// Copyright (C) 2019 Nicola Murino // // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU Affero General Public License as published // by the Free Software Foundation, version 3. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU Affero General Public License for more details. // // You should have received a copy of the GNU Affero General Public License // along with this program. If not, see . package sftpd_test import ( "bufio" "bytes" "context" "crypto/rand" "crypto/sha256" "crypto/sha512" "encoding/base64" "encoding/binary" "encoding/json" "errors" "fmt" "hash" "io" "io/fs" "math" "net" "net/http" "os" "os/exec" "path" "path/filepath" "runtime" "strconv" "strings" "sync" "sync/atomic" "testing" "time" _ "github.com/go-sql-driver/mysql" _ "github.com/jackc/pgx/v5/stdlib" _ "github.com/mattn/go-sqlite3" "github.com/pquerna/otp" "github.com/pquerna/otp/totp" "github.com/pkg/sftp" "github.com/rs/zerolog" "github.com/sftpgo/sdk" sdkkms "github.com/sftpgo/sdk/kms" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "golang.org/x/crypto/ssh" "github.com/drakkan/sftpgo/v2/internal/common" "github.com/drakkan/sftpgo/v2/internal/config" "github.com/drakkan/sftpgo/v2/internal/dataprovider" "github.com/drakkan/sftpgo/v2/internal/httpdtest" "github.com/drakkan/sftpgo/v2/internal/kms" "github.com/drakkan/sftpgo/v2/internal/logger" "github.com/drakkan/sftpgo/v2/internal/mfa" "github.com/drakkan/sftpgo/v2/internal/sftpd" "github.com/drakkan/sftpgo/v2/internal/util" "github.com/drakkan/sftpgo/v2/internal/vfs" ) const ( logSender = "sftpdTesting" sftpServerAddr = "127.0.0.1:2022" sftpSrvAddr2222 = "127.0.0.1:2222" defaultUsername = "test_user_sftp" defaultPassword = "test_password" defaultSFTPUsername = "test_sftpfs_user" testPubKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC03jj0D+djk7pxIf/0OhrxrchJTRZklofJ1NoIu4752Sq02mdXmarMVsqJ1cAjV5LBVy3D1F5U6XW4rppkXeVtd04Pxb09ehtH0pRRPaoHHlALiJt8CoMpbKYMA8b3KXPPriGxgGomvtU2T2RMURSwOZbMtpsugfjYSWenyYX+VORYhylWnSXL961LTyC21ehd6d6QnW9G7E5hYMITMY9TuQZz3bROYzXiTsgN0+g6Hn7exFQp50p45StUMfV/SftCMdCxlxuyGny2CrN/vfjO7xxOo2uv7q1qm10Q46KPWJQv+pgZ/OfL+EDjy07n5QVSKHlbx+2nT4Q0EgOSQaCTYwn3YjtABfIxWwgAFdyj6YlPulCL22qU4MYhDcA6PSBwDdf8hvxBfvsiHdM+JcSHvv8/VeJhk6CmnZxGY0fxBupov27z3yEO8nAg8k+6PaUiW1MSUfuGMF/ktB8LOstXsEPXSszuyXiOv4DaryOXUiSn7bmRqKcEFlJusO6aZP0= nicola@p1" testPubKey1 = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCd60+/j+y8f0tLftihWV1YN9RSahMI9btQMDIMqts/jeNbD8jgoogM3nhF7KxfcaMKURuD47KC4Ey6iAJUJ0sWkSNNxOcIYuvA+5MlspfZDsa8Ag76Fe1vyz72WeHMHMeh/hwFo2TeIeIXg480T1VI6mzfDrVp2GzUx0SS0dMsQBjftXkuVR8YOiOwMCAH2a//M1OrvV7d/NBk6kBN0WnuIBb2jKm15PAA7+jQQG7tzwk2HedNH3jeL5GH31xkSRwlBczRK0xsCQXehAlx6cT/e/s44iJcJTHfpPKoSk6UAhPJYe7Z1QnuoawY9P9jQaxpyeImBZxxUEowhjpj2avBxKdRGBVK8R7EL8tSOeLbhdyWe5Mwc1+foEbq9Zz5j5Kd+hn3Wm1UnsGCrXUUUoZp1jnlNl0NakCto+5KmqnT9cHxaY+ix2RLUWAZyVFlRq71OYux1UHJnEJPiEI1/tr4jFBSL46qhQZv/TfpkfVW8FLz0lErfqu0gQEZnNHr3Fc= nicola@p1" testPrivateKey = `-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn NhAAAAAwEAAQAAAYEAtN449A/nY5O6cSH/9Doa8a3ISU0WZJaHydTaCLuO+dkqtNpnV5mq zFbKidXAI1eSwVctw9ReVOl1uK6aZF3lbXdOD8W9PXobR9KUUT2qBx5QC4ibfAqDKWymDA PG9ylzz64hsYBqJr7VNk9kTFEUsDmWzLabLoH42Elnp8mF/lTkWIcpVp0ly/etS08gttXo XenekJ1vRuxOYWDCEzGPU7kGc920TmM14k7IDdPoOh5+3sRUKedKeOUrVDH1f0n7QjHQsZ cbshp8tgqzf734zu8cTqNrr+6taptdEOOij1iUL/qYGfzny/hA48tO5+UFUih5W8ftp0+E NBIDkkGgk2MJ92I7QAXyMVsIABXco+mJT7pQi9tqlODGIQ3AOj0gcA3X/Ib8QX77Ih3TPi XEh77/P1XiYZOgpp2cRmNH8QbqaL9u898hDvJwIPJPuj2lIltTElH7hjBf5LQfCzrLV7BD 10rM7sl4jr+A2q8jl1Ikp+25kainBBZSbrDummT9AAAFgDU/VLk1P1S5AAAAB3NzaC1yc2 EAAAGBALTeOPQP52OTunEh//Q6GvGtyElNFmSWh8nU2gi7jvnZKrTaZ1eZqsxWyonVwCNX ksFXLcPUXlTpdbiummRd5W13Tg/FvT16G0fSlFE9qgceUAuIm3wKgylspgwDxvcpc8+uIb GAaia+1TZPZExRFLA5lsy2my6B+NhJZ6fJhf5U5FiHKVadJcv3rUtPILbV6F3p3pCdb0bs TmFgwhMxj1O5BnPdtE5jNeJOyA3T6Doeft7EVCnnSnjlK1Qx9X9J+0Ix0LGXG7IafLYKs3 +9+M7vHE6ja6/urWqbXRDjoo9YlC/6mBn858v4QOPLTuflBVIoeVvH7adPhDQSA5JBoJNj CfdiO0AF8jFbCAAV3KPpiU+6UIvbapTgxiENwDo9IHAN1/yG/EF++yId0z4lxIe+/z9V4m GToKadnEZjR/EG6mi/bvPfIQ7ycCDyT7o9pSJbUxJR+4YwX+S0Hws6y1ewQ9dKzO7JeI6/ gNqvI5dSJKftuZGopwQWUm6w7ppk/QAAAAMBAAEAAAGAHKnC+Nq0XtGAkIFE4N18e6SAwy 0WSWaZqmCzFQM0S2AhJnweOIG/0ZZHjsRzKKauOTmppQk40dgVsejpytIek9R+aH172gxJ 2n4Cx0UwduRU5x8FFQlNc/kl722B0JWfJuB/snOZXv6LJ4o5aObIkozt2w9tVFeAqjYn2S 1UsNOfRHBXGsTYwpRDwFWP56nKo2d2wBBTHDhCy6fb2dLW1fvSi/YspueOGIlHpvlYKi2/ CWqvs9xVrwcScMtiDoQYq0khhO0efLCxvg/o+W9CLMVM2ms4G1zoSUQKN0oYWWQJyW4+VI YneWO8UpN0J3ElXKi7bhgAat7dBaM1g9IrAzk153DiEFZNsPxGOgL/+YdQN7zUBx/z7EkI jyv80RV7fpUXvcq2p+qNl6UVig3VSzRrnsaJkUWu/A0u59ha7ocv6NxDIXjxpIDJme16GF quiGVBQNnYJymS/vFEbGf6bgf7iRmMCRUMG4nqLA6fPYP9uAtch+CmDfVLZC/fIdC5AAAA wQCDissV4zH6bfqgxJSuYNk8Vbb+19cF3b7gH1rVlB3zxpCAgcRgMHC+dP1z2NRx7UW9MR nye6kjpkzZZ0OigLqo7TtEq8uTglD9o6W7mRXqhy5A/ySOmqPL3ernHHQhGuoNODYAHkOU u2Rh8HXi+VLwKZcLInPOYJvcuLG4DxN8WfeVvlMHwhAOaTNNOtL4XZDHQeIPc4qHmJymmv sV7GuyQ6yW5C10uoGdxRPd90Bh4z4h2bKfZFjvEBbSBVkqrlAAAADBAN/zNtNayd/dX7Cr Nb4sZuzCh+CW4BH8GOePZWNCATwBbNXBVb5cR+dmuTqYm+Ekz0VxVQRA1TvKncluJOQpoa Xj8r0xdIgqkehnfDPMKtYVor06B9Fl1jrXtXU0Vrr6QcBWruSVyK1ZxqcmcNK/+KolVepe A6vcl/iKaG4U7su166nxLST06M2EgcSVsFJHpKn5+WAXC+X0Gx8kNjWIIb3GpiChdc0xZD mq02xZthVJrTCVw/e7gfDoB2QRsNV8HwAAAMEAzsCghZVp+0YsYg9oOrw4tEqcbEXEMhwY 0jW8JNL8Spr1Ibp5Dw6bRSk5azARjmJtnMJhJ3oeHfF0eoISqcNuQXGndGQbVM9YzzAzc1 NbbCNsVroqKlChT5wyPNGS+phi2bPARBno7WSDvshTZ7dAVEP2c9MJW0XwoSevwKlhgSdt RLFFQ/5nclJSdzPBOmQouC0OBcMFSrYtMeknJ4VvueVvve5HcHFaEsaMc7ABAGaLYaBQOm iixITGvaNZh/tjAAAACW5pY29sYUBwMQE= -----END OPENSSH PRIVATE KEY-----` // password protected private key testPrivateKeyPwd = `-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAvfwQQcs +PyMsCLTNFcKiQAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAILqltfCL7IPuIQ2q +8w23flfgskjIlKViEwMfjJR4mrbAAAAkHp5xgG8J1XW90M/fT59ZUQht8sZzzP17rEKlX waYKvLzDxkPK6LFIYs55W1EX1eVt/2Maq+zQ7k2SOUmhPNknsUOlPV2gytX3uIYvXF7u2F FTBIJuzZ+UQ14wFbraunliE9yye9DajVG1kz2cz2wVgXUbee+gp5NyFVvln+TcTxXwMsWD qwlk5iw/jQekxThg== -----END OPENSSH PRIVATE KEY----- ` testPubKeyPwd = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILqltfCL7IPuIQ2q+8w23flfgskjIlKViEwMfjJR4mrb" privateKeyPwd = "password" // test CA user key. // % ssh-keygen -f ca_user_key testCAUserKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDF5fcwZHiyixmnE6IlOZJpZhWXoh62gN+yadAA0GJ509SAEaZVLPDP8S5RsE8mUikR3wxynVshxHeqMhrkS+RlNbhSlOXDdNg94yTrq/xF8Z/PgKRInvef74k5i7bAIytza7jERzFJ/ujTEy3537T5k5EYQJ15ZQGuvzynSdv+6o99SjI4jFplyQOZ2QcYbEAmhHm5GgQlIiEFG/RlDtLksOulKZxOY3qPzP0AyQxtZJXn/5vG40aW9LTbwxCJqWlgrkFXMqAAVCbuU5YspwhiXmKt1PsldiXw23oloa4caCKN1jzbFiGuZNXEU2Ebx7JIvjQCPaUYwLjEbkRDxDqN/vmwZqBuKYiuG9Eafx+nFSQkr7QYb5b+mT+/1IFHnmeRGn38731kBqtH7tpzC/t+soRX9p2HtJM+9MYhblO2OqTSPGTlxihWUkyiRBekpAhaiHld16TsG+A3bOJHrojGcX+5g6oGarKGLAMcykL1X+rZqT993Mo6d2Z7q43MOXE= root@p1" // this is testPubKey signed using testCAUserKey. // % ssh-keygen -s ca_user_key -I test_user_sftp -n test_user_sftp -V always:forever -O source-address=127.0.0.1 -z 1 /tmp/test.pub testCertValid = "ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgm2fil1IIoTixrA2QE9tk7Vbspj/JdEY90e3K2htxYv8AAAADAQABAAABgQC03jj0D+djk7pxIf/0OhrxrchJTRZklofJ1NoIu4752Sq02mdXmarMVsqJ1cAjV5LBVy3D1F5U6XW4rppkXeVtd04Pxb09ehtH0pRRPaoHHlALiJt8CoMpbKYMA8b3KXPPriGxgGomvtU2T2RMURSwOZbMtpsugfjYSWenyYX+VORYhylWnSXL961LTyC21ehd6d6QnW9G7E5hYMITMY9TuQZz3bROYzXiTsgN0+g6Hn7exFQp50p45StUMfV/SftCMdCxlxuyGny2CrN/vfjO7xxOo2uv7q1qm10Q46KPWJQv+pgZ/OfL+EDjy07n5QVSKHlbx+2nT4Q0EgOSQaCTYwn3YjtABfIxWwgAFdyj6YlPulCL22qU4MYhDcA6PSBwDdf8hvxBfvsiHdM+JcSHvv8/VeJhk6CmnZxGY0fxBupov27z3yEO8nAg8k+6PaUiW1MSUfuGMF/ktB8LOstXsEPXSszuyXiOv4DaryOXUiSn7bmRqKcEFlJusO6aZP0AAAAAAAAAAQAAAAEAAAAOdGVzdF91c2VyX3NmdHAAAAASAAAADnRlc3RfdXNlcl9zZnRwAAAAAAAAAAD//////////wAAACMAAAAOc291cmNlLWFkZHJlc3MAAAANAAAACTEyNy4wLjAuMQAAAIIAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJtaXQtYWdlbnQtZm9yd2FyZGluZwAAAAAAAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAKcGVybWl0LXB0eQAAAAAAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAAZcAAAAHc3NoLXJzYQAAAAMBAAEAAAGBAMXl9zBkeLKLGacToiU5kmlmFZeiHraA37Jp0ADQYnnT1IARplUs8M/xLlGwTyZSKRHfDHKdWyHEd6oyGuRL5GU1uFKU5cN02D3jJOur/EXxn8+ApEie95/viTmLtsAjK3NruMRHMUn+6NMTLfnftPmTkRhAnXllAa6/PKdJ2/7qj31KMjiMWmXJA5nZBxhsQCaEebkaBCUiIQUb9GUO0uSw66UpnE5jeo/M/QDJDG1klef/m8bjRpb0tNvDEImpaWCuQVcyoABUJu5TliynCGJeYq3U+yV2JfDbeiWhrhxoIo3WPNsWIa5k1cRTYRvHski+NAI9pRjAuMRuREPEOo3++bBmoG4piK4b0Rp/H6cVJCSvtBhvlv6ZP7/UgUeeZ5EaffzvfWQGq0fu2nML+36yhFf2nYe0kz70xiFuU7Y6pNI8ZOXGKFZSTKJEF6SkCFqIeV3XpOwb4Dds4keuiMZxf7mDqgZqsoYsAxzKQvVf6tmpP33cyjp3Znurjcw5cQAAAZQAAAAMcnNhLXNoYTItNTEyAAABgMNenD7d1J9cF7JWgHA1DYpJ5+5knPtdXbbIgZAznsTxX7qOdptjeeYOuzhQ5Bwklh3fjewiJpGR1rBqbULP+6PAKeYqd7dNLH/upfKBfJweRf5pdXDpoknHaVuIhi4Uu6FeI4NkAzX9nqNKjFAflhJ+7GLGkLNb0UVZxgxr/t0rPmxc5iTg2ZRM+rk1Ij0S5RnGiKVsdAClqNA6h4TDzu5lJVdK5XvuNKBsKVRCvsVBOgJQTtRTLywQaqWR+HBfCiMj8X8EI7atDlJ6XIAlTLOO/f1sM8QPLjT0+tCHZaGFzg/lKPh3/yFQ4MvddZCptMy1Ll1xvj7cz2ynhGR4PiDfikV3YzgJU/KtL5y+ZB4jU08oPRiOP612PjwZZ+MqYOVOFCKUpMpZQs5UJHME+zNKr4LEj8M0x4YFKIciC+RsrCo4ujbJHmz61ionCadU+fmngvl3C3QjmUdgULBevODeUeIpJv4yFahNxrG1SKRTAa8VVDwJ9GdDTtmXM0mrwA== nicola@p1" // this is testPubKey signed using a CA user key different from testCAUserKey testCertUntrustedCA = "ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAg8oFPWpjYy/DowMmtOjWj7Dq20d2N/4Rxzr/c710tOOUAAAADAQABAAABgQC03jj0D+djk7pxIf/0OhrxrchJTRZklofJ1NoIu4752Sq02mdXmarMVsqJ1cAjV5LBVy3D1F5U6XW4rppkXeVtd04Pxb09ehtH0pRRPaoHHlALiJt8CoMpbKYMA8b3KXPPriGxgGomvtU2T2RMURSwOZbMtpsugfjYSWenyYX+VORYhylWnSXL961LTyC21ehd6d6QnW9G7E5hYMITMY9TuQZz3bROYzXiTsgN0+g6Hn7exFQp50p45StUMfV/SftCMdCxlxuyGny2CrN/vfjO7xxOo2uv7q1qm10Q46KPWJQv+pgZ/OfL+EDjy07n5QVSKHlbx+2nT4Q0EgOSQaCTYwn3YjtABfIxWwgAFdyj6YlPulCL22qU4MYhDcA6PSBwDdf8hvxBfvsiHdM+JcSHvv8/VeJhk6CmnZxGY0fxBupov27z3yEO8nAg8k+6PaUiW1MSUfuGMF/ktB8LOstXsEPXSszuyXiOv4DaryOXUiSn7bmRqKcEFlJusO6aZP0AAAAAAAAAAAAAAAEAAAAOdGVzdF91c2VyX3NmdHAAAAASAAAADnRlc3RfdXNlcl9zZnRwAAAAAAAAAAD//////////wAAAAAAAACCAAAAFXBlcm1pdC1YMTEtZm9yd2FyZGluZwAAAAAAAAAXcGVybWl0LWFnZW50LWZvcndhcmRpbmcAAAAAAAAAFnBlcm1pdC1wb3J0LWZvcndhcmRpbmcAAAAAAAAACnBlcm1pdC1wdHkAAAAAAAAADnBlcm1pdC11c2VyLXJjAAAAAAAAAAAAAAGXAAAAB3NzaC1yc2EAAAADAQABAAABgQCqgm2gVlptULThfpRR0oCb4SAU3368ULlJaiZOUdq6b94KTfgmu4hTLs7u3a8hyZnVxrKrJ93uAVCwa/HGtgiN96CNC6JUt/QnPqTJ8LQ207RdoE9fbOe6mGwOle5z45+5JFoIi5ZZuD8JsBGodVoa92UepoMyBcNtZyl9q2GP4yT2tIYRon79dtG9AXiDYyhSgePqaObN67dn3ivMc4ZGNukK3cG07cYPic5y0wxX16wSMG3pGQDyUkAu+s4AqpnV9EWHM4PE7SYkCXE99++tUK3QALYqvGZKrLHgzmDKi6n+e14vHYUppAeGDZzwlawiY4oGP9eOW2KUfjZe2ZeL22JTFDYzH2lNV2WtUpeKRGGTSGaUblRVC9hRt6hKCT4c7qpW4kO4kPhE39JpcNPGLql7srNkw+3xXBs8xghMPtH3nOl1Rz2mxnX5tAqmPBb+KiPepnrs+pBRu7i+nCVp8az+iN87STYHy+zPtvTR+QURC8BpNraPOfXwpwM2HaMAAAGUAAAADHJzYS1zaGEyLTUxMgAAAYBnTXCL6tXUO3/Gtsm7lnH9Sulzca8FOoI4Y/4bVYhq4iUNu7Ca452m+Xr9qmCEoIyIJF0LEEcJ8jcS4rfX15e7tNNoknv7JbYXBFAbp1Y/76iqVf89FjfVcbEyH2ToAf7eyQAWzQ3gEKS8mQIkLnAwmCboUXC4GRodSIiOXiTt5Q6T02MVc8TxkhmlTA0uVLd5XgstySgE/oLBnL59lhJcwQmdhHL+m480+PaW55CtMuC36RTwk/tOyuWCDC5qMXnoveNB3yu45o3L/U4hoyJ0/5FyP5C8ahgydY0LoRZQG/mNzuraY4433rK+IfkQvZTyaDtcjhxE6hCD5F40aDDh88i6XaKAPikD6fqra6BN8PoPgLuRHzOJuqsMXBWM99s7qPgSnBbmXlekz/1jvvFiCh3zvAFTxFz2KyE4+SbDcCrhpxkNL7idw6r/ZsHaI/2+zhDcgSs5MgBwYLJEj6zUqVdp5XsF8YfC7yNZV5/qy68qY2+zXrC57SPifU2SCPE= nicola@p1" // this is testPubKey signed as host certificate. // % ssh-keygen -s ca_user_key -I test_user_sftp -h -n test_user_sftp -V always:forever -z 2 /tmp/test.pub testHostCert = "ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAg7O2LDpLO1jGTX3SSzEMILoAYJb9DdggyyaUMXUUg3L4AAAADAQABAAABgQC03jj0D+djk7pxIf/0OhrxrchJTRZklofJ1NoIu4752Sq02mdXmarMVsqJ1cAjV5LBVy3D1F5U6XW4rppkXeVtd04Pxb09ehtH0pRRPaoHHlALiJt8CoMpbKYMA8b3KXPPriGxgGomvtU2T2RMURSwOZbMtpsugfjYSWenyYX+VORYhylWnSXL961LTyC21ehd6d6QnW9G7E5hYMITMY9TuQZz3bROYzXiTsgN0+g6Hn7exFQp50p45StUMfV/SftCMdCxlxuyGny2CrN/vfjO7xxOo2uv7q1qm10Q46KPWJQv+pgZ/OfL+EDjy07n5QVSKHlbx+2nT4Q0EgOSQaCTYwn3YjtABfIxWwgAFdyj6YlPulCL22qU4MYhDcA6PSBwDdf8hvxBfvsiHdM+JcSHvv8/VeJhk6CmnZxGY0fxBupov27z3yEO8nAg8k+6PaUiW1MSUfuGMF/ktB8LOstXsEPXSszuyXiOv4DaryOXUiSn7bmRqKcEFlJusO6aZP0AAAAAAAAAAgAAAAIAAAAOdGVzdF91c2VyX3NmdHAAAAASAAAADnRlc3RfdXNlcl9zZnRwAAAAAAAAAAD//////////wAAAAAAAAAAAAAAAAAAAZcAAAAHc3NoLXJzYQAAAAMBAAEAAAGBAMXl9zBkeLKLGacToiU5kmlmFZeiHraA37Jp0ADQYnnT1IARplUs8M/xLlGwTyZSKRHfDHKdWyHEd6oyGuRL5GU1uFKU5cN02D3jJOur/EXxn8+ApEie95/viTmLtsAjK3NruMRHMUn+6NMTLfnftPmTkRhAnXllAa6/PKdJ2/7qj31KMjiMWmXJA5nZBxhsQCaEebkaBCUiIQUb9GUO0uSw66UpnE5jeo/M/QDJDG1klef/m8bjRpb0tNvDEImpaWCuQVcyoABUJu5TliynCGJeYq3U+yV2JfDbeiWhrhxoIo3WPNsWIa5k1cRTYRvHski+NAI9pRjAuMRuREPEOo3++bBmoG4piK4b0Rp/H6cVJCSvtBhvlv6ZP7/UgUeeZ5EaffzvfWQGq0fu2nML+36yhFf2nYe0kz70xiFuU7Y6pNI8ZOXGKFZSTKJEF6SkCFqIeV3XpOwb4Dds4keuiMZxf7mDqgZqsoYsAxzKQvVf6tmpP33cyjp3Znurjcw5cQAAAZQAAAAMcnNhLXNoYTItNTEyAAABgHlAWMTTzNrE6pxHlkr09ZXsHgJi8U2p7eifs56DOLgklYIXVUJPEEcnzMKGdpPBnqJsvg3+PccqxgOr5L1dFuOmekQ/dGiHd1enrESiGvJOvDfm0WsuBjxEZkSNFWgC9Z2NltToMmRlhVBmb4ZRZtAmi9DAFlJ/BDV4t8ikXZ5oUsigwIeOeLkdPFx3C3x9KZIpuwuAIV4Nfmz75q1NMWY2K1hv682QCKwMYqOWSotz1vWunNmZ0yPRl9UwqAq+nqwO3AApnlrQ3MmHujWQ5tl65PyhfpI8oghhUtB6YrJIAuRXNI/S0+KewCpiYm7nbFBtv9lpecujxAeTibYBrFZ5VODEUm3sdQ/HMdTmkhi6xNgPDQVlvKFqBJAaqoO3tbhKTbEZ865tJMqhyxmZ4XY08wduvSVobrNr7s3rm42/FXLIpung+UOVXonHyeIv9zQ0iJ/bvqKQ1fOsTisZdcD0lz80ZGsjdgJt7yKfUNBnAyVbTXm048E3WsZslJIYCA== nicola@p1" // this is testPubKey signed using testCAUserKey but with source address 172.16.34.45. // % ssh-keygen -s ca_user_key -I test_user_sftp -n test_user_sftp -V always:forever -O source-address=172.16.34.45 -z 3 /tmp/test.pub testCertOtherSourceAddress = "ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgZ4Su0250R4sQRNYJqJH9VTp9OyeYMAvqY5+lJRI4LzMAAAADAQABAAABgQC03jj0D+djk7pxIf/0OhrxrchJTRZklofJ1NoIu4752Sq02mdXmarMVsqJ1cAjV5LBVy3D1F5U6XW4rppkXeVtd04Pxb09ehtH0pRRPaoHHlALiJt8CoMpbKYMA8b3KXPPriGxgGomvtU2T2RMURSwOZbMtpsugfjYSWenyYX+VORYhylWnSXL961LTyC21ehd6d6QnW9G7E5hYMITMY9TuQZz3bROYzXiTsgN0+g6Hn7exFQp50p45StUMfV/SftCMdCxlxuyGny2CrN/vfjO7xxOo2uv7q1qm10Q46KPWJQv+pgZ/OfL+EDjy07n5QVSKHlbx+2nT4Q0EgOSQaCTYwn3YjtABfIxWwgAFdyj6YlPulCL22qU4MYhDcA6PSBwDdf8hvxBfvsiHdM+JcSHvv8/VeJhk6CmnZxGY0fxBupov27z3yEO8nAg8k+6PaUiW1MSUfuGMF/ktB8LOstXsEPXSszuyXiOv4DaryOXUiSn7bmRqKcEFlJusO6aZP0AAAAAAAAAAwAAAAEAAAAOdGVzdF91c2VyX3NmdHAAAAASAAAADnRlc3RfdXNlcl9zZnRwAAAAAAAAAAD//////////wAAACYAAAAOc291cmNlLWFkZHJlc3MAAAAQAAAADDE3Mi4xNi4zNC40NQAAAIIAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJtaXQtYWdlbnQtZm9yd2FyZGluZwAAAAAAAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAKcGVybWl0LXB0eQAAAAAAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAAZcAAAAHc3NoLXJzYQAAAAMBAAEAAAGBAMXl9zBkeLKLGacToiU5kmlmFZeiHraA37Jp0ADQYnnT1IARplUs8M/xLlGwTyZSKRHfDHKdWyHEd6oyGuRL5GU1uFKU5cN02D3jJOur/EXxn8+ApEie95/viTmLtsAjK3NruMRHMUn+6NMTLfnftPmTkRhAnXllAa6/PKdJ2/7qj31KMjiMWmXJA5nZBxhsQCaEebkaBCUiIQUb9GUO0uSw66UpnE5jeo/M/QDJDG1klef/m8bjRpb0tNvDEImpaWCuQVcyoABUJu5TliynCGJeYq3U+yV2JfDbeiWhrhxoIo3WPNsWIa5k1cRTYRvHski+NAI9pRjAuMRuREPEOo3++bBmoG4piK4b0Rp/H6cVJCSvtBhvlv6ZP7/UgUeeZ5EaffzvfWQGq0fu2nML+36yhFf2nYe0kz70xiFuU7Y6pNI8ZOXGKFZSTKJEF6SkCFqIeV3XpOwb4Dds4keuiMZxf7mDqgZqsoYsAxzKQvVf6tmpP33cyjp3Znurjcw5cQAAAZQAAAAMcnNhLXNoYTItNTEyAAABgL34Q3Li8AJIxZLU+fh4i8ehUWpm31vEvlNjXVCeP70xI+5hWuEt6E1TgKw7GCL5GeD4KehX4vVcNs+A2eOdIUZfDBZIFxn88BN8xcMlDpAMJXgvNqGttiOwcspL6X3N288djUgpCI718lLRdz8nvFqcuYBhSpBm5KL4JzH5o1o8yqv75wMJsH8CJYwGhvWi0OgWOqaLRAk3IUxq3Fbgo/nX11NgrkY/dHIZCkGBFaLJ/M5mfmt/K/5hJAVgLcSxMwB/ryyGaziB9Pv7CwZ9uwnMoRcAvyr96lqgdtLt7LNY8ktugAJ7EnBWjQn4+EJAjjRK2sCaiwpdP37ckDZgmk0OWGEL1yVy8VXgl9QBd7Mb1EVl+lhRyw8jlgBXZOGqpdDrmKCdBYGtU7ujyndLXmxZEAlqhef0yCsyZPTkYH3RhjCYs8ATrEqndEpiL59Nej5uUGQURYijJfHep08AMb4rCxvIZATVm1Ocxu48rGCGolv8jZFJzSJq84HCrVRKMw== nicola@p1" // this is testPubKey signed using testCAUserKey but expired. // % ssh-keygen -s ca_user_key -I test_user_sftp -n test_user_sftp -V 20100101123000:20110101123000 -z 4 /tmp/test.pub testCertExpired = "ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgU3TLP5285k20fBSsdZioI78oJUpaRXFlgx5IPg6gWg8AAAADAQABAAABgQC03jj0D+djk7pxIf/0OhrxrchJTRZklofJ1NoIu4752Sq02mdXmarMVsqJ1cAjV5LBVy3D1F5U6XW4rppkXeVtd04Pxb09ehtH0pRRPaoHHlALiJt8CoMpbKYMA8b3KXPPriGxgGomvtU2T2RMURSwOZbMtpsugfjYSWenyYX+VORYhylWnSXL961LTyC21ehd6d6QnW9G7E5hYMITMY9TuQZz3bROYzXiTsgN0+g6Hn7exFQp50p45StUMfV/SftCMdCxlxuyGny2CrN/vfjO7xxOo2uv7q1qm10Q46KPWJQv+pgZ/OfL+EDjy07n5QVSKHlbx+2nT4Q0EgOSQaCTYwn3YjtABfIxWwgAFdyj6YlPulCL22qU4MYhDcA6PSBwDdf8hvxBfvsiHdM+JcSHvv8/VeJhk6CmnZxGY0fxBupov27z3yEO8nAg8k+6PaUiW1MSUfuGMF/ktB8LOstXsEPXSszuyXiOv4DaryOXUiSn7bmRqKcEFlJusO6aZP0AAAAAAAAABAAAAAEAAAAOdGVzdF91c2VyX3NmdHAAAAASAAAADnRlc3RfdXNlcl9zZnRwAAAAAEs93LgAAAAATR8QOAAAAAAAAACCAAAAFXBlcm1pdC1YMTEtZm9yd2FyZGluZwAAAAAAAAAXcGVybWl0LWFnZW50LWZvcndhcmRpbmcAAAAAAAAAFnBlcm1pdC1wb3J0LWZvcndhcmRpbmcAAAAAAAAACnBlcm1pdC1wdHkAAAAAAAAADnBlcm1pdC11c2VyLXJjAAAAAAAAAAAAAAGXAAAAB3NzaC1yc2EAAAADAQABAAABgQDF5fcwZHiyixmnE6IlOZJpZhWXoh62gN+yadAA0GJ509SAEaZVLPDP8S5RsE8mUikR3wxynVshxHeqMhrkS+RlNbhSlOXDdNg94yTrq/xF8Z/PgKRInvef74k5i7bAIytza7jERzFJ/ujTEy3537T5k5EYQJ15ZQGuvzynSdv+6o99SjI4jFplyQOZ2QcYbEAmhHm5GgQlIiEFG/RlDtLksOulKZxOY3qPzP0AyQxtZJXn/5vG40aW9LTbwxCJqWlgrkFXMqAAVCbuU5YspwhiXmKt1PsldiXw23oloa4caCKN1jzbFiGuZNXEU2Ebx7JIvjQCPaUYwLjEbkRDxDqN/vmwZqBuKYiuG9Eafx+nFSQkr7QYb5b+mT+/1IFHnmeRGn38731kBqtH7tpzC/t+soRX9p2HtJM+9MYhblO2OqTSPGTlxihWUkyiRBekpAhaiHld16TsG+A3bOJHrojGcX+5g6oGarKGLAMcykL1X+rZqT993Mo6d2Z7q43MOXEAAAGUAAAADHJzYS1zaGEyLTUxMgAAAYAlH3hhj8J6xLyVpeLZjblzwDKrxp/MWiH30hQ965ExPrPRcoAZFEKVqOYdj6bp4Q19Q4Yzqdobg3aN5ym2iH0b2TlOY0mM901CAoHbNJyiLs+0KiFRoJ+30EDj/hcKusg6v8ln2yixPagAyQu3zyiWo4t1ZuO3I86xchGlptStxSdHAHPFCfpbhcnzWFZctiMqUutl82C4ROWyjOZcRzdVdWHeN5h8wnooXuvba2VkT8QPmjYYyRGuQ3Hg+ySdh8Tel4wiix1Dg5MX7Wjh4hKEx80No9UPy+0iyZMNc07lsWAtrY6NRxGM5CzB6mklscB8TzFrVSnIl9u3bquLfaCrFt/Mft5dR7Yy4jmF+zUhjia6h6giCZ91J+FZ4hV+WkBtPCvTfrGWoA1BgEB/iI2xOq/NPqJ7UXRoMXk/l0NPgRPT2JS1adegqnt4ddr6IlmPyZxaSEvXhanjKdfMlEFYO1wz7ouqpYUozQVy4KXBlzFlNwyD1hI+k4+/A6AIYeI= nicola@p1" // this is testPubKey signed without a principal // ssh-keygen -s ca_user_key -I test_user_sftp -V always:forever -O source-address=127.0.0.1 -z 1 /tmp/test.pub testCertNoPrincipals = "ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAg2Bx0s8nafJtriqoBuQfbFByhdQMkjDIZhV90JZSGN8AAAAADAQABAAABgQC03jj0D+djk7pxIf/0OhrxrchJTRZklofJ1NoIu4752Sq02mdXmarMVsqJ1cAjV5LBVy3D1F5U6XW4rppkXeVtd04Pxb09ehtH0pRRPaoHHlALiJt8CoMpbKYMA8b3KXPPriGxgGomvtU2T2RMURSwOZbMtpsugfjYSWenyYX+VORYhylWnSXL961LTyC21ehd6d6QnW9G7E5hYMITMY9TuQZz3bROYzXiTsgN0+g6Hn7exFQp50p45StUMfV/SftCMdCxlxuyGny2CrN/vfjO7xxOo2uv7q1qm10Q46KPWJQv+pgZ/OfL+EDjy07n5QVSKHlbx+2nT4Q0EgOSQaCTYwn3YjtABfIxWwgAFdyj6YlPulCL22qU4MYhDcA6PSBwDdf8hvxBfvsiHdM+JcSHvv8/VeJhk6CmnZxGY0fxBupov27z3yEO8nAg8k+6PaUiW1MSUfuGMF/ktB8LOstXsEPXSszuyXiOv4DaryOXUiSn7bmRqKcEFlJusO6aZP0AAAAAAAAAAQAAAAEAAAAOdGVzdF91c2VyX3NmdHAAAAAAAAAAAAAAAAD//////////wAAACMAAAAOc291cmNlLWFkZHJlc3MAAAANAAAACTEyNy4wLjAuMQAAAIIAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJtaXQtYWdlbnQtZm9yd2FyZGluZwAAAAAAAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAKcGVybWl0LXB0eQAAAAAAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAAZcAAAAHc3NoLXJzYQAAAAMBAAEAAAGBAMXl9zBkeLKLGacToiU5kmlmFZeiHraA37Jp0ADQYnnT1IARplUs8M/xLlGwTyZSKRHfDHKdWyHEd6oyGuRL5GU1uFKU5cN02D3jJOur/EXxn8+ApEie95/viTmLtsAjK3NruMRHMUn+6NMTLfnftPmTkRhAnXllAa6/PKdJ2/7qj31KMjiMWmXJA5nZBxhsQCaEebkaBCUiIQUb9GUO0uSw66UpnE5jeo/M/QDJDG1klef/m8bjRpb0tNvDEImpaWCuQVcyoABUJu5TliynCGJeYq3U+yV2JfDbeiWhrhxoIo3WPNsWIa5k1cRTYRvHski+NAI9pRjAuMRuREPEOo3++bBmoG4piK4b0Rp/H6cVJCSvtBhvlv6ZP7/UgUeeZ5EaffzvfWQGq0fu2nML+36yhFf2nYe0kz70xiFuU7Y6pNI8ZOXGKFZSTKJEF6SkCFqIeV3XpOwb4Dds4keuiMZxf7mDqgZqsoYsAxzKQvVf6tmpP33cyjp3Znurjcw5cQAAAZQAAAAMcnNhLXNoYTItNTEyAAABgHgax/++NA5YZXDHH180BcQtDBve8Vc+XJzqQUe8xBiqd+KJnas6He7vW62qMaAfu63i0Uycj2Djfjy5dyx1GB9wup8YuP5mXlmJTx+7UPPjwbfrZWtk8iJ7KhFAwjh0KRZD4uIvoeecK8QE9zh64k2LNVqlWbFTdoPulRC29cGcXDpMU2eToFEyWbceHOZyyifXf98ZMZbaQzWzwSZ5rFucJ1b0aeT6aAJWB+Dq7mIQWf/jCWr8kNaeCzMKJsFQkQEfmHls29ChV92sNRhngUDxll0Ir0wpPea1fFEBnUhLRTLC8GhDDbWAzsZtXqx9fjoAkb/gwsU6TGxevuOMxEABjDA9PyJiTXJI9oTUCwDIAUVVFLsCEum3o/BblngXajUGibaif5ZSKBocpP70oTeAngQYB7r1/vquQzGsGFhTN4FUXLSpLu9Zqi1z58/qa7SgKSfNp98X/4zrhltAX73ZEvg0NUMv2HwlwlqHdpF3FYolAxInp7c2jBTncQ2l3w== nicola@p1" osWindows = "windows" testFileName = "test_file_sftp.dat" testDLFileName = "test_download_sftp.dat" ) var ( configDir = filepath.Join(".", "..", "..") allPerms = []string{dataprovider.PermAny} homeBasePath string scpPath string scpForce bool gitPath string sshPath string hookCmdPath string pubKeyPath string privateKeyPath string trustedCAUserKey string revokeUserCerts string gitWrapPath string extAuthPath string keyIntAuthPath string preLoginPath string postConnectPath string preDownloadPath string preUploadPath string checkPwdPath string logFilePath string hostKeyFPs []string ) func TestMain(m *testing.M) { logFilePath = filepath.Join(configDir, "sftpgo_sftpd_test.log") loginBannerFileName := "login_banner" loginBannerFile := filepath.Join(configDir, loginBannerFileName) logger.InitLogger(logFilePath, 10, 1, 28, false, false, zerolog.DebugLevel) err := os.WriteFile(loginBannerFile, []byte("simple login banner\n"), os.ModePerm) if err != nil { logger.ErrorToConsole("error creating login banner: %v", err) } os.Setenv("SFTPGO_COMMON__UPLOAD_MODE", "2") os.Setenv("SFTPGO_DATA_PROVIDER__CREATE_DEFAULT_ADMIN", "1") os.Setenv("SFTPGO_COMMON__ALLOW_SELF_CONNECTIONS", "1") os.Setenv("SFTPGO_DEFAULT_ADMIN_USERNAME", "admin") os.Setenv("SFTPGO_DEFAULT_ADMIN_PASSWORD", "password") err = config.LoadConfig(configDir, "") if err != nil { logger.ErrorToConsole("error loading configuration: %v", err) os.Exit(1) } providerConf := config.GetProviderConf() logger.InfoToConsole("Starting SFTPD tests, provider: %v", providerConf.Driver) commonConf := config.GetCommonConfig() homeBasePath = os.TempDir() checkSystemCommands() var scriptArgs string if runtime.GOOS == osWindows { scriptArgs = "%*" } else { commonConf.Actions.ExecuteOn = []string{"download", "upload", "rename", "delete", "ssh_cmd", "pre-download", "pre-upload"} commonConf.Actions.Hook = hookCmdPath scriptArgs = "$@" } err = dataprovider.Initialize(providerConf, configDir, true) if err != nil { logger.ErrorToConsole("error initializing data provider: %v", err) os.Exit(1) } err = dataprovider.UpdateConfigs(nil, "", "", "") if err != nil { logger.ErrorToConsole("error resetting configs: %v", err) os.Exit(1) } err = common.Initialize(commonConf, 0) if err != nil { logger.WarnToConsole("error initializing common: %v", err) os.Exit(1) } httpConfig := config.GetHTTPConfig() httpConfig.Initialize(configDir) //nolint:errcheck kmsConfig := config.GetKMSConfig() err = kmsConfig.Initialize() if err != nil { logger.ErrorToConsole("error initializing kms: %v", err) os.Exit(1) } mfaConfig := config.GetMFAConfig() err = mfaConfig.Initialize() if err != nil { logger.ErrorToConsole("error initializing MFA: %v", err) os.Exit(1) } sftpdConf := config.GetSFTPDConfig() httpdConf := config.GetHTTPDConfig() sftpdConf.Bindings = []sftpd.Binding{ { Port: 2022, ApplyProxyConfig: true, }, } sftpdConf.KexAlgorithms = []string{"curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384"} sftpdConf.Ciphers = []string{"chacha20-poly1305@openssh.com", "aes128-gcm@openssh.com", "aes256-ctr"} sftpdConf.MACs = []string{"hmac-sha2-256-etm@openssh.com", "hmac-sha2-256"} sftpdConf.LoginBannerFile = loginBannerFileName // we need to test all supported ssh commands sftpdConf.EnabledSSHCommands = []string{"*"} keyIntAuthPath = filepath.Join(homeBasePath, "keyintauth.sh") err = os.WriteFile(keyIntAuthPath, getKeyboardInteractiveScriptContent([]string{"1", "2"}, 0, false, 1), os.ModePerm) if err != nil { logger.ErrorToConsole("error writing keyboard interactive script: %v", err) os.Exit(1) } sftpdConf.KeyboardInteractiveAuthentication = true sftpdConf.KeyboardInteractiveHook = keyIntAuthPath createInitialFiles(scriptArgs) sftpdConf.TrustedUserCAKeys = append(sftpdConf.TrustedUserCAKeys, trustedCAUserKey) sftpdConf.RevokedUserCertsFile = revokeUserCerts go func(cfg sftpd.Configuration) { logger.Debug(logSender, "", "initializing SFTP server with config %+v", sftpdConf) if err := cfg.Initialize(configDir); err != nil { logger.ErrorToConsole("could not start SFTP server: %v", err) os.Exit(1) } }(sftpdConf) go func() { if err := httpdConf.Initialize(configDir, 0); err != nil { logger.ErrorToConsole("could not start HTTP server: %v", err) os.Exit(1) } }() waitTCPListening(sftpdConf.Bindings[0].GetAddress()) waitTCPListening(httpdConf.Bindings[0].GetAddress()) sftpdConf.Bindings = []sftpd.Binding{ { Port: 2222, ApplyProxyConfig: true, }, } sftpdConf.PasswordAuthentication = false common.Config.ProxyProtocol = 1 go func(cfg sftpd.Configuration) { logger.Debug(logSender, "", "initializing SFTP server with config %+v and proxy protocol %v", sftpdConf, common.Config.ProxyProtocol) if err := cfg.Initialize(configDir); err != nil { logger.ErrorToConsole("could not start SFTP server with proxy protocol 1: %v", err) os.Exit(1) } }(sftpdConf) waitTCPListening(sftpdConf.Bindings[0].GetAddress()) sftpdConf.Bindings = []sftpd.Binding{ { Port: 2226, ApplyProxyConfig: false, }, } sftpdConf.PasswordAuthentication = true sftpdConf.FolderPrefix = "/prefix/files" go func(cfg sftpd.Configuration) { logger.Debug(logSender, "", "initializing SFTP server with config %+v and proxy protocol %v", cfg, common.Config.ProxyProtocol) if err := cfg.Initialize(configDir); err != nil { logger.ErrorToConsole("could not start SFTP server with proxy protocol 2: %v", err) os.Exit(1) } }(sftpdConf) waitTCPListening(sftpdConf.Bindings[0].GetAddress()) sftpdConf.Bindings = []sftpd.Binding{ { Port: 2224, ApplyProxyConfig: true, }, } sftpdConf.PasswordAuthentication = true common.Config.ProxyProtocol = 2 go func() { logger.Debug(logSender, "", "initializing SFTP server with config %+v and proxy protocol %v", sftpdConf, common.Config.ProxyProtocol) if err := sftpdConf.Initialize(configDir); err != nil { logger.ErrorToConsole("could not start SFTP server with proxy protocol 2: %v", err) os.Exit(1) } }() waitTCPListening(sftpdConf.Bindings[0].GetAddress()) getHostKeysFingerprints(sftpdConf.HostKeys) startHTTPFs() exitCode := m.Run() os.Remove(logFilePath) os.Remove(loginBannerFile) os.Remove(pubKeyPath) os.Remove(privateKeyPath) os.Remove(trustedCAUserKey) os.Remove(revokeUserCerts) os.Remove(gitWrapPath) os.Remove(extAuthPath) os.Remove(preLoginPath) os.Remove(postConnectPath) os.Remove(preDownloadPath) os.Remove(preUploadPath) os.Remove(keyIntAuthPath) os.Remove(checkPwdPath) os.Exit(exitCode) } func TestInitialization(t *testing.T) { err := config.LoadConfig(configDir, "") assert.NoError(t, err) sftpdConf := config.GetSFTPDConfig() sftpdConf.Bindings = []sftpd.Binding{ { Port: 2022, ApplyProxyConfig: true, }, { Port: 0, }, } sftpdConf.LoginBannerFile = "invalid_file" sftpdConf.EnabledSSHCommands = append(sftpdConf.EnabledSSHCommands, "ls") err = sftpdConf.Initialize(configDir) assert.Error(t, err) sftpdConf.KeyboardInteractiveAuthentication = true sftpdConf.KeyboardInteractiveHook = "invalid_file" err = sftpdConf.Initialize(configDir) assert.Error(t, err) sftpdConf.KeyboardInteractiveAuthentication = true sftpdConf.KeyboardInteractiveHook = filepath.Join(homeBasePath, "invalid_file") err = sftpdConf.Initialize(configDir) assert.Error(t, err) sftpdConf.KeyboardInteractiveAuthentication = false err = sftpdConf.Initialize(configDir) assert.Error(t, err) sftpdConf.Bindings = []sftpd.Binding{ { Port: 4444, ApplyProxyConfig: true, }, } common.Config.ProxyProtocol = 1 assert.True(t, sftpdConf.Bindings[0].HasProxy()) common.Config.ProxyProtocol = 0 sftpdConf.HostKeys = []string{"missing key"} err = sftpdConf.Initialize(configDir) assert.Error(t, err) sftpdConf.HostKeys = nil sftpdConf.TrustedUserCAKeys = []string{"missing ca key"} err = sftpdConf.Initialize(configDir) assert.Error(t, err) sftpdConf.Bindings = nil err = sftpdConf.Initialize(configDir) assert.EqualError(t, err, common.ErrNoBinding.Error()) sftpdConf = config.GetSFTPDConfig() sftpdConf.Ciphers = []string{"not a cipher"} err = sftpdConf.Initialize(configDir) if assert.Error(t, err) { assert.Contains(t, err.Error(), "unsupported cipher") } sftpdConf.Ciphers = nil sftpdConf.MACs = []string{"not a MAC"} err = sftpdConf.Initialize(configDir) if assert.Error(t, err) { assert.Contains(t, err.Error(), "unsupported MAC algorithm") } sftpdConf.MACs = nil sftpdConf.KexAlgorithms = []string{"diffie-hellman-group-exchange-sha1", "not a KEX"} err = sftpdConf.Initialize(configDir) if assert.Error(t, err) { assert.Contains(t, err.Error(), "unsupported key-exchange algorithm") } sftpdConf.KexAlgorithms = nil sftpdConf.PublicKeyAlgorithms = []string{"not a pub key algo"} err = sftpdConf.Initialize(configDir) if assert.Error(t, err) { assert.Contains(t, err.Error(), "unsupported public key authentication algorithm") } sftpdConf.PublicKeyAlgorithms = nil sftpdConf.HostKeyAlgorithms = []string{"not a host key algo"} err = sftpdConf.Initialize(configDir) if assert.Error(t, err) { assert.Contains(t, err.Error(), "unsupported host key algorithm") } sftpdConf.HostKeyAlgorithms = nil sftpdConf.HostCertificates = []string{"missing file"} err = sftpdConf.Initialize(configDir) if assert.Error(t, err) { assert.Contains(t, err.Error(), "unable to load host certificate") } sftpdConf.HostCertificates = []string{"."} err = sftpdConf.Initialize(configDir) assert.Error(t, err) hostCertPath := filepath.Join(os.TempDir(), "host_cert.pub") err = os.WriteFile(hostCertPath, []byte(testCertValid), 0600) assert.NoError(t, err) sftpdConf.HostKeys = []string{privateKeyPath} sftpdConf.HostCertificates = []string{hostCertPath} err = sftpdConf.Initialize(configDir) if assert.Error(t, err) { assert.Contains(t, err.Error(), "is not an host certificate") } err = os.WriteFile(hostCertPath, []byte(testPubKey), 0600) assert.NoError(t, err) err = sftpdConf.Initialize(configDir) if assert.Error(t, err) { assert.Contains(t, err.Error(), "is not an SSH certificate") } err = os.WriteFile(hostCertPath, []byte("abc"), 0600) assert.NoError(t, err) err = sftpdConf.Initialize(configDir) if assert.Error(t, err) { assert.Contains(t, err.Error(), "unable to parse host certificate") } err = os.WriteFile(hostCertPath, []byte(testHostCert), 0600) assert.NoError(t, err) err = sftpdConf.Initialize(configDir) assert.Error(t, err) err = os.Remove(hostCertPath) assert.NoError(t, err) sftpdConf.HostKeys = nil sftpdConf.HostCertificates = nil sftpdConf.RevokedUserCertsFile = "." err = sftpdConf.Initialize(configDir) assert.Error(t, err) sftpdConf.RevokedUserCertsFile = "a missing file" err = sftpdConf.Initialize(configDir) assert.ErrorIs(t, err, os.ErrNotExist) err = createTestFile(revokeUserCerts, 10*1024*1024) assert.NoError(t, err) sftpdConf.RevokedUserCertsFile = revokeUserCerts err = sftpdConf.Initialize(configDir) assert.Error(t, err) err = os.WriteFile(revokeUserCerts, []byte(`[]`), 0644) assert.NoError(t, err) err = sftpdConf.Initialize(configDir) assert.Error(t, err) err = dataprovider.Close() assert.NoError(t, err) err = sftpdConf.Initialize(configDir) if assert.Error(t, err) { assert.Contains(t, err.Error(), "unable to load configs from provider") } err = config.LoadConfig(configDir, "") assert.NoError(t, err) providerConf := config.GetProviderConf() err = dataprovider.Initialize(providerConf, configDir, true) assert.NoError(t, err) } func TestBasicSFTPHandling(t *testing.T) { usePubKey := false u := getTestUser(usePubKey) u.QuotaSize = 6553600 user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() testFilePath := filepath.Join(homeBasePath, testFileName) testFileSize := int64(65535) expectedQuotaSize := user.UsedQuotaSize + testFileSize expectedQuotaFiles := user.UsedQuotaFiles + 1 err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) err = sftpUploadFile(testFilePath, path.Join("/missing_dir", testFileName), testFileSize, client) assert.Error(t, err) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, int64(0), user.FirstUpload) assert.Equal(t, int64(0), user.FirstDownload) err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.NoError(t, err) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Greater(t, user.FirstUpload, int64(0)) assert.Equal(t, int64(0), user.FirstDownload) localDownloadPath := filepath.Join(homeBasePath, testDLFileName) err = sftpDownloadFile(testFileName, localDownloadPath, testFileSize, client) assert.NoError(t, err) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, expectedQuotaFiles, user.UsedQuotaFiles) assert.Equal(t, expectedQuotaSize, user.UsedQuotaSize) err = client.Remove(testFileName) assert.NoError(t, err) _, err = client.Lstat(testFileName) assert.Error(t, err) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, expectedQuotaFiles-1, user.UsedQuotaFiles) assert.Equal(t, expectedQuotaSize-testFileSize, user.UsedQuotaSize) assert.Greater(t, user.FirstUpload, int64(0)) assert.Greater(t, user.FirstDownload, int64(0)) err = os.Remove(testFilePath) assert.NoError(t, err) err = os.Remove(localDownloadPath) assert.NoError(t, err) } u.Username = "missing user" _, _, err = getSftpClient(u, false) assert.Error(t, err) _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) status := sftpd.GetStatus() assert.True(t, status.IsActive) sshCommands := status.GetSSHCommandsAsString() assert.NotEmpty(t, sshCommands) sshAuths := status.GetSupportedAuthsAsString() assert.NotEmpty(t, sshAuths) assert.NotEmpty(t, status.HostKeys[0].GetAlgosAsString()) assert.NotEmpty(t, status.GetMACsAsString()) assert.NotEmpty(t, status.GetKEXsAsString()) assert.NotEmpty(t, status.GetCiphersAsString()) assert.NotEmpty(t, status.GetPublicKeysAlgosAsString()) } func TestBasicSFTPFsHandling(t *testing.T) { usePubKey := true baseUser, _, err := httpdtest.AddUser(getTestUser(usePubKey), http.StatusCreated) assert.NoError(t, err) u := getTestSFTPUser(usePubKey) u.QuotaSize = 6553600 u.FsConfig.SFTPConfig.DisableCouncurrentReads = true user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() err = checkBasicSFTP(client) assert.NoError(t, err) testFilePath := filepath.Join(homeBasePath, testFileName) testFileSize := int64(65535) testLinkName := testFileName + ".link" testLinkToLinkName := testLinkName + ".link" expectedQuotaSize := testFileSize expectedQuotaFiles := 1 err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.NoError(t, err) localDownloadPath := filepath.Join(homeBasePath, testDLFileName) err = sftpDownloadFile(testFileName, localDownloadPath, testFileSize, client) assert.NoError(t, err) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, expectedQuotaFiles, user.UsedQuotaFiles) assert.Equal(t, expectedQuotaSize, user.UsedQuotaSize) err = client.Symlink(testFileName, testLinkName) assert.NoError(t, err) info, err := client.Lstat(testLinkName) if assert.NoError(t, err) { assert.True(t, info.Mode()&os.ModeSymlink != 0) } info, err = client.Stat(testLinkName) if assert.NoError(t, err) { assert.True(t, info.Mode()&os.ModeSymlink == 0) } val, err := client.ReadLink(testLinkName) if assert.NoError(t, err) { assert.Equal(t, path.Join("/", testFileName), val) } linkDir := "linkDir" err = client.Mkdir(linkDir) assert.NoError(t, err) linkToLinkPath := path.Join(linkDir, testLinkToLinkName) err = client.Symlink(path.Join("/", testLinkName), linkToLinkPath) assert.NoError(t, err) info, err = client.Lstat(linkToLinkPath) if assert.NoError(t, err) { assert.True(t, info.Mode()&os.ModeSymlink != 0) } info, err = client.Stat(linkToLinkPath) if assert.NoError(t, err) { assert.True(t, info.Mode()&os.ModeSymlink == 0) } val, err = client.ReadLink(linkToLinkPath) if assert.NoError(t, err) { assert.Equal(t, path.Join("/", testLinkName), val) } err = client.Remove(linkToLinkPath) assert.NoError(t, err) err = client.RemoveDirectory(linkDir) assert.NoError(t, err) err = client.Remove(testFileName) assert.NoError(t, err) _, err = client.Lstat(testFileName) assert.Error(t, err) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, 0, user.UsedQuotaFiles) assert.Equal(t, int64(0), user.UsedQuotaSize) // now overwrite the symlink err = sftpUploadFile(testFilePath, testLinkName, testFileSize, client) assert.NoError(t, err) contents, err := client.ReadDir("/") if assert.NoError(t, err) { assert.Len(t, contents, 1) assert.Equal(t, testFileSize, contents[0].Size()) assert.Equal(t, testLinkName, contents[0].Name()) assert.False(t, contents[0].IsDir()) assert.True(t, contents[0].Mode().IsRegular()) } user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, expectedQuotaFiles, user.UsedQuotaFiles) assert.Equal(t, expectedQuotaSize, user.UsedQuotaSize) stat, err := client.StatVFS("/") assert.NoError(t, err) assert.Equal(t, uint64(u.QuotaSize/4096), stat.Blocks) assert.Equal(t, uint64((u.QuotaSize-testFileSize)/4096), stat.Bfree) assert.Equal(t, uint64(1), stat.Files-stat.Ffree) err = os.Remove(testFilePath) assert.NoError(t, err) err = os.Remove(localDownloadPath) assert.NoError(t, err) } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) _, err = httpdtest.RemoveUser(baseUser, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(baseUser.GetHomeDir()) assert.NoError(t, err) } func TestSFTPFsPasswordProtectedPrivateKey(t *testing.T) { usePubKey := false u := getTestUser(true) u.PublicKeys = []string{testPubKeyPwd} baseUser, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) u = getTestSFTPUser(usePubKey) u.FsConfig.SFTPConfig.PrivateKey = kms.NewPlainSecret(testPrivateKeyPwd) u.FsConfig.SFTPConfig.KeyPassphrase = kms.NewPlainSecret(privateKeyPwd) user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() err = checkBasicSFTP(client) assert.NoError(t, err) } // update the user, the key must be preserved _, _, err = httpdtest.UpdateUser(user, http.StatusOK, "") assert.NoError(t, err) conn, client, err = getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() err = checkBasicSFTP(client) assert.NoError(t, err) } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) _, err = httpdtest.RemoveUser(baseUser, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(baseUser.GetHomeDir()) assert.NoError(t, err) } func TestSFTPFsEscapeHomeDir(t *testing.T) { usePubKey := true baseUser, _, err := httpdtest.AddUser(getTestUser(usePubKey), http.StatusCreated) assert.NoError(t, err) u := getTestSFTPUser(usePubKey) sftpPrefix := "/prefix" u.FsConfig.SFTPConfig.Prefix = sftpPrefix user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() err = checkBasicSFTP(client) assert.NoError(t, err) dirName := "dir" linkName := "link" err := client.Mkdir(dirName) assert.NoError(t, err) err = os.Symlink(baseUser.GetHomeDir(), filepath.Join(baseUser.GetHomeDir(), sftpPrefix, dirName, linkName)) assert.NoError(t, err) err = os.Symlink(filepath.Join(baseUser.GetHomeDir(), sftpPrefix, dirName, linkName), filepath.Join(baseUser.GetHomeDir(), sftpPrefix, linkName)) assert.NoError(t, err) // linkName points to a link inside the home dir and this link points to a dir outside the home dir _, err = client.ReadLink(linkName) assert.ErrorIs(t, err, os.ErrPermission) _, err = client.RealPath(linkName) assert.ErrorIs(t, err, os.ErrPermission) _, err = client.ReadDir(linkName) assert.ErrorIs(t, err, os.ErrPermission) _, err = client.ReadDir(path.Join(dirName, linkName)) assert.ErrorIs(t, err, os.ErrPermission) _, err = client.ReadDir("/") assert.NoError(t, err) } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) _, err = httpdtest.RemoveUser(baseUser, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(baseUser.GetHomeDir()) assert.NoError(t, err) } func TestGroupSettingsOverride(t *testing.T) { usePubKey := true g := getTestGroup() g.UserSettings.Filters.StartDirectory = "/%username%" group, _, err := httpdtest.AddGroup(g, http.StatusCreated) assert.NoError(t, err) u := getTestUser(usePubKey) u.Groups = []sdk.GroupMapping{ { Name: group.Name, Type: sdk.GroupTypePrimary, }, } user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() currentDir, err := client.Getwd() assert.NoError(t, err) assert.Equal(t, "/"+user.Username, currentDir) } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) _, err = httpdtest.RemoveGroup(group, http.StatusOK) assert.NoError(t, err) } func TestStartDirectory(t *testing.T) { usePubKey := false startDir := "/st@ rt/dir" u := getTestUser(usePubKey) u.Filters.StartDirectory = startDir localUser, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) u = getTestSFTPUser(usePubKey) u.Filters.StartDirectory = startDir sftpUser, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) for _, user := range []dataprovider.User{localUser, sftpUser} { conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() currentDir, err := client.Getwd() assert.NoError(t, err) assert.Equal(t, startDir, currentDir) entries, err := client.ReadDir(".") assert.NoError(t, err) assert.Len(t, entries, 0) testFilePath := filepath.Join(homeBasePath, testFileName) testFileSize := int64(65535) err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.NoError(t, err) localDownloadPath := filepath.Join(homeBasePath, testDLFileName) err = sftpDownloadFile(testFileName, localDownloadPath, testFileSize, client) assert.NoError(t, err) _, err = client.Stat(testFileName) assert.NoError(t, err) err = client.Rename(testFileName, testFileName+"_rename") assert.NoError(t, err) entries, err = client.ReadDir(".") assert.NoError(t, err) assert.Len(t, entries, 1) currentDir, err = client.RealPath("..") assert.NoError(t, err) assert.Equal(t, path.Dir(startDir), currentDir) currentDir, err = client.RealPath("../..") assert.NoError(t, err) assert.Equal(t, "/", currentDir) currentDir, err = client.RealPath("../../..") assert.NoError(t, err) assert.Equal(t, "/", currentDir) err = client.Remove(testFileName + "_rename") assert.NoError(t, err) err = os.Remove(testFilePath) assert.NoError(t, err) err = os.Remove(localDownloadPath) assert.NoError(t, err) } } _, err = httpdtest.RemoveUser(sftpUser, http.StatusOK) assert.NoError(t, err) _, err = httpdtest.RemoveUser(localUser, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(localUser.GetHomeDir()) assert.NoError(t, err) } func TestFolderPrefix(t *testing.T) { usePubKey := true u := getTestUser(usePubKey) u.QuotaFiles = 1000 user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) conn, client, err := getSftpClientWithAddr(user, usePubKey, "127.0.0.1:2226") if assert.NoError(t, err) { defer conn.Close() defer client.Close() err = checkBasicSFTP(client) assert.NoError(t, err) _, err = client.Stat("path") assert.ErrorIs(t, err, os.ErrPermission) _, err = client.Stat("/prefix/path") assert.ErrorIs(t, err, os.ErrPermission) _, err = client.Stat("/prefix/files1") assert.ErrorIs(t, err, os.ErrPermission) contents, err := client.ReadDir("/") if assert.NoError(t, err) { if assert.Len(t, contents, 1) { assert.Equal(t, "prefix", contents[0].Name()) } } contents, err = client.ReadDir("/prefix") if assert.NoError(t, err) { if assert.Len(t, contents, 1) { assert.Equal(t, "files", contents[0].Name()) } } _, err = client.OpenFile(testFileName, os.O_WRONLY|os.O_CREATE) assert.ErrorIs(t, err, os.ErrPermission) _, err = client.OpenFile(testFileName, os.O_RDONLY) assert.ErrorIs(t, err, os.ErrPermission) f, err := client.OpenFile(path.Join("prefix", "files", testFileName), os.O_WRONLY|os.O_CREATE) assert.NoError(t, err) _, err = f.Write([]byte("test")) assert.NoError(t, err) err = f.Close() assert.NoError(t, err) } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) } func TestLoginNonExistentUser(t *testing.T) { usePubKey := true user := getTestUser(usePubKey) _, _, err := getSftpClient(user, usePubKey) assert.Error(t, err) } func TestRateLimiter(t *testing.T) { oldConfig := config.GetCommonConfig() cfg := config.GetCommonConfig() cfg.RateLimitersConfig = []common.RateLimiterConfig{ { Average: 1, Period: 1000, Burst: 1, Type: 1, Protocols: []string{common.ProtocolSSH}, }, } err := common.Initialize(cfg, 0) assert.NoError(t, err) usePubKey := false user, _, err := httpdtest.AddUser(getTestUser(usePubKey), http.StatusCreated) assert.NoError(t, err) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() err = checkBasicSFTP(client) assert.NoError(t, err) } _, _, err = getSftpClient(user, usePubKey) assert.Error(t, err) _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) err = common.Initialize(oldConfig, 0) assert.NoError(t, err) } func TestDefender(t *testing.T) { oldConfig := config.GetCommonConfig() cfg := config.GetCommonConfig() cfg.DefenderConfig.Enabled = true cfg.DefenderConfig.Threshold = 3 cfg.DefenderConfig.ScoreLimitExceeded = 2 cfg.DefenderConfig.ScoreValid = 1 err := common.Initialize(cfg, 0) assert.NoError(t, err) usePubKey := false user, _, err := httpdtest.AddUser(getTestUser(usePubKey), http.StatusCreated) assert.NoError(t, err) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() err = checkBasicSFTP(client) assert.NoError(t, err) } user.Password = "wrong_pwd" _, _, err = getSftpClient(user, usePubKey) assert.Error(t, err) hosts, _, err := httpdtest.GetDefenderHosts(http.StatusOK) assert.NoError(t, err) if assert.Len(t, hosts, 1) { host := hosts[0] assert.Empty(t, host.GetBanTime()) assert.Equal(t, 1, host.Score) } for i := 0; i < 2; i++ { _, _, err = getSftpClient(user, usePubKey) assert.Error(t, err) } user.Password = defaultPassword _, _, err = getSftpClient(user, usePubKey) assert.Error(t, err) err = dataprovider.DeleteUser(user.Username, "", "", "") assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) err = common.Initialize(oldConfig, 0) assert.NoError(t, err) } func TestOpenReadWrite(t *testing.T) { usePubKey := false u := getTestUser(usePubKey) u.QuotaSize = 6553600 localUser, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) u = getTestSFTPUser(usePubKey) u.QuotaSize = 6553600 sftpUser, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) for _, user := range []dataprovider.User{localUser, sftpUser} { conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() sftpFile, err := client.OpenFile(testFileName, os.O_RDWR|os.O_CREATE|os.O_TRUNC) if assert.NoError(t, err) { testData := []byte("sample test data") n, err := sftpFile.Write(testData) assert.NoError(t, err) assert.Equal(t, len(testData), n) buffer := make([]byte, 128) n, err = sftpFile.ReadAt(buffer, 1) assert.EqualError(t, err, io.EOF.Error()) assert.Equal(t, len(testData)-1, n) assert.Equal(t, testData[1:], buffer[:n]) err = sftpFile.Close() assert.NoError(t, err) } sftpFile, err = client.OpenFile(testFileName, os.O_RDWR|os.O_CREATE|os.O_TRUNC) if assert.NoError(t, err) { testData := []byte("new test data") n, err := sftpFile.Write(testData) assert.NoError(t, err) assert.Equal(t, len(testData), n) buffer := make([]byte, 128) n, err = sftpFile.ReadAt(buffer, 1) assert.EqualError(t, err, io.EOF.Error()) assert.Equal(t, len(testData)-1, n) assert.Equal(t, testData[1:], buffer[:n]) err = sftpFile.Close() assert.NoError(t, err) } } } _, err = httpdtest.RemoveUser(sftpUser, http.StatusOK) assert.NoError(t, err) _, err = httpdtest.RemoveUser(localUser, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(localUser.GetHomeDir()) assert.NoError(t, err) } func TestOpenReadWritePerm(t *testing.T) { usePubKey := true u := getTestUser(usePubKey) // we cannot read inside "/sub", rename is needed otherwise the atomic upload will fail for the sftpfs user u.Permissions["/sub"] = []string{dataprovider.PermUpload, dataprovider.PermListItems, dataprovider.PermRename} localUser, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) u = getTestSFTPUser(usePubKey) u.Permissions["/sub"] = []string{dataprovider.PermUpload, dataprovider.PermListItems} sftpUser, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) for _, user := range []dataprovider.User{localUser, sftpUser} { conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() err = client.Mkdir("sub") assert.NoError(t, err) sftpFileName := path.Join("sub", "file.txt") sftpFile, err := client.OpenFile(sftpFileName, os.O_RDWR|os.O_CREATE|os.O_TRUNC) if assert.NoError(t, err) { testData := []byte("test data") n, err := sftpFile.Write(testData) assert.NoError(t, err) assert.Equal(t, len(testData), n) buffer := make([]byte, 128) _, err = sftpFile.ReadAt(buffer, 1) if assert.Error(t, err) { assert.Contains(t, strings.ToLower(err.Error()), "permission denied") } err = sftpFile.Close() assert.NoError(t, err) } if user.Username == defaultUsername { err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) user.Password = defaultPassword user.ID = 0 user.CreatedAt = 0 _, resp, err := httpdtest.AddUser(user, http.StatusCreated) assert.NoError(t, err, string(resp)) } } } _, err = httpdtest.RemoveUser(sftpUser, http.StatusOK) assert.NoError(t, err) _, err = httpdtest.RemoveUser(localUser, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(localUser.GetHomeDir()) assert.NoError(t, err) } func TestConcurrency(t *testing.T) { oldValue := common.Config.MaxPerHostConnections common.Config.MaxPerHostConnections = 0 usePubKey := true numLogins := 50 u := getTestUser(usePubKey) u.QuotaFiles = numLogins + 1 user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) var wg sync.WaitGroup testFilePath := filepath.Join(homeBasePath, testFileName) testFileSize := int64(262144) err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) var closedConns atomic.Int32 for i := 0; i < numLogins; i++ { wg.Add(1) go func(counter int) { defer wg.Done() defer closedConns.Add(1) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { err = sftpUploadFile(testFilePath, testFileName+strconv.Itoa(counter), testFileSize, client) assert.NoError(t, err) assert.Greater(t, common.Connections.GetActiveSessions(defaultUsername), 0) client.Close() conn.Close() } }(i) } wg.Add(1) go func() { defer wg.Done() maxConns := 0 maxSessions := 0 for { servedReqs := closedConns.Load() if servedReqs > 0 { stats := common.Connections.GetStats("") if len(stats) > maxConns { maxConns = len(stats) } activeSessions := common.Connections.GetActiveSessions(defaultUsername) if activeSessions > maxSessions { maxSessions = activeSessions } } if servedReqs >= int32(numLogins) { break } time.Sleep(1 * time.Millisecond) } assert.Greater(t, maxConns, 0) assert.Greater(t, maxSessions, 0) }() wg.Wait() conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { files, err := client.ReadDir(".") assert.NoError(t, err) assert.Len(t, files, numLogins) client.Close() conn.Close() } assert.Eventually(t, func() bool { return common.Connections.GetActiveSessions(defaultUsername) == 0 }, 1*time.Second, 50*time.Millisecond) assert.Eventually(t, func() bool { return len(common.Connections.GetStats("")) == 0 }, 1*time.Second, 50*time.Millisecond) err = os.Remove(testFilePath) assert.NoError(t, err) _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) common.Config.MaxPerHostConnections = oldValue } func TestProxyProtocol(t *testing.T) { usePubKey := true user, _, err := httpdtest.AddUser(getTestUser(usePubKey), http.StatusCreated) assert.NoError(t, err) // remove the home dir to test auto creation err = os.RemoveAll(user.HomeDir) assert.NoError(t, err) conn, client, err := getSftpClientWithAddr(user, usePubKey, sftpSrvAddr2222) if assert.NoError(t, err) { defer conn.Close() defer client.Close() assert.NoError(t, checkBasicSFTP(client)) } conn, client, err = getSftpClientWithAddr(user, usePubKey, "127.0.0.1:2224") if !assert.Error(t, err) { client.Close() conn.Close() } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) } func TestRealPath(t *testing.T) { usePubKey := true u := getTestUser(usePubKey) localUser, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) u = getTestSFTPUser(usePubKey) sftpUser, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) for _, user := range []dataprovider.User{localUser, sftpUser} { conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { p, err := client.RealPath("../..") assert.NoError(t, err) assert.Equal(t, "/", p) p, err = client.RealPath("../test") assert.NoError(t, err) assert.Equal(t, "/test", p) subdir := "testsubdir" err = client.Mkdir(subdir) assert.NoError(t, err) linkName := testFileName + "_link" err = client.Symlink(path.Join("/", testFileName), path.Join(subdir, linkName)) assert.NoError(t, err) p, err = client.RealPath(path.Join(subdir, linkName)) assert.NoError(t, err) assert.Equal(t, path.Join("/", testFileName), p) // an existing path sftpFile, err := client.OpenFile(testFileName, os.O_RDWR|os.O_CREATE|os.O_TRUNC) if assert.NoError(t, err) { testData := []byte("hello world") n, err := sftpFile.WriteAt(testData, 0) assert.NoError(t, err) assert.Equal(t, len(testData), n) } p, err = client.RealPath(path.Join(subdir, linkName)) assert.NoError(t, err) assert.Equal(t, path.Join("/", testFileName), p) // now a link outside the home dir err = os.Symlink(filepath.Clean(os.TempDir()), filepath.Join(localUser.GetHomeDir(), subdir, "temp")) assert.NoError(t, err) _, err = client.RealPath(path.Join(subdir, "temp")) assert.ErrorIs(t, err, os.ErrPermission) conn.Close() client.Close() err = os.Remove(filepath.Join(localUser.GetHomeDir(), subdir, "temp")) assert.NoError(t, err) if user.Username == localUser.Username { err = os.RemoveAll(filepath.Join(localUser.GetHomeDir(), subdir)) assert.NoError(t, err) } } } _, err = httpdtest.RemoveUser(sftpUser, http.StatusOK) assert.NoError(t, err) _, err = httpdtest.RemoveUser(localUser, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(localUser.GetHomeDir()) assert.NoError(t, err) } func TestBufferedSFTP(t *testing.T) { usePubKey := false u := getTestUser(usePubKey) localUser, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) err = os.RemoveAll(localUser.GetHomeDir()) assert.NoError(t, err) u = getTestSFTPUser(usePubKey) u.FsConfig.SFTPConfig.BufferSize = 2 u.HomeDir = filepath.Join(os.TempDir(), u.Username) sftpUser, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) conn, client, err := getSftpClient(sftpUser, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() testFilePath := filepath.Join(homeBasePath, testFileName) testFileSize := int64(65535) appendDataSize := int64(65535) err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) initialHash, err := computeHashForFile(sha256.New(), testFilePath) assert.NoError(t, err) err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.NoError(t, err) err = appendToTestFile(testFilePath, appendDataSize) assert.NoError(t, err) err = sftpUploadResumeFile(testFilePath, testFileName, testFileSize+appendDataSize, false, client) if assert.Error(t, err) { assert.Contains(t, err.Error(), "SSH_FX_OP_UNSUPPORTED") } localDownloadPath := filepath.Join(homeBasePath, testDLFileName) err = sftpDownloadFile(testFileName, localDownloadPath, testFileSize, client) assert.NoError(t, err) downloadedFileHash, err := computeHashForFile(sha256.New(), localDownloadPath) assert.NoError(t, err) assert.Equal(t, initialHash, downloadedFileHash) err = os.Remove(testFilePath) assert.NoError(t, err) err = os.Remove(localDownloadPath) assert.NoError(t, err) sftpFile, err := client.OpenFile(testFileName, os.O_RDWR|os.O_CREATE|os.O_TRUNC) if assert.NoError(t, err) { testData := []byte("sample test sftp data") n, err := sftpFile.Write(testData) assert.NoError(t, err) assert.Equal(t, len(testData), n) err = sftpFile.Truncate(0) if assert.Error(t, err) { assert.Contains(t, err.Error(), "SSH_FX_OP_UNSUPPORTED") } err = sftpFile.Truncate(4) if assert.Error(t, err) { assert.Contains(t, err.Error(), "SSH_FX_OP_UNSUPPORTED") } buffer := make([]byte, 128) _, err = sftpFile.Read(buffer) if assert.Error(t, err) { assert.Contains(t, err.Error(), "SSH_FX_OP_UNSUPPORTED") } err = sftpFile.Close() assert.NoError(t, err) info, err := client.Stat(testFileName) if assert.NoError(t, err) { assert.Equal(t, int64(len(testData)), info.Size()) } } // test WriteAt sftpFile, err = client.OpenFile(testFileName, os.O_RDWR|os.O_CREATE|os.O_TRUNC) if assert.NoError(t, err) { testData := []byte("hello world") n, err := sftpFile.WriteAt(testData[:6], 0) assert.NoError(t, err) assert.Equal(t, 6, n) n, err = sftpFile.WriteAt(testData[6:], 6) assert.NoError(t, err) assert.Equal(t, 5, n) err = sftpFile.Close() assert.NoError(t, err) info, err := client.Stat(testFileName) if assert.NoError(t, err) { assert.Equal(t, int64(len(testData)), info.Size()) } } // test ReadAt sftpFile, err = client.OpenFile(testFileName, os.O_RDONLY) if assert.NoError(t, err) { buffer := make([]byte, 128) n, err := sftpFile.ReadAt(buffer, 6) assert.ErrorIs(t, err, io.EOF) assert.Equal(t, 5, n) assert.Equal(t, []byte("world"), buffer[:n]) err = sftpFile.Close() assert.NoError(t, err) } } _, err = httpdtest.RemoveUser(sftpUser, http.StatusOK) assert.NoError(t, err) _, err = httpdtest.RemoveUser(localUser, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(localUser.GetHomeDir()) assert.NoError(t, err) err = os.RemoveAll(sftpUser.GetHomeDir()) assert.NoError(t, err) } func TestUploadResume(t *testing.T) { usePubKey := false u := getTestUser(usePubKey) localUser, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) err = os.RemoveAll(localUser.GetHomeDir()) assert.NoError(t, err) u = getTestSFTPUser(usePubKey) sftpUser, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) u = getTestUser(usePubKey) u.FsConfig.OSConfig = sdk.OSFsConfig{ WriteBufferSize: 1, ReadBufferSize: 1, } u.Username += "_buffered" u.HomeDir += "_with_buf" bufferedUser, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) for _, user := range []dataprovider.User{localUser, sftpUser, bufferedUser} { conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() testFilePath := filepath.Join(homeBasePath, testFileName) testFileSize := int64(65535) appendDataSize := int64(65535) err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.NoError(t, err) err = appendToTestFile(testFilePath, appendDataSize) assert.NoError(t, err) err = sftpUploadResumeFile(testFilePath, testFileName, testFileSize+appendDataSize, false, client) assert.NoError(t, err) localDownloadPath := filepath.Join(homeBasePath, testDLFileName) err = sftpDownloadFile(testFileName, localDownloadPath, testFileSize+appendDataSize, client) assert.NoError(t, err) initialHash, err := computeHashForFile(sha256.New(), testFilePath) assert.NoError(t, err) downloadedFileHash, err := computeHashForFile(sha256.New(), localDownloadPath) assert.NoError(t, err) assert.Equal(t, initialHash, downloadedFileHash) err = sftpUploadResumeFile(testFilePath, testFileName, testFileSize+appendDataSize, true, client) assert.Error(t, err, "resume uploading file with invalid offset must fail") err = os.Remove(testFilePath) assert.NoError(t, err) err = os.Remove(localDownloadPath) assert.NoError(t, err) if user.Username == defaultUsername { err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) user.Password = defaultPassword user.ID = 0 user.CreatedAt = 0 _, resp, err := httpdtest.AddUser(user, http.StatusCreated) assert.NoError(t, err, string(resp)) } } } _, err = httpdtest.RemoveUser(sftpUser, http.StatusOK) assert.NoError(t, err) _, err = httpdtest.RemoveUser(localUser, http.StatusOK) assert.NoError(t, err) _, err = httpdtest.RemoveUser(bufferedUser, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(localUser.GetHomeDir()) assert.NoError(t, err) err = os.RemoveAll(bufferedUser.GetHomeDir()) assert.NoError(t, err) } func TestDirCommands(t *testing.T) { usePubKey := false user, _, err := httpdtest.AddUser(getTestUser(usePubKey), http.StatusCreated) assert.NoError(t, err) // remove the home dir to test auto creation err = os.RemoveAll(user.HomeDir) assert.NoError(t, err) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() err = client.Mkdir("test1") assert.NoError(t, err) err = client.Rename("test1", "test") assert.NoError(t, err) // rename a missing file err = client.Rename("test1", "test2") assert.Error(t, err) _, err = client.Lstat("/test1") assert.Error(t, err, "stat for renamed dir must not succeed") err = client.PosixRename("test", "test1") assert.NoError(t, err) err = client.Remove("test1") assert.NoError(t, err) err = client.Mkdir("/test/test1") assert.Error(t, err, "recursive mkdir must fail") err = client.Mkdir("/test") assert.NoError(t, err) err = client.Mkdir("/test/test1") assert.NoError(t, err) _, err = client.ReadDir("/this/dir/does/not/exist") assert.Error(t, err, "reading a missing dir must fail") err = client.RemoveDirectory("/test/test1") assert.NoError(t, err) err = client.RemoveDirectory("/test") assert.NoError(t, err) _, err = client.Lstat("/test") assert.Error(t, err, "stat for deleted dir must not succeed") _, err = client.Stat("/test") assert.Error(t, err, "stat for deleted dir must not succeed") err = client.RemoveDirectory("/test") assert.Error(t, err, "remove missing path must fail") } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) } func TestRemove(t *testing.T) { usePubKey := true user, _, err := httpdtest.AddUser(getTestUser(usePubKey), http.StatusCreated) assert.NoError(t, err) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() err = client.Mkdir("test") assert.NoError(t, err) err = client.Mkdir("/test/test1") assert.NoError(t, err) testFilePath := filepath.Join(homeBasePath, testFileName) testFileSize := int64(65535) err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) err = sftpUploadFile(testFilePath, path.Join("/test", testFileName), testFileSize, client) assert.NoError(t, err) err = client.Remove("/test") assert.Error(t, err, "remove non empty dir must fail") err = client.RemoveDirectory(path.Join("/test", testFileName)) assert.Error(t, err, "remove a file with rmdir must fail") err = client.Remove(path.Join("/test", testFileName)) assert.NoError(t, err) err = client.Remove(path.Join("/test", testFileName)) assert.Error(t, err, "remove missing file must fail") err = client.Remove("/test/test1") assert.NoError(t, err) err = client.Remove("/test") assert.NoError(t, err) err = os.Remove(testFilePath) assert.NoError(t, err) } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) } func TestLink(t *testing.T) { usePubKey := false user, _, err := httpdtest.AddUser(getTestUser(usePubKey), http.StatusCreated) assert.NoError(t, err) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() testFilePath := filepath.Join(homeBasePath, testFileName) testFileSize := int64(65535) err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.NoError(t, err) err = client.Symlink(testFileName, testFileName+".link") assert.NoError(t, err) linkName, err := client.ReadLink(testFileName + ".link") assert.NoError(t, err) assert.Equal(t, path.Join("/", testFileName), linkName) err = client.Symlink(testFileName, testFileName+".link") assert.Error(t, err, "creating a symlink to an existing one must fail") err = client.Link(testFileName, testFileName+".hlink") assert.Error(t, err, "hard link is not supported and must fail") err = client.Remove(testFileName + ".link") assert.NoError(t, err) err = client.Remove(testFileName) assert.NoError(t, err) err = os.Remove(testFilePath) assert.NoError(t, err) } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) } func TestStat(t *testing.T) { usePubKey := false localUser, _, err := httpdtest.AddUser(getTestUser(usePubKey), http.StatusCreated) assert.NoError(t, err) sftpUser, _, err := httpdtest.AddUser(getTestSFTPUser(usePubKey), http.StatusCreated) assert.NoError(t, err) for _, user := range []dataprovider.User{localUser, sftpUser} { conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() testFilePath := filepath.Join(homeBasePath, testFileName) testFileSize := int64(65535) err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.NoError(t, err) _, err := client.Lstat(testFileName) assert.NoError(t, err) _, err = client.Stat(testFileName) assert.NoError(t, err) // stat a missing path we should get an fs.ErrNotExist error _, err = client.Stat("missing path") assert.True(t, errors.Is(err, fs.ErrNotExist)) _, err = client.Lstat("missing path") assert.True(t, errors.Is(err, fs.ErrNotExist)) // mode 0666 and 0444 works on Windows too newPerm := os.FileMode(0666) err = client.Chmod(testFileName, newPerm) assert.NoError(t, err) newFi, err := client.Lstat(testFileName) assert.NoError(t, err) assert.Equal(t, newPerm, newFi.Mode().Perm()) newPerm = os.FileMode(0444) err = client.Chmod(testFileName, newPerm) assert.NoError(t, err) newFi, err = client.Lstat(testFileName) if assert.NoError(t, err) { assert.Equal(t, newPerm, newFi.Mode().Perm()) } _, err = client.ReadLink(testFileName) assert.Error(t, err, "readlink on a file must fail") symlinkName := testFileName + ".sym" err = client.Symlink(testFileName, symlinkName) assert.NoError(t, err) info, err := client.Lstat(symlinkName) if assert.NoError(t, err) { assert.True(t, info.Mode()&os.ModeSymlink != 0) } info, err = client.Stat(symlinkName) if assert.NoError(t, err) { assert.False(t, info.Mode()&os.ModeSymlink != 0) } linkName, err := client.ReadLink(symlinkName) assert.NoError(t, err) assert.Equal(t, path.Join("/", testFileName), linkName) newPerm = os.FileMode(0666) err = client.Chmod(testFileName, newPerm) assert.NoError(t, err) err = client.Truncate(testFileName, 100) assert.NoError(t, err) fi, err := client.Stat(testFileName) if assert.NoError(t, err) { assert.Equal(t, int64(100), fi.Size()) } f, err := client.OpenFile(testFileName, os.O_WRONLY) if assert.NoError(t, err) { err = f.Truncate(5) assert.NoError(t, err) err = f.Close() assert.NoError(t, err) } f, err = client.OpenFile(testFileName, os.O_WRONLY) newPerm = os.FileMode(0444) if assert.NoError(t, err) { err = f.Chmod(newPerm) assert.NoError(t, err) err = f.Close() assert.NoError(t, err) } newFi, err = client.Lstat(testFileName) if assert.NoError(t, err) { assert.Equal(t, newPerm, newFi.Mode().Perm()) } newPerm = os.FileMode(0666) err = client.Chmod(testFileName, newPerm) assert.NoError(t, err) err = os.Remove(testFilePath) assert.NoError(t, err) if user.Username == defaultUsername { err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) user.Password = defaultPassword user.ID = 0 user.CreatedAt = 0 _, resp, err := httpdtest.AddUser(user, http.StatusCreated) assert.NoError(t, err, string(resp)) } } } _, err = httpdtest.RemoveUser(sftpUser, http.StatusOK) assert.NoError(t, err) _, err = httpdtest.RemoveUser(localUser, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(localUser.GetHomeDir()) assert.NoError(t, err) } func TestStatChownChmod(t *testing.T) { if runtime.GOOS == osWindows { t.Skip("chown is not supported on Windows, chmod is partially supported") } usePubKey := true localUser, _, err := httpdtest.AddUser(getTestUser(usePubKey), http.StatusCreated) assert.NoError(t, err) sftpUser, _, err := httpdtest.AddUser(getTestSFTPUser(usePubKey), http.StatusCreated) assert.NoError(t, err) for _, user := range []dataprovider.User{localUser, sftpUser} { conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() testFilePath := filepath.Join(homeBasePath, testFileName) testFileSize := int64(65535) err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.NoError(t, err) err = client.Chown(testFileName, os.Getuid(), os.Getgid()) assert.NoError(t, err) newPerm := os.FileMode(0600) err = client.Chmod(testFileName, newPerm) assert.NoError(t, err) newFi, err := client.Lstat(testFileName) assert.NoError(t, err) assert.Equal(t, newPerm, newFi.Mode().Perm()) err = client.Remove(testFileName) assert.NoError(t, err) err = client.Chmod(testFileName, newPerm) assert.EqualError(t, err, os.ErrNotExist.Error()) err = client.Chown(testFileName, os.Getuid(), os.Getgid()) assert.EqualError(t, err, os.ErrNotExist.Error()) err = os.Remove(testFilePath) assert.NoError(t, err) if user.Username == defaultUsername { err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) user.Password = defaultPassword user.ID = 0 user.CreatedAt = 0 _, resp, err := httpdtest.AddUser(user, http.StatusCreated) assert.NoError(t, err, string(resp)) } } } _, err = httpdtest.RemoveUser(sftpUser, http.StatusOK) assert.NoError(t, err) _, err = httpdtest.RemoveUser(localUser, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(localUser.GetHomeDir()) assert.NoError(t, err) } func TestSFTPFsLoginWrongFingerprint(t *testing.T) { usePubKey := true localUser, _, err := httpdtest.AddUser(getTestUser(usePubKey), http.StatusCreated) assert.NoError(t, err) sftpUser, _, err := httpdtest.AddUser(getTestSFTPUser(usePubKey), http.StatusCreated) assert.NoError(t, err) conn, client, err := getSftpClient(sftpUser, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() err = checkBasicSFTP(client) assert.NoError(t, err) } sftpUser.FsConfig.SFTPConfig.Fingerprints = append(sftpUser.FsConfig.SFTPConfig.Fingerprints, "wrong") _, _, err = httpdtest.UpdateUser(sftpUser, http.StatusOK, "") assert.NoError(t, err) conn, client, err = getSftpClient(sftpUser, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() err = checkBasicSFTP(client) assert.NoError(t, err) } out, err := runSSHCommand("md5sum", sftpUser, usePubKey) assert.NoError(t, err) assert.Contains(t, string(out), "d41d8cd98f00b204e9800998ecf8427e") sftpUser.FsConfig.SFTPConfig.Fingerprints = []string{"wrong"} _, _, err = httpdtest.UpdateUser(sftpUser, http.StatusOK, "") assert.NoError(t, err) conn, client, err = getSftpClient(sftpUser, usePubKey) if !assert.Error(t, err) { defer conn.Close() defer client.Close() } _, err = httpdtest.RemoveUser(sftpUser, http.StatusOK) assert.NoError(t, err) _, err = httpdtest.RemoveUser(localUser, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(localUser.GetHomeDir()) assert.NoError(t, err) } func TestChtimes(t *testing.T) { usePubKey := false localUser, _, err := httpdtest.AddUser(getTestUser(usePubKey), http.StatusCreated) assert.NoError(t, err) sftpUser, _, err := httpdtest.AddUser(getTestSFTPUser(usePubKey), http.StatusCreated) assert.NoError(t, err) for _, user := range []dataprovider.User{localUser, sftpUser} { conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() testFilePath := filepath.Join(homeBasePath, testFileName) testFileSize := int64(65535) testDir := "test" //nolint:goconst err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.NoError(t, err) acmodTime := time.Now() err = client.Chtimes(testFileName, acmodTime, acmodTime) assert.NoError(t, err) newFi, err := client.Lstat(testFileName) assert.NoError(t, err) diff := math.Abs(newFi.ModTime().Sub(acmodTime).Seconds()) assert.LessOrEqual(t, diff, float64(1)) err = client.Chtimes("invalidFile", acmodTime, acmodTime) assert.EqualError(t, err, os.ErrNotExist.Error()) err = client.Mkdir(testDir) assert.NoError(t, err) err = client.Chtimes(testDir, acmodTime, acmodTime) assert.NoError(t, err) newFi, err = client.Lstat(testDir) assert.NoError(t, err) diff = math.Abs(newFi.ModTime().Sub(acmodTime).Seconds()) assert.LessOrEqual(t, diff, float64(1)) err = os.Remove(testFilePath) assert.NoError(t, err) if user.Username == defaultUsername { err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) user.Password = defaultPassword user.ID = 0 user.CreatedAt = 0 _, resp, err := httpdtest.AddUser(user, http.StatusCreated) assert.NoError(t, err, string(resp)) } } } _, err = httpdtest.RemoveUser(sftpUser, http.StatusOK) assert.NoError(t, err) _, err = httpdtest.RemoveUser(localUser, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(localUser.GetHomeDir()) assert.NoError(t, err) } // basic tests to verify virtual chroot, should be improved to cover more cases ... func TestEscapeHomeDir(t *testing.T) { usePubKey := true user, _, err := httpdtest.AddUser(getTestUser(usePubKey), http.StatusCreated) assert.NoError(t, err) dirOutsideHome := filepath.Join(homeBasePath, defaultUsername+"1", "dir") err = os.MkdirAll(dirOutsideHome, os.ModePerm) assert.NoError(t, err) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() assert.NoError(t, checkBasicSFTP(client)) testDir := "testDir" //nolint:goconst linkPath := filepath.Join(homeBasePath, defaultUsername, testDir) err = os.Symlink(homeBasePath, linkPath) assert.NoError(t, err) _, err = client.ReadDir(testDir) assert.Error(t, err, "reading a symbolic link outside home dir should not succeeded") err = os.Remove(linkPath) assert.NoError(t, err) err = os.Symlink(dirOutsideHome, linkPath) assert.NoError(t, err) _, err := client.ReadDir(testDir) assert.Error(t, err, "reading a symbolic link outside home dir should not succeeded") err = client.Chmod(path.Join(testDir, "sub", "dir"), os.ModePerm) assert.ErrorIs(t, err, os.ErrPermission) assert.Error(t, err, "setstat on a file outside home dir must fail") testFilePath := filepath.Join(homeBasePath, testFileName) testFileSize := int64(65535) err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) remoteDestPath := path.Join("..", "..", testFileName) err = sftpUploadFile(testFilePath, remoteDestPath, testFileSize, client) assert.NoError(t, err) _, err = client.Lstat(testFileName) assert.NoError(t, err) err = client.Remove(testFileName) assert.NoError(t, err) linkPath = filepath.Join(homeBasePath, defaultUsername, testFileName) err = os.Symlink(homeBasePath, linkPath) assert.NoError(t, err) err = sftpDownloadFile(testFileName, testFilePath, 0, client) assert.Error(t, err, "download file outside home dir must fail") err = sftpUploadFile(testFilePath, remoteDestPath, testFileSize, client) assert.Error(t, err, "overwrite a file outside home dir must fail") err = client.Chmod(remoteDestPath, 0644) assert.Error(t, err, "setstat on a file outside home dir must fail") err = os.Remove(linkPath) assert.NoError(t, err) err = os.Remove(testFilePath) assert.NoError(t, err) } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) err = os.RemoveAll(filepath.Join(homeBasePath, defaultUsername+"1")) assert.NoError(t, err) } func TestEscapeSFTPFsPrefix(t *testing.T) { usePubKey := false localUser, _, err := httpdtest.AddUser(getTestUser(usePubKey), http.StatusCreated) assert.NoError(t, err) u := getTestSFTPUser(usePubKey) sftpPrefix := "/prefix" outPrefix1 := "/pre" outPrefix2 := sftpPrefix + "1" out1 := "out1" out2 := "out2" u.FsConfig.SFTPConfig.Prefix = sftpPrefix sftpUser, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) conn, client, err := getSftpClient(localUser, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() err = client.Mkdir(sftpPrefix) assert.NoError(t, err) err = client.Mkdir(outPrefix1) assert.NoError(t, err) err = client.Mkdir(outPrefix2) assert.NoError(t, err) err = client.Symlink(outPrefix1, path.Join(sftpPrefix, out1)) assert.NoError(t, err) err = client.Symlink(outPrefix2, path.Join(sftpPrefix, out2)) assert.NoError(t, err) } conn, client, err = getSftpClient(sftpUser, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() contents, err := client.ReadDir("/") assert.NoError(t, err) assert.Len(t, contents, 2) _, err = client.ReadDir(out1) assert.Error(t, err) _, err = client.ReadDir(out2) assert.Error(t, err) err = client.Mkdir(path.Join(out1, "subout1")) assert.Error(t, err) err = client.Mkdir(path.Join(out2, "subout2")) assert.Error(t, err) } _, err = httpdtest.RemoveUser(sftpUser, http.StatusOK) assert.NoError(t, err) _, err = httpdtest.RemoveUser(localUser, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(localUser.GetHomeDir()) assert.NoError(t, err) } func TestGetMimeTypeSFTPFs(t *testing.T) { usePubKey := false localUser, _, err := httpdtest.AddUser(getTestUser(usePubKey), http.StatusCreated) assert.NoError(t, err) sftpUser, _, err := httpdtest.AddUser(getTestSFTPUser(usePubKey), http.StatusCreated) assert.NoError(t, err) conn, client, err := getSftpClient(localUser, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() sftpFile, err := client.OpenFile(testFileName, os.O_RDWR|os.O_CREATE|os.O_TRUNC) if assert.NoError(t, err) { testData := []byte("some UTF-8 text so we should get a text/plain mime type") n, err := sftpFile.Write(testData) assert.NoError(t, err) assert.Equal(t, len(testData), n) err = sftpFile.Close() assert.NoError(t, err) } } sftpUser.FsConfig.SFTPConfig.Password = kms.NewPlainSecret(defaultPassword) sftpUser.FsConfig.SFTPConfig.PrivateKey = kms.NewEmptySecret() fs, err := sftpUser.GetFilesystem("connID") if assert.NoError(t, err) { assert.True(t, vfs.IsSFTPFs(fs)) mime, err := fs.GetMimeType(testFileName) assert.NoError(t, err) assert.Equal(t, "text/plain; charset=utf-8", mime) } _, err = httpdtest.RemoveUser(sftpUser, http.StatusOK) assert.NoError(t, err) _, err = httpdtest.RemoveUser(localUser, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(localUser.GetHomeDir()) assert.NoError(t, err) } func TestHomeSpecialChars(t *testing.T) { usePubKey := true u := getTestUser(usePubKey) u.HomeDir = filepath.Join(homeBasePath, "abc açà#&%lk") user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() assert.NoError(t, checkBasicSFTP(client)) testFilePath := filepath.Join(homeBasePath, testFileName) testFileSize := int64(65535) err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.NoError(t, err) files, err := client.ReadDir(".") assert.NoError(t, err) assert.Equal(t, 1, len(files)) err = client.Remove(testFileName) assert.NoError(t, err) err = os.Remove(testFilePath) assert.NoError(t, err) } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) } func TestLogin(t *testing.T) { u := getTestUser(false) u.PublicKeys = []string{testPubKey} user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) conn, client, err := getSftpClient(user, false) if assert.NoError(t, err) { defer conn.Close() defer client.Close() assert.NoError(t, checkBasicSFTP(client)) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Greater(t, user.LastLogin, int64(0), "last login must be updated after a successful login: %v", user.LastLogin) } conn, client, err = getSftpClient(user, true) if assert.NoError(t, err) { defer conn.Close() defer client.Close() assert.NoError(t, checkBasicSFTP(client)) } user.Password = "invalid password" conn, client, err = getSftpClient(user, false) if !assert.Error(t, err, "login with invalid password must fail") { client.Close() conn.Close() } // testPubKey1 is not authorized user.PublicKeys = []string{testPubKey1} user.Password = "" _, _, err = httpdtest.UpdateUser(user, http.StatusOK, "") assert.NoError(t, err) conn, client, err = getSftpClient(user, true) if !assert.Error(t, err, "login with invalid public key must fail") { defer conn.Close() defer client.Close() } // login a user with multiple public keys, only the second one is valid user.PublicKeys = []string{testPubKey1, testPubKey} user.Password = "" _, _, err = httpdtest.UpdateUser(user, http.StatusOK, "") assert.NoError(t, err) conn, client, err = getSftpClient(user, true) if assert.NoError(t, err) { defer conn.Close() defer client.Close() assert.NoError(t, checkBasicSFTP(client)) } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) } func TestLoginUserCert(t *testing.T) { u := getTestUser(true) user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) // try login using a cert signed from a trusted CA signer, err := getSignerForUserCert([]byte(testCertValid)) assert.NoError(t, err) conn, client, err := getCustomAuthSftpClient(user, []ssh.AuthMethod{ssh.PublicKeys(signer)}, "") if assert.NoError(t, err) { defer conn.Close() defer client.Close() assert.NoError(t, checkBasicSFTP(client)) } // revoke the certificate certs := []string{"SHA256:OkxVB1ImSJ2XeI8nA2Wg+6zJVlxdevD1FYBSEJjFEN4"} data, err := json.Marshal(certs) assert.NoError(t, err) err = os.WriteFile(revokeUserCerts, data, 0644) assert.NoError(t, err) err = sftpd.Reload() assert.NoError(t, err) conn, client, err = getCustomAuthSftpClient(user, []ssh.AuthMethod{ssh.PublicKeys(signer)}, "") if !assert.Error(t, err) { client.Close() conn.Close() } // if we remove the revoked certificate login should work again certs = []string{"SHA256:bsBRHC/xgiqBJdSuvSTNpJNLTISP/G356jNMCRYC5Es, SHA256:1kxVB1ImSJ2XeI8nA2Wg+6zJVlxdevD1FYBSEJjFEN4"} data, err = json.Marshal(certs) assert.NoError(t, err) err = os.WriteFile(revokeUserCerts, data, 0644) assert.NoError(t, err) err = sftpd.Reload() assert.NoError(t, err) conn, client, err = getCustomAuthSftpClient(user, []ssh.AuthMethod{ssh.PublicKeys(signer)}, "") if assert.NoError(t, err) { defer conn.Close() defer client.Close() assert.NoError(t, checkBasicSFTP(client)) } // try login using a cert signed from an untrusted CA signer, err = getSignerForUserCert([]byte(testCertUntrustedCA)) assert.NoError(t, err) conn, client, err = getCustomAuthSftpClient(user, []ssh.AuthMethod{ssh.PublicKeys(signer)}, "") if !assert.Error(t, err) { client.Close() conn.Close() } // try login using an host certificate instead of an user certificate signer, err = getSignerForUserCert([]byte(testHostCert)) assert.NoError(t, err) conn, client, err = getCustomAuthSftpClient(user, []ssh.AuthMethod{ssh.PublicKeys(signer)}, "") if !assert.Error(t, err) { client.Close() conn.Close() } // try login using a user certificate with an authorized source address different from localhost signer, err = getSignerForUserCert([]byte(testCertOtherSourceAddress)) assert.NoError(t, err) conn, client, err = getCustomAuthSftpClient(user, []ssh.AuthMethod{ssh.PublicKeys(signer)}, "") if !assert.Error(t, err) { client.Close() conn.Close() } // try login using an expired certificate signer, err = getSignerForUserCert([]byte(testCertExpired)) assert.NoError(t, err) conn, client, err = getCustomAuthSftpClient(user, []ssh.AuthMethod{ssh.PublicKeys(signer)}, "") if !assert.Error(t, err) { client.Close() conn.Close() } // try login using a certificate with no principals signer, err = getSignerForUserCert([]byte(testCertNoPrincipals)) assert.NoError(t, err) conn, client, err = getCustomAuthSftpClient(user, []ssh.AuthMethod{ssh.PublicKeys(signer)}, "") if !assert.Error(t, err) { client.Close() conn.Close() } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) // the user does not exist signer, err = getSignerForUserCert([]byte(testCertValid)) assert.NoError(t, err) conn, client, err = getCustomAuthSftpClient(user, []ssh.AuthMethod{ssh.PublicKeys(signer)}, "") if !assert.Error(t, err) { client.Close() conn.Close() } // now login with a username not in the set of valid principals for the given certificate u.Username += "1" user, _, err = httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) signer, err = getSignerForUserCert([]byte(testCertValid)) assert.NoError(t, err) conn, client, err = getCustomAuthSftpClient(user, []ssh.AuthMethod{ssh.PublicKeys(signer)}, "") if !assert.Error(t, err) { client.Close() conn.Close() } err = os.WriteFile(revokeUserCerts, []byte(`[]`), 0644) assert.NoError(t, err) err = sftpd.Reload() assert.NoError(t, err) _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) } func TestMultiStepLoginKeyAndPwd(t *testing.T) { u := getTestUser(true) u.Password = defaultPassword u.Filters.DeniedLoginMethods = append(u.Filters.DeniedLoginMethods, []string{ dataprovider.SSHLoginMethodKeyAndKeyboardInt, dataprovider.SSHLoginMethodPublicKey, dataprovider.LoginMethodPassword, dataprovider.SSHLoginMethodKeyboardInteractive, }...) user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) conn, client, err := getSftpClient(user, true) if !assert.Error(t, err, "login with public key is disallowed and must fail") { client.Close() conn.Close() } conn, client, err = getSftpClient(user, true) if !assert.Error(t, err, "login with password is disallowed and must fail") { client.Close() conn.Close() } signer, _ := ssh.ParsePrivateKey([]byte(testPrivateKey)) authMethods := []ssh.AuthMethod{ ssh.PublicKeys(signer), ssh.Password(defaultPassword), } conn, client, err = getCustomAuthSftpClient(user, authMethods, "") if assert.NoError(t, err) { defer conn.Close() defer client.Close() assert.NoError(t, checkBasicSFTP(client)) } conn, client, err = getCustomAuthSftpClient(user, authMethods, sftpSrvAddr2222) if !assert.Error(t, err, "password auth is disabled on port 2222, multi-step auth must fail") { client.Close() conn.Close() } authMethods = []ssh.AuthMethod{ ssh.Password(defaultPassword), ssh.PublicKeys(signer), } _, _, err = getCustomAuthSftpClient(user, authMethods, "") assert.Error(t, err, "multi step auth login with wrong order must fail") _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) } func TestMultiStepLoginKeyAndKeyInt(t *testing.T) { if runtime.GOOS == osWindows { t.Skip("this test is not available on Windows") } u := getTestUser(true) u.Password = defaultPassword u.Filters.DeniedLoginMethods = append(u.Filters.DeniedLoginMethods, []string{ dataprovider.SSHLoginMethodKeyAndPassword, dataprovider.SSHLoginMethodPublicKey, dataprovider.LoginMethodPassword, dataprovider.SSHLoginMethodKeyboardInteractive, }...) user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) err = os.WriteFile(keyIntAuthPath, getKeyboardInteractiveScriptContent([]string{"1", "2"}, 0, false, 1), os.ModePerm) assert.NoError(t, err) conn, client, err := getSftpClient(user, true) if !assert.Error(t, err, "login with public key is disallowed and must fail") { client.Close() conn.Close() } signer, _ := ssh.ParsePrivateKey([]byte(testPrivateKey)) authMethods := []ssh.AuthMethod{ ssh.PublicKeys(signer), ssh.KeyboardInteractive(func(_, _ string, _ []string, _ []bool) ([]string, error) { return []string{"1", "2"}, nil }), } conn, client, err = getCustomAuthSftpClient(user, authMethods, "") if assert.NoError(t, err) { defer conn.Close() defer client.Close() assert.NoError(t, checkBasicSFTP(client)) } conn, client, err = getCustomAuthSftpClient(user, authMethods, sftpSrvAddr2222) if assert.NoError(t, err) { defer conn.Close() defer client.Close() assert.NoError(t, checkBasicSFTP(client)) } authMethods = []ssh.AuthMethod{ ssh.KeyboardInteractive(func(_, _ string, _ []string, _ []bool) ([]string, error) { return []string{"1", "2"}, nil }), ssh.PublicKeys(signer), } _, _, err = getCustomAuthSftpClient(user, authMethods, "") assert.Error(t, err, "multi step auth login with wrong order must fail") authMethods = []ssh.AuthMethod{ ssh.PublicKeys(signer), ssh.Password(defaultPassword), } _, _, err = getCustomAuthSftpClient(user, authMethods, "") assert.Error(t, err, "multi step auth login with wrong method must fail") user.Filters.DeniedLoginMethods = nil user.Filters.DeniedLoginMethods = append(user.Filters.DeniedLoginMethods, []string{ dataprovider.SSHLoginMethodKeyAndKeyboardInt, dataprovider.SSHLoginMethodPublicKey, dataprovider.LoginMethodPassword, dataprovider.SSHLoginMethodKeyboardInteractive, }...) user, _, err = httpdtest.UpdateUser(user, http.StatusOK, "") assert.NoError(t, err) _, _, err = getCustomAuthSftpClient(user, authMethods, sftpSrvAddr2222) assert.Error(t, err) conn, client, err = getCustomAuthSftpClient(user, authMethods, "") if assert.NoError(t, err) { assert.NoError(t, checkBasicSFTP(client)) client.Close() conn.Close() } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) } func TestMultiStepLoginCertAndPwd(t *testing.T) { u := getTestUser(true) u.Password = defaultPassword u.Filters.DeniedLoginMethods = append(u.Filters.DeniedLoginMethods, []string{ dataprovider.SSHLoginMethodKeyAndKeyboardInt, dataprovider.SSHLoginMethodPublicKey, dataprovider.LoginMethodPassword, dataprovider.SSHLoginMethodKeyboardInteractive, }...) user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) signer, err := getSignerForUserCert([]byte(testCertValid)) assert.NoError(t, err) authMethods := []ssh.AuthMethod{ ssh.PublicKeys(signer), ssh.Password(defaultPassword), } conn, client, err := getCustomAuthSftpClient(user, authMethods, "") if assert.NoError(t, err) { defer conn.Close() defer client.Close() assert.NoError(t, checkBasicSFTP(client)) } signer, err = getSignerForUserCert([]byte(testCertOtherSourceAddress)) assert.NoError(t, err) authMethods = []ssh.AuthMethod{ ssh.PublicKeys(signer), ssh.Password(defaultPassword), } conn, client, err = getCustomAuthSftpClient(user, authMethods, "") if !assert.Error(t, err) { client.Close() conn.Close() } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) } func TestLoginUserStatus(t *testing.T) { usePubKey := true user, _, err := httpdtest.AddUser(getTestUser(usePubKey), http.StatusCreated) assert.NoError(t, err) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() assert.NoError(t, checkBasicSFTP(client)) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Greater(t, user.LastLogin, int64(0), "last login must be updated after a successful login: %v", user.LastLogin) } user.Status = 0 user, _, err = httpdtest.UpdateUser(user, http.StatusOK, "") assert.NoError(t, err) conn, client, err = getSftpClient(user, usePubKey) if !assert.Error(t, err, "login for a disabled user must fail") { client.Close() conn.Close() } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) } func TestLoginUserExpiration(t *testing.T) { usePubKey := true user, _, err := httpdtest.AddUser(getTestUser(usePubKey), http.StatusCreated) assert.NoError(t, err) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() assert.NoError(t, checkBasicSFTP(client)) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Greater(t, user.LastLogin, int64(0), "last login must be updated after a successful login: %v", user.LastLogin) } user.ExpirationDate = util.GetTimeAsMsSinceEpoch(time.Now()) - 120000 user, _, err = httpdtest.UpdateUser(user, http.StatusOK, "") assert.NoError(t, err) conn, client, err = getSftpClient(user, usePubKey) if !assert.Error(t, err, "login for an expired user must fail") { client.Close() conn.Close() } user.ExpirationDate = util.GetTimeAsMsSinceEpoch(time.Now()) + 120000 _, _, err = httpdtest.UpdateUser(user, http.StatusOK, "") assert.NoError(t, err) conn, client, err = getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() assert.NoError(t, checkBasicSFTP(client)) } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) } func TestLoginWithDatabaseCredentials(t *testing.T) { usePubKey := true u := getTestUser(usePubKey) u.FsConfig.Provider = sdk.GCSFilesystemProvider u.FsConfig.GCSConfig.Bucket = "testbucket" u.FsConfig.GCSConfig.Credentials = kms.NewPlainSecret(`{ "type": "service_account" }`) user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) assert.Equal(t, sdkkms.SecretStatusSecretBox, user.FsConfig.GCSConfig.Credentials.GetStatus()) assert.NotEmpty(t, user.FsConfig.GCSConfig.Credentials.GetPayload()) assert.Empty(t, user.FsConfig.GCSConfig.Credentials.GetAdditionalData()) assert.Empty(t, user.FsConfig.GCSConfig.Credentials.GetKey()) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) } func TestLoginInvalidFs(t *testing.T) { usePubKey := true u := getTestUser(usePubKey) u.FsConfig.Provider = sdk.GCSFilesystemProvider u.FsConfig.GCSConfig.Bucket = "test" u.FsConfig.GCSConfig.Credentials = kms.NewPlainSecret("invalid JSON for credentials") user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) conn, client, err := getSftpClient(user, usePubKey) if !assert.Error(t, err, "login must fail, the user has an invalid filesystem config") { client.Close() conn.Close() } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) } func TestDeniedProtocols(t *testing.T) { u := getTestUser(true) u.Filters.DeniedProtocols = []string{common.ProtocolSSH} user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) conn, client, err := getSftpClient(user, true) if !assert.Error(t, err, "SSH protocol is disabled, authentication must fail") { client.Close() conn.Close() } user.Filters.DeniedProtocols = []string{common.ProtocolFTP, common.ProtocolWebDAV} user, _, err = httpdtest.UpdateUser(user, http.StatusOK, "") assert.NoError(t, err) conn, client, err = getSftpClient(user, true) if assert.NoError(t, err) { defer conn.Close() defer client.Close() assert.NoError(t, checkBasicSFTP(client)) } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) } func TestDeniedLoginMethods(t *testing.T) { u := getTestUser(true) u.Filters.DeniedLoginMethods = []string{dataprovider.SSHLoginMethodPublicKey, dataprovider.LoginMethodPassword} user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) conn, client, err := getSftpClient(user, true) if !assert.Error(t, err, "public key login is disabled, authentication must fail") { client.Close() conn.Close() } user.Filters.DeniedLoginMethods = []string{dataprovider.SSHLoginMethodKeyboardInteractive, dataprovider.LoginMethodPassword} user, _, err = httpdtest.UpdateUser(user, http.StatusOK, "") assert.NoError(t, err) conn, client, err = getSftpClient(user, true) if assert.NoError(t, err) { defer conn.Close() defer client.Close() assert.NoError(t, checkBasicSFTP(client)) } user.Password = defaultPassword user, _, err = httpdtest.UpdateUser(user, http.StatusOK, "") assert.NoError(t, err) conn, client, err = getSftpClient(user, false) if !assert.Error(t, err, "password login is disabled, authentication must fail") { client.Close() conn.Close() } user.Filters.DeniedLoginMethods = []string{dataprovider.SSHLoginMethodKeyboardInteractive, dataprovider.SSHLoginMethodPublicKey} user, _, err = httpdtest.UpdateUser(user, http.StatusOK, "") assert.NoError(t, err) conn, client, err = getSftpClient(user, false) if assert.NoError(t, err) { defer conn.Close() defer client.Close() assert.NoError(t, checkBasicSFTP(client)) } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) } func TestLoginWithIPFilters(t *testing.T) { usePubKey := true u := getTestUser(usePubKey) u.Filters.DeniedIP = []string{"192.167.0.0/24", "172.18.0.0/16"} u.Filters.AllowedIP = []string{} user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() assert.NoError(t, checkBasicSFTP(client)) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Greater(t, user.LastLogin, int64(0), "last login must be updated after a successful login: %v", user.LastLogin) } user.Filters.AllowedIP = []string{"127.0.0.0/8"} _, _, err = httpdtest.UpdateUser(user, http.StatusOK, "") assert.NoError(t, err) conn, client, err = getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() assert.NoError(t, checkBasicSFTP(client)) } user.Filters.AllowedIP = []string{"172.19.0.0/16"} _, _, err = httpdtest.UpdateUser(user, http.StatusOK, "") assert.NoError(t, err) conn, client, err = getSftpClient(user, usePubKey) if !assert.Error(t, err, "login from an not allowed IP must fail") { client.Close() conn.Close() } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) } func TestLoginEmptyPassword(t *testing.T) { usePubKey := false u := getTestUser(usePubKey) u.Password = "" user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) user.Password = "empty" _, _, err = getSftpClient(user, usePubKey) assert.Error(t, err) _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) } func TestLoginAnonymousUser(t *testing.T) { usePubKey := false u := getTestUser(usePubKey) u.Password = "" u.Filters.IsAnonymous = true _, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.Error(t, err) user, _, err := httpdtest.GetUserByUsername(u.Username, http.StatusOK) assert.NoError(t, err) assert.True(t, user.Filters.IsAnonymous) assert.Equal(t, []string{dataprovider.PermListItems, dataprovider.PermDownload}, user.Permissions["/"]) assert.Equal(t, []string{common.ProtocolSSH, common.ProtocolHTTP}, user.Filters.DeniedProtocols) assert.Equal(t, []string{dataprovider.SSHLoginMethodPublicKey, dataprovider.SSHLoginMethodPassword, dataprovider.SSHLoginMethodKeyboardInteractive, dataprovider.SSHLoginMethodKeyAndPassword, dataprovider.SSHLoginMethodKeyAndKeyboardInt, dataprovider.LoginMethodTLSCertificate, dataprovider.LoginMethodTLSCertificateAndPwd}, user.Filters.DeniedLoginMethods) _, _, err = getSftpClient(user, usePubKey) assert.Error(t, err) _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) } func TestAnonymousGroupInheritance(t *testing.T) { g := getTestGroup() g.UserSettings.Filters.IsAnonymous = true group, _, err := httpdtest.AddGroup(g, http.StatusCreated) assert.NoError(t, err) usePubKey := false u := getTestUser(usePubKey) u.Groups = []sdk.GroupMapping{ { Name: group.Name, Type: sdk.GroupTypePrimary, }, } user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) _, _, err = getSftpClient(user, usePubKey) assert.Error(t, err) _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) _, err = httpdtest.RemoveGroup(group, http.StatusOK) assert.NoError(t, err) } func TestLoginAfterUserUpdateEmptyPwd(t *testing.T) { usePubKey := false user, _, err := httpdtest.AddUser(getTestUser(usePubKey), http.StatusCreated) assert.NoError(t, err) user.Password = "" // password should remain unchanged _, _, err = httpdtest.UpdateUser(user, http.StatusOK, "") assert.NoError(t, err) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() assert.NoError(t, checkBasicSFTP(client)) } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) } func TestLoginKeyboardInteractiveAuth(t *testing.T) { if runtime.GOOS == osWindows { t.Skip("this test is not available on Windows") } user, _, err := httpdtest.AddUser(getTestUser(false), http.StatusCreated) assert.NoError(t, err) err = os.WriteFile(keyIntAuthPath, getKeyboardInteractiveScriptContent([]string{"1", "2"}, 0, false, 1), os.ModePerm) assert.NoError(t, err) conn, client, err := getKeyboardInteractiveSftpClient(user, []string{"1", "2"}) if assert.NoError(t, err) { defer conn.Close() defer client.Close() assert.NoError(t, checkBasicSFTP(client)) } user.Status = 0 user, _, err = httpdtest.UpdateUser(user, http.StatusOK, "") assert.NoError(t, err) conn, client, err = getKeyboardInteractiveSftpClient(user, []string{"1", "2"}) if !assert.Error(t, err, "keyboard interactive auth must fail the user is disabled") { client.Close() conn.Close() } user.Status = 1 user, _, err = httpdtest.UpdateUser(user, http.StatusOK, "") assert.NoError(t, err) err = os.WriteFile(keyIntAuthPath, getKeyboardInteractiveScriptContent([]string{"1", "2"}, 0, false, -1), os.ModePerm) assert.NoError(t, err) conn, client, err = getKeyboardInteractiveSftpClient(user, []string{"1", "2"}) if !assert.Error(t, err, "keyboard interactive auth must fail the script returned -1") { client.Close() conn.Close() } err = os.WriteFile(keyIntAuthPath, getKeyboardInteractiveScriptContent([]string{"1", "2"}, 0, true, 1), os.ModePerm) assert.NoError(t, err) conn, client, err = getKeyboardInteractiveSftpClient(user, []string{"1", "2"}) if !assert.Error(t, err, "keyboard interactive auth must fail the script returned bad json") { client.Close() conn.Close() } err = os.WriteFile(keyIntAuthPath, getKeyboardInteractiveScriptContent([]string{"1", "2"}, 5, true, 1), os.ModePerm) assert.NoError(t, err) conn, client, err = getKeyboardInteractiveSftpClient(user, []string{"1", "2"}) if !assert.Error(t, err, "keyboard interactive auth must fail the script returned bad json") { client.Close() conn.Close() } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) } func TestInteractiveLoginWithPasscode(t *testing.T) { if runtime.GOOS == osWindows { t.Skip("this test is not available on Windows") } user, _, err := httpdtest.AddUser(getTestUser(false), http.StatusCreated) assert.NoError(t, err) // test password check err = os.WriteFile(keyIntAuthPath, getKeyboardInteractiveScriptForBuiltinChecks(false, 1), os.ModePerm) assert.NoError(t, err) conn, client, err := getKeyboardInteractiveSftpClient(user, []string{defaultPassword}) if assert.NoError(t, err) { defer conn.Close() defer client.Close() assert.NoError(t, checkBasicSFTP(client)) } // wrong password _, _, err = getKeyboardInteractiveSftpClient(user, []string{"wrong_password"}) assert.Error(t, err) // correct password but the script returns an error err = os.WriteFile(keyIntAuthPath, getKeyboardInteractiveScriptForBuiltinChecks(false, 0), os.ModePerm) assert.NoError(t, err) _, _, err = getKeyboardInteractiveSftpClient(user, []string{"wrong_password"}) assert.Error(t, err) // add multi-factor authentication configName, key, _, err := mfa.GenerateTOTPSecret(mfa.GetAvailableTOTPConfigNames()[0], user.Username) assert.NoError(t, err) user.Password = defaultPassword user.Filters.TOTPConfig = dataprovider.UserTOTPConfig{ Enabled: true, ConfigName: configName, Secret: kms.NewPlainSecret(key.Secret()), Protocols: []string{common.ProtocolSSH}, } err = dataprovider.UpdateUser(&user, "", "", "") assert.NoError(t, err) passcode, err := totp.GenerateCodeCustom(key.Secret(), time.Now(), totp.ValidateOpts{ Period: 30, Skew: 1, Digits: otp.DigitsSix, Algorithm: otp.AlgorithmSHA1, }) assert.NoError(t, err) err = os.WriteFile(keyIntAuthPath, getKeyboardInteractiveScriptForBuiltinChecks(true, 1), os.ModePerm) assert.NoError(t, err) passwordAsked := false passcodeAsked := false authMethods := []ssh.AuthMethod{ ssh.KeyboardInteractive(func(_, _ string, questions []string, _ []bool) ([]string, error) { var answers []string if strings.HasPrefix(questions[0], "Password") { answers = append(answers, defaultPassword) passwordAsked = true } else { answers = append(answers, passcode) passcodeAsked = true } return answers, nil }), } conn, client, err = getCustomAuthSftpClient(user, authMethods, "") if assert.NoError(t, err) { defer conn.Close() defer client.Close() assert.NoError(t, checkBasicSFTP(client)) } assert.True(t, passwordAsked) assert.True(t, passcodeAsked) // the same passcode cannot be reused _, _, err = getCustomAuthSftpClient(user, authMethods, "") assert.Error(t, err) // correct passcode but the script returns an error configName, key, _, err = mfa.GenerateTOTPSecret(mfa.GetAvailableTOTPConfigNames()[0], user.Username) assert.NoError(t, err) user.Password = defaultPassword user.Filters.TOTPConfig = dataprovider.UserTOTPConfig{ Enabled: true, ConfigName: configName, Secret: kms.NewPlainSecret(key.Secret()), Protocols: []string{common.ProtocolSSH}, } err = dataprovider.UpdateUser(&user, "", "", "") assert.NoError(t, err) passcode, err = totp.GenerateCodeCustom(key.Secret(), time.Now(), totp.ValidateOpts{ Period: 30, Skew: 1, Digits: otp.DigitsSix, Algorithm: otp.AlgorithmSHA1, }) assert.NoError(t, err) err = os.WriteFile(keyIntAuthPath, getKeyboardInteractiveScriptForBuiltinChecks(true, 0), os.ModePerm) assert.NoError(t, err) passwordAsked = false passcodeAsked = false _, _, err = getCustomAuthSftpClient(user, authMethods, "") assert.Error(t, err) authMethods = []ssh.AuthMethod{ ssh.KeyboardInteractive(func(_, _ string, questions []string, _ []bool) ([]string, error) { var answers []string if strings.HasPrefix(questions[0], "Password") { answers = append(answers, defaultPassword) passwordAsked = true } else { answers = append(answers, passcode) passcodeAsked = true } return answers, nil }), } _, _, err = getCustomAuthSftpClient(user, authMethods, "") assert.Error(t, err) assert.True(t, passwordAsked) assert.True(t, passcodeAsked) _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) } func TestMustChangePasswordRequirement(t *testing.T) { usePubKey := true u := getTestUser(usePubKey) u.Filters.RequirePasswordChange = true user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) // public key auth works even if the user must change password conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() assert.NoError(t, checkBasicSFTP(client)) } // password auth does not work _, _, err = getSftpClient(user, false) assert.Error(t, err) // change password err = dataprovider.UpdateUserPassword(user.Username, defaultPassword, "", "", "") assert.NoError(t, err) conn, client, err = getSftpClient(user, false) if assert.NoError(t, err) { defer conn.Close() defer client.Close() assert.NoError(t, checkBasicSFTP(client)) } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) } func TestSecondFactorRequirement(t *testing.T) { usePubKey := true u := getTestUser(usePubKey) u.Filters.TwoFactorAuthProtocols = []string{common.ProtocolSSH} user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) _, _, err = getSftpClient(user, usePubKey) assert.Error(t, err) configName, key, _, err := mfa.GenerateTOTPSecret(mfa.GetAvailableTOTPConfigNames()[0], user.Username) assert.NoError(t, err) user.Password = defaultPassword user.Filters.TOTPConfig = dataprovider.UserTOTPConfig{ Enabled: true, ConfigName: configName, Secret: kms.NewPlainSecret(key.Secret()), Protocols: []string{common.ProtocolSSH}, } err = dataprovider.UpdateUser(&user, "", "", "") assert.NoError(t, err) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() assert.NoError(t, checkBasicSFTP(client)) } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) } func TestNamingRules(t *testing.T) { err := dataprovider.Close() assert.NoError(t, err) err = config.LoadConfig(configDir, "") assert.NoError(t, err) providerConf := config.GetProviderConf() providerConf.NamingRules = 7 err = dataprovider.Initialize(providerConf, configDir, true) assert.NoError(t, err) usePubKey := true u := getTestUser(usePubKey) u.Username = "useR@user.com " user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) assert.Equal(t, "user@user.com", user.Username) conn, client, err := getSftpClient(u, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() assert.NoError(t, checkBasicSFTP(client)) } u.Password = defaultPassword _, _, err = httpdtest.UpdateUser(u, http.StatusOK, "") assert.NoError(t, err) conn, client, err = getSftpClient(u, false) if assert.NoError(t, err) { defer conn.Close() defer client.Close() assert.NoError(t, checkBasicSFTP(client)) } _, err = httpdtest.RemoveUser(u, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(u.GetHomeDir()) assert.NoError(t, err) err = dataprovider.Close() assert.NoError(t, err) err = config.LoadConfig(configDir, "") assert.NoError(t, err) providerConf = config.GetProviderConf() err = dataprovider.Initialize(providerConf, configDir, true) assert.NoError(t, err) } func TestPreLoginScript(t *testing.T) { if runtime.GOOS == osWindows { t.Skip("this test is not available on Windows") } usePubKey := true u := getTestUser(usePubKey) err := dataprovider.Close() assert.NoError(t, err) err = config.LoadConfig(configDir, "") assert.NoError(t, err) providerConf := config.GetProviderConf() err = os.WriteFile(preLoginPath, getPreLoginScriptContent(u, false), os.ModePerm) assert.NoError(t, err) providerConf.PreLoginHook = preLoginPath err = dataprovider.Initialize(providerConf, configDir, true) assert.NoError(t, err) user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) conn, client, err := getSftpClient(u, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() assert.NoError(t, checkBasicSFTP(client)) } err = os.WriteFile(preLoginPath, getPreLoginScriptContent(user, true), os.ModePerm) assert.NoError(t, err) conn, client, err = getSftpClient(u, usePubKey) if !assert.Error(t, err, "pre-login script returned a non json response, login must fail") { client.Close() conn.Close() } // now disable the the hook user.Filters.Hooks.PreLoginDisabled = true user, _, err = httpdtest.UpdateUser(user, http.StatusOK, "") assert.NoError(t, err) conn, client, err = getSftpClient(u, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() assert.NoError(t, checkBasicSFTP(client)) } user.Filters.Hooks.PreLoginDisabled = false user, _, err = httpdtest.UpdateUser(user, http.StatusOK, "") assert.NoError(t, err) user.Status = 0 err = os.WriteFile(preLoginPath, getPreLoginScriptContent(user, false), os.ModePerm) assert.NoError(t, err) conn, client, err = getSftpClient(u, usePubKey) if !assert.Error(t, err, "pre-login script returned a disabled user, login must fail") { client.Close() conn.Close() } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) err = dataprovider.Close() assert.NoError(t, err) err = config.LoadConfig(configDir, "") assert.NoError(t, err) providerConf = config.GetProviderConf() err = dataprovider.Initialize(providerConf, configDir, true) assert.NoError(t, err) err = os.Remove(preLoginPath) assert.NoError(t, err) } func TestPreLoginUserCreation(t *testing.T) { if runtime.GOOS == osWindows { t.Skip("this test is not available on Windows") } usePubKey := false u := getTestUser(usePubKey) err := dataprovider.Close() assert.NoError(t, err) err = config.LoadConfig(configDir, "") assert.NoError(t, err) providerConf := config.GetProviderConf() err = os.WriteFile(preLoginPath, getPreLoginScriptContent(u, false), os.ModePerm) assert.NoError(t, err) providerConf.PreLoginHook = preLoginPath err = dataprovider.Initialize(providerConf, configDir, true) assert.NoError(t, err) _, _, err = httpdtest.GetUserByUsername(defaultUsername, http.StatusNotFound) assert.NoError(t, err) conn, client, err := getSftpClient(u, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() assert.NoError(t, checkBasicSFTP(client)) } user, _, err := httpdtest.GetUserByUsername(defaultUsername, http.StatusOK) assert.NoError(t, err) _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) err = dataprovider.Close() assert.NoError(t, err) err = config.LoadConfig(configDir, "") assert.NoError(t, err) providerConf = config.GetProviderConf() err = dataprovider.Initialize(providerConf, configDir, true) assert.NoError(t, err) err = os.Remove(preLoginPath) assert.NoError(t, err) } func TestPreLoginHookPreserveMFAConfig(t *testing.T) { if runtime.GOOS == osWindows { t.Skip("this test is not available on Windows") } usePubKey := false u := getTestUser(usePubKey) err := dataprovider.Close() assert.NoError(t, err) err = config.LoadConfig(configDir, "") assert.NoError(t, err) providerConf := config.GetProviderConf() err = os.WriteFile(preLoginPath, getPreLoginScriptContent(u, false), os.ModePerm) assert.NoError(t, err) providerConf.PreLoginHook = preLoginPath err = dataprovider.Initialize(providerConf, configDir, true) assert.NoError(t, err) conn, client, err := getSftpClient(u, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() assert.NoError(t, checkBasicSFTP(client)) } // add multi-factor authentication user, _, err := httpdtest.GetUserByUsername(defaultUsername, http.StatusOK) assert.NoError(t, err) assert.Len(t, user.Filters.RecoveryCodes, 0) assert.False(t, user.Filters.TOTPConfig.Enabled) configName, key, _, err := mfa.GenerateTOTPSecret(mfa.GetAvailableTOTPConfigNames()[0], user.Username) assert.NoError(t, err) user.Password = defaultPassword user.Filters.TOTPConfig = dataprovider.UserTOTPConfig{ Enabled: true, ConfigName: configName, Secret: kms.NewPlainSecret(key.Secret()), Protocols: []string{common.ProtocolSSH}, } for i := 0; i < 12; i++ { user.Filters.RecoveryCodes = append(user.Filters.RecoveryCodes, dataprovider.RecoveryCode{ Secret: kms.NewPlainSecret(fmt.Sprintf("RC-%v", strings.ToUpper(util.GenerateUniqueID()))), }) } err = dataprovider.UpdateUser(&user, "", "", "") assert.NoError(t, err) conn, client, err = getSftpClient(u, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() assert.NoError(t, checkBasicSFTP(client)) } user, _, err = httpdtest.GetUserByUsername(defaultUsername, http.StatusOK) assert.NoError(t, err) assert.Len(t, user.Filters.RecoveryCodes, 12) assert.True(t, user.Filters.TOTPConfig.Enabled) assert.Equal(t, configName, user.Filters.TOTPConfig.ConfigName) assert.Equal(t, []string{common.ProtocolSSH}, user.Filters.TOTPConfig.Protocols) assert.Equal(t, sdkkms.SecretStatusSecretBox, user.Filters.TOTPConfig.Secret.GetStatus()) err = os.WriteFile(extAuthPath, getExitCodeScriptContent(0), os.ModePerm) assert.NoError(t, err) conn, client, err = getSftpClient(u, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() assert.NoError(t, checkBasicSFTP(client)) } user, _, err = httpdtest.GetUserByUsername(defaultUsername, http.StatusOK) assert.NoError(t, err) assert.Len(t, user.Filters.RecoveryCodes, 12) assert.True(t, user.Filters.TOTPConfig.Enabled) assert.Equal(t, configName, user.Filters.TOTPConfig.ConfigName) assert.Equal(t, []string{common.ProtocolSSH}, user.Filters.TOTPConfig.Protocols) assert.Equal(t, sdkkms.SecretStatusSecretBox, user.Filters.TOTPConfig.Secret.GetStatus()) _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) err = dataprovider.Close() assert.NoError(t, err) err = config.LoadConfig(configDir, "") assert.NoError(t, err) providerConf = config.GetProviderConf() err = dataprovider.Initialize(providerConf, configDir, true) assert.NoError(t, err) err = os.Remove(preLoginPath) assert.NoError(t, err) } func TestPreDownloadHook(t *testing.T) { if runtime.GOOS == osWindows { t.Skip("this test is not available on Windows") } oldExecuteOn := common.Config.Actions.ExecuteOn oldHook := common.Config.Actions.Hook common.Config.Actions.ExecuteOn = []string{common.OperationPreDownload} common.Config.Actions.Hook = preDownloadPath usePubKey := true u := getTestUser(usePubKey) user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) err = os.WriteFile(preDownloadPath, getExitCodeScriptContent(0), os.ModePerm) assert.NoError(t, err) testFileSize := int64(131072) testFilePath := filepath.Join(homeBasePath, testFileName) localDownloadPath := filepath.Join(homeBasePath, testDLFileName) err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.NoError(t, err) err = sftpDownloadFile(testFileName, localDownloadPath, testFileSize, client) assert.NoError(t, err) } remoteSCPDownPath := fmt.Sprintf("%v@127.0.0.1:%v", user.Username, path.Join("/", testFileName)) err = scpDownload(localDownloadPath, remoteSCPDownPath, false, false) assert.NoError(t, err) err = os.WriteFile(preDownloadPath, getExitCodeScriptContent(1), os.ModePerm) assert.NoError(t, err) conn, client, err = getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() err = client.Remove(testFileName) assert.NoError(t, err) err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.NoError(t, err) err = sftpDownloadFile(testFileName, localDownloadPath, testFileSize, client) assert.ErrorIs(t, err, os.ErrPermission) } err = scpDownload(localDownloadPath, remoteSCPDownPath, false, false) assert.Error(t, err) common.Config.Actions.Hook = "http://127.0.0.1:8080/web/admin/login" conn, client, err = getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() err = client.Remove(testFileName) assert.NoError(t, err) err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.NoError(t, err) err = sftpDownloadFile(testFileName, localDownloadPath, testFileSize, client) assert.NoError(t, err) } err = scpDownload(localDownloadPath, remoteSCPDownPath, false, false) assert.NoError(t, err) common.Config.Actions.Hook = "http://127.0.0.1:8080/" conn, client, err = getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() err = client.Remove(testFileName) assert.NoError(t, err) err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.NoError(t, err) err = sftpDownloadFile(testFileName, localDownloadPath, testFileSize, client) assert.ErrorIs(t, err, os.ErrPermission) } err = scpDownload(localDownloadPath, remoteSCPDownPath, false, false) assert.Error(t, err) _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.Remove(testFilePath) assert.NoError(t, err) err = os.Remove(localDownloadPath) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) common.Config.Actions.ExecuteOn = oldExecuteOn common.Config.Actions.Hook = oldHook } func TestPreUploadHook(t *testing.T) { if runtime.GOOS == osWindows { t.Skip("this test is not available on Windows") } oldExecuteOn := common.Config.Actions.ExecuteOn oldHook := common.Config.Actions.Hook common.Config.Actions.ExecuteOn = []string{common.OperationPreUpload} common.Config.Actions.Hook = preUploadPath usePubKey := true u := getTestUser(usePubKey) user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) err = os.WriteFile(preUploadPath, getExitCodeScriptContent(0), os.ModePerm) assert.NoError(t, err) testFileSize := int64(131072) testFilePath := filepath.Join(homeBasePath, testFileName) localDownloadPath := filepath.Join(homeBasePath, testDLFileName) err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.NoError(t, err) err = sftpDownloadFile(testFileName, localDownloadPath, testFileSize, client) assert.NoError(t, err) err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.NoError(t, err) } remoteSCPUpPath := fmt.Sprintf("%v@127.0.0.1:%v", user.Username, path.Join("/", testFileName)) err = scpUpload(testFilePath, remoteSCPUpPath, true, false) assert.NoError(t, err) err = os.WriteFile(preUploadPath, getExitCodeScriptContent(1), os.ModePerm) assert.NoError(t, err) conn, client, err = getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.ErrorIs(t, err, os.ErrPermission) err = sftpUploadFile(testFilePath, testFileName+"1", testFileSize, client) assert.ErrorIs(t, err, os.ErrPermission) } err = scpUpload(testFilePath, remoteSCPUpPath, true, false) assert.Error(t, err) common.Config.Actions.Hook = "http://127.0.0.1:8080/web/client/login" conn, client, err = getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.NoError(t, err) err = sftpDownloadFile(testFileName, localDownloadPath, testFileSize, client) assert.NoError(t, err) err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.NoError(t, err) } err = scpUpload(testFilePath, remoteSCPUpPath, true, false) assert.NoError(t, err) common.Config.Actions.Hook = "http://127.0.0.1:8080/web" conn, client, err = getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.ErrorIs(t, err, os.ErrPermission) err = sftpUploadFile(testFilePath, testFileName+"1", testFileSize, client) assert.ErrorIs(t, err, os.ErrPermission) } err = scpUpload(testFilePath, remoteSCPUpPath, true, false) assert.Error(t, err) _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.Remove(testFilePath) assert.NoError(t, err) err = os.Remove(localDownloadPath) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) common.Config.Actions.ExecuteOn = oldExecuteOn common.Config.Actions.Hook = oldHook } func TestPostConnectHook(t *testing.T) { if runtime.GOOS == osWindows { t.Skip("this test is not available on Windows") } common.Config.PostConnectHook = postConnectPath usePubKey := true u := getTestUser(usePubKey) user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) err = os.WriteFile(postConnectPath, getExitCodeScriptContent(0), os.ModePerm) assert.NoError(t, err) conn, client, err := getSftpClient(u, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() err = checkBasicSFTP(client) assert.NoError(t, err) } err = os.WriteFile(postConnectPath, getExitCodeScriptContent(1), os.ModePerm) assert.NoError(t, err) conn, client, err = getSftpClient(u, usePubKey) if !assert.Error(t, err) { client.Close() conn.Close() } common.Config.PostConnectHook = "http://127.0.0.1:8080/healthz" conn, client, err = getSftpClient(u, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() err = checkBasicSFTP(client) assert.NoError(t, err) } common.Config.PostConnectHook = "http://127.0.0.1:8080/notfound" conn, client, err = getSftpClient(u, usePubKey) if !assert.Error(t, err) { client.Close() conn.Close() } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) common.Config.PostConnectHook = "" } func TestCheckPwdHook(t *testing.T) { if runtime.GOOS == osWindows { t.Skip("this test is not available on Windows") } usePubKey := false u := getTestUser(usePubKey) u.QuotaFiles = 1000 err := dataprovider.Close() assert.NoError(t, err) err = config.LoadConfig(configDir, "") assert.NoError(t, err) providerConf := config.GetProviderConf() err = os.WriteFile(checkPwdPath, getCheckPwdScriptsContents(2, defaultPassword), os.ModePerm) assert.NoError(t, err) providerConf.CheckPasswordHook = checkPwdPath providerConf.CheckPasswordScope = 1 err = dataprovider.Initialize(providerConf, configDir, true) assert.NoError(t, err) user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { err = checkBasicSFTP(client) assert.NoError(t, err) client.Close() conn.Close() } err = os.WriteFile(checkPwdPath, getCheckPwdScriptsContents(0, defaultPassword), os.ModePerm) assert.NoError(t, err) conn, client, err = getSftpClient(user, usePubKey) if !assert.Error(t, err) { client.Close() conn.Close() } // now disable the the hook user.Filters.Hooks.CheckPasswordDisabled = true user, _, err = httpdtest.UpdateUser(user, http.StatusOK, "") assert.NoError(t, err) conn, client, err = getSftpClient(user, usePubKey) if assert.NoError(t, err) { err = checkBasicSFTP(client) assert.NoError(t, err) client.Close() conn.Close() } // enable the hook again user.Filters.Hooks.CheckPasswordDisabled = false user, _, err = httpdtest.UpdateUser(user, http.StatusOK, "") assert.NoError(t, err) err = os.WriteFile(checkPwdPath, getCheckPwdScriptsContents(1, ""), os.ModePerm) assert.NoError(t, err) user.Password = defaultPassword + "1" conn, client, err = getSftpClient(user, usePubKey) if assert.NoError(t, err) { err = checkBasicSFTP(client) assert.NoError(t, err) client.Close() conn.Close() } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = dataprovider.Close() assert.NoError(t, err) providerConf.CheckPasswordScope = 6 err = dataprovider.Initialize(providerConf, configDir, true) assert.NoError(t, err) user, _, err = httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) user.Password = defaultPassword + "1" conn, client, err = getSftpClient(user, usePubKey) if !assert.Error(t, err) { client.Close() conn.Close() } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) err = dataprovider.Close() assert.NoError(t, err) err = config.LoadConfig(configDir, "") assert.NoError(t, err) providerConf = config.GetProviderConf() err = dataprovider.Initialize(providerConf, configDir, true) assert.NoError(t, err) err = os.Remove(checkPwdPath) assert.NoError(t, err) } func TestLoginExternalAuthPwdAndPubKey(t *testing.T) { if runtime.GOOS == osWindows { t.Skip("this test is not available on Windows") } usePubKey := true u := getTestUser(usePubKey) u.QuotaFiles = 1000 err := dataprovider.Close() assert.NoError(t, err) err = config.LoadConfig(configDir, "") assert.NoError(t, err) providerConf := config.GetProviderConf() err = os.WriteFile(extAuthPath, getExtAuthScriptContent(u, false, false, ""), os.ModePerm) assert.NoError(t, err) providerConf.ExternalAuthHook = extAuthPath providerConf.ExternalAuthScope = 0 err = dataprovider.Initialize(providerConf, configDir, true) assert.NoError(t, err) testFileSize := int64(65535) conn, client, err := getSftpClient(u, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() testFilePath := filepath.Join(homeBasePath, testFileName) err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.NoError(t, err) err = os.Remove(testFilePath) assert.NoError(t, err) } u.Username = defaultUsername + "1" conn, client, err = getSftpClient(u, usePubKey) if !assert.Error(t, err, "external auth login with invalid user must fail") { client.Close() conn.Close() } usePubKey = false u = getTestUser(usePubKey) u.PublicKeys = []string{} err = os.WriteFile(extAuthPath, getExtAuthScriptContent(u, false, false, ""), os.ModePerm) assert.NoError(t, err) conn, client, err = getSftpClient(u, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() assert.NoError(t, checkBasicSFTP(client)) } user, _, err := httpdtest.GetUserByUsername(defaultUsername, http.StatusOK) assert.NoError(t, err) assert.Equal(t, 0, len(user.PublicKeys)) assert.Equal(t, testFileSize, user.UsedQuotaSize) assert.Equal(t, 1, user.UsedQuotaFiles) u.Status = 0 err = os.WriteFile(extAuthPath, getExtAuthScriptContent(u, false, false, ""), os.ModePerm) assert.NoError(t, err) conn, client, err = getSftpClient(u, usePubKey) if !assert.Error(t, err) { client.Close() conn.Close() } // now disable the the hook user.Filters.Hooks.ExternalAuthDisabled = true user, _, err = httpdtest.UpdateUser(user, http.StatusOK, "") assert.NoError(t, err) conn, client, err = getSftpClient(u, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() assert.NoError(t, checkBasicSFTP(client)) } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) err = dataprovider.Close() assert.NoError(t, err) err = config.LoadConfig(configDir, "") assert.NoError(t, err) providerConf = config.GetProviderConf() err = dataprovider.Initialize(providerConf, configDir, true) assert.NoError(t, err) err = os.Remove(extAuthPath) assert.NoError(t, err) } func TestExternalAuthMultiStepLoginKeyAndPwd(t *testing.T) { if runtime.GOOS == osWindows { t.Skip("this test is not available on Windows") } u := getTestUser(true) u.Password = defaultPassword u.Filters.DeniedLoginMethods = append(u.Filters.DeniedLoginMethods, []string{ dataprovider.SSHLoginMethodKeyAndKeyboardInt, dataprovider.SSHLoginMethodPublicKey, dataprovider.LoginMethodPassword, dataprovider.SSHLoginMethodKeyboardInteractive, }...) err := dataprovider.Close() assert.NoError(t, err) err = config.LoadConfig(configDir, "") assert.NoError(t, err) providerConf := config.GetProviderConf() err = os.WriteFile(extAuthPath, getExtAuthScriptContent(u, false, false, ""), os.ModePerm) assert.NoError(t, err) providerConf.ExternalAuthHook = extAuthPath providerConf.ExternalAuthScope = 0 err = dataprovider.Initialize(providerConf, configDir, true) assert.NoError(t, err) signer, err := ssh.ParsePrivateKey([]byte(testPrivateKey)) assert.NoError(t, err) authMethods := []ssh.AuthMethod{ ssh.PublicKeys(signer), ssh.Password(defaultPassword), } conn, client, err := getCustomAuthSftpClient(u, authMethods, "") if assert.NoError(t, err) { defer conn.Close() defer client.Close() assert.NoError(t, checkBasicSFTP(client)) } // wrong sequence should fail authMethods = []ssh.AuthMethod{ ssh.Password(defaultPassword), ssh.PublicKeys(signer), } _, _, err = getCustomAuthSftpClient(u, authMethods, "") assert.Error(t, err) // public key only auth must fail _, _, err = getSftpClient(u, true) assert.Error(t, err) // password only auth must fail _, _, err = getSftpClient(u, false) assert.Error(t, err) _, err = httpdtest.RemoveUser(u, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(u.GetHomeDir()) assert.NoError(t, err) err = dataprovider.Close() assert.NoError(t, err) err = config.LoadConfig(configDir, "") assert.NoError(t, err) providerConf = config.GetProviderConf() err = dataprovider.Initialize(providerConf, configDir, true) assert.NoError(t, err) err = os.Remove(extAuthPath) assert.NoError(t, err) } func TestExternalAuthEmptyResponse(t *testing.T) { if runtime.GOOS == osWindows { t.Skip("this test is not available on Windows") } usePubKey := false u := getTestUser(usePubKey) u.QuotaFiles = 1000 err := dataprovider.Close() assert.NoError(t, err) err = config.LoadConfig(configDir, "") assert.NoError(t, err) providerConf := config.GetProviderConf() err = os.WriteFile(extAuthPath, getExtAuthScriptContent(u, false, false, ""), os.ModePerm) assert.NoError(t, err) providerConf.ExternalAuthHook = extAuthPath providerConf.ExternalAuthScope = 0 err = dataprovider.Initialize(providerConf, configDir, true) assert.NoError(t, err) testFileSize := int64(65535) // the user will be created conn, client, err := getSftpClient(u, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() testFilePath := filepath.Join(homeBasePath, testFileName) err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.NoError(t, err) err = os.Remove(testFilePath) assert.NoError(t, err) } user, _, err := httpdtest.GetUserByUsername(defaultUsername, http.StatusOK) assert.NoError(t, err) assert.Equal(t, 0, len(user.PublicKeys)) assert.Equal(t, testFileSize, user.UsedQuotaSize) assert.Equal(t, 1, user.UsedQuotaFiles) // now modify the user user.MaxSessions = 10 user.QuotaFiles = 100 user, _, err = httpdtest.UpdateUser(user, http.StatusOK, "") assert.NoError(t, err) err = os.WriteFile(extAuthPath, getExtAuthScriptContent(u, false, true, ""), os.ModePerm) assert.NoError(t, err) conn, client, err = getSftpClient(u, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() err = checkBasicSFTP(client) assert.NoError(t, err) } user, _, err = httpdtest.GetUserByUsername(defaultUsername, http.StatusOK) assert.NoError(t, err) assert.Equal(t, 10, user.MaxSessions) assert.Equal(t, 100, user.QuotaFiles) // the auth script accepts any password and returns an empty response, the // user password must be updated u.Password = defaultUsername conn, client, err = getSftpClient(u, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() err = checkBasicSFTP(client) assert.NoError(t, err) } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) err = dataprovider.Close() assert.NoError(t, err) err = config.LoadConfig(configDir, "") assert.NoError(t, err) providerConf = config.GetProviderConf() err = dataprovider.Initialize(providerConf, configDir, true) assert.NoError(t, err) err = os.Remove(extAuthPath) assert.NoError(t, err) } func TestExternalAuthDifferentUsername(t *testing.T) { if runtime.GOOS == osWindows { t.Skip("this test is not available on Windows") } usePubKey := false extAuthUsername := "common_user" u := getTestUser(usePubKey) u.QuotaFiles = 1000 err := dataprovider.Close() assert.NoError(t, err) err = config.LoadConfig(configDir, "") assert.NoError(t, err) providerConf := config.GetProviderConf() err = os.WriteFile(extAuthPath, getExtAuthScriptContent(u, false, false, extAuthUsername), os.ModePerm) assert.NoError(t, err) providerConf.ExternalAuthHook = extAuthPath providerConf.ExternalAuthScope = 0 err = dataprovider.Initialize(providerConf, configDir, true) assert.NoError(t, err) // the user logins using "defaultUsername" and the external auth returns "extAuthUsername" testFileSize := int64(65535) conn, client, err := getSftpClient(u, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() testFilePath := filepath.Join(homeBasePath, testFileName) err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.NoError(t, err) err = os.Remove(testFilePath) assert.NoError(t, err) } // logins again to test that used quota is preserved conn, client, err = getSftpClient(u, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() err = checkBasicSFTP(client) assert.NoError(t, err) } _, _, err = httpdtest.GetUserByUsername(defaultUsername, http.StatusNotFound) assert.NoError(t, err) user, _, err := httpdtest.GetUserByUsername(extAuthUsername, http.StatusOK) assert.NoError(t, err) assert.Equal(t, 0, len(user.PublicKeys)) assert.Equal(t, testFileSize, user.UsedQuotaSize) assert.Equal(t, 1, user.UsedQuotaFiles) _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) err = dataprovider.Close() assert.NoError(t, err) err = config.LoadConfig(configDir, "") assert.NoError(t, err) providerConf = config.GetProviderConf() err = dataprovider.Initialize(providerConf, configDir, true) assert.NoError(t, err) err = os.Remove(extAuthPath) assert.NoError(t, err) } func TestLoginExternalAuth(t *testing.T) { if runtime.GOOS == osWindows { t.Skip("this test is not available on Windows") } mappedPath := filepath.Join(os.TempDir(), "vdir1") folderName := filepath.Base(mappedPath) extAuthScopes := []int{1, 2} for _, authScope := range extAuthScopes { var usePubKey bool if authScope == 1 { usePubKey = false } else { usePubKey = true } u := getTestUser(usePubKey) u.VirtualFolders = append(u.VirtualFolders, vfs.VirtualFolder{ BaseVirtualFolder: vfs.BaseVirtualFolder{ Name: folderName, }, VirtualPath: "/vpath", QuotaFiles: 1 + authScope, QuotaSize: 10 + int64(authScope), }) err := dataprovider.Close() assert.NoError(t, err) err = config.LoadConfig(configDir, "") assert.NoError(t, err) providerConf := config.GetProviderConf() err = os.WriteFile(extAuthPath, getExtAuthScriptContent(u, false, false, ""), os.ModePerm) assert.NoError(t, err) providerConf.ExternalAuthHook = extAuthPath providerConf.ExternalAuthScope = authScope err = dataprovider.Initialize(providerConf, configDir, true) assert.NoError(t, err) f := vfs.BaseVirtualFolder{ Name: folderName, MappedPath: mappedPath, } _, _, err = httpdtest.AddFolder(f, http.StatusCreated) assert.NoError(t, err) conn, client, err := getSftpClient(u, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() assert.NoError(t, checkBasicSFTP(client)) } if !usePubKey { dbUser, err := dataprovider.UserExists(defaultUsername, "") assert.NoError(t, err) found, match := dataprovider.CheckCachedUserPassword(defaultUsername, defaultPassword, dbUser.Password) assert.True(t, found) assert.True(t, match) } u.Username = defaultUsername + "1" conn, client, err = getSftpClient(u, usePubKey) if !assert.Error(t, err, "external auth login with invalid user must fail") { client.Close() conn.Close() } usePubKey = !usePubKey u = getTestUser(usePubKey) conn, client, err = getSftpClient(u, usePubKey) if !assert.Error(t, err, "external auth login with valid user but invalid auth scope must fail") { client.Close() conn.Close() } user, _, err := httpdtest.GetUserByUsername(defaultUsername, http.StatusOK) assert.NoError(t, err) if assert.Len(t, user.VirtualFolders, 1) { folder := user.VirtualFolders[0] assert.Equal(t, folderName, folder.Name) assert.Equal(t, mappedPath, folder.MappedPath) assert.Equal(t, 1+authScope, folder.QuotaFiles) assert.Equal(t, 10+int64(authScope), folder.QuotaSize) } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) _, err = httpdtest.RemoveFolder(vfs.BaseVirtualFolder{Name: folderName}, http.StatusOK) assert.NoError(t, err) err = dataprovider.Close() assert.NoError(t, err) err = config.LoadConfig(configDir, "") assert.NoError(t, err) providerConf = config.GetProviderConf() err = dataprovider.Initialize(providerConf, configDir, true) assert.NoError(t, err) err = os.Remove(extAuthPath) assert.NoError(t, err) } } func TestLoginExternalAuthCache(t *testing.T) { if runtime.GOOS == osWindows { t.Skip("this test is not available on Windows") } u := getTestUser(false) u.Filters.ExternalAuthCacheTime = 120 err := dataprovider.Close() assert.NoError(t, err) err = config.LoadConfig(configDir, "") assert.NoError(t, err) providerConf := config.GetProviderConf() err = os.WriteFile(extAuthPath, getExtAuthScriptContent(u, false, false, ""), os.ModePerm) assert.NoError(t, err) providerConf.ExternalAuthHook = extAuthPath providerConf.ExternalAuthScope = 1 err = dataprovider.Initialize(providerConf, configDir, true) assert.NoError(t, err) conn, client, err := getSftpClient(u, false) if assert.NoError(t, err) { defer conn.Close() defer client.Close() assert.NoError(t, checkBasicSFTP(client)) } user, _, err := httpdtest.GetUserByUsername(defaultUsername, http.StatusOK) assert.NoError(t, err) lastLogin := user.LastLogin assert.Greater(t, lastLogin, int64(0)) assert.Equal(t, u.Filters.ExternalAuthCacheTime, user.Filters.ExternalAuthCacheTime) // the auth should be now cached so update the hook to return an error err = os.WriteFile(extAuthPath, getExtAuthScriptContent(u, true, false, ""), os.ModePerm) assert.NoError(t, err) conn, client, err = getSftpClient(u, false) if assert.NoError(t, err) { defer conn.Close() defer client.Close() assert.NoError(t, checkBasicSFTP(client)) } user, _, err = httpdtest.GetUserByUsername(defaultUsername, http.StatusOK) assert.NoError(t, err) assert.Equal(t, lastLogin, user.LastLogin) _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) err = dataprovider.Close() assert.NoError(t, err) err = config.LoadConfig(configDir, "") assert.NoError(t, err) providerConf = config.GetProviderConf() err = dataprovider.Initialize(providerConf, configDir, true) assert.NoError(t, err) err = os.Remove(extAuthPath) assert.NoError(t, err) } func TestLoginExternalAuthInteractive(t *testing.T) { if runtime.GOOS == osWindows { t.Skip("this test is not available on Windows") } usePubKey := false u := getTestUser(usePubKey) err := dataprovider.Close() assert.NoError(t, err) err = config.LoadConfig(configDir, "") assert.NoError(t, err) providerConf := config.GetProviderConf() err = os.WriteFile(extAuthPath, getExtAuthScriptContent(u, false, false, ""), os.ModePerm) assert.NoError(t, err) providerConf.ExternalAuthHook = extAuthPath providerConf.ExternalAuthScope = 4 err = dataprovider.Initialize(providerConf, configDir, true) assert.NoError(t, err) err = os.WriteFile(keyIntAuthPath, getKeyboardInteractiveScriptContent([]string{"1", "2"}, 0, false, 1), os.ModePerm) assert.NoError(t, err) conn, client, err := getKeyboardInteractiveSftpClient(u, []string{"1", "2"}) if assert.NoError(t, err) { defer conn.Close() defer client.Close() assert.NoError(t, checkBasicSFTP(client)) } u.Username = defaultUsername + "1" conn, client, err = getKeyboardInteractiveSftpClient(u, []string{"1", "2"}) if !assert.Error(t, err, "external auth login with invalid user must fail") { client.Close() conn.Close() } usePubKey = true u = getTestUser(usePubKey) conn, client, err = getSftpClient(u, usePubKey) if !assert.Error(t, err, "external auth login with valid user but invalid auth scope must fail") { client.Close() conn.Close() } user, _, err := httpdtest.GetUserByUsername(defaultUsername, http.StatusOK) assert.NoError(t, err) _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) err = dataprovider.Close() assert.NoError(t, err) err = config.LoadConfig(configDir, "") assert.NoError(t, err) providerConf = config.GetProviderConf() err = dataprovider.Initialize(providerConf, configDir, true) assert.NoError(t, err) err = os.Remove(extAuthPath) assert.NoError(t, err) } func TestLoginExternalAuthErrors(t *testing.T) { if runtime.GOOS == osWindows { t.Skip("this test is not available on Windows") } usePubKey := true u := getTestUser(usePubKey) err := dataprovider.Close() assert.NoError(t, err) err = config.LoadConfig(configDir, "") assert.NoError(t, err) providerConf := config.GetProviderConf() err = os.WriteFile(extAuthPath, getExtAuthScriptContent(u, true, false, ""), os.ModePerm) assert.NoError(t, err) providerConf.ExternalAuthHook = extAuthPath providerConf.ExternalAuthScope = 0 err = dataprovider.Initialize(providerConf, configDir, true) assert.NoError(t, err) conn, client, err := getSftpClient(u, usePubKey) if !assert.Error(t, err, "login must fail, external auth returns a non json response") { client.Close() conn.Close() } usePubKey = false u = getTestUser(usePubKey) conn, client, err = getSftpClient(u, usePubKey) if !assert.Error(t, err, "login must fail, external auth returns a non json response") { client.Close() conn.Close() } _, _, err = httpdtest.GetUserByUsername(defaultUsername, http.StatusNotFound) assert.NoError(t, err) err = dataprovider.Close() assert.NoError(t, err) err = config.LoadConfig(configDir, "") assert.NoError(t, err) providerConf = config.GetProviderConf() err = dataprovider.Initialize(providerConf, configDir, true) assert.NoError(t, err) err = os.Remove(extAuthPath) assert.NoError(t, err) } func TestExternalAuthReturningAnonymousUser(t *testing.T) { if runtime.GOOS == osWindows { t.Skip("this test is not available on Windows") } usePubKey := false u := getTestUser(usePubKey) u.Filters.IsAnonymous = true u.Password = "" err := dataprovider.Close() assert.NoError(t, err) err = config.LoadConfig(configDir, "") assert.NoError(t, err) providerConf := config.GetProviderConf() err = os.WriteFile(extAuthPath, getExtAuthScriptContent(u, false, false, ""), os.ModePerm) assert.NoError(t, err) providerConf.ExternalAuthHook = extAuthPath providerConf.ExternalAuthScope = 0 err = dataprovider.Initialize(providerConf, configDir, true) assert.NoError(t, err) _, _, err = getSftpClient(u, usePubKey) assert.Error(t, err) user, _, err := httpdtest.GetUserByUsername(defaultUsername, http.StatusOK) assert.NoError(t, err) assert.True(t, user.Filters.IsAnonymous) assert.Equal(t, []string{dataprovider.PermListItems, dataprovider.PermDownload}, user.Permissions["/"]) assert.Equal(t, []string{common.ProtocolSSH, common.ProtocolHTTP}, user.Filters.DeniedProtocols) assert.Equal(t, []string{dataprovider.SSHLoginMethodPublicKey, dataprovider.SSHLoginMethodPassword, dataprovider.SSHLoginMethodKeyboardInteractive, dataprovider.SSHLoginMethodKeyAndPassword, dataprovider.SSHLoginMethodKeyAndKeyboardInt, dataprovider.LoginMethodTLSCertificate, dataprovider.LoginMethodTLSCertificateAndPwd}, user.Filters.DeniedLoginMethods) // test again, the user now exists _, _, err = getSftpClient(u, usePubKey) assert.Error(t, err) updatedUser, _, err := httpdtest.GetUserByUsername(defaultUsername, http.StatusOK) assert.NoError(t, err) user.UpdatedAt = updatedUser.UpdatedAt user.LastPasswordChange = updatedUser.LastPasswordChange assert.Equal(t, user, updatedUser) _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) err = dataprovider.Close() assert.NoError(t, err) err = config.LoadConfig(configDir, "") assert.NoError(t, err) providerConf = config.GetProviderConf() err = dataprovider.Initialize(providerConf, configDir, true) assert.NoError(t, err) err = os.Remove(extAuthPath) assert.NoError(t, err) } func TestExternalAuthPreserveMFAConfig(t *testing.T) { if runtime.GOOS == osWindows { t.Skip("this test is not available on Windows") } usePubKey := false u := getTestUser(usePubKey) err := dataprovider.Close() assert.NoError(t, err) err = config.LoadConfig(configDir, "") assert.NoError(t, err) providerConf := config.GetProviderConf() err = os.WriteFile(extAuthPath, getExtAuthScriptContent(u, false, false, ""), os.ModePerm) assert.NoError(t, err) providerConf.ExternalAuthHook = extAuthPath providerConf.ExternalAuthScope = 0 err = dataprovider.Initialize(providerConf, configDir, true) assert.NoError(t, err) conn, client, err := getSftpClient(u, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() assert.NoError(t, checkBasicSFTP(client)) } // add multi-factor authentication user, _, err := httpdtest.GetUserByUsername(defaultUsername, http.StatusOK) assert.NoError(t, err) assert.Len(t, user.Filters.RecoveryCodes, 0) assert.False(t, user.Filters.TOTPConfig.Enabled) configName, key, _, err := mfa.GenerateTOTPSecret(mfa.GetAvailableTOTPConfigNames()[0], user.Username) assert.NoError(t, err) user.Password = defaultPassword user.Filters.TOTPConfig = dataprovider.UserTOTPConfig{ Enabled: true, ConfigName: configName, Secret: kms.NewPlainSecret(key.Secret()), Protocols: []string{common.ProtocolSSH}, } for i := 0; i < 12; i++ { user.Filters.RecoveryCodes = append(user.Filters.RecoveryCodes, dataprovider.RecoveryCode{ Secret: kms.NewPlainSecret(fmt.Sprintf("RC-%v", strings.ToUpper(util.GenerateUniqueID()))), }) } err = dataprovider.UpdateUser(&user, "", "", "") assert.NoError(t, err) // login again and check that the MFA configs are preserved conn, client, err = getSftpClient(u, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() assert.NoError(t, checkBasicSFTP(client)) } user, _, err = httpdtest.GetUserByUsername(defaultUsername, http.StatusOK) assert.NoError(t, err) assert.Len(t, user.Filters.RecoveryCodes, 12) assert.True(t, user.Filters.TOTPConfig.Enabled) assert.Equal(t, configName, user.Filters.TOTPConfig.ConfigName) assert.Equal(t, []string{common.ProtocolSSH}, user.Filters.TOTPConfig.Protocols) assert.Equal(t, sdkkms.SecretStatusSecretBox, user.Filters.TOTPConfig.Secret.GetStatus()) err = os.WriteFile(extAuthPath, getExtAuthScriptContent(u, false, true, ""), os.ModePerm) assert.NoError(t, err) conn, client, err = getSftpClient(u, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() assert.NoError(t, checkBasicSFTP(client)) } user, _, err = httpdtest.GetUserByUsername(defaultUsername, http.StatusOK) assert.NoError(t, err) assert.Len(t, user.Filters.RecoveryCodes, 12) assert.True(t, user.Filters.TOTPConfig.Enabled) assert.Equal(t, configName, user.Filters.TOTPConfig.ConfigName) assert.Equal(t, []string{common.ProtocolSSH}, user.Filters.TOTPConfig.Protocols) assert.Equal(t, sdkkms.SecretStatusSecretBox, user.Filters.TOTPConfig.Secret.GetStatus()) _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) err = dataprovider.Close() assert.NoError(t, err) err = config.LoadConfig(configDir, "") assert.NoError(t, err) providerConf = config.GetProviderConf() err = dataprovider.Initialize(providerConf, configDir, true) assert.NoError(t, err) err = os.Remove(extAuthPath) assert.NoError(t, err) } func TestQuotaDisabledError(t *testing.T) { err := dataprovider.Close() assert.NoError(t, err) err = config.LoadConfig(configDir, "") assert.NoError(t, err) providerConf := config.GetProviderConf() providerConf.TrackQuota = 0 err = dataprovider.Initialize(providerConf, configDir, true) assert.NoError(t, err) usePubKey := false u := getTestUser(usePubKey) u.QuotaFiles = 1 user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() testFilePath := filepath.Join(homeBasePath, testFileName) testFileSize := int64(65535) err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.NoError(t, err) err = sftpUploadFile(testFilePath, testFileName+"1", testFileSize, client) assert.NoError(t, err) err = client.Rename(testFileName+"1", testFileName+".rename") //nolint:goconst assert.NoError(t, err) err = os.Remove(testFilePath) assert.NoError(t, err) } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) err = dataprovider.Close() assert.NoError(t, err) err = config.LoadConfig(configDir, "") assert.NoError(t, err) providerConf = config.GetProviderConf() err = dataprovider.Initialize(providerConf, configDir, true) assert.NoError(t, err) } //nolint:dupl func TestMaxConnections(t *testing.T) { oldValue := common.Config.MaxTotalConnections common.Config.MaxTotalConnections = 1 assert.Eventually(t, func() bool { return common.Connections.GetClientConnections() == 0 }, 1000*time.Millisecond, 50*time.Millisecond) usePubKey := true user := getTestUser(usePubKey) err := dataprovider.AddUser(&user, "", "", "") assert.NoError(t, err) user.Password = "" conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { assert.NoError(t, checkBasicSFTP(client)) s, c, err := getSftpClient(user, usePubKey) if !assert.Error(t, err, "max total connections exceeded, new login should not succeed") { c.Close() s.Close() } err = client.Close() assert.NoError(t, err) err = conn.Close() assert.NoError(t, err) } err = dataprovider.DeleteUser(user.Username, "", "", "") assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) common.Config.MaxTotalConnections = oldValue } //nolint:dupl func TestMaxPerHostConnections(t *testing.T) { oldValue := common.Config.MaxPerHostConnections common.Config.MaxPerHostConnections = 1 assert.Eventually(t, func() bool { return common.Connections.GetClientConnections() == 0 }, 1000*time.Millisecond, 50*time.Millisecond) usePubKey := true user := getTestUser(usePubKey) err := dataprovider.AddUser(&user, "", "", "") assert.NoError(t, err) user.Password = "" conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { assert.NoError(t, checkBasicSFTP(client)) s, c, err := getSftpClient(user, usePubKey) if !assert.Error(t, err, "max per host connections exceeded, new login should not succeed") { c.Close() s.Close() } err = client.Close() assert.NoError(t, err) err = conn.Close() assert.NoError(t, err) } err = dataprovider.DeleteUser(user.Username, "", "", "") assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) common.Config.MaxPerHostConnections = oldValue } func TestMaxSessions(t *testing.T) { usePubKey := false u := getTestUser(usePubKey) u.Username += "1" u.MaxSessions = 1 user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() assert.NoError(t, checkBasicSFTP(client)) s, c, err := getSftpClient(user, usePubKey) if !assert.Error(t, err, "max sessions exceeded, new login should not succeed") { c.Close() s.Close() } } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) } func TestSupportedExtensions(t *testing.T) { usePubKey := false u := getTestUser(usePubKey) user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() assert.NoError(t, checkBasicSFTP(client)) v, ok := client.HasExtension("statvfs@openssh.com") assert.Equal(t, "2", v) assert.True(t, ok) _, ok = client.HasExtension("hardlink@openssh.com") assert.False(t, ok) _, ok = client.HasExtension("posix-rename@openssh.com") assert.False(t, ok) } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) } func TestQuotaFileReplace(t *testing.T) { usePubKey := false u := getTestUser(usePubKey) u.QuotaFiles = 1000 localUser, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) u = getTestSFTPUser(usePubKey) u.QuotaFiles = 1000 sftpUser, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) testFileSize := int64(65535) testFilePath := filepath.Join(homeBasePath, testFileName) for _, user := range []dataprovider.User{localUser, sftpUser} { conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { //nolint:dupl defer conn.Close() defer client.Close() expectedQuotaSize := testFileSize expectedQuotaFiles := 1 err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.NoError(t, err) // now replace the same file, the quota must not change err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.NoError(t, err) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, expectedQuotaFiles, user.UsedQuotaFiles) assert.Equal(t, expectedQuotaSize, user.UsedQuotaSize) // now create a symlink, replace it with a file and check the quota // replacing a symlink is like uploading a new file err = client.Symlink(testFileName, testFileName+".link") assert.NoError(t, err) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, expectedQuotaFiles, user.UsedQuotaFiles) assert.Equal(t, expectedQuotaSize, user.UsedQuotaSize) expectedQuotaFiles++ expectedQuotaSize += testFileSize err = sftpUploadFile(testFilePath, testFileName+".link", testFileSize, client) assert.NoError(t, err) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, expectedQuotaFiles, user.UsedQuotaFiles) assert.Equal(t, expectedQuotaSize, user.UsedQuotaSize) } // now set a quota size restriction and upload the same file, upload should fail for space limit exceeded user.QuotaSize = testFileSize*2 - 1 user, _, err = httpdtest.UpdateUser(user, http.StatusOK, "") assert.NoError(t, err) conn, client, err = getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.Error(t, err, "quota size exceeded, file upload must fail") err = client.Remove(testFileName) assert.NoError(t, err) } if user.Username == defaultUsername { err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) user.Password = defaultPassword user.ID = 0 user.CreatedAt = 0 user.QuotaSize = 0 _, resp, err := httpdtest.AddUser(user, http.StatusCreated) assert.NoError(t, err, string(resp)) } } _, err = httpdtest.RemoveUser(sftpUser, http.StatusOK) assert.NoError(t, err) _, err = httpdtest.RemoveUser(localUser, http.StatusOK) assert.NoError(t, err) err = os.Remove(testFilePath) assert.NoError(t, err) err = os.RemoveAll(localUser.GetHomeDir()) assert.NoError(t, err) } func TestQuotaRename(t *testing.T) { usePubKey := true u := getTestUser(usePubKey) u.QuotaFiles = 1000 localUser, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) u = getTestSFTPUser(usePubKey) u.QuotaFiles = 1000 sftpUser, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) testFileSize := int64(65535) testFileSize1 := int64(65537) testFileName1 := "test_file1.dat" //nolint:goconst testFilePath := filepath.Join(homeBasePath, testFileName) testFilePath1 := filepath.Join(homeBasePath, testFileName1) for _, user := range []dataprovider.User{localUser, sftpUser} { conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) err = createTestFile(testFilePath1, testFileSize1) assert.NoError(t, err) err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.NoError(t, err) err = client.Rename(testFileName, testFileName+".rename") assert.NoError(t, err) err = sftpUploadFile(testFilePath1, testFileName1, testFileSize1, client) assert.NoError(t, err) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, 2, user.UsedQuotaFiles) assert.Equal(t, testFileSize+testFileSize1, user.UsedQuotaSize) err = client.Rename(testFileName1, testFileName+".rename") assert.NoError(t, err) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, 1, user.UsedQuotaFiles) assert.Equal(t, testFileSize1, user.UsedQuotaSize) err = client.Symlink(testFileName+".rename", testFileName+".symlink") //nolint:goconst assert.NoError(t, err) err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.NoError(t, err) // overwrite a symlink err = client.Rename(testFileName, testFileName+".symlink") assert.NoError(t, err) err = client.Mkdir("testdir") assert.NoError(t, err) err = client.Rename("testdir", "testdir1") assert.NoError(t, err) err = client.Mkdir("testdir") assert.NoError(t, err) err = client.Rename("testdir", "testdir1") assert.Error(t, err) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, 2, user.UsedQuotaFiles) assert.Equal(t, testFileSize+testFileSize1, user.UsedQuotaSize) testDir := "tdir" err = client.Mkdir(testDir) assert.NoError(t, err) err = sftpUploadFile(testFilePath, path.Join(testDir, testFileName), testFileSize, client) assert.NoError(t, err) err = sftpUploadFile(testFilePath1, path.Join(testDir, testFileName1), testFileSize1, client) assert.NoError(t, err) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, 4, user.UsedQuotaFiles) assert.Equal(t, testFileSize*2+testFileSize1*2, user.UsedQuotaSize) err = client.Rename(testDir, testDir+"1") assert.NoError(t, err) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, 4, user.UsedQuotaFiles) assert.Equal(t, testFileSize*2+testFileSize1*2, user.UsedQuotaSize) if user.Username == defaultUsername { err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) user.Password = defaultPassword user.ID = 0 user.CreatedAt = 0 _, resp, err := httpdtest.AddUser(user, http.StatusCreated) assert.NoError(t, err, string(resp)) } } } _, err = httpdtest.RemoveUser(sftpUser, http.StatusOK) assert.NoError(t, err) _, err = httpdtest.RemoveUser(localUser, http.StatusOK) assert.NoError(t, err) err = os.Remove(testFilePath) assert.NoError(t, err) err = os.Remove(testFilePath1) assert.NoError(t, err) err = os.RemoveAll(localUser.GetHomeDir()) assert.NoError(t, err) } func TestQuotaScan(t *testing.T) { usePubKey := false user, _, err := httpdtest.AddUser(getTestUser(usePubKey), http.StatusCreated) assert.NoError(t, err) testFileSize := int64(65535) expectedQuotaSize := user.UsedQuotaSize + testFileSize expectedQuotaFiles := user.UsedQuotaFiles + 1 conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() testFilePath := filepath.Join(homeBasePath, testFileName) err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.NoError(t, err) err = os.Remove(testFilePath) assert.NoError(t, err) } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) // create user with the same home dir, so there is at least an untracked file user, _, err = httpdtest.AddUser(getTestUser(usePubKey), http.StatusCreated) assert.NoError(t, err) _, err = httpdtest.StartQuotaScan(user, http.StatusAccepted) assert.NoError(t, err) assert.Eventually(t, func() bool { scans, _, err := httpdtest.GetQuotaScans(http.StatusOK) if err == nil { return len(scans) == 0 } return false }, 1*time.Second, 50*time.Millisecond) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, expectedQuotaFiles, user.UsedQuotaFiles) assert.Equal(t, expectedQuotaSize, user.UsedQuotaSize) _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) } func TestMultipleQuotaScans(t *testing.T) { res := common.QuotaScans.AddUserQuotaScan(defaultUsername, "") assert.True(t, res) res = common.QuotaScans.AddUserQuotaScan(defaultUsername, "") assert.False(t, res, "add quota must fail if another scan is already active") assert.True(t, common.QuotaScans.RemoveUserQuotaScan(defaultUsername)) activeScans := common.QuotaScans.GetUsersQuotaScans("") assert.Equal(t, 0, len(activeScans)) assert.False(t, common.QuotaScans.RemoveUserQuotaScan(defaultUsername)) } func TestQuotaLimits(t *testing.T) { usePubKey := false u := getTestUser(usePubKey) u.QuotaFiles = 1 localUser, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) u = getTestSFTPUser(usePubKey) u.QuotaFiles = 1 sftpUser, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) testFileSize := int64(65535) testFilePath := filepath.Join(homeBasePath, testFileName) err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) testFileSize1 := int64(131072) testFileName1 := "test_file1.dat" testFilePath1 := filepath.Join(homeBasePath, testFileName1) err = createTestFile(testFilePath1, testFileSize1) assert.NoError(t, err) testFileSize2 := int64(32768) testFileName2 := "test_file2.dat" //nolint:goconst testFilePath2 := filepath.Join(homeBasePath, testFileName2) err = createTestFile(testFilePath2, testFileSize2) assert.NoError(t, err) for _, user := range []dataprovider.User{localUser, sftpUser} { // test quota files conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() err = sftpUploadFile(testFilePath, testFileName+".quota", testFileSize, client) //nolint:goconst assert.NoError(t, err) err = sftpUploadFile(testFilePath, testFileName+".quota.1", testFileSize, client) if assert.Error(t, err, "user is over quota files, upload must fail") { assert.Contains(t, err.Error(), "SSH_FX_FAILURE") assert.Contains(t, err.Error(), common.ErrQuotaExceeded.Error()) } // rename should work err = client.Rename(testFileName+".quota", testFileName) assert.NoError(t, err) } // test quota size user.QuotaSize = testFileSize - 1 user.QuotaFiles = 0 user, _, err = httpdtest.UpdateUser(user, http.StatusOK, "") assert.NoError(t, err) conn, client, err = getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() err = sftpUploadFile(testFilePath, testFileName+".quota.1", testFileSize, client) if assert.Error(t, err, "user is over quota size, upload must fail") { assert.Contains(t, err.Error(), "SSH_FX_FAILURE") assert.Contains(t, err.Error(), common.ErrQuotaExceeded.Error()) } err = client.Rename(testFileName, testFileName+".quota") assert.NoError(t, err) err = client.Rename(testFileName+".quota", testFileName) assert.NoError(t, err) } // now test quota limits while uploading the current file, we have 1 bytes remaining user.QuotaSize = testFileSize + 1 user.QuotaFiles = 0 user, _, err = httpdtest.UpdateUser(user, http.StatusOK, "") assert.NoError(t, err) conn, client, err = getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() err = sftpUploadFile(testFilePath1, testFileName1, testFileSize1, client) if assert.Error(t, err) { assert.Contains(t, err.Error(), "SSH_FX_FAILURE") assert.Contains(t, err.Error(), common.ErrQuotaExceeded.Error()) } _, err = client.Stat(testFileName1) assert.Error(t, err) _, err = client.Lstat(testFileName1) assert.Error(t, err) // overwriting an existing file will work if the resulting size is lesser or equal than the current one err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.NoError(t, err) err = sftpUploadFile(testFilePath2, testFileName, testFileSize2, client) assert.NoError(t, err) err = sftpUploadFile(testFilePath1, testFileName, testFileSize1, client) assert.Error(t, err) _, err := client.Stat(testFileName) assert.Error(t, err) } if user.Username == defaultUsername { err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) user.Password = defaultPassword user.ID = 0 user.CreatedAt = 0 _, resp, err := httpdtest.AddUser(user, http.StatusCreated) assert.NoError(t, err, string(resp)) } } err = os.Remove(testFilePath) assert.NoError(t, err) err = os.Remove(testFilePath1) assert.NoError(t, err) err = os.Remove(testFilePath2) assert.NoError(t, err) _, err = httpdtest.RemoveUser(sftpUser, http.StatusOK) assert.NoError(t, err) _, err = httpdtest.RemoveUser(localUser, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(localUser.GetHomeDir()) assert.NoError(t, err) } func TestTransferQuotaLimits(t *testing.T) { usePubKey := true u := getTestUser(usePubKey) u.DownloadDataTransfer = 1 u.UploadDataTransfer = 1 user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) localDownloadPath := filepath.Join(homeBasePath, testDLFileName) testFilePath := filepath.Join(homeBasePath, testFileName) testFileSize := int64(550000) err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.NoError(t, err) err = sftpDownloadFile(testFileName, localDownloadPath, testFileSize, client) assert.NoError(t, err) // error while download is active err = sftpDownloadFile(testFileName, localDownloadPath, testFileSize, client) if assert.Error(t, err) { assert.Contains(t, err.Error(), common.ErrReadQuotaExceeded.Error()) } // error before starting the download err = sftpDownloadFile(testFileName, localDownloadPath, testFileSize, client) if assert.Error(t, err) { assert.Contains(t, err.Error(), common.ErrReadQuotaExceeded.Error()) } // error while upload is active err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) if assert.Error(t, err) { assert.Contains(t, err.Error(), common.ErrQuotaExceeded.Error()) } // error before starting the upload err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) if assert.Error(t, err) { assert.Contains(t, err.Error(), common.ErrQuotaExceeded.Error()) } } user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Greater(t, user.UsedDownloadDataTransfer, int64(1024*1024)) assert.Greater(t, user.UsedUploadDataTransfer, int64(1024*1024)) err = os.Remove(testFilePath) assert.NoError(t, err) err = os.Remove(localDownloadPath) assert.NoError(t, err) _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) } func TestUploadMaxSize(t *testing.T) { testFileSize := int64(65535) usePubKey := false u := getTestUser(usePubKey) u.Filters.MaxUploadFileSize = testFileSize + 1 user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) testFilePath := filepath.Join(homeBasePath, testFileName) err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) testFileSize1 := int64(131072) testFileName1 := "test_file1.dat" testFilePath1 := filepath.Join(homeBasePath, testFileName1) err = createTestFile(testFilePath1, testFileSize1) assert.NoError(t, err) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() err = sftpUploadFile(testFilePath1, testFileName1, testFileSize1, client) assert.Error(t, err) err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.NoError(t, err) // now test overwrite an existing file with a size bigger than the allowed one err = createTestFile(filepath.Join(user.GetHomeDir(), testFileName1), testFileSize1) assert.NoError(t, err) err = sftpUploadFile(testFilePath1, testFileName1, testFileSize1, client) assert.Error(t, err) } err = os.Remove(testFilePath) assert.NoError(t, err) err = os.Remove(testFilePath1) assert.NoError(t, err) _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) } func TestBandwidthAndConnections(t *testing.T) { usePubKey := false testFileSize := int64(524288) u := getTestUser(usePubKey) u.UploadBandwidth = 120 u.DownloadBandwidth = 100 wantedUploadElapsed := 1000 * (testFileSize / 1024) / u.UploadBandwidth wantedDownloadElapsed := 1000 * (testFileSize / 1024) / u.DownloadBandwidth // 100 ms tolerance wantedUploadElapsed -= 100 wantedDownloadElapsed -= 100 user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() testFilePath := filepath.Join(homeBasePath, testFileName) err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) startTime := time.Now() err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.NoError(t, err) elapsed := time.Since(startTime).Nanoseconds() / 1000000 assert.GreaterOrEqual(t, elapsed, wantedUploadElapsed, "upload bandwidth throttling not respected") startTime = time.Now() localDownloadPath := filepath.Join(homeBasePath, testDLFileName) c := sftpDownloadNonBlocking(testFileName, localDownloadPath, testFileSize, client) waitForActiveTransfers(t) // wait some additional arbitrary time to wait for transfer activity to happen // it is need to reach all the code in CheckIdleConnections time.Sleep(100 * time.Millisecond) err = <-c assert.NoError(t, err) elapsed = time.Since(startTime).Nanoseconds() / 1000000 assert.GreaterOrEqual(t, elapsed, wantedDownloadElapsed, "download bandwidth throttling not respected") // test disconnection c = sftpUploadNonBlocking(testFilePath, testFileName+"_partial", testFileSize, client) waitForActiveTransfers(t) time.Sleep(100 * time.Millisecond) for _, stat := range common.Connections.GetStats("") { common.Connections.Close(stat.ConnectionID, "") } err = <-c assert.Error(t, err, "connection closed while uploading: the upload must fail") assert.Eventually(t, func() bool { return len(common.Connections.GetStats("")) == 0 }, 10*time.Second, 200*time.Millisecond) err = os.Remove(testFilePath) assert.NoError(t, err) err = os.Remove(localDownloadPath) assert.NoError(t, err) } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) } func TestPatternsFilters(t *testing.T) { usePubKey := true u := getTestUser(usePubKey) user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) testFileSize := int64(131072) testFilePath := filepath.Join(homeBasePath, testFileName) localDownloadPath := filepath.Join(homeBasePath, testDLFileName) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.NoError(t, err) err = sftpUploadFile(testFilePath, testFileName+".zip", testFileSize, client) assert.NoError(t, err) } user.Filters.FilePatterns = []sdk.PatternsFilter{ { Path: "/", AllowedPatterns: []string{"*.zIp"}, DeniedPatterns: []string{}, }, } user.Filters.DisableFsChecks = true _, _, err = httpdtest.UpdateUser(user, http.StatusOK, "") assert.NoError(t, err) conn, client, err = getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.Error(t, err) err = sftpDownloadFile(testFileName, localDownloadPath, testFileSize, client) assert.Error(t, err) err = client.Rename(testFileName, testFileName+"1") assert.Error(t, err) err = client.Remove(testFileName) assert.Error(t, err) err = sftpDownloadFile(testFileName+".zip", localDownloadPath, testFileSize, client) assert.NoError(t, err) err = client.Mkdir("dir.zip") assert.NoError(t, err) err = client.Rename("dir.zip", "dir1.zip") assert.NoError(t, err) } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.Remove(testFilePath) assert.NoError(t, err) err = os.Remove(localDownloadPath) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) } func TestVirtualFolders(t *testing.T) { usePubKey := true u := getTestUser(usePubKey) mappedPath := filepath.Join(os.TempDir(), "vdir") folderName := filepath.Base(mappedPath) vdirPath := "/vdir/subdir" testDir := "/userDir" testDir1 := "/userDir1" u.VirtualFolders = append(u.VirtualFolders, vfs.VirtualFolder{ BaseVirtualFolder: vfs.BaseVirtualFolder{ Name: folderName, }, VirtualPath: vdirPath, }) u.Permissions[testDir] = []string{dataprovider.PermCreateDirs} u.Permissions[testDir1] = []string{dataprovider.PermCreateDirs, dataprovider.PermUpload, dataprovider.PermRename} u.Permissions[path.Join(testDir1, "subdir")] = []string{dataprovider.PermRename} f := vfs.BaseVirtualFolder{ Name: folderName, MappedPath: mappedPath, } _, _, err := httpdtest.AddFolder(f, http.StatusCreated) assert.NoError(t, err) user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() // check virtual folder auto creation _, err = os.Stat(mappedPath) assert.NoError(t, err) testFileSize := int64(131072) testFilePath := filepath.Join(homeBasePath, testFileName) err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) localDownloadPath := filepath.Join(homeBasePath, testDLFileName) err = sftpUploadFile(testFilePath, path.Join(vdirPath, testFileName), testFileSize, client) assert.NoError(t, err) err = sftpDownloadFile(path.Join(vdirPath, testFileName), localDownloadPath, testFileSize, client) assert.NoError(t, err) err = client.Rename(vdirPath, "new_name") assert.Error(t, err, "renaming a virtual folder must fail") err = client.RemoveDirectory(vdirPath) assert.Error(t, err, "removing a virtual folder must fail") err = client.Mkdir(vdirPath) assert.Error(t, err, "creating a virtual folder must fail") err = client.Symlink(path.Join(vdirPath, testFileName), vdirPath) assert.Error(t, err, "symlink to a virtual folder must fail") err = client.Rename("/vdir", "/vdir1") assert.Error(t, err, "renaming a directory with a virtual folder inside must fail") err = client.RemoveDirectory("/vdir") assert.Error(t, err, "removing a directory with a virtual folder inside must fail") err = client.Mkdir("vdir1") assert.NoError(t, err) // rename empty dir /vdir1, we have permission on / err = client.Rename("vdir1", "vdir2") assert.NoError(t, err) err = sftpUploadFile(testFilePath, path.Join("vdir2", testFileName), testFileSize, client) assert.NoError(t, err) // we don't have rename permission in testDir and vdir2 contains a file err = client.Rename("vdir2", testDir) assert.Error(t, err) err = client.Rename("vdir2", testDir1) assert.NoError(t, err) err = client.Rename(testDir1, "vdir2") assert.NoError(t, err) err = client.MkdirAll(path.Join("vdir2", "subdir")) assert.NoError(t, err) err = sftpUploadFile(testFilePath, path.Join("vdir2", "subdir", testFileName), testFileSize, client) assert.NoError(t, err) err = client.Rename("vdir2", testDir1) assert.NoError(t, err) err = client.Rename(testDir1, "vdir2") assert.NoError(t, err) err = client.MkdirAll(path.Join("vdir2", "subdir", "subdir")) assert.NoError(t, err) err = sftpUploadFile(testFilePath, path.Join("vdir2", "subdir", "subdir", testFileName), testFileSize, client) assert.NoError(t, err) err = client.Rename("vdir2", testDir1) assert.NoError(t, err) err = client.Rename(testDir1, "vdir3") assert.NoError(t, err) err = client.Remove(path.Join("vdir3", "subdir", "subdir", testFileName)) assert.NoError(t, err) err = client.RemoveDirectory(path.Join("vdir3", "subdir", "subdir")) assert.NoError(t, err) err = client.Rename("vdir3", testDir1) assert.NoError(t, err) err = client.Rename(testDir1, "vdir2") assert.NoError(t, err) err = client.Symlink(path.Join("vdir2", "subdir", testFileName), path.Join("vdir2", "subdir", "alink")) assert.NoError(t, err) err = client.Rename("vdir2", testDir1) assert.NoError(t, err) err = os.Remove(testFilePath) assert.NoError(t, err) err = os.Remove(localDownloadPath) assert.NoError(t, err) } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) _, err = httpdtest.RemoveFolder(vfs.BaseVirtualFolder{Name: folderName}, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) err = os.RemoveAll(mappedPath) assert.NoError(t, err) } func TestVirtualFoldersQuotaLimit(t *testing.T) { usePubKey := false u1 := getTestUser(usePubKey) u1.QuotaFiles = 1 mappedPath1 := filepath.Join(os.TempDir(), "vdir1") folderName1 := filepath.Base(mappedPath1) vdirPath1 := "/vdir1" //nolint:goconst mappedPath2 := filepath.Join(os.TempDir(), "vdir2") folderName2 := filepath.Base(mappedPath2) vdirPath2 := "/vdir2" //nolint:goconst u1.VirtualFolders = append(u1.VirtualFolders, vfs.VirtualFolder{ BaseVirtualFolder: vfs.BaseVirtualFolder{ Name: folderName1, }, VirtualPath: vdirPath1, QuotaFiles: -1, QuotaSize: -1, }) u1.VirtualFolders = append(u1.VirtualFolders, vfs.VirtualFolder{ BaseVirtualFolder: vfs.BaseVirtualFolder{ Name: folderName2, }, VirtualPath: vdirPath2, QuotaFiles: 1, QuotaSize: 0, }) testFileSize := int64(131072) testFilePath := filepath.Join(homeBasePath, testFileName) err := createTestFile(testFilePath, testFileSize) assert.NoError(t, err) u2 := getTestUser(usePubKey) u2.QuotaSize = testFileSize + 1 u2.VirtualFolders = append(u2.VirtualFolders, vfs.VirtualFolder{ BaseVirtualFolder: vfs.BaseVirtualFolder{ Name: folderName1, }, VirtualPath: vdirPath1, QuotaFiles: -1, QuotaSize: -1, }) u2.VirtualFolders = append(u2.VirtualFolders, vfs.VirtualFolder{ BaseVirtualFolder: vfs.BaseVirtualFolder{ Name: folderName2, }, VirtualPath: vdirPath2, QuotaFiles: 0, QuotaSize: testFileSize + 1, }) users := []dataprovider.User{u1, u2} for _, u := range users { err = os.MkdirAll(mappedPath1, os.ModePerm) assert.NoError(t, err) err = os.MkdirAll(mappedPath2, os.ModePerm) assert.NoError(t, err) f1 := vfs.BaseVirtualFolder{ Name: folderName1, MappedPath: mappedPath1, } _, _, err := httpdtest.AddFolder(f1, http.StatusCreated) assert.NoError(t, err) f2 := vfs.BaseVirtualFolder{ Name: folderName2, MappedPath: mappedPath2, } _, _, err = httpdtest.AddFolder(f2, http.StatusCreated) assert.NoError(t, err) user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() err = sftpUploadFile(testFilePath, path.Join(vdirPath1, testFileName), testFileSize, client) assert.NoError(t, err) err = sftpUploadFile(testFilePath, path.Join(vdirPath2, testFileName), testFileSize, client) assert.NoError(t, err) err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.Error(t, err) _, err = client.Stat(testFileName) assert.Error(t, err) err = sftpUploadFile(testFilePath, path.Join(vdirPath1, testFileName+"1"), testFileSize, client) assert.Error(t, err) _, err = client.Stat(path.Join(vdirPath1, testFileName+"1")) assert.Error(t, err) err = sftpUploadFile(testFilePath, path.Join(vdirPath2, testFileName+"1"), testFileSize, client) assert.Error(t, err) _, err = client.Stat(path.Join(vdirPath2, testFileName+"1")) assert.Error(t, err) err = client.Remove(path.Join(vdirPath1, testFileName)) assert.NoError(t, err) err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.NoError(t, err) err = sftpUploadFile(testFilePath, path.Join(vdirPath1, testFileName), testFileSize, client) assert.Error(t, err) // now test renames err = client.Rename(testFileName, path.Join(vdirPath1, testFileName)) assert.NoError(t, err) err = client.Rename(path.Join(vdirPath1, testFileName), path.Join(vdirPath1, testFileName+".rename")) assert.NoError(t, err) err = client.Rename(path.Join(vdirPath2, testFileName), path.Join(vdirPath2, testFileName+".rename")) assert.NoError(t, err) err = client.Rename(path.Join(vdirPath2, testFileName+".rename"), testFileName+".rename") assert.Error(t, err) err = client.Rename(path.Join(vdirPath2, testFileName+".rename"), path.Join(vdirPath1, testFileName)) assert.Error(t, err) err = client.Rename(path.Join(vdirPath1, testFileName+".rename"), path.Join(vdirPath2, testFileName)) assert.Error(t, err) err = client.Rename(path.Join(vdirPath1, testFileName+".rename"), testFileName) assert.NoError(t, err) } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) _, err = httpdtest.RemoveFolder(vfs.BaseVirtualFolder{Name: folderName1}, http.StatusOK) assert.NoError(t, err) _, err = httpdtest.RemoveFolder(vfs.BaseVirtualFolder{Name: folderName2}, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) err = os.RemoveAll(mappedPath1) assert.NoError(t, err) err = os.RemoveAll(mappedPath2) assert.NoError(t, err) } err = os.Remove(testFilePath) assert.NoError(t, err) } func TestSFTPLoopSimple(t *testing.T) { usePubKey := false user1 := getTestSFTPUser(usePubKey) user2 := getTestSFTPUser(usePubKey) user1.Username += "1" user2.Username += "2" user1.FsConfig.Provider = sdk.SFTPFilesystemProvider user2.FsConfig.Provider = sdk.SFTPFilesystemProvider user1.FsConfig.SFTPConfig = vfs.SFTPFsConfig{ BaseSFTPFsConfig: sdk.BaseSFTPFsConfig{ Endpoint: sftpServerAddr, Username: user2.Username, }, Password: kms.NewPlainSecret(defaultPassword), } user2.FsConfig.SFTPConfig = vfs.SFTPFsConfig{ BaseSFTPFsConfig: sdk.BaseSFTPFsConfig{ Endpoint: sftpServerAddr, Username: user1.Username, }, Password: kms.NewPlainSecret(defaultPassword), } user1, resp, err := httpdtest.AddUser(user1, http.StatusCreated) assert.NoError(t, err, string(resp)) user2, resp, err = httpdtest.AddUser(user2, http.StatusCreated) assert.NoError(t, err, string(resp)) _, _, err = getSftpClient(user1, usePubKey) assert.Error(t, err) _, _, err = getSftpClient(user2, usePubKey) assert.Error(t, err) user1.FsConfig.SFTPConfig.Username = user1.Username user1.FsConfig.SFTPConfig.Password = kms.NewPlainSecret(defaultPassword) _, _, err = httpdtest.UpdateUser(user1, http.StatusOK, "") assert.NoError(t, err) _, _, err = getSftpClient(user1, usePubKey) assert.Error(t, err) _, err = httpdtest.RemoveUser(user1, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user1.GetHomeDir()) assert.NoError(t, err) _, err = httpdtest.RemoveUser(user2, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user2.GetHomeDir()) assert.NoError(t, err) } func TestSFTPLoopVirtualFolders(t *testing.T) { usePubKey := false sftpFloderName := "sftp" user1 := getTestUser(usePubKey) user2 := getTestSFTPUser(usePubKey) user3 := getTestSFTPUser(usePubKey) user1.Username += "1" user2.Username += "2" user3.Username += "3" // user1 is a local account with a virtual SFTP folder to user2 // user2 has user1 as SFTP fs user1.VirtualFolders = append(user1.VirtualFolders, vfs.VirtualFolder{ BaseVirtualFolder: vfs.BaseVirtualFolder{ Name: sftpFloderName, }, VirtualPath: "/vdir", }) user2.FsConfig.Provider = sdk.SFTPFilesystemProvider user2.FsConfig.SFTPConfig = vfs.SFTPFsConfig{ BaseSFTPFsConfig: sdk.BaseSFTPFsConfig{ Endpoint: sftpServerAddr, Username: user1.Username, }, Password: kms.NewPlainSecret(defaultPassword), } user3.FsConfig.Provider = sdk.SFTPFilesystemProvider user3.FsConfig.SFTPConfig = vfs.SFTPFsConfig{ BaseSFTPFsConfig: sdk.BaseSFTPFsConfig{ Endpoint: sftpServerAddr, Username: user1.Username, }, Password: kms.NewPlainSecret(defaultPassword), } f := vfs.BaseVirtualFolder{ Name: sftpFloderName, FsConfig: vfs.Filesystem{ Provider: sdk.SFTPFilesystemProvider, SFTPConfig: vfs.SFTPFsConfig{ BaseSFTPFsConfig: sdk.BaseSFTPFsConfig{ Endpoint: sftpServerAddr, Username: user2.Username, EqualityCheckMode: 1, }, Password: kms.NewPlainSecret(defaultPassword), }, }, } _, _, err := httpdtest.AddFolder(f, http.StatusCreated) assert.NoError(t, err) user1, resp, err := httpdtest.AddUser(user1, http.StatusCreated) assert.NoError(t, err, string(resp)) user2, resp, err = httpdtest.AddUser(user2, http.StatusCreated) assert.NoError(t, err, string(resp)) user3, resp, err = httpdtest.AddUser(user3, http.StatusCreated) assert.NoError(t, err, string(resp)) // login will work but /vdir will not be accessible conn, client, err := getSftpClient(user1, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() assert.NoError(t, checkBasicSFTP(client)) _, err = client.ReadDir("/vdir") assert.Error(t, err) } // now make user2 a local account with an SFTP virtual folder to user1. // So we have: // user1 -> local account with the SFTP virtual folder /vdir to user2 // user2 -> local account with the SFTP virtual folder /vdir2 to user3 // user3 -> sftp user with user1 as fs user2.FsConfig.Provider = sdk.LocalFilesystemProvider user2.FsConfig.SFTPConfig = vfs.SFTPFsConfig{} user2.VirtualFolders = append(user2.VirtualFolders, vfs.VirtualFolder{ BaseVirtualFolder: vfs.BaseVirtualFolder{ Name: sftpFloderName, FsConfig: vfs.Filesystem{ Provider: sdk.SFTPFilesystemProvider, SFTPConfig: vfs.SFTPFsConfig{ BaseSFTPFsConfig: sdk.BaseSFTPFsConfig{ Endpoint: sftpServerAddr, Username: user3.Username, }, Password: kms.NewPlainSecret(defaultPassword), }, }, }, VirtualPath: "/vdir2", }) user2, _, err = httpdtest.UpdateUser(user2, http.StatusOK, "") assert.NoError(t, err) // login will work but /vdir will not be accessible conn, client, err = getSftpClient(user1, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() assert.NoError(t, checkBasicSFTP(client)) _, err = client.ReadDir("/vdir") assert.Error(t, err) } _, err = httpdtest.RemoveUser(user1, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user1.GetHomeDir()) assert.NoError(t, err) _, err = httpdtest.RemoveUser(user2, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user2.GetHomeDir()) assert.NoError(t, err) _, err = httpdtest.RemoveUser(user3, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user3.GetHomeDir()) assert.NoError(t, err) _, err = httpdtest.RemoveFolder(vfs.BaseVirtualFolder{Name: sftpFloderName}, http.StatusOK) assert.NoError(t, err) } func TestNestedVirtualFolders(t *testing.T) { usePubKey := true baseUser, resp, err := httpdtest.AddUser(getTestUser(usePubKey), http.StatusCreated) assert.NoError(t, err, string(resp)) u := getTestSFTPUser(usePubKey) u.QuotaFiles = 1000 mappedPathCrypt := filepath.Join(os.TempDir(), "crypt") folderNameCrypt := filepath.Base(mappedPathCrypt) vdirCryptPath := "/vdir/crypt" u.VirtualFolders = append(u.VirtualFolders, vfs.VirtualFolder{ BaseVirtualFolder: vfs.BaseVirtualFolder{ Name: folderNameCrypt, }, VirtualPath: vdirCryptPath, QuotaFiles: 100, }) mappedPath := filepath.Join(os.TempDir(), "local") folderName := filepath.Base(mappedPath) vdirPath := "/vdir/local" u.VirtualFolders = append(u.VirtualFolders, vfs.VirtualFolder{ BaseVirtualFolder: vfs.BaseVirtualFolder{ Name: folderName, }, VirtualPath: vdirPath, QuotaFiles: -1, QuotaSize: -1, }) mappedPathNested := filepath.Join(os.TempDir(), "nested") folderNameNested := filepath.Base(mappedPathNested) vdirNestedPath := "/vdir/crypt/nested" u.VirtualFolders = append(u.VirtualFolders, vfs.VirtualFolder{ BaseVirtualFolder: vfs.BaseVirtualFolder{ Name: folderNameNested, }, VirtualPath: vdirNestedPath, QuotaFiles: -1, QuotaSize: -1, }) f1 := vfs.BaseVirtualFolder{ Name: folderNameCrypt, FsConfig: vfs.Filesystem{ Provider: sdk.CryptedFilesystemProvider, CryptConfig: vfs.CryptFsConfig{ Passphrase: kms.NewPlainSecret(defaultPassword), }, }, MappedPath: mappedPathCrypt, } _, _, err = httpdtest.AddFolder(f1, http.StatusCreated) assert.NoError(t, err) f2 := vfs.BaseVirtualFolder{ Name: folderName, MappedPath: mappedPath, } _, _, err = httpdtest.AddFolder(f2, http.StatusCreated) assert.NoError(t, err) f3 := vfs.BaseVirtualFolder{ Name: folderNameNested, MappedPath: mappedPathNested, } _, _, err = httpdtest.AddFolder(f3, http.StatusCreated) assert.NoError(t, err) user, resp, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err, string(resp)) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() expectedQuotaSize := int64(0) expectedQuotaFiles := 0 fileSize := int64(32765) err = writeSFTPFile(testFileName, fileSize, client) assert.NoError(t, err) expectedQuotaSize += fileSize expectedQuotaFiles++ fileSize = 38764 err = writeSFTPFile(path.Join("/vdir", testFileName), fileSize, client) assert.NoError(t, err) expectedQuotaSize += fileSize expectedQuotaFiles++ fileSize = 18769 err = writeSFTPFile(path.Join(vdirPath, testFileName), fileSize, client) assert.NoError(t, err) expectedQuotaSize += fileSize expectedQuotaFiles++ fileSize = 27658 err = writeSFTPFile(path.Join(vdirNestedPath, testFileName), fileSize, client) assert.NoError(t, err) expectedQuotaSize += fileSize expectedQuotaFiles++ fileSize = 39765 err = writeSFTPFile(path.Join(vdirCryptPath, testFileName), fileSize, client) assert.NoError(t, err) userGet, _, err := httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, expectedQuotaFiles, userGet.UsedQuotaFiles) assert.Equal(t, expectedQuotaSize, userGet.UsedQuotaSize) folderGet, _, err := httpdtest.GetFolderByName(folderNameCrypt, http.StatusOK) assert.NoError(t, err) assert.Greater(t, folderGet.UsedQuotaSize, fileSize) assert.Equal(t, 1, folderGet.UsedQuotaFiles) folderGet, _, err = httpdtest.GetFolderByName(folderName, http.StatusOK) assert.NoError(t, err) assert.Equal(t, int64(18769), folderGet.UsedQuotaSize) assert.Equal(t, 1, folderGet.UsedQuotaFiles) folderGet, _, err = httpdtest.GetFolderByName(folderNameNested, http.StatusOK) assert.NoError(t, err) assert.Equal(t, int64(27658), folderGet.UsedQuotaSize) assert.Equal(t, 1, folderGet.UsedQuotaFiles) files, err := client.ReadDir("/") if assert.NoError(t, err) { assert.Len(t, files, 2) } info, err := client.Stat("vdir") if assert.NoError(t, err) { assert.True(t, info.IsDir()) } files, err = client.ReadDir("/vdir") if assert.NoError(t, err) { assert.Len(t, files, 3) } files, err = client.ReadDir(vdirCryptPath) if assert.NoError(t, err) { assert.Len(t, files, 2) } info, err = client.Stat(vdirNestedPath) if assert.NoError(t, err) { assert.True(t, info.IsDir()) } // finally add some files directly using os method and then check quota fName := "testfile" fileSize = 123456 err = createTestFile(filepath.Join(baseUser.HomeDir, fName), fileSize) assert.NoError(t, err) expectedQuotaSize += fileSize expectedQuotaFiles++ fileSize = 8765 err = createTestFile(filepath.Join(mappedPath, fName), fileSize) assert.NoError(t, err) expectedQuotaSize += fileSize expectedQuotaFiles++ fileSize = 98751 err = createTestFile(filepath.Join(mappedPathNested, fName), fileSize) assert.NoError(t, err) expectedQuotaSize += fileSize expectedQuotaFiles++ err = createTestFile(filepath.Join(mappedPathCrypt, fName), fileSize) assert.NoError(t, err) _, err = httpdtest.StartQuotaScan(user, http.StatusAccepted) assert.NoError(t, err) assert.Eventually(t, func() bool { scans, _, err := httpdtest.GetQuotaScans(http.StatusOK) if err == nil { return len(scans) == 0 } return false }, 1*time.Second, 50*time.Millisecond) userGet, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, expectedQuotaFiles, userGet.UsedQuotaFiles) assert.Equal(t, expectedQuotaSize, userGet.UsedQuotaSize) // the crypt folder is not included within user quota so we need to do a separate scan _, err = httpdtest.StartFolderQuotaScan(vfs.BaseVirtualFolder{Name: folderNameCrypt}, http.StatusAccepted) assert.NoError(t, err) assert.Eventually(t, func() bool { scans, _, err := httpdtest.GetFoldersQuotaScans(http.StatusOK) if err == nil { return len(scans) == 0 } return false }, 1*time.Second, 50*time.Millisecond) folderGet, _, err = httpdtest.GetFolderByName(folderNameCrypt, http.StatusOK) assert.NoError(t, err) assert.Greater(t, folderGet.UsedQuotaSize, int64(39765+98751)) assert.Equal(t, 2, folderGet.UsedQuotaFiles) } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) _, err = httpdtest.RemoveFolder(vfs.BaseVirtualFolder{Name: folderNameCrypt}, http.StatusOK) assert.NoError(t, err) _, err = httpdtest.RemoveFolder(vfs.BaseVirtualFolder{Name: folderName}, http.StatusOK) assert.NoError(t, err) _, err = httpdtest.RemoveFolder(vfs.BaseVirtualFolder{Name: folderNameNested}, http.StatusOK) assert.NoError(t, err) _, err = httpdtest.RemoveUser(baseUser, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) err = os.RemoveAll(baseUser.GetHomeDir()) assert.NoError(t, err) err = os.RemoveAll(mappedPathCrypt) assert.NoError(t, err) err = os.RemoveAll(mappedPath) assert.NoError(t, err) err = os.RemoveAll(mappedPathNested) assert.NoError(t, err) } func TestBufferedUser(t *testing.T) { usePubKey := true u := getTestUser(usePubKey) u.QuotaFiles = 1000 u.FsConfig.OSConfig = sdk.OSFsConfig{ WriteBufferSize: 2, ReadBufferSize: 1, } vdirPath := "/crypted" mappedPath := filepath.Join(os.TempDir(), util.GenerateUniqueID()) folderName := filepath.Base(mappedPath) u.VirtualFolders = append(u.VirtualFolders, vfs.VirtualFolder{ BaseVirtualFolder: vfs.BaseVirtualFolder{ Name: folderName, }, VirtualPath: vdirPath, QuotaFiles: -1, QuotaSize: -1, }) f := vfs.BaseVirtualFolder{ Name: folderName, MappedPath: mappedPath, FsConfig: vfs.Filesystem{ Provider: sdk.CryptedFilesystemProvider, CryptConfig: vfs.CryptFsConfig{ OSFsConfig: sdk.OSFsConfig{ WriteBufferSize: 3, ReadBufferSize: 2, }, Passphrase: kms.NewPlainSecret(defaultPassword), }, }, } _, _, err := httpdtest.AddFolder(f, http.StatusCreated) assert.NoError(t, err) user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() expectedQuotaSize := int64(0) expectedQuotaFiles := 0 fileSize := int64(32768) err = writeSFTPFile(testFileName, fileSize, client) assert.NoError(t, err) expectedQuotaSize += fileSize expectedQuotaFiles++ err = writeSFTPFile(path.Join(vdirPath, testFileName), fileSize, client) assert.NoError(t, err) expectedQuotaSize += fileSize expectedQuotaFiles++ user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, expectedQuotaFiles, user.UsedQuotaFiles) assert.Greater(t, user.UsedQuotaSize, expectedQuotaSize) localDownloadPath := filepath.Join(homeBasePath, testDLFileName) err = sftpDownloadFile(testFileName, localDownloadPath, fileSize, client) assert.NoError(t, err) err = sftpDownloadFile(path.Join(vdirPath, testFileName), localDownloadPath, fileSize, client) assert.NoError(t, err) err = os.Remove(localDownloadPath) assert.NoError(t, err) err = client.Remove(testFileName) assert.NoError(t, err) err = client.Remove(path.Join(vdirPath, testFileName)) assert.NoError(t, err) data := []byte("test data") f, err := client.OpenFile(testFileName, os.O_WRONLY|os.O_CREATE) if assert.NoError(t, err) { n, err := f.Write(data) assert.NoError(t, err) assert.Equal(t, len(data), n) err = f.Truncate(2) assert.NoError(t, err) expectedQuotaSize := int64(2) expectedQuotaFiles := 0 user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, expectedQuotaFiles, user.UsedQuotaFiles) assert.Equal(t, expectedQuotaSize, user.UsedQuotaSize) _, err = f.Seek(expectedQuotaSize, io.SeekStart) assert.NoError(t, err) n, err = f.Write(data) assert.NoError(t, err) assert.Equal(t, len(data), n) err = f.Truncate(5) assert.NoError(t, err) expectedQuotaSize = int64(5) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, expectedQuotaFiles, user.UsedQuotaFiles) assert.Equal(t, expectedQuotaSize, user.UsedQuotaSize) _, err = f.Seek(expectedQuotaSize, io.SeekStart) assert.NoError(t, err) n, err = f.Write(data) assert.NoError(t, err) assert.Equal(t, len(data), n) err = f.Close() assert.NoError(t, err) expectedQuotaSize = int64(5) + int64(len(data)) expectedQuotaFiles = 1 user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, expectedQuotaFiles, user.UsedQuotaFiles) assert.Equal(t, expectedQuotaSize, user.UsedQuotaSize) } // now truncate by path err = client.Truncate(testFileName, 5) assert.NoError(t, err) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, 1, user.UsedQuotaFiles) assert.Equal(t, int64(5), user.UsedQuotaSize) } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) _, err = httpdtest.RemoveFolder(vfs.BaseVirtualFolder{Name: folderName}, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(mappedPath) assert.NoError(t, err) } func TestTruncateQuotaLimits(t *testing.T) { usePubKey := true u := getTestUser(usePubKey) u.QuotaSize = 20 mappedPath := filepath.Join(os.TempDir(), "mapped") folderName := filepath.Base(mappedPath) err := os.MkdirAll(mappedPath, os.ModePerm) assert.NoError(t, err) vdirPath := "/vmapped" u.VirtualFolders = append(u.VirtualFolders, vfs.VirtualFolder{ BaseVirtualFolder: vfs.BaseVirtualFolder{ Name: folderName, }, VirtualPath: vdirPath, QuotaFiles: 10, }) f := vfs.BaseVirtualFolder{ Name: folderName, MappedPath: mappedPath, } _, _, err = httpdtest.AddFolder(f, http.StatusCreated) assert.NoError(t, err) localUser, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) u = getTestSFTPUser(usePubKey) u.QuotaSize = 20 sftpUser, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) for _, user := range []dataprovider.User{localUser, sftpUser} { conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() data := []byte("test data") f, err := client.OpenFile(testFileName, os.O_WRONLY|os.O_CREATE) if assert.NoError(t, err) { n, err := f.Write(data) assert.NoError(t, err) assert.Equal(t, len(data), n) err = f.Truncate(2) assert.NoError(t, err) expectedQuotaFiles := 0 expectedQuotaSize := int64(2) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, expectedQuotaFiles, user.UsedQuotaFiles) assert.Equal(t, expectedQuotaSize, user.UsedQuotaSize) _, err = f.Seek(expectedQuotaSize, io.SeekStart) assert.NoError(t, err) n, err = f.Write(data) assert.NoError(t, err) assert.Equal(t, len(data), n) err = f.Truncate(5) assert.NoError(t, err) expectedQuotaSize = int64(5) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, expectedQuotaFiles, user.UsedQuotaFiles) assert.Equal(t, expectedQuotaSize, user.UsedQuotaSize) _, err = f.Seek(expectedQuotaSize, io.SeekStart) assert.NoError(t, err) n, err = f.Write(data) assert.NoError(t, err) assert.Equal(t, len(data), n) err = f.Close() assert.NoError(t, err) expectedQuotaFiles = 1 expectedQuotaSize = int64(5) + int64(len(data)) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, expectedQuotaFiles, user.UsedQuotaFiles) assert.Equal(t, expectedQuotaSize, user.UsedQuotaSize) } // now truncate by path err = client.Truncate(testFileName, 5) assert.NoError(t, err) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, 1, user.UsedQuotaFiles) assert.Equal(t, int64(5), user.UsedQuotaSize) // now open an existing file without truncate it, quota should not change f, err = client.OpenFile(testFileName, os.O_WRONLY) if assert.NoError(t, err) { err = f.Close() assert.NoError(t, err) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, 1, user.UsedQuotaFiles) assert.Equal(t, int64(5), user.UsedQuotaSize) } // open the file truncating it f, err = client.OpenFile(testFileName, os.O_WRONLY|os.O_TRUNC) if assert.NoError(t, err) { err = f.Close() assert.NoError(t, err) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, 1, user.UsedQuotaFiles) assert.Equal(t, int64(0), user.UsedQuotaSize) } // now test max write size f, err = client.OpenFile(testFileName, os.O_WRONLY) if assert.NoError(t, err) { n, err := f.Write(data) assert.NoError(t, err) assert.Equal(t, len(data), n) err = f.Truncate(11) assert.NoError(t, err) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, 1, user.UsedQuotaFiles) assert.Equal(t, int64(11), user.UsedQuotaSize) _, err = f.Seek(int64(11), io.SeekStart) assert.NoError(t, err) n, err = f.Write(data) assert.NoError(t, err) assert.Equal(t, len(data), n) err = f.Truncate(5) assert.NoError(t, err) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, 1, user.UsedQuotaFiles) assert.Equal(t, int64(5), user.UsedQuotaSize) _, err = f.Seek(int64(5), io.SeekStart) assert.NoError(t, err) n, err = f.Write(data) assert.NoError(t, err) assert.Equal(t, len(data), n) err = f.Truncate(12) assert.NoError(t, err) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, 1, user.UsedQuotaFiles) assert.Equal(t, int64(12), user.UsedQuotaSize) _, err = f.Seek(int64(12), io.SeekStart) assert.NoError(t, err) _, err = f.Write(data) if assert.Error(t, err) { assert.Contains(t, err.Error(), common.ErrQuotaExceeded.Error()) } err = f.Close() assert.Error(t, err) // the file is deleted user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, 0, user.UsedQuotaFiles) assert.Equal(t, int64(0), user.UsedQuotaSize) } if user.Username == defaultUsername { // basic test inside a virtual folder vfileName := path.Join(vdirPath, testFileName) f, err = client.OpenFile(vfileName, os.O_WRONLY|os.O_CREATE) if assert.NoError(t, err) { n, err := f.Write(data) assert.NoError(t, err) assert.Equal(t, len(data), n) err = f.Truncate(2) assert.NoError(t, err) expectedQuotaFiles := 0 expectedQuotaSize := int64(2) fold, _, err := httpdtest.GetFolderByName(folderName, http.StatusOK) assert.NoError(t, err) assert.Equal(t, expectedQuotaSize, fold.UsedQuotaSize) assert.Equal(t, expectedQuotaFiles, fold.UsedQuotaFiles) err = f.Close() assert.NoError(t, err) expectedQuotaFiles = 1 fold, _, err = httpdtest.GetFolderByName(folderName, http.StatusOK) assert.NoError(t, err) assert.Equal(t, expectedQuotaSize, fold.UsedQuotaSize) assert.Equal(t, expectedQuotaFiles, fold.UsedQuotaFiles) } err = client.Truncate(vfileName, 1) assert.NoError(t, err) fold, _, err := httpdtest.GetFolderByName(folderName, http.StatusOK) assert.NoError(t, err) assert.Equal(t, int64(1), fold.UsedQuotaSize) assert.Equal(t, 1, fold.UsedQuotaFiles) // cleanup err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) user.Password = defaultPassword user.ID = 0 user.CreatedAt = 0 user.QuotaSize = 0 _, resp, err := httpdtest.AddUser(user, http.StatusCreated) assert.NoError(t, err, string(resp)) } } } _, err = httpdtest.RemoveUser(sftpUser, http.StatusOK) assert.NoError(t, err) _, err = httpdtest.RemoveUser(localUser, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(localUser.GetHomeDir()) assert.NoError(t, err) _, err = httpdtest.RemoveFolder(vfs.BaseVirtualFolder{Name: folderName}, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(mappedPath) assert.NoError(t, err) } func TestVirtualFoldersQuotaRenameOverwrite(t *testing.T) { usePubKey := true testFileSize := int64(131072) testFilePath := filepath.Join(homeBasePath, testFileName) testFileSize1 := int64(65537) testFileName1 := "test_file1.dat" testFilePath1 := filepath.Join(homeBasePath, testFileName1) err := createTestFile(testFilePath, testFileSize) assert.NoError(t, err) err = createTestFile(testFilePath1, testFileSize1) assert.NoError(t, err) u := getTestUser(usePubKey) u.QuotaFiles = 0 u.QuotaSize = 0 mappedPath1 := filepath.Join(os.TempDir(), "vdir1") folderName1 := filepath.Base(mappedPath1) vdirPath1 := "/vdir1" mappedPath2 := filepath.Join(os.TempDir(), "vdir2") folderName2 := filepath.Base(mappedPath2) vdirPath2 := "/vdir2" mappedPath3 := filepath.Join(os.TempDir(), "vdir3") folderName3 := filepath.Base(mappedPath3) vdirPath3 := "/vdir3" u.VirtualFolders = append(u.VirtualFolders, vfs.VirtualFolder{ BaseVirtualFolder: vfs.BaseVirtualFolder{ Name: folderName1, }, VirtualPath: vdirPath1, QuotaFiles: 2, QuotaSize: 0, }) u.VirtualFolders = append(u.VirtualFolders, vfs.VirtualFolder{ BaseVirtualFolder: vfs.BaseVirtualFolder{ Name: folderName2, }, VirtualPath: vdirPath2, QuotaFiles: 0, QuotaSize: testFileSize + testFileSize1 + 1, }) u.VirtualFolders = append(u.VirtualFolders, vfs.VirtualFolder{ BaseVirtualFolder: vfs.BaseVirtualFolder{ Name: folderName3, }, VirtualPath: vdirPath3, QuotaFiles: 2, QuotaSize: testFileSize * 2, }) err = os.MkdirAll(mappedPath1, os.ModePerm) assert.NoError(t, err) err = os.MkdirAll(mappedPath2, os.ModePerm) assert.NoError(t, err) err = os.MkdirAll(mappedPath3, os.ModePerm) assert.NoError(t, err) f1 := vfs.BaseVirtualFolder{ Name: folderName1, MappedPath: mappedPath1, } _, _, err = httpdtest.AddFolder(f1, http.StatusCreated) assert.NoError(t, err) f2 := vfs.BaseVirtualFolder{ Name: folderName2, MappedPath: mappedPath2, } _, _, err = httpdtest.AddFolder(f2, http.StatusCreated) assert.NoError(t, err) f3 := vfs.BaseVirtualFolder{ Name: folderName3, MappedPath: mappedPath3, } _, _, err = httpdtest.AddFolder(f3, http.StatusCreated) assert.NoError(t, err) user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() err = sftpUploadFile(testFilePath, path.Join(vdirPath1, testFileName), testFileSize, client) assert.NoError(t, err) err = sftpUploadFile(testFilePath, path.Join(vdirPath2, testFileName), testFileSize, client) assert.NoError(t, err) err = sftpUploadFile(testFilePath1, path.Join(vdirPath1, testFileName1), testFileSize1, client) assert.NoError(t, err) err = sftpUploadFile(testFilePath1, path.Join(vdirPath2, testFileName1), testFileSize1, client) assert.NoError(t, err) err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.NoError(t, err) err = sftpUploadFile(testFilePath1, testFileName1, testFileSize1, client) assert.NoError(t, err) err = sftpUploadFile(testFilePath, path.Join(vdirPath3, testFileName), testFileSize, client) assert.NoError(t, err) err = sftpUploadFile(testFilePath, path.Join(vdirPath3, testFileName+"1"), testFileSize, client) assert.NoError(t, err) err = client.Rename(testFileName, path.Join(vdirPath1, testFileName+".rename")) assert.Error(t, err) // we overwrite an existing file and we have unlimited size err = client.Rename(testFileName, path.Join(vdirPath1, testFileName)) assert.NoError(t, err) // we have no space and we try to overwrite a bigger file with a smaller one, this should succeed err = client.Rename(testFileName1, path.Join(vdirPath2, testFileName)) assert.NoError(t, err) err = sftpUploadFile(testFilePath, path.Join(vdirPath2, testFileName), testFileSize, client) assert.NoError(t, err) err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.NoError(t, err) // we have no space and we try to overwrite a smaller file with a bigger one, this should fail err = client.Rename(testFileName, path.Join(vdirPath2, testFileName1)) assert.Error(t, err) fi, err := client.Stat(path.Join(vdirPath1, testFileName1)) if assert.NoError(t, err) { assert.Equal(t, testFileSize1, fi.Size()) } // we are overquota inside vdir3 size 2/2 and size 262144/262144 err = client.Rename(path.Join(vdirPath1, testFileName1), path.Join(vdirPath3, testFileName1+".rename")) assert.Error(t, err) // we overwrite an existing file and we have enough size err = client.Rename(path.Join(vdirPath1, testFileName1), path.Join(vdirPath3, testFileName)) assert.NoError(t, err) testFileName2 := "test_file2.dat" testFilePath2 := filepath.Join(homeBasePath, testFileName2) err = createTestFile(testFilePath2, testFileSize+testFileSize1) assert.NoError(t, err) err = sftpUploadFile(testFilePath2, testFileName2, testFileSize+testFileSize1, client) assert.NoError(t, err) // we overwrite an existing file and we haven't enough size err = client.Rename(testFileName2, path.Join(vdirPath3, testFileName)) assert.Error(t, err) err = os.Remove(testFilePath2) assert.NoError(t, err) // now remove a file from vdir3, create a dir with 2 files and try to rename it in vdir3 // this will fail since the rename will result in 3 files inside vdir3 and quota limits only // allow 2 total files there err = client.Remove(path.Join(vdirPath3, testFileName+"1")) assert.NoError(t, err) aDir := "a dir" err = client.Mkdir(aDir) assert.NoError(t, err) err = sftpUploadFile(testFilePath1, path.Join(aDir, testFileName1), testFileSize1, client) assert.NoError(t, err) err = sftpUploadFile(testFilePath1, path.Join(aDir, testFileName1+"1"), testFileSize1, client) assert.NoError(t, err) err = client.Rename(aDir, path.Join(vdirPath3, aDir)) assert.Error(t, err) } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) _, err = httpdtest.RemoveFolder(vfs.BaseVirtualFolder{Name: folderName1}, http.StatusOK) assert.NoError(t, err) _, err = httpdtest.RemoveFolder(vfs.BaseVirtualFolder{Name: folderName2}, http.StatusOK) assert.NoError(t, err) _, err = httpdtest.RemoveFolder(vfs.BaseVirtualFolder{Name: folderName3}, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) err = os.RemoveAll(mappedPath1) assert.NoError(t, err) err = os.RemoveAll(mappedPath2) assert.NoError(t, err) err = os.RemoveAll(mappedPath3) assert.NoError(t, err) err = os.Remove(testFilePath) assert.NoError(t, err) err = os.Remove(testFilePath1) assert.NoError(t, err) } func TestVirtualFoldersQuotaValues(t *testing.T) { usePubKey := false u := getTestUser(usePubKey) u.QuotaFiles = 100 mappedPath1 := filepath.Join(os.TempDir(), "vdir1") vdirPath1 := "/vdir1" //nolint:goconst folderName1 := filepath.Base(mappedPath1) mappedPath2 := filepath.Join(os.TempDir(), "vdir2") vdirPath2 := "/vdir2" //nolint:goconst folderName2 := filepath.Base(mappedPath2) u.VirtualFolders = append(u.VirtualFolders, vfs.VirtualFolder{ BaseVirtualFolder: vfs.BaseVirtualFolder{ Name: folderName1, }, VirtualPath: vdirPath1, // quota is included in the user's one QuotaFiles: -1, QuotaSize: -1, }) u.VirtualFolders = append(u.VirtualFolders, vfs.VirtualFolder{ BaseVirtualFolder: vfs.BaseVirtualFolder{ Name: folderName2, }, VirtualPath: vdirPath2, // quota is unlimited and excluded from user's one QuotaFiles: 0, QuotaSize: 0, }) err := os.MkdirAll(mappedPath1, os.ModePerm) assert.NoError(t, err) err = os.MkdirAll(mappedPath2, os.ModePerm) assert.NoError(t, err) f1 := vfs.BaseVirtualFolder{ Name: folderName1, MappedPath: mappedPath1, } _, _, err = httpdtest.AddFolder(f1, http.StatusCreated) assert.NoError(t, err) f2 := vfs.BaseVirtualFolder{ Name: folderName2, MappedPath: mappedPath2, } _, _, err = httpdtest.AddFolder(f2, http.StatusCreated) assert.NoError(t, err) user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() testFileSize := int64(131072) testFilePath := filepath.Join(homeBasePath, testFileName) err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.NoError(t, err) // we copy the same file two times to test quota update on file overwrite err = sftpUploadFile(testFilePath, path.Join(vdirPath1, testFileName), testFileSize, client) assert.NoError(t, err) err = sftpUploadFile(testFilePath, path.Join(vdirPath1, testFileName), testFileSize, client) assert.NoError(t, err) err = sftpUploadFile(testFilePath, path.Join(vdirPath2, testFileName), testFileSize, client) assert.NoError(t, err) err = sftpUploadFile(testFilePath, path.Join(vdirPath2, testFileName), testFileSize, client) assert.NoError(t, err) expectedQuotaFiles := 2 expectedQuotaSize := testFileSize * 2 user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, expectedQuotaFiles, user.UsedQuotaFiles) assert.Equal(t, expectedQuotaSize, user.UsedQuotaSize) f, _, err := httpdtest.GetFolderByName(folderName1, http.StatusOK) assert.NoError(t, err) assert.Equal(t, testFileSize, f.UsedQuotaSize) assert.Equal(t, 1, f.UsedQuotaFiles) f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK) assert.NoError(t, err) assert.Equal(t, testFileSize, f.UsedQuotaSize) assert.Equal(t, 1, f.UsedQuotaFiles) err = client.Remove(path.Join(vdirPath1, testFileName)) assert.NoError(t, err) err = client.Remove(path.Join(vdirPath2, testFileName)) assert.NoError(t, err) f, _, err = httpdtest.GetFolderByName(folderName1, http.StatusOK) assert.NoError(t, err) assert.Equal(t, int64(0), f.UsedQuotaSize) assert.Equal(t, 0, f.UsedQuotaFiles) f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK) assert.NoError(t, err) assert.Equal(t, int64(0), f.UsedQuotaSize) assert.Equal(t, 0, f.UsedQuotaFiles) err = os.Remove(testFilePath) assert.NoError(t, err) } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) _, err = httpdtest.RemoveFolder(vfs.BaseVirtualFolder{Name: folderName1}, http.StatusOK) assert.NoError(t, err) _, err = httpdtest.RemoveFolder(vfs.BaseVirtualFolder{Name: folderName2}, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) err = os.RemoveAll(mappedPath1) assert.NoError(t, err) err = os.RemoveAll(mappedPath2) assert.NoError(t, err) } func TestQuotaRenameInsideSameVirtualFolder(t *testing.T) { usePubKey := false u := getTestUser(usePubKey) u.QuotaFiles = 100 mappedPath1 := filepath.Join(os.TempDir(), "vdir1") vdirPath1 := "/vdir1" folderName1 := filepath.Base(mappedPath1) mappedPath2 := filepath.Join(os.TempDir(), "vdir2") vdirPath2 := "/vdir2" folderName2 := filepath.Base(mappedPath2) u.VirtualFolders = append(u.VirtualFolders, vfs.VirtualFolder{ BaseVirtualFolder: vfs.BaseVirtualFolder{ Name: folderName1, }, VirtualPath: vdirPath1, // quota is included in the user's one QuotaFiles: -1, QuotaSize: -1, }) u.VirtualFolders = append(u.VirtualFolders, vfs.VirtualFolder{ BaseVirtualFolder: vfs.BaseVirtualFolder{ Name: folderName2, }, VirtualPath: vdirPath2, // quota is unlimited and excluded from user's one QuotaFiles: 0, QuotaSize: 0, }) f1 := vfs.BaseVirtualFolder{ Name: folderName1, MappedPath: mappedPath1, } _, _, err := httpdtest.AddFolder(f1, http.StatusCreated) assert.NoError(t, err) f2 := vfs.BaseVirtualFolder{ Name: folderName2, MappedPath: mappedPath2, } _, _, err = httpdtest.AddFolder(f2, http.StatusCreated) assert.NoError(t, err) err = os.MkdirAll(mappedPath1, os.ModePerm) assert.NoError(t, err) err = os.MkdirAll(mappedPath2, os.ModePerm) assert.NoError(t, err) user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() testFileName1 := "test_file1.dat" testFileSize := int64(131072) testFileSize1 := int64(65535) testFilePath := filepath.Join(homeBasePath, testFileName) testFilePath1 := filepath.Join(homeBasePath, testFileName1) dir1 := "dir1" //nolint:goconst dir2 := "dir2" //nolint:goconst err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) err = createTestFile(testFilePath1, testFileSize1) assert.NoError(t, err) err = client.Mkdir(path.Join(vdirPath1, dir1)) assert.NoError(t, err) err = client.Mkdir(path.Join(vdirPath1, dir2)) assert.NoError(t, err) err = client.Mkdir(path.Join(vdirPath2, dir1)) assert.NoError(t, err) err = client.Mkdir(path.Join(vdirPath2, dir2)) assert.NoError(t, err) err = sftpUploadFile(testFilePath, path.Join(vdirPath1, dir1, testFileName), testFileSize, client) assert.NoError(t, err) err = sftpUploadFile(testFilePath1, path.Join(vdirPath1, dir2, testFileName1), testFileSize1, client) assert.NoError(t, err) err = sftpUploadFile(testFilePath, path.Join(vdirPath2, dir1, testFileName), testFileSize, client) assert.NoError(t, err) err = sftpUploadFile(testFilePath1, path.Join(vdirPath2, dir2, testFileName1), testFileSize1, client) assert.NoError(t, err) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, 2, user.UsedQuotaFiles) assert.Equal(t, testFileSize+testFileSize1, user.UsedQuotaSize) f, _, err := httpdtest.GetFolderByName(folderName1, http.StatusOK) assert.NoError(t, err) assert.Equal(t, testFileSize+testFileSize1, f.UsedQuotaSize) assert.Equal(t, 2, f.UsedQuotaFiles) f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK) assert.NoError(t, err) assert.Equal(t, testFileSize+testFileSize1, f.UsedQuotaSize) assert.Equal(t, 2, f.UsedQuotaFiles) // initial files: // - vdir1/dir1/testFileName // - vdir1/dir2/testFileName1 // - vdir2/dir1/testFileName // - vdir2/dir2/testFileName1 // // rename a file inside vdir1 it is included inside user quota, so we have: // - vdir1/dir1/testFileName.rename // - vdir1/dir2/testFileName1 // - vdir2/dir1/testFileName // - vdir2/dir2/testFileName1 err = client.Rename(path.Join(vdirPath1, dir1, testFileName), path.Join(vdirPath1, dir1, testFileName+".rename")) assert.NoError(t, err) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, 2, user.UsedQuotaFiles) assert.Equal(t, testFileSize+testFileSize1, user.UsedQuotaSize) f, _, err = httpdtest.GetFolderByName(folderName1, http.StatusOK) assert.NoError(t, err) assert.Equal(t, testFileSize+testFileSize1, f.UsedQuotaSize) assert.Equal(t, 2, f.UsedQuotaFiles) // rename a file inside vdir2, it isn't included inside user quota, so we have: // - vdir1/dir1/testFileName.rename // - vdir1/dir2/testFileName1 // - vdir2/dir1/testFileName.rename // - vdir2/dir2/testFileName1 err = client.Rename(path.Join(vdirPath2, dir1, testFileName), path.Join(vdirPath2, dir1, testFileName+".rename")) assert.NoError(t, err) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, 2, user.UsedQuotaFiles) assert.Equal(t, testFileSize+testFileSize1, user.UsedQuotaSize) f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK) assert.NoError(t, err) assert.Equal(t, testFileSize+testFileSize1, f.UsedQuotaSize) assert.Equal(t, 2, f.UsedQuotaFiles) f, _, err = httpdtest.GetFolderByName(folderName1, http.StatusOK) assert.NoError(t, err) assert.Equal(t, testFileSize+testFileSize1, f.UsedQuotaSize) assert.Equal(t, 2, f.UsedQuotaFiles) // rename a file inside vdir2 overwriting an existing, we now have: // - vdir1/dir1/testFileName.rename // - vdir1/dir2/testFileName1 // - vdir2/dir1/testFileName.rename (initial testFileName1) err = client.Rename(path.Join(vdirPath2, dir2, testFileName1), path.Join(vdirPath2, dir1, testFileName+".rename")) assert.NoError(t, err) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, 2, user.UsedQuotaFiles) assert.Equal(t, testFileSize+testFileSize1, user.UsedQuotaSize) f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK) assert.NoError(t, err) assert.Equal(t, testFileSize1, f.UsedQuotaSize) assert.Equal(t, 1, f.UsedQuotaFiles) f, _, err = httpdtest.GetFolderByName(folderName1, http.StatusOK) assert.NoError(t, err) assert.Equal(t, testFileSize+testFileSize1, f.UsedQuotaSize) assert.Equal(t, 2, f.UsedQuotaFiles) // rename a file inside vdir1 overwriting an existing, we now have: // - vdir1/dir1/testFileName.rename (initial testFileName1) // - vdir2/dir1/testFileName.rename (initial testFileName1) err = client.Rename(path.Join(vdirPath1, dir2, testFileName1), path.Join(vdirPath1, dir1, testFileName+".rename")) assert.NoError(t, err) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, 1, user.UsedQuotaFiles) assert.Equal(t, testFileSize1, user.UsedQuotaSize) f, _, err = httpdtest.GetFolderByName(folderName1, http.StatusOK) assert.NoError(t, err) assert.Equal(t, testFileSize1, f.UsedQuotaSize) assert.Equal(t, 1, f.UsedQuotaFiles) f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK) assert.NoError(t, err) assert.Equal(t, testFileSize1, f.UsedQuotaSize) assert.Equal(t, 1, f.UsedQuotaFiles) // rename a directory inside the same virtual folder, quota should not change err = client.RemoveDirectory(path.Join(vdirPath1, dir2)) assert.NoError(t, err) err = client.RemoveDirectory(path.Join(vdirPath2, dir2)) assert.NoError(t, err) err = client.Rename(path.Join(vdirPath1, dir1), path.Join(vdirPath1, dir2)) assert.NoError(t, err) err = client.Rename(path.Join(vdirPath2, dir1), path.Join(vdirPath2, dir2)) assert.NoError(t, err) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, 1, user.UsedQuotaFiles) assert.Equal(t, testFileSize1, user.UsedQuotaSize) f, _, err = httpdtest.GetFolderByName(folderName1, http.StatusOK) assert.NoError(t, err) assert.Equal(t, testFileSize1, f.UsedQuotaSize) assert.Equal(t, 1, f.UsedQuotaFiles) f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK) assert.NoError(t, err) assert.Equal(t, testFileSize1, f.UsedQuotaSize) assert.Equal(t, 1, f.UsedQuotaFiles) err = os.Remove(testFilePath) assert.NoError(t, err) err = os.Remove(testFilePath1) assert.NoError(t, err) } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) _, err = httpdtest.RemoveFolder(vfs.BaseVirtualFolder{Name: folderName1}, http.StatusOK) assert.NoError(t, err) _, err = httpdtest.RemoveFolder(vfs.BaseVirtualFolder{Name: folderName2}, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) err = os.RemoveAll(mappedPath1) assert.NoError(t, err) err = os.RemoveAll(mappedPath2) assert.NoError(t, err) } func TestQuotaRenameBetweenVirtualFolder(t *testing.T) { usePubKey := true u := getTestUser(usePubKey) u.QuotaFiles = 100 mappedPath1 := filepath.Join(os.TempDir(), "vdir1") folderName1 := filepath.Base(mappedPath1) vdirPath1 := "/vdir1" mappedPath2 := filepath.Join(os.TempDir(), "vdir2") folderName2 := filepath.Base(mappedPath2) vdirPath2 := "/vdir2" u.VirtualFolders = append(u.VirtualFolders, vfs.VirtualFolder{ BaseVirtualFolder: vfs.BaseVirtualFolder{ Name: folderName1, }, VirtualPath: vdirPath1, // quota is included in the user's one QuotaFiles: -1, QuotaSize: -1, }) u.VirtualFolders = append(u.VirtualFolders, vfs.VirtualFolder{ BaseVirtualFolder: vfs.BaseVirtualFolder{ Name: folderName2, }, VirtualPath: vdirPath2, // quota is unlimited and excluded from user's one QuotaFiles: 0, QuotaSize: 0, }) err := os.MkdirAll(mappedPath1, os.ModePerm) assert.NoError(t, err) err = os.MkdirAll(mappedPath2, os.ModePerm) assert.NoError(t, err) f1 := vfs.BaseVirtualFolder{ Name: folderName1, MappedPath: mappedPath1, } _, _, err = httpdtest.AddFolder(f1, http.StatusCreated) assert.NoError(t, err) f2 := vfs.BaseVirtualFolder{ Name: folderName2, MappedPath: mappedPath2, } _, _, err = httpdtest.AddFolder(f2, http.StatusCreated) assert.NoError(t, err) user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() testFileName1 := "test_file1.dat" testFileSize := int64(131072) testFileSize1 := int64(65535) testFilePath := filepath.Join(homeBasePath, testFileName) testFilePath1 := filepath.Join(homeBasePath, testFileName1) dir1 := "dir1" dir2 := "dir2" err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) err = createTestFile(testFilePath1, testFileSize1) assert.NoError(t, err) err = client.Mkdir(path.Join(vdirPath1, dir1)) assert.NoError(t, err) err = client.Mkdir(path.Join(vdirPath1, dir2)) assert.NoError(t, err) err = client.Mkdir(path.Join(vdirPath2, dir1)) assert.NoError(t, err) err = client.Mkdir(path.Join(vdirPath2, dir2)) assert.NoError(t, err) err = sftpUploadFile(testFilePath, path.Join(vdirPath1, dir1, testFileName), testFileSize, client) assert.NoError(t, err) err = sftpUploadFile(testFilePath1, path.Join(vdirPath1, dir2, testFileName1), testFileSize1, client) assert.NoError(t, err) err = sftpUploadFile(testFilePath, path.Join(vdirPath2, dir1, testFileName), testFileSize, client) assert.NoError(t, err) err = sftpUploadFile(testFilePath1, path.Join(vdirPath2, dir2, testFileName1), testFileSize1, client) assert.NoError(t, err) // initial files: // - vdir1/dir1/testFileName // - vdir1/dir2/testFileName1 // - vdir2/dir1/testFileName // - vdir2/dir2/testFileName1 // // rename a file from vdir1 to vdir2, vdir1 is included inside user quota, so we have: // - vdir1/dir1/testFileName // - vdir2/dir1/testFileName // - vdir2/dir2/testFileName1 // - vdir2/dir1/testFileName1.rename err = client.Rename(path.Join(vdirPath1, dir2, testFileName1), path.Join(vdirPath2, dir1, testFileName1+".rename")) assert.NoError(t, err) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, 1, user.UsedQuotaFiles) assert.Equal(t, testFileSize, user.UsedQuotaSize) f, _, err := httpdtest.GetFolderByName(folderName1, http.StatusOK) assert.NoError(t, err) assert.Equal(t, testFileSize, f.UsedQuotaSize) assert.Equal(t, 1, f.UsedQuotaFiles) f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK) assert.NoError(t, err) assert.Equal(t, testFileSize+testFileSize1+testFileSize1, f.UsedQuotaSize) assert.Equal(t, 3, f.UsedQuotaFiles) // rename a file from vdir2 to vdir1, vdir2 is not included inside user quota, so we have: // - vdir1/dir1/testFileName // - vdir1/dir2/testFileName.rename // - vdir2/dir2/testFileName1 // - vdir2/dir1/testFileName1.rename err = client.Rename(path.Join(vdirPath2, dir1, testFileName), path.Join(vdirPath1, dir2, testFileName+".rename")) assert.NoError(t, err) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, 2, user.UsedQuotaFiles) assert.Equal(t, testFileSize*2, user.UsedQuotaSize) f, _, err = httpdtest.GetFolderByName(folderName1, http.StatusOK) assert.NoError(t, err) assert.Equal(t, testFileSize*2, f.UsedQuotaSize) assert.Equal(t, 2, f.UsedQuotaFiles) f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK) assert.NoError(t, err) assert.Equal(t, testFileSize1*2, f.UsedQuotaSize) assert.Equal(t, 2, f.UsedQuotaFiles) // rename a file from vdir1 to vdir2 overwriting an existing file, vdir1 is included inside user quota, so we have: // - vdir1/dir2/testFileName.rename // - vdir2/dir2/testFileName1 (is the initial testFileName) // - vdir2/dir1/testFileName1.rename err = client.Rename(path.Join(vdirPath1, dir1, testFileName), path.Join(vdirPath2, dir2, testFileName1)) assert.NoError(t, err) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, 1, user.UsedQuotaFiles) assert.Equal(t, testFileSize, user.UsedQuotaSize) f, _, err = httpdtest.GetFolderByName(folderName1, http.StatusOK) assert.NoError(t, err) assert.Equal(t, testFileSize, f.UsedQuotaSize) assert.Equal(t, 1, f.UsedQuotaFiles) f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK) assert.NoError(t, err) assert.Equal(t, testFileSize1+testFileSize, f.UsedQuotaSize) assert.Equal(t, 2, f.UsedQuotaFiles) // rename a file from vdir2 to vdir1 overwriting an existing file, vdir2 is not included inside user quota, so we have: // - vdir1/dir2/testFileName.rename (is the initial testFileName1) // - vdir2/dir2/testFileName1 (is the initial testFileName) err = client.Rename(path.Join(vdirPath2, dir1, testFileName1+".rename"), path.Join(vdirPath1, dir2, testFileName+".rename")) assert.NoError(t, err) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, 1, user.UsedQuotaFiles) assert.Equal(t, testFileSize1, user.UsedQuotaSize) f, _, err = httpdtest.GetFolderByName(folderName1, http.StatusOK) assert.NoError(t, err) assert.Equal(t, testFileSize1, f.UsedQuotaSize) assert.Equal(t, 1, f.UsedQuotaFiles) f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK) assert.NoError(t, err) assert.Equal(t, testFileSize, f.UsedQuotaSize) assert.Equal(t, 1, f.UsedQuotaFiles) err = sftpUploadFile(testFilePath, path.Join(vdirPath1, dir2, testFileName), testFileSize, client) assert.NoError(t, err) err = sftpUploadFile(testFilePath1, path.Join(vdirPath2, dir2, testFileName), testFileSize1, client) assert.NoError(t, err) err = sftpUploadFile(testFilePath1, path.Join(vdirPath2, dir2, testFileName+"1.dupl"), testFileSize1, client) assert.NoError(t, err) err = client.RemoveDirectory(path.Join(vdirPath1, dir1)) assert.NoError(t, err) err = client.RemoveDirectory(path.Join(vdirPath2, dir1)) assert.NoError(t, err) // - vdir1/dir2/testFileName.rename (initial testFileName1) // - vdir1/dir2/testFileName // - vdir2/dir2/testFileName1 (initial testFileName) // - vdir2/dir2/testFileName (initial testFileName1) // - vdir2/dir2/testFileName1.dupl // rename directories between the two virtual folders err = client.Rename(path.Join(vdirPath2, dir2), path.Join(vdirPath1, dir1)) assert.NoError(t, err) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, 5, user.UsedQuotaFiles) assert.Equal(t, testFileSize1*3+testFileSize*2, user.UsedQuotaSize) f, _, err = httpdtest.GetFolderByName(folderName1, http.StatusOK) assert.NoError(t, err) assert.Equal(t, testFileSize1*3+testFileSize*2, f.UsedQuotaSize) assert.Equal(t, 5, f.UsedQuotaFiles) f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK) assert.NoError(t, err) assert.Equal(t, int64(0), f.UsedQuotaSize) assert.Equal(t, 0, f.UsedQuotaFiles) // now move on vpath2 err = client.Rename(path.Join(vdirPath1, dir2), path.Join(vdirPath2, dir1)) assert.NoError(t, err) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, 3, user.UsedQuotaFiles) assert.Equal(t, testFileSize1*2+testFileSize, user.UsedQuotaSize) f, _, err = httpdtest.GetFolderByName(folderName1, http.StatusOK) assert.NoError(t, err) assert.Equal(t, testFileSize1*2+testFileSize, f.UsedQuotaSize) assert.Equal(t, 3, f.UsedQuotaFiles) f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK) assert.NoError(t, err) assert.Equal(t, testFileSize+testFileSize1, f.UsedQuotaSize) assert.Equal(t, 2, f.UsedQuotaFiles) err = os.Remove(testFilePath) assert.NoError(t, err) err = os.Remove(testFilePath1) assert.NoError(t, err) } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) _, err = httpdtest.RemoveFolder(vfs.BaseVirtualFolder{Name: folderName1}, http.StatusOK) assert.NoError(t, err) _, err = httpdtest.RemoveFolder(vfs.BaseVirtualFolder{Name: folderName2}, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) err = os.RemoveAll(mappedPath1) assert.NoError(t, err) err = os.RemoveAll(mappedPath2) assert.NoError(t, err) } func TestQuotaRenameFromVirtualFolder(t *testing.T) { usePubKey := false u := getTestUser(usePubKey) u.QuotaFiles = 100 mappedPath1 := filepath.Join(os.TempDir(), "vdir1") folderName1 := filepath.Base(mappedPath1) vdirPath1 := "/vdir1" mappedPath2 := filepath.Join(os.TempDir(), "vdir2") folderName2 := filepath.Base(mappedPath2) vdirPath2 := "/vdir2" u.VirtualFolders = append(u.VirtualFolders, vfs.VirtualFolder{ BaseVirtualFolder: vfs.BaseVirtualFolder{ Name: folderName1, }, VirtualPath: vdirPath1, // quota is included in the user's one QuotaFiles: -1, QuotaSize: -1, }) u.VirtualFolders = append(u.VirtualFolders, vfs.VirtualFolder{ BaseVirtualFolder: vfs.BaseVirtualFolder{ Name: folderName2, }, VirtualPath: vdirPath2, // quota is unlimited and excluded from user's one QuotaFiles: 0, QuotaSize: 0, }) err := os.MkdirAll(mappedPath1, os.ModePerm) assert.NoError(t, err) err = os.MkdirAll(mappedPath2, os.ModePerm) assert.NoError(t, err) f1 := vfs.BaseVirtualFolder{ Name: folderName1, MappedPath: mappedPath1, } _, _, err = httpdtest.AddFolder(f1, http.StatusCreated) assert.NoError(t, err) f2 := vfs.BaseVirtualFolder{ Name: folderName2, MappedPath: mappedPath2, } _, _, err = httpdtest.AddFolder(f2, http.StatusCreated) assert.NoError(t, err) user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() testFileName1 := "test_file1.dat" testFileSize := int64(131072) testFileSize1 := int64(65535) testFilePath := filepath.Join(homeBasePath, testFileName) testFilePath1 := filepath.Join(homeBasePath, testFileName1) dir1 := "dir1" dir2 := "dir2" err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) err = createTestFile(testFilePath1, testFileSize1) assert.NoError(t, err) err = client.Mkdir(path.Join(vdirPath1, dir1)) assert.NoError(t, err) err = client.Mkdir(path.Join(vdirPath1, dir2)) assert.NoError(t, err) err = client.Mkdir(path.Join(vdirPath2, dir1)) assert.NoError(t, err) err = client.Mkdir(path.Join(vdirPath2, dir2)) assert.NoError(t, err) err = sftpUploadFile(testFilePath, path.Join(vdirPath1, dir1, testFileName), testFileSize, client) assert.NoError(t, err) err = sftpUploadFile(testFilePath1, path.Join(vdirPath1, dir2, testFileName1), testFileSize1, client) assert.NoError(t, err) err = sftpUploadFile(testFilePath, path.Join(vdirPath2, dir1, testFileName), testFileSize, client) assert.NoError(t, err) err = sftpUploadFile(testFilePath1, path.Join(vdirPath2, dir2, testFileName1), testFileSize1, client) assert.NoError(t, err) // initial files: // - vdir1/dir1/testFileName // - vdir1/dir2/testFileName1 // - vdir2/dir1/testFileName // - vdir2/dir2/testFileName1 // // rename a file from vdir1 to the user home dir, vdir1 is included in user quota so we have: // - testFileName // - vdir1/dir2/testFileName1 // - vdir2/dir1/testFileName // - vdir2/dir2/testFileName1 err = client.Rename(path.Join(vdirPath1, dir1, testFileName), path.Join(testFileName)) assert.NoError(t, err) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, 2, user.UsedQuotaFiles) assert.Equal(t, testFileSize+testFileSize1, user.UsedQuotaSize) f, _, err := httpdtest.GetFolderByName(folderName1, http.StatusOK) assert.NoError(t, err) assert.Equal(t, testFileSize1, f.UsedQuotaSize) assert.Equal(t, 1, f.UsedQuotaFiles) f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK) assert.NoError(t, err) assert.Equal(t, testFileSize+testFileSize1, f.UsedQuotaSize) assert.Equal(t, 2, f.UsedQuotaFiles) // rename a file from vdir2 to the user home dir, vdir2 is not included in user quota so we have: // - testFileName // - testFileName1 // - vdir1/dir2/testFileName1 // - vdir2/dir1/testFileName err = client.Rename(path.Join(vdirPath2, dir2, testFileName1), path.Join(testFileName1)) assert.NoError(t, err) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, 3, user.UsedQuotaFiles) assert.Equal(t, testFileSize+testFileSize1+testFileSize1, user.UsedQuotaSize) f, _, err = httpdtest.GetFolderByName(folderName1, http.StatusOK) assert.NoError(t, err) assert.Equal(t, testFileSize1, f.UsedQuotaSize) assert.Equal(t, 1, f.UsedQuotaFiles) f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK) assert.NoError(t, err) assert.Equal(t, testFileSize, f.UsedQuotaSize) assert.Equal(t, 1, f.UsedQuotaFiles) // rename a file from vdir1 to the user home dir overwriting an existing file, vdir1 is included in user quota so we have: // - testFileName (initial testFileName1) // - testFileName1 // - vdir2/dir1/testFileName err = client.Rename(path.Join(vdirPath1, dir2, testFileName1), path.Join(testFileName)) assert.NoError(t, err) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, 2, user.UsedQuotaFiles) assert.Equal(t, testFileSize1+testFileSize1, user.UsedQuotaSize) f, _, err = httpdtest.GetFolderByName(folderName1, http.StatusOK) assert.NoError(t, err) assert.Equal(t, int64(0), f.UsedQuotaSize) assert.Equal(t, 0, f.UsedQuotaFiles) f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK) assert.NoError(t, err) assert.Equal(t, testFileSize, f.UsedQuotaSize) assert.Equal(t, 1, f.UsedQuotaFiles) // rename a file from vdir2 to the user home dir overwriting an existing file, vdir2 is not included in user quota so we have: // - testFileName (initial testFileName1) // - testFileName1 (initial testFileName) err = client.Rename(path.Join(vdirPath2, dir1, testFileName), path.Join(testFileName1)) assert.NoError(t, err) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, 2, user.UsedQuotaFiles) assert.Equal(t, testFileSize+testFileSize1, user.UsedQuotaSize) f, _, err = httpdtest.GetFolderByName(folderName1, http.StatusOK) assert.NoError(t, err) assert.Equal(t, int64(0), f.UsedQuotaSize) assert.Equal(t, 0, f.UsedQuotaFiles) f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK) assert.NoError(t, err) assert.Equal(t, int64(0), f.UsedQuotaSize) assert.Equal(t, 0, f.UsedQuotaFiles) // dir rename err = sftpUploadFile(testFilePath, path.Join(vdirPath1, dir1, testFileName), testFileSize, client) assert.NoError(t, err) err = sftpUploadFile(testFilePath1, path.Join(vdirPath1, dir1, testFileName1), testFileSize1, client) assert.NoError(t, err) err = sftpUploadFile(testFilePath, path.Join(vdirPath2, dir1, testFileName), testFileSize, client) assert.NoError(t, err) err = sftpUploadFile(testFilePath1, path.Join(vdirPath2, dir1, testFileName1), testFileSize1, client) assert.NoError(t, err) // - testFileName (initial testFileName1) // - testFileName1 (initial testFileName) // - vdir1/dir1/testFileName // - vdir1/dir1/testFileName1 // - dir1/testFileName // - dir1/testFileName1 err = client.Rename(path.Join(vdirPath2, dir1), dir1) assert.NoError(t, err) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, 6, user.UsedQuotaFiles) assert.Equal(t, testFileSize*3+testFileSize1*3, user.UsedQuotaSize) f, _, err = httpdtest.GetFolderByName(folderName1, http.StatusOK) assert.NoError(t, err) assert.Equal(t, testFileSize+testFileSize1, f.UsedQuotaSize) assert.Equal(t, 2, f.UsedQuotaFiles) f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK) assert.NoError(t, err) assert.Equal(t, int64(0), f.UsedQuotaSize) assert.Equal(t, 0, f.UsedQuotaFiles) // - testFileName (initial testFileName1) // - testFileName1 (initial testFileName) // - dir2/testFileName // - dir2/testFileName1 // - dir1/testFileName // - dir1/testFileName1 err = client.Rename(path.Join(vdirPath1, dir1), dir2) assert.NoError(t, err) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, 6, user.UsedQuotaFiles) assert.Equal(t, testFileSize*3+testFileSize1*3, user.UsedQuotaSize) f, _, err = httpdtest.GetFolderByName(folderName1, http.StatusOK) assert.NoError(t, err) assert.Equal(t, int64(0), f.UsedQuotaSize) assert.Equal(t, 0, f.UsedQuotaFiles) f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK) assert.NoError(t, err) assert.Equal(t, int64(0), f.UsedQuotaSize) assert.Equal(t, 0, f.UsedQuotaFiles) err = os.Remove(testFilePath) assert.NoError(t, err) err = os.Remove(testFilePath1) assert.NoError(t, err) } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) _, err = httpdtest.RemoveFolder(vfs.BaseVirtualFolder{Name: folderName1}, http.StatusOK) assert.NoError(t, err) _, err = httpdtest.RemoveFolder(vfs.BaseVirtualFolder{Name: folderName2}, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) err = os.RemoveAll(mappedPath1) assert.NoError(t, err) err = os.RemoveAll(mappedPath2) assert.NoError(t, err) } func TestQuotaRenameToVirtualFolder(t *testing.T) { usePubKey := true u := getTestUser(usePubKey) u.QuotaFiles = 100 mappedPath1 := filepath.Join(os.TempDir(), "vdir1") folderName1 := filepath.Base(mappedPath1) vdirPath1 := "/vdir1" mappedPath2 := filepath.Join(os.TempDir(), "vdir2") folderName2 := filepath.Base(mappedPath2) vdirPath2 := "/vdir2" u.VirtualFolders = append(u.VirtualFolders, vfs.VirtualFolder{ BaseVirtualFolder: vfs.BaseVirtualFolder{ Name: folderName1, }, VirtualPath: vdirPath1, // quota is included in the user's one QuotaFiles: -1, QuotaSize: -1, }) u.VirtualFolders = append(u.VirtualFolders, vfs.VirtualFolder{ BaseVirtualFolder: vfs.BaseVirtualFolder{ Name: folderName2, }, VirtualPath: vdirPath2, // quota is unlimited and excluded from user's one QuotaFiles: 0, QuotaSize: 0, }) err := os.MkdirAll(mappedPath1, os.ModePerm) assert.NoError(t, err) err = os.MkdirAll(mappedPath2, os.ModePerm) assert.NoError(t, err) f1 := vfs.BaseVirtualFolder{ Name: folderName1, MappedPath: mappedPath1, } _, _, err = httpdtest.AddFolder(f1, http.StatusCreated) assert.NoError(t, err) f2 := vfs.BaseVirtualFolder{ Name: folderName2, MappedPath: mappedPath2, } _, _, err = httpdtest.AddFolder(f2, http.StatusCreated) assert.NoError(t, err) user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() testFileName1 := "test_file1.dat" testFileSize := int64(131072) testFileSize1 := int64(65535) testFilePath := filepath.Join(homeBasePath, testFileName) testFilePath1 := filepath.Join(homeBasePath, testFileName1) dir1 := "dir1" dir2 := "dir2" err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) err = createTestFile(testFilePath1, testFileSize1) assert.NoError(t, err) err = client.Mkdir(path.Join(vdirPath1, dir1)) assert.NoError(t, err) err = client.Mkdir(path.Join(vdirPath1, dir2)) assert.NoError(t, err) err = client.Mkdir(path.Join(vdirPath2, dir1)) assert.NoError(t, err) err = client.Mkdir(path.Join(vdirPath2, dir2)) assert.NoError(t, err) err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.NoError(t, err) err = sftpUploadFile(testFilePath1, testFileName1, testFileSize1, client) assert.NoError(t, err) // initial files: // - testFileName // - testFileName1 // // rename a file from user home dir to vdir1, vdir1 is included in user quota so we have: // - testFileName // - /vdir1/dir1/testFileName1 err = client.Rename(testFileName1, path.Join(vdirPath1, dir1, testFileName1)) assert.NoError(t, err) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, 2, user.UsedQuotaFiles) assert.Equal(t, testFileSize+testFileSize1, user.UsedQuotaSize) f, _, err := httpdtest.GetFolderByName(folderName1, http.StatusOK) assert.NoError(t, err) assert.Equal(t, testFileSize1, f.UsedQuotaSize) assert.Equal(t, 1, f.UsedQuotaFiles) // rename a file from user home dir to vdir2, vdir2 is not included in user quota so we have: // - /vdir2/dir1/testFileName // - /vdir1/dir1/testFileName1 err = client.Rename(testFileName, path.Join(vdirPath2, dir1, testFileName)) assert.NoError(t, err) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, 1, user.UsedQuotaFiles) assert.Equal(t, testFileSize1, user.UsedQuotaSize) f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK) assert.NoError(t, err) assert.Equal(t, testFileSize, f.UsedQuotaSize) assert.Equal(t, 1, f.UsedQuotaFiles) // upload two new files to the user home dir so we have: // - testFileName // - testFileName1 // - /vdir1/dir1/testFileName1 // - /vdir2/dir1/testFileName err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.NoError(t, err) err = sftpUploadFile(testFilePath1, testFileName1, testFileSize1, client) assert.NoError(t, err) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, 3, user.UsedQuotaFiles) assert.Equal(t, testFileSize+testFileSize1+testFileSize1, user.UsedQuotaSize) // rename a file from user home dir to vdir1 overwriting an existing file, vdir1 is included in user quota so we have: // - testFileName1 // - /vdir1/dir1/testFileName1 (initial testFileName) // - /vdir2/dir1/testFileName err = client.Rename(testFileName, path.Join(vdirPath1, dir1, testFileName1)) assert.NoError(t, err) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, 2, user.UsedQuotaFiles) assert.Equal(t, testFileSize+testFileSize1, user.UsedQuotaSize) f, _, err = httpdtest.GetFolderByName(folderName1, http.StatusOK) assert.NoError(t, err) assert.Equal(t, testFileSize, f.UsedQuotaSize) assert.Equal(t, 1, f.UsedQuotaFiles) f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK) assert.NoError(t, err) assert.Equal(t, testFileSize, f.UsedQuotaSize) assert.Equal(t, 1, f.UsedQuotaFiles) // rename a file from user home dir to vdir2 overwriting an existing file, vdir2 is not included in user quota so we have: // - /vdir1/dir1/testFileName1 (initial testFileName) // - /vdir2/dir1/testFileName (initial testFileName1) err = client.Rename(testFileName1, path.Join(vdirPath2, dir1, testFileName)) assert.NoError(t, err) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, 1, user.UsedQuotaFiles) assert.Equal(t, testFileSize, user.UsedQuotaSize) f, _, err = httpdtest.GetFolderByName(folderName1, http.StatusOK) assert.NoError(t, err) assert.Equal(t, testFileSize, f.UsedQuotaSize) assert.Equal(t, 1, f.UsedQuotaFiles) f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK) assert.NoError(t, err) assert.Equal(t, testFileSize1, f.UsedQuotaSize) assert.Equal(t, 1, f.UsedQuotaFiles) err = client.Mkdir(dir1) assert.NoError(t, err) err = sftpUploadFile(testFilePath, path.Join(dir1, testFileName), testFileSize, client) assert.NoError(t, err) err = sftpUploadFile(testFilePath1, path.Join(dir1, testFileName1), testFileSize1, client) assert.NoError(t, err) // - /dir1/testFileName // - /dir1/testFileName1 // - /vdir1/dir1/testFileName1 (initial testFileName) // - /vdir2/dir1/testFileName (initial testFileName1) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, 3, user.UsedQuotaFiles) assert.Equal(t, testFileSize*2+testFileSize1, user.UsedQuotaSize) f, _, err = httpdtest.GetFolderByName(folderName1, http.StatusOK) assert.NoError(t, err) assert.Equal(t, testFileSize, f.UsedQuotaSize) assert.Equal(t, 1, f.UsedQuotaFiles) f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK) assert.NoError(t, err) assert.Equal(t, testFileSize1, f.UsedQuotaSize) assert.Equal(t, 1, f.UsedQuotaFiles) // - /vdir1/adir/testFileName // - /vdir1/adir/testFileName1 // - /vdir1/dir1/testFileName1 (initial testFileName) // - /vdir2/dir1/testFileName (initial testFileName1) err = client.Rename(dir1, path.Join(vdirPath1, "adir")) assert.NoError(t, err) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, 3, user.UsedQuotaFiles) assert.Equal(t, testFileSize*2+testFileSize1, user.UsedQuotaSize) f, _, err = httpdtest.GetFolderByName(folderName1, http.StatusOK) assert.NoError(t, err) assert.Equal(t, testFileSize*2+testFileSize1, f.UsedQuotaSize) assert.Equal(t, 3, f.UsedQuotaFiles) f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK) assert.NoError(t, err) assert.Equal(t, testFileSize1, f.UsedQuotaSize) assert.Equal(t, 1, f.UsedQuotaFiles) err = client.Mkdir(dir1) assert.NoError(t, err) err = sftpUploadFile(testFilePath, path.Join(dir1, testFileName), testFileSize, client) assert.NoError(t, err) err = sftpUploadFile(testFilePath1, path.Join(dir1, testFileName1), testFileSize1, client) assert.NoError(t, err) // - /vdir1/adir/testFileName // - /vdir1/adir/testFileName1 // - /vdir1/dir1/testFileName1 (initial testFileName) // - /vdir2/dir1/testFileName (initial testFileName1) // - /vdir2/adir/testFileName // - /vdir2/adir/testFileName1 err = client.Rename(dir1, path.Join(vdirPath2, "adir")) assert.NoError(t, err) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, 3, user.UsedQuotaFiles) assert.Equal(t, testFileSize*2+testFileSize1, user.UsedQuotaSize) f, _, err = httpdtest.GetFolderByName(folderName1, http.StatusOK) assert.NoError(t, err) assert.Equal(t, testFileSize*2+testFileSize1, f.UsedQuotaSize) assert.Equal(t, 3, f.UsedQuotaFiles) f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK) assert.NoError(t, err) assert.Equal(t, testFileSize1*2+testFileSize, f.UsedQuotaSize) assert.Equal(t, 3, f.UsedQuotaFiles) err = os.Remove(testFilePath) assert.NoError(t, err) err = os.Remove(testFilePath1) assert.NoError(t, err) } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) _, err = httpdtest.RemoveFolder(vfs.BaseVirtualFolder{Name: folderName1}, http.StatusOK) assert.NoError(t, err) _, err = httpdtest.RemoveFolder(vfs.BaseVirtualFolder{Name: folderName2}, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) err = os.RemoveAll(mappedPath1) assert.NoError(t, err) err = os.RemoveAll(mappedPath2) assert.NoError(t, err) } func TestVirtualFoldersLink(t *testing.T) { usePubKey := true u := getTestUser(usePubKey) mappedPath1 := filepath.Join(os.TempDir(), "vdir1") folderName1 := filepath.Base(mappedPath1) vdirPath1 := "/vdir1" mappedPath2 := filepath.Join(os.TempDir(), "vdir2") folderName2 := filepath.Base(mappedPath2) vdirPath2 := "/vdir2" u.VirtualFolders = append(u.VirtualFolders, vfs.VirtualFolder{ BaseVirtualFolder: vfs.BaseVirtualFolder{ Name: folderName1, }, VirtualPath: vdirPath1, // quota is included in the user's one QuotaFiles: -1, QuotaSize: -1, }) u.VirtualFolders = append(u.VirtualFolders, vfs.VirtualFolder{ BaseVirtualFolder: vfs.BaseVirtualFolder{ Name: folderName2, }, VirtualPath: vdirPath2, // quota is unlimited and excluded from user's one QuotaFiles: 0, QuotaSize: 0, }) err := os.MkdirAll(mappedPath1, os.ModePerm) assert.NoError(t, err) err = os.MkdirAll(mappedPath2, os.ModePerm) assert.NoError(t, err) f1 := vfs.BaseVirtualFolder{ Name: folderName1, MappedPath: mappedPath1, } _, _, err = httpdtest.AddFolder(f1, http.StatusCreated) assert.NoError(t, err) f2 := vfs.BaseVirtualFolder{ Name: folderName2, MappedPath: mappedPath2, } _, _, err = httpdtest.AddFolder(f2, http.StatusCreated) assert.NoError(t, err) user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() testFileSize := int64(131072) testFilePath := filepath.Join(homeBasePath, testFileName) testDir := "adir" err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.NoError(t, err) err = sftpUploadFile(testFilePath, path.Join(vdirPath1, testFileName), testFileSize, client) assert.NoError(t, err) err = sftpUploadFile(testFilePath, path.Join(vdirPath2, testFileName), testFileSize, client) assert.NoError(t, err) err = client.Mkdir(path.Join(vdirPath1, testDir)) assert.NoError(t, err) err = client.Mkdir(path.Join(vdirPath2, testDir)) assert.NoError(t, err) err = client.Symlink(testFileName, testFileName+".link") assert.NoError(t, err) err = client.Symlink(path.Join(vdirPath1, testFileName), path.Join(vdirPath1, testFileName+".link")) assert.NoError(t, err) err = client.Symlink(path.Join(vdirPath1, testFileName), path.Join(vdirPath1, testDir, testFileName+".link")) assert.NoError(t, err) err = client.Symlink(path.Join(vdirPath2, testFileName), path.Join(vdirPath2, testFileName+".link")) assert.NoError(t, err) err = client.Symlink(path.Join(vdirPath2, testFileName), path.Join(vdirPath2, testDir, testFileName+".link")) assert.NoError(t, err) err = client.Symlink(path.Join("/", testFileName), path.Join(vdirPath1, testFileName+".link1")) //nolint:goconst assert.Error(t, err) err = client.Symlink(path.Join("/", testFileName), path.Join(vdirPath1, testDir, testFileName+".link1")) assert.Error(t, err) err = client.Symlink(path.Join("/", testFileName), path.Join(vdirPath2, testFileName+".link1")) assert.Error(t, err) err = client.Symlink(path.Join("/", testFileName), path.Join(vdirPath2, testDir, testFileName+".link1")) assert.Error(t, err) err = client.Symlink(path.Join(vdirPath1, testFileName), testFileName+".link1") assert.Error(t, err) err = client.Symlink(path.Join(vdirPath2, testFileName), testFileName+".link1") assert.Error(t, err) err = client.Symlink(path.Join(vdirPath1, testFileName), path.Join(vdirPath2, testDir, testFileName+".link1")) assert.Error(t, err) err = client.Symlink(path.Join(vdirPath2, testFileName), path.Join(vdirPath1, testFileName+".link1")) assert.Error(t, err) err = os.Remove(testFilePath) assert.NoError(t, err) } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) _, err = httpdtest.RemoveFolder(vfs.BaseVirtualFolder{Name: folderName1}, http.StatusOK) assert.NoError(t, err) _, err = httpdtest.RemoveFolder(vfs.BaseVirtualFolder{Name: folderName2}, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) err = os.RemoveAll(mappedPath1) assert.NoError(t, err) err = os.RemoveAll(mappedPath2) assert.NoError(t, err) } func TestVirtualFolderQuotaScan(t *testing.T) { mappedPath := filepath.Join(os.TempDir(), "mapped_dir") folderName := filepath.Base(mappedPath) err := os.MkdirAll(mappedPath, os.ModePerm) assert.NoError(t, err) testFileSize := int64(65535) testFilePath := filepath.Join(mappedPath, testFileName) err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) expectedQuotaSize := testFileSize expectedQuotaFiles := 1 folder, _, err := httpdtest.AddFolder(vfs.BaseVirtualFolder{ Name: folderName, MappedPath: mappedPath, }, http.StatusCreated) assert.NoError(t, err) _, err = httpdtest.StartFolderQuotaScan(folder, http.StatusAccepted) assert.NoError(t, err) assert.Eventually(t, func() bool { scans, _, err := httpdtest.GetFoldersQuotaScans(http.StatusOK) if err == nil { return len(scans) == 0 } return false }, 1*time.Second, 50*time.Millisecond) folder, _, err = httpdtest.GetFolderByName(folderName, http.StatusOK) assert.NoError(t, err) assert.Equal(t, expectedQuotaFiles, folder.UsedQuotaFiles) assert.Equal(t, expectedQuotaSize, folder.UsedQuotaSize) _, err = httpdtest.RemoveFolder(folder, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(mappedPath) assert.NoError(t, err) } func TestVFolderMultipleQuotaScan(t *testing.T) { folderName := "folder_name" res := common.QuotaScans.AddVFolderQuotaScan(folderName) assert.True(t, res) res = common.QuotaScans.AddVFolderQuotaScan(folderName) assert.False(t, res) res = common.QuotaScans.RemoveVFolderQuotaScan(folderName) assert.True(t, res) activeScans := common.QuotaScans.GetVFoldersQuotaScans() assert.Len(t, activeScans, 0) res = common.QuotaScans.RemoveVFolderQuotaScan(folderName) assert.False(t, res) } func TestVFolderQuotaSize(t *testing.T) { usePubKey := false u := getTestUser(usePubKey) testFileSize := int64(131072) u.QuotaFiles = 1 u.QuotaSize = testFileSize + 1 mappedPath1 := filepath.Join(os.TempDir(), "vdir1") folderName1 := filepath.Base(mappedPath1) vdirPath1 := "/vpath1" mappedPath2 := filepath.Join(os.TempDir(), "vdir2") folderName2 := filepath.Base(mappedPath2) vdirPath2 := "/vpath2" u.VirtualFolders = append(u.VirtualFolders, vfs.VirtualFolder{ BaseVirtualFolder: vfs.BaseVirtualFolder{ Name: folderName1, }, VirtualPath: vdirPath1, // quota is included in the user's one QuotaFiles: -1, QuotaSize: -1, }) u.VirtualFolders = append(u.VirtualFolders, vfs.VirtualFolder{ BaseVirtualFolder: vfs.BaseVirtualFolder{ Name: folderName2, }, VirtualPath: vdirPath2, QuotaFiles: 1, QuotaSize: testFileSize * 2, }) err := os.MkdirAll(mappedPath1, os.ModePerm) assert.NoError(t, err) err = os.MkdirAll(mappedPath2, os.ModePerm) assert.NoError(t, err) testFilePath := filepath.Join(homeBasePath, testFileName) err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) f1 := vfs.BaseVirtualFolder{ Name: folderName1, MappedPath: mappedPath1, } _, _, err = httpdtest.AddFolder(f1, http.StatusCreated) assert.NoError(t, err) f2 := vfs.BaseVirtualFolder{ Name: folderName2, MappedPath: mappedPath2, } _, _, err = httpdtest.AddFolder(f2, http.StatusCreated) assert.NoError(t, err) user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.NoError(t, err) // vdir1 is included in the user quota so upload must fail err = sftpUploadFile(testFilePath, path.Join(vdirPath1, testFileName), testFileSize, client) assert.Error(t, err) // upload to vdir2 must work, it has its own quota err = sftpUploadFile(testFilePath, path.Join(vdirPath2, testFileName), testFileSize, client) assert.NoError(t, err) // now vdir2 is over quota err = sftpUploadFile(testFilePath, path.Join(vdirPath2, testFileName+".quota"), testFileSize, client) assert.Error(t, err) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, 1, user.UsedQuotaFiles) assert.Equal(t, testFileSize, user.UsedQuotaSize) // remove a file err = client.Remove(testFileName) assert.NoError(t, err) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, 0, user.UsedQuotaFiles) assert.Equal(t, int64(0), user.UsedQuotaSize) // upload to vdir1 must work now err = sftpUploadFile(testFilePath, path.Join(vdirPath1, testFileName), testFileSize, client) assert.NoError(t, err) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, 1, user.UsedQuotaFiles) assert.Equal(t, testFileSize, user.UsedQuotaSize) f, _, err := httpdtest.GetFolderByName(folderName1, http.StatusOK) assert.NoError(t, err) assert.Equal(t, testFileSize, f.UsedQuotaSize) assert.Equal(t, 1, f.UsedQuotaFiles) f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK) assert.NoError(t, err) assert.Equal(t, testFileSize, f.UsedQuotaSize) assert.Equal(t, 1, f.UsedQuotaFiles) } // now create another user with the same shared folder but a different quota limit u.Username = defaultUsername + "1" u.VirtualFolders = nil u.VirtualFolders = append(u.VirtualFolders, vfs.VirtualFolder{ BaseVirtualFolder: vfs.BaseVirtualFolder{ Name: folderName2, MappedPath: mappedPath2, }, VirtualPath: vdirPath2, QuotaFiles: 10, QuotaSize: testFileSize*2 + 1, }) user1, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) conn, client, err = getSftpClient(user1, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() err = sftpUploadFile(testFilePath, path.Join(vdirPath2, testFileName+".quota"), testFileSize, client) assert.NoError(t, err) // the folder is now over quota for size but not for files err = sftpUploadFile(testFilePath, path.Join(vdirPath2, testFileName+".quota1"), testFileSize, client) assert.Error(t, err) } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) _, err = httpdtest.RemoveUser(user1, http.StatusOK) assert.NoError(t, err) _, err = httpdtest.RemoveFolder(vfs.BaseVirtualFolder{Name: folderName1}, http.StatusOK) assert.NoError(t, err) _, err = httpdtest.RemoveFolder(vfs.BaseVirtualFolder{Name: folderName2}, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) err = os.RemoveAll(mappedPath1) assert.NoError(t, err) err = os.RemoveAll(mappedPath2) assert.NoError(t, err) } func TestMissingFile(t *testing.T) { usePubKey := false u := getTestUser(usePubKey) user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() localDownloadPath := filepath.Join(homeBasePath, testDLFileName) err = sftpDownloadFile("missing_file", localDownloadPath, 0, client) assert.Error(t, err, "download missing file must fail") err = os.Remove(localDownloadPath) assert.NoError(t, err) } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) } func TestOpenError(t *testing.T) { if runtime.GOOS == osWindows { t.Skip("this test is not available on Windows") } usePubKey := false u := getTestUser(usePubKey) user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() err = os.Chmod(user.GetHomeDir(), 0001) assert.NoError(t, err) _, err = client.ReadDir(".") assert.Error(t, err, "read dir must fail if we have no filesystem read permissions") err = os.Chmod(user.GetHomeDir(), os.ModePerm) assert.NoError(t, err) testFileSize := int64(65535) testFilePath := filepath.Join(user.GetHomeDir(), testFileName) err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) _, err = client.Stat(testFileName) assert.NoError(t, err) localDownloadPath := filepath.Join(homeBasePath, testDLFileName) err = sftpDownloadFile(testFileName, localDownloadPath, testFileSize, client) assert.NoError(t, err) err = os.Chmod(testFilePath, 0001) assert.NoError(t, err) err = sftpDownloadFile(testFileName, localDownloadPath, testFileSize, client) assert.Error(t, err, "file download must fail if we have no filesystem read permissions") err = sftpUploadFile(localDownloadPath, testFileName, testFileSize, client) assert.Error(t, err, "upload must fail if we have no filesystem write permissions") testDir := "test" err = client.Mkdir(testDir) assert.NoError(t, err) err = createTestFile(filepath.Join(user.GetHomeDir(), testDir, testFileName), testFileSize) assert.NoError(t, err) err = os.Chmod(user.GetHomeDir(), 0000) assert.NoError(t, err) _, err = client.Lstat(testFileName) assert.Error(t, err, "file stat must fail if we have no filesystem read permissions") err = sftpUploadFile(localDownloadPath, path.Join(testDir, testFileName), testFileSize, client) assert.ErrorIs(t, err, os.ErrPermission) _, err = client.ReadLink(testFileName) assert.ErrorIs(t, err, os.ErrPermission) err = client.Remove(testFileName) assert.ErrorIs(t, err, os.ErrPermission) err = os.Chmod(user.GetHomeDir(), os.ModePerm) assert.NoError(t, err) err = os.Chmod(filepath.Join(user.GetHomeDir(), testDir), 0000) assert.NoError(t, err) err = client.Rename(testFileName, path.Join(testDir, testFileName)) assert.True(t, errors.Is(err, fs.ErrPermission)) err = os.Chmod(filepath.Join(user.GetHomeDir(), testDir), os.ModePerm) assert.NoError(t, err) err = os.Remove(localDownloadPath) assert.NoError(t, err) } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) } func TestOverwriteDirWithFile(t *testing.T) { usePubKey := false u := getTestUser(usePubKey) user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() testFileSize := int64(65535) testDirName := "test_dir" //nolint:goconst testFilePath := filepath.Join(homeBasePath, testFileName) err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) err = client.Mkdir(testDirName) assert.NoError(t, err) err = sftpUploadFile(testFilePath, testDirName, testFileSize, client) assert.Error(t, err, "copying a file over an existing dir must fail") err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.NoError(t, err) err = client.Rename(testFileName, testDirName) assert.Error(t, err, "rename a file over an existing dir must fail") err = client.RemoveDirectory(testDirName) assert.NoError(t, err) err = client.Remove(testFileName) assert.NoError(t, err) err = os.Remove(testFilePath) assert.NoError(t, err) } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) } func TestHashedPasswords(t *testing.T) { usePubKey := false plainPwd := "password" pwdMapping := make(map[string]string) pwdMapping["$argon2id$v=19$m=65536,t=3,p=2$xtcO/oRkC8O2Tn+mryl2mw$O7bn24f2kuSGRMi9s5Cm61Wqd810px1jDsAasrGWkzQ"] = plainPwd pwdMapping["$pbkdf2-sha1$150000$DveVjgYUD05R$X6ydQZdyMeOvpgND2nqGR/0GGic="] = plainPwd pwdMapping["$pbkdf2-sha256$150000$E86a9YMX3zC7$R5J62hsSq+pYw00hLLPKBbcGXmq7fj5+/M0IFoYtZbo="] = plainPwd pwdMapping["$pbkdf2-sha512$150000$dsu7T5R3IaVQ$1hFXPO1ntRBcoWkSLKw+s4sAP09Xtu4Ya7CyxFq64jM9zdUg8eRJVr3NcR2vQgb0W9HHvZaILHsL4Q/Vr6arCg=="] = plainPwd pwdMapping["$1$b5caebda$VODr/nyhGWgZaY8sJ4x05."] = plainPwd pwdMapping["$2a$14$ajq8Q7fbtFRQvXpdCq7Jcuy.Rx1h/L4J60Otx.gyNLbAYctGMJ9tK"] = "secret" pwdMapping["$6$459ead56b72e44bc$uog86fUxscjt28BZxqFBE2pp2QD8P/1e98MNF75Z9xJfQvOckZnQ/1YJqiq1XeytPuDieHZvDAMoP7352ELkO1"] = "secret" pwdMapping["$5$h4Aalt0fJdGX8sgv$Rd2ew0fvgzUN.DzAVlKa9QL4q/DZWo4SsKpB9.3AyZ/"] = plainPwd pwdMapping["$apr1$OBWLeSme$WoJbB736e7kKxMBIAqilb1"] = plainPwd pwdMapping["{MD5}5f4dcc3b5aa765d61d8327deb882cf99"] = plainPwd pwdMapping["{SHA256}5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8"] = plainPwd pwdMapping["{SHA512}b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5e07394c706a8bb980b1d7785e5976ec049b46df5f1326af5a2ea6d103fd07c95385ffab0cacbc86"] = plainPwd for pwd, clearPwd := range pwdMapping { u := getTestUser(usePubKey) u.Password = pwd user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) user.Password = "" userGetInitial, _, err := httpdtest.UpdateUser(user, http.StatusOK, "") assert.NoError(t, err) user, err = dataprovider.UserExists(user.Username, "") assert.NoError(t, err) assert.Equal(t, pwd, user.Password) user.Password = clearPwd conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err, "unable to login with password %q", pwd) { assert.NoError(t, checkBasicSFTP(client)) conn.Close() client.Close() } user.Password = pwd conn, client, err = getSftpClient(user, usePubKey) if !assert.Error(t, err, "login with wrong password must fail") { client.Close() conn.Close() } // the password must converted to bcrypt and we should still be able to login user, err = dataprovider.UserExists(user.Username, "") assert.NoError(t, err) assert.True(t, strings.HasPrefix(user.Password, "$2a$")) // update the user to invalidate the cached password and force a new check user.Password = "" userGet, _, err := httpdtest.UpdateUser(user, http.StatusOK, "") assert.NoError(t, err) userGetInitial.LastLogin = userGet.LastLogin userGetInitial.UpdatedAt = userGet.UpdatedAt assert.Equal(t, userGetInitial, userGet) // login should still work user.Password = clearPwd conn, client, err = getSftpClient(user, usePubKey) if assert.NoError(t, err, "unable to login with password %q", pwd) { assert.NoError(t, checkBasicSFTP(client)) conn.Close() client.Close() } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) } } func TestPasswordsHashPbkdf2Sha256_389DS(t *testing.T) { pbkdf389dsPwd := "{PBKDF2_SHA256}AAAIAMZIKG4ie44zJY4HOXI+upFR74PzWLUQV63jg+zzkbEjCK3N4qW583WF7EdcpeoOMQ4HY3aWEXB6lnXhXJixbJkU4vVSJkL6YCbU3TrD0qn1uUUVSkaIgAOtmZENitwbhYhiWfEzGyAtFqkFd75P5xhWJEog9XhQKYrR0f7S3WGGZq03JRcLJ460xpU97bE/sWRn7sshgkWzLuyrs0I+XRKmK7FJeaA9zd+1m44Y3IVmZ2YLdKATzjRHAIgpBC6i1TWOcpKJT1+feP1C9hrxH8vU9baw9thNiO8jSHaZlwb//KpJFe0ahVnG/1ubiG8cO0+CCqDqXVJR6Vr4QZxHP+4pwooW+4TP/L+HFdyA1y6z4gKfqYnBsmb3sD1R1TbxfH4btTdvgZAnBk9CmR3QASkFXxeTYsrmNd5+9IAHc6dm" pbkdf389dsPwd = pbkdf389dsPwd[15:] hashBytes, err := base64.StdEncoding.DecodeString(pbkdf389dsPwd) assert.NoError(t, err) iterBytes := hashBytes[0:4] var iterations int32 err = binary.Read(bytes.NewBuffer(iterBytes), binary.BigEndian, &iterations) assert.NoError(t, err) salt := hashBytes[4:68] targetKey := hashBytes[68:] key := base64.StdEncoding.EncodeToString(targetKey) pbkdf2Pwd := fmt.Sprintf("$pbkdf2-b64salt-sha256$%v$%v$%v", iterations, base64.StdEncoding.EncodeToString(salt), key) pbkdf2ClearPwd := "password" usePubKey := false u := getTestUser(usePubKey) u.Password = pbkdf2Pwd user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) user.Password = pbkdf2ClearPwd conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() assert.NoError(t, checkBasicSFTP(client)) } user.Password = pbkdf2Pwd conn, client, err = getSftpClient(user, usePubKey) if !assert.Error(t, err, "login with wrong password must fail") { client.Close() conn.Close() } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) } func TestPermList(t *testing.T) { usePubKey := true u := getTestUser(usePubKey) u.Permissions["/"] = []string{dataprovider.PermDownload, dataprovider.PermUpload, dataprovider.PermDelete, dataprovider.PermRename, dataprovider.PermCreateDirs, dataprovider.PermCreateSymlinks, dataprovider.PermOverwrite, dataprovider.PermChmod, dataprovider.PermChown, dataprovider.PermChtimes} u.Permissions["/sub"] = []string{dataprovider.PermCreateSymlinks, dataprovider.PermListItems} user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() _, err = client.ReadDir(".") assert.ErrorIs(t, err, os.ErrPermission, "read remote dir without permission should not succeed") _, err = client.Stat("test_file") assert.ErrorIs(t, err, os.ErrPermission, "stat remote file without permission should not succeed") _, err = client.Lstat("test_file") assert.ErrorIs(t, err, os.ErrPermission, "lstat remote file without permission should not succeed") _, err = client.ReadLink("test_link") assert.ErrorIs(t, err, os.ErrPermission, "read remote link without permission on source dir should not succeed") _, err = client.RealPath(".") assert.ErrorIs(t, err, os.ErrPermission, "real path without permission should not succeed") f, err := client.Create(testFileName) if assert.NoError(t, err) { _, err = f.Write([]byte("content")) assert.NoError(t, err) err = f.Close() assert.NoError(t, err) } err = client.Mkdir("sub") assert.NoError(t, err) err = client.Symlink(path.Join("/", testFileName), path.Join("/sub", testFileName)) assert.NoError(t, err) _, err = client.ReadLink(path.Join("/sub", testFileName)) assert.Error(t, err, "read remote link without permission on targe dir should not succeed") } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) } func TestPermDownload(t *testing.T) { usePubKey := true u := getTestUser(usePubKey) u.Permissions["/"] = []string{dataprovider.PermListItems, dataprovider.PermUpload, dataprovider.PermDelete, dataprovider.PermRename, dataprovider.PermCreateDirs, dataprovider.PermCreateSymlinks, dataprovider.PermOverwrite, dataprovider.PermChmod, dataprovider.PermChown, dataprovider.PermChtimes} user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() testFilePath := filepath.Join(homeBasePath, testFileName) testFileSize := int64(65535) err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.NoError(t, err) localDownloadPath := filepath.Join(homeBasePath, testDLFileName) err = sftpDownloadFile(testFileName, localDownloadPath, testFileSize, client) assert.Error(t, err, "file download without permission should not succeed") err = client.Remove(testFileName) assert.NoError(t, err) err = os.Remove(testFilePath) assert.NoError(t, err) err = os.Remove(localDownloadPath) assert.NoError(t, err) } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) } func TestPermUpload(t *testing.T) { usePubKey := false u := getTestUser(usePubKey) u.Permissions["/"] = []string{dataprovider.PermListItems, dataprovider.PermDownload, dataprovider.PermDelete, dataprovider.PermRename, dataprovider.PermCreateDirs, dataprovider.PermCreateSymlinks, dataprovider.PermOverwrite, dataprovider.PermChmod, dataprovider.PermChown, dataprovider.PermChtimes} user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() testFilePath := filepath.Join(homeBasePath, testFileName) testFileSize := int64(65535) err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.Error(t, err, "file upload without permission should not succeed") err = os.Remove(testFilePath) assert.NoError(t, err) } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) } func TestPermOverwrite(t *testing.T) { usePubKey := false u := getTestUser(usePubKey) u.Permissions["/"] = []string{dataprovider.PermListItems, dataprovider.PermDownload, dataprovider.PermUpload, dataprovider.PermDelete, dataprovider.PermRename, dataprovider.PermCreateDirs, dataprovider.PermCreateSymlinks, dataprovider.PermChmod, dataprovider.PermChown, dataprovider.PermChtimes} user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() testFilePath := filepath.Join(homeBasePath, testFileName) testFileSize := int64(65535) err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.NoError(t, err) err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.Error(t, err, "file overwrite without permission should not succeed") err = os.Remove(testFilePath) assert.NoError(t, err) } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) } func TestPermDelete(t *testing.T) { usePubKey := false u := getTestUser(usePubKey) u.Permissions["/"] = []string{dataprovider.PermListItems, dataprovider.PermDownload, dataprovider.PermUpload, dataprovider.PermRename, dataprovider.PermCreateDirs, dataprovider.PermCreateSymlinks, dataprovider.PermOverwrite, dataprovider.PermChmod, dataprovider.PermChown, dataprovider.PermChtimes} user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() testFilePath := filepath.Join(homeBasePath, testFileName) testFileSize := int64(65535) err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.NoError(t, err) err = client.Remove(testFileName) assert.Error(t, err, "delete without permission should not succeed") err = os.Remove(testFilePath) assert.NoError(t, err) } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) } //nolint:dupl func TestPermRename(t *testing.T) { usePubKey := false u := getTestUser(usePubKey) u.Permissions["/"] = []string{dataprovider.PermListItems, dataprovider.PermDownload, dataprovider.PermUpload, dataprovider.PermCreateDirs, dataprovider.PermCreateSymlinks, dataprovider.PermOverwrite, dataprovider.PermChmod, dataprovider.PermChown, dataprovider.PermChtimes} user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() testFilePath := filepath.Join(homeBasePath, testFileName) testFileSize := int64(65535) err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.NoError(t, err) err = client.Rename(testFileName, testFileName+".rename") assert.True(t, errors.Is(err, fs.ErrPermission)) _, err = client.Stat(testFileName) assert.NoError(t, err) err = os.Remove(testFilePath) assert.NoError(t, err) } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) } //nolint:dupl func TestPermRenameOverwrite(t *testing.T) { usePubKey := false u := getTestUser(usePubKey) u.Permissions["/"] = []string{dataprovider.PermListItems, dataprovider.PermDownload, dataprovider.PermUpload, dataprovider.PermDelete, dataprovider.PermCreateDirs, dataprovider.PermCreateSymlinks, dataprovider.PermChmod, dataprovider.PermRename, dataprovider.PermChown, dataprovider.PermChtimes} user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() testFilePath := filepath.Join(homeBasePath, testFileName) testFileSize := int64(65535) err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.NoError(t, err) err = client.Rename(testFileName, testFileName+".rename") assert.NoError(t, err) err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.NoError(t, err) err = client.Rename(testFileName, testFileName+".rename") assert.True(t, errors.Is(err, fs.ErrPermission)) err = client.Remove(testFileName) assert.NoError(t, err) err = os.Remove(testFilePath) assert.NoError(t, err) } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) } func TestPermCreateDirs(t *testing.T) { usePubKey := false u := getTestUser(usePubKey) u.Permissions["/"] = []string{dataprovider.PermListItems, dataprovider.PermDownload, dataprovider.PermUpload, dataprovider.PermDelete, dataprovider.PermRename, dataprovider.PermCreateSymlinks, dataprovider.PermOverwrite, dataprovider.PermChmod, dataprovider.PermChown, dataprovider.PermChtimes} user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() err = client.Mkdir("testdir") assert.Error(t, err, "mkdir without permission should not succeed") } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) } //nolint:dupl func TestPermSymlink(t *testing.T) { usePubKey := false u := getTestUser(usePubKey) u.Permissions["/"] = []string{dataprovider.PermListItems, dataprovider.PermDownload, dataprovider.PermUpload, dataprovider.PermDelete, dataprovider.PermRename, dataprovider.PermCreateDirs, dataprovider.PermOverwrite, dataprovider.PermChmod, dataprovider.PermChown, dataprovider.PermChtimes} user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() testFilePath := filepath.Join(homeBasePath, testFileName) testFileSize := int64(65535) err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.NoError(t, err) err = client.Symlink(testFilePath, testFilePath+".symlink") assert.Error(t, err, "symlink without permission should not succeed") err = client.Remove(testFileName) assert.NoError(t, err) err = os.Remove(testFilePath) assert.NoError(t, err) } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) } func TestPermChmod(t *testing.T) { usePubKey := false u := getTestUser(usePubKey) u.Permissions["/"] = []string{dataprovider.PermListItems, dataprovider.PermDownload, dataprovider.PermUpload, dataprovider.PermDelete, dataprovider.PermRename, dataprovider.PermCreateDirs, dataprovider.PermCreateSymlinks, dataprovider.PermOverwrite, dataprovider.PermChown, dataprovider.PermChtimes} user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() testFilePath := filepath.Join(homeBasePath, testFileName) testFileSize := int64(65535) err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.NoError(t, err) err = client.Chmod(testFileName, os.ModePerm) assert.Error(t, err, "chmod without permission should not succeed") err = client.Remove(testFileName) assert.NoError(t, err) err = os.Remove(testFilePath) assert.NoError(t, err) } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) } //nolint:dupl func TestPermChown(t *testing.T) { usePubKey := false u := getTestUser(usePubKey) u.Permissions["/"] = []string{dataprovider.PermListItems, dataprovider.PermDownload, dataprovider.PermUpload, dataprovider.PermDelete, dataprovider.PermRename, dataprovider.PermCreateDirs, dataprovider.PermCreateSymlinks, dataprovider.PermOverwrite, dataprovider.PermChmod, dataprovider.PermChtimes} user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() testFilePath := filepath.Join(homeBasePath, testFileName) testFileSize := int64(65535) err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.NoError(t, err) err = client.Chown(testFileName, os.Getuid(), os.Getgid()) assert.Error(t, err, "chown without permission should not succeed") err = client.Remove(testFileName) assert.NoError(t, err) err = os.Remove(testFilePath) assert.NoError(t, err) } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) } //nolint:dupl func TestPermChtimes(t *testing.T) { usePubKey := false u := getTestUser(usePubKey) u.Permissions["/"] = []string{dataprovider.PermListItems, dataprovider.PermDownload, dataprovider.PermUpload, dataprovider.PermDelete, dataprovider.PermRename, dataprovider.PermCreateDirs, dataprovider.PermCreateSymlinks, dataprovider.PermOverwrite, dataprovider.PermChmod, dataprovider.PermChown} user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() testFilePath := filepath.Join(homeBasePath, testFileName) testFileSize := int64(65535) err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.NoError(t, err) err = client.Chtimes(testFileName, time.Now(), time.Now()) assert.Error(t, err, "chtimes without permission should not succeed") err = client.Remove(testFileName) assert.NoError(t, err) err = os.Remove(testFilePath) assert.NoError(t, err) } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) } func TestSubDirsUploads(t *testing.T) { usePubKey := true u := getTestUser(usePubKey) u.Permissions["/"] = []string{dataprovider.PermAny} u.Permissions["/subdir"] = []string{dataprovider.PermChtimes, dataprovider.PermDownload, dataprovider.PermOverwrite} user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() err = client.Mkdir("subdir") assert.NoError(t, err) testFileNameSub := "/subdir/test_file_dat" testSubFile := filepath.Join(user.GetHomeDir(), "subdir", "file.dat") testDir := "testdir" testFilePath := filepath.Join(homeBasePath, testFileName) testFileSize := int64(65535) err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) err = createTestFile(testSubFile, testFileSize) assert.NoError(t, err) err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.NoError(t, err) err = sftpUploadFile(testFilePath, testFileNameSub, testFileSize, client) assert.True(t, errors.Is(err, fs.ErrPermission)) err = client.Symlink(testFileName, testFileNameSub+".link") assert.True(t, errors.Is(err, fs.ErrPermission)) err = client.Symlink(testFileName, testFileName+".link") assert.NoError(t, err) err = client.Rename(testFileName, testFileNameSub+".rename") assert.True(t, errors.Is(err, fs.ErrPermission)) err = client.Rename(testFileName, testFileName+".rename") assert.NoError(t, err) err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.NoError(t, err) // rename overwriting an existing file err = client.Rename(testFileName, testFileName+".rename") assert.NoError(t, err) // now try to overwrite a directory err = client.Mkdir(testDir) assert.NoError(t, err) err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.NoError(t, err) err = client.Rename(testFileName, testDir) assert.Error(t, err) err = client.Remove(testFileName) assert.NoError(t, err) err = client.Remove(testDir) assert.NoError(t, err) err = client.Remove(path.Join("/subdir", "file.dat")) assert.True(t, errors.Is(err, fs.ErrPermission)) err = client.Remove(testFileName + ".rename") assert.NoError(t, err) err = os.Remove(testFilePath) assert.NoError(t, err) } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) } func TestSubDirsOverwrite(t *testing.T) { usePubKey := true u := getTestUser(usePubKey) u.Permissions["/"] = []string{dataprovider.PermAny} u.Permissions["/subdir"] = []string{dataprovider.PermOverwrite, dataprovider.PermListItems} user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() testFileName := "/subdir/test_file.dat" //nolint:goconst testFilePath := filepath.Join(homeBasePath, "test_file.dat") testFileSFTPPath := filepath.Join(u.GetHomeDir(), "subdir", "test_file.dat") testFileSize := int64(65535) err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) err = createTestFile(testFileSFTPPath, 16384) assert.NoError(t, err) err = sftpUploadFile(testFilePath, testFileName+".new", testFileSize, client) assert.True(t, errors.Is(err, fs.ErrPermission)) err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.NoError(t, err) err = os.Remove(testFilePath) assert.NoError(t, err) } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) } func TestSubDirsDownloads(t *testing.T) { usePubKey := true u := getTestUser(usePubKey) u.Permissions["/"] = []string{dataprovider.PermAny} u.Permissions["/subdir"] = []string{dataprovider.PermChmod, dataprovider.PermUpload, dataprovider.PermListItems} user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() err = client.Mkdir("subdir") assert.NoError(t, err) testFileName := "/subdir/test_file.dat" testFilePath := filepath.Join(homeBasePath, "test_file.dat") testFileSize := int64(65535) err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.NoError(t, err) localDownloadPath := filepath.Join(homeBasePath, testDLFileName) err = sftpDownloadFile(testFileName, localDownloadPath, testFileSize, client) assert.True(t, errors.Is(err, fs.ErrPermission)) err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.True(t, errors.Is(err, fs.ErrPermission)) err = client.Chtimes(testFileName, time.Now(), time.Now()) assert.True(t, errors.Is(err, fs.ErrPermission)) err = client.Rename(testFileName, testFileName+".rename") assert.True(t, errors.Is(err, fs.ErrPermission)) err = client.Symlink(testFileName, testFileName+".link") assert.True(t, errors.Is(err, fs.ErrPermission)) err = client.Remove(testFileName) assert.True(t, errors.Is(err, fs.ErrPermission)) err = os.Remove(localDownloadPath) assert.NoError(t, err) err = os.Remove(testFilePath) assert.NoError(t, err) } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) } func TestPermsSubDirsSetstat(t *testing.T) { // for setstat we check the parent dir permission if the requested path is a dir // otherwise the path permission usePubKey := true u := getTestUser(usePubKey) u.Permissions["/"] = []string{dataprovider.PermListItems, dataprovider.PermCreateDirs} u.Permissions["/subdir"] = []string{dataprovider.PermAny} user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() err = client.Mkdir("subdir") assert.NoError(t, err) testFileName := "/subdir/test_file.dat" testFilePath := filepath.Join(homeBasePath, "test_file.dat") testFileSize := int64(65535) err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.NoError(t, err) err = client.Chtimes("/subdir/", time.Now(), time.Now()) assert.True(t, errors.Is(err, fs.ErrPermission)) err = client.Chtimes("subdir/", time.Now(), time.Now()) assert.True(t, errors.Is(err, fs.ErrPermission)) err = client.Chtimes(testFileName, time.Now(), time.Now()) assert.NoError(t, err) err = os.Remove(testFilePath) assert.NoError(t, err) } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) } func TestOpenUnhandledChannel(t *testing.T) { u := getTestUser(false) user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) config := &ssh.ClientConfig{ User: user.Username, HostKeyCallback: ssh.InsecureIgnoreHostKey(), Auth: []ssh.AuthMethod{ssh.Password(defaultPassword)}, Timeout: 5 * time.Second, } conn, err := ssh.Dial("tcp", sftpServerAddr, config) if assert.NoError(t, err) { _, _, err = conn.OpenChannel("unhandled", nil) if assert.Error(t, err) { assert.Contains(t, err.Error(), "unknown channel type") } err = conn.Close() assert.NoError(t, err) } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) } func TestPermsSubDirsCommands(t *testing.T) { usePubKey := true u := getTestUser(usePubKey) u.Permissions["/"] = []string{dataprovider.PermAny} u.Permissions["/subdir"] = []string{dataprovider.PermDownload, dataprovider.PermUpload, dataprovider.PermCreateDirs} u.Permissions["/subdir/otherdir"] = []string{dataprovider.PermListItems, dataprovider.PermDownload} user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() err = client.Mkdir("subdir") assert.NoError(t, err) acmodTime := time.Now() err = client.Chtimes("/subdir", acmodTime, acmodTime) assert.NoError(t, err) _, err = client.Stat("/subdir") assert.NoError(t, err) _, err = client.ReadDir("/") assert.NoError(t, err) _, err = client.ReadDir("/subdir") assert.True(t, errors.Is(err, fs.ErrPermission)) err = client.RemoveDirectory("/subdir/dir") assert.True(t, errors.Is(err, fs.ErrPermission)) err = client.Mkdir("/subdir/otherdir/dir") assert.True(t, errors.Is(err, fs.ErrPermission)) err = client.Mkdir("/otherdir") assert.NoError(t, err) err = client.Mkdir("/subdir/otherdir") assert.NoError(t, err) err = client.Rename("/otherdir", "/subdir/otherdir/adir") assert.True(t, errors.Is(err, fs.ErrPermission)) err = client.Symlink("/otherdir", "/subdir/otherdir") assert.True(t, errors.Is(err, fs.ErrPermission)) err = client.Symlink("/otherdir", "/otherdir_link") assert.NoError(t, err) err = client.Rename("/otherdir", "/otherdir1") assert.NoError(t, err) err = client.RemoveDirectory("/otherdir1") assert.NoError(t, err) } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) } func TestRootDirCommands(t *testing.T) { usePubKey := true u := getTestUser(usePubKey) u.Permissions["/"] = []string{dataprovider.PermAny} u.Permissions["/subdir"] = []string{dataprovider.PermDownload, dataprovider.PermUpload} localUser, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) u = getTestSFTPUser(usePubKey) u.Permissions["/"] = []string{dataprovider.PermAny} u.Permissions["/subdir"] = []string{dataprovider.PermDownload, dataprovider.PermUpload} sftpUser, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) for _, user := range []dataprovider.User{localUser, sftpUser} { conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() err = client.Rename("/", "rootdir") assert.True(t, errors.Is(err, fs.ErrPermission)) err = client.Symlink("/", "rootdir") assert.True(t, errors.Is(err, fs.ErrPermission)) err = client.RemoveDirectory("/") assert.True(t, errors.Is(err, fs.ErrPermission)) } if user.Username == defaultUsername { err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) user.Password = defaultPassword user.ID = 0 user.CreatedAt = 0 user.Permissions = make(map[string][]string) user.Permissions["/"] = []string{dataprovider.PermAny} _, resp, err := httpdtest.AddUser(user, http.StatusCreated) assert.NoError(t, err, string(resp)) } } _, err = httpdtest.RemoveUser(sftpUser, http.StatusOK) assert.NoError(t, err) _, err = httpdtest.RemoveUser(localUser, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(localUser.GetHomeDir()) assert.NoError(t, err) } func TestRelativePaths(t *testing.T) { user := getTestUser(true) var path, rel string filesystems := []vfs.Fs{vfs.NewOsFs("", user.GetHomeDir(), "", nil)} keyPrefix := strings.TrimPrefix(user.GetHomeDir(), "/") + "/" s3config := vfs.S3FsConfig{ BaseS3FsConfig: sdk.BaseS3FsConfig{ KeyPrefix: keyPrefix, }, } s3fs, _ := vfs.NewS3Fs("", user.GetHomeDir(), "", s3config) gcsConfig := vfs.GCSFsConfig{ BaseGCSFsConfig: sdk.BaseGCSFsConfig{ KeyPrefix: keyPrefix, }, } gcsfs, _ := vfs.NewGCSFs("", user.GetHomeDir(), "", gcsConfig) sftpconfig := vfs.SFTPFsConfig{ BaseSFTPFsConfig: sdk.BaseSFTPFsConfig{ Endpoint: sftpServerAddr, Username: defaultUsername, Prefix: keyPrefix, }, Password: kms.NewPlainSecret(defaultPassword), } sftpfs, _ := vfs.NewSFTPFs("", "", os.TempDir(), []string{user.Username}, sftpconfig) if runtime.GOOS != osWindows { filesystems = append(filesystems, s3fs, gcsfs, sftpfs) } rootPath := "/" for _, fs := range filesystems { path = filepath.Join(user.HomeDir, "/") rel = fs.GetRelativePath(path) assert.Equal(t, rootPath, rel) path = filepath.Join(user.HomeDir, "//") rel = fs.GetRelativePath(path) assert.Equal(t, rootPath, rel) path = filepath.Join(user.HomeDir, "../..") rel = fs.GetRelativePath(path) assert.Equal(t, rootPath, rel) path = filepath.Join(user.HomeDir, "../../../../../") rel = fs.GetRelativePath(path) assert.Equal(t, rootPath, rel) path = filepath.Join(user.HomeDir, "/..") rel = fs.GetRelativePath(path) assert.Equal(t, rootPath, rel) path = filepath.Join(user.HomeDir, "/../../../..") rel = fs.GetRelativePath(path) assert.Equal(t, rootPath, rel) path = filepath.Join(user.HomeDir, "") rel = fs.GetRelativePath(path) assert.Equal(t, rootPath, rel) path = filepath.Join(user.HomeDir, ".") rel = fs.GetRelativePath(path) assert.Equal(t, rootPath, rel) path = filepath.Join(user.HomeDir, "somedir") rel = fs.GetRelativePath(path) assert.Equal(t, "/somedir", rel) path = filepath.Join(user.HomeDir, "/somedir/subdir") rel = fs.GetRelativePath(path) assert.Equal(t, "/somedir/subdir", rel) } } func TestResolvePaths(t *testing.T) { user := getTestUser(true) var path, resolved string var err error filesystems := []vfs.Fs{vfs.NewOsFs("", user.GetHomeDir(), "", nil)} keyPrefix := strings.TrimPrefix(user.GetHomeDir(), "/") + "/" s3config := vfs.S3FsConfig{ BaseS3FsConfig: sdk.BaseS3FsConfig{ KeyPrefix: keyPrefix, Bucket: "bucket", Region: "us-east-1", }, } err = os.MkdirAll(user.GetHomeDir(), os.ModePerm) assert.NoError(t, err) s3fs, err := vfs.NewS3Fs("", user.GetHomeDir(), "", s3config) assert.NoError(t, err) gcsConfig := vfs.GCSFsConfig{ BaseGCSFsConfig: sdk.BaseGCSFsConfig{ KeyPrefix: keyPrefix, }, } gcsfs, _ := vfs.NewGCSFs("", user.GetHomeDir(), "", gcsConfig) if runtime.GOOS != osWindows { filesystems = append(filesystems, s3fs, gcsfs) } for _, fs := range filesystems { path = "/" resolved, _ = fs.ResolvePath(filepath.ToSlash(path)) assert.Equal(t, fs.Join(user.GetHomeDir(), "/"), resolved) path = "." resolved, _ = fs.ResolvePath(filepath.ToSlash(path)) assert.Equal(t, fs.Join(user.GetHomeDir(), "/"), resolved) path = "test/sub" resolved, _ = fs.ResolvePath(filepath.ToSlash(path)) assert.Equal(t, fs.Join(user.GetHomeDir(), "/test/sub"), resolved) path = "../test/sub" resolved, err = fs.ResolvePath(filepath.ToSlash(path)) if vfs.IsLocalOsFs(fs) { assert.Error(t, err, "Unexpected resolved path: %v for: %v, fs: %v", resolved, path, fs.Name()) } else { assert.Equal(t, fs.Join(user.GetHomeDir(), "/test/sub"), resolved) } path = "../../../test/../sub" resolved, err = fs.ResolvePath(filepath.ToSlash(path)) if vfs.IsLocalOsFs(fs) { assert.Error(t, err, "Unexpected resolved path: %v for: %v, fs: %v", resolved, path, fs.Name()) } else { assert.Equal(t, fs.Join(user.GetHomeDir(), "/sub"), resolved) } } err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) } func TestVirtualRelativePaths(t *testing.T) { user := getTestUser(true) mappedPath := filepath.Join(os.TempDir(), "mdir") vdirPath := "/vdir" //nolint:goconst user.VirtualFolders = append(user.VirtualFolders, vfs.VirtualFolder{ BaseVirtualFolder: vfs.BaseVirtualFolder{ MappedPath: mappedPath, }, VirtualPath: vdirPath, }) err := os.MkdirAll(mappedPath, os.ModePerm) assert.NoError(t, err) fsRoot := vfs.NewOsFs("", user.GetHomeDir(), "", nil) fsVdir := vfs.NewOsFs("", mappedPath, vdirPath, nil) rel := fsVdir.GetRelativePath(mappedPath) assert.Equal(t, vdirPath, rel) rel = fsRoot.GetRelativePath(filepath.Join(mappedPath, "..")) assert.Equal(t, "/", rel) // path outside home and virtual dir rel = fsRoot.GetRelativePath(filepath.Join(mappedPath, "../vdir1")) assert.Equal(t, "/", rel) rel = fsVdir.GetRelativePath(filepath.Join(mappedPath, "../vdir1")) assert.Equal(t, "/vdir", rel) rel = fsVdir.GetRelativePath(filepath.Join(mappedPath, "file.txt")) assert.Equal(t, "/vdir/file.txt", rel) rel = fsRoot.GetRelativePath(filepath.Join(user.HomeDir, "vdir1/file.txt")) assert.Equal(t, "/vdir1/file.txt", rel) err = os.RemoveAll(mappedPath) assert.NoError(t, err) } func TestUserPerms(t *testing.T) { user := getTestUser(true) user.Permissions = make(map[string][]string) user.Permissions["/"] = []string{dataprovider.PermListItems} user.Permissions["/p"] = []string{dataprovider.PermDelete} user.Permissions["/p/1"] = []string{dataprovider.PermDownload, dataprovider.PermUpload} user.Permissions["/p/2"] = []string{dataprovider.PermCreateDirs} user.Permissions["/p/3"] = []string{dataprovider.PermChmod} user.Permissions["/p/3/4"] = []string{dataprovider.PermChtimes} user.Permissions["/tmp"] = []string{dataprovider.PermRename} assert.True(t, user.HasPerm(dataprovider.PermListItems, "/")) assert.True(t, user.HasPerm(dataprovider.PermListItems, ".")) assert.True(t, user.HasPerm(dataprovider.PermListItems, "")) assert.True(t, user.HasPerm(dataprovider.PermListItems, "../")) // path p and /p are the same assert.True(t, user.HasPerm(dataprovider.PermDelete, "/p")) assert.True(t, user.HasPerm(dataprovider.PermDownload, "/p/1")) assert.True(t, user.HasPerm(dataprovider.PermCreateDirs, "p/2")) assert.True(t, user.HasPerm(dataprovider.PermChmod, "/p/3")) assert.True(t, user.HasPerm(dataprovider.PermChtimes, "p/3/4/")) assert.True(t, user.HasPerm(dataprovider.PermChtimes, "p/3/4/../4")) // undefined paths have permissions of the nearest path assert.True(t, user.HasPerm(dataprovider.PermListItems, "/p34")) assert.True(t, user.HasPerm(dataprovider.PermListItems, "/p34/p1/file.dat")) assert.True(t, user.HasPerm(dataprovider.PermChtimes, "/p/3/4/5/6")) assert.True(t, user.HasPerm(dataprovider.PermDownload, "/p/1/test/file.dat")) } func TestWildcardPermissions(t *testing.T) { user := getTestUser(true) user.Permissions = make(map[string][]string) user.Permissions["/"] = []string{dataprovider.PermListItems} user.Permissions["/p*"] = []string{dataprovider.PermDelete} user.Permissions["/p/*"] = []string{dataprovider.PermDownload, dataprovider.PermUpload} user.Permissions["/p/2"] = []string{dataprovider.PermCreateDirs} user.Permissions["/pa"] = []string{dataprovider.PermChmod} user.Permissions["/p/3/4"] = []string{dataprovider.PermChtimes} assert.True(t, user.HasPerm(dataprovider.PermListItems, "/")) assert.True(t, user.HasPerm(dataprovider.PermDelete, "/p1")) assert.True(t, user.HasPerm(dataprovider.PermDelete, "/ppppp")) assert.False(t, user.HasPerm(dataprovider.PermDelete, "/pa")) assert.True(t, user.HasPerm(dataprovider.PermChmod, "/pa")) assert.True(t, user.HasPerm(dataprovider.PermUpload, "/p/1")) assert.True(t, user.HasPerm(dataprovider.PermUpload, "/p/p")) assert.False(t, user.HasPerm(dataprovider.PermUpload, "/p/2")) assert.True(t, user.HasPerm(dataprovider.PermDownload, "/p/3")) assert.True(t, user.HasPerm(dataprovider.PermDownload, "/p/a/a/a")) assert.False(t, user.HasPerm(dataprovider.PermDownload, "/p/3/4")) assert.True(t, user.HasPerm(dataprovider.PermChtimes, "/p/3/4")) assert.True(t, user.HasPerm(dataprovider.PermDelete, "/pb/a/a/a")) assert.False(t, user.HasPerm(dataprovider.PermDelete, "/abc/a/a/a")) assert.True(t, user.HasPerm(dataprovider.PermListItems, "/abc/a/a/a/b")) } func TestRootWildcardPerms(t *testing.T) { user := getTestUser(true) user.Permissions = make(map[string][]string) user.Permissions["/"] = []string{dataprovider.PermListItems} user.Permissions["/*"] = []string{dataprovider.PermDelete} user.Permissions["/p/*"] = []string{dataprovider.PermDownload, dataprovider.PermUpload} user.Permissions["/p/2"] = []string{dataprovider.PermCreateDirs} user.Permissions["/pa"] = []string{dataprovider.PermChmod} user.Permissions["/p/3/4"] = []string{dataprovider.PermChtimes} assert.True(t, user.HasPerm(dataprovider.PermListItems, "/")) assert.True(t, user.HasPerm(dataprovider.PermDelete, "/p1")) assert.True(t, user.HasPerm(dataprovider.PermDelete, "/ppppp")) assert.False(t, user.HasPerm(dataprovider.PermDelete, "/pa")) assert.True(t, user.HasPerm(dataprovider.PermChmod, "/pa")) assert.True(t, user.HasPerm(dataprovider.PermUpload, "/p/1")) assert.True(t, user.HasPerm(dataprovider.PermUpload, "/p/p")) assert.False(t, user.HasPerm(dataprovider.PermUpload, "/p/2")) assert.True(t, user.HasPerm(dataprovider.PermCreateDirs, "/p/2")) assert.True(t, user.HasPerm(dataprovider.PermCreateDirs, "/p/2/a")) assert.True(t, user.HasPerm(dataprovider.PermDownload, "/p/3")) assert.True(t, user.HasPerm(dataprovider.PermDownload, "/p/a/a/a")) assert.False(t, user.HasPerm(dataprovider.PermDownload, "/p/3/4")) assert.True(t, user.HasPerm(dataprovider.PermChtimes, "/p/3/4")) assert.True(t, user.HasPerm(dataprovider.PermDelete, "/pb/a/a/a")) assert.True(t, user.HasPerm(dataprovider.PermDelete, "/abc/a/a/a")) assert.False(t, user.HasPerm(dataprovider.PermListItems, "/abc/a/a/a/b")) assert.True(t, user.HasPerm(dataprovider.PermDelete, "/abc/a/a/a/b")) } func TestFilterFilePatterns(t *testing.T) { user := getTestUser(true) pattern := sdk.PatternsFilter{ Path: "/test", AllowedPatterns: []string{"*.jpg", "*.png"}, DeniedPatterns: []string{"*.pdf"}, } filters := dataprovider.UserFilters{ BaseUserFilters: sdk.BaseUserFilters{ FilePatterns: []sdk.PatternsFilter{pattern}, }, } user.Filters = filters ok, _ := user.IsFileAllowed("/test/test.jPg") assert.True(t, ok) ok, _ = user.IsFileAllowed("/test/test.pdf") assert.False(t, ok) ok, _ = user.IsFileAllowed("/test.pDf") assert.True(t, ok) filters.FilePatterns = append(filters.FilePatterns, sdk.PatternsFilter{ Path: "/", AllowedPatterns: []string{"*.zip", "*.rar", "*.pdf"}, DeniedPatterns: []string{"*.gz"}, }) user.Filters = filters ok, _ = user.IsFileAllowed("/test1/test.gz") assert.False(t, ok) ok, _ = user.IsFileAllowed("/test1/test.zip") assert.True(t, ok) ok, _ = user.IsFileAllowed("/test/sub/test.pdf") assert.False(t, ok) ok, _ = user.IsFileAllowed("/test1/test.png") assert.False(t, ok) filters.FilePatterns = append(filters.FilePatterns, sdk.PatternsFilter{ Path: "/test/sub", DeniedPatterns: []string{"*.tar"}, }) user.Filters = filters ok, _ = user.IsFileAllowed("/test/sub/sub/test.tar") assert.False(t, ok) ok, _ = user.IsFileAllowed("/test/sub/test.gz") assert.True(t, ok) ok, _ = user.IsFileAllowed("/test/test.zip") assert.False(t, ok) } func TestUserAllowedLoginMethods(t *testing.T) { user := getTestUser(true) user.Filters.DeniedLoginMethods = dataprovider.ValidLoginMethods allowedMethods := user.GetAllowedLoginMethods() assert.Equal(t, 0, len(allowedMethods)) user.Filters.DeniedLoginMethods = []string{ dataprovider.LoginMethodPassword, dataprovider.SSHLoginMethodPublicKey, dataprovider.SSHLoginMethodKeyboardInteractive, } allowedMethods = user.GetAllowedLoginMethods() assert.Equal(t, 4, len(allowedMethods)) assert.True(t, util.Contains(allowedMethods, dataprovider.SSHLoginMethodKeyAndKeyboardInt)) assert.True(t, util.Contains(allowedMethods, dataprovider.SSHLoginMethodKeyAndPassword)) } func TestUserPartialAuth(t *testing.T) { user := getTestUser(true) user.Filters.DeniedLoginMethods = []string{ dataprovider.LoginMethodPassword, dataprovider.SSHLoginMethodPublicKey, dataprovider.SSHLoginMethodKeyboardInteractive, } assert.True(t, user.IsPartialAuth()) user.Filters.DeniedLoginMethods = []string{ dataprovider.LoginMethodPassword, dataprovider.SSHLoginMethodKeyboardInteractive, } assert.False(t, user.IsPartialAuth()) user.Filters.DeniedLoginMethods = []string{ dataprovider.LoginMethodPassword, dataprovider.SSHLoginMethodPublicKey, } assert.False(t, user.IsPartialAuth()) user.Filters.DeniedLoginMethods = []string{ dataprovider.SSHLoginMethodPassword, dataprovider.SSHLoginMethodPublicKey, dataprovider.SSHLoginMethodKeyboardInteractive, } assert.True(t, user.IsPartialAuth()) } func TestUserGetNextAuthMethods(t *testing.T) { user := getTestUser(true) user.Filters.DeniedLoginMethods = []string{ dataprovider.LoginMethodPassword, dataprovider.SSHLoginMethodPublicKey, dataprovider.SSHLoginMethodKeyboardInteractive, } methods := user.GetNextAuthMethods() require.Len(t, methods, 2) assert.Equal(t, dataprovider.LoginMethodPassword, methods[0]) assert.Equal(t, dataprovider.SSHLoginMethodKeyboardInteractive, methods[1]) user.Filters.DeniedLoginMethods = []string{ dataprovider.LoginMethodPassword, dataprovider.SSHLoginMethodPublicKey, dataprovider.SSHLoginMethodKeyboardInteractive, dataprovider.SSHLoginMethodKeyAndKeyboardInt, } methods = user.GetNextAuthMethods() require.Len(t, methods, 1) assert.Equal(t, dataprovider.LoginMethodPassword, methods[0]) user.Filters.DeniedLoginMethods = []string{ dataprovider.LoginMethodPassword, dataprovider.SSHLoginMethodPublicKey, dataprovider.SSHLoginMethodKeyboardInteractive, dataprovider.SSHLoginMethodKeyAndPassword, } methods = user.GetNextAuthMethods() require.Len(t, methods, 1) assert.Equal(t, dataprovider.SSHLoginMethodKeyboardInteractive, methods[0]) user.Filters.DeniedLoginMethods = []string{ dataprovider.LoginMethodPassword, dataprovider.SSHLoginMethodPublicKey, dataprovider.SSHLoginMethodKeyAndPassword, dataprovider.SSHLoginMethodKeyAndKeyboardInt, } methods = user.GetNextAuthMethods() require.Len(t, methods, 0) } func TestUserIsLoginMethodAllowed(t *testing.T) { user := getTestUser(true) user.Filters.DeniedLoginMethods = []string{ dataprovider.LoginMethodPassword, dataprovider.SSHLoginMethodPublicKey, dataprovider.SSHLoginMethodKeyboardInteractive, } assert.False(t, user.IsLoginMethodAllowed(dataprovider.LoginMethodPassword, common.ProtocolSSH)) assert.False(t, user.IsLoginMethodAllowed(dataprovider.LoginMethodPassword, common.ProtocolFTP)) assert.False(t, user.IsLoginMethodAllowed(dataprovider.LoginMethodPassword, common.ProtocolWebDAV)) assert.False(t, user.IsLoginMethodAllowed(dataprovider.SSHLoginMethodPublicKey, common.ProtocolSSH)) assert.False(t, user.IsLoginMethodAllowed(dataprovider.SSHLoginMethodKeyboardInteractive, common.ProtocolSSH)) user.Filters.DeniedLoginMethods = []string{ dataprovider.SSHLoginMethodPublicKey, dataprovider.SSHLoginMethodKeyboardInteractive, } assert.True(t, user.IsLoginMethodAllowed(dataprovider.LoginMethodPassword, common.ProtocolSSH)) user.Filters.DeniedLoginMethods = []string{ dataprovider.SSHLoginMethodPassword, } assert.True(t, user.IsLoginMethodAllowed(dataprovider.LoginMethodPassword, common.ProtocolHTTP)) assert.True(t, user.IsLoginMethodAllowed(dataprovider.LoginMethodPassword, common.ProtocolFTP)) assert.True(t, user.IsLoginMethodAllowed(dataprovider.LoginMethodPassword, common.ProtocolWebDAV)) assert.False(t, user.IsLoginMethodAllowed(dataprovider.LoginMethodPassword, common.ProtocolSSH)) } func TestUserEmptySubDirPerms(t *testing.T) { user := getTestUser(true) user.Permissions = make(map[string][]string) user.Permissions["/emptyperms"] = []string{} for _, p := range dataprovider.ValidPerms { assert.False(t, user.HasPerm(p, "/emptyperms")) } } func TestUserFiltersIPMaskConditions(t *testing.T) { user := getTestUser(true) // with no filter login must be allowed even if the remoteIP is invalid assert.True(t, user.IsLoginFromAddrAllowed("192.168.1.5")) assert.True(t, user.IsLoginFromAddrAllowed("invalid")) user.Filters.DeniedIP = append(user.Filters.DeniedIP, "192.168.1.0/24") assert.False(t, user.IsLoginFromAddrAllowed("192.168.1.5")) assert.True(t, user.IsLoginFromAddrAllowed("192.168.2.6")) user.Filters.AllowedIP = append(user.Filters.AllowedIP, "192.168.1.5/32") // if the same ip/mask is both denied and allowed then login must be allowed assert.True(t, user.IsLoginFromAddrAllowed("192.168.1.5")) assert.False(t, user.IsLoginFromAddrAllowed("192.168.1.3")) assert.False(t, user.IsLoginFromAddrAllowed("192.168.3.6")) user.Filters.DeniedIP = []string{} assert.True(t, user.IsLoginFromAddrAllowed("192.168.1.5")) assert.False(t, user.IsLoginFromAddrAllowed("192.168.1.6")) user.Filters.DeniedIP = []string{"192.168.0.0/16", "172.16.0.0/16"} user.Filters.AllowedIP = []string{} assert.False(t, user.IsLoginFromAddrAllowed("192.168.5.255")) assert.False(t, user.IsLoginFromAddrAllowed("172.16.1.2")) assert.True(t, user.IsLoginFromAddrAllowed("172.18.2.1")) user.Filters.AllowedIP = []string{"10.4.4.0/24"} assert.False(t, user.IsLoginFromAddrAllowed("10.5.4.2")) assert.True(t, user.IsLoginFromAddrAllowed("10.4.4.2")) assert.True(t, user.IsLoginFromAddrAllowed("invalid")) } func TestGetVirtualFolderForPath(t *testing.T) { user := getTestUser(true) mappedPath1 := filepath.Join(os.TempDir(), "vpath1") mappedPath2 := filepath.Join(os.TempDir(), "vpath1") mappedPath3 := filepath.Join(os.TempDir(), "vpath3") vdirPath := "/vdir/sub" vSubDirPath := path.Join(vdirPath, "subdir", "subdir") vSubDir1Path := path.Join(vSubDirPath, "subdir", "subdir") user.VirtualFolders = append(user.VirtualFolders, vfs.VirtualFolder{ BaseVirtualFolder: vfs.BaseVirtualFolder{ MappedPath: mappedPath1, }, VirtualPath: vdirPath, }) user.VirtualFolders = append(user.VirtualFolders, vfs.VirtualFolder{ BaseVirtualFolder: vfs.BaseVirtualFolder{ MappedPath: mappedPath2, }, VirtualPath: vSubDir1Path, }) user.VirtualFolders = append(user.VirtualFolders, vfs.VirtualFolder{ BaseVirtualFolder: vfs.BaseVirtualFolder{ MappedPath: mappedPath3, }, VirtualPath: vSubDirPath, }) folder, err := user.GetVirtualFolderForPath(path.Join(vSubDirPath, "file")) assert.NoError(t, err) assert.Equal(t, folder.MappedPath, mappedPath3) _, err = user.GetVirtualFolderForPath("/file") assert.Error(t, err) folder, err = user.GetVirtualFolderForPath(path.Join(vdirPath, "/file")) assert.NoError(t, err) assert.Equal(t, folder.MappedPath, mappedPath1) folder, err = user.GetVirtualFolderForPath(path.Join(vSubDirPath+"1", "file")) assert.NoError(t, err) assert.Equal(t, folder.MappedPath, mappedPath1) _, err = user.GetVirtualFolderForPath("/vdir/sub1/file") assert.Error(t, err) folder, err = user.GetVirtualFolderForPath(vdirPath) assert.NoError(t, err) } func TestStatVFS(t *testing.T) { usePubKey := false user, _, err := httpdtest.AddUser(getTestUser(usePubKey), http.StatusCreated) assert.NoError(t, err) testFileSize := int64(65535) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() stat, err := client.StatVFS("/") assert.NoError(t, err) assert.Greater(t, stat.ID, uint32(0)) assert.Greater(t, stat.Blocks, uint64(0)) assert.Greater(t, stat.Bsize, uint64(0)) _, err = client.StatVFS("missing-path") assert.Error(t, err) assert.True(t, errors.Is(err, fs.ErrNotExist)) } user.QuotaFiles = 100 user.Filters.DisableFsChecks = true user, _, err = httpdtest.UpdateUser(user, http.StatusOK, "") assert.NoError(t, err) conn, client, err = getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() testFilePath := filepath.Join(homeBasePath, testFileName) err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.NoError(t, err) err = os.Remove(testFilePath) assert.NoError(t, err) _, err = client.StatVFS("missing-path") assert.Error(t, err) assert.ErrorIs(t, err, fs.ErrNotExist) stat, err := client.StatVFS("/") assert.NoError(t, err) assert.Greater(t, stat.ID, uint32(0)) assert.Greater(t, stat.Blocks, uint64(0)) assert.Greater(t, stat.Bsize, uint64(0)) assert.Equal(t, uint64(100), stat.Files) assert.Equal(t, uint64(99), stat.Ffree) } user.QuotaSize = 8192 user, _, err = httpdtest.UpdateUser(user, http.StatusOK, "") assert.NoError(t, err) conn, client, err = getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() stat, err := client.StatVFS("/") assert.NoError(t, err) assert.Greater(t, stat.ID, uint32(0)) assert.Greater(t, stat.Blocks, uint64(0)) assert.Greater(t, stat.Bsize, uint64(0)) assert.Equal(t, uint64(100), stat.Files) assert.Equal(t, uint64(0), stat.Ffree) assert.Equal(t, uint64(2), stat.Blocks) assert.Equal(t, uint64(0), stat.Bfree) } user.QuotaFiles = 0 user, _, err = httpdtest.UpdateUser(user, http.StatusOK, "") assert.NoError(t, err) conn, client, err = getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() stat, err := client.StatVFS("/") assert.NoError(t, err) assert.Greater(t, stat.ID, uint32(0)) assert.Greater(t, stat.Blocks, uint64(0)) assert.Greater(t, stat.Bsize, uint64(0)) assert.Greater(t, stat.Files, uint64(0)) assert.Equal(t, uint64(0), stat.Ffree) assert.Equal(t, uint64(2), stat.Blocks) assert.Equal(t, uint64(0), stat.Bfree) } user.QuotaSize = 1 user, _, err = httpdtest.UpdateUser(user, http.StatusOK, "") assert.NoError(t, err) conn, client, err = getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() stat, err := client.StatVFS("/") assert.NoError(t, err) assert.Greater(t, stat.ID, uint32(0)) assert.Equal(t, uint64(1), stat.Blocks) assert.Equal(t, uint64(1), stat.Bsize) assert.Greater(t, stat.Files, uint64(0)) assert.Equal(t, uint64(0), stat.Ffree) assert.Equal(t, uint64(1), stat.Blocks) assert.Equal(t, uint64(0), stat.Bfree) } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) } func TestStatVFSCloudBackend(t *testing.T) { usePubKey := true u := getTestUser(usePubKey) u.FsConfig.Provider = sdk.AzureBlobFilesystemProvider u.FsConfig.AzBlobConfig.SASURL = kms.NewPlainSecret("https://myaccount.blob.core.windows.net/sasurl") user, resp, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err, string(resp)) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() err = dataprovider.UpdateUserQuota(&user, 100, 8192, true) assert.NoError(t, err) stat, err := client.StatVFS("/") assert.NoError(t, err) assert.Greater(t, stat.ID, uint32(0)) assert.Greater(t, stat.Blocks, uint64(0)) assert.Greater(t, stat.Bsize, uint64(0)) assert.Equal(t, uint64(1000000+100), stat.Files) assert.Equal(t, uint64(2147483648+2), stat.Blocks) assert.Equal(t, uint64(1000000), stat.Ffree) assert.Equal(t, uint64(2147483648), stat.Bfree) } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) } func TestSSHCommands(t *testing.T) { usePubKey := false user, _, err := httpdtest.AddUser(getTestUser(usePubKey), http.StatusCreated) assert.NoError(t, err) _, err = runSSHCommand("ls", user, usePubKey) assert.Error(t, err, "unsupported ssh command must fail") _, err = runSSHCommand("cd", user, usePubKey) assert.NoError(t, err) out, err := runSSHCommand("pwd", user, usePubKey) if assert.NoError(t, err) { assert.Equal(t, "/\n", string(out)) } out, err = runSSHCommand("md5sum", user, usePubKey) assert.NoError(t, err) // echo -n '' | md5sum assert.Contains(t, string(out), "d41d8cd98f00b204e9800998ecf8427e") out, err = runSSHCommand("sha1sum", user, usePubKey) assert.NoError(t, err) assert.Contains(t, string(out), "da39a3ee5e6b4b0d3255bfef95601890afd80709") out, err = runSSHCommand("sha256sum", user, usePubKey) assert.NoError(t, err) assert.Contains(t, string(out), "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855") out, err = runSSHCommand("sha384sum", user, usePubKey) assert.NoError(t, err) assert.Contains(t, string(out), "38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b") _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) } func TestSSHFileHash(t *testing.T) { usePubKey := true localUser, _, err := httpdtest.AddUser(getTestUser(usePubKey), http.StatusCreated) assert.NoError(t, err) sftpUser, _, err := httpdtest.AddUser(getTestSFTPUser(usePubKey), http.StatusCreated) assert.NoError(t, err) u := getTestUserWithCryptFs(usePubKey) u.Username = u.Username + "_crypt" cryptUser, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) for _, user := range []dataprovider.User{localUser, sftpUser, cryptUser} { conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() testFilePath := filepath.Join(homeBasePath, testFileName) testFileSize := int64(65535) err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.NoError(t, err) user.Permissions = make(map[string][]string) user.Permissions["/"] = []string{dataprovider.PermUpload} _, _, err = httpdtest.UpdateUser(user, http.StatusOK, "") assert.NoError(t, err) _, err = runSSHCommand("sha512sum "+testFileName, user, usePubKey) assert.Error(t, err, "hash command with no list permission must fail") user.Permissions["/"] = []string{dataprovider.PermAny} _, _, err = httpdtest.UpdateUser(user, http.StatusOK, "") assert.NoError(t, err) initialHash, err := computeHashForFile(sha512.New(), testFilePath) assert.NoError(t, err) out, err := runSSHCommand("sha512sum "+testFileName, user, usePubKey) if assert.NoError(t, err) { assert.Contains(t, string(out), initialHash) } _, err = runSSHCommand("sha512sum invalid_path", user, usePubKey) assert.Error(t, err, "hash for an invalid path must fail") err = os.Remove(testFilePath) assert.NoError(t, err) } } _, err = httpdtest.RemoveUser(sftpUser, http.StatusOK) assert.NoError(t, err) _, err = httpdtest.RemoveUser(cryptUser, http.StatusOK) assert.NoError(t, err) _, err = httpdtest.RemoveUser(localUser, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(localUser.GetHomeDir()) assert.NoError(t, err) } func TestSSHCopy(t *testing.T) { usePubKey := true u := getTestUser(usePubKey) u.QuotaFiles = 100 mappedPath1 := filepath.Join(os.TempDir(), "vdir1") folderName1 := filepath.Base(mappedPath1) vdirPath1 := "/vdir1/subdir" mappedPath2 := filepath.Join(os.TempDir(), "vdir2") folderName2 := filepath.Base(mappedPath2) vdirPath2 := "/vdir2/subdir" u.VirtualFolders = append(u.VirtualFolders, vfs.VirtualFolder{ BaseVirtualFolder: vfs.BaseVirtualFolder{ Name: folderName1, }, VirtualPath: vdirPath1, QuotaFiles: -1, QuotaSize: -1, }) u.VirtualFolders = append(u.VirtualFolders, vfs.VirtualFolder{ BaseVirtualFolder: vfs.BaseVirtualFolder{ Name: folderName2, }, VirtualPath: vdirPath2, QuotaFiles: 100, QuotaSize: 0, }) u.Filters.FilePatterns = []sdk.PatternsFilter{ { Path: "/", DeniedPatterns: []string{"*.denied"}, }, } err := os.MkdirAll(mappedPath1, os.ModePerm) assert.NoError(t, err) err = os.MkdirAll(mappedPath2, os.ModePerm) assert.NoError(t, err) f1 := vfs.BaseVirtualFolder{ Name: folderName1, MappedPath: mappedPath1, } _, _, err = httpdtest.AddFolder(f1, http.StatusCreated) assert.NoError(t, err) f2 := vfs.BaseVirtualFolder{ Name: folderName2, MappedPath: mappedPath2, } _, _, err = httpdtest.AddFolder(f2, http.StatusCreated) assert.NoError(t, err) user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) testDir := "adir" testDir1 := "adir1" conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() testFileSize := int64(131072) testFilePath := filepath.Join(homeBasePath, testFileName) testFileName1 := "test_file1.dat" testFileSize1 := int64(65537) testFilePath1 := filepath.Join(homeBasePath, testFileName1) err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) err = createTestFile(testFilePath1, testFileSize1) assert.NoError(t, err) err = client.Mkdir(testDir) assert.NoError(t, err) err = client.Mkdir(path.Join(vdirPath1, testDir1)) assert.NoError(t, err) err = client.Mkdir(path.Join(vdirPath2, testDir1)) assert.NoError(t, err) err = sftpUploadFile(testFilePath, path.Join(testDir, testFileName), testFileSize, client) assert.NoError(t, err) err = sftpUploadFile(testFilePath1, path.Join(testDir, testFileName1), testFileSize1, client) assert.NoError(t, err) err = sftpUploadFile(testFilePath, path.Join(vdirPath1, testDir1, testFileName), testFileSize, client) assert.NoError(t, err) err = sftpUploadFile(testFilePath1, path.Join(vdirPath1, testDir1, testFileName1), testFileSize1, client) assert.NoError(t, err) err = sftpUploadFile(testFilePath, path.Join(vdirPath2, testDir1, testFileName), testFileSize, client) assert.NoError(t, err) err = sftpUploadFile(testFilePath1, path.Join(vdirPath2, testDir1, testFileName1), testFileSize1, client) assert.NoError(t, err) err = client.Symlink(path.Join(testDir, testFileName), testFileName) assert.NoError(t, err) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, 4, user.UsedQuotaFiles) assert.Equal(t, 2*testFileSize+2*testFileSize1, user.UsedQuotaSize) f, _, err := httpdtest.GetFolderByName(folderName1, http.StatusOK) assert.NoError(t, err) assert.Equal(t, testFileSize+testFileSize1, f.UsedQuotaSize) assert.Equal(t, 2, f.UsedQuotaFiles) f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK) assert.NoError(t, err) assert.Equal(t, testFileSize+testFileSize1, f.UsedQuotaSize) assert.Equal(t, 2, f.UsedQuotaFiles) _, err = client.Stat(testDir1) assert.Error(t, err) _, err = runSSHCommand(fmt.Sprintf("sftpgo-copy %s", path.Join(vdirPath1, testDir1)), user, usePubKey) assert.Error(t, err) _, err = runSSHCommand("sftpgo-copy", user, usePubKey) assert.Error(t, err) _, err = runSSHCommand(fmt.Sprintf("sftpgo-copy %s %s", testFileName, testFileName+".linkcopy"), user, usePubKey) assert.Error(t, err) out, err := runSSHCommand(fmt.Sprintf("sftpgo-copy %s %s", path.Join(vdirPath1, testDir1), "."), user, usePubKey) if assert.NoError(t, err) { assert.Equal(t, "OK\n", string(out)) fi, err := client.Stat(testDir1) if assert.NoError(t, err) { assert.True(t, fi.IsDir()) } user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, 6, user.UsedQuotaFiles) assert.Equal(t, 3*testFileSize+3*testFileSize1, user.UsedQuotaSize) } _, err = runSSHCommand(fmt.Sprintf("sftpgo-copy %v %v", "missing\\ dir", "."), user, usePubKey) assert.Error(t, err) _, err = runSSHCommand(fmt.Sprintf("sftpgo-copy %v %v", path.Join(vdirPath1, testDir1), "."), user, usePubKey) if assert.NoError(t, err) { // all files are overwritten, quota must remain unchanged user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, 6, user.UsedQuotaFiles) assert.Equal(t, 3*testFileSize+3*testFileSize1, user.UsedQuotaSize) } out, err = runSSHCommand(fmt.Sprintf("sftpgo-copy %v %v", path.Join(vdirPath2, testDir1, testFileName), testFileName+".copy"), //nolint:goconst user, usePubKey) if assert.NoError(t, err) { assert.Equal(t, "OK\n", string(out)) fi, err := client.Stat(testFileName + ".copy") //nolint:goconst if assert.NoError(t, err) { assert.True(t, fi.Mode().IsRegular()) } user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, 7, user.UsedQuotaFiles) assert.Equal(t, 4*testFileSize+3*testFileSize1, user.UsedQuotaSize) } out, err = runSSHCommand(fmt.Sprintf("sftpgo-copy %v %v", path.Join(vdirPath1, testDir1), path.Join(vdirPath2, testDir1+"copy")), //nolint:goconst user, usePubKey) if assert.NoError(t, err) { assert.Equal(t, "OK\n", string(out)) fi, err := client.Stat(path.Join(vdirPath2, testDir1+"copy")) if assert.NoError(t, err) { assert.True(t, fi.IsDir()) } user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, 7, user.UsedQuotaFiles) assert.Equal(t, 4*testFileSize+3*testFileSize1, user.UsedQuotaSize) f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK) assert.NoError(t, err) assert.Equal(t, testFileSize*2+testFileSize1*2, f.UsedQuotaSize) assert.Equal(t, 4, f.UsedQuotaFiles) } out, err = runSSHCommand(fmt.Sprintf("sftpgo-copy %v %v", path.Join(vdirPath1, testDir1), path.Join(vdirPath1, testDir1+"copy")), user, usePubKey) if assert.NoError(t, err) { assert.Equal(t, "OK\n", string(out)) _, err := client.Stat(path.Join(vdirPath2, testDir1+"copy")) assert.NoError(t, err) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, 9, user.UsedQuotaFiles) assert.Equal(t, 5*testFileSize+4*testFileSize1, user.UsedQuotaSize) f, _, err = httpdtest.GetFolderByName(folderName1, http.StatusOK) assert.NoError(t, err) assert.Equal(t, 2*testFileSize+2*testFileSize1, f.UsedQuotaSize) assert.Equal(t, 4, f.UsedQuotaFiles) } // cross folder copy newDir := "newdir" _, err = runSSHCommand(fmt.Sprintf("sftpgo-copy %v %v", path.Join(vdirPath2, ".."), newDir), user, usePubKey) assert.NoError(t, err) _, err = client.Stat(newDir) assert.NoError(t, err) // denied pattern _, err = runSSHCommand(fmt.Sprintf("sftpgo-copy %v %v", path.Join(testDir, testFileName), testFileName+".denied"), user, usePubKey) assert.Error(t, err) if runtime.GOOS != osWindows { subPath := filepath.Join(mappedPath1, testDir1, "asubdir", "anothersub", "another") err = os.MkdirAll(subPath, os.ModePerm) assert.NoError(t, err) err = os.Chmod(subPath, 0001) assert.NoError(t, err) // listing contents for subdirs with no permissions will fail _, err = runSSHCommand(fmt.Sprintf("sftpgo-copy %v %v", vdirPath1, "newdir1"), user, usePubKey) assert.Error(t, err) err = os.Chmod(subPath, os.ModePerm) assert.NoError(t, err) err = os.Chmod(filepath.Join(user.GetHomeDir(), testDir1), 0555) assert.NoError(t, err) _, err = runSSHCommand(fmt.Sprintf("sftpgo-copy %v %v", path.Join(vdirPath1, testDir1, testFileName), path.Join(testDir1, "anewdir")), user, usePubKey) assert.Error(t, err) err = os.Chmod(filepath.Join(user.GetHomeDir(), testDir1), os.ModePerm) assert.NoError(t, err) err = os.Chmod(user.GetHomeDir(), os.ModePerm) assert.NoError(t, err) } err = os.Remove(testFilePath) assert.NoError(t, err) err = os.Remove(testFilePath1) assert.NoError(t, err) } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) _, err = httpdtest.RemoveFolder(vfs.BaseVirtualFolder{Name: folderName1}, http.StatusOK) assert.NoError(t, err) _, err = httpdtest.RemoveFolder(vfs.BaseVirtualFolder{Name: folderName2}, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) err = os.RemoveAll(mappedPath1) assert.NoError(t, err) err = os.RemoveAll(mappedPath2) assert.NoError(t, err) } func TestSSHCopyPermissions(t *testing.T) { usePubKey := false u := getTestUser(usePubKey) u.Permissions["/dir1"] = []string{dataprovider.PermUpload, dataprovider.PermDownload, dataprovider.PermListItems} u.Permissions["/dir2"] = []string{dataprovider.PermCreateDirs, dataprovider.PermUpload, dataprovider.PermDownload, dataprovider.PermListItems, dataprovider.PermCopy} u.Permissions["/dir3"] = []string{dataprovider.PermCreateDirs, dataprovider.PermCreateSymlinks, dataprovider.PermDownload, dataprovider.PermListItems} user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() testDir := "tDir" testFileSize := int64(131072) testFilePath := filepath.Join(homeBasePath, testFileName) err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) err = client.Mkdir(testDir) assert.NoError(t, err) err = sftpUploadFile(testFilePath, path.Join("/", testDir, testFileName), testFileSize, client) assert.NoError(t, err) // test copy file with no permission _, err = runSSHCommand(fmt.Sprintf("sftpgo-copy %v %v", path.Join("/", testDir, testFileName), path.Join("/dir3", testFileName)), user, usePubKey) assert.Error(t, err) // test copy dir with no create dirs perm _, err = runSSHCommand(fmt.Sprintf("sftpgo-copy %v %v", path.Join("/", testDir), "/dir1/"), user, usePubKey) assert.Error(t, err) // dir2 has the needed permissions _, err = runSSHCommand(fmt.Sprintf("sftpgo-copy %v %v", path.Join("/", testDir), "/dir2/"), user, usePubKey) assert.NoError(t, err) info, err := client.Stat(path.Join("/dir2", testDir)) if assert.NoError(t, err) { assert.True(t, info.IsDir()) } info, err = client.Stat(path.Join("/dir2", testDir, testFileName)) if assert.NoError(t, err) { assert.True(t, info.Mode().IsRegular()) } // now create a symlink, dir2 has no create symlink permission, but symlinks will be ignored err = client.Symlink(path.Join("/", testDir, testFileName), path.Join("/", testDir, testFileName+".link")) assert.NoError(t, err) _, err = runSSHCommand(fmt.Sprintf("sftpgo-copy %v %v", path.Join("/", testDir), "/dir2/sub"), user, usePubKey) assert.NoError(t, err) _, err = runSSHCommand(fmt.Sprintf("sftpgo-copy %v %v", path.Join("/", testDir), "/newdir"), user, usePubKey) assert.NoError(t, err) // now delete the file and copy inside /dir3 err = client.Remove(path.Join("/", testDir, testFileName)) assert.NoError(t, err) // the symlink will be skipped, so no errors _, err = runSSHCommand(fmt.Sprintf("sftpgo-copy %v %v", path.Join("/", testDir), "/dir3"), user, usePubKey) assert.NoError(t, err) err = os.Remove(testFilePath) assert.NoError(t, err) } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) } func TestSSHCopyQuotaLimits(t *testing.T) { usePubKey := true testFileSize := int64(131072) testFileSize1 := int64(65536) testFileSize2 := int64(32768) u := getTestUser(usePubKey) u.QuotaFiles = 3 u.QuotaSize = testFileSize + testFileSize1 + 1 mappedPath1 := filepath.Join(os.TempDir(), "vdir1") folderName1 := filepath.Base(mappedPath1) vdirPath1 := "/vdir1" mappedPath2 := filepath.Join(os.TempDir(), "vdir2") folderName2 := filepath.Base(mappedPath2) vdirPath2 := "/vdir2" u.VirtualFolders = append(u.VirtualFolders, vfs.VirtualFolder{ BaseVirtualFolder: vfs.BaseVirtualFolder{ Name: folderName1, }, VirtualPath: vdirPath1, QuotaFiles: -1, QuotaSize: -1, }) u.VirtualFolders = append(u.VirtualFolders, vfs.VirtualFolder{ BaseVirtualFolder: vfs.BaseVirtualFolder{ Name: folderName2, }, VirtualPath: vdirPath2, QuotaFiles: 3, QuotaSize: testFileSize + testFileSize1 + 1, }) u.Filters.FilePatterns = []sdk.PatternsFilter{ { Path: "/", DeniedPatterns: []string{"*.denied"}, }, } err := os.MkdirAll(mappedPath1, os.ModePerm) assert.NoError(t, err) err = os.MkdirAll(mappedPath2, os.ModePerm) assert.NoError(t, err) f1 := vfs.BaseVirtualFolder{ Name: folderName1, MappedPath: mappedPath1, } _, _, err = httpdtest.AddFolder(f1, http.StatusCreated) assert.NoError(t, err) f2 := vfs.BaseVirtualFolder{ Name: folderName2, MappedPath: mappedPath2, } _, _, err = httpdtest.AddFolder(f2, http.StatusCreated) assert.NoError(t, err) user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() testDir := "testDir" testFilePath := filepath.Join(homeBasePath, testFileName) testFileName1 := "test_file1.dat" testFilePath1 := filepath.Join(homeBasePath, testFileName1) testFileName2 := "test_file2.dat" testFilePath2 := filepath.Join(homeBasePath, testFileName2) err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) err = createTestFile(testFilePath1, testFileSize1) assert.NoError(t, err) err = createTestFile(testFilePath2, testFileSize2) assert.NoError(t, err) err = client.Mkdir(testDir) assert.NoError(t, err) err = client.Mkdir(path.Join(vdirPath2, testDir)) assert.NoError(t, err) err = sftpUploadFile(testFilePath2, path.Join(testDir, testFileName2), testFileSize2, client) assert.NoError(t, err) err = sftpUploadFile(testFilePath2, path.Join(testDir, testFileName2+".dupl"), testFileSize2, client) assert.NoError(t, err) err = sftpUploadFile(testFilePath2, path.Join(vdirPath2, testDir, testFileName2), testFileSize2, client) assert.NoError(t, err) err = sftpUploadFile(testFilePath2, path.Join(vdirPath2, testDir, testFileName2+".dupl"), testFileSize2, client) assert.NoError(t, err) // user quota: 2 files, size: 32768*2, folder2 quota: 2 files, size: 32768*2 // try to duplicate testDir, this will result in 4 file (over quota) and 32768*4 bytes (not over quota) _, err = runSSHCommand(fmt.Sprintf("sftpgo-copy %v %v", testDir, testDir+"_copy"), user, usePubKey) //nolint:goconst assert.Error(t, err) _, err = runSSHCommand(fmt.Sprintf("sftpgo-copy %v %v", path.Join(vdirPath2, testDir), path.Join(vdirPath2, testDir+"_copy")), user, usePubKey) assert.Error(t, err) _, err = runSSHCommand(fmt.Sprintf("sftpgo-remove %v", testDir), user, usePubKey) assert.NoError(t, err) _, err = runSSHCommand(fmt.Sprintf("sftpgo-remove %v", path.Join(vdirPath2, testDir)), user, usePubKey) assert.NoError(t, err) // remove partially copied dirs _, err = runSSHCommand(fmt.Sprintf("sftpgo-remove %v", testDir+"_copy"), user, usePubKey) assert.NoError(t, err) _, err = runSSHCommand(fmt.Sprintf("sftpgo-remove %v", path.Join(vdirPath2, testDir+"_copy")), user, usePubKey) assert.NoError(t, err) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, 0, user.UsedQuotaFiles) assert.Equal(t, int64(0), user.UsedQuotaSize) f, _, err := httpdtest.GetFolderByName(folderName1, http.StatusOK) assert.NoError(t, err) assert.Equal(t, 0, f.UsedQuotaFiles) assert.Equal(t, int64(0), f.UsedQuotaSize) f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK) assert.NoError(t, err) assert.Equal(t, 0, f.UsedQuotaFiles) assert.Equal(t, int64(0), f.UsedQuotaSize) err = client.Mkdir(path.Join(vdirPath1, testDir)) assert.NoError(t, err) err = client.Mkdir(path.Join(vdirPath2, testDir)) assert.NoError(t, err) err = sftpUploadFile(testFilePath, path.Join(vdirPath1, testDir, testFileName), testFileSize, client) assert.NoError(t, err) err = sftpUploadFile(testFilePath1, path.Join(vdirPath1, testDir, testFileName1), testFileSize1, client) assert.NoError(t, err) err = sftpUploadFile(testFilePath, path.Join(vdirPath2, testDir, testFileName), testFileSize, client) assert.NoError(t, err) err = sftpUploadFile(testFilePath1, path.Join(vdirPath2, testDir, testFileName1), testFileSize1, client) assert.NoError(t, err) // vdir1 is included in user quota, file limit will be exceeded _, err = runSSHCommand(fmt.Sprintf("sftpgo-copy %v %v", path.Join(vdirPath1, testDir), "/"), user, usePubKey) assert.Error(t, err) // vdir2 size limit will be exceeded _, err = runSSHCommand(fmt.Sprintf("sftpgo-copy %v %v", path.Join(vdirPath1, testDir, testFileName), vdirPath2+"/"), user, usePubKey) assert.Error(t, err) // now decrease the limits user.QuotaFiles = 1 user.QuotaSize = testFileSize * 10 for idx, f := range user.VirtualFolders { if f.Name == folderName2 { user.VirtualFolders[idx].QuotaSize = testFileSize user.VirtualFolders[idx].QuotaFiles = 10 } } user, _, err = httpdtest.UpdateUser(user, http.StatusOK, "") assert.NoError(t, err) assert.Equal(t, 1, user.QuotaFiles) assert.Equal(t, testFileSize*10, user.QuotaSize) if assert.Len(t, user.VirtualFolders, 2) { for _, f := range user.VirtualFolders { if f.Name == folderName2 { assert.Equal(t, testFileSize, f.QuotaSize) assert.Equal(t, 10, f.QuotaFiles) } } } _, err = runSSHCommand(fmt.Sprintf("sftpgo-copy %v %v", path.Join(vdirPath1, testDir), path.Join(vdirPath2, testDir+".copy")), user, usePubKey) assert.Error(t, err) _, err = runSSHCommand(fmt.Sprintf("sftpgo-copy %v %v", path.Join(vdirPath2, testDir), testDir+".copy"), user, usePubKey) assert.Error(t, err) err = os.Remove(testFilePath) assert.NoError(t, err) err = os.Remove(testFilePath1) assert.NoError(t, err) err = os.Remove(testFilePath2) assert.NoError(t, err) } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) _, err = httpdtest.RemoveFolder(vfs.BaseVirtualFolder{Name: folderName1}, http.StatusOK) assert.NoError(t, err) _, err = httpdtest.RemoveFolder(vfs.BaseVirtualFolder{Name: folderName2}, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) err = os.RemoveAll(mappedPath1) assert.NoError(t, err) err = os.RemoveAll(mappedPath2) assert.NoError(t, err) } func TestSSHRemove(t *testing.T) { usePubKey := false u := getTestUser(usePubKey) u.QuotaFiles = 100 mappedPath1 := filepath.Join(os.TempDir(), "vdir1") folderName1 := filepath.Base(mappedPath1) vdirPath1 := "/vdir1/sub" mappedPath2 := filepath.Join(os.TempDir(), "vdir2") folderName2 := filepath.Base(mappedPath2) vdirPath2 := "/vdir2/sub" u.VirtualFolders = append(u.VirtualFolders, vfs.VirtualFolder{ BaseVirtualFolder: vfs.BaseVirtualFolder{ Name: folderName1, }, VirtualPath: vdirPath1, QuotaFiles: -1, QuotaSize: -1, }) u.VirtualFolders = append(u.VirtualFolders, vfs.VirtualFolder{ BaseVirtualFolder: vfs.BaseVirtualFolder{ Name: folderName2, }, VirtualPath: vdirPath2, QuotaFiles: 100, QuotaSize: 0, }) f1 := vfs.BaseVirtualFolder{ Name: folderName1, MappedPath: mappedPath1, } _, _, err := httpdtest.AddFolder(f1, http.StatusCreated) assert.NoError(t, err) f2 := vfs.BaseVirtualFolder{ Name: folderName2, MappedPath: mappedPath2, } _, _, err = httpdtest.AddFolder(f2, http.StatusCreated) assert.NoError(t, err) err = os.MkdirAll(mappedPath1, os.ModePerm) assert.NoError(t, err) err = os.MkdirAll(mappedPath2, os.ModePerm) assert.NoError(t, err) user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() testFileSize := int64(131072) testFilePath := filepath.Join(homeBasePath, testFileName) testFileName1 := "test_file1.dat" testFileSize1 := int64(65537) testFilePath1 := filepath.Join(homeBasePath, testFileName1) testDir := "testdir" err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) err = createTestFile(testFilePath1, testFileSize1) assert.NoError(t, err) err = client.Mkdir(path.Join(vdirPath1, testDir)) assert.NoError(t, err) err = client.Mkdir(path.Join(vdirPath2, testDir)) assert.NoError(t, err) err = sftpUploadFile(testFilePath, testFileName, testFileSize, client) assert.NoError(t, err) err = sftpUploadFile(testFilePath1, testFileName1, testFileSize1, client) assert.NoError(t, err) err = sftpUploadFile(testFilePath, path.Join(vdirPath1, testDir, testFileName), testFileSize, client) assert.NoError(t, err) err = sftpUploadFile(testFilePath1, path.Join(vdirPath1, testDir, testFileName1), testFileSize1, client) assert.NoError(t, err) err = sftpUploadFile(testFilePath, path.Join(vdirPath2, testDir, testFileName), testFileSize, client) assert.NoError(t, err) err = sftpUploadFile(testFilePath1, path.Join(vdirPath2, testDir, testFileName1), testFileSize1, client) assert.NoError(t, err) err = client.Symlink(testFileName, testFileName+".link") assert.NoError(t, err) _, err = runSSHCommand(fmt.Sprintf("sftpgo-remove %v", testFileName+".link"), user, usePubKey) assert.NoError(t, err) _, err = runSSHCommand("sftpgo-remove /vdir1", user, usePubKey) assert.Error(t, err) _, err = runSSHCommand("sftpgo-remove /", user, usePubKey) assert.Error(t, err) _, err = runSSHCommand("sftpgo-remove", user, usePubKey) assert.Error(t, err) out, err := runSSHCommand(fmt.Sprintf("sftpgo-remove %v", testFileName), user, usePubKey) if assert.NoError(t, err) { assert.Equal(t, "OK\n", string(out)) _, err := client.Stat(testFileName) assert.Error(t, err) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, 3, user.UsedQuotaFiles) assert.Equal(t, testFileSize+2*testFileSize1, user.UsedQuotaSize) } out, err = runSSHCommand(fmt.Sprintf("sftpgo-remove %v", path.Join(vdirPath1, testDir)), user, usePubKey) if assert.NoError(t, err) { assert.Equal(t, "OK\n", string(out)) _, err := client.Stat(path.Join(vdirPath1, testFileName)) assert.Error(t, err) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, 1, user.UsedQuotaFiles) assert.Equal(t, testFileSize1, user.UsedQuotaSize) } _, err = runSSHCommand(fmt.Sprintf("sftpgo-remove %v", vdirPath1), user, usePubKey) assert.Error(t, err) _, err = runSSHCommand("sftpgo-remove /", user, usePubKey) assert.Error(t, err) _, err = runSSHCommand("sftpgo-remove missing_file", user, usePubKey) assert.Error(t, err) if runtime.GOOS != osWindows { err = os.Chmod(filepath.Join(mappedPath2, testDir), 0555) assert.NoError(t, err) _, err = runSSHCommand(fmt.Sprintf("sftpgo-remove %v", path.Join(vdirPath2, testDir)), user, usePubKey) assert.Error(t, err) err = os.Chmod(filepath.Join(mappedPath2, testDir), 0001) assert.NoError(t, err) _, err = runSSHCommand(fmt.Sprintf("sftpgo-remove %v", path.Join(vdirPath2, testDir)), user, usePubKey) assert.Error(t, err) err = os.Chmod(filepath.Join(mappedPath2, testDir), os.ModePerm) assert.NoError(t, err) } } // test remove dir with no delete perm user.Permissions["/"] = []string{dataprovider.PermUpload, dataprovider.PermDownload, dataprovider.PermListItems} _, _, err = httpdtest.UpdateUser(user, http.StatusOK, "") assert.NoError(t, err) conn, client, err = getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() _, err = runSSHCommand("sftpgo-remove adir", user, usePubKey) assert.Error(t, err) } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) _, err = httpdtest.RemoveFolder(vfs.BaseVirtualFolder{Name: folderName1}, http.StatusOK) assert.NoError(t, err) _, err = httpdtest.RemoveFolder(vfs.BaseVirtualFolder{Name: folderName2}, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) err = os.RemoveAll(mappedPath1) assert.NoError(t, err) err = os.RemoveAll(mappedPath2) assert.NoError(t, err) } func TestSSHRemoveCryptFs(t *testing.T) { usePubKey := false u := getTestUserWithCryptFs(usePubKey) u.QuotaFiles = 100 mappedPath1 := filepath.Join(os.TempDir(), "vdir1") folderName1 := filepath.Base(mappedPath1) vdirPath1 := "/vdir1/sub" mappedPath2 := filepath.Join(os.TempDir(), "vdir2") folderName2 := filepath.Base(mappedPath2) vdirPath2 := "/vdir2/sub" u.VirtualFolders = append(u.VirtualFolders, vfs.VirtualFolder{ BaseVirtualFolder: vfs.BaseVirtualFolder{ Name: folderName1, }, VirtualPath: vdirPath1, QuotaFiles: -1, QuotaSize: -1, }) u.VirtualFolders = append(u.VirtualFolders, vfs.VirtualFolder{ BaseVirtualFolder: vfs.BaseVirtualFolder{ Name: folderName2, }, VirtualPath: vdirPath2, QuotaFiles: 100, QuotaSize: 0, }) f1 := vfs.BaseVirtualFolder{ Name: folderName1, MappedPath: mappedPath1, } _, _, err := httpdtest.AddFolder(f1, http.StatusCreated) assert.NoError(t, err) f2 := vfs.BaseVirtualFolder{ Name: folderName2, MappedPath: mappedPath2, FsConfig: vfs.Filesystem{ Provider: sdk.CryptedFilesystemProvider, CryptConfig: vfs.CryptFsConfig{ Passphrase: kms.NewPlainSecret(defaultPassword), }, }, } _, _, err = httpdtest.AddFolder(f2, http.StatusCreated) assert.NoError(t, err) user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() testDir := "tdir" err = client.Mkdir(testDir) assert.NoError(t, err) err = client.Mkdir(path.Join(vdirPath1, testDir)) assert.NoError(t, err) err = client.Mkdir(path.Join(vdirPath2, testDir)) assert.NoError(t, err) testFileSize := int64(32768) testFileSize1 := int64(65536) testFileName1 := "test_file1.dat" err = writeSFTPFile(testFileName, testFileSize, client) assert.NoError(t, err) err = writeSFTPFile(testFileName1, testFileSize1, client) assert.NoError(t, err) err = writeSFTPFile(path.Join(testDir, testFileName), testFileSize, client) assert.NoError(t, err) err = writeSFTPFile(path.Join(testDir, testFileName1), testFileSize1, client) assert.NoError(t, err) err = writeSFTPFile(path.Join(vdirPath1, testDir, testFileName), testFileSize, client) assert.NoError(t, err) err = writeSFTPFile(path.Join(vdirPath1, testDir, testFileName1), testFileSize1, client) assert.NoError(t, err) err = writeSFTPFile(path.Join(vdirPath2, testDir, testFileName), testFileSize, client) assert.NoError(t, err) err = writeSFTPFile(path.Join(vdirPath2, testDir, testFileName1), testFileSize1, client) assert.NoError(t, err) _, err = runSSHCommand("sftpgo-remove /vdir2", user, usePubKey) assert.Error(t, err) out, err := runSSHCommand(fmt.Sprintf("sftpgo-remove %v", testFileName), user, usePubKey) if assert.NoError(t, err) { assert.Equal(t, "OK\n", string(out)) _, err := client.Stat(testFileName) assert.Error(t, err) } out, err = runSSHCommand(fmt.Sprintf("sftpgo-remove %v", testDir), user, usePubKey) if assert.NoError(t, err) { assert.Equal(t, "OK\n", string(out)) } out, err = runSSHCommand(fmt.Sprintf("sftpgo-remove %v", path.Join(vdirPath1, testDir)), user, usePubKey) if assert.NoError(t, err) { assert.Equal(t, "OK\n", string(out)) } out, err = runSSHCommand(fmt.Sprintf("sftpgo-remove %v", path.Join(vdirPath2, testDir, testFileName)), user, usePubKey) if assert.NoError(t, err) { assert.Equal(t, "OK\n", string(out)) } err = writeSFTPFile(path.Join(vdirPath2, testDir, testFileName), testFileSize, client) assert.NoError(t, err) out, err = runSSHCommand(fmt.Sprintf("sftpgo-remove %v", path.Join(vdirPath2, testDir)), user, usePubKey) if assert.NoError(t, err) { assert.Equal(t, "OK\n", string(out)) } user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, 1, user.UsedQuotaFiles) assert.Greater(t, user.UsedQuotaSize, testFileSize1) } _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) _, err = httpdtest.RemoveFolder(vfs.BaseVirtualFolder{Name: folderName1}, http.StatusOK) assert.NoError(t, err) _, err = httpdtest.RemoveFolder(vfs.BaseVirtualFolder{Name: folderName2}, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) err = os.RemoveAll(mappedPath1) assert.NoError(t, err) err = os.RemoveAll(mappedPath2) assert.NoError(t, err) } func TestBasicGitCommands(t *testing.T) { if len(gitPath) == 0 || len(sshPath) == 0 || runtime.GOOS == osWindows { t.Skip("git and/or ssh command not found or OS is windows, unable to execute this test") } usePubKey := true u := getTestUser(usePubKey) user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) repoName := "testrepo" //nolint:goconst clonePath := filepath.Join(homeBasePath, repoName) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) err = os.RemoveAll(filepath.Join(homeBasePath, repoName)) assert.NoError(t, err) out, err := initGitRepo(filepath.Join(user.HomeDir, repoName)) assert.NoError(t, err, "unexpected error, out: %v", string(out)) out, err = cloneGitRepo(homeBasePath, "/"+repoName, user.Username) assert.NoError(t, err, "unexpected error, out: %v", string(out)) out, err = addFileToGitRepo(clonePath, 128) assert.NoError(t, err, "unexpected error, out: %v", string(out)) user.QuotaFiles = 100000 _, _, err = httpdtest.UpdateUser(user, http.StatusOK, "") assert.NoError(t, err) out, err = pushToGitRepo(clonePath) if !assert.NoError(t, err, "unexpected error, out: %v", string(out)) { printLatestLogs(10) } out, err = addFileToGitRepo(clonePath, 131072) assert.NoError(t, err, "unexpected error, out: %v", string(out)) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) user.QuotaSize = user.UsedQuotaSize + 1 _, _, err = httpdtest.UpdateUser(user, http.StatusOK, "") assert.NoError(t, err) out, err = pushToGitRepo(clonePath) assert.Error(t, err, "git push must fail if quota is exceeded, out: %v", string(out)) aDir := filepath.Join(user.GetHomeDir(), repoName, "adir") err = os.MkdirAll(aDir, 0001) assert.NoError(t, err) _, err = pushToGitRepo(clonePath) assert.Error(t, err) err = os.Chmod(aDir, os.ModePerm) assert.NoError(t, err) _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) err = os.RemoveAll(clonePath) assert.NoError(t, err) } func TestGitIncludedVirtualFolders(t *testing.T) { if len(gitPath) == 0 || len(sshPath) == 0 || runtime.GOOS == osWindows { t.Skip("git and/or ssh command not found or OS is windows, unable to execute this test") } usePubKey := true repoName := "trepo" u := getTestUser(usePubKey) u.QuotaFiles = 10000 mappedPath := filepath.Join(os.TempDir(), "repo") folderName := filepath.Base(mappedPath) u.VirtualFolders = append(u.VirtualFolders, vfs.VirtualFolder{ BaseVirtualFolder: vfs.BaseVirtualFolder{ Name: folderName, }, VirtualPath: "/" + repoName, QuotaFiles: -1, QuotaSize: -1, }) f := vfs.BaseVirtualFolder{ Name: folderName, MappedPath: mappedPath, } _, _, err := httpdtest.AddFolder(f, http.StatusCreated) assert.NoError(t, err) user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) clonePath := filepath.Join(homeBasePath, repoName) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) err = os.RemoveAll(filepath.Join(homeBasePath, repoName)) assert.NoError(t, err) out, err := initGitRepo(mappedPath) assert.NoError(t, err, "unexpected error, out: %v", string(out)) out, err = cloneGitRepo(homeBasePath, "/"+repoName, user.Username) assert.NoError(t, err, "unexpected error, out: %v", string(out)) out, err = addFileToGitRepo(clonePath, 128) assert.NoError(t, err, "unexpected error, out: %v", string(out)) out, err = pushToGitRepo(clonePath) assert.NoError(t, err, "unexpected error, out: %v", string(out)) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) if user.UsedQuotaFiles == 0 { assert.Eventually(t, func() bool { user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) if err != nil { return false } return user.QuotaFiles > 0 }, 1*time.Second, 100*time.Millisecond) } user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Greater(t, user.UsedQuotaFiles, 0) assert.Greater(t, user.UsedQuotaSize, int64(0)) folder, _, err := httpdtest.GetFolderByName(folderName, http.StatusOK) assert.NoError(t, err) assert.Equal(t, user.UsedQuotaFiles, folder.UsedQuotaFiles) assert.Equal(t, user.UsedQuotaSize, folder.UsedQuotaSize) _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) _, err = httpdtest.RemoveFolder(vfs.BaseVirtualFolder{Name: folderName}, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(mappedPath) assert.NoError(t, err) err = os.RemoveAll(clonePath) assert.NoError(t, err) } func TestGitQuotaVirtualFolders(t *testing.T) { if len(gitPath) == 0 || len(sshPath) == 0 || runtime.GOOS == osWindows { t.Skip("git and/or ssh command not found or OS is windows, unable to execute this test") } usePubKey := true repoName := "testrepo" u := getTestUser(usePubKey) u.QuotaFiles = 1 u.QuotaSize = 131072 mappedPath := filepath.Join(os.TempDir(), "repo") folderName := filepath.Base(mappedPath) u.VirtualFolders = append(u.VirtualFolders, vfs.VirtualFolder{ BaseVirtualFolder: vfs.BaseVirtualFolder{ Name: folderName, }, VirtualPath: "/" + repoName, QuotaFiles: 0, QuotaSize: 0, }) f := vfs.BaseVirtualFolder{ Name: folderName, MappedPath: mappedPath, } _, _, err := httpdtest.AddFolder(f, http.StatusCreated) assert.NoError(t, err) err = os.MkdirAll(mappedPath, os.ModePerm) assert.NoError(t, err) user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { // we upload a file so the user is over quota defer conn.Close() defer client.Close() testFilePath := filepath.Join(homeBasePath, testFileName) err = createTestFile(testFilePath, u.QuotaSize) assert.NoError(t, err) err = sftpUploadFile(testFilePath, testFileName, u.QuotaSize, client) assert.NoError(t, err) err = os.Remove(testFilePath) assert.NoError(t, err) } clonePath := filepath.Join(homeBasePath, repoName) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) err = os.RemoveAll(filepath.Join(homeBasePath, repoName)) assert.NoError(t, err) out, err := initGitRepo(mappedPath) assert.NoError(t, err, "unexpected error, out: %v", string(out)) out, err = cloneGitRepo(homeBasePath, "/"+repoName, user.Username) assert.NoError(t, err, "unexpected error, out: %v", string(out)) out, err = addFileToGitRepo(clonePath, 128) assert.NoError(t, err, "unexpected error, out: %v", string(out)) out, err = pushToGitRepo(clonePath) assert.NoError(t, err, "unexpected error, out: %v", string(out)) _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) _, err = httpdtest.RemoveFolder(vfs.BaseVirtualFolder{Name: folderName}, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(mappedPath) assert.NoError(t, err) err = os.RemoveAll(clonePath) assert.NoError(t, err) } func TestGitErrors(t *testing.T) { if len(gitPath) == 0 || len(sshPath) == 0 || runtime.GOOS == osWindows { t.Skip("git and/or ssh command not found or OS is windows, unable to execute this test") } usePubKey := true u := getTestUser(usePubKey) user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) repoName := "testrepo" clonePath := filepath.Join(homeBasePath, repoName) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) err = os.RemoveAll(filepath.Join(homeBasePath, repoName)) assert.NoError(t, err) out, err := cloneGitRepo(homeBasePath, "/"+repoName, user.Username) assert.Error(t, err, "cloning a missing repo must fail, out: %v", string(out)) _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) err = os.RemoveAll(clonePath) assert.NoError(t, err) } // Start SCP tests func TestSCPBasicHandling(t *testing.T) { if scpPath == "" { t.Skip("scp command not found, unable to execute this test") } usePubKey := true u := getTestUser(usePubKey) u.QuotaSize = 6553600 localUser, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) u = getTestSFTPUser(usePubKey) u.QuotaSize = 6553600 sftpUser, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) testFilePath := filepath.Join(homeBasePath, testFileName) testFileSize := int64(131074) expectedQuotaSize := testFileSize expectedQuotaFiles := 1 err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) for _, user := range []dataprovider.User{localUser, sftpUser} { remoteUpPath := fmt.Sprintf("%v@127.0.0.1:%v", user.Username, "/") remoteDownPath := fmt.Sprintf("%v@127.0.0.1:%v", user.Username, path.Join("/", testFileName)) localPath := filepath.Join(homeBasePath, "scp_download.dat") // test to download a missing file err = scpDownload(localPath, remoteDownPath, false, false) assert.Error(t, err, "downloading a missing file via scp must fail") user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, int64(0), user.FirstUpload) assert.Equal(t, int64(0), user.FirstDownload) err = scpUpload(testFilePath, remoteUpPath, false, false) assert.NoError(t, err) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Greater(t, user.FirstUpload, int64(0)) assert.Equal(t, int64(0), user.FirstDownload) err = scpDownload(localPath, remoteDownPath, false, false) assert.NoError(t, err) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Greater(t, user.FirstUpload, int64(0)) assert.Greater(t, user.FirstDownload, int64(0)) fi, err := os.Stat(localPath) if assert.NoError(t, err) { assert.Equal(t, testFileSize, fi.Size()) } err = os.Remove(localPath) assert.NoError(t, err) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, expectedQuotaFiles, user.UsedQuotaFiles) assert.Equal(t, expectedQuotaSize, user.UsedQuotaSize) if user.Username == defaultUsername { err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) user.Password = defaultPassword user.ID = 0 user.CreatedAt = 0 _, resp, err := httpdtest.AddUser(user, http.StatusCreated) assert.NoError(t, err, string(resp)) } } _, err = httpdtest.RemoveUser(sftpUser, http.StatusOK) assert.NoError(t, err) _, err = httpdtest.RemoveUser(localUser, http.StatusOK) assert.NoError(t, err) err = os.Remove(testFilePath) assert.NoError(t, err) err = os.RemoveAll(localUser.GetHomeDir()) assert.NoError(t, err) } func TestSCPUploadFileOverwrite(t *testing.T) { if scpPath == "" { t.Skip("scp command not found, unable to execute this test") } usePubKey := true u := getTestUser(usePubKey) u.QuotaFiles = 1000 localUser, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) u = getTestSFTPUser(usePubKey) u.QuotaFiles = 1000 sftpUser, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) testFilePath := filepath.Join(homeBasePath, testFileName) testFileSize := int64(32760) err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) for _, user := range []dataprovider.User{localUser, sftpUser} { remoteUpPath := fmt.Sprintf("%v@127.0.0.1:%v", user.Username, path.Join("/", testFileName)) err = scpUpload(testFilePath, remoteUpPath, true, false) assert.NoError(t, err) // test a new upload that must overwrite the existing file err = scpUpload(testFilePath, remoteUpPath, true, false) assert.NoError(t, err) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, testFileSize, user.UsedQuotaSize) assert.Equal(t, 1, user.UsedQuotaFiles) remoteDownPath := fmt.Sprintf("%v@127.0.0.1:%v", user.Username, path.Join("/", testFileName)) localPath := filepath.Join(homeBasePath, "scp_download.dat") err = scpDownload(localPath, remoteDownPath, false, false) assert.NoError(t, err) fi, err := os.Stat(localPath) if assert.NoError(t, err) { assert.Equal(t, testFileSize, fi.Size()) } // now create a simlink via SFTP, replace the symlink with a file via SCP and check quota usage conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() err = client.Symlink(testFileName, testFileName+".link") assert.NoError(t, err) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, testFileSize, user.UsedQuotaSize) assert.Equal(t, 1, user.UsedQuotaFiles) } err = scpUpload(testFilePath, remoteUpPath+".link", true, false) assert.NoError(t, err) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, testFileSize*2, user.UsedQuotaSize) assert.Equal(t, 2, user.UsedQuotaFiles) err = os.Remove(localPath) assert.NoError(t, err) if user.Username == defaultUsername { err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) user.Password = defaultPassword user.ID = 0 user.CreatedAt = 0 _, resp, err := httpdtest.AddUser(user, http.StatusCreated) assert.NoError(t, err, string(resp)) } } err = os.Remove(testFilePath) assert.NoError(t, err) _, err = httpdtest.RemoveUser(sftpUser, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(localUser.GetHomeDir()) assert.NoError(t, err) _, err = httpdtest.RemoveUser(localUser, http.StatusOK) assert.NoError(t, err) } func TestSCPRecursive(t *testing.T) { if scpPath == "" { t.Skip("scp command not found, unable to execute this test") } usePubKey := true localUser, _, err := httpdtest.AddUser(getTestUser(usePubKey), http.StatusCreated) assert.NoError(t, err) sftpUser, _, err := httpdtest.AddUser(getTestSFTPUser(usePubKey), http.StatusCreated) assert.NoError(t, err) testBaseDirName := "test_dir" testBaseDirPath := filepath.Join(homeBasePath, testBaseDirName) testBaseDirDownName := "test_dir_down" //nolint:goconst testBaseDirDownPath := filepath.Join(homeBasePath, testBaseDirDownName) testFilePath := filepath.Join(homeBasePath, testBaseDirName, testFileName) testFilePath1 := filepath.Join(homeBasePath, testBaseDirName, testBaseDirName, testFileName) testFileSize := int64(131074) err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) err = createTestFile(testFilePath1, testFileSize) assert.NoError(t, err) for _, user := range []dataprovider.User{localUser, sftpUser} { remoteDownPath := fmt.Sprintf("%v@127.0.0.1:%v", user.Username, path.Join("/", testBaseDirName)) // test to download a missing dir err = scpDownload(testBaseDirDownPath, remoteDownPath, true, true) assert.Error(t, err, "downloading a missing dir via scp must fail") remoteUpPath := fmt.Sprintf("%v@127.0.0.1:%v", user.Username, "/") err = scpUpload(testBaseDirPath, remoteUpPath, true, false) assert.NoError(t, err) // overwrite existing dir err = scpUpload(testBaseDirPath, remoteUpPath, true, false) assert.NoError(t, err) err = scpDownload(testBaseDirDownPath, remoteDownPath, true, true) assert.NoError(t, err) // test download without passing -r err = scpDownload(testBaseDirDownPath, remoteDownPath, true, false) assert.Error(t, err, "recursive download without -r must fail") fi, err := os.Stat(filepath.Join(testBaseDirDownPath, testFileName)) if assert.NoError(t, err) { assert.Equal(t, testFileSize, fi.Size()) } fi, err = os.Stat(filepath.Join(testBaseDirDownPath, testBaseDirName, testFileName)) if assert.NoError(t, err) { assert.Equal(t, testFileSize, fi.Size()) } // upload to a non existent dir remoteUpPath = fmt.Sprintf("%v@127.0.0.1:%v", user.Username, "/non_existent_dir") err = scpUpload(testBaseDirPath, remoteUpPath, true, false) assert.Error(t, err, "uploading via scp to a non existent dir must fail") err = os.RemoveAll(testBaseDirDownPath) assert.NoError(t, err) if user.Username == defaultUsername { err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) user.Password = defaultPassword user.ID = 0 user.CreatedAt = 0 _, resp, err := httpdtest.AddUser(user, http.StatusCreated) assert.NoError(t, err, string(resp)) } } err = os.RemoveAll(testBaseDirPath) assert.NoError(t, err) _, err = httpdtest.RemoveUser(sftpUser, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(localUser.GetHomeDir()) assert.NoError(t, err) _, err = httpdtest.RemoveUser(localUser, http.StatusOK) assert.NoError(t, err) } func TestSCPStartDirectory(t *testing.T) { usePubKey := true startDir := "/sta rt/dir" u := getTestUser(usePubKey) u.Filters.StartDirectory = startDir user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) testFileSize := int64(131072) testFilePath := filepath.Join(homeBasePath, testFileName) localPath := filepath.Join(homeBasePath, "scp_download.dat") remoteUpPath := fmt.Sprintf("%v@127.0.0.1:", user.Username) remoteDownPath := fmt.Sprintf("%v@127.0.0.1:%v", user.Username, testFileName) err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) err = scpUpload(testFilePath, remoteUpPath, false, false) assert.NoError(t, err) err = scpDownload(localPath, remoteDownPath, false, false) assert.NoError(t, err) // check that the file is in the start directory _, err = os.Stat(filepath.Join(user.HomeDir, startDir, testFileName)) assert.NoError(t, err) err = os.Remove(testFilePath) assert.NoError(t, err) err = os.Remove(localPath) assert.NoError(t, err) _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) } func TestSCPPatternsFilter(t *testing.T) { if scpPath == "" { t.Skip("scp command not found, unable to execute this test") } usePubKey := true u := getTestUser(usePubKey) user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) testFileSize := int64(131072) testFilePath := filepath.Join(homeBasePath, testFileName) localPath := filepath.Join(homeBasePath, "scp_download.dat") remoteUpPath := fmt.Sprintf("%v@127.0.0.1:%v", user.Username, "/") remoteDownPath := fmt.Sprintf("%v@127.0.0.1:%v", user.Username, path.Join("/", testFileName)) err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) err = scpUpload(testFilePath, remoteUpPath, false, false) assert.NoError(t, err) user.Filters.FilePatterns = []sdk.PatternsFilter{ { Path: "/", AllowedPatterns: []string{"*.zip"}, DeniedPatterns: []string{}, }, } _, _, err = httpdtest.UpdateUser(user, http.StatusOK, "") assert.NoError(t, err) err = scpDownload(localPath, remoteDownPath, false, false) assert.Error(t, err, "scp download must fail") err = scpUpload(testFilePath, remoteUpPath, false, false) assert.Error(t, err, "scp upload must fail") _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.Remove(testFilePath) assert.NoError(t, err) _, err = os.Stat(localPath) if err == nil { err = os.Remove(localPath) assert.NoError(t, err) } err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) } func TestSCPTransferQuotaLimits(t *testing.T) { usePubKey := true u := getTestUser(usePubKey) u.DownloadDataTransfer = 1 u.UploadDataTransfer = 1 user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) localDownloadPath := filepath.Join(homeBasePath, testDLFileName) testFilePath := filepath.Join(homeBasePath, testFileName) testFileSize := int64(550000) err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) remoteUpPath := fmt.Sprintf("%v@127.0.0.1:%v", user.Username, "/") remoteDownPath := fmt.Sprintf("%v@127.0.0.1:%v", user.Username, path.Join("/", testFileName)) err = scpUpload(testFilePath, remoteUpPath, false, false) assert.NoError(t, err) err = scpDownload(localDownloadPath, remoteDownPath, false, false) assert.NoError(t, err) // error while download is active err = scpDownload(localDownloadPath, remoteDownPath, false, false) assert.Error(t, err) // error before starting the download err = scpDownload(localDownloadPath, remoteDownPath, false, false) assert.Error(t, err) // error while upload is active err = scpUpload(testFilePath, remoteUpPath, false, false) assert.Error(t, err) // error before starting the upload err = scpUpload(testFilePath, remoteUpPath, false, false) assert.Error(t, err) user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Greater(t, user.UsedDownloadDataTransfer, int64(1024*1024)) if !assert.Greater(t, user.UsedUploadDataTransfer, int64(1024*1024), user.UsedDownloadDataTransfer) { printLatestLogs(30) } err = os.Remove(testFilePath) assert.NoError(t, err) err = os.Remove(localDownloadPath) assert.NoError(t, err) _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) } func TestSCPUploadMaxSize(t *testing.T) { testFileSize := int64(65535) usePubKey := true u := getTestUser(usePubKey) u.Filters.MaxUploadFileSize = testFileSize + 1 user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) testFilePath := filepath.Join(homeBasePath, testFileName) err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) testFileSize1 := int64(131072) testFileName1 := "test_file1.dat" testFilePath1 := filepath.Join(homeBasePath, testFileName1) err = createTestFile(testFilePath1, testFileSize1) assert.NoError(t, err) remoteUpPath := fmt.Sprintf("%v@127.0.0.1:%v", user.Username, "/") err = scpUpload(testFilePath1, remoteUpPath, false, false) assert.Error(t, err) err = scpUpload(testFilePath, remoteUpPath, false, false) assert.NoError(t, err) err = os.Remove(testFilePath) assert.NoError(t, err) err = os.Remove(testFilePath1) assert.NoError(t, err) _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) } func TestSCPVirtualFolders(t *testing.T) { if scpPath == "" { t.Skip("scp command not found, unable to execute this test") } usePubKey := true u := getTestUser(usePubKey) mappedPath := filepath.Join(os.TempDir(), "vdir") folderName := filepath.Base(mappedPath) vdirPath := "/vdir" u.VirtualFolders = append(u.VirtualFolders, vfs.VirtualFolder{ BaseVirtualFolder: vfs.BaseVirtualFolder{ Name: folderName, }, VirtualPath: vdirPath, }) f := vfs.BaseVirtualFolder{ Name: folderName, MappedPath: mappedPath, } _, _, err := httpdtest.AddFolder(f, http.StatusCreated) assert.NoError(t, err) err = os.MkdirAll(mappedPath, os.ModePerm) assert.NoError(t, err) user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) testBaseDirName := "test_dir" testBaseDirPath := filepath.Join(homeBasePath, testBaseDirName) testBaseDirDownName := "test_dir_down" testBaseDirDownPath := filepath.Join(homeBasePath, testBaseDirDownName) testFilePath := filepath.Join(homeBasePath, testBaseDirName, testFileName) testFilePath1 := filepath.Join(homeBasePath, testBaseDirName, testBaseDirName, testFileName) testFileSize := int64(131074) err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) err = createTestFile(testFilePath1, testFileSize) assert.NoError(t, err) remoteDownPath := fmt.Sprintf("%v@127.0.0.1:%v", user.Username, vdirPath) remoteUpPath := fmt.Sprintf("%v@127.0.0.1:%v", user.Username, vdirPath) err = scpUpload(testBaseDirPath, remoteUpPath, true, false) assert.NoError(t, err) err = scpDownload(testBaseDirDownPath, remoteDownPath, true, true) assert.NoError(t, err) _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) _, err = httpdtest.RemoveFolder(vfs.BaseVirtualFolder{Name: folderName}, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(testBaseDirPath) assert.NoError(t, err) err = os.RemoveAll(testBaseDirDownPath) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) err = os.RemoveAll(mappedPath) assert.NoError(t, err) } func TestSCPNestedFolders(t *testing.T) { if scpPath == "" { t.Skip("scp command not found, unable to execute this test") } baseUser, resp, err := httpdtest.AddUser(getTestUser(false), http.StatusCreated) assert.NoError(t, err, string(resp)) usePubKey := true u := getTestUser(usePubKey) u.HomeDir += "_folders" u.Username += "_folders" mappedPathSFTP := filepath.Join(os.TempDir(), "sftp") folderNameSFTP := filepath.Base(mappedPathSFTP) vdirSFTPPath := "/vdir/sftp" u.VirtualFolders = append(u.VirtualFolders, vfs.VirtualFolder{ BaseVirtualFolder: vfs.BaseVirtualFolder{ Name: folderNameSFTP, }, VirtualPath: vdirSFTPPath, }) mappedPathCrypt := filepath.Join(os.TempDir(), "crypt") folderNameCrypt := filepath.Base(mappedPathCrypt) vdirCryptPath := "/vdir/crypt" u.VirtualFolders = append(u.VirtualFolders, vfs.VirtualFolder{ BaseVirtualFolder: vfs.BaseVirtualFolder{ Name: folderNameCrypt, }, VirtualPath: vdirCryptPath, }) f1 := vfs.BaseVirtualFolder{ Name: folderNameSFTP, FsConfig: vfs.Filesystem{ Provider: sdk.SFTPFilesystemProvider, SFTPConfig: vfs.SFTPFsConfig{ BaseSFTPFsConfig: sdk.BaseSFTPFsConfig{ Endpoint: sftpServerAddr, Username: baseUser.Username, }, Password: kms.NewPlainSecret(defaultPassword), }, }, } _, _, err = httpdtest.AddFolder(f1, http.StatusCreated) assert.NoError(t, err) f2 := vfs.BaseVirtualFolder{ Name: folderNameCrypt, FsConfig: vfs.Filesystem{ Provider: sdk.CryptedFilesystemProvider, CryptConfig: vfs.CryptFsConfig{ Passphrase: kms.NewPlainSecret(defaultPassword), }, }, MappedPath: mappedPathCrypt, } _, _, err = httpdtest.AddFolder(f2, http.StatusCreated) assert.NoError(t, err) user, resp, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err, string(resp)) baseDirDownPath := filepath.Join(os.TempDir(), "basedir-down") err = os.Mkdir(baseDirDownPath, os.ModePerm) assert.NoError(t, err) baseDir := filepath.Join(os.TempDir(), "basedir") err = os.Mkdir(baseDir, os.ModePerm) assert.NoError(t, err) err = os.MkdirAll(filepath.Join(baseDir, vdirSFTPPath), os.ModePerm) assert.NoError(t, err) err = os.MkdirAll(filepath.Join(baseDir, vdirCryptPath), os.ModePerm) assert.NoError(t, err) err = createTestFile(filepath.Join(baseDir, vdirSFTPPath, testFileName), 32768) assert.NoError(t, err) err = createTestFile(filepath.Join(baseDir, vdirCryptPath, testFileName), 65535) assert.NoError(t, err) err = createTestFile(filepath.Join(baseDir, "vdir", testFileName), 65536) assert.NoError(t, err) remoteRootPath := fmt.Sprintf("%v@127.0.0.1:%v", user.Username, "/") err = scpUpload(filepath.Join(baseDir, "vdir"), remoteRootPath, true, false) assert.NoError(t, err) conn, client, err := getSftpClient(user, usePubKey) if assert.NoError(t, err) { defer conn.Close() defer client.Close() info, err := client.Stat(path.Join(vdirCryptPath, testFileName)) assert.NoError(t, err) assert.Equal(t, int64(65535), info.Size()) info, err = client.Stat(path.Join(vdirSFTPPath, testFileName)) assert.NoError(t, err) assert.Equal(t, int64(32768), info.Size()) info, err = client.Stat(path.Join("/vdir", testFileName)) assert.NoError(t, err) assert.Equal(t, int64(65536), info.Size()) } err = scpDownload(baseDirDownPath, remoteRootPath, true, true) assert.NoError(t, err) assert.FileExists(t, filepath.Join(baseDirDownPath, user.Username, "vdir", testFileName)) assert.FileExists(t, filepath.Join(baseDirDownPath, user.Username, vdirCryptPath, testFileName)) assert.FileExists(t, filepath.Join(baseDirDownPath, user.Username, vdirSFTPPath, testFileName)) if runtime.GOOS != osWindows { err = os.Chmod(filepath.Join(baseUser.GetHomeDir(), testFileName), 0001) assert.NoError(t, err) err = scpDownload(baseDirDownPath, remoteRootPath, true, true) assert.Error(t, err) err = os.Chmod(filepath.Join(baseUser.GetHomeDir(), testFileName), os.ModePerm) assert.NoError(t, err) } // now change the password for the base user, so SFTP folder will not work baseUser.Password = defaultPassword + "_mod" _, _, err = httpdtest.UpdateUser(baseUser, http.StatusOK, "1") assert.NoError(t, err) err = scpUpload(filepath.Join(baseDir, "vdir"), remoteRootPath, true, false) assert.Error(t, err) err = scpDownload(baseDirDownPath, remoteRootPath, true, true) assert.Error(t, err) _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) _, err = httpdtest.RemoveFolder(vfs.BaseVirtualFolder{Name: folderNameCrypt}, http.StatusOK) assert.NoError(t, err) _, err = httpdtest.RemoveFolder(vfs.BaseVirtualFolder{Name: folderNameSFTP}, http.StatusOK) assert.NoError(t, err) _, err = httpdtest.RemoveUser(baseUser, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) err = os.RemoveAll(baseUser.GetHomeDir()) assert.NoError(t, err) err = os.RemoveAll(mappedPathCrypt) assert.NoError(t, err) err = os.RemoveAll(mappedPathSFTP) assert.NoError(t, err) err = os.RemoveAll(baseDir) assert.NoError(t, err) err = os.RemoveAll(baseDirDownPath) assert.NoError(t, err) } func TestSCPVirtualFoldersQuota(t *testing.T) { if scpPath == "" { t.Skip("scp command not found, unable to execute this test") } usePubKey := true u := getTestUser(usePubKey) u.QuotaFiles = 100 mappedPath1 := filepath.Join(os.TempDir(), "vdir1") folderName1 := filepath.Base(mappedPath1) vdirPath1 := "/vdir1" mappedPath2 := filepath.Join(os.TempDir(), "vdir2") folderName2 := filepath.Base(mappedPath2) vdirPath2 := "/vdir2" u.VirtualFolders = append(u.VirtualFolders, vfs.VirtualFolder{ BaseVirtualFolder: vfs.BaseVirtualFolder{ Name: folderName1, }, VirtualPath: vdirPath1, QuotaFiles: -1, QuotaSize: -1, }) u.VirtualFolders = append(u.VirtualFolders, vfs.VirtualFolder{ BaseVirtualFolder: vfs.BaseVirtualFolder{ Name: folderName2, }, VirtualPath: vdirPath2, QuotaFiles: 0, QuotaSize: 0, }) f1 := vfs.BaseVirtualFolder{ Name: folderName1, MappedPath: mappedPath1, } _, _, err := httpdtest.AddFolder(f1, http.StatusCreated) assert.NoError(t, err) f2 := vfs.BaseVirtualFolder{ Name: folderName2, MappedPath: mappedPath2, } _, _, err = httpdtest.AddFolder(f2, http.StatusCreated) assert.NoError(t, err) err = os.MkdirAll(mappedPath1, os.ModePerm) assert.NoError(t, err) err = os.MkdirAll(mappedPath2, os.ModePerm) assert.NoError(t, err) user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) testBaseDirName := "test_dir" testBaseDirPath := filepath.Join(homeBasePath, testBaseDirName) testBaseDirDownName := "test_dir_down" testBaseDirDownPath := filepath.Join(homeBasePath, testBaseDirDownName) testFilePath := filepath.Join(homeBasePath, testBaseDirName, testFileName) testFilePath1 := filepath.Join(homeBasePath, testBaseDirName, testBaseDirName, testFileName) testFileSize := int64(131074) err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) err = createTestFile(testFilePath1, testFileSize) assert.NoError(t, err) remoteDownPath1 := fmt.Sprintf("%v@127.0.0.1:%v", user.Username, path.Join("/", vdirPath1)) remoteUpPath1 := fmt.Sprintf("%v@127.0.0.1:%v", user.Username, vdirPath1) remoteDownPath2 := fmt.Sprintf("%v@127.0.0.1:%v", user.Username, path.Join("/", vdirPath2)) remoteUpPath2 := fmt.Sprintf("%v@127.0.0.1:%v", user.Username, vdirPath2) // we upload two times to test overwrite err = scpUpload(testBaseDirPath, remoteUpPath1, true, false) assert.NoError(t, err) err = scpDownload(testBaseDirDownPath, remoteDownPath1, true, true) assert.NoError(t, err) err = scpUpload(testBaseDirPath, remoteUpPath1, true, false) assert.NoError(t, err) err = scpDownload(testBaseDirDownPath, remoteDownPath1, true, true) assert.NoError(t, err) err = scpUpload(testBaseDirPath, remoteUpPath2, true, false) assert.NoError(t, err) err = scpDownload(testBaseDirDownPath, remoteDownPath2, true, true) assert.NoError(t, err) expectedQuotaFiles := 2 expectedQuotaSize := testFileSize * 2 user, _, err = httpdtest.GetUserByUsername(user.Username, http.StatusOK) assert.NoError(t, err) assert.Equal(t, expectedQuotaFiles, user.UsedQuotaFiles) assert.Equal(t, expectedQuotaSize, user.UsedQuotaSize) f, _, err := httpdtest.GetFolderByName(folderName1, http.StatusOK) assert.NoError(t, err) assert.Equal(t, expectedQuotaSize, f.UsedQuotaSize) assert.Equal(t, expectedQuotaFiles, f.UsedQuotaFiles) f, _, err = httpdtest.GetFolderByName(folderName2, http.StatusOK) assert.NoError(t, err) assert.Equal(t, expectedQuotaSize, f.UsedQuotaSize) assert.Equal(t, expectedQuotaFiles, f.UsedQuotaFiles) _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) _, err = httpdtest.RemoveFolder(vfs.BaseVirtualFolder{Name: folderName1}, http.StatusOK) assert.NoError(t, err) _, err = httpdtest.RemoveFolder(vfs.BaseVirtualFolder{Name: folderName2}, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(testBaseDirPath) assert.NoError(t, err) err = os.RemoveAll(testBaseDirDownPath) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) err = os.RemoveAll(mappedPath1) assert.NoError(t, err) err = os.RemoveAll(mappedPath2) assert.NoError(t, err) } func TestSCPPermsSubDirs(t *testing.T) { if scpPath == "" { t.Skip("scp command not found, unable to execute this test") } usePubKey := true u := getTestUser(usePubKey) u.Permissions["/"] = []string{dataprovider.PermAny} u.Permissions["/somedir"] = []string{dataprovider.PermListItems, dataprovider.PermUpload} user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) localPath := filepath.Join(homeBasePath, "scp_download.dat") subPath := filepath.Join(user.GetHomeDir(), "somedir") testFileSize := int64(65535) err = os.MkdirAll(subPath, os.ModePerm) assert.NoError(t, err) remoteDownPath := fmt.Sprintf("%v@127.0.0.1:%v", user.Username, "/somedir") err = scpDownload(localPath, remoteDownPath, false, true) assert.Error(t, err, "download a dir with no permissions must fail") err = os.Remove(subPath) assert.NoError(t, err) err = createTestFile(subPath, testFileSize) assert.NoError(t, err) err = scpDownload(localPath, remoteDownPath, false, false) assert.NoError(t, err) if runtime.GOOS != osWindows { err = os.Chmod(subPath, 0001) assert.NoError(t, err) err = scpDownload(localPath, remoteDownPath, false, false) assert.Error(t, err, "download a file with no system permissions must fail") err = os.Chmod(subPath, os.ModePerm) assert.NoError(t, err) } err = os.Remove(localPath) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) } func TestSCPPermCreateDirs(t *testing.T) { if scpPath == "" { t.Skip("scp command not found, unable to execute this test") } usePubKey := true u := getTestUser(usePubKey) u.Permissions["/"] = []string{dataprovider.PermDownload, dataprovider.PermUpload} user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) testFilePath := filepath.Join(homeBasePath, testFileName) testFileSize := int64(32760) testBaseDirName := "test_dir" testBaseDirPath := filepath.Join(homeBasePath, testBaseDirName) testFilePath1 := filepath.Join(homeBasePath, testBaseDirName, testFileName) err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) err = createTestFile(testFilePath1, testFileSize) assert.NoError(t, err) remoteUpPath := fmt.Sprintf("%v@127.0.0.1:%v", user.Username, "/tmp/") err = scpUpload(testFilePath, remoteUpPath, true, false) assert.Error(t, err, "scp upload must fail, the user cannot create files in a missing dir") err = scpUpload(testBaseDirPath, remoteUpPath, true, false) assert.Error(t, err, "scp upload must fail, the user cannot create new dirs") err = os.Remove(testFilePath) assert.NoError(t, err) err = os.RemoveAll(testBaseDirPath) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) } func TestSCPPermUpload(t *testing.T) { if scpPath == "" { t.Skip("scp command not found, unable to execute this test") } usePubKey := true u := getTestUser(usePubKey) u.Permissions["/"] = []string{dataprovider.PermDownload, dataprovider.PermCreateDirs} user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) testFilePath := filepath.Join(homeBasePath, testFileName) testFileSize := int64(65536) err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) remoteUpPath := fmt.Sprintf("%v@127.0.0.1:%v", user.Username, "/tmp") err = scpUpload(testFilePath, remoteUpPath, true, false) assert.Error(t, err, "scp upload must fail, the user cannot upload") err = os.Remove(testFilePath) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) } func TestSCPPermOverwrite(t *testing.T) { if scpPath == "" { t.Skip("scp command not found, unable to execute this test") } usePubKey := true u := getTestUser(usePubKey) u.Permissions["/"] = []string{dataprovider.PermUpload, dataprovider.PermCreateDirs} user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) testFilePath := filepath.Join(homeBasePath, testFileName) testFileSize := int64(65536) err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) remoteUpPath := fmt.Sprintf("%v@127.0.0.1:%v", user.Username, "/tmp") err = scpUpload(testFilePath, remoteUpPath, true, false) assert.NoError(t, err) err = scpUpload(testFilePath, remoteUpPath, true, false) assert.Error(t, err, "scp upload must fail, the user cannot ovewrite existing files") err = os.Remove(testFilePath) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) } func TestSCPPermDownload(t *testing.T) { if scpPath == "" { t.Skip("scp command not found, unable to execute this test") } usePubKey := true u := getTestUser(usePubKey) u.Permissions["/"] = []string{dataprovider.PermUpload, dataprovider.PermCreateDirs} user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) testFilePath := filepath.Join(homeBasePath, testFileName) testFileSize := int64(65537) err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) remoteUpPath := fmt.Sprintf("%v@127.0.0.1:%v", user.Username, "/") err = scpUpload(testFilePath, remoteUpPath, true, false) assert.NoError(t, err) remoteDownPath := fmt.Sprintf("%v@127.0.0.1:%v", user.Username, path.Join("/", testFileName)) localPath := filepath.Join(homeBasePath, "scp_download.dat") err = scpDownload(localPath, remoteDownPath, false, false) assert.Error(t, err, "scp download must fail, the user cannot download") err = os.Remove(testFilePath) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) } func TestSCPQuotaSize(t *testing.T) { if scpPath == "" { t.Skip("scp command not found, unable to execute this test") } usePubKey := true testFileSize := int64(65535) u := getTestUser(usePubKey) u.QuotaFiles = 1 u.QuotaSize = testFileSize + 1 user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) testFilePath := filepath.Join(homeBasePath, testFileName) err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) testFileSize1 := int64(131072) testFileName1 := "test_file1.dat" testFilePath1 := filepath.Join(homeBasePath, testFileName1) err = createTestFile(testFilePath1, testFileSize1) assert.NoError(t, err) testFileSize2 := int64(32768) testFileName2 := "test_file2.dat" testFilePath2 := filepath.Join(homeBasePath, testFileName2) err = createTestFile(testFilePath2, testFileSize2) assert.NoError(t, err) remoteUpPath := fmt.Sprintf("%v@127.0.0.1:%v", user.Username, path.Join("/", testFileName)) err = scpUpload(testFilePath, remoteUpPath, true, false) assert.NoError(t, err) err = scpUpload(testFilePath, remoteUpPath+".quota", true, false) assert.Error(t, err, "user is over quota scp upload must fail") // now test quota limits while uploading the current file, we have 1 bytes remaining user.QuotaSize = testFileSize + 1 user.QuotaFiles = 0 user, _, err = httpdtest.UpdateUser(user, http.StatusOK, "") assert.NoError(t, err) err = scpUpload(testFilePath2, remoteUpPath+".quota", true, false) assert.Error(t, err, "user is over quota scp upload must fail") // overwriting an existing file will work if the resulting size is lesser or equal than the current one err = scpUpload(testFilePath1, remoteUpPath, true, false) assert.Error(t, err) err = scpUpload(testFilePath2, remoteUpPath, true, false) assert.NoError(t, err) err = scpUpload(testFilePath, remoteUpPath, true, false) assert.NoError(t, err) err = os.Remove(testFilePath) assert.NoError(t, err) err = os.Remove(testFilePath1) assert.NoError(t, err) err = os.Remove(testFilePath2) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) } func TestSCPEscapeHomeDir(t *testing.T) { if scpPath == "" { t.Skip("scp command not found, unable to execute this test") } usePubKey := true user, _, err := httpdtest.AddUser(getTestUser(usePubKey), http.StatusCreated) assert.NoError(t, err) err = os.MkdirAll(user.GetHomeDir(), os.ModePerm) assert.NoError(t, err) testDir := "testDir" linkPath := filepath.Join(homeBasePath, defaultUsername, testDir) err = os.Symlink(homeBasePath, linkPath) assert.NoError(t, err) testFilePath := filepath.Join(homeBasePath, testFileName) testFileSize := int64(65535) err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) remoteUpPath := fmt.Sprintf("%v@127.0.0.1:%v", user.Username, path.Join(testDir, testDir)) err = scpUpload(testFilePath, remoteUpPath, false, false) assert.Error(t, err, "uploading to a dir with a symlink outside home dir must fail") remoteDownPath := fmt.Sprintf("%v@127.0.0.1:%v", user.Username, path.Join("/", testDir, testFileName)) localPath := filepath.Join(homeBasePath, "scp_download.dat") err = scpDownload(localPath, remoteDownPath, false, false) assert.Error(t, err, "scp download must fail, the requested file has a symlink outside user home") remoteDownPath = fmt.Sprintf("%v@127.0.0.1:%v", user.Username, path.Join("/", testDir)) err = scpDownload(homeBasePath, remoteDownPath, false, true) assert.Error(t, err, "scp download must fail, the requested dir is a symlink outside user home") err = os.Remove(testFilePath) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) } func TestSCPUploadPaths(t *testing.T) { if scpPath == "" { t.Skip("scp command not found, unable to execute this test") } usePubKey := true user, _, err := httpdtest.AddUser(getTestUser(usePubKey), http.StatusCreated) assert.NoError(t, err) testFilePath := filepath.Join(homeBasePath, testFileName) testFileSize := int64(65535) testDirName := "testDir" testDirPath := filepath.Join(user.GetHomeDir(), testDirName) err = os.MkdirAll(testDirPath, os.ModePerm) assert.NoError(t, err) err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) remoteUpPath := fmt.Sprintf("%v@127.0.0.1:%v", user.Username, testDirName) remoteDownPath := fmt.Sprintf("%v@127.0.0.1:%v", user.Username, path.Join(testDirName, testFileName)) localPath := filepath.Join(homeBasePath, "scp_download.dat") err = scpUpload(testFilePath, remoteUpPath, false, false) assert.NoError(t, err) err = scpDownload(localPath, remoteDownPath, false, false) assert.NoError(t, err) // upload a file to a missing dir remoteUpPath = fmt.Sprintf("%v@127.0.0.1:%v", user.Username, path.Join(testDirName, testDirName, testFileName)) err = scpUpload(testFilePath, remoteUpPath, false, false) assert.Error(t, err, "scp upload to a missing dir must fail") err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) err = os.Remove(localPath) assert.NoError(t, err) _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) } func TestSCPOverwriteDirWithFile(t *testing.T) { if scpPath == "" { t.Skip("scp command not found, unable to execute this test") } usePubKey := true user, _, err := httpdtest.AddUser(getTestUser(usePubKey), http.StatusCreated) assert.NoError(t, err) testFilePath := filepath.Join(homeBasePath, testFileName) testFileSize := int64(65535) testDirPath := filepath.Join(user.GetHomeDir(), testFileName) err = os.MkdirAll(testDirPath, os.ModePerm) assert.NoError(t, err) err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) remoteUpPath := fmt.Sprintf("%v@127.0.0.1:%v", user.Username, "/") err = scpUpload(testFilePath, remoteUpPath, false, false) assert.Error(t, err, "copying a file over an existing dir must fail") err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) } func TestSCPRemoteToRemote(t *testing.T) { if scpPath == "" { t.Skip("scp command not found, unable to execute this test") } if runtime.GOOS == osWindows { t.Skip("scp between remote hosts is not supported on Windows") } usePubKey := true user, _, err := httpdtest.AddUser(getTestUser(usePubKey), http.StatusCreated) assert.NoError(t, err) u := getTestUser(usePubKey) u.Username += "1" u.HomeDir += "1" user1, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) testFilePath := filepath.Join(homeBasePath, testFileName) testFileSize := int64(65535) err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) remoteUpPath := fmt.Sprintf("%v@127.0.0.1:%v", user.Username, path.Join("/", testFileName)) remote1UpPath := fmt.Sprintf("%v@127.0.0.1:%v", user1.Username, path.Join("/", testFileName)) err = scpUpload(testFilePath, remoteUpPath, false, false) assert.NoError(t, err) err = scpUpload(remoteUpPath, remote1UpPath, false, true) assert.NoError(t, err) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) err = os.RemoveAll(user1.GetHomeDir()) assert.NoError(t, err) _, err = httpdtest.RemoveUser(user1, http.StatusOK) assert.NoError(t, err) } func TestSCPErrors(t *testing.T) { if scpPath == "" { t.Skip("scp command not found, unable to execute this test") } u := getTestUser(true) user, _, err := httpdtest.AddUser(u, http.StatusCreated) assert.NoError(t, err) testFileSize := int64(524288) testFilePath := filepath.Join(homeBasePath, testFileName) err = createTestFile(testFilePath, testFileSize) assert.NoError(t, err) remoteUpPath := fmt.Sprintf("%v@127.0.0.1:%v", user.Username, "/") remoteDownPath := fmt.Sprintf("%v@127.0.0.1:%v", user.Username, path.Join("/", testFileName)) localPath := filepath.Join(homeBasePath, "scp_download.dat") err = scpUpload(testFilePath, remoteUpPath, false, false) assert.NoError(t, err) user.UploadBandwidth = 512 user.DownloadBandwidth = 512 _, _, err = httpdtest.UpdateUser(user, http.StatusOK, "") assert.NoError(t, err) cmd := getScpDownloadCommand(localPath, remoteDownPath, false, false) go func() { err := cmd.Run() assert.Error(t, err, "SCP download must fail") }() waitForActiveTransfers(t) // wait some additional arbitrary time to wait for transfer activity to happen // it is need to reach all the code in CheckIdleConnections time.Sleep(100 * time.Millisecond) err = cmd.Process.Kill() assert.NoError(t, err) assert.Eventually(t, func() bool { return len(common.Connections.GetStats("")) == 0 }, 2*time.Second, 100*time.Millisecond) cmd = getScpUploadCommand(testFilePath, remoteUpPath, false, false) go func() { err := cmd.Run() assert.Error(t, err, "SCP upload must fail") }() waitForActiveTransfers(t) // wait some additional arbitrary time to wait for transfer activity to happen // it is need to reach all the code in CheckIdleConnections time.Sleep(100 * time.Millisecond) err = cmd.Process.Kill() assert.NoError(t, err) assert.Eventually(t, func() bool { return len(common.Connections.GetStats("")) == 0 }, 2*time.Second, 100*time.Millisecond) err = os.Remove(testFilePath) assert.NoError(t, err) os.Remove(localPath) err = os.RemoveAll(user.GetHomeDir()) assert.NoError(t, err) _, err = httpdtest.RemoveUser(user, http.StatusOK) assert.NoError(t, err) } // End SCP tests func waitTCPListening(address string) { for { conn, err := net.Dial("tcp", address) if err != nil { logger.WarnToConsole("tcp server %v not listening: %v", address, err) time.Sleep(100 * time.Millisecond) continue } logger.InfoToConsole("tcp server %v now listening", address) conn.Close() break } } func getTestGroup() dataprovider.Group { return dataprovider.Group{ BaseGroup: sdk.BaseGroup{ Name: "test_group", Description: "test group description", }, } } func getTestUser(usePubKey bool) dataprovider.User { user := dataprovider.User{ BaseUser: sdk.BaseUser{ Username: defaultUsername, Password: defaultPassword, HomeDir: filepath.Join(homeBasePath, defaultUsername), Status: 1, ExpirationDate: 0, }, } user.Permissions = make(map[string][]string) user.Permissions["/"] = allPerms if usePubKey { user.PublicKeys = []string{testPubKey} user.Password = "" } return user } func getTestSFTPUser(usePubKey bool) dataprovider.User { u := getTestUser(usePubKey) u.Username = defaultSFTPUsername u.FsConfig.Provider = sdk.SFTPFilesystemProvider u.FsConfig.SFTPConfig.Endpoint = sftpServerAddr u.FsConfig.SFTPConfig.Username = defaultUsername u.FsConfig.SFTPConfig.Password = kms.NewPlainSecret(defaultPassword) if usePubKey { u.FsConfig.SFTPConfig.PrivateKey = kms.NewPlainSecret(testPrivateKey) u.FsConfig.SFTPConfig.Fingerprints = hostKeyFPs } return u } func runSSHCommand(command string, user dataprovider.User, usePubKey bool) ([]byte, error) { var sshSession *ssh.Session var output []byte config := &ssh.ClientConfig{ User: user.Username, HostKeyCallback: ssh.InsecureIgnoreHostKey(), Timeout: 5 * time.Second, } if usePubKey { key, err := ssh.ParsePrivateKey([]byte(testPrivateKey)) if err != nil { return output, err } config.Auth = []ssh.AuthMethod{ssh.PublicKeys(key)} } else { config.Auth = []ssh.AuthMethod{ssh.Password(defaultPassword)} } conn, err := ssh.Dial("tcp", sftpServerAddr, config) if err != nil { return output, err } defer conn.Close() sshSession, err = conn.NewSession() if err != nil { return output, err } var stdout, stderr bytes.Buffer sshSession.Stdout = &stdout sshSession.Stderr = &stderr err = sshSession.Run(command) if err != nil { return nil, fmt.Errorf("failed to run command %v: %v", command, stderr.Bytes()) } return stdout.Bytes(), err } func getSignerForUserCert(certBytes []byte) (ssh.Signer, error) { signer, err := ssh.ParsePrivateKey([]byte(testPrivateKey)) if err != nil { return nil, err } cert, _, _, _, err := ssh.ParseAuthorizedKey(certBytes) //nolint:dogsled if err != nil { return nil, err } return ssh.NewCertSigner(cert.(*ssh.Certificate), signer) } func getSftpClientWithAddr(user dataprovider.User, usePubKey bool, addr string) (*ssh.Client, *sftp.Client, error) { var sftpClient *sftp.Client config := &ssh.ClientConfig{ User: user.Username, HostKeyCallback: ssh.InsecureIgnoreHostKey(), Timeout: 5 * time.Second, } if usePubKey { signer, err := ssh.ParsePrivateKey([]byte(testPrivateKey)) if err != nil { return nil, nil, err } config.Auth = []ssh.AuthMethod{ssh.PublicKeys(signer)} } else { if user.Password != "" { if user.Password == "empty" { config.Auth = []ssh.AuthMethod{ssh.Password("")} } else { config.Auth = []ssh.AuthMethod{ssh.Password(user.Password)} } } else { config.Auth = []ssh.AuthMethod{ssh.Password(defaultPassword)} } } conn, err := ssh.Dial("tcp", addr, config) if err != nil { return conn, sftpClient, err } sftpClient, err = sftp.NewClient(conn) if err != nil { conn.Close() } return conn, sftpClient, err } func getSftpClient(user dataprovider.User, usePubKey bool) (*ssh.Client, *sftp.Client, error) { return getSftpClientWithAddr(user, usePubKey, sftpServerAddr) } func getKeyboardInteractiveSftpClient(user dataprovider.User, answers []string) (*ssh.Client, *sftp.Client, error) { var sftpClient *sftp.Client config := &ssh.ClientConfig{ User: user.Username, HostKeyCallback: ssh.InsecureIgnoreHostKey(), Auth: []ssh.AuthMethod{ ssh.KeyboardInteractive(func(_, _ string, _ []string, _ []bool) ([]string, error) { return answers, nil }), }, Timeout: 5 * time.Second, } conn, err := ssh.Dial("tcp", sftpServerAddr, config) if err != nil { return nil, sftpClient, err } sftpClient, err = sftp.NewClient(conn) if err != nil { conn.Close() } return conn, sftpClient, err } func getCustomAuthSftpClient(user dataprovider.User, authMethods []ssh.AuthMethod, addr string) (*ssh.Client, *sftp.Client, error) { var sftpClient *sftp.Client config := &ssh.ClientConfig{ User: user.Username, HostKeyCallback: ssh.InsecureIgnoreHostKey(), Auth: authMethods, Timeout: 5 * time.Second, } var err error var conn *ssh.Client if addr != "" { conn, err = ssh.Dial("tcp", addr, config) } else { conn, err = ssh.Dial("tcp", sftpServerAddr, config) } if err != nil { return conn, sftpClient, err } sftpClient, err = sftp.NewClient(conn) if err != nil { conn.Close() } return conn, sftpClient, err } func createTestFile(path string, size int64) error { baseDir := filepath.Dir(path) if _, err := os.Stat(baseDir); errors.Is(err, fs.ErrNotExist) { err = os.MkdirAll(baseDir, os.ModePerm) if err != nil { return err } } content := make([]byte, size) _, err := rand.Read(content) if err != nil { return err } return os.WriteFile(path, content, os.ModePerm) } func appendToTestFile(path string, size int64) error { content := make([]byte, size) _, err := rand.Read(content) if err != nil { return err } f, err := os.OpenFile(path, os.O_APPEND|os.O_WRONLY, os.ModePerm) if err != nil { return err } defer f.Close() written, err := io.Copy(f, bytes.NewReader(content)) if err != nil { return err } if written != size { return fmt.Errorf("write error, written: %v/%v", written, size) } return nil } func checkBasicSFTP(client *sftp.Client) error { _, err := client.Getwd() if err != nil { return err } _, err = client.ReadDir(".") return err } func writeSFTPFile(name string, size int64, client *sftp.Client) error { content := make([]byte, size) _, err := rand.Read(content) if err != nil { return err } f, err := client.Create(name) if err != nil { return err } _, err = io.Copy(f, bytes.NewBuffer(content)) if err != nil { f.Close() return err } err = f.Close() if err != nil { return err } info, err := client.Stat(name) if err != nil { return err } if info.Size() != size { return fmt.Errorf("file size mismatch, wanted %v, actual %v", size, info.Size()) } return nil } func sftpUploadFile(localSourcePath string, remoteDestPath string, expectedSize int64, client *sftp.Client) error { srcFile, err := os.Open(localSourcePath) if err != nil { return err } defer srcFile.Close() destFile, err := client.Create(remoteDestPath) if err != nil { return err } _, err = io.Copy(destFile, srcFile) if err != nil { destFile.Close() return err } // we need to close the file to trigger the server side close method // we cannot defer closing otherwise Stat will fail for upload atomic mode destFile.Close() if expectedSize > 0 { fi, err := client.Stat(remoteDestPath) if err != nil { return err } if fi.Size() != expectedSize { return fmt.Errorf("uploaded file size does not match, actual: %v, expected: %v", fi.Size(), expectedSize) } } return err } func sftpUploadResumeFile(localSourcePath string, remoteDestPath string, expectedSize int64, invalidOffset bool, //nolint:unparam client *sftp.Client) error { srcFile, err := os.Open(localSourcePath) if err != nil { return err } defer srcFile.Close() fi, err := client.Lstat(remoteDestPath) if err != nil { return err } if !invalidOffset { _, err = srcFile.Seek(fi.Size(), 0) if err != nil { return err } } destFile, err := client.OpenFile(remoteDestPath, os.O_WRONLY|os.O_APPEND) if err != nil { return err } if !invalidOffset { _, err = destFile.Seek(fi.Size(), 0) if err != nil { return err } } _, err = io.Copy(destFile, srcFile) if err != nil { destFile.Close() return err } // we need to close the file to trigger the server side close method // we cannot defer closing otherwise Stat will fail for upload atomic mode destFile.Close() if expectedSize > 0 { fi, err := client.Lstat(remoteDestPath) if err != nil { return err } if fi.Size() != expectedSize { return fmt.Errorf("uploaded file size does not match, actual: %v, expected: %v", fi.Size(), expectedSize) } } return err } func sftpDownloadFile(remoteSourcePath string, localDestPath string, expectedSize int64, client *sftp.Client) error { downloadDest, err := os.Create(localDestPath) if err != nil { return err } defer downloadDest.Close() sftpSrcFile, err := client.Open(remoteSourcePath) if err != nil { return err } defer sftpSrcFile.Close() _, err = io.Copy(downloadDest, sftpSrcFile) if err != nil { return err } err = downloadDest.Sync() if err != nil { return err } if expectedSize > 0 { fi, err := downloadDest.Stat() if err != nil { return err } if fi.Size() != expectedSize { return fmt.Errorf("downloaded file size does not match, actual: %v, expected: %v", fi.Size(), expectedSize) } } return err } func sftpUploadNonBlocking(localSourcePath string, remoteDestPath string, expectedSize int64, client *sftp.Client) <-chan error { c := make(chan error, 1) go func() { c <- sftpUploadFile(localSourcePath, remoteDestPath, expectedSize, client) }() return c } func sftpDownloadNonBlocking(remoteSourcePath string, localDestPath string, expectedSize int64, client *sftp.Client) <-chan error { c := make(chan error, 1) go func() { c <- sftpDownloadFile(remoteSourcePath, localDestPath, expectedSize, client) }() return c } func scpUpload(localPath, remotePath string, preserveTime, remoteToRemote bool) error { cmd := getScpUploadCommand(localPath, remotePath, preserveTime, remoteToRemote) return cmd.Run() } func scpDownload(localPath, remotePath string, preserveTime, recursive bool) error { cmd := getScpDownloadCommand(localPath, remotePath, preserveTime, recursive) return cmd.Run() } func getScpDownloadCommand(localPath, remotePath string, preserveTime, recursive bool) *exec.Cmd { var args []string if preserveTime { args = append(args, "-p") } if recursive { args = append(args, "-r") } if scpForce { args = append(args, "-O") } args = append(args, "-P") args = append(args, "2022") args = append(args, "-o") args = append(args, "StrictHostKeyChecking=no") args = append(args, "-i") args = append(args, privateKeyPath) args = append(args, remotePath) args = append(args, localPath) return exec.Command(scpPath, args...) } func getScpUploadCommand(localPath, remotePath string, preserveTime, remoteToRemote bool) *exec.Cmd { var args []string if remoteToRemote { args = append(args, "-3") } if preserveTime { args = append(args, "-p") } fi, err := os.Stat(localPath) if err == nil { if fi.IsDir() { args = append(args, "-r") } } if scpForce { args = append(args, "-O") } args = append(args, "-P") args = append(args, "2022") args = append(args, "-o") args = append(args, "StrictHostKeyChecking=no") args = append(args, "-o") args = append(args, "HostKeyAlgorithms=+ssh-rsa") args = append(args, "-i") args = append(args, privateKeyPath) args = append(args, localPath) args = append(args, remotePath) return exec.Command(scpPath, args...) } func computeHashForFile(hasher hash.Hash, path string) (string, error) { hash := "" f, err := os.Open(path) if err != nil { return hash, err } defer f.Close() _, err = io.Copy(hasher, f) if err == nil { hash = fmt.Sprintf("%x", hasher.Sum(nil)) } return hash, err } func waitForActiveTransfers(t *testing.T) { assert.Eventually(t, func() bool { for _, stat := range common.Connections.GetStats("") { if len(stat.Transfers) > 0 { return true } } return false }, 1*time.Second, 50*time.Millisecond) } func checkSystemCommands() { var err error gitPath, err = exec.LookPath("git") if err != nil { logger.Warn(logSender, "", "unable to get git command. GIT tests will be skipped, err: %v", err) logger.WarnToConsole("unable to get git command. GIT tests will be skipped, err: %v", err) gitPath = "" } sshPath, err = exec.LookPath("ssh") if err != nil { logger.Warn(logSender, "", "unable to get ssh command. GIT tests will be skipped, err: %v", err) logger.WarnToConsole("unable to get ssh command. GIT tests will be skipped, err: %v", err) gitPath = "" } hookCmdPath, err = exec.LookPath("true") if err != nil { logger.Warn(logSender, "", "unable to get hook command: %v", err) logger.WarnToConsole("unable to get hook command: %v", err) } scpPath, err = exec.LookPath("scp") if err != nil { logger.Warn(logSender, "", "unable to get scp command. SCP tests will be skipped, err: %v", err) logger.WarnToConsole("unable to get scp command. SCP tests will be skipped, err: %v", err) scpPath = "" } else { ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) defer cancel() cmd := exec.CommandContext(ctx, scpPath, "-O") out, _ := cmd.CombinedOutput() scpForce = !strings.Contains(string(out), "option -- O") } } func initGitRepo(path string) ([]byte, error) { err := os.MkdirAll(path, os.ModePerm) if err != nil { return nil, err } args := []string{"init", "--bare"} cmd := exec.Command(gitPath, args...) cmd.Dir = path return cmd.CombinedOutput() } func pushToGitRepo(repoPath string) ([]byte, error) { cmd := exec.Command(gitPath, "push") cmd.Dir = repoPath cmd.Env = append(os.Environ(), fmt.Sprintf("GIT_SSH=%v", gitWrapPath)) return cmd.CombinedOutput() } func cloneGitRepo(basePath, remotePath, username string) ([]byte, error) { remoteURL := fmt.Sprintf("ssh://%v@127.0.0.1:2022%v", username, remotePath) args := []string{"clone", remoteURL} cmd := exec.Command(gitPath, args...) cmd.Dir = basePath cmd.Env = append(os.Environ(), fmt.Sprintf("GIT_SSH=%v", gitWrapPath)) return cmd.CombinedOutput() } func addFileToGitRepo(repoPath string, fileSize int64) ([]byte, error) { path := filepath.Join(repoPath, "test") err := createTestFile(path, fileSize) if err != nil { return []byte(""), err } cmd := exec.Command(gitPath, "config", "user.email", "testuser@example.com") cmd.Dir = repoPath out, err := cmd.CombinedOutput() if err != nil { return out, err } cmd = exec.Command(gitPath, "config", "user.name", "testuser") cmd.Dir = repoPath out, err = cmd.CombinedOutput() if err != nil { return out, err } cmd = exec.Command(gitPath, "add", "test") cmd.Dir = repoPath out, err = cmd.CombinedOutput() if err != nil { return out, err } cmd = exec.Command(gitPath, "commit", "-am", "test") cmd.Dir = repoPath return cmd.CombinedOutput() } func getKeyboardInteractiveScriptForBuiltinChecks(addPasscode bool, result int) []byte { content := []byte("#!/bin/sh\n\n") echos := []bool{false} q, _ := json.Marshal([]string{"Password: "}) e, _ := json.Marshal(echos) content = append(content, []byte(fmt.Sprintf("echo '{\"questions\":%v,\"echos\":%v,\"check_password\":1}'\n", string(q), string(e)))...) content = append(content, []byte("read ANSWER\n\n")...) content = append(content, []byte("if test \"$ANSWER\" != \"OK\"; then\n")...) content = append(content, []byte("exit 1\n")...) content = append(content, []byte("fi\n\n")...) if addPasscode { q, _ := json.Marshal([]string{"Passcode: "}) content = append(content, []byte(fmt.Sprintf("echo '{\"questions\":%v,\"echos\":%v,\"check_password\":2}'\n", string(q), string(e)))...) content = append(content, []byte("read ANSWER\n\n")...) content = append(content, []byte("if test \"$ANSWER\" != \"OK\"; then\n")...) content = append(content, []byte("exit 1\n")...) content = append(content, []byte("fi\n\n")...) } content = append(content, []byte(fmt.Sprintf("echo '{\"auth_result\":%v}'\n", result))...) return content } func getKeyboardInteractiveScriptContent(questions []string, sleepTime int, nonJSONResponse bool, result int) []byte { content := []byte("#!/bin/sh\n\n") q, _ := json.Marshal(questions) echos := []bool{} for index := range questions { echos = append(echos, index%2 == 0) } e, _ := json.Marshal(echos) if nonJSONResponse { content = append(content, []byte(fmt.Sprintf("echo 'questions: %v echos: %v\n", string(q), string(e)))...) } else { content = append(content, []byte(fmt.Sprintf("echo '{\"questions\":%v,\"echos\":%v}'\n", string(q), string(e)))...) } for index := range questions { content = append(content, []byte(fmt.Sprintf("read ANSWER%v\n", index))...) } if sleepTime > 0 { content = append(content, []byte(fmt.Sprintf("sleep %v\n", sleepTime))...) } content = append(content, []byte(fmt.Sprintf("echo '{\"auth_result\":%v}'\n", result))...) return content } func getExtAuthScriptContent(user dataprovider.User, nonJSONResponse, emptyResponse bool, username string) []byte { extAuthContent := []byte("#!/bin/sh\n\n") if emptyResponse { return extAuthContent } extAuthContent = append(extAuthContent, []byte(fmt.Sprintf("if test \"$SFTPGO_AUTHD_USERNAME\" = \"%v\"; then\n", user.Username))...) if username != "" { user.Username = username } u, _ := json.Marshal(user) if nonJSONResponse { extAuthContent = append(extAuthContent, []byte("echo 'text response'\n")...) } else { extAuthContent = append(extAuthContent, []byte(fmt.Sprintf("echo '%v'\n", string(u)))...) } extAuthContent = append(extAuthContent, []byte("else\n")...) if nonJSONResponse { extAuthContent = append(extAuthContent, []byte("echo 'text response'\n")...) } else { extAuthContent = append(extAuthContent, []byte("echo '{\"username\":\"\"}'\n")...) } extAuthContent = append(extAuthContent, []byte("fi\n")...) return extAuthContent } func getPreLoginScriptContent(user dataprovider.User, nonJSONResponse bool) []byte { content := []byte("#!/bin/sh\n\n") if nonJSONResponse { content = append(content, []byte("echo 'text response'\n")...) return content } if len(user.Username) > 0 { u, _ := json.Marshal(user) content = append(content, []byte(fmt.Sprintf("echo '%v'\n", string(u)))...) } return content } func getExitCodeScriptContent(exitCode int) []byte { content := []byte("#!/bin/sh\n\n") content = append(content, []byte(fmt.Sprintf("exit %v", exitCode))...) return content } func getCheckPwdScriptsContents(status int, toVerify string) []byte { content := []byte("#!/bin/sh\n\n") content = append(content, []byte(fmt.Sprintf("echo '{\"status\":%v,\"to_verify\":\"%v\"}'\n", status, toVerify))...) if status > 0 { content = append(content, []byte("exit 0")...) } else { content = append(content, []byte("exit 1")...) } return content } func printLatestLogs(maxNumberOfLines int) { var lines []string f, err := os.Open(logFilePath) if err != nil { return } defer f.Close() scanner := bufio.NewScanner(f) for scanner.Scan() { lines = append(lines, scanner.Text()+"\r\n") for len(lines) > maxNumberOfLines { lines = lines[1:] } } if scanner.Err() != nil { logger.WarnToConsole("Unable to print latest logs: %v", scanner.Err()) return } for _, line := range lines { logger.DebugToConsole(line) } } func getHostKeyFingerprint(name string) (string, error) { privateBytes, err := os.ReadFile(name) if err != nil { return "", err } private, err := ssh.ParsePrivateKey(privateBytes) if err != nil { return "", err } return ssh.FingerprintSHA256(private.PublicKey()), nil } func getHostKeysFingerprints(hostKeys []string) { for _, k := range hostKeys { fp, err := getHostKeyFingerprint(filepath.Join(configDir, k)) if err != nil { logger.ErrorToConsole("unable to get fingerprint for host key %q: %v", k, err) os.Exit(1) } hostKeyFPs = append(hostKeyFPs, fp) } } func createInitialFiles(scriptArgs string) { pubKeyPath = filepath.Join(homeBasePath, "ssh_key.pub") privateKeyPath = filepath.Join(homeBasePath, "ssh_key") trustedCAUserKey = filepath.Join(homeBasePath, "ca_user_key") gitWrapPath = filepath.Join(homeBasePath, "gitwrap.sh") extAuthPath = filepath.Join(homeBasePath, "extauth.sh") preLoginPath = filepath.Join(homeBasePath, "prelogin.sh") postConnectPath = filepath.Join(homeBasePath, "postconnect.sh") checkPwdPath = filepath.Join(homeBasePath, "checkpwd.sh") preDownloadPath = filepath.Join(homeBasePath, "predownload.sh") preUploadPath = filepath.Join(homeBasePath, "preupload.sh") revokeUserCerts = filepath.Join(homeBasePath, "revoked_certs.json") err := os.WriteFile(pubKeyPath, []byte(testPubKey+"\n"), 0600) if err != nil { logger.WarnToConsole("unable to save public key to file: %v", err) } err = os.WriteFile(privateKeyPath, []byte(testPrivateKey+"\n"), 0600) if err != nil { logger.WarnToConsole("unable to save private key to file: %v", err) } err = os.WriteFile(gitWrapPath, []byte(fmt.Sprintf("%v -i %v -oStrictHostKeyChecking=no %v\n", sshPath, privateKeyPath, scriptArgs)), os.ModePerm) if err != nil { logger.WarnToConsole("unable to save gitwrap shell script: %v", err) } err = os.WriteFile(trustedCAUserKey, []byte(testCAUserKey), 0600) if err != nil { logger.WarnToConsole("unable to save trusted CA user key: %v", err) } err = os.WriteFile(revokeUserCerts, []byte(`[]`), 0644) if err != nil { logger.WarnToConsole("unable to save revoked user certs: %v", err) } }