Add Users[].AllowedHosts to allow specific sources for users (#24)

Author: antoinedeschenes

README.md

@@ -138,6 +138,7 @@ You can customize the values of the helm deployment by using the following Value
 | `configuration.Users[].Username`                            | Set the user's username                                                          | N/A                                                     |
 | `configuration.Users[].Password`                            | Set the user's password. If empty or `null`, password authentication is disabled | N/A                                                     |
 | `configuration.Users[].PasswordIsEncrypted`                 | `true` or `false`. Indicates if the password value is already encrypted          | `false`                                                 |
+| `configuration.Users[].AllowedHosts`                        | Set the user's allowed hosts. If empty, any host is allowed                      | `[]`                                                    |
 | `configuration.Users[].PublicKeys`                          | Set the user's public keys                                                       | `[]`                                                    |
 | `configuration.Users[].UID`                                 | Sets the user's UID.                                                             | `null`                                                  |
 | `configuration.Users[].GID`                                 | Sets the user's GID. A group is created for this value and the user is included  | `null`                                                  |

src/ES.SFTP.Host/Configuration/Elements/UserDefinition.cs

@@ -7,6 +7,7 @@ public class UserDefinition
         public string Username { get; set; }
         public string Password { get; set; }
         public bool PasswordIsEncrypted { get; set; }
+        public List<string> AllowedHosts { get; set; } = new List<string>();
 
         // ReSharper disable once InconsistentNaming
         public int? UID { get; set; }

src/ES.SFTP.Host/SSH/Configuration/SSHConfiguration.cs

@@ -7,6 +7,8 @@ public class SSHConfiguration
     {
         public List<MatchBlock> MatchBlocks { get; } = new List<MatchBlock>();
 
+        public List<string> AllowUsers { get; } = new List<string>();
+
         public override string ToString()
         {
             var builder = new StringBuilder();
@@ -29,6 +31,8 @@ public override string ToString()
             builder.AppendLine("# Subsystem");
             builder.AppendLine("Subsystem sftp internal-sftp");
             builder.AppendLine();
+            builder.AppendLine("# Allowed users");
+            builder.AppendLine($"AllowUsers {System.String.Join(" ", AllowUsers)}");
             builder.AppendLine();
             builder.AppendLine("# Match blocks");
             foreach (var matchBlock in MatchBlocks)

src/ES.SFTP.Host/SSH/SSHService.cs

@@ -70,6 +70,12 @@ private async Task UpdateConfiguration()
                 "AllowTcpForwarding no"
             };
 
+            sshdConfig.AllowUsers.AddRange(sftpConfig.Users.Select(s =>
+                s.AllowedHosts.Any()
+                ? $"{s.Username}@{String.Join(",", s.AllowedHosts)}"
+                : s.Username)
+            );
+
             sshdConfig.MatchBlocks.AddRange(exceptionalUsers.Select(s => new MatchBlock
             {
                 Criteria = MatchBlock.MatchCriteria.User,