mirror of
https://github.com/drakkan/sftpgo.git
synced 2024-11-25 00:50:31 +00:00
move plugin handling outside the sdk package
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
This commit is contained in:
parent
6a20e7411b
commit
3603493146
37 changed files with 772 additions and 800 deletions
|
@ -15,7 +15,7 @@ import (
|
||||||
"github.com/drakkan/sftpgo/v2/config"
|
"github.com/drakkan/sftpgo/v2/config"
|
||||||
"github.com/drakkan/sftpgo/v2/dataprovider"
|
"github.com/drakkan/sftpgo/v2/dataprovider"
|
||||||
"github.com/drakkan/sftpgo/v2/logger"
|
"github.com/drakkan/sftpgo/v2/logger"
|
||||||
"github.com/drakkan/sftpgo/v2/sdk/plugin"
|
"github.com/drakkan/sftpgo/v2/plugin"
|
||||||
"github.com/drakkan/sftpgo/v2/sftpd"
|
"github.com/drakkan/sftpgo/v2/sftpd"
|
||||||
"github.com/drakkan/sftpgo/v2/version"
|
"github.com/drakkan/sftpgo/v2/version"
|
||||||
)
|
)
|
||||||
|
|
|
@ -17,8 +17,8 @@ import (
|
||||||
"github.com/drakkan/sftpgo/v2/dataprovider"
|
"github.com/drakkan/sftpgo/v2/dataprovider"
|
||||||
"github.com/drakkan/sftpgo/v2/httpclient"
|
"github.com/drakkan/sftpgo/v2/httpclient"
|
||||||
"github.com/drakkan/sftpgo/v2/logger"
|
"github.com/drakkan/sftpgo/v2/logger"
|
||||||
|
"github.com/drakkan/sftpgo/v2/plugin"
|
||||||
"github.com/drakkan/sftpgo/v2/sdk"
|
"github.com/drakkan/sftpgo/v2/sdk"
|
||||||
"github.com/drakkan/sftpgo/v2/sdk/plugin"
|
|
||||||
"github.com/drakkan/sftpgo/v2/sdk/plugin/notifier"
|
"github.com/drakkan/sftpgo/v2/sdk/plugin/notifier"
|
||||||
"github.com/drakkan/sftpgo/v2/util"
|
"github.com/drakkan/sftpgo/v2/util"
|
||||||
)
|
)
|
||||||
|
|
|
@ -14,8 +14,8 @@ import (
|
||||||
"github.com/stretchr/testify/assert"
|
"github.com/stretchr/testify/assert"
|
||||||
|
|
||||||
"github.com/drakkan/sftpgo/v2/dataprovider"
|
"github.com/drakkan/sftpgo/v2/dataprovider"
|
||||||
|
"github.com/drakkan/sftpgo/v2/plugin"
|
||||||
"github.com/drakkan/sftpgo/v2/sdk"
|
"github.com/drakkan/sftpgo/v2/sdk"
|
||||||
"github.com/drakkan/sftpgo/v2/sdk/plugin"
|
|
||||||
"github.com/drakkan/sftpgo/v2/sdk/plugin/notifier"
|
"github.com/drakkan/sftpgo/v2/sdk/plugin/notifier"
|
||||||
"github.com/drakkan/sftpgo/v2/vfs"
|
"github.com/drakkan/sftpgo/v2/vfs"
|
||||||
)
|
)
|
||||||
|
|
|
@ -18,8 +18,8 @@ import (
|
||||||
"github.com/drakkan/sftpgo/v2/httpd"
|
"github.com/drakkan/sftpgo/v2/httpd"
|
||||||
"github.com/drakkan/sftpgo/v2/logger"
|
"github.com/drakkan/sftpgo/v2/logger"
|
||||||
"github.com/drakkan/sftpgo/v2/mfa"
|
"github.com/drakkan/sftpgo/v2/mfa"
|
||||||
|
"github.com/drakkan/sftpgo/v2/plugin"
|
||||||
"github.com/drakkan/sftpgo/v2/sdk/kms"
|
"github.com/drakkan/sftpgo/v2/sdk/kms"
|
||||||
"github.com/drakkan/sftpgo/v2/sdk/plugin"
|
|
||||||
"github.com/drakkan/sftpgo/v2/sftpd"
|
"github.com/drakkan/sftpgo/v2/sftpd"
|
||||||
"github.com/drakkan/sftpgo/v2/smtp"
|
"github.com/drakkan/sftpgo/v2/smtp"
|
||||||
"github.com/drakkan/sftpgo/v2/telemetry"
|
"github.com/drakkan/sftpgo/v2/telemetry"
|
||||||
|
|
|
@ -18,8 +18,8 @@ import (
|
||||||
"github.com/drakkan/sftpgo/v2/httpclient"
|
"github.com/drakkan/sftpgo/v2/httpclient"
|
||||||
"github.com/drakkan/sftpgo/v2/httpd"
|
"github.com/drakkan/sftpgo/v2/httpd"
|
||||||
"github.com/drakkan/sftpgo/v2/mfa"
|
"github.com/drakkan/sftpgo/v2/mfa"
|
||||||
|
"github.com/drakkan/sftpgo/v2/plugin"
|
||||||
"github.com/drakkan/sftpgo/v2/sdk/kms"
|
"github.com/drakkan/sftpgo/v2/sdk/kms"
|
||||||
"github.com/drakkan/sftpgo/v2/sdk/plugin"
|
|
||||||
"github.com/drakkan/sftpgo/v2/sftpd"
|
"github.com/drakkan/sftpgo/v2/sftpd"
|
||||||
"github.com/drakkan/sftpgo/v2/smtp"
|
"github.com/drakkan/sftpgo/v2/smtp"
|
||||||
"github.com/drakkan/sftpgo/v2/util"
|
"github.com/drakkan/sftpgo/v2/util"
|
||||||
|
|
|
@ -13,7 +13,7 @@ import (
|
||||||
|
|
||||||
"github.com/drakkan/sftpgo/v2/httpclient"
|
"github.com/drakkan/sftpgo/v2/httpclient"
|
||||||
"github.com/drakkan/sftpgo/v2/logger"
|
"github.com/drakkan/sftpgo/v2/logger"
|
||||||
"github.com/drakkan/sftpgo/v2/sdk/plugin"
|
"github.com/drakkan/sftpgo/v2/plugin"
|
||||||
"github.com/drakkan/sftpgo/v2/sdk/plugin/notifier"
|
"github.com/drakkan/sftpgo/v2/sdk/plugin/notifier"
|
||||||
"github.com/drakkan/sftpgo/v2/util"
|
"github.com/drakkan/sftpgo/v2/util"
|
||||||
)
|
)
|
||||||
|
|
|
@ -49,10 +49,9 @@ import (
|
||||||
"github.com/drakkan/sftpgo/v2/logger"
|
"github.com/drakkan/sftpgo/v2/logger"
|
||||||
"github.com/drakkan/sftpgo/v2/metric"
|
"github.com/drakkan/sftpgo/v2/metric"
|
||||||
"github.com/drakkan/sftpgo/v2/mfa"
|
"github.com/drakkan/sftpgo/v2/mfa"
|
||||||
|
"github.com/drakkan/sftpgo/v2/plugin"
|
||||||
"github.com/drakkan/sftpgo/v2/sdk"
|
"github.com/drakkan/sftpgo/v2/sdk"
|
||||||
"github.com/drakkan/sftpgo/v2/sdk/kms"
|
"github.com/drakkan/sftpgo/v2/sdk/kms"
|
||||||
"github.com/drakkan/sftpgo/v2/sdk/plugin"
|
|
||||||
sdkutil "github.com/drakkan/sftpgo/v2/sdk/util"
|
|
||||||
"github.com/drakkan/sftpgo/v2/util"
|
"github.com/drakkan/sftpgo/v2/util"
|
||||||
"github.com/drakkan/sftpgo/v2/vfs"
|
"github.com/drakkan/sftpgo/v2/vfs"
|
||||||
)
|
)
|
||||||
|
@ -2890,7 +2889,7 @@ func getExternalAuthResponse(username, password, pkey, keyboardInteractive, ip,
|
||||||
var tlsCert string
|
var tlsCert string
|
||||||
if cert != nil {
|
if cert != nil {
|
||||||
var err error
|
var err error
|
||||||
tlsCert, err = sdkutil.EncodeTLSCertToPem(cert)
|
tlsCert, err = util.EncodeTLSCertToPem(cert)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
|
@ -6,7 +6,7 @@ import (
|
||||||
"strconv"
|
"strconv"
|
||||||
|
|
||||||
"github.com/drakkan/sftpgo/v2/dataprovider"
|
"github.com/drakkan/sftpgo/v2/dataprovider"
|
||||||
"github.com/drakkan/sftpgo/v2/sdk/plugin"
|
"github.com/drakkan/sftpgo/v2/plugin"
|
||||||
"github.com/drakkan/sftpgo/v2/sdk/plugin/eventsearcher"
|
"github.com/drakkan/sftpgo/v2/sdk/plugin/eventsearcher"
|
||||||
"github.com/drakkan/sftpgo/v2/util"
|
"github.com/drakkan/sftpgo/v2/util"
|
||||||
)
|
)
|
||||||
|
|
|
@ -24,7 +24,7 @@ import (
|
||||||
"github.com/drakkan/sftpgo/v2/dataprovider"
|
"github.com/drakkan/sftpgo/v2/dataprovider"
|
||||||
"github.com/drakkan/sftpgo/v2/logger"
|
"github.com/drakkan/sftpgo/v2/logger"
|
||||||
"github.com/drakkan/sftpgo/v2/metric"
|
"github.com/drakkan/sftpgo/v2/metric"
|
||||||
"github.com/drakkan/sftpgo/v2/sdk/plugin"
|
"github.com/drakkan/sftpgo/v2/plugin"
|
||||||
"github.com/drakkan/sftpgo/v2/smtp"
|
"github.com/drakkan/sftpgo/v2/smtp"
|
||||||
"github.com/drakkan/sftpgo/v2/util"
|
"github.com/drakkan/sftpgo/v2/util"
|
||||||
)
|
)
|
||||||
|
|
|
@ -47,9 +47,9 @@ import (
|
||||||
"github.com/drakkan/sftpgo/v2/httpdtest"
|
"github.com/drakkan/sftpgo/v2/httpdtest"
|
||||||
"github.com/drakkan/sftpgo/v2/logger"
|
"github.com/drakkan/sftpgo/v2/logger"
|
||||||
"github.com/drakkan/sftpgo/v2/mfa"
|
"github.com/drakkan/sftpgo/v2/mfa"
|
||||||
|
"github.com/drakkan/sftpgo/v2/plugin"
|
||||||
"github.com/drakkan/sftpgo/v2/sdk"
|
"github.com/drakkan/sftpgo/v2/sdk"
|
||||||
"github.com/drakkan/sftpgo/v2/sdk/kms"
|
"github.com/drakkan/sftpgo/v2/sdk/kms"
|
||||||
"github.com/drakkan/sftpgo/v2/sdk/plugin"
|
|
||||||
"github.com/drakkan/sftpgo/v2/sftpd"
|
"github.com/drakkan/sftpgo/v2/sftpd"
|
||||||
"github.com/drakkan/sftpgo/v2/smtp"
|
"github.com/drakkan/sftpgo/v2/smtp"
|
||||||
"github.com/drakkan/sftpgo/v2/util"
|
"github.com/drakkan/sftpgo/v2/util"
|
||||||
|
|
|
@ -33,9 +33,9 @@ import (
|
||||||
|
|
||||||
"github.com/drakkan/sftpgo/v2/common"
|
"github.com/drakkan/sftpgo/v2/common"
|
||||||
"github.com/drakkan/sftpgo/v2/dataprovider"
|
"github.com/drakkan/sftpgo/v2/dataprovider"
|
||||||
|
"github.com/drakkan/sftpgo/v2/plugin"
|
||||||
"github.com/drakkan/sftpgo/v2/sdk"
|
"github.com/drakkan/sftpgo/v2/sdk"
|
||||||
"github.com/drakkan/sftpgo/v2/sdk/kms"
|
"github.com/drakkan/sftpgo/v2/sdk/kms"
|
||||||
"github.com/drakkan/sftpgo/v2/sdk/plugin"
|
|
||||||
"github.com/drakkan/sftpgo/v2/util"
|
"github.com/drakkan/sftpgo/v2/util"
|
||||||
"github.com/drakkan/sftpgo/v2/vfs"
|
"github.com/drakkan/sftpgo/v2/vfs"
|
||||||
)
|
)
|
||||||
|
|
|
@ -25,7 +25,6 @@ import (
|
||||||
"github.com/drakkan/sftpgo/v2/logger"
|
"github.com/drakkan/sftpgo/v2/logger"
|
||||||
"github.com/drakkan/sftpgo/v2/mfa"
|
"github.com/drakkan/sftpgo/v2/mfa"
|
||||||
"github.com/drakkan/sftpgo/v2/sdk"
|
"github.com/drakkan/sftpgo/v2/sdk"
|
||||||
sdklogger "github.com/drakkan/sftpgo/v2/sdk/logger"
|
|
||||||
"github.com/drakkan/sftpgo/v2/smtp"
|
"github.com/drakkan/sftpgo/v2/smtp"
|
||||||
"github.com/drakkan/sftpgo/v2/util"
|
"github.com/drakkan/sftpgo/v2/util"
|
||||||
"github.com/drakkan/sftpgo/v2/version"
|
"github.com/drakkan/sftpgo/v2/version"
|
||||||
|
@ -76,7 +75,7 @@ func (s *httpdServer) listenAndServe() error {
|
||||||
WriteTimeout: 60 * time.Second,
|
WriteTimeout: 60 * time.Second,
|
||||||
IdleTimeout: 60 * time.Second,
|
IdleTimeout: 60 * time.Second,
|
||||||
MaxHeaderBytes: 1 << 16, // 64KB
|
MaxHeaderBytes: 1 << 16, // 64KB
|
||||||
ErrorLog: log.New(&sdklogger.StdLoggerWrapper{Sender: logSender}, "", 0),
|
ErrorLog: log.New(&logger.StdLoggerWrapper{Sender: logSender}, "", 0),
|
||||||
}
|
}
|
||||||
if certMgr != nil && s.binding.EnableHTTPS {
|
if certMgr != nil && s.binding.EnableHTTPS {
|
||||||
config := &tls.Config{
|
config := &tls.Config{
|
||||||
|
|
|
@ -5,6 +5,7 @@ import (
|
||||||
"log"
|
"log"
|
||||||
|
|
||||||
"github.com/hashicorp/go-hclog"
|
"github.com/hashicorp/go-hclog"
|
||||||
|
"github.com/rs/zerolog"
|
||||||
)
|
)
|
||||||
|
|
||||||
// HCLogAdapter is an adapter for hclog.Logger
|
// HCLogAdapter is an adapter for hclog.Logger
|
||||||
|
@ -14,7 +15,20 @@ type HCLogAdapter struct {
|
||||||
|
|
||||||
// Log emits a message and key/value pairs at a provided log level
|
// Log emits a message and key/value pairs at a provided log level
|
||||||
func (l *HCLogAdapter) Log(level hclog.Level, msg string, args ...interface{}) {
|
func (l *HCLogAdapter) Log(level hclog.Level, msg string, args ...interface{}) {
|
||||||
logger.LogWithKeyVals(level, l.Name(), msg, args...)
|
var ev *zerolog.Event
|
||||||
|
switch level {
|
||||||
|
case hclog.Info:
|
||||||
|
ev = logger.Info()
|
||||||
|
case hclog.Warn:
|
||||||
|
ev = logger.Warn()
|
||||||
|
case hclog.Error:
|
||||||
|
ev = logger.Error()
|
||||||
|
default:
|
||||||
|
ev = logger.Debug()
|
||||||
|
}
|
||||||
|
ev.Timestamp().Str("sender", l.Name())
|
||||||
|
addKeysAndValues(ev, args...)
|
||||||
|
ev.Msg(msg)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Trace emits a message and key/value pairs at the TRACE level
|
// Trace emits a message and key/value pairs at the TRACE level
|
||||||
|
@ -61,21 +75,3 @@ func (l *HCLogAdapter) StandardLogger(opts *hclog.StandardLoggerOptions) *log.Lo
|
||||||
func (l *HCLogAdapter) StandardWriter(opts *hclog.StandardLoggerOptions) io.Writer {
|
func (l *HCLogAdapter) StandardWriter(opts *hclog.StandardLoggerOptions) io.Writer {
|
||||||
return &StdLoggerWrapper{Sender: l.Name()}
|
return &StdLoggerWrapper{Sender: l.Name()}
|
||||||
}
|
}
|
||||||
|
|
||||||
// StdLoggerWrapper is a wrapper for standard logger compatibility
|
|
||||||
type StdLoggerWrapper struct {
|
|
||||||
Sender string
|
|
||||||
}
|
|
||||||
|
|
||||||
// Write implements the io.Writer interface. This is useful to set as a writer
|
|
||||||
// for the standard library log.
|
|
||||||
func (l *StdLoggerWrapper) Write(p []byte) (n int, err error) {
|
|
||||||
n = len(p)
|
|
||||||
if n > 0 && p[n-1] == '\n' {
|
|
||||||
// Trim CR added by stdlog.
|
|
||||||
p = p[0 : n-1]
|
|
||||||
}
|
|
||||||
|
|
||||||
logger.Log(hclog.Error, l.Sender, "", string(p))
|
|
||||||
return
|
|
||||||
}
|
|
|
@ -16,7 +16,6 @@ import (
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
ftpserverlog "github.com/fclairamb/go-log"
|
ftpserverlog "github.com/fclairamb/go-log"
|
||||||
"github.com/hashicorp/go-hclog"
|
|
||||||
"github.com/rs/zerolog"
|
"github.com/rs/zerolog"
|
||||||
lumberjack "gopkg.in/natefinch/lumberjack.v2"
|
lumberjack "gopkg.in/natefinch/lumberjack.v2"
|
||||||
|
|
||||||
|
@ -46,25 +45,38 @@ var (
|
||||||
|
|
||||||
type logWrapper struct{}
|
type logWrapper struct{}
|
||||||
|
|
||||||
// LogWithKeyVals logs at the specified level for the specified sender adding the specified key vals
|
|
||||||
func (l *logWrapper) LogWithKeyVals(level hclog.Level, sender, msg string, args ...interface{}) {
|
|
||||||
LogWithKeyVals(level, sender, msg, args...)
|
|
||||||
}
|
|
||||||
|
|
||||||
// Log logs at the specified level for the specified sender
|
// Log logs at the specified level for the specified sender
|
||||||
func (l *logWrapper) Log(level hclog.Level, sender, format string, v ...interface{}) {
|
func (l *logWrapper) Log(level int, sender, format string, v ...interface{}) {
|
||||||
switch level {
|
switch level {
|
||||||
case hclog.Info:
|
case 1:
|
||||||
Log(LevelInfo, sender, "", format, v...)
|
Log(LevelInfo, sender, "", format, v...)
|
||||||
case hclog.Warn:
|
case 2:
|
||||||
Log(LevelWarn, sender, "", format, v...)
|
Log(LevelWarn, sender, "", format, v...)
|
||||||
case hclog.Error:
|
case 3:
|
||||||
Log(LevelError, sender, "", format, v...)
|
Log(LevelError, sender, "", format, v...)
|
||||||
default:
|
default:
|
||||||
Log(LevelDebug, sender, "", format, v...)
|
Log(LevelDebug, sender, "", format, v...)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// StdLoggerWrapper is a wrapper for standard logger compatibility
|
||||||
|
type StdLoggerWrapper struct {
|
||||||
|
Sender string
|
||||||
|
}
|
||||||
|
|
||||||
|
// Write implements the io.Writer interface. This is useful to set as a writer
|
||||||
|
// for the standard library log.
|
||||||
|
func (l *StdLoggerWrapper) Write(p []byte) (n int, err error) {
|
||||||
|
n = len(p)
|
||||||
|
if n > 0 && p[n-1] == '\n' {
|
||||||
|
// Trim CR added by stdlog.
|
||||||
|
p = p[0 : n-1]
|
||||||
|
}
|
||||||
|
|
||||||
|
Log(LevelError, l.Sender, "", string(p))
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
// LeveledLogger is a logger that accepts a message string and a variadic number of key-value pairs
|
// LeveledLogger is a logger that accepts a message string and a variadic number of key-value pairs
|
||||||
type LeveledLogger struct {
|
type LeveledLogger struct {
|
||||||
Sender string
|
Sender string
|
||||||
|
@ -219,24 +231,6 @@ func RotateLogFile() error {
|
||||||
return errors.New("logging to file is disabled")
|
return errors.New("logging to file is disabled")
|
||||||
}
|
}
|
||||||
|
|
||||||
// LogWithKeyVals logs at the specified level for the specified sender adding the specified key vals
|
|
||||||
func LogWithKeyVals(level hclog.Level, sender, msg string, args ...interface{}) {
|
|
||||||
var ev *zerolog.Event
|
|
||||||
switch level {
|
|
||||||
case hclog.Info:
|
|
||||||
ev = logger.Info()
|
|
||||||
case hclog.Warn:
|
|
||||||
ev = logger.Warn()
|
|
||||||
case hclog.Error:
|
|
||||||
ev = logger.Error()
|
|
||||||
default:
|
|
||||||
ev = logger.Debug()
|
|
||||||
}
|
|
||||||
ev.Timestamp().Str("sender", sender)
|
|
||||||
addKeysAndValues(ev, args...)
|
|
||||||
ev.Msg(msg)
|
|
||||||
}
|
|
||||||
|
|
||||||
// Log logs at the specified level for the specified sender
|
// Log logs at the specified level for the specified sender
|
||||||
func Log(level LogLevel, sender string, connectionID string, format string, v ...interface{}) {
|
func Log(level LogLevel, sender string, connectionID string, format string, v ...interface{}) {
|
||||||
var ev *zerolog.Event
|
var ev *zerolog.Event
|
||||||
|
|
|
@ -9,7 +9,7 @@ import (
|
||||||
"github.com/hashicorp/go-hclog"
|
"github.com/hashicorp/go-hclog"
|
||||||
"github.com/hashicorp/go-plugin"
|
"github.com/hashicorp/go-plugin"
|
||||||
|
|
||||||
"github.com/drakkan/sftpgo/v2/sdk/logger"
|
"github.com/drakkan/sftpgo/v2/logger"
|
||||||
"github.com/drakkan/sftpgo/v2/sdk/plugin/auth"
|
"github.com/drakkan/sftpgo/v2/sdk/plugin/auth"
|
||||||
)
|
)
|
||||||
|
|
|
@ -9,10 +9,10 @@ import (
|
||||||
"github.com/hashicorp/go-hclog"
|
"github.com/hashicorp/go-hclog"
|
||||||
"github.com/hashicorp/go-plugin"
|
"github.com/hashicorp/go-plugin"
|
||||||
|
|
||||||
|
"github.com/drakkan/sftpgo/v2/logger"
|
||||||
"github.com/drakkan/sftpgo/v2/sdk/kms"
|
"github.com/drakkan/sftpgo/v2/sdk/kms"
|
||||||
"github.com/drakkan/sftpgo/v2/sdk/logger"
|
|
||||||
kmsplugin "github.com/drakkan/sftpgo/v2/sdk/plugin/kms"
|
kmsplugin "github.com/drakkan/sftpgo/v2/sdk/plugin/kms"
|
||||||
"github.com/drakkan/sftpgo/v2/sdk/util"
|
"github.com/drakkan/sftpgo/v2/util"
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
|
@ -8,7 +8,7 @@ import (
|
||||||
"github.com/hashicorp/go-hclog"
|
"github.com/hashicorp/go-hclog"
|
||||||
"github.com/hashicorp/go-plugin"
|
"github.com/hashicorp/go-plugin"
|
||||||
|
|
||||||
"github.com/drakkan/sftpgo/v2/sdk/logger"
|
"github.com/drakkan/sftpgo/v2/logger"
|
||||||
"github.com/drakkan/sftpgo/v2/sdk/plugin/metadata"
|
"github.com/drakkan/sftpgo/v2/sdk/plugin/metadata"
|
||||||
)
|
)
|
||||||
|
|
|
@ -10,9 +10,9 @@ import (
|
||||||
"github.com/hashicorp/go-hclog"
|
"github.com/hashicorp/go-hclog"
|
||||||
"github.com/hashicorp/go-plugin"
|
"github.com/hashicorp/go-plugin"
|
||||||
|
|
||||||
"github.com/drakkan/sftpgo/v2/sdk/logger"
|
"github.com/drakkan/sftpgo/v2/logger"
|
||||||
"github.com/drakkan/sftpgo/v2/sdk/plugin/notifier"
|
"github.com/drakkan/sftpgo/v2/sdk/plugin/notifier"
|
||||||
"github.com/drakkan/sftpgo/v2/sdk/util"
|
"github.com/drakkan/sftpgo/v2/util"
|
||||||
)
|
)
|
||||||
|
|
||||||
// NotifierConfig defines configuration parameters for notifiers plugins
|
// NotifierConfig defines configuration parameters for notifiers plugins
|
666
plugin/plugin.go
Normal file
666
plugin/plugin.go
Normal file
|
@ -0,0 +1,666 @@
|
||||||
|
// Package plugin provides support for the SFTPGo plugin system
|
||||||
|
package plugin
|
||||||
|
|
||||||
|
import (
|
||||||
|
"crypto/x509"
|
||||||
|
"errors"
|
||||||
|
"fmt"
|
||||||
|
"sync"
|
||||||
|
"sync/atomic"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"github.com/hashicorp/go-hclog"
|
||||||
|
|
||||||
|
"github.com/drakkan/sftpgo/v2/logger"
|
||||||
|
"github.com/drakkan/sftpgo/v2/sdk/kms"
|
||||||
|
"github.com/drakkan/sftpgo/v2/sdk/plugin/auth"
|
||||||
|
"github.com/drakkan/sftpgo/v2/sdk/plugin/eventsearcher"
|
||||||
|
kmsplugin "github.com/drakkan/sftpgo/v2/sdk/plugin/kms"
|
||||||
|
"github.com/drakkan/sftpgo/v2/sdk/plugin/metadata"
|
||||||
|
"github.com/drakkan/sftpgo/v2/sdk/plugin/notifier"
|
||||||
|
"github.com/drakkan/sftpgo/v2/util"
|
||||||
|
)
|
||||||
|
|
||||||
|
const (
|
||||||
|
logSender = "plugins"
|
||||||
|
)
|
||||||
|
|
||||||
|
var (
|
||||||
|
// Handler defines the plugins manager
|
||||||
|
Handler Manager
|
||||||
|
pluginsLogLevel = hclog.Debug
|
||||||
|
// ErrNoSearcher defines the error to return for events searches if no plugin is configured
|
||||||
|
ErrNoSearcher = errors.New("no events searcher plugin defined")
|
||||||
|
// ErrNoMetadater returns the error to return for metadata methods if no plugin is configured
|
||||||
|
ErrNoMetadater = errors.New("no metadata plugin defined")
|
||||||
|
)
|
||||||
|
|
||||||
|
// Renderer defines the interface for generic objects rendering
|
||||||
|
type Renderer interface {
|
||||||
|
RenderAsJSON(reload bool) ([]byte, error)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Config defines a plugin configuration
|
||||||
|
type Config struct {
|
||||||
|
// Plugin type
|
||||||
|
Type string `json:"type" mapstructure:"type"`
|
||||||
|
// NotifierOptions defines options for notifiers plugins
|
||||||
|
NotifierOptions NotifierConfig `json:"notifier_options" mapstructure:"notifier_options"`
|
||||||
|
// KMSOptions defines options for a KMS plugin
|
||||||
|
KMSOptions KMSConfig `json:"kms_options" mapstructure:"kms_options"`
|
||||||
|
// AuthOptions defines options for authentication plugins
|
||||||
|
AuthOptions AuthConfig `json:"auth_options" mapstructure:"auth_options"`
|
||||||
|
// Path to the plugin executable
|
||||||
|
Cmd string `json:"cmd" mapstructure:"cmd"`
|
||||||
|
// Args to pass to the plugin executable
|
||||||
|
Args []string `json:"args" mapstructure:"args"`
|
||||||
|
// SHA256 checksum for the plugin executable.
|
||||||
|
// If not empty it will be used to verify the integrity of the executable
|
||||||
|
SHA256Sum string `json:"sha256sum" mapstructure:"sha256sum"`
|
||||||
|
// If enabled the client and the server automatically negotiate mTLS for
|
||||||
|
// transport authentication. This ensures that only the original client will
|
||||||
|
// be allowed to connect to the server, and all other connections will be
|
||||||
|
// rejected. The client will also refuse to connect to any server that isn't
|
||||||
|
// the original instance started by the client.
|
||||||
|
AutoMTLS bool `json:"auto_mtls" mapstructure:"auto_mtls"`
|
||||||
|
// unique identifier for kms plugins
|
||||||
|
kmsID int
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *Config) newKMSPluginSecretProvider(base kms.BaseSecret, url, masterKey string) kms.SecretProvider {
|
||||||
|
return &kmsPluginSecretProvider{
|
||||||
|
BaseSecret: base,
|
||||||
|
URL: url,
|
||||||
|
MasterKey: masterKey,
|
||||||
|
config: c,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Manager handles enabled plugins
|
||||||
|
type Manager struct {
|
||||||
|
closed int32
|
||||||
|
done chan bool
|
||||||
|
// List of configured plugins
|
||||||
|
Configs []Config `json:"plugins" mapstructure:"plugins"`
|
||||||
|
notifLock sync.RWMutex
|
||||||
|
notifiers []*notifierPlugin
|
||||||
|
kmsLock sync.RWMutex
|
||||||
|
kms []*kmsPlugin
|
||||||
|
authLock sync.RWMutex
|
||||||
|
auths []*authPlugin
|
||||||
|
searcherLock sync.RWMutex
|
||||||
|
searcher *searcherPlugin
|
||||||
|
metadaterLock sync.RWMutex
|
||||||
|
metadater *metadataPlugin
|
||||||
|
authScopes int
|
||||||
|
hasSearcher bool
|
||||||
|
hasMetadater bool
|
||||||
|
hasNotifiers bool
|
||||||
|
}
|
||||||
|
|
||||||
|
// Initialize initializes the configured plugins
|
||||||
|
func Initialize(configs []Config, logVerbose bool) error {
|
||||||
|
logger.Debug(logSender, "", "initialize")
|
||||||
|
Handler = Manager{
|
||||||
|
Configs: configs,
|
||||||
|
done: make(chan bool),
|
||||||
|
closed: 0,
|
||||||
|
authScopes: -1,
|
||||||
|
}
|
||||||
|
setLogLevel(logVerbose)
|
||||||
|
if len(configs) == 0 {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
if err := Handler.validateConfigs(); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
kmsID := 0
|
||||||
|
for idx, config := range Handler.Configs {
|
||||||
|
switch config.Type {
|
||||||
|
case notifier.PluginName:
|
||||||
|
plugin, err := newNotifierPlugin(config)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
Handler.notifiers = append(Handler.notifiers, plugin)
|
||||||
|
case kmsplugin.PluginName:
|
||||||
|
plugin, err := newKMSPlugin(config)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
Handler.kms = append(Handler.kms, plugin)
|
||||||
|
Handler.Configs[idx].kmsID = kmsID
|
||||||
|
kmsID++
|
||||||
|
kms.RegisterSecretProvider(config.KMSOptions.Scheme, config.KMSOptions.EncryptedStatus,
|
||||||
|
Handler.Configs[idx].newKMSPluginSecretProvider)
|
||||||
|
logger.Debug(logSender, "", "registered secret provider for scheme: %v, encrypted status: %v",
|
||||||
|
config.KMSOptions.Scheme, config.KMSOptions.EncryptedStatus)
|
||||||
|
case auth.PluginName:
|
||||||
|
plugin, err := newAuthPlugin(config)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
Handler.auths = append(Handler.auths, plugin)
|
||||||
|
if Handler.authScopes == -1 {
|
||||||
|
Handler.authScopes = config.AuthOptions.Scope
|
||||||
|
} else {
|
||||||
|
Handler.authScopes |= config.AuthOptions.Scope
|
||||||
|
}
|
||||||
|
case eventsearcher.PluginName:
|
||||||
|
plugin, err := newSearcherPlugin(config)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
Handler.searcher = plugin
|
||||||
|
case metadata.PluginName:
|
||||||
|
plugin, err := newMetadaterPlugin(config)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
Handler.metadater = plugin
|
||||||
|
default:
|
||||||
|
return fmt.Errorf("unsupported plugin type: %v", config.Type)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
startCheckTicker()
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (m *Manager) validateConfigs() error {
|
||||||
|
kmsSchemes := make(map[string]bool)
|
||||||
|
kmsEncryptions := make(map[string]bool)
|
||||||
|
m.hasSearcher = false
|
||||||
|
m.hasMetadater = false
|
||||||
|
m.hasNotifiers = false
|
||||||
|
|
||||||
|
for _, config := range m.Configs {
|
||||||
|
if config.Type == kmsplugin.PluginName {
|
||||||
|
if _, ok := kmsSchemes[config.KMSOptions.Scheme]; ok {
|
||||||
|
return fmt.Errorf("invalid KMS configuration, duplicated scheme %#v", config.KMSOptions.Scheme)
|
||||||
|
}
|
||||||
|
if _, ok := kmsEncryptions[config.KMSOptions.EncryptedStatus]; ok {
|
||||||
|
return fmt.Errorf("invalid KMS configuration, duplicated encrypted status %#v", config.KMSOptions.EncryptedStatus)
|
||||||
|
}
|
||||||
|
kmsSchemes[config.KMSOptions.Scheme] = true
|
||||||
|
kmsEncryptions[config.KMSOptions.EncryptedStatus] = true
|
||||||
|
}
|
||||||
|
if config.Type == eventsearcher.PluginName {
|
||||||
|
if m.hasSearcher {
|
||||||
|
return errors.New("only one eventsearcher plugin can be defined")
|
||||||
|
}
|
||||||
|
m.hasSearcher = true
|
||||||
|
}
|
||||||
|
if config.Type == metadata.PluginName {
|
||||||
|
if m.hasMetadater {
|
||||||
|
return errors.New("only one metadata plugin can be defined")
|
||||||
|
}
|
||||||
|
m.hasMetadater = true
|
||||||
|
}
|
||||||
|
if config.Type == notifier.PluginName {
|
||||||
|
m.hasNotifiers = true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// HasNotifiers returns true if there is at least a notifier plugin
|
||||||
|
func (m *Manager) HasNotifiers() bool {
|
||||||
|
return m.hasNotifiers
|
||||||
|
}
|
||||||
|
|
||||||
|
// NotifyFsEvent sends the fs event notifications using any defined notifier plugins
|
||||||
|
func (m *Manager) NotifyFsEvent(event *notifier.FsEvent) {
|
||||||
|
m.notifLock.RLock()
|
||||||
|
defer m.notifLock.RUnlock()
|
||||||
|
|
||||||
|
for _, n := range m.notifiers {
|
||||||
|
n.notifyFsAction(event)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// NotifyProviderEvent sends the provider event notifications using any defined notifier plugins
|
||||||
|
func (m *Manager) NotifyProviderEvent(event *notifier.ProviderEvent, object Renderer) {
|
||||||
|
m.notifLock.RLock()
|
||||||
|
defer m.notifLock.RUnlock()
|
||||||
|
|
||||||
|
for _, n := range m.notifiers {
|
||||||
|
n.notifyProviderAction(event, object)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// SearchFsEvents returns the filesystem events matching the specified filters
|
||||||
|
func (m *Manager) SearchFsEvents(searchFilters *eventsearcher.FsEventSearch) ([]byte, []string, []string, error) {
|
||||||
|
if !m.hasSearcher {
|
||||||
|
return nil, nil, nil, ErrNoSearcher
|
||||||
|
}
|
||||||
|
m.searcherLock.RLock()
|
||||||
|
plugin := m.searcher
|
||||||
|
m.searcherLock.RUnlock()
|
||||||
|
|
||||||
|
return plugin.searchear.SearchFsEvents(searchFilters)
|
||||||
|
}
|
||||||
|
|
||||||
|
// SearchProviderEvents returns the provider events matching the specified filters
|
||||||
|
func (m *Manager) SearchProviderEvents(searchFilters *eventsearcher.ProviderEventSearch) ([]byte, []string, []string, error) {
|
||||||
|
if !m.hasSearcher {
|
||||||
|
return nil, nil, nil, ErrNoSearcher
|
||||||
|
}
|
||||||
|
m.searcherLock.RLock()
|
||||||
|
plugin := m.searcher
|
||||||
|
m.searcherLock.RUnlock()
|
||||||
|
|
||||||
|
return plugin.searchear.SearchProviderEvents(searchFilters)
|
||||||
|
}
|
||||||
|
|
||||||
|
// HasMetadater returns true if a metadata plugin is defined
|
||||||
|
func (m *Manager) HasMetadater() bool {
|
||||||
|
return m.hasMetadater
|
||||||
|
}
|
||||||
|
|
||||||
|
// SetModificationTime sets the modification time for the specified object
|
||||||
|
func (m *Manager) SetModificationTime(storageID, objectPath string, mTime int64) error {
|
||||||
|
if !m.hasMetadater {
|
||||||
|
return ErrNoMetadater
|
||||||
|
}
|
||||||
|
m.metadaterLock.RLock()
|
||||||
|
plugin := m.metadater
|
||||||
|
m.metadaterLock.RUnlock()
|
||||||
|
|
||||||
|
return plugin.metadater.SetModificationTime(storageID, objectPath, mTime)
|
||||||
|
}
|
||||||
|
|
||||||
|
// GetModificationTime returns the modification time for the specified path
|
||||||
|
func (m *Manager) GetModificationTime(storageID, objectPath string, isDir bool) (int64, error) {
|
||||||
|
if !m.hasMetadater {
|
||||||
|
return 0, ErrNoMetadater
|
||||||
|
}
|
||||||
|
m.metadaterLock.RLock()
|
||||||
|
plugin := m.metadater
|
||||||
|
m.metadaterLock.RUnlock()
|
||||||
|
|
||||||
|
return plugin.metadater.GetModificationTime(storageID, objectPath)
|
||||||
|
}
|
||||||
|
|
||||||
|
// GetModificationTimes returns the modification times for all the files within the specified folder
|
||||||
|
func (m *Manager) GetModificationTimes(storageID, objectPath string) (map[string]int64, error) {
|
||||||
|
if !m.hasMetadater {
|
||||||
|
return nil, ErrNoMetadater
|
||||||
|
}
|
||||||
|
m.metadaterLock.RLock()
|
||||||
|
plugin := m.metadater
|
||||||
|
m.metadaterLock.RUnlock()
|
||||||
|
|
||||||
|
return plugin.metadater.GetModificationTimes(storageID, objectPath)
|
||||||
|
}
|
||||||
|
|
||||||
|
// RemoveMetadata deletes the metadata stored for the specified object
|
||||||
|
func (m *Manager) RemoveMetadata(storageID, objectPath string) error {
|
||||||
|
if !m.hasMetadater {
|
||||||
|
return ErrNoMetadater
|
||||||
|
}
|
||||||
|
m.metadaterLock.RLock()
|
||||||
|
plugin := m.metadater
|
||||||
|
m.metadaterLock.RUnlock()
|
||||||
|
|
||||||
|
return plugin.metadater.RemoveMetadata(storageID, objectPath)
|
||||||
|
}
|
||||||
|
|
||||||
|
// GetMetadataFolders returns the folders that metadata is associated with
|
||||||
|
func (m *Manager) GetMetadataFolders(storageID, from string, limit int) ([]string, error) {
|
||||||
|
if !m.hasMetadater {
|
||||||
|
return nil, ErrNoMetadater
|
||||||
|
}
|
||||||
|
m.metadaterLock.RLock()
|
||||||
|
plugin := m.metadater
|
||||||
|
m.metadaterLock.RUnlock()
|
||||||
|
|
||||||
|
return plugin.metadater.GetFolders(storageID, limit, from)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (m *Manager) kmsEncrypt(secret kms.BaseSecret, url string, masterKey string, kmsID int) (string, string, int32, error) {
|
||||||
|
m.kmsLock.RLock()
|
||||||
|
plugin := m.kms[kmsID]
|
||||||
|
m.kmsLock.RUnlock()
|
||||||
|
|
||||||
|
return plugin.Encrypt(secret, url, masterKey)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (m *Manager) kmsDecrypt(secret kms.BaseSecret, url string, masterKey string, kmsID int) (string, error) {
|
||||||
|
m.kmsLock.RLock()
|
||||||
|
plugin := m.kms[kmsID]
|
||||||
|
m.kmsLock.RUnlock()
|
||||||
|
|
||||||
|
return plugin.Decrypt(secret, url, masterKey)
|
||||||
|
}
|
||||||
|
|
||||||
|
// HasAuthScope returns true if there is an auth plugin that support the specified scope
|
||||||
|
func (m *Manager) HasAuthScope(scope int) bool {
|
||||||
|
if m.authScopes == -1 {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
return m.authScopes&scope != 0
|
||||||
|
}
|
||||||
|
|
||||||
|
// Authenticate tries to authenticate the specified user using an external plugin
|
||||||
|
func (m *Manager) Authenticate(username, password, ip, protocol string, pkey string,
|
||||||
|
tlsCert *x509.Certificate, authScope int, userAsJSON []byte,
|
||||||
|
) ([]byte, error) {
|
||||||
|
switch authScope {
|
||||||
|
case AuthScopePassword:
|
||||||
|
return m.checkUserAndPass(username, password, ip, protocol, userAsJSON)
|
||||||
|
case AuthScopePublicKey:
|
||||||
|
return m.checkUserAndPublicKey(username, pkey, ip, protocol, userAsJSON)
|
||||||
|
case AuthScopeKeyboardInteractive:
|
||||||
|
return m.checkUserAndKeyboardInteractive(username, ip, protocol, userAsJSON)
|
||||||
|
case AuthScopeTLSCertificate:
|
||||||
|
cert, err := util.EncodeTLSCertToPem(tlsCert)
|
||||||
|
if err != nil {
|
||||||
|
logger.Error(logSender, "", "unable to encode tls certificate to pem: %v", err)
|
||||||
|
return nil, fmt.Errorf("unable to encode tls cert to pem: %w", err)
|
||||||
|
}
|
||||||
|
return m.checkUserAndTLSCert(username, cert, ip, protocol, userAsJSON)
|
||||||
|
default:
|
||||||
|
return nil, fmt.Errorf("unsupported auth scope: %v", authScope)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// ExecuteKeyboardInteractiveStep executes a keyboard interactive step
|
||||||
|
func (m *Manager) ExecuteKeyboardInteractiveStep(req *KeyboardAuthRequest) (*KeyboardAuthResponse, error) {
|
||||||
|
var plugin *authPlugin
|
||||||
|
|
||||||
|
m.authLock.Lock()
|
||||||
|
for _, p := range m.auths {
|
||||||
|
if p.config.AuthOptions.Scope&AuthScopePassword != 0 {
|
||||||
|
plugin = p
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
|
m.authLock.Unlock()
|
||||||
|
|
||||||
|
if plugin == nil {
|
||||||
|
return nil, errors.New("no auth plugin configured for keyaboard interactive authentication step")
|
||||||
|
}
|
||||||
|
|
||||||
|
return plugin.sendKeyboardIteractiveRequest(req)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (m *Manager) checkUserAndPass(username, password, ip, protocol string, userAsJSON []byte) ([]byte, error) {
|
||||||
|
var plugin *authPlugin
|
||||||
|
|
||||||
|
m.authLock.Lock()
|
||||||
|
for _, p := range m.auths {
|
||||||
|
if p.config.AuthOptions.Scope&AuthScopePassword != 0 {
|
||||||
|
plugin = p
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
|
m.authLock.Unlock()
|
||||||
|
|
||||||
|
if plugin == nil {
|
||||||
|
return nil, errors.New("no auth plugin configured for password checking")
|
||||||
|
}
|
||||||
|
|
||||||
|
return plugin.checkUserAndPass(username, password, ip, protocol, userAsJSON)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (m *Manager) checkUserAndPublicKey(username, pubKey, ip, protocol string, userAsJSON []byte) ([]byte, error) {
|
||||||
|
var plugin *authPlugin
|
||||||
|
|
||||||
|
m.authLock.Lock()
|
||||||
|
for _, p := range m.auths {
|
||||||
|
if p.config.AuthOptions.Scope&AuthScopePublicKey != 0 {
|
||||||
|
plugin = p
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
|
m.authLock.Unlock()
|
||||||
|
|
||||||
|
if plugin == nil {
|
||||||
|
return nil, errors.New("no auth plugin configured for public key checking")
|
||||||
|
}
|
||||||
|
|
||||||
|
return plugin.checkUserAndPublicKey(username, pubKey, ip, protocol, userAsJSON)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (m *Manager) checkUserAndTLSCert(username, tlsCert, ip, protocol string, userAsJSON []byte) ([]byte, error) {
|
||||||
|
var plugin *authPlugin
|
||||||
|
|
||||||
|
m.authLock.Lock()
|
||||||
|
for _, p := range m.auths {
|
||||||
|
if p.config.AuthOptions.Scope&AuthScopeTLSCertificate != 0 {
|
||||||
|
plugin = p
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
|
m.authLock.Unlock()
|
||||||
|
|
||||||
|
if plugin == nil {
|
||||||
|
return nil, errors.New("no auth plugin configured for TLS certificate checking")
|
||||||
|
}
|
||||||
|
|
||||||
|
return plugin.checkUserAndTLSCertificate(username, tlsCert, ip, protocol, userAsJSON)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (m *Manager) checkUserAndKeyboardInteractive(username, ip, protocol string, userAsJSON []byte) ([]byte, error) {
|
||||||
|
var plugin *authPlugin
|
||||||
|
|
||||||
|
m.authLock.Lock()
|
||||||
|
for _, p := range m.auths {
|
||||||
|
if p.config.AuthOptions.Scope&AuthScopeKeyboardInteractive != 0 {
|
||||||
|
plugin = p
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
|
m.authLock.Unlock()
|
||||||
|
|
||||||
|
if plugin == nil {
|
||||||
|
return nil, errors.New("no auth plugin configured for keyboard interactive checking")
|
||||||
|
}
|
||||||
|
|
||||||
|
return plugin.checkUserAndKeyboardInteractive(username, ip, protocol, userAsJSON)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (m *Manager) checkCrashedPlugins() {
|
||||||
|
m.notifLock.RLock()
|
||||||
|
for idx, n := range m.notifiers {
|
||||||
|
if n.exited() {
|
||||||
|
defer func(cfg Config, index int) {
|
||||||
|
Handler.restartNotifierPlugin(cfg, index)
|
||||||
|
}(n.config, idx)
|
||||||
|
} else {
|
||||||
|
n.sendQueuedEvents()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
m.notifLock.RUnlock()
|
||||||
|
|
||||||
|
m.kmsLock.RLock()
|
||||||
|
for idx, k := range m.kms {
|
||||||
|
if k.exited() {
|
||||||
|
defer func(cfg Config, index int) {
|
||||||
|
Handler.restartKMSPlugin(cfg, index)
|
||||||
|
}(k.config, idx)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
m.kmsLock.RUnlock()
|
||||||
|
|
||||||
|
m.authLock.RLock()
|
||||||
|
for idx, a := range m.auths {
|
||||||
|
if a.exited() {
|
||||||
|
defer func(cfg Config, index int) {
|
||||||
|
Handler.restartAuthPlugin(cfg, index)
|
||||||
|
}(a.config, idx)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
m.authLock.RUnlock()
|
||||||
|
|
||||||
|
if m.hasSearcher {
|
||||||
|
m.searcherLock.RLock()
|
||||||
|
if m.searcher.exited() {
|
||||||
|
defer func(cfg Config) {
|
||||||
|
Handler.restartSearcherPlugin(cfg)
|
||||||
|
}(m.searcher.config)
|
||||||
|
}
|
||||||
|
m.searcherLock.RUnlock()
|
||||||
|
}
|
||||||
|
|
||||||
|
if m.hasMetadater {
|
||||||
|
m.metadaterLock.RLock()
|
||||||
|
if m.metadater.exited() {
|
||||||
|
defer func(cfg Config) {
|
||||||
|
Handler.restartMetadaterPlugin(cfg)
|
||||||
|
}(m.metadater.config)
|
||||||
|
}
|
||||||
|
m.metadaterLock.RUnlock()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (m *Manager) restartNotifierPlugin(config Config, idx int) {
|
||||||
|
if atomic.LoadInt32(&m.closed) == 1 {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
logger.Info(logSender, "", "try to restart crashed notifier plugin %#v, idx: %v", config.Cmd, idx)
|
||||||
|
plugin, err := newNotifierPlugin(config)
|
||||||
|
if err != nil {
|
||||||
|
logger.Error(logSender, "", "unable to restart notifier plugin %#v, err: %v", config.Cmd, err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
m.notifLock.Lock()
|
||||||
|
plugin.queue = m.notifiers[idx].queue
|
||||||
|
m.notifiers[idx] = plugin
|
||||||
|
m.notifLock.Unlock()
|
||||||
|
plugin.sendQueuedEvents()
|
||||||
|
}
|
||||||
|
|
||||||
|
func (m *Manager) restartKMSPlugin(config Config, idx int) {
|
||||||
|
if atomic.LoadInt32(&m.closed) == 1 {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
logger.Info(logSender, "", "try to restart crashed kms plugin %#v, idx: %v", config.Cmd, idx)
|
||||||
|
plugin, err := newKMSPlugin(config)
|
||||||
|
if err != nil {
|
||||||
|
logger.Error(logSender, "", "unable to restart kms plugin %#v, err: %v", config.Cmd, err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
m.kmsLock.Lock()
|
||||||
|
m.kms[idx] = plugin
|
||||||
|
m.kmsLock.Unlock()
|
||||||
|
}
|
||||||
|
|
||||||
|
func (m *Manager) restartAuthPlugin(config Config, idx int) {
|
||||||
|
if atomic.LoadInt32(&m.closed) == 1 {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
logger.Info(logSender, "", "try to restart crashed auth plugin %#v, idx: %v", config.Cmd, idx)
|
||||||
|
plugin, err := newAuthPlugin(config)
|
||||||
|
if err != nil {
|
||||||
|
logger.Error(logSender, "", "unable to restart auth plugin %#v, err: %v", config.Cmd, err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
m.authLock.Lock()
|
||||||
|
m.auths[idx] = plugin
|
||||||
|
m.authLock.Unlock()
|
||||||
|
}
|
||||||
|
|
||||||
|
func (m *Manager) restartSearcherPlugin(config Config) {
|
||||||
|
if atomic.LoadInt32(&m.closed) == 1 {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
logger.Info(logSender, "", "try to restart crashed searcher plugin %#v", config.Cmd)
|
||||||
|
plugin, err := newSearcherPlugin(config)
|
||||||
|
if err != nil {
|
||||||
|
logger.Error(logSender, "", "unable to restart searcher plugin %#v, err: %v", config.Cmd, err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
m.searcherLock.Lock()
|
||||||
|
m.searcher = plugin
|
||||||
|
m.searcherLock.Unlock()
|
||||||
|
}
|
||||||
|
|
||||||
|
func (m *Manager) restartMetadaterPlugin(config Config) {
|
||||||
|
if atomic.LoadInt32(&m.closed) == 1 {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
logger.Info(logSender, "", "try to restart crashed metadater plugin %#v", config.Cmd)
|
||||||
|
plugin, err := newMetadaterPlugin(config)
|
||||||
|
if err != nil {
|
||||||
|
logger.Error(logSender, "", "unable to restart metadater plugin %#v, err: %v", config.Cmd, err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
m.metadaterLock.Lock()
|
||||||
|
m.metadater = plugin
|
||||||
|
m.metadaterLock.Unlock()
|
||||||
|
}
|
||||||
|
|
||||||
|
// Cleanup releases all the active plugins
|
||||||
|
func (m *Manager) Cleanup() {
|
||||||
|
logger.Debug(logSender, "", "cleanup")
|
||||||
|
atomic.StoreInt32(&m.closed, 1)
|
||||||
|
close(m.done)
|
||||||
|
m.notifLock.Lock()
|
||||||
|
for _, n := range m.notifiers {
|
||||||
|
logger.Debug(logSender, "", "cleanup notifier plugin %v", n.config.Cmd)
|
||||||
|
n.cleanup()
|
||||||
|
}
|
||||||
|
m.notifLock.Unlock()
|
||||||
|
|
||||||
|
m.kmsLock.Lock()
|
||||||
|
for _, k := range m.kms {
|
||||||
|
logger.Debug(logSender, "", "cleanup kms plugin %v", k.config.Cmd)
|
||||||
|
k.cleanup()
|
||||||
|
}
|
||||||
|
m.kmsLock.Unlock()
|
||||||
|
|
||||||
|
m.authLock.Lock()
|
||||||
|
for _, a := range m.auths {
|
||||||
|
logger.Debug(logSender, "", "cleanup auth plugin %v", a.config.Cmd)
|
||||||
|
a.cleanup()
|
||||||
|
}
|
||||||
|
m.authLock.Unlock()
|
||||||
|
|
||||||
|
if m.hasSearcher {
|
||||||
|
m.searcherLock.Lock()
|
||||||
|
logger.Debug(logSender, "", "cleanup searcher plugin %v", m.searcher.config.Cmd)
|
||||||
|
m.searcher.cleanup()
|
||||||
|
m.searcherLock.Unlock()
|
||||||
|
}
|
||||||
|
|
||||||
|
if m.hasMetadater {
|
||||||
|
m.metadaterLock.Lock()
|
||||||
|
logger.Debug(logSender, "", "cleanup metadater plugin %v", m.metadater.config.Cmd)
|
||||||
|
m.metadater.cleanup()
|
||||||
|
m.metadaterLock.Unlock()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func setLogLevel(logVerbose bool) {
|
||||||
|
if logVerbose {
|
||||||
|
pluginsLogLevel = hclog.Debug
|
||||||
|
} else {
|
||||||
|
pluginsLogLevel = hclog.Info
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func startCheckTicker() {
|
||||||
|
logger.Debug(logSender, "", "start plugins checker")
|
||||||
|
checker := time.NewTicker(30 * time.Second)
|
||||||
|
|
||||||
|
go func() {
|
||||||
|
for {
|
||||||
|
select {
|
||||||
|
case <-Handler.done:
|
||||||
|
logger.Debug(logSender, "", "handler done, stop plugins checker")
|
||||||
|
checker.Stop()
|
||||||
|
return
|
||||||
|
case <-checker.C:
|
||||||
|
Handler.checkCrashedPlugins()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}()
|
||||||
|
}
|
|
@ -8,7 +8,7 @@ import (
|
||||||
"github.com/hashicorp/go-hclog"
|
"github.com/hashicorp/go-hclog"
|
||||||
"github.com/hashicorp/go-plugin"
|
"github.com/hashicorp/go-plugin"
|
||||||
|
|
||||||
"github.com/drakkan/sftpgo/v2/sdk/logger"
|
"github.com/drakkan/sftpgo/v2/logger"
|
||||||
"github.com/drakkan/sftpgo/v2/sdk/plugin/eventsearcher"
|
"github.com/drakkan/sftpgo/v2/sdk/plugin/eventsearcher"
|
||||||
)
|
)
|
||||||
|
|
|
@ -3,7 +3,7 @@ package plugin
|
||||||
import (
|
import (
|
||||||
"github.com/shirou/gopsutil/v3/process"
|
"github.com/shirou/gopsutil/v3/process"
|
||||||
|
|
||||||
"github.com/drakkan/sftpgo/v2/sdk/logger"
|
"github.com/drakkan/sftpgo/v2/logger"
|
||||||
)
|
)
|
||||||
|
|
||||||
func killProcess(processPath string) {
|
func killProcess(processPath string) {
|
|
@ -9,7 +9,6 @@ import (
|
||||||
"sync"
|
"sync"
|
||||||
|
|
||||||
"github.com/drakkan/sftpgo/v2/sdk/logger"
|
"github.com/drakkan/sftpgo/v2/sdk/logger"
|
||||||
"github.com/drakkan/sftpgo/v2/sdk/util"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
// SecretProvider defines the interface for a KMS secrets provider
|
// SecretProvider defines the interface for a KMS secrets provider
|
||||||
|
@ -141,7 +140,7 @@ func (c *Configuration) Initialize() error {
|
||||||
config.Secrets.URL = SchemeLocal + "://"
|
config.Secrets.URL = SchemeLocal + "://"
|
||||||
}
|
}
|
||||||
for k, v := range secretProviders {
|
for k, v := range secretProviders {
|
||||||
logger.Debug(logSender, "secret provider registered for scheme: %#v, encrypted status: %#v",
|
logger.Info(logSender, "secret provider registered for scheme: %#v, encrypted status: %#v",
|
||||||
k, v.encryptedStatus)
|
k, v.encryptedStatus)
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
|
@ -217,8 +216,7 @@ func (s *Secret) UnmarshalJSON(data []byte) error {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
logger.Debug(logSender, "no provider registered for status %#v", baseSecret.Status)
|
logger.Error(logSender, "no provider registered for status %#v", baseSecret.Status)
|
||||||
|
|
||||||
return ErrInvalidSecret
|
return ErrInvalidSecret
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -399,7 +397,7 @@ func (s *Secret) IsValidInput() bool {
|
||||||
s.RLock()
|
s.RLock()
|
||||||
defer s.RUnlock()
|
defer s.RUnlock()
|
||||||
|
|
||||||
if !util.IsStringInSlice(s.provider.GetStatus(), validSecretStatuses) {
|
if !isSecretStatusValid(s.provider.GetStatus()) {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
if s.provider.GetPayload() == "" {
|
if s.provider.GetPayload() == "" {
|
||||||
|
@ -444,3 +442,12 @@ func (s *Secret) TryDecrypt() error {
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func isSecretStatusValid(status string) bool {
|
||||||
|
for i := 0; i < len(validSecretStatuses); i++ {
|
||||||
|
if validSecretStatuses[i] == status {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
|
@ -1,7 +1,12 @@
|
||||||
// Package logger provides logging capabilities.
|
// Package logger provides logging capabilities.
|
||||||
package logger
|
package logger
|
||||||
|
|
||||||
import "github.com/hashicorp/go-hclog"
|
const (
|
||||||
|
levelDebug = iota
|
||||||
|
levelInfo
|
||||||
|
levelWarn
|
||||||
|
levelError
|
||||||
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
logger Logger
|
logger Logger
|
||||||
|
@ -13,10 +18,8 @@ func init() {
|
||||||
|
|
||||||
// Logger interface
|
// Logger interface
|
||||||
type Logger interface {
|
type Logger interface {
|
||||||
// LogWithKeyVals logs at the specified level for the specified sender adding the specified key vals
|
|
||||||
LogWithKeyVals(level hclog.Level, sender, msg string, args ...interface{})
|
|
||||||
// Log logs at the specified level for the specified sender
|
// Log logs at the specified level for the specified sender
|
||||||
Log(level hclog.Level, sender, format string, v ...interface{})
|
Log(level int, sender, format string, v ...interface{})
|
||||||
}
|
}
|
||||||
|
|
||||||
// SetLogger sets the specified logger
|
// SetLogger sets the specified logger
|
||||||
|
@ -31,26 +34,24 @@ func DisableLogger() {
|
||||||
|
|
||||||
type noLogger struct{}
|
type noLogger struct{}
|
||||||
|
|
||||||
func (*noLogger) LogWithKeyVals(level hclog.Level, sender, msg string, args ...interface{}) {}
|
func (*noLogger) Log(level int, sender, format string, v ...interface{}) {}
|
||||||
|
|
||||||
func (*noLogger) Log(level hclog.Level, sender, format string, v ...interface{}) {}
|
|
||||||
|
|
||||||
// Debug logs at debug level for the specified sender
|
// Debug logs at debug level for the specified sender
|
||||||
func Debug(sender, format string, v ...interface{}) {
|
func Debug(sender, format string, v ...interface{}) {
|
||||||
logger.Log(hclog.Debug, sender, format, v...)
|
logger.Log(levelDebug, sender, format, v...)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Info logs at info level for the specified sender
|
// Info logs at info level for the specified sender
|
||||||
func Info(sender, format string, v ...interface{}) {
|
func Info(sender, format string, v ...interface{}) {
|
||||||
logger.Log(hclog.Info, sender, format, v...)
|
logger.Log(levelInfo, sender, format, v...)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Warn logs at warn level for the specified sender
|
// Warn logs at warn level for the specified sender
|
||||||
func Warn(sender, format string, v ...interface{}) {
|
func Warn(sender, format string, v ...interface{}) {
|
||||||
logger.Log(hclog.Warn, sender, format, v...)
|
logger.Log(levelWarn, sender, format, v...)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Error logs at error level for the specified sender
|
// Error logs at error level for the specified sender
|
||||||
func Error(sender, format string, v ...interface{}) {
|
func Error(sender, format string, v ...interface{}) {
|
||||||
logger.Log(hclog.Error, sender, format, v...)
|
logger.Log(levelError, sender, format, v...)
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,666 +1 @@
|
||||||
// Package plugin provides support for the SFTPGo plugin system
|
|
||||||
package plugin
|
package plugin
|
||||||
|
|
||||||
import (
|
|
||||||
"crypto/x509"
|
|
||||||
"errors"
|
|
||||||
"fmt"
|
|
||||||
"sync"
|
|
||||||
"sync/atomic"
|
|
||||||
"time"
|
|
||||||
|
|
||||||
"github.com/hashicorp/go-hclog"
|
|
||||||
|
|
||||||
"github.com/drakkan/sftpgo/v2/sdk/kms"
|
|
||||||
"github.com/drakkan/sftpgo/v2/sdk/logger"
|
|
||||||
"github.com/drakkan/sftpgo/v2/sdk/plugin/auth"
|
|
||||||
"github.com/drakkan/sftpgo/v2/sdk/plugin/eventsearcher"
|
|
||||||
kmsplugin "github.com/drakkan/sftpgo/v2/sdk/plugin/kms"
|
|
||||||
"github.com/drakkan/sftpgo/v2/sdk/plugin/metadata"
|
|
||||||
"github.com/drakkan/sftpgo/v2/sdk/plugin/notifier"
|
|
||||||
"github.com/drakkan/sftpgo/v2/sdk/util"
|
|
||||||
)
|
|
||||||
|
|
||||||
const (
|
|
||||||
logSender = "plugins"
|
|
||||||
)
|
|
||||||
|
|
||||||
var (
|
|
||||||
// Handler defines the plugins manager
|
|
||||||
Handler Manager
|
|
||||||
pluginsLogLevel = hclog.Debug
|
|
||||||
// ErrNoSearcher defines the error to return for events searches if no plugin is configured
|
|
||||||
ErrNoSearcher = errors.New("no events searcher plugin defined")
|
|
||||||
// ErrNoMetadater returns the error to return for metadata methods if no plugin is configured
|
|
||||||
ErrNoMetadater = errors.New("no metadata plugin defined")
|
|
||||||
)
|
|
||||||
|
|
||||||
// Renderer defines the interface for generic objects rendering
|
|
||||||
type Renderer interface {
|
|
||||||
RenderAsJSON(reload bool) ([]byte, error)
|
|
||||||
}
|
|
||||||
|
|
||||||
// Config defines a plugin configuration
|
|
||||||
type Config struct {
|
|
||||||
// Plugin type
|
|
||||||
Type string `json:"type" mapstructure:"type"`
|
|
||||||
// NotifierOptions defines options for notifiers plugins
|
|
||||||
NotifierOptions NotifierConfig `json:"notifier_options" mapstructure:"notifier_options"`
|
|
||||||
// KMSOptions defines options for a KMS plugin
|
|
||||||
KMSOptions KMSConfig `json:"kms_options" mapstructure:"kms_options"`
|
|
||||||
// AuthOptions defines options for authentication plugins
|
|
||||||
AuthOptions AuthConfig `json:"auth_options" mapstructure:"auth_options"`
|
|
||||||
// Path to the plugin executable
|
|
||||||
Cmd string `json:"cmd" mapstructure:"cmd"`
|
|
||||||
// Args to pass to the plugin executable
|
|
||||||
Args []string `json:"args" mapstructure:"args"`
|
|
||||||
// SHA256 checksum for the plugin executable.
|
|
||||||
// If not empty it will be used to verify the integrity of the executable
|
|
||||||
SHA256Sum string `json:"sha256sum" mapstructure:"sha256sum"`
|
|
||||||
// If enabled the client and the server automatically negotiate mTLS for
|
|
||||||
// transport authentication. This ensures that only the original client will
|
|
||||||
// be allowed to connect to the server, and all other connections will be
|
|
||||||
// rejected. The client will also refuse to connect to any server that isn't
|
|
||||||
// the original instance started by the client.
|
|
||||||
AutoMTLS bool `json:"auto_mtls" mapstructure:"auto_mtls"`
|
|
||||||
// unique identifier for kms plugins
|
|
||||||
kmsID int
|
|
||||||
}
|
|
||||||
|
|
||||||
func (c *Config) newKMSPluginSecretProvider(base kms.BaseSecret, url, masterKey string) kms.SecretProvider {
|
|
||||||
return &kmsPluginSecretProvider{
|
|
||||||
BaseSecret: base,
|
|
||||||
URL: url,
|
|
||||||
MasterKey: masterKey,
|
|
||||||
config: c,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// Manager handles enabled plugins
|
|
||||||
type Manager struct {
|
|
||||||
closed int32
|
|
||||||
done chan bool
|
|
||||||
// List of configured plugins
|
|
||||||
Configs []Config `json:"plugins" mapstructure:"plugins"`
|
|
||||||
notifLock sync.RWMutex
|
|
||||||
notifiers []*notifierPlugin
|
|
||||||
kmsLock sync.RWMutex
|
|
||||||
kms []*kmsPlugin
|
|
||||||
authLock sync.RWMutex
|
|
||||||
auths []*authPlugin
|
|
||||||
searcherLock sync.RWMutex
|
|
||||||
searcher *searcherPlugin
|
|
||||||
metadaterLock sync.RWMutex
|
|
||||||
metadater *metadataPlugin
|
|
||||||
authScopes int
|
|
||||||
hasSearcher bool
|
|
||||||
hasMetadater bool
|
|
||||||
hasNotifiers bool
|
|
||||||
}
|
|
||||||
|
|
||||||
// Initialize initializes the configured plugins
|
|
||||||
func Initialize(configs []Config, logVerbose bool) error {
|
|
||||||
logger.Debug(logSender, "initialize")
|
|
||||||
Handler = Manager{
|
|
||||||
Configs: configs,
|
|
||||||
done: make(chan bool),
|
|
||||||
closed: 0,
|
|
||||||
authScopes: -1,
|
|
||||||
}
|
|
||||||
setLogLevel(logVerbose)
|
|
||||||
if len(configs) == 0 {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
if err := Handler.validateConfigs(); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
||||||
kmsID := 0
|
|
||||||
for idx, config := range Handler.Configs {
|
|
||||||
switch config.Type {
|
|
||||||
case notifier.PluginName:
|
|
||||||
plugin, err := newNotifierPlugin(config)
|
|
||||||
if err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
Handler.notifiers = append(Handler.notifiers, plugin)
|
|
||||||
case kmsplugin.PluginName:
|
|
||||||
plugin, err := newKMSPlugin(config)
|
|
||||||
if err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
Handler.kms = append(Handler.kms, plugin)
|
|
||||||
Handler.Configs[idx].kmsID = kmsID
|
|
||||||
kmsID++
|
|
||||||
kms.RegisterSecretProvider(config.KMSOptions.Scheme, config.KMSOptions.EncryptedStatus,
|
|
||||||
Handler.Configs[idx].newKMSPluginSecretProvider)
|
|
||||||
logger.Debug(logSender, "registered secret provider for scheme: %v, encrypted status: %v",
|
|
||||||
config.KMSOptions.Scheme, config.KMSOptions.EncryptedStatus)
|
|
||||||
case auth.PluginName:
|
|
||||||
plugin, err := newAuthPlugin(config)
|
|
||||||
if err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
Handler.auths = append(Handler.auths, plugin)
|
|
||||||
if Handler.authScopes == -1 {
|
|
||||||
Handler.authScopes = config.AuthOptions.Scope
|
|
||||||
} else {
|
|
||||||
Handler.authScopes |= config.AuthOptions.Scope
|
|
||||||
}
|
|
||||||
case eventsearcher.PluginName:
|
|
||||||
plugin, err := newSearcherPlugin(config)
|
|
||||||
if err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
Handler.searcher = plugin
|
|
||||||
case metadata.PluginName:
|
|
||||||
plugin, err := newMetadaterPlugin(config)
|
|
||||||
if err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
Handler.metadater = plugin
|
|
||||||
default:
|
|
||||||
return fmt.Errorf("unsupported plugin type: %v", config.Type)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
startCheckTicker()
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
func (m *Manager) validateConfigs() error {
|
|
||||||
kmsSchemes := make(map[string]bool)
|
|
||||||
kmsEncryptions := make(map[string]bool)
|
|
||||||
m.hasSearcher = false
|
|
||||||
m.hasMetadater = false
|
|
||||||
m.hasNotifiers = false
|
|
||||||
|
|
||||||
for _, config := range m.Configs {
|
|
||||||
if config.Type == kmsplugin.PluginName {
|
|
||||||
if _, ok := kmsSchemes[config.KMSOptions.Scheme]; ok {
|
|
||||||
return fmt.Errorf("invalid KMS configuration, duplicated scheme %#v", config.KMSOptions.Scheme)
|
|
||||||
}
|
|
||||||
if _, ok := kmsEncryptions[config.KMSOptions.EncryptedStatus]; ok {
|
|
||||||
return fmt.Errorf("invalid KMS configuration, duplicated encrypted status %#v", config.KMSOptions.EncryptedStatus)
|
|
||||||
}
|
|
||||||
kmsSchemes[config.KMSOptions.Scheme] = true
|
|
||||||
kmsEncryptions[config.KMSOptions.EncryptedStatus] = true
|
|
||||||
}
|
|
||||||
if config.Type == eventsearcher.PluginName {
|
|
||||||
if m.hasSearcher {
|
|
||||||
return errors.New("only one eventsearcher plugin can be defined")
|
|
||||||
}
|
|
||||||
m.hasSearcher = true
|
|
||||||
}
|
|
||||||
if config.Type == metadata.PluginName {
|
|
||||||
if m.hasMetadater {
|
|
||||||
return errors.New("only one metadata plugin can be defined")
|
|
||||||
}
|
|
||||||
m.hasMetadater = true
|
|
||||||
}
|
|
||||||
if config.Type == notifier.PluginName {
|
|
||||||
m.hasNotifiers = true
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// HasNotifiers returns true if there is at least a notifier plugin
|
|
||||||
func (m *Manager) HasNotifiers() bool {
|
|
||||||
return m.hasNotifiers
|
|
||||||
}
|
|
||||||
|
|
||||||
// NotifyFsEvent sends the fs event notifications using any defined notifier plugins
|
|
||||||
func (m *Manager) NotifyFsEvent(event *notifier.FsEvent) {
|
|
||||||
m.notifLock.RLock()
|
|
||||||
defer m.notifLock.RUnlock()
|
|
||||||
|
|
||||||
for _, n := range m.notifiers {
|
|
||||||
n.notifyFsAction(event)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// NotifyProviderEvent sends the provider event notifications using any defined notifier plugins
|
|
||||||
func (m *Manager) NotifyProviderEvent(event *notifier.ProviderEvent, object Renderer) {
|
|
||||||
m.notifLock.RLock()
|
|
||||||
defer m.notifLock.RUnlock()
|
|
||||||
|
|
||||||
for _, n := range m.notifiers {
|
|
||||||
n.notifyProviderAction(event, object)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// SearchFsEvents returns the filesystem events matching the specified filters
|
|
||||||
func (m *Manager) SearchFsEvents(searchFilters *eventsearcher.FsEventSearch) ([]byte, []string, []string, error) {
|
|
||||||
if !m.hasSearcher {
|
|
||||||
return nil, nil, nil, ErrNoSearcher
|
|
||||||
}
|
|
||||||
m.searcherLock.RLock()
|
|
||||||
plugin := m.searcher
|
|
||||||
m.searcherLock.RUnlock()
|
|
||||||
|
|
||||||
return plugin.searchear.SearchFsEvents(searchFilters)
|
|
||||||
}
|
|
||||||
|
|
||||||
// SearchProviderEvents returns the provider events matching the specified filters
|
|
||||||
func (m *Manager) SearchProviderEvents(searchFilters *eventsearcher.ProviderEventSearch) ([]byte, []string, []string, error) {
|
|
||||||
if !m.hasSearcher {
|
|
||||||
return nil, nil, nil, ErrNoSearcher
|
|
||||||
}
|
|
||||||
m.searcherLock.RLock()
|
|
||||||
plugin := m.searcher
|
|
||||||
m.searcherLock.RUnlock()
|
|
||||||
|
|
||||||
return plugin.searchear.SearchProviderEvents(searchFilters)
|
|
||||||
}
|
|
||||||
|
|
||||||
// HasMetadater returns true if a metadata plugin is defined
|
|
||||||
func (m *Manager) HasMetadater() bool {
|
|
||||||
return m.hasMetadater
|
|
||||||
}
|
|
||||||
|
|
||||||
// SetModificationTime sets the modification time for the specified object
|
|
||||||
func (m *Manager) SetModificationTime(storageID, objectPath string, mTime int64) error {
|
|
||||||
if !m.hasMetadater {
|
|
||||||
return ErrNoMetadater
|
|
||||||
}
|
|
||||||
m.metadaterLock.RLock()
|
|
||||||
plugin := m.metadater
|
|
||||||
m.metadaterLock.RUnlock()
|
|
||||||
|
|
||||||
return plugin.metadater.SetModificationTime(storageID, objectPath, mTime)
|
|
||||||
}
|
|
||||||
|
|
||||||
// GetModificationTime returns the modification time for the specified path
|
|
||||||
func (m *Manager) GetModificationTime(storageID, objectPath string, isDir bool) (int64, error) {
|
|
||||||
if !m.hasMetadater {
|
|
||||||
return 0, ErrNoMetadater
|
|
||||||
}
|
|
||||||
m.metadaterLock.RLock()
|
|
||||||
plugin := m.metadater
|
|
||||||
m.metadaterLock.RUnlock()
|
|
||||||
|
|
||||||
return plugin.metadater.GetModificationTime(storageID, objectPath)
|
|
||||||
}
|
|
||||||
|
|
||||||
// GetModificationTimes returns the modification times for all the files within the specified folder
|
|
||||||
func (m *Manager) GetModificationTimes(storageID, objectPath string) (map[string]int64, error) {
|
|
||||||
if !m.hasMetadater {
|
|
||||||
return nil, ErrNoMetadater
|
|
||||||
}
|
|
||||||
m.metadaterLock.RLock()
|
|
||||||
plugin := m.metadater
|
|
||||||
m.metadaterLock.RUnlock()
|
|
||||||
|
|
||||||
return plugin.metadater.GetModificationTimes(storageID, objectPath)
|
|
||||||
}
|
|
||||||
|
|
||||||
// RemoveMetadata deletes the metadata stored for the specified object
|
|
||||||
func (m *Manager) RemoveMetadata(storageID, objectPath string) error {
|
|
||||||
if !m.hasMetadater {
|
|
||||||
return ErrNoMetadater
|
|
||||||
}
|
|
||||||
m.metadaterLock.RLock()
|
|
||||||
plugin := m.metadater
|
|
||||||
m.metadaterLock.RUnlock()
|
|
||||||
|
|
||||||
return plugin.metadater.RemoveMetadata(storageID, objectPath)
|
|
||||||
}
|
|
||||||
|
|
||||||
// GetMetadataFolders returns the folders that metadata is associated with
|
|
||||||
func (m *Manager) GetMetadataFolders(storageID, from string, limit int) ([]string, error) {
|
|
||||||
if !m.hasMetadater {
|
|
||||||
return nil, ErrNoMetadater
|
|
||||||
}
|
|
||||||
m.metadaterLock.RLock()
|
|
||||||
plugin := m.metadater
|
|
||||||
m.metadaterLock.RUnlock()
|
|
||||||
|
|
||||||
return plugin.metadater.GetFolders(storageID, limit, from)
|
|
||||||
}
|
|
||||||
|
|
||||||
func (m *Manager) kmsEncrypt(secret kms.BaseSecret, url string, masterKey string, kmsID int) (string, string, int32, error) {
|
|
||||||
m.kmsLock.RLock()
|
|
||||||
plugin := m.kms[kmsID]
|
|
||||||
m.kmsLock.RUnlock()
|
|
||||||
|
|
||||||
return plugin.Encrypt(secret, url, masterKey)
|
|
||||||
}
|
|
||||||
|
|
||||||
func (m *Manager) kmsDecrypt(secret kms.BaseSecret, url string, masterKey string, kmsID int) (string, error) {
|
|
||||||
m.kmsLock.RLock()
|
|
||||||
plugin := m.kms[kmsID]
|
|
||||||
m.kmsLock.RUnlock()
|
|
||||||
|
|
||||||
return plugin.Decrypt(secret, url, masterKey)
|
|
||||||
}
|
|
||||||
|
|
||||||
// HasAuthScope returns true if there is an auth plugin that support the specified scope
|
|
||||||
func (m *Manager) HasAuthScope(scope int) bool {
|
|
||||||
if m.authScopes == -1 {
|
|
||||||
return false
|
|
||||||
}
|
|
||||||
return m.authScopes&scope != 0
|
|
||||||
}
|
|
||||||
|
|
||||||
// Authenticate tries to authenticate the specified user using an external plugin
|
|
||||||
func (m *Manager) Authenticate(username, password, ip, protocol string, pkey string,
|
|
||||||
tlsCert *x509.Certificate, authScope int, userAsJSON []byte,
|
|
||||||
) ([]byte, error) {
|
|
||||||
switch authScope {
|
|
||||||
case AuthScopePassword:
|
|
||||||
return m.checkUserAndPass(username, password, ip, protocol, userAsJSON)
|
|
||||||
case AuthScopePublicKey:
|
|
||||||
return m.checkUserAndPublicKey(username, pkey, ip, protocol, userAsJSON)
|
|
||||||
case AuthScopeKeyboardInteractive:
|
|
||||||
return m.checkUserAndKeyboardInteractive(username, ip, protocol, userAsJSON)
|
|
||||||
case AuthScopeTLSCertificate:
|
|
||||||
cert, err := util.EncodeTLSCertToPem(tlsCert)
|
|
||||||
if err != nil {
|
|
||||||
logger.Error(logSender, "unable to encode tls certificate to pem: %v", err)
|
|
||||||
return nil, fmt.Errorf("unable to encode tls cert to pem: %w", err)
|
|
||||||
}
|
|
||||||
return m.checkUserAndTLSCert(username, cert, ip, protocol, userAsJSON)
|
|
||||||
default:
|
|
||||||
return nil, fmt.Errorf("unsupported auth scope: %v", authScope)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// ExecuteKeyboardInteractiveStep executes a keyboard interactive step
|
|
||||||
func (m *Manager) ExecuteKeyboardInteractiveStep(req *KeyboardAuthRequest) (*KeyboardAuthResponse, error) {
|
|
||||||
var plugin *authPlugin
|
|
||||||
|
|
||||||
m.authLock.Lock()
|
|
||||||
for _, p := range m.auths {
|
|
||||||
if p.config.AuthOptions.Scope&AuthScopePassword != 0 {
|
|
||||||
plugin = p
|
|
||||||
break
|
|
||||||
}
|
|
||||||
}
|
|
||||||
m.authLock.Unlock()
|
|
||||||
|
|
||||||
if plugin == nil {
|
|
||||||
return nil, errors.New("no auth plugin configured for keyaboard interactive authentication step")
|
|
||||||
}
|
|
||||||
|
|
||||||
return plugin.sendKeyboardIteractiveRequest(req)
|
|
||||||
}
|
|
||||||
|
|
||||||
func (m *Manager) checkUserAndPass(username, password, ip, protocol string, userAsJSON []byte) ([]byte, error) {
|
|
||||||
var plugin *authPlugin
|
|
||||||
|
|
||||||
m.authLock.Lock()
|
|
||||||
for _, p := range m.auths {
|
|
||||||
if p.config.AuthOptions.Scope&AuthScopePassword != 0 {
|
|
||||||
plugin = p
|
|
||||||
break
|
|
||||||
}
|
|
||||||
}
|
|
||||||
m.authLock.Unlock()
|
|
||||||
|
|
||||||
if plugin == nil {
|
|
||||||
return nil, errors.New("no auth plugin configured for password checking")
|
|
||||||
}
|
|
||||||
|
|
||||||
return plugin.checkUserAndPass(username, password, ip, protocol, userAsJSON)
|
|
||||||
}
|
|
||||||
|
|
||||||
func (m *Manager) checkUserAndPublicKey(username, pubKey, ip, protocol string, userAsJSON []byte) ([]byte, error) {
|
|
||||||
var plugin *authPlugin
|
|
||||||
|
|
||||||
m.authLock.Lock()
|
|
||||||
for _, p := range m.auths {
|
|
||||||
if p.config.AuthOptions.Scope&AuthScopePublicKey != 0 {
|
|
||||||
plugin = p
|
|
||||||
break
|
|
||||||
}
|
|
||||||
}
|
|
||||||
m.authLock.Unlock()
|
|
||||||
|
|
||||||
if plugin == nil {
|
|
||||||
return nil, errors.New("no auth plugin configured for public key checking")
|
|
||||||
}
|
|
||||||
|
|
||||||
return plugin.checkUserAndPublicKey(username, pubKey, ip, protocol, userAsJSON)
|
|
||||||
}
|
|
||||||
|
|
||||||
func (m *Manager) checkUserAndTLSCert(username, tlsCert, ip, protocol string, userAsJSON []byte) ([]byte, error) {
|
|
||||||
var plugin *authPlugin
|
|
||||||
|
|
||||||
m.authLock.Lock()
|
|
||||||
for _, p := range m.auths {
|
|
||||||
if p.config.AuthOptions.Scope&AuthScopeTLSCertificate != 0 {
|
|
||||||
plugin = p
|
|
||||||
break
|
|
||||||
}
|
|
||||||
}
|
|
||||||
m.authLock.Unlock()
|
|
||||||
|
|
||||||
if plugin == nil {
|
|
||||||
return nil, errors.New("no auth plugin configured for TLS certificate checking")
|
|
||||||
}
|
|
||||||
|
|
||||||
return plugin.checkUserAndTLSCertificate(username, tlsCert, ip, protocol, userAsJSON)
|
|
||||||
}
|
|
||||||
|
|
||||||
func (m *Manager) checkUserAndKeyboardInteractive(username, ip, protocol string, userAsJSON []byte) ([]byte, error) {
|
|
||||||
var plugin *authPlugin
|
|
||||||
|
|
||||||
m.authLock.Lock()
|
|
||||||
for _, p := range m.auths {
|
|
||||||
if p.config.AuthOptions.Scope&AuthScopeKeyboardInteractive != 0 {
|
|
||||||
plugin = p
|
|
||||||
break
|
|
||||||
}
|
|
||||||
}
|
|
||||||
m.authLock.Unlock()
|
|
||||||
|
|
||||||
if plugin == nil {
|
|
||||||
return nil, errors.New("no auth plugin configured for keyboard interactive checking")
|
|
||||||
}
|
|
||||||
|
|
||||||
return plugin.checkUserAndKeyboardInteractive(username, ip, protocol, userAsJSON)
|
|
||||||
}
|
|
||||||
|
|
||||||
func (m *Manager) checkCrashedPlugins() {
|
|
||||||
m.notifLock.RLock()
|
|
||||||
for idx, n := range m.notifiers {
|
|
||||||
if n.exited() {
|
|
||||||
defer func(cfg Config, index int) {
|
|
||||||
Handler.restartNotifierPlugin(cfg, index)
|
|
||||||
}(n.config, idx)
|
|
||||||
} else {
|
|
||||||
n.sendQueuedEvents()
|
|
||||||
}
|
|
||||||
}
|
|
||||||
m.notifLock.RUnlock()
|
|
||||||
|
|
||||||
m.kmsLock.RLock()
|
|
||||||
for idx, k := range m.kms {
|
|
||||||
if k.exited() {
|
|
||||||
defer func(cfg Config, index int) {
|
|
||||||
Handler.restartKMSPlugin(cfg, index)
|
|
||||||
}(k.config, idx)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
m.kmsLock.RUnlock()
|
|
||||||
|
|
||||||
m.authLock.RLock()
|
|
||||||
for idx, a := range m.auths {
|
|
||||||
if a.exited() {
|
|
||||||
defer func(cfg Config, index int) {
|
|
||||||
Handler.restartAuthPlugin(cfg, index)
|
|
||||||
}(a.config, idx)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
m.authLock.RUnlock()
|
|
||||||
|
|
||||||
if m.hasSearcher {
|
|
||||||
m.searcherLock.RLock()
|
|
||||||
if m.searcher.exited() {
|
|
||||||
defer func(cfg Config) {
|
|
||||||
Handler.restartSearcherPlugin(cfg)
|
|
||||||
}(m.searcher.config)
|
|
||||||
}
|
|
||||||
m.searcherLock.RUnlock()
|
|
||||||
}
|
|
||||||
|
|
||||||
if m.hasMetadater {
|
|
||||||
m.metadaterLock.RLock()
|
|
||||||
if m.metadater.exited() {
|
|
||||||
defer func(cfg Config) {
|
|
||||||
Handler.restartMetadaterPlugin(cfg)
|
|
||||||
}(m.metadater.config)
|
|
||||||
}
|
|
||||||
m.metadaterLock.RUnlock()
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func (m *Manager) restartNotifierPlugin(config Config, idx int) {
|
|
||||||
if atomic.LoadInt32(&m.closed) == 1 {
|
|
||||||
return
|
|
||||||
}
|
|
||||||
logger.Info(logSender, "try to restart crashed notifier plugin %#v, idx: %v", config.Cmd, idx)
|
|
||||||
plugin, err := newNotifierPlugin(config)
|
|
||||||
if err != nil {
|
|
||||||
logger.Error(logSender, "unable to restart notifier plugin %#v, err: %v", config.Cmd, err)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
m.notifLock.Lock()
|
|
||||||
plugin.queue = m.notifiers[idx].queue
|
|
||||||
m.notifiers[idx] = plugin
|
|
||||||
m.notifLock.Unlock()
|
|
||||||
plugin.sendQueuedEvents()
|
|
||||||
}
|
|
||||||
|
|
||||||
func (m *Manager) restartKMSPlugin(config Config, idx int) {
|
|
||||||
if atomic.LoadInt32(&m.closed) == 1 {
|
|
||||||
return
|
|
||||||
}
|
|
||||||
logger.Info(logSender, "try to restart crashed kms plugin %#v, idx: %v", config.Cmd, idx)
|
|
||||||
plugin, err := newKMSPlugin(config)
|
|
||||||
if err != nil {
|
|
||||||
logger.Error(logSender, "unable to restart kms plugin %#v, err: %v", config.Cmd, err)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
m.kmsLock.Lock()
|
|
||||||
m.kms[idx] = plugin
|
|
||||||
m.kmsLock.Unlock()
|
|
||||||
}
|
|
||||||
|
|
||||||
func (m *Manager) restartAuthPlugin(config Config, idx int) {
|
|
||||||
if atomic.LoadInt32(&m.closed) == 1 {
|
|
||||||
return
|
|
||||||
}
|
|
||||||
logger.Info(logSender, "try to restart crashed auth plugin %#v, idx: %v", config.Cmd, idx)
|
|
||||||
plugin, err := newAuthPlugin(config)
|
|
||||||
if err != nil {
|
|
||||||
logger.Error(logSender, "unable to restart auth plugin %#v, err: %v", config.Cmd, err)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
m.authLock.Lock()
|
|
||||||
m.auths[idx] = plugin
|
|
||||||
m.authLock.Unlock()
|
|
||||||
}
|
|
||||||
|
|
||||||
func (m *Manager) restartSearcherPlugin(config Config) {
|
|
||||||
if atomic.LoadInt32(&m.closed) == 1 {
|
|
||||||
return
|
|
||||||
}
|
|
||||||
logger.Info(logSender, "try to restart crashed searcher plugin %#v", config.Cmd)
|
|
||||||
plugin, err := newSearcherPlugin(config)
|
|
||||||
if err != nil {
|
|
||||||
logger.Error(logSender, "unable to restart searcher plugin %#v, err: %v", config.Cmd, err)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
m.searcherLock.Lock()
|
|
||||||
m.searcher = plugin
|
|
||||||
m.searcherLock.Unlock()
|
|
||||||
}
|
|
||||||
|
|
||||||
func (m *Manager) restartMetadaterPlugin(config Config) {
|
|
||||||
if atomic.LoadInt32(&m.closed) == 1 {
|
|
||||||
return
|
|
||||||
}
|
|
||||||
logger.Info(logSender, "try to restart crashed metadater plugin %#v", config.Cmd)
|
|
||||||
plugin, err := newMetadaterPlugin(config)
|
|
||||||
if err != nil {
|
|
||||||
logger.Error(logSender, "unable to restart metadater plugin %#v, err: %v", config.Cmd, err)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
m.metadaterLock.Lock()
|
|
||||||
m.metadater = plugin
|
|
||||||
m.metadaterLock.Unlock()
|
|
||||||
}
|
|
||||||
|
|
||||||
// Cleanup releases all the active plugins
|
|
||||||
func (m *Manager) Cleanup() {
|
|
||||||
logger.Debug(logSender, "cleanup")
|
|
||||||
atomic.StoreInt32(&m.closed, 1)
|
|
||||||
close(m.done)
|
|
||||||
m.notifLock.Lock()
|
|
||||||
for _, n := range m.notifiers {
|
|
||||||
logger.Debug(logSender, "cleanup notifier plugin %v", n.config.Cmd)
|
|
||||||
n.cleanup()
|
|
||||||
}
|
|
||||||
m.notifLock.Unlock()
|
|
||||||
|
|
||||||
m.kmsLock.Lock()
|
|
||||||
for _, k := range m.kms {
|
|
||||||
logger.Debug(logSender, "cleanup kms plugin %v", k.config.Cmd)
|
|
||||||
k.cleanup()
|
|
||||||
}
|
|
||||||
m.kmsLock.Unlock()
|
|
||||||
|
|
||||||
m.authLock.Lock()
|
|
||||||
for _, a := range m.auths {
|
|
||||||
logger.Debug(logSender, "cleanup auth plugin %v", a.config.Cmd)
|
|
||||||
a.cleanup()
|
|
||||||
}
|
|
||||||
m.authLock.Unlock()
|
|
||||||
|
|
||||||
if m.hasSearcher {
|
|
||||||
m.searcherLock.Lock()
|
|
||||||
logger.Debug(logSender, "cleanup searcher plugin %v", m.searcher.config.Cmd)
|
|
||||||
m.searcher.cleanup()
|
|
||||||
m.searcherLock.Unlock()
|
|
||||||
}
|
|
||||||
|
|
||||||
if m.hasMetadater {
|
|
||||||
m.metadaterLock.Lock()
|
|
||||||
logger.Debug(logSender, "cleanup metadater plugin %v", m.metadater.config.Cmd)
|
|
||||||
m.metadater.cleanup()
|
|
||||||
m.metadaterLock.Unlock()
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func setLogLevel(logVerbose bool) {
|
|
||||||
if logVerbose {
|
|
||||||
pluginsLogLevel = hclog.Debug
|
|
||||||
} else {
|
|
||||||
pluginsLogLevel = hclog.Info
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func startCheckTicker() {
|
|
||||||
logger.Debug(logSender, "start plugins checker")
|
|
||||||
checker := time.NewTicker(30 * time.Second)
|
|
||||||
|
|
||||||
go func() {
|
|
||||||
for {
|
|
||||||
select {
|
|
||||||
case <-Handler.done:
|
|
||||||
logger.Debug(logSender, "handler done, stop plugins checker")
|
|
||||||
checker.Stop()
|
|
||||||
return
|
|
||||||
case <-checker.C:
|
|
||||||
Handler.checkCrashedPlugins()
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}()
|
|
||||||
}
|
|
||||||
|
|
|
@ -4,7 +4,6 @@ import (
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
"github.com/drakkan/sftpgo/v2/sdk/kms"
|
"github.com/drakkan/sftpgo/v2/sdk/kms"
|
||||||
"github.com/drakkan/sftpgo/v2/sdk/util"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
// Web Client/user REST API restrictions
|
// Web Client/user REST API restrictions
|
||||||
|
@ -53,11 +52,6 @@ type DirectoryPermissions struct {
|
||||||
Permissions []string
|
Permissions []string
|
||||||
}
|
}
|
||||||
|
|
||||||
// HasPerm returns true if the directory has the specified permissions
|
|
||||||
func (d *DirectoryPermissions) HasPerm(perm string) bool {
|
|
||||||
return util.IsStringInSlice(perm, d.Permissions)
|
|
||||||
}
|
|
||||||
|
|
||||||
// PatternsFilter defines filters based on shell like patterns.
|
// PatternsFilter defines filters based on shell like patterns.
|
||||||
// These restrictions do not apply to files listing for performance reasons, so
|
// These restrictions do not apply to files listing for performance reasons, so
|
||||||
// a denied file cannot be downloaded/overwritten/renamed but will still be
|
// a denied file cannot be downloaded/overwritten/renamed but will still be
|
||||||
|
|
|
@ -1,31 +0,0 @@
|
||||||
// Package util provides some common utility methods
|
|
||||||
package util
|
|
||||||
|
|
||||||
import (
|
|
||||||
"crypto/x509"
|
|
||||||
"encoding/pem"
|
|
||||||
"errors"
|
|
||||||
)
|
|
||||||
|
|
||||||
// IsStringInSlice searches a string in a slice and returns true if the string is found
|
|
||||||
func IsStringInSlice(obj string, list []string) bool {
|
|
||||||
for i := 0; i < len(list); i++ {
|
|
||||||
if list[i] == obj {
|
|
||||||
return true
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return false
|
|
||||||
}
|
|
||||||
|
|
||||||
// EncodeTLSCertToPem returns the specified certificate PEM encoded.
|
|
||||||
// This can be verified using openssl x509 -in cert.crt -text -noout
|
|
||||||
func EncodeTLSCertToPem(tlsCert *x509.Certificate) (string, error) {
|
|
||||||
if len(tlsCert.Raw) == 0 {
|
|
||||||
return "", errors.New("invalid x509 certificate, no der contents")
|
|
||||||
}
|
|
||||||
publicKeyBlock := pem.Block{
|
|
||||||
Type: "CERTIFICATE",
|
|
||||||
Bytes: tlsCert.Raw,
|
|
||||||
}
|
|
||||||
return string(pem.EncodeToMemory(&publicKeyBlock)), nil
|
|
||||||
}
|
|
|
@ -14,7 +14,7 @@ import (
|
||||||
"github.com/drakkan/sftpgo/v2/dataprovider"
|
"github.com/drakkan/sftpgo/v2/dataprovider"
|
||||||
"github.com/drakkan/sftpgo/v2/httpd"
|
"github.com/drakkan/sftpgo/v2/httpd"
|
||||||
"github.com/drakkan/sftpgo/v2/logger"
|
"github.com/drakkan/sftpgo/v2/logger"
|
||||||
"github.com/drakkan/sftpgo/v2/sdk/plugin"
|
"github.com/drakkan/sftpgo/v2/plugin"
|
||||||
"github.com/drakkan/sftpgo/v2/util"
|
"github.com/drakkan/sftpgo/v2/util"
|
||||||
"github.com/drakkan/sftpgo/v2/version"
|
"github.com/drakkan/sftpgo/v2/version"
|
||||||
)
|
)
|
||||||
|
|
|
@ -16,7 +16,7 @@ import (
|
||||||
"github.com/drakkan/sftpgo/v2/ftpd"
|
"github.com/drakkan/sftpgo/v2/ftpd"
|
||||||
"github.com/drakkan/sftpgo/v2/httpd"
|
"github.com/drakkan/sftpgo/v2/httpd"
|
||||||
"github.com/drakkan/sftpgo/v2/logger"
|
"github.com/drakkan/sftpgo/v2/logger"
|
||||||
"github.com/drakkan/sftpgo/v2/sdk/plugin"
|
"github.com/drakkan/sftpgo/v2/plugin"
|
||||||
"github.com/drakkan/sftpgo/v2/telemetry"
|
"github.com/drakkan/sftpgo/v2/telemetry"
|
||||||
"github.com/drakkan/sftpgo/v2/webdavd"
|
"github.com/drakkan/sftpgo/v2/webdavd"
|
||||||
)
|
)
|
||||||
|
|
|
@ -13,7 +13,7 @@ import (
|
||||||
"github.com/drakkan/sftpgo/v2/ftpd"
|
"github.com/drakkan/sftpgo/v2/ftpd"
|
||||||
"github.com/drakkan/sftpgo/v2/httpd"
|
"github.com/drakkan/sftpgo/v2/httpd"
|
||||||
"github.com/drakkan/sftpgo/v2/logger"
|
"github.com/drakkan/sftpgo/v2/logger"
|
||||||
"github.com/drakkan/sftpgo/v2/sdk/plugin"
|
"github.com/drakkan/sftpgo/v2/plugin"
|
||||||
"github.com/drakkan/sftpgo/v2/telemetry"
|
"github.com/drakkan/sftpgo/v2/telemetry"
|
||||||
"github.com/drakkan/sftpgo/v2/webdavd"
|
"github.com/drakkan/sftpgo/v2/webdavd"
|
||||||
)
|
)
|
||||||
|
|
|
@ -5,7 +5,7 @@ import (
|
||||||
"os/signal"
|
"os/signal"
|
||||||
|
|
||||||
"github.com/drakkan/sftpgo/v2/logger"
|
"github.com/drakkan/sftpgo/v2/logger"
|
||||||
"github.com/drakkan/sftpgo/v2/sdk/plugin"
|
"github.com/drakkan/sftpgo/v2/plugin"
|
||||||
)
|
)
|
||||||
|
|
||||||
func registerSignals() {
|
func registerSignals() {
|
||||||
|
|
|
@ -16,7 +16,6 @@ import (
|
||||||
|
|
||||||
"github.com/drakkan/sftpgo/v2/common"
|
"github.com/drakkan/sftpgo/v2/common"
|
||||||
"github.com/drakkan/sftpgo/v2/logger"
|
"github.com/drakkan/sftpgo/v2/logger"
|
||||||
sdklogger "github.com/drakkan/sftpgo/v2/sdk/logger"
|
|
||||||
"github.com/drakkan/sftpgo/v2/util"
|
"github.com/drakkan/sftpgo/v2/util"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -96,7 +95,7 @@ func (c Conf) Initialize(configDir string) error {
|
||||||
WriteTimeout: 60 * time.Second,
|
WriteTimeout: 60 * time.Second,
|
||||||
IdleTimeout: 60 * time.Second,
|
IdleTimeout: 60 * time.Second,
|
||||||
MaxHeaderBytes: 1 << 14, // 16KB
|
MaxHeaderBytes: 1 << 14, // 16KB
|
||||||
ErrorLog: log.New(&sdklogger.StdLoggerWrapper{Sender: logSender}, "", 0),
|
ErrorLog: log.New(&logger.StdLoggerWrapper{Sender: logSender}, "", 0),
|
||||||
}
|
}
|
||||||
if certificateFile != "" && certificateKeyFile != "" {
|
if certificateFile != "" && certificateKeyFile != "" {
|
||||||
certMgr, err = common.NewCertManager(certificateFile, certificateKeyFile, configDir, logSender)
|
certMgr, err = common.NewCertManager(certificateFile, certificateKeyFile, configDir, logSender)
|
||||||
|
|
14
util/util.go
14
util/util.go
|
@ -11,6 +11,7 @@ import (
|
||||||
"crypto/tls"
|
"crypto/tls"
|
||||||
"crypto/x509"
|
"crypto/x509"
|
||||||
"encoding/pem"
|
"encoding/pem"
|
||||||
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"html/template"
|
"html/template"
|
||||||
"io"
|
"io"
|
||||||
|
@ -422,6 +423,19 @@ func GetTLSCiphersFromNames(cipherNames []string) []uint16 {
|
||||||
return ciphers
|
return ciphers
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// EncodeTLSCertToPem returns the specified certificate PEM encoded.
|
||||||
|
// This can be verified using openssl x509 -in cert.crt -text -noout
|
||||||
|
func EncodeTLSCertToPem(tlsCert *x509.Certificate) (string, error) {
|
||||||
|
if len(tlsCert.Raw) == 0 {
|
||||||
|
return "", errors.New("invalid x509 certificate, no der contents")
|
||||||
|
}
|
||||||
|
publicKeyBlock := pem.Block{
|
||||||
|
Type: "CERTIFICATE",
|
||||||
|
Bytes: tlsCert.Raw,
|
||||||
|
}
|
||||||
|
return string(pem.EncodeToMemory(&publicKeyBlock)), nil
|
||||||
|
}
|
||||||
|
|
||||||
// CheckTCP4Port quits the app if bind on the given IPv4 port fails.
|
// CheckTCP4Port quits the app if bind on the given IPv4 port fails.
|
||||||
// This is a ugly hack to avoid to bind on an already used port.
|
// This is a ugly hack to avoid to bind on an already used port.
|
||||||
// It is required on Windows only. Upstream does not consider this
|
// It is required on Windows only. Upstream does not consider this
|
||||||
|
|
|
@ -26,7 +26,7 @@ import (
|
||||||
|
|
||||||
"github.com/drakkan/sftpgo/v2/logger"
|
"github.com/drakkan/sftpgo/v2/logger"
|
||||||
"github.com/drakkan/sftpgo/v2/metric"
|
"github.com/drakkan/sftpgo/v2/metric"
|
||||||
"github.com/drakkan/sftpgo/v2/sdk/plugin"
|
"github.com/drakkan/sftpgo/v2/plugin"
|
||||||
"github.com/drakkan/sftpgo/v2/util"
|
"github.com/drakkan/sftpgo/v2/util"
|
||||||
"github.com/drakkan/sftpgo/v2/version"
|
"github.com/drakkan/sftpgo/v2/version"
|
||||||
)
|
)
|
||||||
|
|
|
@ -25,8 +25,8 @@ import (
|
||||||
|
|
||||||
"github.com/drakkan/sftpgo/v2/logger"
|
"github.com/drakkan/sftpgo/v2/logger"
|
||||||
"github.com/drakkan/sftpgo/v2/metric"
|
"github.com/drakkan/sftpgo/v2/metric"
|
||||||
|
"github.com/drakkan/sftpgo/v2/plugin"
|
||||||
"github.com/drakkan/sftpgo/v2/sdk/kms"
|
"github.com/drakkan/sftpgo/v2/sdk/kms"
|
||||||
"github.com/drakkan/sftpgo/v2/sdk/plugin"
|
|
||||||
"github.com/drakkan/sftpgo/v2/util"
|
"github.com/drakkan/sftpgo/v2/util"
|
||||||
"github.com/drakkan/sftpgo/v2/version"
|
"github.com/drakkan/sftpgo/v2/version"
|
||||||
)
|
)
|
||||||
|
|
|
@ -26,7 +26,7 @@ import (
|
||||||
|
|
||||||
"github.com/drakkan/sftpgo/v2/logger"
|
"github.com/drakkan/sftpgo/v2/logger"
|
||||||
"github.com/drakkan/sftpgo/v2/metric"
|
"github.com/drakkan/sftpgo/v2/metric"
|
||||||
"github.com/drakkan/sftpgo/v2/sdk/plugin"
|
"github.com/drakkan/sftpgo/v2/plugin"
|
||||||
"github.com/drakkan/sftpgo/v2/util"
|
"github.com/drakkan/sftpgo/v2/util"
|
||||||
"github.com/drakkan/sftpgo/v2/version"
|
"github.com/drakkan/sftpgo/v2/version"
|
||||||
)
|
)
|
||||||
|
|
|
@ -17,9 +17,9 @@ import (
|
||||||
"github.com/pkg/sftp"
|
"github.com/pkg/sftp"
|
||||||
|
|
||||||
"github.com/drakkan/sftpgo/v2/logger"
|
"github.com/drakkan/sftpgo/v2/logger"
|
||||||
|
"github.com/drakkan/sftpgo/v2/plugin"
|
||||||
"github.com/drakkan/sftpgo/v2/sdk"
|
"github.com/drakkan/sftpgo/v2/sdk"
|
||||||
"github.com/drakkan/sftpgo/v2/sdk/kms"
|
"github.com/drakkan/sftpgo/v2/sdk/kms"
|
||||||
"github.com/drakkan/sftpgo/v2/sdk/plugin"
|
|
||||||
"github.com/drakkan/sftpgo/v2/sdk/plugin/metadata"
|
"github.com/drakkan/sftpgo/v2/sdk/plugin/metadata"
|
||||||
"github.com/drakkan/sftpgo/v2/util"
|
"github.com/drakkan/sftpgo/v2/util"
|
||||||
)
|
)
|
||||||
|
|
|
@ -23,7 +23,6 @@ import (
|
||||||
"github.com/drakkan/sftpgo/v2/dataprovider"
|
"github.com/drakkan/sftpgo/v2/dataprovider"
|
||||||
"github.com/drakkan/sftpgo/v2/logger"
|
"github.com/drakkan/sftpgo/v2/logger"
|
||||||
"github.com/drakkan/sftpgo/v2/metric"
|
"github.com/drakkan/sftpgo/v2/metric"
|
||||||
sdklogger "github.com/drakkan/sftpgo/v2/sdk/logger"
|
|
||||||
"github.com/drakkan/sftpgo/v2/util"
|
"github.com/drakkan/sftpgo/v2/util"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -40,7 +39,7 @@ func (s *webDavServer) listenAndServe(compressor *middleware.Compressor) error {
|
||||||
WriteTimeout: 60 * time.Second,
|
WriteTimeout: 60 * time.Second,
|
||||||
IdleTimeout: 60 * time.Second,
|
IdleTimeout: 60 * time.Second,
|
||||||
MaxHeaderBytes: 1 << 16, // 64KB
|
MaxHeaderBytes: 1 << 16, // 64KB
|
||||||
ErrorLog: log.New(&sdklogger.StdLoggerWrapper{Sender: logSender}, "", 0),
|
ErrorLog: log.New(&logger.StdLoggerWrapper{Sender: logSender}, "", 0),
|
||||||
}
|
}
|
||||||
if s.config.Cors.Enabled {
|
if s.config.Cors.Enabled {
|
||||||
c := cors.New(cors.Options{
|
c := cors.New(cors.Options{
|
||||||
|
|
Loading…
Reference in a new issue