mirror of
https://github.com/drakkan/sftpgo.git
synced 2024-11-21 15:10:23 +00:00
logs: use info level for login related messages
so enabling debug level is not required, for example only to understand that a user exceeded the allowed sessions. Also set the cache update frequency as documented
This commit is contained in:
Nicola Murino
parent
6ee51c5cc1
commit
6092b6628e
7 changed files with 29 additions and 22 deletions
|
|
@ -2143,7 +2143,7 @@ func startUpdateCachesTimer() {
|
|||
}
|
||||
lastCachesUpdate = util.GetTimeAsMsSinceEpoch(time.Now())
|
||||
providerLog(logger.LevelDebug, "update caches check started for provider %v", config.Driver)
|
||||
updateCachesTicker = time.NewTicker(1 * time.Minute)
|
||||
updateCachesTicker = time.NewTicker(10 * time.Minute)
|
||||
updateCachesTickerDone = make(chan bool)
|
||||
|
||||
go func() {
|
||||
|
|
|
|||
|
|
@ -325,24 +325,26 @@ func (s *Server) validateUser(user dataprovider.User, cc ftpserver.ClientContext
|
|||
return nil, fmt.Errorf("cannot login user with invalid home dir: %#v", user.HomeDir)
|
||||
}
|
||||
if util.IsStringInSlice(common.ProtocolFTP, user.Filters.DeniedProtocols) {
|
||||
logger.Debug(logSender, connectionID, "cannot login user %#v, protocol FTP is not allowed", user.Username)
|
||||
logger.Info(logSender, connectionID, "cannot login user %#v, protocol FTP is not allowed", user.Username)
|
||||
return nil, fmt.Errorf("protocol FTP is not allowed for user %#v", user.Username)
|
||||
}
|
||||
if !user.IsLoginMethodAllowed(loginMethod, nil) {
|
||||
logger.Debug(logSender, connectionID, "cannot login user %#v, %v login method is not allowed", user.Username, loginMethod)
|
||||
logger.Info(logSender, connectionID, "cannot login user %#v, %v login method is not allowed",
|
||||
user.Username, loginMethod)
|
||||
return nil, fmt.Errorf("login method %v is not allowed for user %#v", loginMethod, user.Username)
|
||||
}
|
||||
if user.MaxSessions > 0 {
|
||||
activeSessions := common.Connections.GetActiveSessions(user.Username)
|
||||
if activeSessions >= user.MaxSessions {
|
||||
logger.Debug(logSender, connectionID, "authentication refused for user: %#v, too many open sessions: %v/%v", user.Username,
|
||||
activeSessions, user.MaxSessions)
|
||||
logger.Info(logSender, connectionID, "authentication refused for user: %#v, too many open sessions: %v/%v",
|
||||
user.Username, activeSessions, user.MaxSessions)
|
||||
return nil, fmt.Errorf("too many open sessions: %v", activeSessions)
|
||||
}
|
||||
}
|
||||
remoteAddr := cc.RemoteAddr().String()
|
||||
if !user.IsLoginFromAddrAllowed(remoteAddr) {
|
||||
logger.Debug(logSender, connectionID, "cannot login user %#v, remote address is not allowed: %v", user.Username, remoteAddr)
|
||||
logger.Info(logSender, connectionID, "cannot login user %#v, remote address is not allowed: %v",
|
||||
user.Username, remoteAddr)
|
||||
return nil, fmt.Errorf("login for user %#v is not allowed from this address: %v", user.Username, remoteAddr)
|
||||
}
|
||||
err := user.CheckFsRoot(connectionID)
|
||||
|
|
|
|||
|
|
@ -448,23 +448,23 @@ func updateLoginMetrics(user *dataprovider.User, ip string, err error) {
|
|||
|
||||
func checkHTTPClientUser(user *dataprovider.User, r *http.Request, connectionID string) error {
|
||||
if util.IsStringInSlice(common.ProtocolHTTP, user.Filters.DeniedProtocols) {
|
||||
logger.Debug(logSender, connectionID, "cannot login user %#v, protocol HTTP is not allowed", user.Username)
|
||||
logger.Info(logSender, connectionID, "cannot login user %#v, protocol HTTP is not allowed", user.Username)
|
||||
return fmt.Errorf("protocol HTTP is not allowed for user %#v", user.Username)
|
||||
}
|
||||
if !user.IsLoginMethodAllowed(dataprovider.LoginMethodPassword, nil) {
|
||||
logger.Debug(logSender, connectionID, "cannot login user %#v, password login method is not allowed", user.Username)
|
||||
logger.Info(logSender, connectionID, "cannot login user %#v, password login method is not allowed", user.Username)
|
||||
return fmt.Errorf("login method password is not allowed for user %#v", user.Username)
|
||||
}
|
||||
if user.MaxSessions > 0 {
|
||||
activeSessions := common.Connections.GetActiveSessions(user.Username)
|
||||
if activeSessions >= user.MaxSessions {
|
||||
logger.Debug(logSender, connectionID, "authentication refused for user: %#v, too many open sessions: %v/%v", user.Username,
|
||||
logger.Info(logSender, connectionID, "authentication refused for user: %#v, too many open sessions: %v/%v", user.Username,
|
||||
activeSessions, user.MaxSessions)
|
||||
return fmt.Errorf("too many open sessions: %v", activeSessions)
|
||||
}
|
||||
}
|
||||
if !user.IsLoginFromAddrAllowed(r.RemoteAddr) {
|
||||
logger.Debug(logSender, connectionID, "cannot login user %#v, remote address is not allowed: %v", user.Username, r.RemoteAddr)
|
||||
logger.Info(logSender, connectionID, "cannot login user %#v, remote address is not allowed: %v", user.Username, r.RemoteAddr)
|
||||
return fmt.Errorf("login for user %#v is not allowed from this address: %v", user.Username, r.RemoteAddr)
|
||||
}
|
||||
return nil
|
||||
|
|
|
|||
|
|
@ -494,10 +494,9 @@ func (c *Configuration) handleSftpConnection(channel ssh.Channel, connection *Co
|
|||
|
||||
defer server.Close()
|
||||
if err := server.Serve(); err == io.EOF {
|
||||
connection.Log(logger.LevelDebug, "connection closed, sending exit status")
|
||||
exitStatus := sshSubsystemExitStatus{Status: uint32(0)}
|
||||
_, err = channel.SendRequest("exit-status", false, ssh.Marshal(&exitStatus))
|
||||
connection.Log(logger.LevelDebug, "sent exit status %+v error: %v", exitStatus, err)
|
||||
connection.Log(logger.LevelInfo, "connection closed, sent exit status %+v error: %v", exitStatus, err)
|
||||
} else if err != nil {
|
||||
connection.Log(logger.LevelWarn, "connection closed with error: %v", err)
|
||||
}
|
||||
|
|
@ -558,24 +557,26 @@ func loginUser(user *dataprovider.User, loginMethod, publicKey string, conn ssh.
|
|||
return nil, fmt.Errorf("cannot login user with invalid home dir: %#v", user.HomeDir)
|
||||
}
|
||||
if util.IsStringInSlice(common.ProtocolSSH, user.Filters.DeniedProtocols) {
|
||||
logger.Debug(logSender, connectionID, "cannot login user %#v, protocol SSH is not allowed", user.Username)
|
||||
logger.Info(logSender, connectionID, "cannot login user %#v, protocol SSH is not allowed", user.Username)
|
||||
return nil, fmt.Errorf("protocol SSH is not allowed for user %#v", user.Username)
|
||||
}
|
||||
if user.MaxSessions > 0 {
|
||||
activeSessions := common.Connections.GetActiveSessions(user.Username)
|
||||
if activeSessions >= user.MaxSessions {
|
||||
logger.Debug(logSender, "", "authentication refused for user: %#v, too many open sessions: %v/%v", user.Username,
|
||||
logger.Info(logSender, "", "authentication refused for user: %#v, too many open sessions: %v/%v", user.Username,
|
||||
activeSessions, user.MaxSessions)
|
||||
return nil, fmt.Errorf("too many open sessions: %v", activeSessions)
|
||||
}
|
||||
}
|
||||
if !user.IsLoginMethodAllowed(loginMethod, conn.PartialSuccessMethods()) {
|
||||
logger.Debug(logSender, connectionID, "cannot login user %#v, login method %#v is not allowed", user.Username, loginMethod)
|
||||
logger.Info(logSender, connectionID, "cannot login user %#v, login method %#v is not allowed",
|
||||
user.Username, loginMethod)
|
||||
return nil, fmt.Errorf("login method %#v is not allowed for user %#v", loginMethod, user.Username)
|
||||
}
|
||||
remoteAddr := conn.RemoteAddr().String()
|
||||
if !user.IsLoginFromAddrAllowed(remoteAddr) {
|
||||
logger.Debug(logSender, connectionID, "cannot login user %#v, remote address is not allowed: %v", user.Username, remoteAddr)
|
||||
logger.Info(logSender, connectionID, "cannot login user %#v, remote address is not allowed: %v",
|
||||
user.Username, remoteAddr)
|
||||
return nil, fmt.Errorf("login for user %#v is not allowed from this address: %v", user.Username, remoteAddr)
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -85,7 +85,7 @@ func processSSHCommand(payload []byte, connection *Connection, enabledSSHCommand
|
|||
}
|
||||
}
|
||||
err := connection.CloseFS()
|
||||
connection.Log(logger.LevelDebug, "unable to unmarshal ssh command, close fs, err: %v", err)
|
||||
connection.Log(logger.LevelWarn, "unable to unmarshal ssh command, close fs, err: %v", err)
|
||||
return false
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -302,23 +302,25 @@ func (s *webDavServer) validateUser(user *dataprovider.User, r *http.Request, lo
|
|||
return connID, fmt.Errorf("cannot login user with invalid home dir: %#v", user.HomeDir)
|
||||
}
|
||||
if util.IsStringInSlice(common.ProtocolWebDAV, user.Filters.DeniedProtocols) {
|
||||
logger.Debug(logSender, connectionID, "cannot login user %#v, protocol DAV is not allowed", user.Username)
|
||||
logger.Info(logSender, connectionID, "cannot login user %#v, protocol DAV is not allowed", user.Username)
|
||||
return connID, fmt.Errorf("protocol DAV is not allowed for user %#v", user.Username)
|
||||
}
|
||||
if !user.IsLoginMethodAllowed(loginMethod, nil) {
|
||||
logger.Debug(logSender, connectionID, "cannot login user %#v, %v login method is not allowed", user.Username, loginMethod)
|
||||
logger.Info(logSender, connectionID, "cannot login user %#v, %v login method is not allowed",
|
||||
user.Username, loginMethod)
|
||||
return connID, fmt.Errorf("login method %v is not allowed for user %#v", loginMethod, user.Username)
|
||||
}
|
||||
if user.MaxSessions > 0 {
|
||||
activeSessions := common.Connections.GetActiveSessions(user.Username)
|
||||
if activeSessions >= user.MaxSessions {
|
||||
logger.Debug(logSender, connID, "authentication refused for user: %#v, too many open sessions: %v/%v", user.Username,
|
||||
activeSessions, user.MaxSessions)
|
||||
logger.Info(logSender, connID, "authentication refused for user: %#v, too many open sessions: %v/%v",
|
||||
user.Username, activeSessions, user.MaxSessions)
|
||||
return connID, fmt.Errorf("too many open sessions: %v", activeSessions)
|
||||
}
|
||||
}
|
||||
if !user.IsLoginFromAddrAllowed(r.RemoteAddr) {
|
||||
logger.Debug(logSender, connectionID, "cannot login user %#v, remote address is not allowed: %v", user.Username, r.RemoteAddr)
|
||||
logger.Info(logSender, connectionID, "cannot login user %#v, remote address is not allowed: %v",
|
||||
user.Username, r.RemoteAddr)
|
||||
return connID, fmt.Errorf("login for user %#v is not allowed from this address: %v", user.Username, r.RemoteAddr)
|
||||
}
|
||||
return connID, nil
|
||||
|
|
|
|||
|
|
@ -9,6 +9,8 @@ and complete the initial setup.
|
|||
|
||||
The SFTP service is available, by default, on port 2022.
|
||||
|
||||
If SFTPGo does not start, make sure that TCP ports 2022 and 8080 are not used by other services or change the SFTPGo configuration to suit your needs.
|
||||
|
||||
Default data location:
|
||||
|
||||
C:\ProgramData\SFTPGo
|
||||
|
|
|
|||
Loading…
Reference in a new issue