Nicola Murino
1e1c46ae1b
defender: minor docs improvements
2021-01-02 20:02:05 +01:00
Nicola Murino
037d89a320
add support for a basic built-in defender
...
It can help to prevent DoS and brute force password guessing
2021-01-02 14:05:09 +01:00
Nicola Murino
40e759c983
FTP: add support for client certificate authentication
2020-12-29 09:20:09 +01:00
Nicola Murino
141ca6777c
webdav: add support for client certificate authentication
...
Fixes #263
2020-12-28 19:48:23 +01:00
Nicola Murino
1dce1eff48
improve FTP support
...
- allow to disable active mode
- allow to disable SITE commands
- add optional support for calculating hash value of files
- add optional support for the non standard COMB command
2020-12-24 18:48:06 +01:00
Nicola Murino
c69d63c1f8
add support for multiple bindings
...
Fixes #253
2020-12-23 16:12:30 +01:00
Nicola Murino
bcf0fa073e
telemetry server: add optional https and authentication
2020-12-18 16:04:42 +01:00
Nicola Murino
143df87fee
add some docs for telemetry server
...
move pprof to the telemetry server only
2020-12-18 09:47:22 +01:00
Nicola Murino
f34462e3c3
add support for limiting max concurrent client connections
2020-12-15 19:29:30 +01:00
Nicola Murino
634b723b5d
add KMS support
...
Fixes #226
2020-11-30 21:46:34 +01:00
Nicola Murino
0119fd03a6
webdav: user caching is now mandatory
...
we cache the lock system with the user, without user caching we cannot
support locks for resource
2020-11-04 22:29:25 +01:00
Nicola Murino
0a14297b48
webdav: performance improvements and bug fixes
...
we need my custom golang/x/net/webdav fork for now
https://github.com/drakkan/net/tree/sftpgo
2020-11-04 19:11:40 +01:00
Nicola Murino
641493e31a
fix default config file
...
restore a setting changed for a local test
2020-10-31 11:34:50 +01:00
Nicola Murino
fcfdd633f6
Azure Blob: update SDK and add access tier support
2020-10-30 22:17:17 +01:00
Sean Hildebrand
db7e81e9d0
add prefer_database_credentials configuration parameter
...
When true, users' Google Cloud Storage credentials will be written to
the data provider instead of disk.
Pre-existing credentials on disk will be used as a fallback
Fixes #201
2020-10-22 10:42:40 +02:00
Nicola Murino
c992072286
data provider: add a setting to prevent auto-update
2020-10-05 19:42:33 +02:00
Nicola Murino
bdf18fa862
password hashing: exposes argon2 options
...
So the hashing complexity can be changed depending on available
memory/CPU resources and business requirements
2020-09-04 17:09:31 +02:00
Nicola Murino
a59163e56c
multi-step auth: don't advertise password method if it is disabled
...
also rename the settings to password_authentication so it is more like
OpenSSH, add some test cases and improve documentation
2020-09-01 19:34:40 +02:00
Nicola Murino
dbed110d02
WebDAV: add caching for authenticated users
...
In this way we get a big performance boost
2020-08-31 19:25:17 +02:00
Nicola Murino
600a107699
initprovider: check if the provider is already initialized
...
exit with code 0 if no initialization is required
2020-08-30 13:50:43 +02:00
Nicola Murino
8b0a1817b3
add check password hook
...
its main use case is to allow to easily support things like password+OTP for
protocols without keyboard interactive support such as FTP and WebDAV
2020-08-19 19:36:12 +02:00
Nicola Murino
0dbf0cc81f
WebDAV: add CORS support
2020-08-15 15:55:20 +02:00
Nicola Murino
196a56726e
FTP improvements
...
- add a setting to require TLS
- add symlink support
require TLS 1.2 for all TLS connections
2020-08-15 13:02:25 +02:00
Nicola Murino
aa0ed5dbd0
add post-login hook
...
a login scope is supported too so you can get notifications for failed logins,
successful logins or both
2020-08-12 16:15:12 +02:00
Nicola Murino
a9e21c282a
add WebDAV support
...
Fixes #147
2020-08-11 23:56:10 +02:00
Nicola Murino
22338ed478
add post connect hook
...
Fixes #144
2020-07-30 22:33:49 +02:00
Nicola Murino
93ce96d011
add support for the venerable FTP protocol
...
Fixes #46
2020-07-29 21:56:56 +02:00
Nicola Murino
4e41a5583d
refactoring: add common package
...
The common package defines the interfaces that a protocol must implement
and contain code that can be shared among supported protocols.
This way should be easier to support new protocols
2020-07-24 23:39:38 +02:00
Nicola Murino
8306b6bde6
refactor virtual folders
...
The same virtual folder can now be shared among users and different
folder quota limits for each user are supported.
Fixes #120
2020-06-07 23:30:18 +02:00
Nicola Murino
c27e3ef436
actions: add a generic hook to define external commands and HTTP URL
...
We can only define a single hook now and it can be an HTTP notification
or an external command, not both
2020-05-24 15:29:39 +02:00
Nicola Murino
a08dd85efd
sftpd: deprecate keys and add a new host_keys config param
...
host_key defines the private host keys as plain list of strings.
Remove the other deprecated config params from the default config too.
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2020-05-16 23:26:44 +02:00
Nicola Murino
cf148db75d
add test case for expired SSH certificate
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2020-05-15 23:23:49 +02:00
Nicola Murino
738c7ab43e
sftpd: add support for SSH user certificate authentication
...
This add support for PROTOCOL.certkeys vendor extension:
https://cvsweb.openbsd.org/src/usr.bin/ssh/PROTOCOL.certkeys?rev=1.8
Fixes #117
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2020-05-15 20:08:53 +02:00
Nicola Murino
f369fdf6f2
httpclient: add a configuration parameter to skip TLS certificate validation
...
In this mode, TLS is susceptible to man-in-the-middle attacks.
This should be used only for testing.
2020-05-03 11:37:50 +02:00
Nicola Murino
d377181b25
add a new configuration section for HTTP clients
...
HTTP clients are used for executing hooks such as the ones used for custom
actions, external authentication and pre-login user modifications.
This allows, for example, to use self-signed certificate without defeating the
purpose of using TLS
2020-04-26 23:29:09 +02:00
Nicola Murino
9046acbe68
add HTTP hooks
...
external auth, pre-login user modification and keyboard interactive
authentication is now supported via HTTP requests too
2020-04-01 23:25:23 +02:00
Nicola Murino
f284008fb5
enable scp in default configuration
...
remove the deprecated enable_scp setting
2020-03-26 23:38:24 +01:00
Jo Vandeginste
df02496145
Refactor docs
2020-03-04 23:10:58 +01:00
Nicola Murino
833b702b90
proxy protocol: add list of allowed IP addresses and IP ranges
...
"proxy_allowed" setting allows to specify the allowed IP address and IP
ranges that can send the proxy header. This setting combined with
"proxy_protocol" allows to ignore the header or to reject connections
that send the proxy header from a non listed IP
2020-03-01 23:12:28 +01:00
Nicola Murino
830e3d1f64
Support for HAProxy PROXY protocol
...
you can proxy and/or load balance the SFTP/SCP service without losing
the information about the client's address.
2020-02-27 09:21:30 +01:00
Mengsk
637463a068
Rename before_login_program to pre_login_program
...
and some documentation update
2020-02-25 16:34:54 +01:00
Nicola Murino
703ccc8d91
add support for dynamic users modifications
...
A custom program can be executed before the users login to modify the
configurations for the user trying to login.
You can, for example, allow login based on time range.
Fixes #77
2020-02-23 18:50:59 +01:00
Nicola Murino
8b039e0447
httpd: add support for basic auth and HTTPS
2020-02-04 00:08:00 +01:00
Nicola Murino
3491717c26
add support for serving Google Cloud Storage over SFTP/SCP
...
Each user can be mapped with a Google Cloud Storage bucket or a bucket
virtual folder
2020-01-31 19:04:00 +01:00
Nicola Murino
9ff303b8c0
add support for keyboard interactive authentication
...
Fixes #64
2020-01-21 10:54:05 +01:00
Nicola Murino
531091906d
add support for authentication using external programs
...
Fixes #62
2020-01-06 21:42:41 +01:00
Nicola Murino
ae094d3479
add backup/restore REST API
2019-12-27 23:12:44 +01:00
Nicola Murino
9c4dbbc3f8
sftpd: add support for some SSH commands
...
md5sum, sha1sum are used by rclone.
cd, pwd improve the support for RemoteFiles mobile app.
These commands are all implemented inside SFTPGo so they work even
if the matching system commands are not available, for example on Windows
2019-11-18 23:30:37 +01:00
Nicola Murino
bb37a1c1ce
sftpd: add support for chmod/chown
...
added matching permissions too and a new setting "setstat_mode".
Setting setstat_mode to 1 you can keep the previous behaviour that
silently ignore setstat requests
2019-11-15 12:15:07 +01:00
Nicola Murino
acdf351047
dataprovider: add custom command and/or HTTP notifications on users add, update and delete
...
This way custom logic can be implemented for example to create a UNIX user
as asked in #58
2019-11-14 11:06:03 +01:00