From 7e7f662a2392573a862e1f0792bc8759c06a135d Mon Sep 17 00:00:00 2001
From: Nicola Murino <nicola.murino@gmail.com>
Date: Mon, 14 Mar 2022 10:42:14 +0100
Subject: [PATCH] ensure that defaults defined in code match the default config
 file

Fixes #754

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
---
 config/config.go           | 7 ++++---
 config/config_test.go      | 2 ++
 docs/full-configuration.md | 2 +-
 sftpd/sftpd.go             | 2 +-
 sftpgo.json                | 1 +
 5 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/config/config.go b/config/config.go
index 44376ed3..446f5799 100644
--- a/config/config.go
+++ b/config/config.go
@@ -187,9 +187,9 @@ func Init() {
 			RateLimitersConfig: []common.RateLimiterConfig{defaultRateLimiter},
 		},
 		SFTPD: sftpd.Configuration{
-			Banner:                            defaultSFTPDBanner,
 			Bindings:                          []sftpd.Binding{defaultSFTPDBinding},
 			MaxAuthTries:                      0,
+			Banner:                            defaultSFTPDBanner,
 			HostKeys:                          []string{},
 			KexAlgorithms:                     []string{},
 			Ciphers:                           []string{},
@@ -259,7 +259,7 @@ func Init() {
 			RootCert:         "",
 			ClientCert:       "",
 			ClientKey:        "",
-			TrackQuota:       1,
+			TrackQuota:       2,
 			PoolSize:         0,
 			UsersBaseDir:     "",
 			Actions: dataprovider.ObjectsActions{
@@ -355,7 +355,7 @@ func Init() {
 			TOTP: nil,
 		},
 		TelemetryConfig: telemetry.Conf{
-			BindPort:           10000,
+			BindPort:           0,
 			BindAddress:        "127.0.0.1",
 			EnableProfiler:     false,
 			AuthUserFile:       "",
@@ -572,6 +572,7 @@ func LoadConfig(configDir, configFile string) error {
 			logger.Warn(logSender, "", "error loading configuration file: %v", err)
 			logger.WarnToConsole("error loading configuration file: %v", err)
 		}
+		globalConf.MFAConfig.TOTP = []mfa.TOTPConfig{defaultTOTP}
 	}
 	err = viper.Unmarshal(&globalConf)
 	if err != nil {
diff --git a/config/config_test.go b/config/config_test.go
index e8cc9fe7..88d33f07 100644
--- a/config/config_test.go
+++ b/config/config_test.go
@@ -67,6 +67,8 @@ func TestLoadConfigFileNotFound(t *testing.T) {
 	viper.SetConfigName("configfile")
 	err := config.LoadConfig(os.TempDir(), "")
 	assert.NoError(t, err)
+	mfaConf := config.GetMFAConfig()
+	assert.Len(t, mfaConf.TOTP, 1)
 }
 
 func TestEmptyBanner(t *testing.T) {
diff --git a/docs/full-configuration.md b/docs/full-configuration.md
index 84ffd417..4128395b 100644
--- a/docs/full-configuration.md
+++ b/docs/full-configuration.md
@@ -133,7 +133,7 @@ The configuration file contains the following sections:
     - `debug`, boolean. If enabled any FTP command will be logged. This will generate a lot of logs. Enable only if you are investigating a client compatibility issue or something similar. You shouldn't leave this setting enabled for production servers. Default `false`.
   - `banner`, string. Greeting banner displayed when a connection first comes in. Leave empty to use the default banner. Default `SFTPGo <version> ready`, for example `SFTPGo 1.0.0-dev ready`.
   - `banner_file`, path to the banner file. The contents of the specified file, if any, are displayed when someone connects to the server. It can be a path relative to the config dir or an absolute one. If set, it overrides the banner string provided by the `banner` option. Leave empty to disable.
-  - `active_transfers_port_non_20`, boolean. Do not impose the port 20 for active data transfers. Enabling this option allows to run SFTPGo with less privilege. Default: false.
+  - `active_transfers_port_non_20`, boolean. Do not impose the port 20 for active data transfers. Enabling this option allows to run SFTPGo with less privilege. Default: `true`.
   - `passive_port_range`, struct containing the key `start` and `end`. Port Range for data connections. Random if not specified. Default range is 50000-50100.
   - `disable_active_mode`, boolean. Set to `true` to disable active FTP, default `false`.
   - `enable_site`, boolean. Set to true to enable the FTP SITE command. We support `chmod` and `symlink` if SITE support is enabled. Default `false`
diff --git a/sftpd/sftpd.go b/sftpd/sftpd.go
index 9de41df6..a1a43450 100644
--- a/sftpd/sftpd.go
+++ b/sftpd/sftpd.go
@@ -16,7 +16,7 @@ const (
 var (
 	supportedSSHCommands = []string{"scp", "md5sum", "sha1sum", "sha256sum", "sha384sum", "sha512sum", "cd", "pwd",
 		"git-receive-pack", "git-upload-pack", "git-upload-archive", "rsync", "sftpgo-copy", "sftpgo-remove"}
-	defaultSSHCommands = []string{"md5sum", "sha1sum", "cd", "pwd", "scp"}
+	defaultSSHCommands = []string{"md5sum", "sha1sum", "sha256sum", "cd", "pwd", "scp"}
 	sshHashCommands    = []string{"md5sum", "sha1sum", "sha256sum", "sha384sum", "sha512sum"}
 	systemCommands     = []string{"git-receive-pack", "git-upload-pack", "git-upload-archive", "rsync"}
 	serviceStatus      ServiceStatus
diff --git a/sftpgo.json b/sftpgo.json
index 77173121..dec1fb6e 100644
--- a/sftpgo.json
+++ b/sftpgo.json
@@ -70,6 +70,7 @@
     "enabled_ssh_commands": [
       "md5sum",
       "sha1sum",
+      "sha256sum",
       "cd",
       "pwd",
       "scp"