Devart Forums

Discussion forums for open issues and questions concerning database tools, data access components and developer tools from Devart
https://forums.devart.com/

SFTPServer How to deny user change dir (CWD) and List dir (LIST)

https://forums.devart.com/viewtopic.php?f=27&t=33301

Page 1 of 1

SFTPServer How to deny user change dir (CWD) and List dir (LIST)

Posted: Tue 01 Mar 2016 18:48
by snorkel
Hi,
what would be the best event to raise a erPermissionDenied error to prevent a user from changing directory?
Would it be OnGetAbsolutePath or the OnOpenDirectory?

I also need to prevent a user from doing a directory listing if they don't have permission to do so.

Re: SFTPServer How to deny user change dir (CWD) and List dir (LIST)

Posted: Wed 02 Mar 2016 23:15
by snorkel
I was able to get the permissions for LIST working, OnOpenDir is the place to do that.
I raise the permission denied error and the user can't list any dir, but they can still cd to a dir.
for example if they have a dir called testdir they can do cd testdir and then if a file called test.txt exists they can get it no problem, but only if they know it's there of course.

I tried raising the erPermissionDenied in OnGetAbsolutePath, but that caused the client to not be able to logon, the Linux open ssh client reported back it could not canonicalize and Need CWD.

So I am kind of stuck trying to prevent the user from doing a change directory.

Re: SFTPServer How to deny user change dir (CWD) and List dir (LIST)

Posted: Wed 02 Mar 2016 23:36
by snorkel
Nevermind I think I figured it out:
in case anyone else needs to do this:

Code: Select all

procedure TSFTPDataMod.SFTPServerGetAbsolutePath(Sender: TObject;
 SFTPSessionInfo: TScSFTPSessionInfo; const Path: string;
 const Control: TScSFTPRealpathControl; ComposePath: TStringList;
 var AbsolutePath: string; var Error: TScSFTPError);
var
  FullPath: string;
  i: integer;
  allowcwd:boolean;
  useobj:TuserObj;
begin
     allowcwd:=false;
     if assigned(SFTPSessionInfo.Client.Data) then
        begin
             useobj:=TuserObj(SFTPSessionInfo.Client.Data);
             allowcwd:=useobj.AllowCWD;
        end;
  AbsolutePath := IncludeTrailingBackslash( TScSFTPServer(sender).GetCanonicalPath(SFTPSessionInfo, Path));
  for i := 0 to ComposePath.Count - 1 do
    AbsolutePath := IncludeTrailingBackslash(AbsolutePath) + ComposePath[i];
  if (not allowcwd) and (AbsolutePath <> '\') then
     begin
           InitError(Error, erPermissionDenied);
           exit;
     end;
  FullPath :=  TScSFTPServer(sender).GetFullPath(SFTPSessionInfo, AbsolutePath);
  if (Control <> rcStatAlways) or FileExists(FullPath) or DirectoryExists(FullPath) then
    InitError(Error, erOk)
  else
    InitError(Error, erNoSuchFile);

  for i := 1 to Length(AbsolutePath) do
    if AbsolutePath[i] = '\' then
      AbsolutePath[i] := '/';
end;

Re: SFTPServer How to deny user change dir (CWD) and List dir (LIST)

Posted: Thu 03 Mar 2016 11:07
by ViktorV
We are glad to see you have found a solution for your task. Please contact us if any questions concerning SecureBridge usage come up.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/