Boris Fridland created SSHD-731:
-----------------------------------
Summary: Vanorability in SimpleAccessControlSftpEventListener
implementation
Key: SSHD-731
URL: https://issues.apache.org/jira/browse/SSHD-731
Project: MINA SSHD
Issue Type: Bug
Environment: <dependency>
<groupId>org.apache.sshd</groupId>
<artifactId>sshd-core</artifactId>
<version>1.3.0</version>
</dependency>
<dependency>
<groupId>org.apache.sshd</groupId>
<artifactId>sshd-contrib</artifactId>
<version>1.3.0</version>
</dependency>
Reporter: Boris Fridland
After implementing sftp access control by overriding
SimpleAccessControlSftpEventListener and adding it to SftpSubsystemFactory:
even when isModificationAllowed function returns fals
Scenario:
1.set isModificationAllowed to return false
2. Establish connection with WinScp
3. try to create new file
expected result: access denied message + no influence on file system
actual: access denied message, + empty file is written to server disc.
in addition if existing file is opened, and being saved --> result is that file
content is removed.
It is huge variability
Attached configuration code:
SftpSubsystemFactory.Builder builder = new SftpSubsystemFactory.Builder();
builder.addSftpEventListener(new SimpleAccessControlSftpEventListener()
{
protected boolean isAccessAllowed(ServerSession session, String
remoteHandle, Path localPath)
throws IOException {
EUserAccessLevel level =
authorizationManager.getAccessLevel(session.getUsername());
if(level.hasReadAccess()) {
return true;
}
return false;
}
protected boolean isModificationAllowed(ServerSession session,
String remoteHandle, Path localPath)
throws IOException {
EUserAccessLevel level =
authorizationManager.getAccessLevel(session.getUsername());
if(level.hasWriteAccess()) {
return true;
}
return false;
}
});
sshd.setSubsystemFactories(Collections.singletonList(builder.build()));
sshd.setCommandFactory(new ScpCommandFactory());
following
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
