Update CHANGELOG.md

CHANGELOG.md

@@ -1,5 +1,10 @@
 # Changelog
 
+## v1.4.7
+### Fixed
+* SFTP access is now properly denied if a server is suspended.
+* Correctly uses `start_on_completion` and `crash_detection_enabled` for servers.
+
 ## v1.4.6
 ### Fixed
 * Environment variable starting with the same prefix no longer get merged into a single environment variable value (skipping all but the first).

server/update.go

@@ -86,6 +86,24 @@ func (s *Server) UpdateDataStructure(data []byte) error {
 		c.SkipEggScripts = v
 	}
 
+	if v, err := jsonparser.GetBoolean(data, "start_on_completion"); err != nil {
+		if err != jsonparser.KeyPathNotFoundError {
+			return errors.WithStack(err)
+		}
+	} else {
+		c.StartOnCompletion = v
+	}
+
+	if v, err := jsonparser.GetBoolean(data, "crash_detection_enabled"); err != nil {
+		if err != jsonparser.KeyPathNotFoundError {
+			return errors.WithStack(err)
+		}
+		// Enable crash detection by default.
+		c.CrashDetectionEnabled = true
+	} else {
+		c.CrashDetectionEnabled = v
+	}
+
 	// Environment and Mappings should be treated as a full update at all times, never a
 	// true patch, otherwise we can't know what we're passing along.
 	if src.EnvVars != nil && len(src.EnvVars) > 0 {

sftp/handler.go

@@ -14,6 +14,7 @@ import (
 	"golang.org/x/crypto/ssh"
 
 	"github.com/pterodactyl/wings/config"
+	"github.com/pterodactyl/wings/server"
 	"github.com/pterodactyl/wings/server/filesystem"
 )
 
@@ -26,8 +27,10 @@ const (
 )
 
 type Handler struct {
+	mu sync.Mutex
+
 	permissions []string
-	mu          sync.Mutex
+	server      *server.Server
 	fs          *filesystem.Filesystem
 	logger      *log.Entry
 	ro          bool
@@ -35,11 +38,12 @@ type Handler struct {
 
 // Returns a new connection handler for the SFTP server. This allows a given user
 // to access the underlying filesystem.
-func NewHandler(sc *ssh.ServerConn, fs *filesystem.Filesystem) *Handler {
+func NewHandler(sc *ssh.ServerConn, srv *server.Server) *Handler {
 	return &Handler{
-		fs:          fs,
-		ro:          config.Get().System.Sftp.ReadOnly,
 		permissions: strings.Split(sc.Permissions.Extensions["permissions"], ","),
+		server:      srv,
+		fs:          srv.Filesystem(),
+		ro:          config.Get().System.Sftp.ReadOnly,
 		logger: log.WithFields(log.Fields{
 			"subsystem": "sftp",
 			"username":  sc.User(),
@@ -278,6 +282,10 @@ func (h *Handler) Filelist(request *sftp.Request) (sftp.ListerAt, error) {
 // Determines if a user has permission to perform a specific action on the SFTP server. These
 // permissions are defined and returned by the Panel API.
 func (h *Handler) can(permission string) bool {
+	if h.server.IsSuspended() {
+		return false
+	}
+
 	// SFTPServer owners and super admins have their permissions returned as '[*]' via the Panel
 	// API, so for the sake of speed do an initial check for that before iterating over the
 	// entire array of permissions.

sftp/server.go

@@ -141,7 +141,7 @@ func (c *SFTPServer) AcceptInbound(conn net.Conn, config *ssh.ServerConfig) {
 
 		// Spin up a SFTP server instance for the authenticated user's server allowing
 		// them access to the underlying filesystem.
-		handler := sftp.NewRequestServer(channel, NewHandler(sconn, srv.Filesystem()).Handlers())
+		handler := sftp.NewRequestServer(channel, NewHandler(sconn, srv).Handlers())
 		if err := handler.Serve(); err == io.EOF {
 			handler.Close()
 		}