Add option to allow non-admins to access SFTP
This commit is contained in:
Girish Ramakrishnan
+16
-2
@@ -5,7 +5,8 @@ exports = module.exports = {
|
||||
stop: stop
|
||||
};
|
||||
|
||||
var assert = require('assert'),
|
||||
var addons = require('./addons.js'),
|
||||
assert = require('assert'),
|
||||
appdb = require('./appdb.js'),
|
||||
apps = require('./apps.js'),
|
||||
async = require('async'),
|
||||
@@ -547,6 +548,17 @@ function authenticateSftp(req, res, next) {
|
||||
});
|
||||
}
|
||||
|
||||
function loadSftpConfig(req, res, next) {
|
||||
addons.getServicesConfig('sftp', function (error, service, servicesConfig) {
|
||||
if (error) return next(new ldap.OperationsError(error.toString()));
|
||||
|
||||
const serviceConfig = servicesConfig['sftp'];
|
||||
req.requireAdmin = 'requireAdmin' in serviceConfig ? serviceConfig.requireAdmin : true;
|
||||
|
||||
next();
|
||||
});
|
||||
}
|
||||
|
||||
function userSearchSftp(req, res, next) {
|
||||
debug('sftp user search: dn %s, scope %s, filter %s (from %s)', req.dn.toString(), req.scope, req.filter.toString(), req.connection.ldap.id);
|
||||
|
||||
@@ -570,6 +582,8 @@ function userSearchSftp(req, res, next) {
|
||||
users.getByUsername(username, function (error, user) {
|
||||
if (error) return next(new ldap.OperationsError(error.toString()));
|
||||
|
||||
if (req.requireAdmin && users.compareRoles(user.role, users.ROLE_ADMIN) < 0) return next(new ldap.InsufficientAccessRightsError('Insufficient previleges'));
|
||||
|
||||
apps.hasAccessTo(app, user, function (error, hasAccess) {
|
||||
if (error) return next(new ldap.OperationsError(error.toString()));
|
||||
if (!hasAccess) return next(new ldap.InsufficientAccessRightsError('Not authorized'));
|
||||
@@ -669,7 +683,7 @@ function start(callback) {
|
||||
gServer.bind('ou=sendmail,dc=cloudron', authenticateMailAddon); // haraka
|
||||
|
||||
gServer.bind('ou=sftp,dc=cloudron', authenticateSftp); // sftp
|
||||
gServer.search('ou=sftp,dc=cloudron', userSearchSftp);
|
||||
gServer.search('ou=sftp,dc=cloudron', loadSftpConfig, userSearchSftp);
|
||||
|
||||
gServer.compare('cn=users,ou=groups,dc=cloudron', authenticateApp, groupUsersCompare);
|
||||
gServer.compare('cn=admins,ou=groups,dc=cloudron', authenticateApp, groupAdminsCompare);
|
||||
|
||||
Reference in New Issue
Block a user