Nicola Murino
f89d72f685
OIDC cookie: use a cryptographically secure random string
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-11-20 18:28:43 +01:00
Nicola Murino
d0d8a1999f
sftpd: remove allocator
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-11-20 18:28:15 +01:00
Nicola Murino
c37b7f0493
provider rule events: allows to filter by user groups
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-11-15 14:01:08 +01:00
Nicola Murino
0f073a40fd
logger: add cipher suite
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-11-13 18:33:07 +01:00
Nicola Murino
618723c457
httpd: always use an opaque signing key
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-11-12 19:27:34 +01:00
Nicola Murino
4cb6acefb2
oidc/oauth2: use an opaque state
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-11-11 19:43:57 +01:00
Nicola Murino
f22ec2275f
fix new lint warnings
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-11-10 20:58:22 +01:00
Nicola Murino
b524da11e9
EventManager: disable commands by default
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-11-10 12:08:17 +01:00
Nicola Murino
3dd412f6e3
WebAdmin and REST API: remove too granular permissions
...
Our permissions system for admin users is too granular and some
permissions overlap. For example, you can define an administrator
with the "manage_system" permission and not with the "manage_admins"
or "manage_user" permission, but the "manage_system" permission
allows you to restore a backup and then create users and
administrators. The following permissions will be removed:
"manage_admins", "manage_apikeys", "manage_system", "retention_checks",
"manage_event_rules", "manage_roles", "manage_ip_lists". Now you
need to add the "*" permission to replace the removed granular
permissions because the removed permissions allow actions that
should only be allowed to super administrators.
There is no point in having separate, overlapping permissions.
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-11-10 10:46:28 +01:00
Nicola Murino
ef98ee7d11
don't allow admins to change their own permissions
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-11-09 20:24:35 +01:00
Nicola Murino
7aac64531f
WebAdmin: check CSRF header when deleting blocked hosts
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-11-09 18:44:31 +01:00
Nicola Murino
03724d5eb1
remove fallback if rand.Reader fails
...
Failing to read from rand.Reader essentially can't happen, and if it
does is not possible to fallback securely, so just panic
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-11-09 18:44:25 +01:00
Nicola Murino
82b437c502
plugins: fix passing additional environment variables
...
Docker / Build (push) Has been cancelled
Code scanning - action / CodeQL-Build (push) Has been cancelled
CI / Test and deploy (push) Has been cancelled
CI / Test build flags (push) Has been cancelled
CI / Test with PgSQL/MySQL/Cockroach (push) Has been cancelled
CI / Build Linux packages (push) Has been cancelled
CI / golangci-lint (push) Has been cancelled
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-11-05 18:06:58 +01:00
Nicola Murino
88b1850b58
EventManager: allow to define the allowed system commands
...
CI / Test and deploy (push) Has been cancelled
Code scanning - action / CodeQL-Build (push) Has been cancelled
CI / Test build flags (push) Has been cancelled
CI / Test with PgSQL/MySQL/Cockroach (push) Has been cancelled
CI / Build Linux packages (push) Has been cancelled
CI / golangci-lint (push) Has been cancelled
Docker / Build (push) Has been cancelled
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-11-01 11:37:33 +01:00
Nicola Murino
60558de728
proxy protocol: add more logs
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-10-31 18:04:55 +01:00
Nicola Murino
beff4432dc
plugin: remove invalid chars from error message
...
CI / Test and deploy (push) Has been cancelled
Docker / Build (push) Has been cancelled
Code scanning - action / CodeQL-Build (push) Has been cancelled
CI / Test build flags (push) Has been cancelled
CI / Test with PgSQL/MySQL/Cockroach (push) Has been cancelled
CI / Build Linux packages (push) Has been cancelled
CI / golangci-lint (push) Has been cancelled
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-10-29 18:11:53 +01:00
Nicola Murino
21bd8c5660
node: use a plain string as key
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-10-28 18:34:36 +01:00
Nicola Murino
e4e31ec4fb
TestMaxSessionsSameConnection: make more reproducible
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-10-26 21:50:15 +02:00
Nicola Murino
ae1487d733
fix connection limits
...
an SFTP client can start multiple transfers on a single connection
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-10-26 21:18:19 +02:00
Nicola Murino
c69fbe6bf9
tls: allow to configure all supported TLS versions and ciphers
...
Code scanning - action / CodeQL-Build (push) Has been cancelled
CI / Test and deploy (push) Has been cancelled
CI / Test build flags (push) Has been cancelled
CI / Test with PgSQL/MySQL/Cockroach (push) Has been cancelled
CI / Build Linux packages (push) Has been cancelled
CI / golangci-lint (push) Has been cancelled
Docker / Build (push) Has been cancelled
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-10-23 19:50:37 +02:00
Nicola Murino
8d697bcc94
WebClient: enforce 2fa and password requirements also with OIDC
...
Code scanning - action / CodeQL-Build (push) Has been cancelled
CI / Test and deploy (push) Has been cancelled
CI / Test build flags (push) Has been cancelled
CI / Test with PgSQL/MySQL/Cockroach (push) Has been cancelled
CI / Build Linux packages (push) Has been cancelled
CI / golangci-lint (push) Has been cancelled
Docker / Build (push) Has been cancelled
password and 2fa can be used with other protocols
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-10-21 20:40:44 +02:00
Nicola Murino
ca41b59fc4
DirLister: returns appropriate protocol errors
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-10-16 19:04:09 +02:00
Nicola Murino
d8691d1e1a
update translations
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-10-13 17:00:17 +02:00
Nicola Murino
5cb1b9c1e9
Web: add CheckRedirect to pages using baselogin.html
...
Code scanning - action / CodeQL-Build (push) Has been cancelled
CI / Test and deploy (push) Has been cancelled
CI / Test build flags (push) Has been cancelled
CI / Test with PgSQL/MySQL/Cockroach (push) Has been cancelled
CI / Build Linux packages (push) Has been cancelled
CI / golangci-lint (push) Has been cancelled
Docker / Build (push) Has been cancelled
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-10-12 12:54:21 +02:00
Nicola Murino
b23e67ae6a
EventManager: add escaped virtual path
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-10-12 11:25:07 +02:00
Nicola Murino
eba4c93efd
user: add additional emails
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-10-11 19:20:51 +02:00
Nicola Murino
4103344989
EventManager: add datetime placeholder
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-10-08 18:39:00 +02:00
Nicola Murino
6626c8846b
log: fix level for transfer logs
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-10-03 19:07:07 +02:00
Nicola Murino
424999dacd
kms: add support for Oracle Key Vault
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-10-02 18:14:05 +02:00
Nicola Murino
27e98b85ce
WebAdmin: hide certs if they cannot be used
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-09-27 15:53:12 +02:00
Nicola Murino
126cb1ee0d
remove some useless hooks
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-09-27 15:52:51 +02:00
Nicola Murino
eeef23139d
EventManager: filter action execution based on event status
...
Docker / Build (distroless, false, ubuntu-latest) (push) Has been cancelled
CI / golangci-lint (push) Has been cancelled
Docker / Build (alpine, false, ubuntu-latest) (push) Has been cancelled
Docker / Build (alpine, true, ubuntu-latest) (push) Has been cancelled
Docker / Build (debian, false, ubuntu-latest) (push) Has been cancelled
Docker / Build (debian, true, ubuntu-latest) (push) Has been cancelled
Code scanning - action / CodeQL-Build (push) Has been cancelled
CI / Test and deploy (1.22, macos-latest, true) (push) Has been cancelled
CI / Test and deploy (1.22, ubuntu-latest, true) (push) Has been cancelled
CI / Test and deploy (1.22, windows-latest, false) (push) Has been cancelled
CI / Test build flags (push) Has been cancelled
CI / Test with PgSQL/MySQL/Cockroach (push) Has been cancelled
CI / Build Linux packages (aarch64, ubuntu18.04, go1.22.7, arm64) (push) Has been cancelled
CI / Build Linux packages (amd64, ubuntu:18.04, go1.22.7, amd64) (push) Has been cancelled
CI / Build Linux packages (armv7, ubuntu18.04, go1.22.7, arm7) (push) Has been cancelled
CI / Build Linux packages (ppc64le, ubuntu18.04, go1.22.7, ppc64le) (push) Has been cancelled
Docker / Build (debian-plugins, true, ubuntu-latest) (push) Has been cancelled
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-09-23 19:55:03 +02:00
Nicola Murino
433d45ed87
WebUI: add a token validation mode that allows checking the signature
...
Code scanning - action / CodeQL-Build (push) Has been cancelled
CI / Test and deploy (1.22, macos-latest, true) (push) Has been cancelled
CI / Test and deploy (1.22, ubuntu-latest, true) (push) Has been cancelled
CI / Test and deploy (1.22, windows-latest, false) (push) Has been cancelled
CI / Test build flags (push) Has been cancelled
CI / Test with PgSQL/MySQL/Cockroach (push) Has been cancelled
CI / Build Linux packages (aarch64, ubuntu18.04, go1.22.7, arm64) (push) Has been cancelled
CI / Build Linux packages (amd64, ubuntu:18.04, go1.22.7, amd64) (push) Has been cancelled
CI / Build Linux packages (armv7, ubuntu18.04, go1.22.7, arm7) (push) Has been cancelled
CI / Build Linux packages (ppc64le, ubuntu18.04, go1.22.7, ppc64le) (push) Has been cancelled
CI / golangci-lint (push) Has been cancelled
Docker / Build (alpine, false, ubuntu-latest) (push) Has been cancelled
Docker / Build (alpine, true, ubuntu-latest) (push) Has been cancelled
Docker / Build (debian, false, ubuntu-latest) (push) Has been cancelled
Docker / Build (debian, true, ubuntu-latest) (push) Has been cancelled
Docker / Build (debian-plugins, true, ubuntu-latest) (push) Has been cancelled
Docker / Build (distroless, false, ubuntu-latest) (push) Has been cancelled
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-09-21 14:06:25 +02:00
Nicola Murino
5162c5de87
WebUIs: add a nil check for token in refresh cookie method
...
token should never be null here because we have an authenticated user
however add the same check as elsewhere
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-09-16 20:11:02 +02:00
Nicola Murino
6896d2bfb1
httpd: validate reference also for CSRF token in headers
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-09-14 21:45:25 +02:00
Nicola Murino
14cabda5c2
update shortuid to v4
...
CI / golangci-lint (push) Has been cancelled
Docker / Build (alpine, false, ubuntu-latest) (push) Has been cancelled
Docker / Build (alpine, true, ubuntu-latest) (push) Has been cancelled
Docker / Build (debian, false, ubuntu-latest) (push) Has been cancelled
Docker / Build (debian, true, ubuntu-latest) (push) Has been cancelled
Docker / Build (debian-plugins, true, ubuntu-latest) (push) Has been cancelled
Docker / Build (distroless, false, ubuntu-latest) (push) Has been cancelled
Code scanning - action / CodeQL-Build (push) Has been cancelled
CI / Test and deploy (1.22, macos-latest, true) (push) Has been cancelled
CI / Test and deploy (1.22, ubuntu-latest, true) (push) Has been cancelled
CI / Test and deploy (1.22, windows-latest, false) (push) Has been cancelled
CI / Test build flags (push) Has been cancelled
CI / Test with PgSQL/MySQL/Cockroach (push) Has been cancelled
CI / Build Linux packages (aarch64, ubuntu18.04, go1.22.6, arm64) (push) Has been cancelled
CI / Build Linux packages (amd64, ubuntu:18.04, go1.22.6, amd64) (push) Has been cancelled
CI / Build Linux packages (armv7, ubuntu18.04, go1.22.6, arm7) (push) Has been cancelled
CI / Build Linux packages (ppc64le, ubuntu18.04, go1.22.6, ppc64le) (push) Has been cancelled
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-09-08 18:01:14 +02:00
Nicola Murino
1b928ef6b2
sqlite: execute PRAGMA optimize on startup
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-09-06 19:35:18 +02:00
Nicola Murino
fd6126134e
execute provider events also for plugin auth
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-09-06 19:17:31 +02:00
Nicola Murino
3b5fba2eec
update deps
...
Code scanning - action / CodeQL-Build (push) Has been cancelled
CI / Test and deploy (1.22, macos-latest, true) (push) Has been cancelled
CI / Test and deploy (1.22, ubuntu-latest, true) (push) Has been cancelled
CI / Test and deploy (1.22, windows-latest, false) (push) Has been cancelled
CI / Test build flags (push) Has been cancelled
CI / Test with PgSQL/MySQL/Cockroach (push) Has been cancelled
CI / Build Linux packages (aarch64, ubuntu18.04, go1.22.6, arm64) (push) Has been cancelled
CI / Build Linux packages (amd64, ubuntu:18.04, go1.22.6, amd64) (push) Has been cancelled
CI / Build Linux packages (armv7, ubuntu18.04, go1.22.6, arm7) (push) Has been cancelled
CI / Build Linux packages (ppc64le, ubuntu18.04, go1.22.6, ppc64le) (push) Has been cancelled
CI / golangci-lint (push) Has been cancelled
Docker / Build (alpine, false, ubuntu-latest) (push) Has been cancelled
Docker / Build (alpine, true, ubuntu-latest) (push) Has been cancelled
Docker / Build (debian, false, ubuntu-latest) (push) Has been cancelled
Docker / Build (debian, true, ubuntu-latest) (push) Has been cancelled
Docker / Build (debian-plugins, true, ubuntu-latest) (push) Has been cancelled
Docker / Build (distroless, false, ubuntu-latest) (push) Has been cancelled
and also change the ACME request limit now that it is configurable
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-09-01 13:50:34 +02:00
Nicola Murino
bb422ad5b9
GCS: add user agent
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-08-28 19:47:38 +02:00
Nicola Murino
dc42680e1c
add pipeReaderAt and pipeWriterAt interfaces
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-08-25 17:35:28 +02:00
Nicola Murino
d8e4978b61
smtp: replace deprecated method
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-08-17 09:17:22 +02:00
Nicola Murino
b9b370fbb8
add some pre-validation hooks
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-08-17 09:11:42 +02:00
Nicola Murino
2fbf608895
S3: add SSE customer key
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-08-15 10:09:06 +02:00
Nicola Murino
d783ffc13f
fix new lint warnings
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-08-14 08:46:18 +02:00
Nicola Murino
fa710b36c2
httpd: allow to configure cache control header
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-08-12 21:19:44 +02:00
Nicola Murino
321c3f00d2
fix lint warning
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-08-11 09:26:07 +02:00
Nicola Murino
ec4bf3d76a
update deps and replace deprecated methods
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-08-11 08:59:21 +02:00
Nicola Murino
68e62d3d9b
httpd: allow to use proxy protocol
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-08-10 21:02:38 +02:00
Nicola Murino
954c36c0a2
add fs providers hook
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-08-10 15:57:05 +02:00