Skip to content
This repository has been archived by the owner on Feb 25, 2021. It is now read-only.

Commit

Permalink
Correctly set server ownership
Browse files Browse the repository at this point in the history
  • Loading branch information
@DaneEveritt
DaneEveritt committed Nov 10, 2018
1 parent 792a723 commit 8394fef
Show file tree
Hide file tree
Showing 3 changed files with 44 additions and 7 deletions.
8 changes: 8 additions & 0 deletions main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ package main
import (
"errors"
"flag"
"github.com/buger/jsonparser"
"github.com/patrickmn/go-cache"
"github.com/pterodactyl/sftp-server/src/logger"
"github.com/pterodactyl/sftp-server/src/server"
Expand Down Expand Up @@ -40,11 +41,18 @@ func main() {
logger.Get().Fatalw("could not read configuration", zap.Error(err))
}

u, err := jsonparser.GetInt(config, "docker", "container", "user")
if err != nil {
logger.Get().Fatalw("could not locate SFTP base user", zap.Error(err))
return
}

c := cache.New(5*time.Minute, 10*time.Minute)

var s = server.Configuration{
Data: config,
Cache: c,
User: int(u),
Settings: server.Settings{
BasePath: path.Dir(configLocation),
ReadOnly: readOnlyMode,
Expand Down
34 changes: 30 additions & 4 deletions src/server/handler.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ type FileSystem struct {
Permissions []string
ReadOnly bool
DisableDiskCheck bool
User int
Cache *cache.Cache
lock sync.Mutex
}
Expand Down Expand Up @@ -103,6 +104,12 @@ func (fs FileSystem) Filewrite(request *sftp.Request) (io.WriterAt, error) {
return nil, sftp.ErrSshFxFailure
}

// Not failing here is intentional. We still made the file, it is just owned incorrectly
// and will likely cause some issues.
if err := os.Chown(p, fs.User, fs.User); err != nil {
logger.Get().Warnw("error chowning file", zap.String("file", p), zap.Error(err))
}

return file, nil
} else if err != nil {
logger.Get().Errorw("error performing file stat", zap.String("source", p), zap.Error(err))
Expand All @@ -128,6 +135,12 @@ func (fs FileSystem) Filewrite(request *sftp.Request) (io.WriterAt, error) {
return nil, sftp.ErrSshFxFailure
}

// Not failing here is intentional. We still made the file, it is just owned incorrectly
// and will likely cause some issues.
if err := os.Chown(p, fs.User, fs.User); err != nil {
logger.Get().Warnw("error chowning file", zap.String("file", p), zap.Error(err))
}

return file, nil
}

Expand Down Expand Up @@ -175,7 +188,7 @@ func (fs FileSystem) Filecmd(request *sftp.Request) error {
return sftp.ErrSshFxFailure
}

return sftp.ErrSshFxOk
break
case "Rmdir":
if !fs.can("delete-files") {
return sftp.ErrSshFxPermissionDenied
Expand All @@ -186,7 +199,7 @@ func (fs FileSystem) Filecmd(request *sftp.Request) error {
return sftp.ErrSshFxFailure
}

return sftp.ErrSshFxOk
break
case "Mkdir":
if !fs.can("create-files") {
return sftp.ErrSshFxPermissionDenied
Expand All @@ -197,7 +210,7 @@ func (fs FileSystem) Filecmd(request *sftp.Request) error {
return sftp.ErrSshFxFailure
}

return sftp.ErrSshFxOk
break
case "Symlink":
if !fs.can("create-files") {
return sftp.ErrSshFxPermissionDenied
Expand All @@ -212,7 +225,7 @@ func (fs FileSystem) Filecmd(request *sftp.Request) error {
return sftp.ErrSshFxFailure
}

return sftp.ErrSshFxOk
break
case "Remove":
if !fs.can("delete-files") {
return sftp.ErrSshFxPermissionDenied
Expand All @@ -227,6 +240,19 @@ func (fs FileSystem) Filecmd(request *sftp.Request) error {
default:
return sftp.ErrSshFxOpUnsupported
}

var fileLocation = p
if target != "" {
fileLocation = target
}

// Not failing here is intentional. We still made the file, it is just owned incorrectly
// and will likely cause some issues.
if err := os.Chown(fileLocation, fs.User, fs.User); err != nil {
logger.Get().Warnw("error chowning file", zap.String("file", fileLocation), zap.Error(err))
}

return sftp.ErrSshFxOk
}

// Handler for SFTP filesystem list calls. This will handle calls to list the contents of
Expand Down
9 changes: 6 additions & 3 deletions src/server/server.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ type Configuration struct {
Data []byte
Cache *cache.Cache
Settings Settings
User int
}

type AuthenticationResponse struct {
Expand All @@ -66,12 +67,13 @@ func (c Configuration) Initalize() error {
},
}

_, err := os.Stat(path.Join(c.Settings.BasePath, ".sftp/id_rsa"))
if os.IsNotExist(err) {
if _, err := os.Stat(path.Join(c.Settings.BasePath, ".sftp/id_rsa")); os.IsNotExist(err) {
logger.Get().Info("creating new private key for server")
if err := c.generatePrivateKey(); err != nil {
return err
}
} else if err != nil {
return err
}

privateBytes, err := ioutil.ReadFile(path.Join(c.Settings.BasePath, ".sftp/id_rsa"))
Expand Down Expand Up @@ -194,6 +196,7 @@ func (c Configuration) createHandler(perm *ssh.Permissions) sftp.Handlers {
ReadOnly: c.Settings.ReadOnly,
Cache: c.Cache,
DisableDiskCheck: c.Settings.DisableDiskCheck,
User: c.User,
}

return sftp.Handlers{
Expand Down Expand Up @@ -271,7 +274,7 @@ func (c Configuration) generatePrivateKey() error {
return err
}

o, err := os.Create(path.Join(c.Settings.BasePath, ".sftp/id_rsa"))
o, err := os.OpenFile(path.Join(c.Settings.BasePath, ".sftp/id_rsa"), os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0600)
if err != nil {
return err
}
Expand Down

0 comments on commit 8394fef

Please sign in to comment.