beenull/sftpgo-mirror
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2024-11-22 15:40:23 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
1221 commits 8 branches 49 tags 49 MiB
Commit graph

54 commits

Author SHA1 Message Date
Nicola Murino
b34bc2b818
add license header to source files 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-07-18 13:43:25 +02:00
Nicola Murino
796ea1dde9
allow to store temporary sessions within the data provider 
so we can persist password reset codes, OIDC auth sessions and tokens.
These features will also work in multi-node setups without sicky
sessions now

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-05-19 19:49:51 +02:00
Nicola Murino
002a06629e
refactoring of user session counters 
Fixes #792

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-04-14 19:07:41 +02:00
Nicola Murino
77f3400161
allow to mount virtual folders on root (/) path 
Fixes #783

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-04-02 18:32:46 +02:00
Nicola Murino
9bfdc10172
add support for ipfilter plugins 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-03-23 10:58:01 +01:00
Nicola Murino
d9f30e7ac5
add a global whitelist 
if defined only the listed IPs/networks can access the configured
services, all other client connections will be dropped before they
even try to authenticate

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-03-17 22:10:52 +01:00
Nicola Murino
5c2fd8d52a
add support for a start directory 
Fixes #705

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-03-03 12:44:56 +01:00
Nicola Murino
f5a0559be6
don't execute fs check if the user has recent activity 
The check could be expensive with some backends and is generally
only required the first time that a user logs in

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-02-24 16:11:35 +01:00
Nicola Murino
1fccd05e9e
allow to configure the minimum version of TLS to be enabled 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-02-13 15:56:07 +01:00
Nicola Murino
1df1225eed
add support for data transfer bandwidth limits 
with total limit or separate settings for uploads and downloads and
overrides based on the client's IP address.

Limits can be reset using the REST API

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-01-30 11:42:36 +01:00
Nicola Murino
d2a4178846
check quota usage between ongoing transfers 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-01-20 18:19:20 +01:00
Nicola Murino
51c15de892
web admin: simplify user page 
The page to add/edit users should be less less intimidating now.
All the advanced settings are hidden by default. Permissions are set
to any, so if you also have a users base dir set, to add a user
you have to simply set username, password or public key and save

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-01-10 19:44:16 +01:00
Nicola Murino
1f619d5ea6
make the sdk a separate module 
The SFTPGo SDK now is at the following URL

https://github.com/sftpgo/sdk

Fixes #657

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-01-06 11:54:43 +01:00
Nicola Murino
6d3d94a01f
move kms implementation outside the sdk package 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-01-06 10:11:47 +01:00
Nicola Murino
a6fe802370
move kms definitions to the sdk package 
This is the first step to make the sdk a separate module

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2022-01-04 12:49:30 +01:00
Nicola Murino
7d8823307f
defender: add provider driver 
Fixes #616
 2021-12-25 12:08:07 +01:00
Nicola Murino
ca730e77a5
add separate permissions to delete and rename files and dirs 
perm_delete and perm_rename still exist for backward compatibility,
now they are an alias to assign both new split permissions
 2021-11-14 16:23:33 +01:00
Nicola Murino
570964deb3
add post-disconnect hook 
Fixes #587
 2021-10-29 19:55:18 +02:00
Nicola Murino
ea01c3a125
rate limiting: allow to exclude IP addresses/ranges 
Fixes #563
 2021-10-03 20:50:05 +02:00
Nicola Murino
da5a061b65
add basic REST APIs for data retention 
Fixes #495
 2021-09-25 12:20:31 +02:00
Nicola Murino
5c34d814d6
fix a possible nil pointer dereference 
it can happen by upgrading from very old versions
 2021-09-11 14:19:17 +02:00
Nicola Murino
a3c087456b
ftpd: add some security checks 2021-08-05 18:38:15 +02:00
Nicola Murino
c41ae116eb
improve logging 
Fixes #381
 2021-07-24 20:11:17 +02:00
Nicola Murino
bd5191dfc5
add experimental plugin system 2021-07-11 15:26:51 +02:00
Nicola Murino
076b2f0ee0
modules: add v2 support 2021-06-26 07:31:41 +02:00
Nicola Murino
feec2118bb
improve defender and quotas REST API 2021-06-07 21:52:43 +02:00
Nicola Murino
575bcf1f03
add remote address to transfer and commands logs 2021-06-01 22:28:43 +02:00
Nicola Murino
c63b923ec3
cryptfs: add support for atomic uploads 2021-05-31 21:45:29 +02:00
Nicola Murino
b67cd0d3df
ensure no client is connected before running max connections test cases 2021-05-11 08:04:57 +02:00
Nicola Murino
c8f7fc9bc9
httpd/webdav: add a list of hosts allowed to send proxy headers 
X-Forwarded-For, X-Real-IP and X-Forwarded-Proto headers will be ignored
for hosts not included in this list.

This is a backward incompatible change, before the proxy headers were
always used
 2021-05-11 06:54:06 +02:00
Nicola Murino
8f6cdacd00
allow to limit the number of per-host connections 2021-05-08 19:45:21 +02:00
Nicola Murino
46998252e5
use bcrypt as default password hashing algo 
argon2id has a high memory cost and, if not properly tuned, it can lead to
resource starvation.

Advanced users can still configure and use argon2id.
Passwords stored as argon2id will continue to work
 2021-04-25 09:38:33 +02:00
Nicola Murino
f4369cdbef
fix max connections check 
Also make sure to close the ssh client connection in test cases
 2021-04-20 18:12:16 +02:00
Nicola Murino
f45c89fc46
add rate limiting support for REST API/web admin too 2021-04-19 08:14:04 +02:00
Nicola Murino
112e3b2fc2
add rate limiting support 2021-04-18 12:31:06 +02:00
Nicola Murino
acb4310c11
add a startup hook 2021-04-05 10:07:59 +02:00
Nicola Murino
d6dc3a507e
extend virtual folders support to all storage backends 
Fixes #241
 2021-03-21 19:15:47 +01:00
Nicola Murino
46176a54b4
minor doc fixes 2021-02-14 22:08:08 +01:00
Nicola Murino
a21ccad174
web hooks: add mutual TLS support 2021-02-13 14:41:37 +01:00
Nicola Murino
78bf808322
virtual folders: change dataprovider structure 
This way we no longer depend on the local file system path and so we can
add support for cloud backends in future updates
 2021-02-01 19:04:15 +01:00
Nicola Murino
778ec9b88f
REST API v2 
- add JWT authentication
- admins are now stored inside the data provider
- admin access can be restricted based on the source IP: both proxy
  header and connection IP are checked
- deprecate REST API CLI: it is not relevant anymore

Some other changes to the REST API can still happen before releasing
SFTPGo 2.0.0

Fixes #197
 2021-01-17 22:29:08 +01:00
Nicola Murino
72b2c83392
defender: allow hot-reloading for safe and block lists 2021-01-04 17:52:14 +01:00
Nicola Murino
d6b3acdb62
add REST API for the defender 2021-01-02 19:33:24 +01:00
Nicola Murino
037d89a320
add support for a basic built-in defender 
It can help to prevent DoS and brute force password guessing
 2021-01-02 14:05:09 +01:00
Nicola Murino
f34462e3c3
add support for limiting max concurrent client connections 2020-12-15 19:29:30 +01:00
Nicola Murino
4a88ea5c03
add Data At Rest Encryption support 2020-12-05 13:48:13 +01:00
Nicola Murino
4edb9cd6b9
simplify some code 2020-11-07 18:05:47 +01:00
Nicola Murino
242dde4480 sftpd: ensure to always close idle connections 
after the last commit this wasn't the case anymore

Completly fixes #169
 2020-09-18 18:15:28 +02:00
Nicola Murino
2df0dd1f70 sshd: map each channel with a new connection 
Fixes #169
 2020-09-18 10:52:53 +02:00
Nicola Murino
5208e4a4ca sftpd: improve truncate 
quota usage and max allowed write size are now properly updated after a
truncate
 2020-08-22 10:12:00 +02:00