/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.sshd.server.subsystem.sftp;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Path;
import java.util.Collections;
import java.util.concurrent.TimeUnit;
import org.apache.sshd.client.SshClient;
import org.apache.sshd.client.session.ClientSession;
import org.apache.sshd.client.subsystem.sftp.SftpClient;
import org.apache.sshd.client.subsystem.sftp.SftpClient.CloseableHandle;
import org.apache.sshd.client.subsystem.sftp.SftpClient.OpenMode;
import org.apache.sshd.common.file.FileSystemFactory;
import org.apache.sshd.common.file.virtualfs.VirtualFileSystemFactory;
import org.apache.sshd.common.subsystem.sftp.SftpConstants;
import org.apache.sshd.common.subsystem.sftp.SftpException;
import org.apache.sshd.server.SshServer;
import org.apache.sshd.server.scp.ScpCommandFactory;
import org.apache.sshd.util.test.BaseTestSupport;
import org.apache.sshd.util.test.Utils;
import org.junit.After;
import org.junit.Before;
import org.junit.FixMethodOrder;
import org.junit.Test;
import org.junit.runners.MethodSorters;
/**
* @author <a href="mailto:dev@mina.apache.org">Apache MINA SSHD Project</a>
*/
@FixMethodOrder(MethodSorters.NAME_ASCENDING)
public class SimpleAccessControlSftpEventListenerTest extends BaseTestSupport {
private SshServer sshd;
private int port;
private final FileSystemFactory fileSystemFactory;
public SimpleAccessControlSftpEventListenerTest() {
Path targetPath = detectTargetFolder();
Path parentPath = targetPath.getParent();
fileSystemFactory = new VirtualFileSystemFactory(parentPath);
}
@Before
public void setUp() throws Exception {
sshd = setupTestServer();
SftpSubsystemFactory.Builder builder =
new SftpSubsystemFactory.Builder();
builder.addSftpEventListener(SimpleAccessControlSftpEventListener.READ_ONLY_ACCESSOR);
sshd.setSubsystemFactories(
Collections.singletonList(builder.build()));
sshd.setCommandFactory(new ScpCommandFactory());
sshd.setFileSystemFactory(fileSystemFactory);
sshd.start();
port = sshd.getPort();
}
@After
public void tearDown() throws Exception {
if (sshd != null) {
try {
sshd.stop(true);
} finally {
sshd = null;
}
}
}
@Test
public void testReadOnlyFileAccess() throws Exception {
Path targetPath = detectTargetFolder();
Path parentPath = targetPath.getParent();
Path lclSftp = Utils.resolve(targetPath, SftpConstants.SFTP_SUBSYSTEM_NAME, getClass().getSimpleName(), getCurrentTestName());
Path testFile = assertHierarchyTargetFolderExists(lclSftp).resolve("file.txt");
byte[] data = (getClass().getName() + "#" + getCurrentTestName()).getBytes(StandardCharsets.UTF_8);
Files.deleteIfExists(testFile);
Files.write(testFile, data);
try (SshClient client = setupTestClient()) {
client.start();
try (ClientSession session = client.connect(getCurrentTestName(), TEST_LOCALHOST, port).verify(7L, TimeUnit.SECONDS).getSession()) {
session.addPasswordIdentity(getCurrentTestName());
session.auth().verify(5L, TimeUnit.SECONDS);
try (SftpClient sftp = session.createSftpClient()) {
String file = Utils.resolveRelativeRemotePath(parentPath, testFile);
try (CloseableHandle handle = sftp.open(file, OpenMode.Read)) {
byte[] actual = new byte[data.length];
int readLen = sftp.read(handle, 0L, actual);
assertEquals("Mismatched read data length", data.length, readLen);
assertArrayEquals("Mismatched read file contents", data, actual);
}
try (CloseableHandle handle = sftp.open(file, OpenMode.Create, OpenMode.Write, OpenMode.Read, OpenMode.Append)) {
sftp.write(handle, 0L, data);
fail("Unexpected file write success");
} catch (SftpException e) {
int status = e.getStatus();
assertEquals("Unexpected write SFTP status code", SftpConstants.SSH_FX_PERMISSION_DENIED, status);
}
SftpClient.Attributes attrs = sftp.stat(file);
attrs.modifyTime(System.currentTimeMillis());
try {
sftp.setStat(file, attrs);
fail("Unexpected attributes modification success");
} catch (SftpException e) {
int status = e.getStatus();
assertEquals("Unexpected setAttributes SFTP status code", SftpConstants.SSH_FX_PERMISSION_DENIED, status);
}
}
} finally {
client.stop();
}
}
}
@Test
public void testReadOnlyDirectoryAccess() throws Exception {
Path targetPath = detectTargetFolder();
Path parentPath = targetPath.getParent();
Path lclSftp = Utils.resolve(targetPath, SftpConstants.SFTP_SUBSYSTEM_NAME, getClass().getSimpleName(), getCurrentTestName());
Path testFile = assertHierarchyTargetFolderExists(lclSftp).resolve("file.txt");
byte[] data = (getClass().getName() + "#" + getCurrentTestName()).getBytes(StandardCharsets.UTF_8);
Files.deleteIfExists(testFile);
Files.write(testFile, data);
try (SshClient client = setupTestClient()) {
client.start();
try (ClientSession session = client.connect(getCurrentTestName(), TEST_LOCALHOST, port).verify(7L, TimeUnit.SECONDS).getSession()) {
session.addPasswordIdentity(getCurrentTestName());
session.auth().verify(5L, TimeUnit.SECONDS);
try (SftpClient sftp = session.createSftpClient()) {
String folder = Utils.resolveRelativeRemotePath(parentPath, targetPath);
for (SftpClient.DirEntry entry : sftp.readDir(folder)) {
assertNotNull("No entry", entry);
}
String file = Utils.resolveRelativeRemotePath(parentPath, testFile);
try {
sftp.remove(file);
fail("Unexpected file remove success");
} catch (SftpException e) {
int status = e.getStatus();
assertEquals("Unexpected remove SFTP status code", SftpConstants.SSH_FX_PERMISSION_DENIED, status);
}
try {
sftp.mkdir(folder + "/writeAttempt");
fail("Unexpected folder creation success");
} catch (SftpException e) {
int status = e.getStatus();
assertEquals("Unexpected mkdir SFTP status code", SftpConstants.SSH_FX_PERMISSION_DENIED, status);
}
try {
sftp.rmdir(folder);
fail("Unexpected folder creation success");
} catch (SftpException e) {
int status = e.getStatus();
assertEquals("Unexpected rmdir SFTP status code", SftpConstants.SSH_FX_PERMISSION_DENIED, status);
}
}
} finally {
client.stop();
}
}
}
}