Merge branch 'master' into alpine

Dockerfile

@@ -1,6 +1,7 @@
 FROM alpine:3.6
 MAINTAINER Adrian Dvergsdal [atmoz.net]
 
+# Steps done in one RUN layer:
 # - Install packages
 # - Fix default group (1000 does not exist)
 # - OpenSSH needs /var/run/sshd to run
@@ -13,7 +14,6 @@ RUN echo "@community http://dl-cdn.alpinelinux.org/alpine/edge/community" >> /et
 
 COPY sshd_config /etc/ssh/sshd_config
 COPY entrypoint /
-COPY README.md /
 
 EXPOSE 22
 

README.md

@@ -18,7 +18,7 @@ This is an automated build linked with the [debian](https://hub.docker.com/_/deb
 
 # Usage
 
-- Required: define users as command arguments, STDIN or mounted in `/etc/sftp/users.conf`
+- Required: define users in command arguments or in file mounted as `/etc/sftp/users.conf`
   (syntax: `user:pass[:e][:uid[:gid[:dir1[,dir2]...]]]...`).
   - Set UID/GID manually for your users if you want them to make changes to
     your mounted volumes with permissions matching your host filesystem.

entrypoint

@@ -1,45 +1,58 @@
 #!/bin/bash
 set -e
-export DEBIAN_FRONTEND=noninteractive
 
+# Paths
 userConfPath="/etc/sftp/users.conf"
 userConfPathLegacy="/etc/sftp-users.conf"
 userConfFinalPath="/var/run/sftp/users.conf"
 
-function printHelp() {
+# Extended regular expression (ERE) for arguments
-    echo "Add users as command arguments, STDIN or mounted in $userConfPath"
+reUser='[a-z_][a-z0-9._-]{0,31}'
-    echo "Syntax: user:pass[:e][:uid[:gid[:dir1[,dir2]...]]] ..."
+rePass='[^:]{0,255}'
-    echo "Use --readme for more information and examples."
+reUid='[[:digit:]]*'
+reGid='[[:digit:]]*'
+reDir='[^:]*'
+reArgs="^($reUser)(:$rePass)(:e)?(:$reUid)?(:$reGid)?(:$reDir)?$"
+reArgsMaybe="^[^:[:space:]]+:.*$" # Smallest indication of attempt to use argument
+reArgSkip='^([[:blank:]]*#.*|[[:blank:]]*)$' # comment or empty line
+
+function log() {
+    echo "[entrypoint] $@"
 }
 
-function printReadme() {
+function validateArg() {
-    cat /README.md
+    name="$1"
-    echo "TIP: Read this in HTML format here: https://github.com/atmoz/sftp"
+    val="$2"
+    re="$3"
+
+    if [[ "$val" =~ ^$re$ ]]; then
+        return 0
+    else
+        log "ERROR: Invalid $name \"$val\", do not match required regex pattern: $re"
+        return 1
+    fi
 }
 
 function createUser() {
-    IFS=':' read -a param <<< $@
+    log "Parsing user data: \"$@\""
-    user="${param[0]}"
-    pass="${param[1]}"
 
-    if [ "${param[2]}" == "e" ]; then
+    IFS=':' read -a args <<< $@
+    index=0
+
+    user="${args[0]}"; validateArg "username" "$user" "$reUser" || return 1
+    pass="${args[1]}"; validateArg "password" "$pass" "$rePass" || return 1
+
+    if [ "${args[2]}" == "e" ]; then
         chpasswdOptions="-e"
-        uid="${param[3]}"
+        index=1
-        gid="${param[4]}"
-        dir="${param[5]}"
-    else
-        uid="${param[2]}"
-        gid="${param[3]}"
-        dir="${param[4]}"
     fi
 
-    if [ -z "$user" ]; then
+    uid="${args[$[$index+2]]}"; validateArg "UID" "$uid" "$reUid" || return 1
-        echo "FATAL: You must at least provide a username."
+    gid="${args[$[$index+3]]}"; validateArg "GID" "$gid" "$reGid" || return 1
-        exit 1
+    dir="${args[$[$index+4]]}"; validateArg "dirs" "$dir" "$reDir" || return 1
-    fi
 
     if $(cat /etc/passwd | cut -d: -f1 | grep -q "^$user:"); then
-        echo "WARNING: User \"$user\" already exists. Skipping."
+        log "WARNING: User \"$user\" already exists. Skipping."
         return 0
     fi
 
@@ -79,26 +92,27 @@ function createUser() {
         chmod 600 /home/$user/.ssh/authorized_keys
     fi
 
-    # Make sure dirs exists and has correct permissions
+    # Make sure dirs exists
     if [ -n "$dir" ]; then
-        IFS=',' read -a dirParam <<< $dir
+        IFS=',' read -a dirArgs <<< $dir
-        for dirPath in ${dirParam[@]}; do
+        for dirPath in ${dirArgs[@]}; do
-            dirPath=/home/$user/$dirPath
+            dirPath="/home/$user/$dirPath"
-            echo "Creating and/or setting permissions on $dirPath"
+            if [ ! -d "$dirPath" ]; then
-            mkdir -p $dirPath
+                log "Creating directory: $dirPath"
-            chown -R $uid:users $dirPath
+                mkdir -p $dirPath
+                chown -R $uid:users $dirPath
+            else
+                log "Directory already exists: $dirPath"
+            fi
         done
     fi
 }
 
-if [[ $1 =~ ^--help$|^-h$ ]]; then
+# Allow running other programs, e.g. bash
-    printHelp
+if [[ -z "$1" || "$1" =~ $reArgsMaybe ]]; then
-    exit 0
+    startSshd=true
-fi
+else
-
+    startSshd=false
-if [ "$1" == "--readme" ]; then
-    printReadme
-    exit 0
 fi
 
 # Backward compatibility with legacy config path
@@ -113,32 +127,35 @@ if [ ! -f "$userConfFinalPath" ]; then
 
     # Append mounted config to final config
     if [ -f "$userConfPath" ]; then
-        cat "$userConfPath" | grep -v -e '^$' > "$userConfFinalPath"
+        cat "$userConfPath" | grep -v -E "$reArgSkip" > "$userConfFinalPath"
     fi
 
-    # Append users from arguments to final config
-    for user in "$@"; do
-        echo "$user" >> "$userConfFinalPath"
-    done
-
     # Append users from STDIN to final config
+    # DEPRECATED on 2017-10-08, DO NOT USE
+    # TODO: Remove code after 6-12 months
     if [ ! -t 0 ]; then
         while IFS= read -r user || [[ -n "$user" ]]; do
             echo "$user" >> "$userConfFinalPath"
         done
     fi
 
-    # Check that we have users in config
+    if $startSshd; then
-    if [ "$(cat "$userConfFinalPath" | wc -l)" == 0 ]; then
+        # Append users from arguments to final config
-        echo "FATAL: No users provided!"
+        for user in "$@"; do
-        printHelp
+            echo "$user" >> "$userConfFinalPath"
-        exit 3
+        done
     fi
 
-    # Import users from final conf file
+    # Check that we have users in config
-    while IFS= read -r user || [[ -n "$user" ]]; do
+    if [[ -f "$userConfFinalPath" && "$(cat "$userConfFinalPath" | wc -l)" > 0 ]]; then
-        createUser "$user"
+        # Import users from final conf file
-    done < "$userConfFinalPath"
+        while IFS= read -r user || [[ -n "$user" ]]; do
+            createUser "$user"
+        done < "$userConfFinalPath"
+    elif $startSshd; then
+        log "FATAL: No users provided!"
+        exit 3
+    fi
 
     # Generate unique ssh keys for this container, if needed
     if [ ! -f /etc/ssh/ssh_host_ed25519_key ]; then
@@ -153,11 +170,17 @@ fi
 if [ -d /etc/sftp.d ]; then
     for f in /etc/sftp.d/*; do
         if [ -x "$f" ]; then
-            echo "Running $f ..."
+            log "Running $f ..."
             $f
         fi
     done
     unset f
 fi
 
-exec /usr/sbin/sshd -D -e
+if $startSshd; then
+    log "Executing sshd"
+    exec /usr/sbin/sshd -D -e
+else
+    log "Executing $@"
+    exec "$@"
+fi

tests/run

@@ -44,6 +44,10 @@ function beforeTest() {
     mkdir "$tmpDir"
 
     echo "test::$(id -u):$(id -g):dir1,dir2" >> "$tmpDir/users"
+    echo "" >> "$tmpDir/users" # empty line
+    echo "# comments are allowed" >> "$tmpDir/users"
+    echo "  " >> "$tmpDir/users" # only whitespace
+    echo "  # with whitespace in front" >> "$tmpDir/users"
     echo "user.with.dot::$(id -u):$(id -g)" >> "$tmpDir/users"
     $sudo docker run \
         -v "$tmpDir/users:/etc/sftp/users.conf:ro" \
@@ -169,6 +173,7 @@ function testDir() {
     assertReturn $? 0
 }
 
+# Smallest user config possible
 function testMinimalContainerStart() {
     $skipAllTests && skip && return 0
 
@@ -177,7 +182,7 @@ function testMinimalContainerStart() {
     $sudo docker run \
         --name "$tmpContainerName" \
         -d "$sftpImageName" \
-        minimal \
+        m: \
         > "$redirect"
 
     waitForServer $tmpContainerName