New authorization actions and support for per-account directory config

- Moved `PasswordAuthorization` back into the `Abstractions` project
- Removed `AuthenticatedBy` property from `FtpConnectionData` and `IAccountInformation`

Author: fubar-coder

FubarDev.FtpServer.v3.ncrunchsolution

@@ -0,0 +1,6 @@
+<SolutionConfiguration>
+  <Settings>
+    <AllowParallelTestExecution>True</AllowParallelTestExecution>
+    <SolutionConfigured>True</SolutionConfigured>
+  </Settings>
+</SolutionConfiguration>

GlobalAssemblyInfo.cs

@@ -1,11 +1,14 @@
-//-----------------------------------------------------------------------
+//-----------------------------------------------------------------------
 // <copyright file="GlobalAssemblyInfo.cs" company="Fubar Development Junker">
 //     Copyright (c) Fubar Development Junker. All rights reserved.
 // </copyright>
 // <author>Mark Junker</author>
 //-----------------------------------------------------------------------
 
 using System.Reflection;
+using System.Runtime.CompilerServices;
 
 [assembly: AssemblyTrademark("")]
 [assembly: AssemblyCulture("")]
+
+[assembly: InternalsVisibleTo("FubarDev.FtpServer.Tests")]

samples/TestFtpServer/Program.cs

@@ -13,12 +13,16 @@
 
 using FubarDev.FtpServer;
 using FubarDev.FtpServer.AccountManagement;
+using FubarDev.FtpServer.AccountManagement.Directories.RootPerUser;
+using FubarDev.FtpServer.AccountManagement.Directories.SingleRootWithoutHome;
 using FubarDev.FtpServer.Authentication;
+using FubarDev.FtpServer.FileSystem;
 using FubarDev.FtpServer.FileSystem.DotNet;
 using FubarDev.FtpServer.FileSystem.GoogleDrive;
 using FubarDev.FtpServer.FileSystem.InMemory;
 using FubarDev.FtpServer.FileSystem.Unix;
 using FubarDev.FtpServer.MembershipProvider.Pam;
+using FubarDev.FtpServer.MembershipProvider.Pam.Directories;
 
 using Google.Apis.Auth.OAuth2;
 using Google.Apis.Drive.v3;
@@ -62,8 +66,38 @@ private static int Main(string[] args)
                         }
                     }
                 },
-                "Workarounds",
+                "PAM authentication workarounds",
                 { "no-pam-account-management", "Disable the PAM account management", v => options.NoPamAccountManagement = v != null },
+                "Directory layout (filesystem, unix))",
+                { "l|layout=", "Directory layout", v =>                     {
+                        switch (v)
+                        {
+                            case "default":
+                            case "root":
+                            case "single":
+                            case "single-root":
+                                options.DirectoryLayout = DirectoryLayout.SingleRoot;
+                                break;
+                            case "root-per-user":
+                            case "per-user-root":
+                            case "per-user":
+                                options.DirectoryLayout = DirectoryLayout.RootPerUser;
+                                break;
+                            case "pam":
+                            case "passwd":
+                            case "pam-home":
+                            case "passwd-home":
+                                options.DirectoryLayout = DirectoryLayout.PamHomeDirectory;
+                                break;
+                            case "pam-root":
+                            case "passwd-root":
+                                options.DirectoryLayout = DirectoryLayout.PamHomeDirectoryAsRoot;
+                                break;
+                            default:
+                                throw new ApplicationException("Invalid authentication module");
+                        }
+                    }
+                },
                 "Server",
                 { "a|address=", "Sets the IP address or host name", v => options.ServerAddress = v },
                 { "p|port=", "Sets the listen port", v => options.Port = Convert.ToInt32(v) },
@@ -283,6 +317,32 @@ private static IServiceCollection CreateServices(TestFtpServerOptions options)
                .Configure<GoogleDriveOptions>(opt => opt.UseBackgroundUpload = options.UseBackgroundUpload)
                .Configure<PamMembershipProviderOptions>(opt => opt.IgnoreAccountManagement = options.NoPamAccountManagement);
 
+            switch (options.DirectoryLayout)
+            {
+                case DirectoryLayout.SingleRoot:
+                    services.AddSingleton<IAccountDirectoryQuery, SingleRootWithoutHomeAccountDirectoryQuery>();
+                    break;
+                case DirectoryLayout.RootPerUser:
+                    services
+                       .AddSingleton<IAccountDirectoryQuery, RootPerUserAccountDirectoryQuery>()
+                       .Configure<RootPerUserAccountDirectoryQueryOptions>(opt => opt.AnonymousRootPerEmail = true);
+                    break;
+                case DirectoryLayout.PamHomeDirectory:
+                    services
+                       .AddSingleton<IAccountDirectoryQuery, PamAccountDirectoryQuery>()
+                       .Configure<PamAccountDirectoryQueryOptions>(opt => opt.AnonymousRootDirectory = "/tmp");
+                    break;
+                case DirectoryLayout.PamHomeDirectoryAsRoot:
+                    services
+                       .AddSingleton<IAccountDirectoryQuery, PamAccountDirectoryQuery>()
+                       .Configure<PamAccountDirectoryQueryOptions>(opt =>
+                        {
+                            opt.AnonymousRootDirectory = "/tmp";
+                            opt.UserHomeIsRoot = true;
+                        });
+                    break;
+            }
+
             if (options.ImplicitFtps)
             {
                 services.Decorate<IFtpServer>(

samples/TestFtpServer/Properties/launchSettings.json

@@ -2,7 +2,7 @@
   "profiles": {
     "TestFtpServer": {
       "commandName": "Project",
-      "commandLineArgs": "filesystem"
+      "commandLineArgs": "filesystem -l per-user"
     }
   }
 }

samples/TestFtpServer/TestFtpServerOptions.cs

@@ -76,6 +76,11 @@ public class TestFtpServerOptions
         /// </summary>
         public bool DisableUserIdSwitch { get; set; }
 
+        /// <summary>
+        /// Gets or sets the directory layout.
+        /// </summary>
+        public DirectoryLayout DirectoryLayout { get; set; }
+
         /// <summary>
         /// Gets the requested or the default port.
         /// </summary>
@@ -97,6 +102,32 @@ public void Validate()
         }
     }
 
+    /// <summary>
+    /// The requested directory layout.
+    /// </summary>
+    public enum DirectoryLayout
+    {
+        /// <summary>
+        /// A single root directory for all users.
+        /// </summary>
+        SingleRoot,
+
+        /// <summary>
+        /// A per-user root directory.
+        /// </summary>
+        RootPerUser,
+
+        /// <summary>
+        /// A single root, but with the users home directory as default directory.
+        /// </summary>
+        PamHomeDirectory,
+
+        /// <summary>
+        /// Users home directories are root.
+        /// </summary>
+        PamHomeDirectoryAsRoot,
+    }
+
     /// <summary>
     /// The selected membership provider.
     /// </summary>

src/FubarDev.FtpServer.Abstractions/AccountManagement/Directories/GenericAccountDirectories.cs

@@ -0,0 +1,35 @@
+// <copyright file="GenericAccountDirectories.cs" company="Fubar Development Junker">
+// Copyright (c) Fubar Development Junker. All rights reserved.
+// </copyright>
+
+using FubarDev.FtpServer.FileSystem;
+
+using JetBrains.Annotations;
+
+namespace FubarDev.FtpServer.AccountManagement.Directories
+{
+    /// <summary>
+    /// Default implementation of <see cref="IAccountDirectories"/>.
+    /// </summary>
+    public class GenericAccountDirectories : IAccountDirectories
+    {
+        /// <summary>
+        /// Initializes a new instance of the <see cref="GenericAccountDirectories"/> class.
+        /// </summary>
+        /// <param name="rootPath">The root path relative to the file systems root path.</param>
+        /// <param name="homePath">The home directory of the user relative to the <paramref name="rootPath"/>.</param>
+        public GenericAccountDirectories(
+            [CanBeNull] string rootPath,
+            [CanBeNull] string homePath = null)
+        {
+            RootPath = rootPath.RemoveRoot();
+            HomePath = homePath.RemoveRoot();
+        }
+
+        /// <inheritdoc />
+        public string RootPath { get; }
+
+        /// <inheritdoc />
+        public string HomePath { get; }
+    }
+}

src/FubarDev.FtpServer.Abstractions/AccountManagement/Directories/RootPerUser/RootPerUserAccountDirectoryQuery.cs

@@ -0,0 +1,77 @@
+// <copyright file="RootPerUserAccountDirectoryQuery.cs" company="Fubar Development Junker">
+// Copyright (c) Fubar Development Junker. All rights reserved.
+// </copyright>
+
+using System.IO;
+
+using FubarDev.FtpServer.FileSystem;
+
+using JetBrains.Annotations;
+
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+
+namespace FubarDev.FtpServer.AccountManagement.Directories.RootPerUser
+{
+    /// <summary>
+    /// A single root directory per user.
+    /// </summary>
+    public class RootPerUserAccountDirectoryQuery : IAccountDirectoryQuery
+    {
+        [CanBeNull]
+        private readonly ILogger<RootPerUserAccountDirectoryQuery> _logger;
+
+        [NotNull]
+        private readonly string _anonymousRoot;
+
+        [NotNull]
+        private readonly string _userRoot;
+
+        private readonly bool _anonymousRootPerEmail;
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="RootPerUserAccountDirectoryQuery"/> class.
+        /// </summary>
+        /// <param name="options">The options.</param>
+        /// <param name="logger">The logger.</param>
+        public RootPerUserAccountDirectoryQuery(
+            [NotNull] IOptions<RootPerUserAccountDirectoryQueryOptions> options,
+            [CanBeNull] ILogger<RootPerUserAccountDirectoryQuery> logger = null)
+        {
+            _logger = logger;
+            _anonymousRoot = options.Value.AnonymousRootDirectory.RemoveRoot() ?? string.Empty;
+            _userRoot = options.Value.UserRootDirectory.RemoveRoot() ?? string.Empty;
+            _anonymousRootPerEmail = options.Value.AnonymousRootPerEmail;
+        }
+
+        /// <inheritdoc />
+        public IAccountDirectories GetDirectories(IAccountInformation accountInformation)
+        {
+            if (accountInformation.User is IAnonymousFtpUser anonymousFtpUser)
+            {
+                return GetAnonymousDirectories(anonymousFtpUser);
+            }
+
+            var rootPath = Path.Combine(_userRoot, accountInformation.User.Name);
+            return new GenericAccountDirectories(rootPath);
+        }
+
+        private IAccountDirectories GetAnonymousDirectories(IAnonymousFtpUser ftpUser)
+        {
+            var rootPath = _anonymousRoot;
+            if (_anonymousRootPerEmail)
+            {
+                if (string.IsNullOrEmpty(ftpUser.Email))
+                {
+                    _logger?.LogWarning("Anonymous root per email is configured, but got anonymous user without email. This anonymous user will see the files of all other anonymous users!");
+                }
+                else
+                {
+                    rootPath = Path.Combine(rootPath, ftpUser.Email);
+                }
+            }
+
+            return new GenericAccountDirectories(rootPath);
+        }
+    }
+}

src/FubarDev.FtpServer.Abstractions/AccountManagement/Directories/RootPerUser/RootPerUserAccountDirectoryQueryOptions.cs

@@ -0,0 +1,42 @@
+// <copyright file="RootPerUserAccountDirectoryQueryOptions.cs" company="Fubar Development Junker">
+// Copyright (c) Fubar Development Junker. All rights reserved.
+// </copyright>
+
+using System.ComponentModel;
+
+using JetBrains.Annotations;
+
+namespace FubarDev.FtpServer.AccountManagement.Directories.RootPerUser
+{
+    /// <summary>
+    /// Options for the <see cref="RootPerUserAccountDirectoryQuery"/>.
+    /// </summary>
+    public class RootPerUserAccountDirectoryQueryOptions
+    {
+        /// <summary>
+        /// Gets or sets the normal authenticated users root directory.
+        /// </summary>
+        /// <remarks>
+        /// This path is relative to the file systems root path.
+        /// </remarks>
+        [CanBeNull]
+        public string UserRootDirectory { get; set; }
+
+        /// <summary>
+        /// Gets or sets the anonymous root directory.
+        /// </summary>
+        /// <remarks>
+        /// Anonymous users will have the root <c>anonymous</c> if this
+        /// property isn't set.
+        /// This path is relative to the file systems root path.
+        /// </remarks>
+        [CanBeNull]
+        [DefaultValue("anonymous")]
+        public string AnonymousRootDirectory { get; set; }
+
+        /// <summary>
+        /// Gets or sets a value indicating whether anonymous users should have their own (per-email) root directory.
+        /// </summary>
+        public bool AnonymousRootPerEmail { get; set; }
+    }
+}

src/FubarDev.FtpServer.Abstractions/AccountManagement/Directories/SingleRootWithoutHome/SingleRootWithoutHomeAccountDirectoryQuery.cs

@@ -0,0 +1,38 @@
+// <copyright file="SingleRootWithoutHomeAccountDirectoryQuery.cs" company="Fubar Development Junker">
+// Copyright (c) Fubar Development Junker. All rights reserved.
+// </copyright>
+
+using FubarDev.FtpServer.FileSystem;
+
+using JetBrains.Annotations;
+
+using Microsoft.Extensions.Options;
+
+namespace FubarDev.FtpServer.AccountManagement.Directories.SingleRootWithoutHome
+{
+    /// <summary>
+    /// All users share the same root and none has a home directory.
+    /// </summary>
+    public class SingleRootWithoutHomeAccountDirectoryQuery : IAccountDirectoryQuery
+    {
+        [NotNull]
+        private readonly GenericAccountDirectories _accountDirectories;
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="SingleRootWithoutHomeAccountDirectoryQuery"/> class.
+        /// </summary>
+        /// <param name="options">The options.</param>
+        public SingleRootWithoutHomeAccountDirectoryQuery(
+            IOptions<SingleRootWithoutHomeAccountDirectoryQueryOptions> options)
+        {
+            var opts = options.Value;
+            _accountDirectories = new GenericAccountDirectories(opts.RootPath);
+        }
+
+        /// <inheritdoc />
+        public IAccountDirectories GetDirectories(IAccountInformation accountInformation)
+        {
+            return _accountDirectories;
+        }
+    }
+}

src/FubarDev.FtpServer.Abstractions/AccountManagement/Directories/SingleRootWithoutHome/SingleRootWithoutHomeAccountDirectoryQueryOptions.cs

@@ -0,0 +1,20 @@
+// <copyright file="SingleRootWithoutHomeAccountDirectoryQueryOptions.cs" company="Fubar Development Junker">
+// Copyright (c) Fubar Development Junker. All rights reserved.
+// </copyright>
+
+using JetBrains.Annotations;
+
+namespace FubarDev.FtpServer.AccountManagement.Directories.SingleRootWithoutHome
+{
+    /// <summary>
+    /// Options for the <see cref="SingleRootWithoutHomeAccountDirectoryQuery"/>.
+    /// </summary>
+    public class SingleRootWithoutHomeAccountDirectoryQueryOptions
+    {
+        /// <summary>
+        /// Gets or sets the root path.
+        /// </summary>
+        [CanBeNull]
+        public string RootPath { get; set; }
+    }
+}