[
https://issues.apache.org/jira/browse/SSHD-731?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Boris Fridland updated SSHD-731:
--------------------------------
Description:
After implementing sftp access control by overriding
SimpleAccessControlSftpEventListener and adding it to SftpSubsystemFactory:
Scenario:
1.set SimpleAccessControlSftpEventListener.isModificationAllowed to return false
2. Establish connection with WinScp
3. try to create new file
expected result: access denied message + no influence on file system
actual: access denied message, + empty file is written to server disc.
in addition if existing file is opened, and being saved --> result is that file
content of is removed.
Attached configuration code:
SftpSubsystemFactory.Builder builder = new SftpSubsystemFactory.Builder();
builder.addSftpEventListener(new SimpleAccessControlSftpEventListener()
{
protected boolean isAccessAllowed(ServerSession session, String
remoteHandle, Path localPath)
throws IOException {
EUserAccessLevel level =
authorizationManager.getAccessLevel(session.getUsername());
if(level.hasReadAccess()) {
return true;
}
return false;
}
protected boolean isModificationAllowed(ServerSession session,
String remoteHandle, Path localPath)
throws IOException {
EUserAccessLevel level =
authorizationManager.getAccessLevel(session.getUsername());
if(level.hasWriteAccess()) {
return true;
}
return false;
}
});
sshd.setSubsystemFactories(Collections.singletonList(builder.build()));
sshd.setCommandFactory(new ScpCommandFactory());
following
was:
After implementing sftp access control by overriding
SimpleAccessControlSftpEventListener and adding it to SftpSubsystemFactory:
Scenario:
1.set isModificationAllowed to return false
2. Establish connection with WinScp
3. try to create new file
expected result: access denied message + no influence on file system
actual: access denied message, + empty file is written to server disc.
in addition if existing file is opened, and being saved --> result is that file
content is removed.
It is huge variability
Attached configuration code:
SftpSubsystemFactory.Builder builder = new SftpSubsystemFactory.Builder();
builder.addSftpEventListener(new SimpleAccessControlSftpEventListener()
{
protected boolean isAccessAllowed(ServerSession session, String
remoteHandle, Path localPath)
throws IOException {
EUserAccessLevel level =
authorizationManager.getAccessLevel(session.getUsername());
if(level.hasReadAccess()) {
return true;
}
return false;
}
protected boolean isModificationAllowed(ServerSession session,
String remoteHandle, Path localPath)
throws IOException {
EUserAccessLevel level =
authorizationManager.getAccessLevel(session.getUsername());
if(level.hasWriteAccess()) {
return true;
}
return false;
}
});
sshd.setSubsystemFactories(Collections.singletonList(builder.build()));
sshd.setCommandFactory(new ScpCommandFactory());
following
> Vanorability in SimpleAccessControlSftpEventListener implementation
> --------------------------------------------------------------------
>
> Key: SSHD-731
> URL: https://issues.apache.org/jira/browse/SSHD-731
> Project: MINA SSHD
> Issue Type: Bug
> Environment: <dependency>
> <groupId>org.apache.sshd</groupId>
> <artifactId>sshd-core</artifactId>
> <version>1.3.0</version>
> </dependency>
> <dependency>
> <groupId>org.apache.sshd</groupId>
> <artifactId>sshd-contrib</artifactId>
> <version>1.3.0</version>
> </dependency>
> Reporter: Boris Fridland
>
> After implementing sftp access control by overriding
> SimpleAccessControlSftpEventListener and adding it to SftpSubsystemFactory:
> Scenario:
> 1.set SimpleAccessControlSftpEventListener.isModificationAllowed to return
> false
> 2. Establish connection with WinScp
> 3. try to create new file
> expected result: access denied message + no influence on file system
> actual: access denied message, + empty file is written to server disc.
> in addition if existing file is opened, and being saved --> result is that
> file content of is removed.
> Attached configuration code:
> SftpSubsystemFactory.Builder builder = new SftpSubsystemFactory.Builder();
> builder.addSftpEventListener(new
> SimpleAccessControlSftpEventListener() {
> protected boolean isAccessAllowed(ServerSession session, String
> remoteHandle, Path localPath)
> throws IOException {
> EUserAccessLevel level =
> authorizationManager.getAccessLevel(session.getUsername());
> if(level.hasReadAccess()) {
> return true;
> }
> return false;
> }
> protected boolean isModificationAllowed(ServerSession session,
> String remoteHandle, Path localPath)
> throws IOException {
> EUserAccessLevel level =
> authorizationManager.getAccessLevel(session.getUsername());
> if(level.hasWriteAccess()) {
> return true;
> }
> return false;
> }
> });
>
> sshd.setSubsystemFactories(Collections.singletonList(builder.build()));
> sshd.setCommandFactory(new ScpCommandFactory());
>
> following
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
