mirror of
https://github.com/drakkan/sftpgo.git
synced 2024-11-21 23:20:24 +00:00
move plugin handling outside the sdk package
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
This commit is contained in:
parent
6a20e7411b
commit
3603493146
37 changed files with 772 additions and 800 deletions
|
@ -15,7 +15,7 @@ import (
|
|||
"github.com/drakkan/sftpgo/v2/config"
|
||||
"github.com/drakkan/sftpgo/v2/dataprovider"
|
||||
"github.com/drakkan/sftpgo/v2/logger"
|
||||
"github.com/drakkan/sftpgo/v2/sdk/plugin"
|
||||
"github.com/drakkan/sftpgo/v2/plugin"
|
||||
"github.com/drakkan/sftpgo/v2/sftpd"
|
||||
"github.com/drakkan/sftpgo/v2/version"
|
||||
)
|
||||
|
|
|
@ -17,8 +17,8 @@ import (
|
|||
"github.com/drakkan/sftpgo/v2/dataprovider"
|
||||
"github.com/drakkan/sftpgo/v2/httpclient"
|
||||
"github.com/drakkan/sftpgo/v2/logger"
|
||||
"github.com/drakkan/sftpgo/v2/plugin"
|
||||
"github.com/drakkan/sftpgo/v2/sdk"
|
||||
"github.com/drakkan/sftpgo/v2/sdk/plugin"
|
||||
"github.com/drakkan/sftpgo/v2/sdk/plugin/notifier"
|
||||
"github.com/drakkan/sftpgo/v2/util"
|
||||
)
|
||||
|
|
|
@ -14,8 +14,8 @@ import (
|
|||
"github.com/stretchr/testify/assert"
|
||||
|
||||
"github.com/drakkan/sftpgo/v2/dataprovider"
|
||||
"github.com/drakkan/sftpgo/v2/plugin"
|
||||
"github.com/drakkan/sftpgo/v2/sdk"
|
||||
"github.com/drakkan/sftpgo/v2/sdk/plugin"
|
||||
"github.com/drakkan/sftpgo/v2/sdk/plugin/notifier"
|
||||
"github.com/drakkan/sftpgo/v2/vfs"
|
||||
)
|
||||
|
|
|
@ -18,8 +18,8 @@ import (
|
|||
"github.com/drakkan/sftpgo/v2/httpd"
|
||||
"github.com/drakkan/sftpgo/v2/logger"
|
||||
"github.com/drakkan/sftpgo/v2/mfa"
|
||||
"github.com/drakkan/sftpgo/v2/plugin"
|
||||
"github.com/drakkan/sftpgo/v2/sdk/kms"
|
||||
"github.com/drakkan/sftpgo/v2/sdk/plugin"
|
||||
"github.com/drakkan/sftpgo/v2/sftpd"
|
||||
"github.com/drakkan/sftpgo/v2/smtp"
|
||||
"github.com/drakkan/sftpgo/v2/telemetry"
|
||||
|
|
|
@ -18,8 +18,8 @@ import (
|
|||
"github.com/drakkan/sftpgo/v2/httpclient"
|
||||
"github.com/drakkan/sftpgo/v2/httpd"
|
||||
"github.com/drakkan/sftpgo/v2/mfa"
|
||||
"github.com/drakkan/sftpgo/v2/plugin"
|
||||
"github.com/drakkan/sftpgo/v2/sdk/kms"
|
||||
"github.com/drakkan/sftpgo/v2/sdk/plugin"
|
||||
"github.com/drakkan/sftpgo/v2/sftpd"
|
||||
"github.com/drakkan/sftpgo/v2/smtp"
|
||||
"github.com/drakkan/sftpgo/v2/util"
|
||||
|
|
|
@ -13,7 +13,7 @@ import (
|
|||
|
||||
"github.com/drakkan/sftpgo/v2/httpclient"
|
||||
"github.com/drakkan/sftpgo/v2/logger"
|
||||
"github.com/drakkan/sftpgo/v2/sdk/plugin"
|
||||
"github.com/drakkan/sftpgo/v2/plugin"
|
||||
"github.com/drakkan/sftpgo/v2/sdk/plugin/notifier"
|
||||
"github.com/drakkan/sftpgo/v2/util"
|
||||
)
|
||||
|
|
|
@ -49,10 +49,9 @@ import (
|
|||
"github.com/drakkan/sftpgo/v2/logger"
|
||||
"github.com/drakkan/sftpgo/v2/metric"
|
||||
"github.com/drakkan/sftpgo/v2/mfa"
|
||||
"github.com/drakkan/sftpgo/v2/plugin"
|
||||
"github.com/drakkan/sftpgo/v2/sdk"
|
||||
"github.com/drakkan/sftpgo/v2/sdk/kms"
|
||||
"github.com/drakkan/sftpgo/v2/sdk/plugin"
|
||||
sdkutil "github.com/drakkan/sftpgo/v2/sdk/util"
|
||||
"github.com/drakkan/sftpgo/v2/util"
|
||||
"github.com/drakkan/sftpgo/v2/vfs"
|
||||
)
|
||||
|
@ -2890,7 +2889,7 @@ func getExternalAuthResponse(username, password, pkey, keyboardInteractive, ip,
|
|||
var tlsCert string
|
||||
if cert != nil {
|
||||
var err error
|
||||
tlsCert, err = sdkutil.EncodeTLSCertToPem(cert)
|
||||
tlsCert, err = util.EncodeTLSCertToPem(cert)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
|
@ -6,7 +6,7 @@ import (
|
|||
"strconv"
|
||||
|
||||
"github.com/drakkan/sftpgo/v2/dataprovider"
|
||||
"github.com/drakkan/sftpgo/v2/sdk/plugin"
|
||||
"github.com/drakkan/sftpgo/v2/plugin"
|
||||
"github.com/drakkan/sftpgo/v2/sdk/plugin/eventsearcher"
|
||||
"github.com/drakkan/sftpgo/v2/util"
|
||||
)
|
||||
|
|
|
@ -24,7 +24,7 @@ import (
|
|||
"github.com/drakkan/sftpgo/v2/dataprovider"
|
||||
"github.com/drakkan/sftpgo/v2/logger"
|
||||
"github.com/drakkan/sftpgo/v2/metric"
|
||||
"github.com/drakkan/sftpgo/v2/sdk/plugin"
|
||||
"github.com/drakkan/sftpgo/v2/plugin"
|
||||
"github.com/drakkan/sftpgo/v2/smtp"
|
||||
"github.com/drakkan/sftpgo/v2/util"
|
||||
)
|
||||
|
|
|
@ -47,9 +47,9 @@ import (
|
|||
"github.com/drakkan/sftpgo/v2/httpdtest"
|
||||
"github.com/drakkan/sftpgo/v2/logger"
|
||||
"github.com/drakkan/sftpgo/v2/mfa"
|
||||
"github.com/drakkan/sftpgo/v2/plugin"
|
||||
"github.com/drakkan/sftpgo/v2/sdk"
|
||||
"github.com/drakkan/sftpgo/v2/sdk/kms"
|
||||
"github.com/drakkan/sftpgo/v2/sdk/plugin"
|
||||
"github.com/drakkan/sftpgo/v2/sftpd"
|
||||
"github.com/drakkan/sftpgo/v2/smtp"
|
||||
"github.com/drakkan/sftpgo/v2/util"
|
||||
|
|
|
@ -33,9 +33,9 @@ import (
|
|||
|
||||
"github.com/drakkan/sftpgo/v2/common"
|
||||
"github.com/drakkan/sftpgo/v2/dataprovider"
|
||||
"github.com/drakkan/sftpgo/v2/plugin"
|
||||
"github.com/drakkan/sftpgo/v2/sdk"
|
||||
"github.com/drakkan/sftpgo/v2/sdk/kms"
|
||||
"github.com/drakkan/sftpgo/v2/sdk/plugin"
|
||||
"github.com/drakkan/sftpgo/v2/util"
|
||||
"github.com/drakkan/sftpgo/v2/vfs"
|
||||
)
|
||||
|
|
|
@ -25,7 +25,6 @@ import (
|
|||
"github.com/drakkan/sftpgo/v2/logger"
|
||||
"github.com/drakkan/sftpgo/v2/mfa"
|
||||
"github.com/drakkan/sftpgo/v2/sdk"
|
||||
sdklogger "github.com/drakkan/sftpgo/v2/sdk/logger"
|
||||
"github.com/drakkan/sftpgo/v2/smtp"
|
||||
"github.com/drakkan/sftpgo/v2/util"
|
||||
"github.com/drakkan/sftpgo/v2/version"
|
||||
|
@ -76,7 +75,7 @@ func (s *httpdServer) listenAndServe() error {
|
|||
WriteTimeout: 60 * time.Second,
|
||||
IdleTimeout: 60 * time.Second,
|
||||
MaxHeaderBytes: 1 << 16, // 64KB
|
||||
ErrorLog: log.New(&sdklogger.StdLoggerWrapper{Sender: logSender}, "", 0),
|
||||
ErrorLog: log.New(&logger.StdLoggerWrapper{Sender: logSender}, "", 0),
|
||||
}
|
||||
if certMgr != nil && s.binding.EnableHTTPS {
|
||||
config := &tls.Config{
|
||||
|
|
|
@ -5,6 +5,7 @@ import (
|
|||
"log"
|
||||
|
||||
"github.com/hashicorp/go-hclog"
|
||||
"github.com/rs/zerolog"
|
||||
)
|
||||
|
||||
// HCLogAdapter is an adapter for hclog.Logger
|
||||
|
@ -14,7 +15,20 @@ type HCLogAdapter struct {
|
|||
|
||||
// Log emits a message and key/value pairs at a provided log level
|
||||
func (l *HCLogAdapter) Log(level hclog.Level, msg string, args ...interface{}) {
|
||||
logger.LogWithKeyVals(level, l.Name(), msg, args...)
|
||||
var ev *zerolog.Event
|
||||
switch level {
|
||||
case hclog.Info:
|
||||
ev = logger.Info()
|
||||
case hclog.Warn:
|
||||
ev = logger.Warn()
|
||||
case hclog.Error:
|
||||
ev = logger.Error()
|
||||
default:
|
||||
ev = logger.Debug()
|
||||
}
|
||||
ev.Timestamp().Str("sender", l.Name())
|
||||
addKeysAndValues(ev, args...)
|
||||
ev.Msg(msg)
|
||||
}
|
||||
|
||||
// Trace emits a message and key/value pairs at the TRACE level
|
||||
|
@ -61,21 +75,3 @@ func (l *HCLogAdapter) StandardLogger(opts *hclog.StandardLoggerOptions) *log.Lo
|
|||
func (l *HCLogAdapter) StandardWriter(opts *hclog.StandardLoggerOptions) io.Writer {
|
||||
return &StdLoggerWrapper{Sender: l.Name()}
|
||||
}
|
||||
|
||||
// StdLoggerWrapper is a wrapper for standard logger compatibility
|
||||
type StdLoggerWrapper struct {
|
||||
Sender string
|
||||
}
|
||||
|
||||
// Write implements the io.Writer interface. This is useful to set as a writer
|
||||
// for the standard library log.
|
||||
func (l *StdLoggerWrapper) Write(p []byte) (n int, err error) {
|
||||
n = len(p)
|
||||
if n > 0 && p[n-1] == '\n' {
|
||||
// Trim CR added by stdlog.
|
||||
p = p[0 : n-1]
|
||||
}
|
||||
|
||||
logger.Log(hclog.Error, l.Sender, "", string(p))
|
||||
return
|
||||
}
|
|
@ -16,7 +16,6 @@ import (
|
|||
"time"
|
||||
|
||||
ftpserverlog "github.com/fclairamb/go-log"
|
||||
"github.com/hashicorp/go-hclog"
|
||||
"github.com/rs/zerolog"
|
||||
lumberjack "gopkg.in/natefinch/lumberjack.v2"
|
||||
|
||||
|
@ -46,25 +45,38 @@ var (
|
|||
|
||||
type logWrapper struct{}
|
||||
|
||||
// LogWithKeyVals logs at the specified level for the specified sender adding the specified key vals
|
||||
func (l *logWrapper) LogWithKeyVals(level hclog.Level, sender, msg string, args ...interface{}) {
|
||||
LogWithKeyVals(level, sender, msg, args...)
|
||||
}
|
||||
|
||||
// Log logs at the specified level for the specified sender
|
||||
func (l *logWrapper) Log(level hclog.Level, sender, format string, v ...interface{}) {
|
||||
func (l *logWrapper) Log(level int, sender, format string, v ...interface{}) {
|
||||
switch level {
|
||||
case hclog.Info:
|
||||
case 1:
|
||||
Log(LevelInfo, sender, "", format, v...)
|
||||
case hclog.Warn:
|
||||
case 2:
|
||||
Log(LevelWarn, sender, "", format, v...)
|
||||
case hclog.Error:
|
||||
case 3:
|
||||
Log(LevelError, sender, "", format, v...)
|
||||
default:
|
||||
Log(LevelDebug, sender, "", format, v...)
|
||||
}
|
||||
}
|
||||
|
||||
// StdLoggerWrapper is a wrapper for standard logger compatibility
|
||||
type StdLoggerWrapper struct {
|
||||
Sender string
|
||||
}
|
||||
|
||||
// Write implements the io.Writer interface. This is useful to set as a writer
|
||||
// for the standard library log.
|
||||
func (l *StdLoggerWrapper) Write(p []byte) (n int, err error) {
|
||||
n = len(p)
|
||||
if n > 0 && p[n-1] == '\n' {
|
||||
// Trim CR added by stdlog.
|
||||
p = p[0 : n-1]
|
||||
}
|
||||
|
||||
Log(LevelError, l.Sender, "", string(p))
|
||||
return
|
||||
}
|
||||
|
||||
// LeveledLogger is a logger that accepts a message string and a variadic number of key-value pairs
|
||||
type LeveledLogger struct {
|
||||
Sender string
|
||||
|
@ -219,24 +231,6 @@ func RotateLogFile() error {
|
|||
return errors.New("logging to file is disabled")
|
||||
}
|
||||
|
||||
// LogWithKeyVals logs at the specified level for the specified sender adding the specified key vals
|
||||
func LogWithKeyVals(level hclog.Level, sender, msg string, args ...interface{}) {
|
||||
var ev *zerolog.Event
|
||||
switch level {
|
||||
case hclog.Info:
|
||||
ev = logger.Info()
|
||||
case hclog.Warn:
|
||||
ev = logger.Warn()
|
||||
case hclog.Error:
|
||||
ev = logger.Error()
|
||||
default:
|
||||
ev = logger.Debug()
|
||||
}
|
||||
ev.Timestamp().Str("sender", sender)
|
||||
addKeysAndValues(ev, args...)
|
||||
ev.Msg(msg)
|
||||
}
|
||||
|
||||
// Log logs at the specified level for the specified sender
|
||||
func Log(level LogLevel, sender string, connectionID string, format string, v ...interface{}) {
|
||||
var ev *zerolog.Event
|
||||
|
|
|
@ -9,7 +9,7 @@ import (
|
|||
"github.com/hashicorp/go-hclog"
|
||||
"github.com/hashicorp/go-plugin"
|
||||
|
||||
"github.com/drakkan/sftpgo/v2/sdk/logger"
|
||||
"github.com/drakkan/sftpgo/v2/logger"
|
||||
"github.com/drakkan/sftpgo/v2/sdk/plugin/auth"
|
||||
)
|
||||
|
|
@ -9,10 +9,10 @@ import (
|
|||
"github.com/hashicorp/go-hclog"
|
||||
"github.com/hashicorp/go-plugin"
|
||||
|
||||
"github.com/drakkan/sftpgo/v2/logger"
|
||||
"github.com/drakkan/sftpgo/v2/sdk/kms"
|
||||
"github.com/drakkan/sftpgo/v2/sdk/logger"
|
||||
kmsplugin "github.com/drakkan/sftpgo/v2/sdk/plugin/kms"
|
||||
"github.com/drakkan/sftpgo/v2/sdk/util"
|
||||
"github.com/drakkan/sftpgo/v2/util"
|
||||
)
|
||||
|
||||
var (
|
|
@ -8,7 +8,7 @@ import (
|
|||
"github.com/hashicorp/go-hclog"
|
||||
"github.com/hashicorp/go-plugin"
|
||||
|
||||
"github.com/drakkan/sftpgo/v2/sdk/logger"
|
||||
"github.com/drakkan/sftpgo/v2/logger"
|
||||
"github.com/drakkan/sftpgo/v2/sdk/plugin/metadata"
|
||||
)
|
||||
|
|
@ -10,9 +10,9 @@ import (
|
|||
"github.com/hashicorp/go-hclog"
|
||||
"github.com/hashicorp/go-plugin"
|
||||
|
||||
"github.com/drakkan/sftpgo/v2/sdk/logger"
|
||||
"github.com/drakkan/sftpgo/v2/logger"
|
||||
"github.com/drakkan/sftpgo/v2/sdk/plugin/notifier"
|
||||
"github.com/drakkan/sftpgo/v2/sdk/util"
|
||||
"github.com/drakkan/sftpgo/v2/util"
|
||||
)
|
||||
|
||||
// NotifierConfig defines configuration parameters for notifiers plugins
|
666
plugin/plugin.go
Normal file
666
plugin/plugin.go
Normal file
|
@ -0,0 +1,666 @@
|
|||
// Package plugin provides support for the SFTPGo plugin system
|
||||
package plugin
|
||||
|
||||
import (
|
||||
"crypto/x509"
|
||||
"errors"
|
||||
"fmt"
|
||||
"sync"
|
||||
"sync/atomic"
|
||||
"time"
|
||||
|
||||
"github.com/hashicorp/go-hclog"
|
||||
|
||||
"github.com/drakkan/sftpgo/v2/logger"
|
||||
"github.com/drakkan/sftpgo/v2/sdk/kms"
|
||||
"github.com/drakkan/sftpgo/v2/sdk/plugin/auth"
|
||||
"github.com/drakkan/sftpgo/v2/sdk/plugin/eventsearcher"
|
||||
kmsplugin "github.com/drakkan/sftpgo/v2/sdk/plugin/kms"
|
||||
"github.com/drakkan/sftpgo/v2/sdk/plugin/metadata"
|
||||
"github.com/drakkan/sftpgo/v2/sdk/plugin/notifier"
|
||||
"github.com/drakkan/sftpgo/v2/util"
|
||||
)
|
||||
|
||||
const (
|
||||
logSender = "plugins"
|
||||
)
|
||||
|
||||
var (
|
||||
// Handler defines the plugins manager
|
||||
Handler Manager
|
||||
pluginsLogLevel = hclog.Debug
|
||||
// ErrNoSearcher defines the error to return for events searches if no plugin is configured
|
||||
ErrNoSearcher = errors.New("no events searcher plugin defined")
|
||||
// ErrNoMetadater returns the error to return for metadata methods if no plugin is configured
|
||||
ErrNoMetadater = errors.New("no metadata plugin defined")
|
||||
)
|
||||
|
||||
// Renderer defines the interface for generic objects rendering
|
||||
type Renderer interface {
|
||||
RenderAsJSON(reload bool) ([]byte, error)
|
||||
}
|
||||
|
||||
// Config defines a plugin configuration
|
||||
type Config struct {
|
||||
// Plugin type
|
||||
Type string `json:"type" mapstructure:"type"`
|
||||
// NotifierOptions defines options for notifiers plugins
|
||||
NotifierOptions NotifierConfig `json:"notifier_options" mapstructure:"notifier_options"`
|
||||
// KMSOptions defines options for a KMS plugin
|
||||
KMSOptions KMSConfig `json:"kms_options" mapstructure:"kms_options"`
|
||||
// AuthOptions defines options for authentication plugins
|
||||
AuthOptions AuthConfig `json:"auth_options" mapstructure:"auth_options"`
|
||||
// Path to the plugin executable
|
||||
Cmd string `json:"cmd" mapstructure:"cmd"`
|
||||
// Args to pass to the plugin executable
|
||||
Args []string `json:"args" mapstructure:"args"`
|
||||
// SHA256 checksum for the plugin executable.
|
||||
// If not empty it will be used to verify the integrity of the executable
|
||||
SHA256Sum string `json:"sha256sum" mapstructure:"sha256sum"`
|
||||
// If enabled the client and the server automatically negotiate mTLS for
|
||||
// transport authentication. This ensures that only the original client will
|
||||
// be allowed to connect to the server, and all other connections will be
|
||||
// rejected. The client will also refuse to connect to any server that isn't
|
||||
// the original instance started by the client.
|
||||
AutoMTLS bool `json:"auto_mtls" mapstructure:"auto_mtls"`
|
||||
// unique identifier for kms plugins
|
||||
kmsID int
|
||||
}
|
||||
|
||||
func (c *Config) newKMSPluginSecretProvider(base kms.BaseSecret, url, masterKey string) kms.SecretProvider {
|
||||
return &kmsPluginSecretProvider{
|
||||
BaseSecret: base,
|
||||
URL: url,
|
||||
MasterKey: masterKey,
|
||||
config: c,
|
||||
}
|
||||
}
|
||||
|
||||
// Manager handles enabled plugins
|
||||
type Manager struct {
|
||||
closed int32
|
||||
done chan bool
|
||||
// List of configured plugins
|
||||
Configs []Config `json:"plugins" mapstructure:"plugins"`
|
||||
notifLock sync.RWMutex
|
||||
notifiers []*notifierPlugin
|
||||
kmsLock sync.RWMutex
|
||||
kms []*kmsPlugin
|
||||
authLock sync.RWMutex
|
||||
auths []*authPlugin
|
||||
searcherLock sync.RWMutex
|
||||
searcher *searcherPlugin
|
||||
metadaterLock sync.RWMutex
|
||||
metadater *metadataPlugin
|
||||
authScopes int
|
||||
hasSearcher bool
|
||||
hasMetadater bool
|
||||
hasNotifiers bool
|
||||
}
|
||||
|
||||
// Initialize initializes the configured plugins
|
||||
func Initialize(configs []Config, logVerbose bool) error {
|
||||
logger.Debug(logSender, "", "initialize")
|
||||
Handler = Manager{
|
||||
Configs: configs,
|
||||
done: make(chan bool),
|
||||
closed: 0,
|
||||
authScopes: -1,
|
||||
}
|
||||
setLogLevel(logVerbose)
|
||||
if len(configs) == 0 {
|
||||
return nil
|
||||
}
|
||||
|
||||
if err := Handler.validateConfigs(); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
kmsID := 0
|
||||
for idx, config := range Handler.Configs {
|
||||
switch config.Type {
|
||||
case notifier.PluginName:
|
||||
plugin, err := newNotifierPlugin(config)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
Handler.notifiers = append(Handler.notifiers, plugin)
|
||||
case kmsplugin.PluginName:
|
||||
plugin, err := newKMSPlugin(config)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
Handler.kms = append(Handler.kms, plugin)
|
||||
Handler.Configs[idx].kmsID = kmsID
|
||||
kmsID++
|
||||
kms.RegisterSecretProvider(config.KMSOptions.Scheme, config.KMSOptions.EncryptedStatus,
|
||||
Handler.Configs[idx].newKMSPluginSecretProvider)
|
||||
logger.Debug(logSender, "", "registered secret provider for scheme: %v, encrypted status: %v",
|
||||
config.KMSOptions.Scheme, config.KMSOptions.EncryptedStatus)
|
||||
case auth.PluginName:
|
||||
plugin, err := newAuthPlugin(config)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
Handler.auths = append(Handler.auths, plugin)
|
||||
if Handler.authScopes == -1 {
|
||||
Handler.authScopes = config.AuthOptions.Scope
|
||||
} else {
|
||||
Handler.authScopes |= config.AuthOptions.Scope
|
||||
}
|
||||
case eventsearcher.PluginName:
|
||||
plugin, err := newSearcherPlugin(config)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
Handler.searcher = plugin
|
||||
case metadata.PluginName:
|
||||
plugin, err := newMetadaterPlugin(config)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
Handler.metadater = plugin
|
||||
default:
|
||||
return fmt.Errorf("unsupported plugin type: %v", config.Type)
|
||||
}
|
||||
}
|
||||
startCheckTicker()
|
||||
return nil
|
||||
}
|
||||
|
||||
func (m *Manager) validateConfigs() error {
|
||||
kmsSchemes := make(map[string]bool)
|
||||
kmsEncryptions := make(map[string]bool)
|
||||
m.hasSearcher = false
|
||||
m.hasMetadater = false
|
||||
m.hasNotifiers = false
|
||||
|
||||
for _, config := range m.Configs {
|
||||
if config.Type == kmsplugin.PluginName {
|
||||
if _, ok := kmsSchemes[config.KMSOptions.Scheme]; ok {
|
||||
return fmt.Errorf("invalid KMS configuration, duplicated scheme %#v", config.KMSOptions.Scheme)
|
||||
}
|
||||
if _, ok := kmsEncryptions[config.KMSOptions.EncryptedStatus]; ok {
|
||||
return fmt.Errorf("invalid KMS configuration, duplicated encrypted status %#v", config.KMSOptions.EncryptedStatus)
|
||||
}
|
||||
kmsSchemes[config.KMSOptions.Scheme] = true
|
||||
kmsEncryptions[config.KMSOptions.EncryptedStatus] = true
|
||||
}
|
||||
if config.Type == eventsearcher.PluginName {
|
||||
if m.hasSearcher {
|
||||
return errors.New("only one eventsearcher plugin can be defined")
|
||||
}
|
||||
m.hasSearcher = true
|
||||
}
|
||||
if config.Type == metadata.PluginName {
|
||||
if m.hasMetadater {
|
||||
return errors.New("only one metadata plugin can be defined")
|
||||
}
|
||||
m.hasMetadater = true
|
||||
}
|
||||
if config.Type == notifier.PluginName {
|
||||
m.hasNotifiers = true
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// HasNotifiers returns true if there is at least a notifier plugin
|
||||
func (m *Manager) HasNotifiers() bool {
|
||||
return m.hasNotifiers
|
||||
}
|
||||
|
||||
// NotifyFsEvent sends the fs event notifications using any defined notifier plugins
|
||||
func (m *Manager) NotifyFsEvent(event *notifier.FsEvent) {
|
||||
m.notifLock.RLock()
|
||||
defer m.notifLock.RUnlock()
|
||||
|
||||
for _, n := range m.notifiers {
|
||||
n.notifyFsAction(event)
|
||||
}
|
||||
}
|
||||
|
||||
// NotifyProviderEvent sends the provider event notifications using any defined notifier plugins
|
||||
func (m *Manager) NotifyProviderEvent(event *notifier.ProviderEvent, object Renderer) {
|
||||
m.notifLock.RLock()
|
||||
defer m.notifLock.RUnlock()
|
||||
|
||||
for _, n := range m.notifiers {
|
||||
n.notifyProviderAction(event, object)
|
||||
}
|
||||
}
|
||||
|
||||
// SearchFsEvents returns the filesystem events matching the specified filters
|
||||
func (m *Manager) SearchFsEvents(searchFilters *eventsearcher.FsEventSearch) ([]byte, []string, []string, error) {
|
||||
if !m.hasSearcher {
|
||||
return nil, nil, nil, ErrNoSearcher
|
||||
}
|
||||
m.searcherLock.RLock()
|
||||
plugin := m.searcher
|
||||
m.searcherLock.RUnlock()
|
||||
|
||||
return plugin.searchear.SearchFsEvents(searchFilters)
|
||||
}
|
||||
|
||||
// SearchProviderEvents returns the provider events matching the specified filters
|
||||
func (m *Manager) SearchProviderEvents(searchFilters *eventsearcher.ProviderEventSearch) ([]byte, []string, []string, error) {
|
||||
if !m.hasSearcher {
|
||||
return nil, nil, nil, ErrNoSearcher
|
||||
}
|
||||
m.searcherLock.RLock()
|
||||
plugin := m.searcher
|
||||
m.searcherLock.RUnlock()
|
||||
|
||||
return plugin.searchear.SearchProviderEvents(searchFilters)
|
||||
}
|
||||
|
||||
// HasMetadater returns true if a metadata plugin is defined
|
||||
func (m *Manager) HasMetadater() bool {
|
||||
return m.hasMetadater
|
||||
}
|
||||
|
||||
// SetModificationTime sets the modification time for the specified object
|
||||
func (m *Manager) SetModificationTime(storageID, objectPath string, mTime int64) error {
|
||||
if !m.hasMetadater {
|
||||
return ErrNoMetadater
|
||||
}
|
||||
m.metadaterLock.RLock()
|
||||
plugin := m.metadater
|
||||
m.metadaterLock.RUnlock()
|
||||
|
||||
return plugin.metadater.SetModificationTime(storageID, objectPath, mTime)
|
||||
}
|
||||
|
||||
// GetModificationTime returns the modification time for the specified path
|
||||
func (m *Manager) GetModificationTime(storageID, objectPath string, isDir bool) (int64, error) {
|
||||
if !m.hasMetadater {
|
||||
return 0, ErrNoMetadater
|
||||
}
|
||||
m.metadaterLock.RLock()
|
||||
plugin := m.metadater
|
||||
m.metadaterLock.RUnlock()
|
||||
|
||||
return plugin.metadater.GetModificationTime(storageID, objectPath)
|
||||
}
|
||||
|
||||
// GetModificationTimes returns the modification times for all the files within the specified folder
|
||||
func (m *Manager) GetModificationTimes(storageID, objectPath string) (map[string]int64, error) {
|
||||
if !m.hasMetadater {
|
||||
return nil, ErrNoMetadater
|
||||
}
|
||||
m.metadaterLock.RLock()
|
||||
plugin := m.metadater
|
||||
m.metadaterLock.RUnlock()
|
||||
|
||||
return plugin.metadater.GetModificationTimes(storageID, objectPath)
|
||||
}
|
||||
|
||||
// RemoveMetadata deletes the metadata stored for the specified object
|
||||
func (m *Manager) RemoveMetadata(storageID, objectPath string) error {
|
||||
if !m.hasMetadater {
|
||||
return ErrNoMetadater
|
||||
}
|
||||
m.metadaterLock.RLock()
|
||||
plugin := m.metadater
|
||||
m.metadaterLock.RUnlock()
|
||||
|
||||
return plugin.metadater.RemoveMetadata(storageID, objectPath)
|
||||
}
|
||||
|
||||
// GetMetadataFolders returns the folders that metadata is associated with
|
||||
func (m *Manager) GetMetadataFolders(storageID, from string, limit int) ([]string, error) {
|
||||
if !m.hasMetadater {
|
||||
return nil, ErrNoMetadater
|
||||
}
|
||||
m.metadaterLock.RLock()
|
||||
plugin := m.metadater
|
||||
m.metadaterLock.RUnlock()
|
||||
|
||||
return plugin.metadater.GetFolders(storageID, limit, from)
|
||||
}
|
||||
|
||||
func (m *Manager) kmsEncrypt(secret kms.BaseSecret, url string, masterKey string, kmsID int) (string, string, int32, error) {
|
||||
m.kmsLock.RLock()
|
||||
plugin := m.kms[kmsID]
|
||||
m.kmsLock.RUnlock()
|
||||
|
||||
return plugin.Encrypt(secret, url, masterKey)
|
||||
}
|
||||
|
||||
func (m *Manager) kmsDecrypt(secret kms.BaseSecret, url string, masterKey string, kmsID int) (string, error) {
|
||||
m.kmsLock.RLock()
|
||||
plugin := m.kms[kmsID]
|
||||
m.kmsLock.RUnlock()
|
||||
|
||||
return plugin.Decrypt(secret, url, masterKey)
|
||||
}
|
||||
|
||||
// HasAuthScope returns true if there is an auth plugin that support the specified scope
|
||||
func (m *Manager) HasAuthScope(scope int) bool {
|
||||
if m.authScopes == -1 {
|
||||
return false
|
||||
}
|
||||
return m.authScopes&scope != 0
|
||||
}
|
||||
|
||||
// Authenticate tries to authenticate the specified user using an external plugin
|
||||
func (m *Manager) Authenticate(username, password, ip, protocol string, pkey string,
|
||||
tlsCert *x509.Certificate, authScope int, userAsJSON []byte,
|
||||
) ([]byte, error) {
|
||||
switch authScope {
|
||||
case AuthScopePassword:
|
||||
return m.checkUserAndPass(username, password, ip, protocol, userAsJSON)
|
||||
case AuthScopePublicKey:
|
||||
return m.checkUserAndPublicKey(username, pkey, ip, protocol, userAsJSON)
|
||||
case AuthScopeKeyboardInteractive:
|
||||
return m.checkUserAndKeyboardInteractive(username, ip, protocol, userAsJSON)
|
||||
case AuthScopeTLSCertificate:
|
||||
cert, err := util.EncodeTLSCertToPem(tlsCert)
|
||||
if err != nil {
|
||||
logger.Error(logSender, "", "unable to encode tls certificate to pem: %v", err)
|
||||
return nil, fmt.Errorf("unable to encode tls cert to pem: %w", err)
|
||||
}
|
||||
return m.checkUserAndTLSCert(username, cert, ip, protocol, userAsJSON)
|
||||
default:
|
||||
return nil, fmt.Errorf("unsupported auth scope: %v", authScope)
|
||||
}
|
||||
}
|
||||
|
||||
// ExecuteKeyboardInteractiveStep executes a keyboard interactive step
|
||||
func (m *Manager) ExecuteKeyboardInteractiveStep(req *KeyboardAuthRequest) (*KeyboardAuthResponse, error) {
|
||||
var plugin *authPlugin
|
||||
|
||||
m.authLock.Lock()
|
||||
for _, p := range m.auths {
|
||||
if p.config.AuthOptions.Scope&AuthScopePassword != 0 {
|
||||
plugin = p
|
||||
break
|
||||
}
|
||||
}
|
||||
m.authLock.Unlock()
|
||||
|
||||
if plugin == nil {
|
||||
return nil, errors.New("no auth plugin configured for keyaboard interactive authentication step")
|
||||
}
|
||||
|
||||
return plugin.sendKeyboardIteractiveRequest(req)
|
||||
}
|
||||
|
||||
func (m *Manager) checkUserAndPass(username, password, ip, protocol string, userAsJSON []byte) ([]byte, error) {
|
||||
var plugin *authPlugin
|
||||
|
||||
m.authLock.Lock()
|
||||
for _, p := range m.auths {
|
||||
if p.config.AuthOptions.Scope&AuthScopePassword != 0 {
|
||||
plugin = p
|
||||
break
|
||||
}
|
||||
}
|
||||
m.authLock.Unlock()
|
||||
|
||||
if plugin == nil {
|
||||
return nil, errors.New("no auth plugin configured for password checking")
|
||||
}
|
||||
|
||||
return plugin.checkUserAndPass(username, password, ip, protocol, userAsJSON)
|
||||
}
|
||||
|
||||
func (m *Manager) checkUserAndPublicKey(username, pubKey, ip, protocol string, userAsJSON []byte) ([]byte, error) {
|
||||
var plugin *authPlugin
|
||||
|
||||
m.authLock.Lock()
|
||||
for _, p := range m.auths {
|
||||
if p.config.AuthOptions.Scope&AuthScopePublicKey != 0 {
|
||||
plugin = p
|
||||
break
|
||||
}
|
||||
}
|
||||
m.authLock.Unlock()
|
||||
|
||||
if plugin == nil {
|
||||
return nil, errors.New("no auth plugin configured for public key checking")
|
||||
}
|
||||
|
||||
return plugin.checkUserAndPublicKey(username, pubKey, ip, protocol, userAsJSON)
|
||||
}
|
||||
|
||||
func (m *Manager) checkUserAndTLSCert(username, tlsCert, ip, protocol string, userAsJSON []byte) ([]byte, error) {
|
||||
var plugin *authPlugin
|
||||
|
||||
m.authLock.Lock()
|
||||
for _, p := range m.auths {
|
||||
if p.config.AuthOptions.Scope&AuthScopeTLSCertificate != 0 {
|
||||
plugin = p
|
||||
break
|
||||
}
|
||||
}
|
||||
m.authLock.Unlock()
|
||||
|
||||
if plugin == nil {
|
||||
return nil, errors.New("no auth plugin configured for TLS certificate checking")
|
||||
}
|
||||
|
||||
return plugin.checkUserAndTLSCertificate(username, tlsCert, ip, protocol, userAsJSON)
|
||||
}
|
||||
|
||||
func (m *Manager) checkUserAndKeyboardInteractive(username, ip, protocol string, userAsJSON []byte) ([]byte, error) {
|
||||
var plugin *authPlugin
|
||||
|
||||
m.authLock.Lock()
|
||||
for _, p := range m.auths {
|
||||
if p.config.AuthOptions.Scope&AuthScopeKeyboardInteractive != 0 {
|
||||
plugin = p
|
||||
break
|
||||
}
|
||||
}
|
||||
m.authLock.Unlock()
|
||||
|
||||
if plugin == nil {
|
||||
return nil, errors.New("no auth plugin configured for keyboard interactive checking")
|
||||
}
|
||||
|
||||
return plugin.checkUserAndKeyboardInteractive(username, ip, protocol, userAsJSON)
|
||||
}
|
||||
|
||||
func (m *Manager) checkCrashedPlugins() {
|
||||
m.notifLock.RLock()
|
||||
for idx, n := range m.notifiers {
|
||||
if n.exited() {
|
||||
defer func(cfg Config, index int) {
|
||||
Handler.restartNotifierPlugin(cfg, index)
|
||||
}(n.config, idx)
|
||||
} else {
|
||||
n.sendQueuedEvents()
|
||||
}
|
||||
}
|
||||
m.notifLock.RUnlock()
|
||||
|
||||
m.kmsLock.RLock()
|
||||
for idx, k := range m.kms {
|
||||
if k.exited() {
|
||||
defer func(cfg Config, index int) {
|
||||
Handler.restartKMSPlugin(cfg, index)
|
||||
}(k.config, idx)
|
||||
}
|
||||
}
|
||||
m.kmsLock.RUnlock()
|
||||
|
||||
m.authLock.RLock()
|
||||
for idx, a := range m.auths {
|
||||
if a.exited() {
|
||||
defer func(cfg Config, index int) {
|
||||
Handler.restartAuthPlugin(cfg, index)
|
||||
}(a.config, idx)
|
||||
}
|
||||
}
|
||||
m.authLock.RUnlock()
|
||||
|
||||
if m.hasSearcher {
|
||||
m.searcherLock.RLock()
|
||||
if m.searcher.exited() {
|
||||
defer func(cfg Config) {
|
||||
Handler.restartSearcherPlugin(cfg)
|
||||
}(m.searcher.config)
|
||||
}
|
||||
m.searcherLock.RUnlock()
|
||||
}
|
||||
|
||||
if m.hasMetadater {
|
||||
m.metadaterLock.RLock()
|
||||
if m.metadater.exited() {
|
||||
defer func(cfg Config) {
|
||||
Handler.restartMetadaterPlugin(cfg)
|
||||
}(m.metadater.config)
|
||||
}
|
||||
m.metadaterLock.RUnlock()
|
||||
}
|
||||
}
|
||||
|
||||
func (m *Manager) restartNotifierPlugin(config Config, idx int) {
|
||||
if atomic.LoadInt32(&m.closed) == 1 {
|
||||
return
|
||||
}
|
||||
logger.Info(logSender, "", "try to restart crashed notifier plugin %#v, idx: %v", config.Cmd, idx)
|
||||
plugin, err := newNotifierPlugin(config)
|
||||
if err != nil {
|
||||
logger.Error(logSender, "", "unable to restart notifier plugin %#v, err: %v", config.Cmd, err)
|
||||
return
|
||||
}
|
||||
|
||||
m.notifLock.Lock()
|
||||
plugin.queue = m.notifiers[idx].queue
|
||||
m.notifiers[idx] = plugin
|
||||
m.notifLock.Unlock()
|
||||
plugin.sendQueuedEvents()
|
||||
}
|
||||
|
||||
func (m *Manager) restartKMSPlugin(config Config, idx int) {
|
||||
if atomic.LoadInt32(&m.closed) == 1 {
|
||||
return
|
||||
}
|
||||
logger.Info(logSender, "", "try to restart crashed kms plugin %#v, idx: %v", config.Cmd, idx)
|
||||
plugin, err := newKMSPlugin(config)
|
||||
if err != nil {
|
||||
logger.Error(logSender, "", "unable to restart kms plugin %#v, err: %v", config.Cmd, err)
|
||||
return
|
||||
}
|
||||
|
||||
m.kmsLock.Lock()
|
||||
m.kms[idx] = plugin
|
||||
m.kmsLock.Unlock()
|
||||
}
|
||||
|
||||
func (m *Manager) restartAuthPlugin(config Config, idx int) {
|
||||
if atomic.LoadInt32(&m.closed) == 1 {
|
||||
return
|
||||
}
|
||||
logger.Info(logSender, "", "try to restart crashed auth plugin %#v, idx: %v", config.Cmd, idx)
|
||||
plugin, err := newAuthPlugin(config)
|
||||
if err != nil {
|
||||
logger.Error(logSender, "", "unable to restart auth plugin %#v, err: %v", config.Cmd, err)
|
||||
return
|
||||
}
|
||||
|
||||
m.authLock.Lock()
|
||||
m.auths[idx] = plugin
|
||||
m.authLock.Unlock()
|
||||
}
|
||||
|
||||
func (m *Manager) restartSearcherPlugin(config Config) {
|
||||
if atomic.LoadInt32(&m.closed) == 1 {
|
||||
return
|
||||
}
|
||||
logger.Info(logSender, "", "try to restart crashed searcher plugin %#v", config.Cmd)
|
||||
plugin, err := newSearcherPlugin(config)
|
||||
if err != nil {
|
||||
logger.Error(logSender, "", "unable to restart searcher plugin %#v, err: %v", config.Cmd, err)
|
||||
return
|
||||
}
|
||||
|
||||
m.searcherLock.Lock()
|
||||
m.searcher = plugin
|
||||
m.searcherLock.Unlock()
|
||||
}
|
||||
|
||||
func (m *Manager) restartMetadaterPlugin(config Config) {
|
||||
if atomic.LoadInt32(&m.closed) == 1 {
|
||||
return
|
||||
}
|
||||
logger.Info(logSender, "", "try to restart crashed metadater plugin %#v", config.Cmd)
|
||||
plugin, err := newMetadaterPlugin(config)
|
||||
if err != nil {
|
||||
logger.Error(logSender, "", "unable to restart metadater plugin %#v, err: %v", config.Cmd, err)
|
||||
return
|
||||
}
|
||||
|
||||
m.metadaterLock.Lock()
|
||||
m.metadater = plugin
|
||||
m.metadaterLock.Unlock()
|
||||
}
|
||||
|
||||
// Cleanup releases all the active plugins
|
||||
func (m *Manager) Cleanup() {
|
||||
logger.Debug(logSender, "", "cleanup")
|
||||
atomic.StoreInt32(&m.closed, 1)
|
||||
close(m.done)
|
||||
m.notifLock.Lock()
|
||||
for _, n := range m.notifiers {
|
||||
logger.Debug(logSender, "", "cleanup notifier plugin %v", n.config.Cmd)
|
||||
n.cleanup()
|
||||
}
|
||||
m.notifLock.Unlock()
|
||||
|
||||
m.kmsLock.Lock()
|
||||
for _, k := range m.kms {
|
||||
logger.Debug(logSender, "", "cleanup kms plugin %v", k.config.Cmd)
|
||||
k.cleanup()
|
||||
}
|
||||
m.kmsLock.Unlock()
|
||||
|
||||
m.authLock.Lock()
|
||||
for _, a := range m.auths {
|
||||
logger.Debug(logSender, "", "cleanup auth plugin %v", a.config.Cmd)
|
||||
a.cleanup()
|
||||
}
|
||||
m.authLock.Unlock()
|
||||
|
||||
if m.hasSearcher {
|
||||
m.searcherLock.Lock()
|
||||
logger.Debug(logSender, "", "cleanup searcher plugin %v", m.searcher.config.Cmd)
|
||||
m.searcher.cleanup()
|
||||
m.searcherLock.Unlock()
|
||||
}
|
||||
|
||||
if m.hasMetadater {
|
||||
m.metadaterLock.Lock()
|
||||
logger.Debug(logSender, "", "cleanup metadater plugin %v", m.metadater.config.Cmd)
|
||||
m.metadater.cleanup()
|
||||
m.metadaterLock.Unlock()
|
||||
}
|
||||
}
|
||||
|
||||
func setLogLevel(logVerbose bool) {
|
||||
if logVerbose {
|
||||
pluginsLogLevel = hclog.Debug
|
||||
} else {
|
||||
pluginsLogLevel = hclog.Info
|
||||
}
|
||||
}
|
||||
|
||||
func startCheckTicker() {
|
||||
logger.Debug(logSender, "", "start plugins checker")
|
||||
checker := time.NewTicker(30 * time.Second)
|
||||
|
||||
go func() {
|
||||
for {
|
||||
select {
|
||||
case <-Handler.done:
|
||||
logger.Debug(logSender, "", "handler done, stop plugins checker")
|
||||
checker.Stop()
|
||||
return
|
||||
case <-checker.C:
|
||||
Handler.checkCrashedPlugins()
|
||||
}
|
||||
}
|
||||
}()
|
||||
}
|
|
@ -8,7 +8,7 @@ import (
|
|||
"github.com/hashicorp/go-hclog"
|
||||
"github.com/hashicorp/go-plugin"
|
||||
|
||||
"github.com/drakkan/sftpgo/v2/sdk/logger"
|
||||
"github.com/drakkan/sftpgo/v2/logger"
|
||||
"github.com/drakkan/sftpgo/v2/sdk/plugin/eventsearcher"
|
||||
)
|
||||
|
|
@ -3,7 +3,7 @@ package plugin
|
|||
import (
|
||||
"github.com/shirou/gopsutil/v3/process"
|
||||
|
||||
"github.com/drakkan/sftpgo/v2/sdk/logger"
|
||||
"github.com/drakkan/sftpgo/v2/logger"
|
||||
)
|
||||
|
||||
func killProcess(processPath string) {
|
|
@ -9,7 +9,6 @@ import (
|
|||
"sync"
|
||||
|
||||
"github.com/drakkan/sftpgo/v2/sdk/logger"
|
||||
"github.com/drakkan/sftpgo/v2/sdk/util"
|
||||
)
|
||||
|
||||
// SecretProvider defines the interface for a KMS secrets provider
|
||||
|
@ -141,7 +140,7 @@ func (c *Configuration) Initialize() error {
|
|||
config.Secrets.URL = SchemeLocal + "://"
|
||||
}
|
||||
for k, v := range secretProviders {
|
||||
logger.Debug(logSender, "secret provider registered for scheme: %#v, encrypted status: %#v",
|
||||
logger.Info(logSender, "secret provider registered for scheme: %#v, encrypted status: %#v",
|
||||
k, v.encryptedStatus)
|
||||
}
|
||||
return nil
|
||||
|
@ -217,8 +216,7 @@ func (s *Secret) UnmarshalJSON(data []byte) error {
|
|||
return nil
|
||||
}
|
||||
}
|
||||
logger.Debug(logSender, "no provider registered for status %#v", baseSecret.Status)
|
||||
|
||||
logger.Error(logSender, "no provider registered for status %#v", baseSecret.Status)
|
||||
return ErrInvalidSecret
|
||||
}
|
||||
|
||||
|
@ -399,7 +397,7 @@ func (s *Secret) IsValidInput() bool {
|
|||
s.RLock()
|
||||
defer s.RUnlock()
|
||||
|
||||
if !util.IsStringInSlice(s.provider.GetStatus(), validSecretStatuses) {
|
||||
if !isSecretStatusValid(s.provider.GetStatus()) {
|
||||
return false
|
||||
}
|
||||
if s.provider.GetPayload() == "" {
|
||||
|
@ -444,3 +442,12 @@ func (s *Secret) TryDecrypt() error {
|
|||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func isSecretStatusValid(status string) bool {
|
||||
for i := 0; i < len(validSecretStatuses); i++ {
|
||||
if validSecretStatuses[i] == status {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
|
|
@ -1,7 +1,12 @@
|
|||
// Package logger provides logging capabilities.
|
||||
package logger
|
||||
|
||||
import "github.com/hashicorp/go-hclog"
|
||||
const (
|
||||
levelDebug = iota
|
||||
levelInfo
|
||||
levelWarn
|
||||
levelError
|
||||
)
|
||||
|
||||
var (
|
||||
logger Logger
|
||||
|
@ -13,10 +18,8 @@ func init() {
|
|||
|
||||
// Logger interface
|
||||
type Logger interface {
|
||||
// LogWithKeyVals logs at the specified level for the specified sender adding the specified key vals
|
||||
LogWithKeyVals(level hclog.Level, sender, msg string, args ...interface{})
|
||||
// Log logs at the specified level for the specified sender
|
||||
Log(level hclog.Level, sender, format string, v ...interface{})
|
||||
Log(level int, sender, format string, v ...interface{})
|
||||
}
|
||||
|
||||
// SetLogger sets the specified logger
|
||||
|
@ -31,26 +34,24 @@ func DisableLogger() {
|
|||
|
||||
type noLogger struct{}
|
||||
|
||||
func (*noLogger) LogWithKeyVals(level hclog.Level, sender, msg string, args ...interface{}) {}
|
||||
|
||||
func (*noLogger) Log(level hclog.Level, sender, format string, v ...interface{}) {}
|
||||
func (*noLogger) Log(level int, sender, format string, v ...interface{}) {}
|
||||
|
||||
// Debug logs at debug level for the specified sender
|
||||
func Debug(sender, format string, v ...interface{}) {
|
||||
logger.Log(hclog.Debug, sender, format, v...)
|
||||
logger.Log(levelDebug, sender, format, v...)
|
||||
}
|
||||
|
||||
// Info logs at info level for the specified sender
|
||||
func Info(sender, format string, v ...interface{}) {
|
||||
logger.Log(hclog.Info, sender, format, v...)
|
||||
logger.Log(levelInfo, sender, format, v...)
|
||||
}
|
||||
|
||||
// Warn logs at warn level for the specified sender
|
||||
func Warn(sender, format string, v ...interface{}) {
|
||||
logger.Log(hclog.Warn, sender, format, v...)
|
||||
logger.Log(levelWarn, sender, format, v...)
|
||||
}
|
||||
|
||||
// Error logs at error level for the specified sender
|
||||
func Error(sender, format string, v ...interface{}) {
|
||||
logger.Log(hclog.Error, sender, format, v...)
|
||||
logger.Log(levelError, sender, format, v...)
|
||||
}
|
||||
|
|
|
@ -1,666 +1 @@
|
|||
// Package plugin provides support for the SFTPGo plugin system
|
||||
package plugin
|
||||
|
||||
import (
|
||||
"crypto/x509"
|
||||
"errors"
|
||||
"fmt"
|
||||
"sync"
|
||||
"sync/atomic"
|
||||
"time"
|
||||
|
||||
"github.com/hashicorp/go-hclog"
|
||||
|
||||
"github.com/drakkan/sftpgo/v2/sdk/kms"
|
||||
"github.com/drakkan/sftpgo/v2/sdk/logger"
|
||||
"github.com/drakkan/sftpgo/v2/sdk/plugin/auth"
|
||||
"github.com/drakkan/sftpgo/v2/sdk/plugin/eventsearcher"
|
||||
kmsplugin "github.com/drakkan/sftpgo/v2/sdk/plugin/kms"
|
||||
"github.com/drakkan/sftpgo/v2/sdk/plugin/metadata"
|
||||
"github.com/drakkan/sftpgo/v2/sdk/plugin/notifier"
|
||||
"github.com/drakkan/sftpgo/v2/sdk/util"
|
||||
)
|
||||
|
||||
const (
|
||||
logSender = "plugins"
|
||||
)
|
||||
|
||||
var (
|
||||
// Handler defines the plugins manager
|
||||
Handler Manager
|
||||
pluginsLogLevel = hclog.Debug
|
||||
// ErrNoSearcher defines the error to return for events searches if no plugin is configured
|
||||
ErrNoSearcher = errors.New("no events searcher plugin defined")
|
||||
// ErrNoMetadater returns the error to return for metadata methods if no plugin is configured
|
||||
ErrNoMetadater = errors.New("no metadata plugin defined")
|
||||
)
|
||||
|
||||
// Renderer defines the interface for generic objects rendering
|
||||
type Renderer interface {
|
||||
RenderAsJSON(reload bool) ([]byte, error)
|
||||
}
|
||||
|
||||
// Config defines a plugin configuration
|
||||
type Config struct {
|
||||
// Plugin type
|
||||
Type string `json:"type" mapstructure:"type"`
|
||||
// NotifierOptions defines options for notifiers plugins
|
||||
NotifierOptions NotifierConfig `json:"notifier_options" mapstructure:"notifier_options"`
|
||||
// KMSOptions defines options for a KMS plugin
|
||||
KMSOptions KMSConfig `json:"kms_options" mapstructure:"kms_options"`
|
||||
// AuthOptions defines options for authentication plugins
|
||||
AuthOptions AuthConfig `json:"auth_options" mapstructure:"auth_options"`
|
||||
// Path to the plugin executable
|
||||
Cmd string `json:"cmd" mapstructure:"cmd"`
|
||||
// Args to pass to the plugin executable
|
||||
Args []string `json:"args" mapstructure:"args"`
|
||||
// SHA256 checksum for the plugin executable.
|
||||
// If not empty it will be used to verify the integrity of the executable
|
||||
SHA256Sum string `json:"sha256sum" mapstructure:"sha256sum"`
|
||||
// If enabled the client and the server automatically negotiate mTLS for
|
||||
// transport authentication. This ensures that only the original client will
|
||||
// be allowed to connect to the server, and all other connections will be
|
||||
// rejected. The client will also refuse to connect to any server that isn't
|
||||
// the original instance started by the client.
|
||||
AutoMTLS bool `json:"auto_mtls" mapstructure:"auto_mtls"`
|
||||
// unique identifier for kms plugins
|
||||
kmsID int
|
||||
}
|
||||
|
||||
func (c *Config) newKMSPluginSecretProvider(base kms.BaseSecret, url, masterKey string) kms.SecretProvider {
|
||||
return &kmsPluginSecretProvider{
|
||||
BaseSecret: base,
|
||||
URL: url,
|
||||
MasterKey: masterKey,
|
||||
config: c,
|
||||
}
|
||||
}
|
||||
|
||||
// Manager handles enabled plugins
|
||||
type Manager struct {
|
||||
closed int32
|
||||
done chan bool
|
||||
// List of configured plugins
|
||||
Configs []Config `json:"plugins" mapstructure:"plugins"`
|
||||
notifLock sync.RWMutex
|
||||
notifiers []*notifierPlugin
|
||||
kmsLock sync.RWMutex
|
||||
kms []*kmsPlugin
|
||||
authLock sync.RWMutex
|
||||
auths []*authPlugin
|
||||
searcherLock sync.RWMutex
|
||||
searcher *searcherPlugin
|
||||
metadaterLock sync.RWMutex
|
||||
metadater *metadataPlugin
|
||||
authScopes int
|
||||
hasSearcher bool
|
||||
hasMetadater bool
|
||||
hasNotifiers bool
|
||||
}
|
||||
|
||||
// Initialize initializes the configured plugins
|
||||
func Initialize(configs []Config, logVerbose bool) error {
|
||||
logger.Debug(logSender, "initialize")
|
||||
Handler = Manager{
|
||||
Configs: configs,
|
||||
done: make(chan bool),
|
||||
closed: 0,
|
||||
authScopes: -1,
|
||||
}
|
||||
setLogLevel(logVerbose)
|
||||
if len(configs) == 0 {
|
||||
return nil
|
||||
}
|
||||
|
||||
if err := Handler.validateConfigs(); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
kmsID := 0
|
||||
for idx, config := range Handler.Configs {
|
||||
switch config.Type {
|
||||
case notifier.PluginName:
|
||||
plugin, err := newNotifierPlugin(config)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
Handler.notifiers = append(Handler.notifiers, plugin)
|
||||
case kmsplugin.PluginName:
|
||||
plugin, err := newKMSPlugin(config)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
Handler.kms = append(Handler.kms, plugin)
|
||||
Handler.Configs[idx].kmsID = kmsID
|
||||
kmsID++
|
||||
kms.RegisterSecretProvider(config.KMSOptions.Scheme, config.KMSOptions.EncryptedStatus,
|
||||
Handler.Configs[idx].newKMSPluginSecretProvider)
|
||||
logger.Debug(logSender, "registered secret provider for scheme: %v, encrypted status: %v",
|
||||
config.KMSOptions.Scheme, config.KMSOptions.EncryptedStatus)
|
||||
case auth.PluginName:
|
||||
plugin, err := newAuthPlugin(config)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
Handler.auths = append(Handler.auths, plugin)
|
||||
if Handler.authScopes == -1 {
|
||||
Handler.authScopes = config.AuthOptions.Scope
|
||||
} else {
|
||||
Handler.authScopes |= config.AuthOptions.Scope
|
||||
}
|
||||
case eventsearcher.PluginName:
|
||||
plugin, err := newSearcherPlugin(config)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
Handler.searcher = plugin
|
||||
case metadata.PluginName:
|
||||
plugin, err := newMetadaterPlugin(config)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
Handler.metadater = plugin
|
||||
default:
|
||||
return fmt.Errorf("unsupported plugin type: %v", config.Type)
|
||||
}
|
||||
}
|
||||
startCheckTicker()
|
||||
return nil
|
||||
}
|
||||
|
||||
func (m *Manager) validateConfigs() error {
|
||||
kmsSchemes := make(map[string]bool)
|
||||
kmsEncryptions := make(map[string]bool)
|
||||
m.hasSearcher = false
|
||||
m.hasMetadater = false
|
||||
m.hasNotifiers = false
|
||||
|
||||
for _, config := range m.Configs {
|
||||
if config.Type == kmsplugin.PluginName {
|
||||
if _, ok := kmsSchemes[config.KMSOptions.Scheme]; ok {
|
||||
return fmt.Errorf("invalid KMS configuration, duplicated scheme %#v", config.KMSOptions.Scheme)
|
||||
}
|
||||
if _, ok := kmsEncryptions[config.KMSOptions.EncryptedStatus]; ok {
|
||||
return fmt.Errorf("invalid KMS configuration, duplicated encrypted status %#v", config.KMSOptions.EncryptedStatus)
|
||||
}
|
||||
kmsSchemes[config.KMSOptions.Scheme] = true
|
||||
kmsEncryptions[config.KMSOptions.EncryptedStatus] = true
|
||||
}
|
||||
if config.Type == eventsearcher.PluginName {
|
||||
if m.hasSearcher {
|
||||
return errors.New("only one eventsearcher plugin can be defined")
|
||||
}
|
||||
m.hasSearcher = true
|
||||
}
|
||||
if config.Type == metadata.PluginName {
|
||||
if m.hasMetadater {
|
||||
return errors.New("only one metadata plugin can be defined")
|
||||
}
|
||||
m.hasMetadater = true
|
||||
}
|
||||
if config.Type == notifier.PluginName {
|
||||
m.hasNotifiers = true
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// HasNotifiers returns true if there is at least a notifier plugin
|
||||
func (m *Manager) HasNotifiers() bool {
|
||||
return m.hasNotifiers
|
||||
}
|
||||
|
||||
// NotifyFsEvent sends the fs event notifications using any defined notifier plugins
|
||||
func (m *Manager) NotifyFsEvent(event *notifier.FsEvent) {
|
||||
m.notifLock.RLock()
|
||||
defer m.notifLock.RUnlock()
|
||||
|
||||
for _, n := range m.notifiers {
|
||||
n.notifyFsAction(event)
|
||||
}
|
||||
}
|
||||
|
||||
// NotifyProviderEvent sends the provider event notifications using any defined notifier plugins
|
||||
func (m *Manager) NotifyProviderEvent(event *notifier.ProviderEvent, object Renderer) {
|
||||
m.notifLock.RLock()
|
||||
defer m.notifLock.RUnlock()
|
||||
|
||||
for _, n := range m.notifiers {
|
||||
n.notifyProviderAction(event, object)
|
||||
}
|
||||
}
|
||||
|
||||
// SearchFsEvents returns the filesystem events matching the specified filters
|
||||
func (m *Manager) SearchFsEvents(searchFilters *eventsearcher.FsEventSearch) ([]byte, []string, []string, error) {
|
||||
if !m.hasSearcher {
|
||||
return nil, nil, nil, ErrNoSearcher
|
||||
}
|
||||
m.searcherLock.RLock()
|
||||
plugin := m.searcher
|
||||
m.searcherLock.RUnlock()
|
||||
|
||||
return plugin.searchear.SearchFsEvents(searchFilters)
|
||||
}
|
||||
|
||||
// SearchProviderEvents returns the provider events matching the specified filters
|
||||
func (m *Manager) SearchProviderEvents(searchFilters *eventsearcher.ProviderEventSearch) ([]byte, []string, []string, error) {
|
||||
if !m.hasSearcher {
|
||||
return nil, nil, nil, ErrNoSearcher
|
||||
}
|
||||
m.searcherLock.RLock()
|
||||
plugin := m.searcher
|
||||
m.searcherLock.RUnlock()
|
||||
|
||||
return plugin.searchear.SearchProviderEvents(searchFilters)
|
||||
}
|
||||
|
||||
// HasMetadater returns true if a metadata plugin is defined
|
||||
func (m *Manager) HasMetadater() bool {
|
||||
return m.hasMetadater
|
||||
}
|
||||
|
||||
// SetModificationTime sets the modification time for the specified object
|
||||
func (m *Manager) SetModificationTime(storageID, objectPath string, mTime int64) error {
|
||||
if !m.hasMetadater {
|
||||
return ErrNoMetadater
|
||||
}
|
||||
m.metadaterLock.RLock()
|
||||
plugin := m.metadater
|
||||
m.metadaterLock.RUnlock()
|
||||
|
||||
return plugin.metadater.SetModificationTime(storageID, objectPath, mTime)
|
||||
}
|
||||
|
||||
// GetModificationTime returns the modification time for the specified path
|
||||
func (m *Manager) GetModificationTime(storageID, objectPath string, isDir bool) (int64, error) {
|
||||
if !m.hasMetadater {
|
||||
return 0, ErrNoMetadater
|
||||
}
|
||||
m.metadaterLock.RLock()
|
||||
plugin := m.metadater
|
||||
m.metadaterLock.RUnlock()
|
||||
|
||||
return plugin.metadater.GetModificationTime(storageID, objectPath)
|
||||
}
|
||||
|
||||
// GetModificationTimes returns the modification times for all the files within the specified folder
|
||||
func (m *Manager) GetModificationTimes(storageID, objectPath string) (map[string]int64, error) {
|
||||
if !m.hasMetadater {
|
||||
return nil, ErrNoMetadater
|
||||
}
|
||||
m.metadaterLock.RLock()
|
||||
plugin := m.metadater
|
||||
m.metadaterLock.RUnlock()
|
||||
|
||||
return plugin.metadater.GetModificationTimes(storageID, objectPath)
|
||||
}
|
||||
|
||||
// RemoveMetadata deletes the metadata stored for the specified object
|
||||
func (m *Manager) RemoveMetadata(storageID, objectPath string) error {
|
||||
if !m.hasMetadater {
|
||||
return ErrNoMetadater
|
||||
}
|
||||
m.metadaterLock.RLock()
|
||||
plugin := m.metadater
|
||||
m.metadaterLock.RUnlock()
|
||||
|
||||
return plugin.metadater.RemoveMetadata(storageID, objectPath)
|
||||
}
|
||||
|
||||
// GetMetadataFolders returns the folders that metadata is associated with
|
||||
func (m *Manager) GetMetadataFolders(storageID, from string, limit int) ([]string, error) {
|
||||
if !m.hasMetadater {
|
||||
return nil, ErrNoMetadater
|
||||
}
|
||||
m.metadaterLock.RLock()
|
||||
plugin := m.metadater
|
||||
m.metadaterLock.RUnlock()
|
||||
|
||||
return plugin.metadater.GetFolders(storageID, limit, from)
|
||||
}
|
||||
|
||||
func (m *Manager) kmsEncrypt(secret kms.BaseSecret, url string, masterKey string, kmsID int) (string, string, int32, error) {
|
||||
m.kmsLock.RLock()
|
||||
plugin := m.kms[kmsID]
|
||||
m.kmsLock.RUnlock()
|
||||
|
||||
return plugin.Encrypt(secret, url, masterKey)
|
||||
}
|
||||
|
||||
func (m *Manager) kmsDecrypt(secret kms.BaseSecret, url string, masterKey string, kmsID int) (string, error) {
|
||||
m.kmsLock.RLock()
|
||||
plugin := m.kms[kmsID]
|
||||
m.kmsLock.RUnlock()
|
||||
|
||||
return plugin.Decrypt(secret, url, masterKey)
|
||||
}
|
||||
|
||||
// HasAuthScope returns true if there is an auth plugin that support the specified scope
|
||||
func (m *Manager) HasAuthScope(scope int) bool {
|
||||
if m.authScopes == -1 {
|
||||
return false
|
||||
}
|
||||
return m.authScopes&scope != 0
|
||||
}
|
||||
|
||||
// Authenticate tries to authenticate the specified user using an external plugin
|
||||
func (m *Manager) Authenticate(username, password, ip, protocol string, pkey string,
|
||||
tlsCert *x509.Certificate, authScope int, userAsJSON []byte,
|
||||
) ([]byte, error) {
|
||||
switch authScope {
|
||||
case AuthScopePassword:
|
||||
return m.checkUserAndPass(username, password, ip, protocol, userAsJSON)
|
||||
case AuthScopePublicKey:
|
||||
return m.checkUserAndPublicKey(username, pkey, ip, protocol, userAsJSON)
|
||||
case AuthScopeKeyboardInteractive:
|
||||
return m.checkUserAndKeyboardInteractive(username, ip, protocol, userAsJSON)
|
||||
case AuthScopeTLSCertificate:
|
||||
cert, err := util.EncodeTLSCertToPem(tlsCert)
|
||||
if err != nil {
|
||||
logger.Error(logSender, "unable to encode tls certificate to pem: %v", err)
|
||||
return nil, fmt.Errorf("unable to encode tls cert to pem: %w", err)
|
||||
}
|
||||
return m.checkUserAndTLSCert(username, cert, ip, protocol, userAsJSON)
|
||||
default:
|
||||
return nil, fmt.Errorf("unsupported auth scope: %v", authScope)
|
||||
}
|
||||
}
|
||||
|
||||
// ExecuteKeyboardInteractiveStep executes a keyboard interactive step
|
||||
func (m *Manager) ExecuteKeyboardInteractiveStep(req *KeyboardAuthRequest) (*KeyboardAuthResponse, error) {
|
||||
var plugin *authPlugin
|
||||
|
||||
m.authLock.Lock()
|
||||
for _, p := range m.auths {
|
||||
if p.config.AuthOptions.Scope&AuthScopePassword != 0 {
|
||||
plugin = p
|
||||
break
|
||||
}
|
||||
}
|
||||
m.authLock.Unlock()
|
||||
|
||||
if plugin == nil {
|
||||
return nil, errors.New("no auth plugin configured for keyaboard interactive authentication step")
|
||||
}
|
||||
|
||||
return plugin.sendKeyboardIteractiveRequest(req)
|
||||
}
|
||||
|
||||
func (m *Manager) checkUserAndPass(username, password, ip, protocol string, userAsJSON []byte) ([]byte, error) {
|
||||
var plugin *authPlugin
|
||||
|
||||
m.authLock.Lock()
|
||||
for _, p := range m.auths {
|
||||
if p.config.AuthOptions.Scope&AuthScopePassword != 0 {
|
||||
plugin = p
|
||||
break
|
||||
}
|
||||
}
|
||||
m.authLock.Unlock()
|
||||
|
||||
if plugin == nil {
|
||||
return nil, errors.New("no auth plugin configured for password checking")
|
||||
}
|
||||
|
||||
return plugin.checkUserAndPass(username, password, ip, protocol, userAsJSON)
|
||||
}
|
||||
|
||||
func (m *Manager) checkUserAndPublicKey(username, pubKey, ip, protocol string, userAsJSON []byte) ([]byte, error) {
|
||||
var plugin *authPlugin
|
||||
|
||||
m.authLock.Lock()
|
||||
for _, p := range m.auths {
|
||||
if p.config.AuthOptions.Scope&AuthScopePublicKey != 0 {
|
||||
plugin = p
|
||||
break
|
||||
}
|
||||
}
|
||||
m.authLock.Unlock()
|
||||
|
||||
if plugin == nil {
|
||||
return nil, errors.New("no auth plugin configured for public key checking")
|
||||
}
|
||||
|
||||
return plugin.checkUserAndPublicKey(username, pubKey, ip, protocol, userAsJSON)
|
||||
}
|
||||
|
||||
func (m *Manager) checkUserAndTLSCert(username, tlsCert, ip, protocol string, userAsJSON []byte) ([]byte, error) {
|
||||
var plugin *authPlugin
|
||||
|
||||
m.authLock.Lock()
|
||||
for _, p := range m.auths {
|
||||
if p.config.AuthOptions.Scope&AuthScopeTLSCertificate != 0 {
|
||||
plugin = p
|
||||
break
|
||||
}
|
||||
}
|
||||
m.authLock.Unlock()
|
||||
|
||||
if plugin == nil {
|
||||
return nil, errors.New("no auth plugin configured for TLS certificate checking")
|
||||
}
|
||||
|
||||
return plugin.checkUserAndTLSCertificate(username, tlsCert, ip, protocol, userAsJSON)
|
||||
}
|
||||
|
||||
func (m *Manager) checkUserAndKeyboardInteractive(username, ip, protocol string, userAsJSON []byte) ([]byte, error) {
|
||||
var plugin *authPlugin
|
||||
|
||||
m.authLock.Lock()
|
||||
for _, p := range m.auths {
|
||||
if p.config.AuthOptions.Scope&AuthScopeKeyboardInteractive != 0 {
|
||||
plugin = p
|
||||
break
|
||||
}
|
||||
}
|
||||
m.authLock.Unlock()
|
||||
|
||||
if plugin == nil {
|
||||
return nil, errors.New("no auth plugin configured for keyboard interactive checking")
|
||||
}
|
||||
|
||||
return plugin.checkUserAndKeyboardInteractive(username, ip, protocol, userAsJSON)
|
||||
}
|
||||
|
||||
func (m *Manager) checkCrashedPlugins() {
|
||||
m.notifLock.RLock()
|
||||
for idx, n := range m.notifiers {
|
||||
if n.exited() {
|
||||
defer func(cfg Config, index int) {
|
||||
Handler.restartNotifierPlugin(cfg, index)
|
||||
}(n.config, idx)
|
||||
} else {
|
||||
n.sendQueuedEvents()
|
||||
}
|
||||
}
|
||||
m.notifLock.RUnlock()
|
||||
|
||||
m.kmsLock.RLock()
|
||||
for idx, k := range m.kms {
|
||||
if k.exited() {
|
||||
defer func(cfg Config, index int) {
|
||||
Handler.restartKMSPlugin(cfg, index)
|
||||
}(k.config, idx)
|
||||
}
|
||||
}
|
||||
m.kmsLock.RUnlock()
|
||||
|
||||
m.authLock.RLock()
|
||||
for idx, a := range m.auths {
|
||||
if a.exited() {
|
||||
defer func(cfg Config, index int) {
|
||||
Handler.restartAuthPlugin(cfg, index)
|
||||
}(a.config, idx)
|
||||
}
|
||||
}
|
||||
m.authLock.RUnlock()
|
||||
|
||||
if m.hasSearcher {
|
||||
m.searcherLock.RLock()
|
||||
if m.searcher.exited() {
|
||||
defer func(cfg Config) {
|
||||
Handler.restartSearcherPlugin(cfg)
|
||||
}(m.searcher.config)
|
||||
}
|
||||
m.searcherLock.RUnlock()
|
||||
}
|
||||
|
||||
if m.hasMetadater {
|
||||
m.metadaterLock.RLock()
|
||||
if m.metadater.exited() {
|
||||
defer func(cfg Config) {
|
||||
Handler.restartMetadaterPlugin(cfg)
|
||||
}(m.metadater.config)
|
||||
}
|
||||
m.metadaterLock.RUnlock()
|
||||
}
|
||||
}
|
||||
|
||||
func (m *Manager) restartNotifierPlugin(config Config, idx int) {
|
||||
if atomic.LoadInt32(&m.closed) == 1 {
|
||||
return
|
||||
}
|
||||
logger.Info(logSender, "try to restart crashed notifier plugin %#v, idx: %v", config.Cmd, idx)
|
||||
plugin, err := newNotifierPlugin(config)
|
||||
if err != nil {
|
||||
logger.Error(logSender, "unable to restart notifier plugin %#v, err: %v", config.Cmd, err)
|
||||
return
|
||||
}
|
||||
|
||||
m.notifLock.Lock()
|
||||
plugin.queue = m.notifiers[idx].queue
|
||||
m.notifiers[idx] = plugin
|
||||
m.notifLock.Unlock()
|
||||
plugin.sendQueuedEvents()
|
||||
}
|
||||
|
||||
func (m *Manager) restartKMSPlugin(config Config, idx int) {
|
||||
if atomic.LoadInt32(&m.closed) == 1 {
|
||||
return
|
||||
}
|
||||
logger.Info(logSender, "try to restart crashed kms plugin %#v, idx: %v", config.Cmd, idx)
|
||||
plugin, err := newKMSPlugin(config)
|
||||
if err != nil {
|
||||
logger.Error(logSender, "unable to restart kms plugin %#v, err: %v", config.Cmd, err)
|
||||
return
|
||||
}
|
||||
|
||||
m.kmsLock.Lock()
|
||||
m.kms[idx] = plugin
|
||||
m.kmsLock.Unlock()
|
||||
}
|
||||
|
||||
func (m *Manager) restartAuthPlugin(config Config, idx int) {
|
||||
if atomic.LoadInt32(&m.closed) == 1 {
|
||||
return
|
||||
}
|
||||
logger.Info(logSender, "try to restart crashed auth plugin %#v, idx: %v", config.Cmd, idx)
|
||||
plugin, err := newAuthPlugin(config)
|
||||
if err != nil {
|
||||
logger.Error(logSender, "unable to restart auth plugin %#v, err: %v", config.Cmd, err)
|
||||
return
|
||||
}
|
||||
|
||||
m.authLock.Lock()
|
||||
m.auths[idx] = plugin
|
||||
m.authLock.Unlock()
|
||||
}
|
||||
|
||||
func (m *Manager) restartSearcherPlugin(config Config) {
|
||||
if atomic.LoadInt32(&m.closed) == 1 {
|
||||
return
|
||||
}
|
||||
logger.Info(logSender, "try to restart crashed searcher plugin %#v", config.Cmd)
|
||||
plugin, err := newSearcherPlugin(config)
|
||||
if err != nil {
|
||||
logger.Error(logSender, "unable to restart searcher plugin %#v, err: %v", config.Cmd, err)
|
||||
return
|
||||
}
|
||||
|
||||
m.searcherLock.Lock()
|
||||
m.searcher = plugin
|
||||
m.searcherLock.Unlock()
|
||||
}
|
||||
|
||||
func (m *Manager) restartMetadaterPlugin(config Config) {
|
||||
if atomic.LoadInt32(&m.closed) == 1 {
|
||||
return
|
||||
}
|
||||
logger.Info(logSender, "try to restart crashed metadater plugin %#v", config.Cmd)
|
||||
plugin, err := newMetadaterPlugin(config)
|
||||
if err != nil {
|
||||
logger.Error(logSender, "unable to restart metadater plugin %#v, err: %v", config.Cmd, err)
|
||||
return
|
||||
}
|
||||
|
||||
m.metadaterLock.Lock()
|
||||
m.metadater = plugin
|
||||
m.metadaterLock.Unlock()
|
||||
}
|
||||
|
||||
// Cleanup releases all the active plugins
|
||||
func (m *Manager) Cleanup() {
|
||||
logger.Debug(logSender, "cleanup")
|
||||
atomic.StoreInt32(&m.closed, 1)
|
||||
close(m.done)
|
||||
m.notifLock.Lock()
|
||||
for _, n := range m.notifiers {
|
||||
logger.Debug(logSender, "cleanup notifier plugin %v", n.config.Cmd)
|
||||
n.cleanup()
|
||||
}
|
||||
m.notifLock.Unlock()
|
||||
|
||||
m.kmsLock.Lock()
|
||||
for _, k := range m.kms {
|
||||
logger.Debug(logSender, "cleanup kms plugin %v", k.config.Cmd)
|
||||
k.cleanup()
|
||||
}
|
||||
m.kmsLock.Unlock()
|
||||
|
||||
m.authLock.Lock()
|
||||
for _, a := range m.auths {
|
||||
logger.Debug(logSender, "cleanup auth plugin %v", a.config.Cmd)
|
||||
a.cleanup()
|
||||
}
|
||||
m.authLock.Unlock()
|
||||
|
||||
if m.hasSearcher {
|
||||
m.searcherLock.Lock()
|
||||
logger.Debug(logSender, "cleanup searcher plugin %v", m.searcher.config.Cmd)
|
||||
m.searcher.cleanup()
|
||||
m.searcherLock.Unlock()
|
||||
}
|
||||
|
||||
if m.hasMetadater {
|
||||
m.metadaterLock.Lock()
|
||||
logger.Debug(logSender, "cleanup metadater plugin %v", m.metadater.config.Cmd)
|
||||
m.metadater.cleanup()
|
||||
m.metadaterLock.Unlock()
|
||||
}
|
||||
}
|
||||
|
||||
func setLogLevel(logVerbose bool) {
|
||||
if logVerbose {
|
||||
pluginsLogLevel = hclog.Debug
|
||||
} else {
|
||||
pluginsLogLevel = hclog.Info
|
||||
}
|
||||
}
|
||||
|
||||
func startCheckTicker() {
|
||||
logger.Debug(logSender, "start plugins checker")
|
||||
checker := time.NewTicker(30 * time.Second)
|
||||
|
||||
go func() {
|
||||
for {
|
||||
select {
|
||||
case <-Handler.done:
|
||||
logger.Debug(logSender, "handler done, stop plugins checker")
|
||||
checker.Stop()
|
||||
return
|
||||
case <-checker.C:
|
||||
Handler.checkCrashedPlugins()
|
||||
}
|
||||
}
|
||||
}()
|
||||
}
|
||||
|
|
|
@ -4,7 +4,6 @@ import (
|
|||
"strings"
|
||||
|
||||
"github.com/drakkan/sftpgo/v2/sdk/kms"
|
||||
"github.com/drakkan/sftpgo/v2/sdk/util"
|
||||
)
|
||||
|
||||
// Web Client/user REST API restrictions
|
||||
|
@ -53,11 +52,6 @@ type DirectoryPermissions struct {
|
|||
Permissions []string
|
||||
}
|
||||
|
||||
// HasPerm returns true if the directory has the specified permissions
|
||||
func (d *DirectoryPermissions) HasPerm(perm string) bool {
|
||||
return util.IsStringInSlice(perm, d.Permissions)
|
||||
}
|
||||
|
||||
// PatternsFilter defines filters based on shell like patterns.
|
||||
// These restrictions do not apply to files listing for performance reasons, so
|
||||
// a denied file cannot be downloaded/overwritten/renamed but will still be
|
||||
|
|
|
@ -1,31 +0,0 @@
|
|||
// Package util provides some common utility methods
|
||||
package util
|
||||
|
||||
import (
|
||||
"crypto/x509"
|
||||
"encoding/pem"
|
||||
"errors"
|
||||
)
|
||||
|
||||
// IsStringInSlice searches a string in a slice and returns true if the string is found
|
||||
func IsStringInSlice(obj string, list []string) bool {
|
||||
for i := 0; i < len(list); i++ {
|
||||
if list[i] == obj {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
// EncodeTLSCertToPem returns the specified certificate PEM encoded.
|
||||
// This can be verified using openssl x509 -in cert.crt -text -noout
|
||||
func EncodeTLSCertToPem(tlsCert *x509.Certificate) (string, error) {
|
||||
if len(tlsCert.Raw) == 0 {
|
||||
return "", errors.New("invalid x509 certificate, no der contents")
|
||||
}
|
||||
publicKeyBlock := pem.Block{
|
||||
Type: "CERTIFICATE",
|
||||
Bytes: tlsCert.Raw,
|
||||
}
|
||||
return string(pem.EncodeToMemory(&publicKeyBlock)), nil
|
||||
}
|
|
@ -14,7 +14,7 @@ import (
|
|||
"github.com/drakkan/sftpgo/v2/dataprovider"
|
||||
"github.com/drakkan/sftpgo/v2/httpd"
|
||||
"github.com/drakkan/sftpgo/v2/logger"
|
||||
"github.com/drakkan/sftpgo/v2/sdk/plugin"
|
||||
"github.com/drakkan/sftpgo/v2/plugin"
|
||||
"github.com/drakkan/sftpgo/v2/util"
|
||||
"github.com/drakkan/sftpgo/v2/version"
|
||||
)
|
||||
|
|
|
@ -16,7 +16,7 @@ import (
|
|||
"github.com/drakkan/sftpgo/v2/ftpd"
|
||||
"github.com/drakkan/sftpgo/v2/httpd"
|
||||
"github.com/drakkan/sftpgo/v2/logger"
|
||||
"github.com/drakkan/sftpgo/v2/sdk/plugin"
|
||||
"github.com/drakkan/sftpgo/v2/plugin"
|
||||
"github.com/drakkan/sftpgo/v2/telemetry"
|
||||
"github.com/drakkan/sftpgo/v2/webdavd"
|
||||
)
|
||||
|
|
|
@ -13,7 +13,7 @@ import (
|
|||
"github.com/drakkan/sftpgo/v2/ftpd"
|
||||
"github.com/drakkan/sftpgo/v2/httpd"
|
||||
"github.com/drakkan/sftpgo/v2/logger"
|
||||
"github.com/drakkan/sftpgo/v2/sdk/plugin"
|
||||
"github.com/drakkan/sftpgo/v2/plugin"
|
||||
"github.com/drakkan/sftpgo/v2/telemetry"
|
||||
"github.com/drakkan/sftpgo/v2/webdavd"
|
||||
)
|
||||
|
|
|
@ -5,7 +5,7 @@ import (
|
|||
"os/signal"
|
||||
|
||||
"github.com/drakkan/sftpgo/v2/logger"
|
||||
"github.com/drakkan/sftpgo/v2/sdk/plugin"
|
||||
"github.com/drakkan/sftpgo/v2/plugin"
|
||||
)
|
||||
|
||||
func registerSignals() {
|
||||
|
|
|
@ -16,7 +16,6 @@ import (
|
|||
|
||||
"github.com/drakkan/sftpgo/v2/common"
|
||||
"github.com/drakkan/sftpgo/v2/logger"
|
||||
sdklogger "github.com/drakkan/sftpgo/v2/sdk/logger"
|
||||
"github.com/drakkan/sftpgo/v2/util"
|
||||
)
|
||||
|
||||
|
@ -96,7 +95,7 @@ func (c Conf) Initialize(configDir string) error {
|
|||
WriteTimeout: 60 * time.Second,
|
||||
IdleTimeout: 60 * time.Second,
|
||||
MaxHeaderBytes: 1 << 14, // 16KB
|
||||
ErrorLog: log.New(&sdklogger.StdLoggerWrapper{Sender: logSender}, "", 0),
|
||||
ErrorLog: log.New(&logger.StdLoggerWrapper{Sender: logSender}, "", 0),
|
||||
}
|
||||
if certificateFile != "" && certificateKeyFile != "" {
|
||||
certMgr, err = common.NewCertManager(certificateFile, certificateKeyFile, configDir, logSender)
|
||||
|
|
14
util/util.go
14
util/util.go
|
@ -11,6 +11,7 @@ import (
|
|||
"crypto/tls"
|
||||
"crypto/x509"
|
||||
"encoding/pem"
|
||||
"errors"
|
||||
"fmt"
|
||||
"html/template"
|
||||
"io"
|
||||
|
@ -422,6 +423,19 @@ func GetTLSCiphersFromNames(cipherNames []string) []uint16 {
|
|||
return ciphers
|
||||
}
|
||||
|
||||
// EncodeTLSCertToPem returns the specified certificate PEM encoded.
|
||||
// This can be verified using openssl x509 -in cert.crt -text -noout
|
||||
func EncodeTLSCertToPem(tlsCert *x509.Certificate) (string, error) {
|
||||
if len(tlsCert.Raw) == 0 {
|
||||
return "", errors.New("invalid x509 certificate, no der contents")
|
||||
}
|
||||
publicKeyBlock := pem.Block{
|
||||
Type: "CERTIFICATE",
|
||||
Bytes: tlsCert.Raw,
|
||||
}
|
||||
return string(pem.EncodeToMemory(&publicKeyBlock)), nil
|
||||
}
|
||||
|
||||
// CheckTCP4Port quits the app if bind on the given IPv4 port fails.
|
||||
// This is a ugly hack to avoid to bind on an already used port.
|
||||
// It is required on Windows only. Upstream does not consider this
|
||||
|
|
|
@ -26,7 +26,7 @@ import (
|
|||
|
||||
"github.com/drakkan/sftpgo/v2/logger"
|
||||
"github.com/drakkan/sftpgo/v2/metric"
|
||||
"github.com/drakkan/sftpgo/v2/sdk/plugin"
|
||||
"github.com/drakkan/sftpgo/v2/plugin"
|
||||
"github.com/drakkan/sftpgo/v2/util"
|
||||
"github.com/drakkan/sftpgo/v2/version"
|
||||
)
|
||||
|
|
|
@ -25,8 +25,8 @@ import (
|
|||
|
||||
"github.com/drakkan/sftpgo/v2/logger"
|
||||
"github.com/drakkan/sftpgo/v2/metric"
|
||||
"github.com/drakkan/sftpgo/v2/plugin"
|
||||
"github.com/drakkan/sftpgo/v2/sdk/kms"
|
||||
"github.com/drakkan/sftpgo/v2/sdk/plugin"
|
||||
"github.com/drakkan/sftpgo/v2/util"
|
||||
"github.com/drakkan/sftpgo/v2/version"
|
||||
)
|
||||
|
|
|
@ -26,7 +26,7 @@ import (
|
|||
|
||||
"github.com/drakkan/sftpgo/v2/logger"
|
||||
"github.com/drakkan/sftpgo/v2/metric"
|
||||
"github.com/drakkan/sftpgo/v2/sdk/plugin"
|
||||
"github.com/drakkan/sftpgo/v2/plugin"
|
||||
"github.com/drakkan/sftpgo/v2/util"
|
||||
"github.com/drakkan/sftpgo/v2/version"
|
||||
)
|
||||
|
|
|
@ -17,9 +17,9 @@ import (
|
|||
"github.com/pkg/sftp"
|
||||
|
||||
"github.com/drakkan/sftpgo/v2/logger"
|
||||
"github.com/drakkan/sftpgo/v2/plugin"
|
||||
"github.com/drakkan/sftpgo/v2/sdk"
|
||||
"github.com/drakkan/sftpgo/v2/sdk/kms"
|
||||
"github.com/drakkan/sftpgo/v2/sdk/plugin"
|
||||
"github.com/drakkan/sftpgo/v2/sdk/plugin/metadata"
|
||||
"github.com/drakkan/sftpgo/v2/util"
|
||||
)
|
||||
|
|
|
@ -23,7 +23,6 @@ import (
|
|||
"github.com/drakkan/sftpgo/v2/dataprovider"
|
||||
"github.com/drakkan/sftpgo/v2/logger"
|
||||
"github.com/drakkan/sftpgo/v2/metric"
|
||||
sdklogger "github.com/drakkan/sftpgo/v2/sdk/logger"
|
||||
"github.com/drakkan/sftpgo/v2/util"
|
||||
)
|
||||
|
||||
|
@ -40,7 +39,7 @@ func (s *webDavServer) listenAndServe(compressor *middleware.Compressor) error {
|
|||
WriteTimeout: 60 * time.Second,
|
||||
IdleTimeout: 60 * time.Second,
|
||||
MaxHeaderBytes: 1 << 16, // 64KB
|
||||
ErrorLog: log.New(&sdklogger.StdLoggerWrapper{Sender: logSender}, "", 0),
|
||||
ErrorLog: log.New(&logger.StdLoggerWrapper{Sender: logSender}, "", 0),
|
||||
}
|
||||
if s.config.Cors.Enabled {
|
||||
c := cors.New(cors.Options{
|
||||
|
|
Loading…
Reference in a new issue