beenull/sftpgo-mirror
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2024-11-25 00:50:31 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

logs: use info level for login related messages

Browse source 
so enabling debug level is not required, for example only to understand
that a user exceeded the allowed sessions.

Also set the cache update frequency as documented
This commit is contained in:
Nicola Murino 2021-12-02 19:36:42 +01:00
parent 6ee51c5cc1
commit 6092b6628e
No known key found for this signature in database
GPG key ID: 2F1FB59433D5A8CB
7 changed files with 29 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
dataprovider/dataprovider.go
View file

@ -2143,7 +2143,7 @@ func startUpdateCachesTimer() {
} }
lastCachesUpdate = util.GetTimeAsMsSinceEpoch(time.Now()) lastCachesUpdate = util.GetTimeAsMsSinceEpoch(time.Now())
providerLog(logger.LevelDebug, "update caches check started for provider %v", config.Driver) providerLog(logger.LevelDebug, "update caches check started for provider %v", config.Driver)
updateCachesTicker = time.NewTicker(1 * time.Minute) updateCachesTicker = time.NewTicker(10 * time.Minute)
updateCachesTickerDone = make(chan bool) updateCachesTickerDone = make(chan bool)
go func() { go func() {

12
ftpd/server.go
View file

@ -325,24 +325,26 @@ func (s *Server) validateUser(user dataprovider.User, cc ftpserver.ClientContext
return nil, fmt.Errorf("cannot login user with invalid home dir: %#v", user.HomeDir) return nil, fmt.Errorf("cannot login user with invalid home dir: %#v", user.HomeDir)
} }
if util.IsStringInSlice(common.ProtocolFTP, user.Filters.DeniedProtocols) { if util.IsStringInSlice(common.ProtocolFTP, user.Filters.DeniedProtocols) {
logger.Debug(logSender, connectionID, "cannot login user %#v, protocol FTP is not allowed", user.Username) logger.Info(logSender, connectionID, "cannot login user %#v, protocol FTP is not allowed", user.Username)
return nil, fmt.Errorf("protocol FTP is not allowed for user %#v", user.Username) return nil, fmt.Errorf("protocol FTP is not allowed for user %#v", user.Username)
} }
if !user.IsLoginMethodAllowed(loginMethod, nil) { if !user.IsLoginMethodAllowed(loginMethod, nil) {
logger.Debug(logSender, connectionID, "cannot login user %#v, %v login method is not allowed", user.Username, loginMethod) logger.Info(logSender, connectionID, "cannot login user %#v, %v login method is not allowed",
user.Username, loginMethod)
return nil, fmt.Errorf("login method %v is not allowed for user %#v", loginMethod, user.Username) return nil, fmt.Errorf("login method %v is not allowed for user %#v", loginMethod, user.Username)
} }
if user.MaxSessions > 0 { if user.MaxSessions > 0 {
activeSessions := common.Connections.GetActiveSessions(user.Username) activeSessions := common.Connections.GetActiveSessions(user.Username)
if activeSessions >= user.MaxSessions { if activeSessions >= user.MaxSessions {
logger.Debug(logSender, connectionID, "authentication refused for user: %#v, too many open sessions: %v/%v", user.Username, logger.Info(logSender, connectionID, "authentication refused for user: %#v, too many open sessions: %v/%v",
activeSessions, user.MaxSessions) user.Username, activeSessions, user.MaxSessions)
return nil, fmt.Errorf("too many open sessions: %v", activeSessions) return nil, fmt.Errorf("too many open sessions: %v", activeSessions)
} }
} }
remoteAddr := cc.RemoteAddr().String() remoteAddr := cc.RemoteAddr().String()
if !user.IsLoginFromAddrAllowed(remoteAddr) { if !user.IsLoginFromAddrAllowed(remoteAddr) {
logger.Debug(logSender, connectionID, "cannot login user %#v, remote address is not allowed: %v", user.Username, remoteAddr) logger.Info(logSender, connectionID, "cannot login user %#v, remote address is not allowed: %v",
user.Username, remoteAddr)
return nil, fmt.Errorf("login for user %#v is not allowed from this address: %v", user.Username, remoteAddr) return nil, fmt.Errorf("login for user %#v is not allowed from this address: %v", user.Username, remoteAddr)
} }
err := user.CheckFsRoot(connectionID) err := user.CheckFsRoot(connectionID)

8
httpd/api_utils.go
View file

@ -448,23 +448,23 @@ func updateLoginMetrics(user *dataprovider.User, ip string, err error) {
func checkHTTPClientUser(user *dataprovider.User, r *http.Request, connectionID string) error { func checkHTTPClientUser(user *dataprovider.User, r *http.Request, connectionID string) error {
if util.IsStringInSlice(common.ProtocolHTTP, user.Filters.DeniedProtocols) { if util.IsStringInSlice(common.ProtocolHTTP, user.Filters.DeniedProtocols) {
logger.Debug(logSender, connectionID, "cannot login user %#v, protocol HTTP is not allowed", user.Username) logger.Info(logSender, connectionID, "cannot login user %#v, protocol HTTP is not allowed", user.Username)
return fmt.Errorf("protocol HTTP is not allowed for user %#v", user.Username) return fmt.Errorf("protocol HTTP is not allowed for user %#v", user.Username)
} }
if !user.IsLoginMethodAllowed(dataprovider.LoginMethodPassword, nil) { if !user.IsLoginMethodAllowed(dataprovider.LoginMethodPassword, nil) {
logger.Debug(logSender, connectionID, "cannot login user %#v, password login method is not allowed", user.Username) logger.Info(logSender, connectionID, "cannot login user %#v, password login method is not allowed", user.Username)
return fmt.Errorf("login method password is not allowed for user %#v", user.Username) return fmt.Errorf("login method password is not allowed for user %#v", user.Username)
} }
if user.MaxSessions > 0 { if user.MaxSessions > 0 {
activeSessions := common.Connections.GetActiveSessions(user.Username) activeSessions := common.Connections.GetActiveSessions(user.Username)
if activeSessions >= user.MaxSessions { if activeSessions >= user.MaxSessions {
logger.Debug(logSender, connectionID, "authentication refused for user: %#v, too many open sessions: %v/%v", user.Username, logger.Info(logSender, connectionID, "authentication refused for user: %#v, too many open sessions: %v/%v", user.Username,
activeSessions, user.MaxSessions) activeSessions, user.MaxSessions)
return fmt.Errorf("too many open sessions: %v", activeSessions) return fmt.Errorf("too many open sessions: %v", activeSessions)
} }
} }
if !user.IsLoginFromAddrAllowed(r.RemoteAddr) { if !user.IsLoginFromAddrAllowed(r.RemoteAddr) {
logger.Debug(logSender, connectionID, "cannot login user %#v, remote address is not allowed: %v", user.Username, r.RemoteAddr) logger.Info(logSender, connectionID, "cannot login user %#v, remote address is not allowed: %v", user.Username, r.RemoteAddr)
return fmt.Errorf("login for user %#v is not allowed from this address: %v", user.Username, r.RemoteAddr) return fmt.Errorf("login for user %#v is not allowed from this address: %v", user.Username, r.RemoteAddr)
} }
return nil return nil

13
sftpd/server.go
View file

@ -494,10 +494,9 @@ func (c *Configuration) handleSftpConnection(channel ssh.Channel, connection *Co
defer server.Close() defer server.Close()
if err := server.Serve(); err == io.EOF { if err := server.Serve(); err == io.EOF {
connection.Log(logger.LevelDebug, "connection closed, sending exit status")
exitStatus := sshSubsystemExitStatus{Status: uint32(0)} exitStatus := sshSubsystemExitStatus{Status: uint32(0)}
_, err = channel.SendRequest("exit-status", false, ssh.Marshal(&exitStatus)) _, err = channel.SendRequest("exit-status", false, ssh.Marshal(&exitStatus))
connection.Log(logger.LevelDebug, "sent exit status %+v error: %v", exitStatus, err) connection.Log(logger.LevelInfo, "connection closed, sent exit status %+v error: %v", exitStatus, err)
} else if err != nil { } else if err != nil {
connection.Log(logger.LevelWarn, "connection closed with error: %v", err) connection.Log(logger.LevelWarn, "connection closed with error: %v", err)
} }
@ -558,24 +557,26 @@ func loginUser(user *dataprovider.User, loginMethod, publicKey string, conn ssh.
return nil, fmt.Errorf("cannot login user with invalid home dir: %#v", user.HomeDir) return nil, fmt.Errorf("cannot login user with invalid home dir: %#v", user.HomeDir)
} }
if util.IsStringInSlice(common.ProtocolSSH, user.Filters.DeniedProtocols) { if util.IsStringInSlice(common.ProtocolSSH, user.Filters.DeniedProtocols) {
logger.Debug(logSender, connectionID, "cannot login user %#v, protocol SSH is not allowed", user.Username) logger.Info(logSender, connectionID, "cannot login user %#v, protocol SSH is not allowed", user.Username)
return nil, fmt.Errorf("protocol SSH is not allowed for user %#v", user.Username) return nil, fmt.Errorf("protocol SSH is not allowed for user %#v", user.Username)
} }
if user.MaxSessions > 0 { if user.MaxSessions > 0 {
activeSessions := common.Connections.GetActiveSessions(user.Username) activeSessions := common.Connections.GetActiveSessions(user.Username)
if activeSessions >= user.MaxSessions { if activeSessions >= user.MaxSessions {
logger.Debug(logSender, "", "authentication refused for user: %#v, too many open sessions: %v/%v", user.Username, logger.Info(logSender, "", "authentication refused for user: %#v, too many open sessions: %v/%v", user.Username,
activeSessions, user.MaxSessions) activeSessions, user.MaxSessions)
return nil, fmt.Errorf("too many open sessions: %v", activeSessions) return nil, fmt.Errorf("too many open sessions: %v", activeSessions)
} }
} }
if !user.IsLoginMethodAllowed(loginMethod, conn.PartialSuccessMethods()) { if !user.IsLoginMethodAllowed(loginMethod, conn.PartialSuccessMethods()) {
logger.Debug(logSender, connectionID, "cannot login user %#v, login method %#v is not allowed", user.Username, loginMethod) logger.Info(logSender, connectionID, "cannot login user %#v, login method %#v is not allowed",
user.Username, loginMethod)
return nil, fmt.Errorf("login method %#v is not allowed for user %#v", loginMethod, user.Username) return nil, fmt.Errorf("login method %#v is not allowed for user %#v", loginMethod, user.Username)
} }
remoteAddr := conn.RemoteAddr().String() remoteAddr := conn.RemoteAddr().String()
if !user.IsLoginFromAddrAllowed(remoteAddr) { if !user.IsLoginFromAddrAllowed(remoteAddr) {
logger.Debug(logSender, connectionID, "cannot login user %#v, remote address is not allowed: %v", user.Username, remoteAddr) logger.Info(logSender, connectionID, "cannot login user %#v, remote address is not allowed: %v",
user.Username, remoteAddr)
return nil, fmt.Errorf("login for user %#v is not allowed from this address: %v", user.Username, remoteAddr) return nil, fmt.Errorf("login for user %#v is not allowed from this address: %v", user.Username, remoteAddr)
} }

2
sftpd/ssh_cmd.go
View file

@ -85,7 +85,7 @@ func processSSHCommand(payload []byte, connection *Connection, enabledSSHCommand
} }
} }
err := connection.CloseFS() err := connection.CloseFS()
connection.Log(logger.LevelDebug, "unable to unmarshal ssh command, close fs, err: %v", err) connection.Log(logger.LevelWarn, "unable to unmarshal ssh command, close fs, err: %v", err)
return false return false
} }

12
webdavd/server.go
View file

@ -302,23 +302,25 @@ func (s *webDavServer) validateUser(user *dataprovider.User, r *http.Request, lo
return connID, fmt.Errorf("cannot login user with invalid home dir: %#v", user.HomeDir) return connID, fmt.Errorf("cannot login user with invalid home dir: %#v", user.HomeDir)
} }
if util.IsStringInSlice(common.ProtocolWebDAV, user.Filters.DeniedProtocols) { if util.IsStringInSlice(common.ProtocolWebDAV, user.Filters.DeniedProtocols) {
logger.Debug(logSender, connectionID, "cannot login user %#v, protocol DAV is not allowed", user.Username) logger.Info(logSender, connectionID, "cannot login user %#v, protocol DAV is not allowed", user.Username)
return connID, fmt.Errorf("protocol DAV is not allowed for user %#v", user.Username) return connID, fmt.Errorf("protocol DAV is not allowed for user %#v", user.Username)
} }
if !user.IsLoginMethodAllowed(loginMethod, nil) { if !user.IsLoginMethodAllowed(loginMethod, nil) {
logger.Debug(logSender, connectionID, "cannot login user %#v, %v login method is not allowed", user.Username, loginMethod) logger.Info(logSender, connectionID, "cannot login user %#v, %v login method is not allowed",
user.Username, loginMethod)
return connID, fmt.Errorf("login method %v is not allowed for user %#v", loginMethod, user.Username) return connID, fmt.Errorf("login method %v is not allowed for user %#v", loginMethod, user.Username)
} }
if user.MaxSessions > 0 { if user.MaxSessions > 0 {
activeSessions := common.Connections.GetActiveSessions(user.Username) activeSessions := common.Connections.GetActiveSessions(user.Username)
if activeSessions >= user.MaxSessions { if activeSessions >= user.MaxSessions {
logger.Debug(logSender, connID, "authentication refused for user: %#v, too many open sessions: %v/%v", user.Username, logger.Info(logSender, connID, "authentication refused for user: %#v, too many open sessions: %v/%v",
activeSessions, user.MaxSessions) user.Username, activeSessions, user.MaxSessions)
return connID, fmt.Errorf("too many open sessions: %v", activeSessions) return connID, fmt.Errorf("too many open sessions: %v", activeSessions)
} }
} }
if !user.IsLoginFromAddrAllowed(r.RemoteAddr) { if !user.IsLoginFromAddrAllowed(r.RemoteAddr) {
logger.Debug(logSender, connectionID, "cannot login user %#v, remote address is not allowed: %v", user.Username, r.RemoteAddr) logger.Info(logSender, connectionID, "cannot login user %#v, remote address is not allowed: %v",
user.Username, r.RemoteAddr)
return connID, fmt.Errorf("login for user %#v is not allowed from this address: %v", user.Username, r.RemoteAddr) return connID, fmt.Errorf("login for user %#v is not allowed from this address: %v", user.Username, r.RemoteAddr)
} }
return connID, nil return connID, nil

2
windows-installer/README.txt
View file

@ -9,6 +9,8 @@ and complete the initial setup.
The SFTP service is available, by default, on port 2022. The SFTP service is available, by default, on port 2022.
If SFTPGo does not start, make sure that TCP ports 2022 and 8080 are not used by other services or change the SFTPGo configuration to suit your needs.
Default data location: Default data location:
C:\ProgramData\SFTPGo C:\ProgramData\SFTPGo