Hi,
what would be the best event to raise a erPermissionDenied error to prevent a user from changing directory?
Would it be OnGetAbsolutePath or the OnOpenDirectory?
I also need to prevent a user from doing a directory listing if they don't have permission to do so.
SFTPServer How to deny user change dir (CWD) and List dir (LIST)
Re: SFTPServer How to deny user change dir (CWD) and List dir (LIST)
I was able to get the permissions for LIST working, OnOpenDir is the place to do that.
I raise the permission denied error and the user can't list any dir, but they can still cd to a dir.
for example if they have a dir called testdir they can do cd testdir and then if a file called test.txt exists they can get it no problem, but only if they know it's there of course.
I tried raising the erPermissionDenied in OnGetAbsolutePath, but that caused the client to not be able to logon, the Linux open ssh client reported back it could not canonicalize and Need CWD.
So I am kind of stuck trying to prevent the user from doing a change directory.
I raise the permission denied error and the user can't list any dir, but they can still cd to a dir.
for example if they have a dir called testdir they can do cd testdir and then if a file called test.txt exists they can get it no problem, but only if they know it's there of course.
I tried raising the erPermissionDenied in OnGetAbsolutePath, but that caused the client to not be able to logon, the Linux open ssh client reported back it could not canonicalize and Need CWD.
So I am kind of stuck trying to prevent the user from doing a change directory.
Re: SFTPServer How to deny user change dir (CWD) and List dir (LIST)
Nevermind I think I figured it out:
in case anyone else needs to do this:
in case anyone else needs to do this:
Code: Select all
procedure TSFTPDataMod.SFTPServerGetAbsolutePath(Sender: TObject;
SFTPSessionInfo: TScSFTPSessionInfo; const Path: string;
const Control: TScSFTPRealpathControl; ComposePath: TStringList;
var AbsolutePath: string; var Error: TScSFTPError);
var
FullPath: string;
i: integer;
allowcwd:boolean;
useobj:TuserObj;
begin
allowcwd:=false;
if assigned(SFTPSessionInfo.Client.Data) then
begin
useobj:=TuserObj(SFTPSessionInfo.Client.Data);
allowcwd:=useobj.AllowCWD;
end;
AbsolutePath := IncludeTrailingBackslash( TScSFTPServer(sender).GetCanonicalPath(SFTPSessionInfo, Path));
for i := 0 to ComposePath.Count - 1 do
AbsolutePath := IncludeTrailingBackslash(AbsolutePath) + ComposePath[i];
if (not allowcwd) and (AbsolutePath <> '\') then
begin
InitError(Error, erPermissionDenied);
exit;
end;
FullPath := TScSFTPServer(sender).GetFullPath(SFTPSessionInfo, AbsolutePath);
if (Control <> rcStatAlways) or FileExists(FullPath) or DirectoryExists(FullPath) then
InitError(Error, erOk)
else
InitError(Error, erNoSuchFile);
for i := 1 to Length(AbsolutePath) do
if AbsolutePath[i] = '\' then
AbsolutePath[i] := '/';
end;
Re: SFTPServer How to deny user change dir (CWD) and List dir (LIST)
We are glad to see you have found a solution for your task. Please contact us if any questions concerning SecureBridge usage come up.