filesystem(),
events: &events,
ro: config.Get().System.Sftp.ReadOnly,
logger: log.WithFields(log.Fields{"subsystem": "sftp", "user": uuid, "ip": sc.RemoteAddr()}),
}, nil
}
// Handlers returns the sftp.Handlers for this struct.
func (h *Handler) Handlers() sftp.Handlers {
return sftp.Handlers{
FileGet: h,
FilePut: h,
FileCmd: h,
FileList: h,
}
}
// Fileread creates a reader for a file on the system and returns the reader back.
func (h *Handler) Fileread(request *sftp.Request) (io.ReaderAt, error) {
// Check first if the user can actually open and view a file. This permission is named
// really poorly, but it is checking if they can read. There is an addition permission,
// "save-files" which determines if they can write that file.
if !h.can(PermissionFileReadContent) {
return nil, sftp.ErrSSHFxPermissionDenied
}
h.mu.Lock()
defer h.mu.Unlock()
f, _, err := h.fs.File(request.Filepath)
if err != nil {
if !errors.Is(err, os.ErrNotExist) {
h.logger.WithField("error", err).Error("error processing readfile request")
return nil, sftp.ErrSSHFxFailure
}
return nil, sftp.ErrSSHFxNoSuchFile
}
return f, nil
}
// Filewrite handles the write actions for a file on the system.
func (h *Handler) Filewrite(request *sftp.Request) (io.WriterAt, error) {
if h.ro {
return nil, sftp.ErrSSHFxOpUnsupported
}
l := h.logger.WithField("source", request.Filepath)
// If the user doesn't have enough space left on the server it should respond with an
// error since we won't be letting them write this file to the disk.
if !h.fs.HasSpaceAvailable(true) {
return nil, ErrSSHQuotaExceeded
}
h.mu.Lock()
defer h.mu.Unlock()
// The specific permission required to perform this action. If the file exists on the
// system already it only needs to be an update, otherwise we'll check for a create.
permission := PermissionFileUpdate
_, sterr := h.fs.Stat(request.Filepath)
if sterr != nil {
if !errors.Is(sterr, os.ErrNotExist) {
l.WithField("error", sterr).Error("error while getting file reader")
return nil, sftp.ErrSSHFxFailure
}
permission = PermissionFileCreate
}
// Confirm the user has permission to perform this action BEFORE calling Touch, otherwise
// you'll potentially create a file on the system and then fail out because of user
// permission checking after the fact.
if !h.can(permission) {
return nil, sftp.ErrSSHFxPermissionDenied
}
f, err := h.fs.Touch(request.Filepath, os.O_RDWR|os.O_TRUNC)
if err != nil {
l.WithField("flags", request.Flags).WithField("error", err).Error("failed to open existing file on system")
return nil, sftp.ErrSSHFxFailure
}
// Chown may or may not have been called in the touch function, so always do
// it at this point to avoid the file being improperly owned.
_ = h.fs.Chown(request.Filepath)
event := server.ActivitySftpWrite
if permission == PermissionFileCreate {
event = server.ActivitySftpCreate
}
h.events.MustLog(event, FileAction{Entity: request.Filepath})
return f, nil
}
// Filecmd hander for basic SFTP system calls related to files, but not anything to do with reading
// or writing to those files.
func (h *Handler) Filecmd(request *sftp.Request) error {
if h.ro {
return sftp.ErrSSHFxOpUnsupported
}
l := h.logger.WithField("source", request.Filepath)
if request.Target != "" {
l = l.WithField("target", request.Target)
}
switch request.Method {
// Allows a user to make changes to the permissions of a given file or directory
// on their server using their SFTP client.
case "Setstat":
if !h.can(PermissionFileUpdate) {
return sftp.ErrSSHFxPermissionDenied
}
mode := request.Attributes().FileMode().Perm()
// If the client passes an invalid FileMode just use the default 0644.
if mode == 0o000 {
mode = os.FileMode(0o644)
}
// Force directories to be 0755.
if request.Attributes().FileMode().IsDir() {
mode = 0o755
}
if err := h.fs.Chmod(request.Filepath, mode); err != nil {
if errors.Is(err, os.ErrNotExist) {
return sftp.ErrSSHFxNoSuchFile
}
l.WithField("error", err).Error("failed to perform setstat on item")
return sftp.ErrSSHFxFailure
}
break
// Support renaming a file (aka Move).
case "Rename":
if !h.can(PermissionFileUpdate) {
return sftp.ErrSSHFxPermissionDenied
}
if err := h.fs.Rename(request.Filepath, request.Target); err != nil {
if errors.Is(err, os.ErrNotExist) {
return sftp.ErrSSHFxNoSuchFile
}
l.WithField("error", err).Error("failed to rename file")
return sftp.ErrSSHFxFailure
}
h.events.MustLog(server.ActivitySftpRename, FileAction{Entity: request.Filepath, Target: request.Target})
break
// Handle deletion of a directory. This will properly delete all of the files and
// folders within that directory if it is not already empty (unlike a lot of SFTP
// clients that must delete each file individually).
case "Rmdir":
if !h.can(PermissionFileDelete) {
return sftp.ErrSSHFxPermissionDenied
}
p := filepath.Clean(request.Filepath)
if err := h.fs.Delete(p); err != nil {
l.WithField("error", err).Error("failed to remove directory")
return sftp.ErrSSHFxFailure
}
h.events.MustLog(server.ActivitySftpDelete, FileAction{Entity: request.Filepath})
return sftp.ErrSSHFxOk
// Handle requests to create a new Directory.
case "Mkdir":
if !h.can(PermissionFileCreate) {
return sftp.ErrSSHFxPermissionDenied
}
name := strings.Split(filepath.Clean(request.Filepath), "/")
p := strings.Join(name[0:len(name)-1], "/")
if err := h.fs.CreateDirectory(name[len(name)-1], p); err != nil {
l.WithField("error", err).Error("failed to create directory")
return sftp.ErrSSHFxFailure
}
h.events.MustLog(server.ActivitySftpCreateDirectory, FileAction{Entity: request.Filepath})
break
// Support creating symlinks between files. The source and target must resolve within
// the server home directory.
case "Symlink":
if !h.can(PermissionFileCreate) {
return sftp.ErrSSHFxPermissionDenied
}
if err := h.fs.Symlink(request.Filepath, request.Target); err != nil {
l.WithField("target", request.Target).WithField("error", err).Error("failed to create symlink")
return sftp.ErrSSHFxFailure
}
break
// Called when deleting a file.
case "Remove":
if !h.can(PermissionFileDelete) {
return sftp.ErrSSHFxPermissionDenied
}
if err := h.fs.Delete(request.Filepath); err != nil {
if errors.Is(err, os.ErrNotExist) {
return sftp.ErrSSHFxNoSuchFile
}
l.WithField("error", err).Error("failed to remove a file")
return sftp.ErrSSHFxFailure
}
h.events.MustLog(server.ActivitySftpDelete, FileAction{Entity: request.Filepath})
return sftp.ErrSSHFxOk
default:
return sftp.ErrSSHFxOpUnsupported
}
target := request.Filepath
if request.Target != "" {
target = request.Target
}
// Not failing here is intentional. We still made the file, it is just owned incorrectly
// and will likely cause some issues. There is no logical check for if the file was removed
// because both of those cases (Rmdir, Remove) have an explicit return rather than break.
if err := h.fs.Chown(target); err != nil {
l.WithField("error", err).Warn("error chowning file")
}
return sftp.ErrSSHFxOk
}
// Filelist is the handler for SFTP filesystem list calls. This will handle calls to list the contents of
// a directory as well as perform file/folder stat calls.
func (h *Handler) Filelist(request *sftp.Request) (sftp.ListerAt, error) {
if !h.can(PermissionFileRead) {
return nil, sftp.ErrSSHFxPermissionDenied
}
switch request.Method {
case "List":
entries, err := h.fs.ReadDirStat(request.Filepath)
if err != nil {
h.logger.WithField("source", request.Filepath).WithField("error", err).Error("error while listing directory")
return nil, sftp.ErrSSHFxFailure
}
return ListerAt(entries), nil
case "Stat":
st, err := h.fs.Stat(request.Filepath)
if err != nil {
if errors.Is(err, os.ErrNotExist) {
return nil, sftp.ErrSSHFxNoSuchFile
}
h.logger.WithField("source", request.Filepath).WithField("error", err).Error("error performing stat on file")
return nil, sftp.ErrSSHFxFailure
}
return ListerAt([]os.FileInfo{st.FileInfo}), nil
default:
return nil, sftp.ErrSSHFxOpUnsupported
}
}
// Determines if a user has permission to perform a specific action on the SFTP server. These
// permissions are defined and returned by the Panel API.
func (h *Handler) can(permission string) bool {
if h.server.IsSuspended() {
return false
}
for _, p := range h.permissions {
// If we match the permission specifically, or the user has been granted the "*"
// permission because they're an admin, let them through.
if p == permission || p == "*" {
return true
}
}
return false
}