Nicola Murino
b67cd0d3df
ensure no client is connected before running max connections test cases
2021-05-11 08:04:57 +02:00
Nicola Murino
c8f7fc9bc9
httpd/webdav: add a list of hosts allowed to send proxy headers
...
X-Forwarded-For, X-Real-IP and X-Forwarded-Proto headers will be ignored
for hosts not included in this list.
This is a backward incompatible change, before the proxy headers were
always used
2021-05-11 06:54:06 +02:00
Nicola Murino
8f6cdacd00
allow to limit the number of per-host connections
2021-05-08 19:45:21 +02:00
Nicola Murino
5be4b6bd44
localfs: fix subdir check if the user has the root dir as home
2021-04-25 14:36:29 +02:00
Nicola Murino
f4369cdbef
fix max connections check
...
Also make sure to close the ssh client connection in test cases
2021-04-20 18:12:16 +02:00
Nicola Murino
6ef85d6026
add, optional, in memory password caching
...
Verifying argon2 passwords has a high memory and computational cost,
by enabling, in memory, password caching you reduce this cost
2021-04-20 09:39:36 +02:00
Nicola Murino
f45c89fc46
add rate limiting support for REST API/web admin too
2021-04-19 08:14:04 +02:00
Nicola Murino
112e3b2fc2
add rate limiting support
2021-04-18 12:31:06 +02:00
Nicola Murino
74e0223eb9
remove sha256-simd usage
...
sha256-simd is now deprecated
https://github.com/minio/sha256-simd/issues/58
This could slow down sha256 computation on some CPU
2021-04-05 18:23:40 +02:00
Nicola Murino
0823928f98
allow to disable login filesystem checks
...
SFTPGo requires that the user's home directory, virtual folder root,
and intermediate paths to virtual folders exist to work properly.
If you already know that the required directories exist, disabling
these checks will speed up login.
2021-04-05 17:57:30 +02:00
Nicola Murino
fdf3f23df5
allow to disable some hooks on a per-user basis
...
This way you can, for example, mix external and internal users
2021-04-04 22:32:25 +02:00
Nicola Murino
ea26d7786c
sftpfs: add buffering support
...
this way we improve performance over high latency networks
2021-04-03 16:00:55 +02:00
Nicola Murino
2f56375121
improve SFTP loop detection
2021-04-01 18:53:48 +02:00
Nicola Murino
5f49af1780
external auth: allow to inspect and preserve an existing user
2021-03-26 15:19:01 +01:00
Nicola Murino
54c0c1b80d
Windows: manually check if we can bind on the configured port/ports
...
Windows allows the coexistence of three types of sockets on the same
transport-layer service port, for example, 127.0.0.1:8080, [::1]:8080
and [::ffff:0.0.0.0]:8080
Go don't properly handles this, so we use a ugly hack
Fixes #350
2021-03-21 22:21:04 +01:00
Nicola Murino
d6dc3a507e
extend virtual folders support to all storage backends
...
Fixes #241
2021-03-21 19:15:47 +01:00
Nicola Murino
0286da2356
try to auto create virtual folders if missing
2021-03-10 22:30:56 +01:00
Nicola Murino
055506e518
sftpfs: add an option to disable concurrent reads
2021-03-06 15:41:40 +01:00
Nicola Murino
895117718e
SSH system command: add os separator to the resolved path when appropriate
...
Fixes #327
2021-03-01 22:10:45 +01:00
Nicola Murino
a6e36e7cad
FTP: improve TLS certificate authentication
...
For each user you can now configure:
- TLS certificate auth
- TLS certificate auth and password
- Password auth
For TLS auth, the certificate common name must match the name provided
using the "USER" FTP command
2021-02-28 12:10:40 +01:00
Nicola Murino
ca3e15578e
Use new methods in the io and os packages instead of ioutil ones
...
ioutil is deprecated in Go 1.16 and SFTPGo is an application, not
a library, we have no reason to keep compatibility with old Go
versions.
Go 1.16 fix some cifs related issues too.
2021-02-25 21:53:04 +01:00
Nicola Murino
3e1b07324d
GCS: remove compat code
2021-02-22 22:06:23 +01:00
Nicola Murino
be9230e85b
micro optimizations spotted using the go-critic linter
2021-02-16 19:11:36 +01:00
Nicola Murino
46176a54b4
minor doc fixes
2021-02-14 22:08:08 +01:00
Nicola Murino
a21ccad174
web hooks: add mutual TLS support
2021-02-13 14:41:37 +01:00
Nicola Murino
51f110bc7b
sftpd: add statvfs@openssh.com support
2021-02-11 19:45:52 +01:00
Nicola Murino
1cde50f050
sftpd: improve logging if filesystem creation fails
2021-02-03 09:45:04 +01:00
Nicola Murino
78bf808322
virtual folders: change dataprovider structure
...
This way we no longer depend on the local file system path and so we can
add support for cloud backends in future updates
2021-02-01 19:04:15 +01:00
Nicola Murino
46ab8f8d78
post-login hook: add the full user JSON serialized
...
Fixes #284
2021-01-26 18:05:44 +01:00
Nicola Murino
2b9ba1d520
web admin: try to uniform UI
2021-01-23 09:28:45 +01:00
Nicola Murino
aff75953e3
ssh requests: send a reply only if the client requested it
2021-01-21 09:28:41 +01:00
Nicola Murino
c0e09374a8
scp: fix wildcard uploads
...
Fixes #285
2021-01-20 22:37:59 +01:00
Nicola Murino
57976b4085
httpd: add mTLS and multiple bindings support
2021-01-19 18:59:41 +01:00
Nicola Murino
41a1af863e
OpenAPI: minor changes
2021-01-18 13:24:38 +01:00
Nicola Murino
778ec9b88f
REST API v2
...
- add JWT authentication
- admins are now stored inside the data provider
- admin access can be restricted based on the source IP: both proxy
header and connection IP are checked
- deprecate REST API CLI: it is not relevant anymore
Some other changes to the REST API can still happen before releasing
SFTPGo 2.0.0
Fixes #197
2021-01-17 22:29:08 +01:00
Nicola Murino
a8a17a223a
scp: minor improvements
...
document that we don't support wildcard expansion.
I should refactor scp code ...
2021-01-05 22:32:30 +01:00
Nicola Murino
daac90c4e1
fix a potential race condition for pre-login and ext auth
...
hooks
doing something like this:
err = provider.updateUser(u)
...
return provider.userExists(username)
could be racy if another update happen before
provider.userExists(username)
also pass a pointer to updateUser so if the user is modified inside
"validateUser" we can just return the modified user without do a new
query
2021-01-05 09:50:22 +01:00
Nicola Murino
037d89a320
add support for a basic built-in defender
...
It can help to prevent DoS and brute force password guessing
2021-01-02 14:05:09 +01:00
Nicola Murino
1dce1eff48
improve FTP support
...
- allow to disable active mode
- allow to disable SITE commands
- add optional support for calculating hash value of files
- add optional support for the non standard COMB command
2020-12-24 18:48:06 +01:00
Nicola Murino
187a5b1908
sftpd: properly handle listener accept errors
...
continue on temporary errors and exit from the serve loop for the
other ones
2020-12-23 19:53:07 +01:00
Nicola Murino
c69d63c1f8
add support for multiple bindings
...
Fixes #253
2020-12-23 16:12:30 +01:00
Nicola Murino
143df87fee
add some docs for telemetry server
...
move pprof to the telemetry server only
2020-12-18 09:47:22 +01:00
Nicola Murino
f34462e3c3
add support for limiting max concurrent client connections
2020-12-15 19:29:30 +01:00
Nicola Murino
ed43ddd79d
enable hash commands for any supported backend
2020-12-13 15:11:55 +01:00
Nicola Murino
a6985075b9
add sftpfs storage backend
...
Fixes #224
2020-12-12 10:31:09 +01:00
Nicola Murino
50982229e1
REST API: add a method to get the status of the services
...
added a status page to the built-in web admin
2020-12-08 11:18:34 +01:00
Nicola Murino
4a88ea5c03
add Data At Rest Encryption support
2020-12-05 13:48:13 +01:00
Nicola Murino
634b723b5d
add KMS support
...
Fixes #226
2020-11-30 21:46:34 +01:00
Nicola Murino
dccc583b5d
add a dedicated struct to store encrypted credentials
...
also gcs credentials are now encrypted, both on disk and inside the
provider.
Data provider is automatically migrated and load data will accept
old format too but you should upgrade to the new format to avoid future
issues
2020-11-22 21:53:04 +01:00
Nicola Murino
5d789a01b7
update pkg/sftp
...
These patches are now merged upstream:
https://github.com/pkg/sftp/pull/392
https://github.com/pkg/sftp/pull/393
2020-11-18 19:06:12 +01:00
Nicola Murino
ca0ff0d630
add a File interface so we can avoid to use os.File directly
2020-11-17 19:36:39 +01:00
Nicola Murino
a6355e298e
add support for limit files using shell like patterns
...
Fixes #209
2020-11-15 22:04:48 +01:00
Nicola Murino
dc845fa2f4
webdav: fix permission errors if the client try to read multiple times
2020-11-14 19:19:41 +01:00
Nicola Murino
5720d40fee
add setstat_mode 2
...
in this mode chmod/chtimes/chown can be silently ignored only for cloud
based file systems
Fixes #223
2020-11-12 10:39:46 +01:00
Nicola Murino
4c5a0d663e
sftpd: return the error Operation Unsupported for unexpected reads
...
a cloud based file cannot be opened for read and write at the same
time. Return a proper error if a client try to do this.
It can happen only for SFTP
2020-11-09 21:01:56 +01:00
Nicola Murino
6ad4cc317c
cloud backends: stat and other performance improvements
2020-11-02 19:16:12 +01:00
Nicola Murino
950a5ad9ea
add a recoverer where appropriate
...
I have never seen this, but a malformed packet can easily crash pkg/sftp
2020-10-31 11:02:04 +01:00
Nicola Murino
ac3bae00fc
add support for SFTP subsystem mode
...
Fixes #204
2020-10-29 19:23:33 +01:00
Nicola Murino
975a2f3632
sftpd: fix the max upload file size check for overwrites
...
improved test case too
2020-10-25 08:52:31 +01:00
Nicola Murino
5ff8f75917
add Azure Blob support
2020-10-25 08:18:48 +01:00
Sean Hildebrand
db7e81e9d0
add prefer_database_credentials configuration parameter
...
When true, users' Google Cloud Storage credentials will be written to
the data provider instead of disk.
Pre-existing credentials on disk will be used as a fallback
Fixes #201
2020-10-22 10:42:40 +02:00
Nicola Murino
6a8039e76a
sftpd: log fingerprints for used host keys
2020-10-21 14:27:58 +02:00
Nicola Murino
b51d795e04
sftpd: auto generate an ed25519 host key too
2020-10-19 14:30:40 +02:00
Mark Sagi-Kazar
5e2db77ef9
refactor: add an enum for filesystem providers
...
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2020-10-05 21:40:21 +02:00
Nicola Murino
f9827f958b
sftpd auto host keys: try to auto-create parent dir if missing
2020-10-05 14:16:57 +02:00
Nicola Murino
4ebedace1e
systemd unit: run as "sftpgo" system user
...
Update the docs too
Fixes #177
2020-09-25 18:23:04 +02:00
Nicola Murino
bf708cb8bc
osfs: improve isSubDir check
2020-09-21 19:32:33 +02:00
Nicola Murino
6c1a7449fe
ssh commands: return better error messages
...
This improve the fix for #171 and return better error message for
SSH commands other than SCP too
2020-09-19 10:14:30 +02:00
Nicola Murino
209badf10c
scp: return better error messages
...
Fixes #171
2020-09-18 19:13:09 +02:00
Nicola Murino
242dde4480
sftpd: ensure to always close idle connections
...
after the last commit this wasn't the case anymore
Completly fixes #169
2020-09-18 18:15:28 +02:00
Nicola Murino
2df0dd1f70
sshd: map each channel with a new connection
...
Fixes #169
2020-09-18 10:52:53 +02:00
Nicola Murino
98a6d138d4
sftpd: add a test case to ensure we return sftp.ErrSSHFxNoSuchFile ...
...
if stat/lstat fails on a missing file
2020-09-17 12:30:48 +02:00
Nicola Murino
3c1300721c
add some basic how-to style documents
2020-09-13 19:43:56 +02:00
Nicola Murino
61003c8079
sftpd: add lstat support
2020-09-11 09:30:25 +02:00
Nicola Murino
a59163e56c
multi-step auth: don't advertise password method if it is disabled
...
also rename the settings to password_authentication so it is more like
OpenSSH, add some test cases and improve documentation
2020-09-01 19:34:40 +02:00
Giorgio Pellero
8391b19abb
Add password_disabled bool to sftpd config, disables password auth callback ( #165 )
2020-09-01 19:26:33 +02:00
Nicola Murino
3925c7ff95
REST API/Web admin: add a parameter to disconnect a user after an update
...
This way you can force the user to login again and so to use the updated
configuration.
A deleted user will be automatically disconnected.
Fixes #163
Improved some docs too.
2020-09-01 16:10:26 +02:00
Nicola Murino
dbed110d02
WebDAV: add caching for authenticated users
...
In this way we get a big performance boost
2020-08-31 19:25:17 +02:00
Nicola Murino
4748e6f54d
sftpd: handle read and write from the same handle ( #158 )
...
Fixes #155
2020-08-31 06:45:22 +02:00
Nicola Murino
2746c0b0f1
move stat to base connection and differentiate between Stat and Lstat
...
we will use Lstat once it will be exposed in pkg/sftp
2020-08-25 18:23:00 +02:00
Nicola Murino
02e35ee002
sftpd: add Readlink support
2020-08-22 14:52:17 +02:00
Nicola Murino
5208e4a4ca
sftpd: improve truncate
...
quota usage and max allowed write size are now properly updated after a
truncate
2020-08-22 10:12:00 +02:00
Nicola Murino
f41ce6619f
sftpd: add SSH_FXP_FSETSTAT support
...
This change will fix file editing from sshfs, we need this patch
https://github.com/pkg/sftp/pull/373
for pkg/sftp to support this feature
2020-08-20 13:54:36 +02:00
Nicola Murino
933427310d
fix check pwd hook when using memory provider
2020-08-19 19:47:52 +02:00
Nicola Murino
8b0a1817b3
add check password hook
...
its main use case is to allow to easily support things like password+OTP for
protocols without keyboard interactive support such as FTP and WebDAV
2020-08-19 19:36:12 +02:00
Nicola Murino
f3228713bc
Allow individual protocols to be enabled per user
...
Fixes #154
2020-08-17 12:49:20 +02:00
Nicola Murino
fa5333784b
add a maximum allowed size for a single upload
2020-08-16 20:17:02 +02:00
Nicola Murino
0dbf0cc81f
WebDAV: add CORS support
2020-08-15 15:55:20 +02:00
Nicola Murino
aa0ed5dbd0
add post-login hook
...
a login scope is supported too so you can get notifications for failed logins,
successful logins or both
2020-08-12 16:15:12 +02:00
Nicola Murino
a9e21c282a
add WebDAV support
...
Fixes #147
2020-08-11 23:56:10 +02:00
Antoine Deschênes
9a15a54885
sftpd: set failed connection loglevel to debug ( #152 )
2020-08-06 21:20:31 +02:00
Nicola Murino
91dcc349de
Add client IP address to external auth, pre-login and keyboard interactive hooks
2020-08-04 18:03:28 +02:00
Nicola Murino
fa41bfd06a
Cloud backends: add support for FTP REST command
...
So partial downloads are now supported as for local fs
2020-08-03 18:03:09 +02:00
Nicola Murino
22338ed478
add post connect hook
...
Fixes #144
2020-07-30 22:33:49 +02:00
Nicola Murino
93ce96d011
add support for the venerable FTP protocol
...
Fixes #46
2020-07-29 21:56:56 +02:00
Nicola Murino
cc2f04b0e4
fix concurrency test case on go 1.13
...
a sleep seems required, needs investigation
2020-07-25 08:55:17 +02:00
Nicola Murino
4e41a5583d
refactoring: add common package
...
The common package defines the interfaces that a protocol must implement
and contain code that can be shared among supported protocols.
This way should be easier to support new protocols
2020-07-24 23:39:38 +02:00
Nicola Murino
da0f470f1c
document FreeBSD support
...
improve some tests cleanup
2020-07-10 19:20:37 +02:00
Nicola Murino
0ea2ca3141
simplify data provider usage
...
remove the obsolete SQL scripts too. They are not required since v0.9.6
2020-07-08 19:59:31 +02:00
Nicola Murino
ee1131f254
enable SCP test cases on Windows
2020-06-30 23:25:25 +02:00