Compare commits

...

7 commits

Author SHA1 Message Date
Nicola Murino
0e77ba9546
update deps
Some checks failed
Code scanning - action / CodeQL-Build (push) Has been cancelled
CI / Test and deploy (push) Has been cancelled
CI / Test build flags (push) Has been cancelled
CI / Test with PgSQL/MySQL/Cockroach (push) Has been cancelled
CI / Build Linux packages (push) Has been cancelled
CI / golangci-lint (push) Has been cancelled
Docker / Build (push) Has been cancelled
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-11-21 07:52:57 +01:00
Nicola Murino
10b2e5671b
silence lint warning
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-11-21 07:52:53 +01:00
Nicola Murino
ebc085da77
EventManager: always close the connection filesystem
closing the user filesystem is not enough here

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-11-21 07:52:49 +01:00
Nicola Murino
4a414f0fa4
test cases: fix some random failures
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-11-21 07:52:45 +01:00
Nicola Murino
7a12db6cdb
upgrade nfpm to 2.41.1
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-11-21 07:52:42 +01:00
Nicola Murino
f30a9a2095
OIDC cookie: use a cryptographically secure random string
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-11-21 07:52:36 +01:00
Nicola Murino
ed5ff9c5cc
sftpd: remove allocator
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2024-11-21 07:52:24 +01:00
13 changed files with 124 additions and 103 deletions

48
go.mod
View file

@ -9,15 +9,15 @@ require (
github.com/GehirnInc/crypt v0.0.0-20230320061759-8cc1b52080c5 github.com/GehirnInc/crypt v0.0.0-20230320061759-8cc1b52080c5
github.com/alexedwards/argon2id v1.0.0 github.com/alexedwards/argon2id v1.0.0
github.com/amoghe/go-crypt v0.0.0-20220222110647-20eada5f5964 github.com/amoghe/go-crypt v0.0.0-20220222110647-20eada5f5964
github.com/aws/aws-sdk-go-v2 v1.32.4 github.com/aws/aws-sdk-go-v2 v1.32.5
github.com/aws/aws-sdk-go-v2/config v1.28.4 github.com/aws/aws-sdk-go-v2/config v1.28.5
github.com/aws/aws-sdk-go-v2/credentials v1.17.45 github.com/aws/aws-sdk-go-v2/credentials v1.17.46
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.19 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.20
github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.38 github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.39
github.com/aws/aws-sdk-go-v2/service/marketplacemetering v1.25.5 github.com/aws/aws-sdk-go-v2/service/marketplacemetering v1.25.6
github.com/aws/aws-sdk-go-v2/service/s3 v1.67.0 github.com/aws/aws-sdk-go-v2/service/s3 v1.67.1
github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.34.5 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.34.6
github.com/aws/aws-sdk-go-v2/service/sts v1.33.0 github.com/aws/aws-sdk-go-v2/service/sts v1.33.1
github.com/bmatcuk/doublestar/v4 v4.7.1 github.com/bmatcuk/doublestar/v4 v4.7.1
github.com/cockroachdb/cockroach-go/v2 v2.3.8 github.com/cockroachdb/cockroach-go/v2 v2.3.8
github.com/coreos/go-oidc/v3 v3.11.0 github.com/coreos/go-oidc/v3 v3.11.0
@ -73,7 +73,7 @@ require (
golang.org/x/sys v0.27.0 golang.org/x/sys v0.27.0
golang.org/x/term v0.26.0 golang.org/x/term v0.26.0
golang.org/x/time v0.8.0 golang.org/x/time v0.8.0
google.golang.org/api v0.206.0 google.golang.org/api v0.207.0
gopkg.in/natefinch/lumberjack.v2 v2.2.1 gopkg.in/natefinch/lumberjack.v2 v2.2.1
) )
@ -91,18 +91,18 @@ require (
github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.49.0 // indirect github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.49.0 // indirect
github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.49.0 // indirect github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.49.0 // indirect
github.com/ajg/form v1.5.1 // indirect github.com/ajg/form v1.5.1 // indirect
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.6 // indirect github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.7 // indirect
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.23 // indirect github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.24 // indirect
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.23 // indirect github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.24 // indirect
github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect
github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.23 // indirect github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.24 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.0 // indirect github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.4.4 // indirect github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.4.5 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.4 // indirect github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.5 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.4 // indirect github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.5 // indirect
github.com/aws/aws-sdk-go-v2/service/sso v1.24.5 // indirect github.com/aws/aws-sdk-go-v2/service/sso v1.24.6 // indirect
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.4 // indirect github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.5 // indirect
github.com/aws/smithy-go v1.22.0 // indirect github.com/aws/smithy-go v1.22.1 // indirect
github.com/beorn7/perks v1.0.1 // indirect github.com/beorn7/perks v1.0.1 // indirect
github.com/boombuler/barcode v1.0.2 // indirect github.com/boombuler/barcode v1.0.2 // indirect
github.com/cenkalti/backoff/v4 v4.3.0 // indirect github.com/cenkalti/backoff/v4 v4.3.0 // indirect
@ -185,9 +185,9 @@ require (
golang.org/x/text v0.20.0 // indirect golang.org/x/text v0.20.0 // indirect
golang.org/x/tools v0.27.0 // indirect golang.org/x/tools v0.27.0 // indirect
golang.org/x/xerrors v0.0.0-20240903120638-7835f813f4da // indirect golang.org/x/xerrors v0.0.0-20240903120638-7835f813f4da // indirect
google.golang.org/genproto v0.0.0-20241113202542-65e8d215514f // indirect google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20241113202542-65e8d215514f // indirect google.golang.org/genproto/googleapis/api v0.0.0-20241118233622-e639e219e697 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20241113202542-65e8d215514f // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20241118233622-e639e219e697 // indirect
google.golang.org/grpc v1.68.0 // indirect google.golang.org/grpc v1.68.0 // indirect
google.golang.org/grpc/stats/opentelemetry v0.0.0-20241028142157-ada6787961b3 // indirect google.golang.org/grpc/stats/opentelemetry v0.0.0-20241028142157-ada6787961b3 // indirect
google.golang.org/protobuf v1.35.2 // indirect google.golang.org/protobuf v1.35.2 // indirect

96
go.sum
View file

@ -55,48 +55,48 @@ github.com/alexedwards/argon2id v1.0.0 h1:wJzDx66hqWX7siL/SRUmgz3F8YMrd/nfX/xHHc
github.com/alexedwards/argon2id v1.0.0/go.mod h1:tYKkqIjzXvZdzPvADMWOEZ+l6+BD6CtBXMj5fnJppiw= github.com/alexedwards/argon2id v1.0.0/go.mod h1:tYKkqIjzXvZdzPvADMWOEZ+l6+BD6CtBXMj5fnJppiw=
github.com/amoghe/go-crypt v0.0.0-20220222110647-20eada5f5964 h1:I9YN9WMo3SUh7p/4wKeNvD/IQla3U3SUa61U7ul+xM4= github.com/amoghe/go-crypt v0.0.0-20220222110647-20eada5f5964 h1:I9YN9WMo3SUh7p/4wKeNvD/IQla3U3SUa61U7ul+xM4=
github.com/amoghe/go-crypt v0.0.0-20220222110647-20eada5f5964/go.mod h1:eFiR01PwTcpbzXtdMces7zxg6utvFM5puiWHpWB8D/k= github.com/amoghe/go-crypt v0.0.0-20220222110647-20eada5f5964/go.mod h1:eFiR01PwTcpbzXtdMces7zxg6utvFM5puiWHpWB8D/k=
github.com/aws/aws-sdk-go-v2 v1.32.4 h1:S13INUiTxgrPueTmrm5DZ+MiAo99zYzHEFh1UNkOxNE= github.com/aws/aws-sdk-go-v2 v1.32.5 h1:U8vdWJuY7ruAkzaOdD7guwJjD06YSKmnKCJs7s3IkIo=
github.com/aws/aws-sdk-go-v2 v1.32.4/go.mod h1:2SK5n0a2karNTv5tbP1SjsX0uhttou00v/HpXKM1ZUo= github.com/aws/aws-sdk-go-v2 v1.32.5/go.mod h1:P5WJBrYqqbWVaOxgH0X/FYYD47/nooaPOZPlQdmiN2U=
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.6 h1:pT3hpW0cOHRJx8Y0DfJUEQuqPild8jRGmSFmBgvydr0= github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.7 h1:lL7IfaFzngfx0ZwUGOZdsFFnQ5uLvR0hWqqhyE7Q9M8=
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.6/go.mod h1:j/I2++U0xX+cr44QjHay4Cvxj6FUbnxrgmqN3H1jTZA= github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.7/go.mod h1:QraP0UcVlQJsmHfioCrveWOC1nbiWUl3ej08h4mXWoc=
github.com/aws/aws-sdk-go-v2/config v1.28.4 h1:qgD0MKmkIzZR2DrAjWJcI9UkndjR+8f6sjUQvXh0mb0= github.com/aws/aws-sdk-go-v2/config v1.28.5 h1:Za41twdCXbuyyWv9LndXxZZv3QhTG1DinqlFsSuvtI0=
github.com/aws/aws-sdk-go-v2/config v1.28.4/go.mod h1:LgnWnNzHZw4MLplSyEGia0WgJ/kCGD86zGCjvNpehJs= github.com/aws/aws-sdk-go-v2/config v1.28.5/go.mod h1:4VsPbHP8JdcdUDmbTVgNL/8w9SqOkM5jyY8ljIxLO3o=
github.com/aws/aws-sdk-go-v2/credentials v1.17.45 h1:DUgm5lFso57E7150RBgu1JpVQoF8fAPretiDStIuVjg= github.com/aws/aws-sdk-go-v2/credentials v1.17.46 h1:AU7RcriIo2lXjUfHFnFKYsLCwgbz1E7Mm95ieIRDNUg=
github.com/aws/aws-sdk-go-v2/credentials v1.17.45/go.mod h1:dnBpENcPC1ekZrGpSWspX+ZRGzhkvqngT2Qp5xBR1dY= github.com/aws/aws-sdk-go-v2/credentials v1.17.46/go.mod h1:1FmYyLGL08KQXQ6mcTlifyFXfJVCNJTVGuQP4m0d/UA=
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.19 h1:woXadbf0c7enQ2UGCi8gW/WuKmE0xIzxBF/eD94jMKQ= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.20 h1:sDSXIrlsFSFJtWKLQS4PUWRvrT580rrnuLydJrCQ/yA=
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.19/go.mod h1:zminj5ucw7w0r65bP6nhyOd3xL6veAUMc3ElGMoLVb4= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.20/go.mod h1:WZ/c+w0ofps+/OUqMwWgnfrgzZH1DZO1RIkktICsqnY=
github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.38 h1:xN0PViSptTHJ7QIKyWeWntuTCZoejutTPfhsZIoMDy0= github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.39 h1:Bdepdtm7SAUxPIZj6x4qg5al04R6tZa965T/j597XxM=
github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.38/go.mod h1:orUzUoWBICDyc+hz49KpySb3sa2Tw3c0IaFqrH4c4dg= github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.39/go.mod h1:AudGmEyVwvi3k5MVpEZP2NEVF1HqtZoMze42Uq1RTiE=
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.23 h1:A2w6m6Tmr+BNXjDsr7M90zkWjsu4JXHwrzPg235STs4= github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.24 h1:4usbeaes3yJnCFC7kfeyhkdkPtoRYPa/hTmCqMpKpLI=
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.23/go.mod h1:35EVp9wyeANdujZruvHiQUAo9E3vbhnIO1mTCAxMlY0= github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.24/go.mod h1:5CI1JemjVwde8m2WG3cz23qHKPOxbpkq0HaoreEgLIY=
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.23 h1:pgYW9FCabt2M25MoHYCfMrVY2ghiiBKYWUVXfwZs+sU= github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.24 h1:N1zsICrQglfzaBnrfM0Ys00860C+QFwu6u/5+LomP+o=
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.23/go.mod h1:c48kLgzO19wAu3CPkDWC28JbaJ+hfQlsdl7I2+oqIbk= github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.24/go.mod h1:dCn9HbJ8+K31i8IQ8EWmWj0EiIk0+vKiHNMxTTYveAg=
github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 h1:VaRN3TlFdd6KxX1x3ILT5ynH6HvKgqdiXoTxAF4HQcQ= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 h1:VaRN3TlFdd6KxX1x3ILT5ynH6HvKgqdiXoTxAF4HQcQ=
github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc=
github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.23 h1:1SZBDiRzzs3sNhOMVApyWPduWYGAX0imGy06XiBnCAM= github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.24 h1:JX70yGKLj25+lMC5Yyh8wBtvB01GDilyRuJvXJ4piD0=
github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.23/go.mod h1:i9TkxgbZmHVh2S0La6CAXtnyFhlCX/pJ0JsOvBAS6Mk= github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.24/go.mod h1:+Ln60j9SUTD0LEwnhEB0Xhg61DHqplBrbZpLgyjoEHg=
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.0 h1:TToQNkvGguu209puTojY/ozlqy2d/SFNcoLIqTFi42g= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 h1:iXtILhvDxB6kPvEXgsDhGaZCSC6LQET5ZHSdJozeI0Y=
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.0/go.mod h1:0jp+ltwkf+SwG2fm/PKo8t4y8pJSgOCO4D8Lz3k0aHQ= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1/go.mod h1:9nu0fVANtYiAePIBh2/pFUSwtJ402hLnp854CNoDOeE=
github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.4.4 h1:aaPpoG15S2qHkWm4KlEyF01zovK1nW4BBbyXuHNSE90= github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.4.5 h1:gvZOjQKPxFXy1ft3QnEyXmT+IqneM9QAUWlM3r0mfqw=
github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.4.4/go.mod h1:eD9gS2EARTKgGr/W5xwgY/ik9z/zqpW+m/xOQbVxrMk= github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.4.5/go.mod h1:DLWnfvIcm9IET/mmjdxeXbBKmTCm0ZB8p1za9BVteM8=
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.4 h1:tHxQi/XHPK0ctd/wdOw0t7Xrc2OxcRCnVzv8lwWPu0c= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.5 h1:wtpJ4zcwrSbwhECWQoI/g6WM9zqCcSpHDJIWSbMLOu4=
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.4/go.mod h1:4GQbF1vJzG60poZqWatZlhP31y8PGCCVTvIGPdaaYJ0= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.5/go.mod h1:qu/W9HXQbbQ4+1+JcZp0ZNPV31ym537ZJN+fiS7Ti8E=
github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.4 h1:E5ZAVOmI2apR8ADb72Q63KqwwwdW1XcMeXIlrZ1Psjg= github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.5 h1:P1doBzv5VEg1ONxnJss1Kh5ZG/ewoIE4MQtKKc6Crgg=
github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.4/go.mod h1:wezzqVUOVVdk+2Z/JzQT4NxAU0NbhRe5W8pIE72jsWI= github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.5/go.mod h1:NOP+euMW7W3Ukt28tAxPuoWao4rhhqJD3QEBk7oCg7w=
github.com/aws/aws-sdk-go-v2/service/marketplacemetering v1.25.5 h1:Bo2BYwvZWs8/PWd2Mfoina0fOp1VRxkPnQrohriQf4U= github.com/aws/aws-sdk-go-v2/service/marketplacemetering v1.25.6 h1:3aPcXE6EUx7D+/mzEsp1vVBG+OVO4QsyTsyoLfAUzj4=
github.com/aws/aws-sdk-go-v2/service/marketplacemetering v1.25.5/go.mod h1:wnyWIU6CRfpI2Dk/B+lOlopIAtz3Sull+JWAyVibaW4= github.com/aws/aws-sdk-go-v2/service/marketplacemetering v1.25.6/go.mod h1:capelnANRLuXXVcT3oPQvDhKDn6unq1Ve2k9b8M12/o=
github.com/aws/aws-sdk-go-v2/service/s3 v1.67.0 h1:SwaJ0w0MOp0pBTIKTamLVeTKD+iOWyNJRdJ2KCQRg6Q= github.com/aws/aws-sdk-go-v2/service/s3 v1.67.1 h1:LXLnDfjT/P6SPIaCE86xCOjJROPn4FNB2EdN68vMK5c=
github.com/aws/aws-sdk-go-v2/service/s3 v1.67.0/go.mod h1:TMhLIyRIyoGVlaEMAt+ITMbwskSTpcGsCPDq91/ihY0= github.com/aws/aws-sdk-go-v2/service/s3 v1.67.1/go.mod h1:ralv4XawHjEMaHOWnTFushl0WRqim/gQWesAMF6hTow=
github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.34.5 h1:gqj99GNYzuY0jMekToqvOW1VaSupY0Qn0oj1JGSolpE= github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.34.6 h1:1KDMKvOKNrpD667ORbZ/+4OgvUoaok1gg/MLzrHF9fw=
github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.34.5/go.mod h1:FTCjaQxTVVQqLQ4ktBsLNZPnJ9pVLkJ6F0qVwtALaxk= github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.34.6/go.mod h1:DmtyfCfONhOyVAJ6ZMTrDSFIeyCBlEO93Qkfhxwbxu0=
github.com/aws/aws-sdk-go-v2/service/sso v1.24.5 h1:HJwZwRt2Z2Tdec+m+fPjvdmkq2s9Ra+VR0hjF7V2o40= github.com/aws/aws-sdk-go-v2/service/sso v1.24.6 h1:3zu537oLmsPfDMyjnUS2g+F2vITgy5pB74tHI+JBNoM=
github.com/aws/aws-sdk-go-v2/service/sso v1.24.5/go.mod h1:wrMCEwjFPms+V86TCQQeOxQF/If4vT44FGIOFiMC2ck= github.com/aws/aws-sdk-go-v2/service/sso v1.24.6/go.mod h1:WJSZH2ZvepM6t6jwu4w/Z45Eoi75lPN7DcydSRtJg6Y=
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.4 h1:zcx9LiGWZ6i6pjdcoE9oXAB6mUdeyC36Ia/QEiIvYdg= github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.5 h1:K0OQAsDywb0ltlFrZm0JHPY3yZp/S9OaoLU33S7vPS8=
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.4/go.mod h1:Tp/ly1cTjRLGBBmNccFumbZ8oqpZlpdhFf80SrRh4is= github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.5/go.mod h1:ORITg+fyuMoeiQFiVGoqB3OydVTLkClw/ljbblMq6Cc=
github.com/aws/aws-sdk-go-v2/service/sts v1.33.0 h1:s7LRgBqhwLaxcocnAniBJp7gaAB+4I4vHzqUqjH18yc= github.com/aws/aws-sdk-go-v2/service/sts v1.33.1 h1:6SZUVRQNvExYlMLbHdlKB48x0fLbc2iVROyaNEwBHbU=
github.com/aws/aws-sdk-go-v2/service/sts v1.33.0/go.mod h1:9XEUty5v5UAsMiFOBJrNibZgwCeOma73jgGwwhgffa8= github.com/aws/aws-sdk-go-v2/service/sts v1.33.1/go.mod h1:GqWyYCwLXnlUB1lOAXQyNSPqPLQJvmo8J0DWBzp9mtg=
github.com/aws/smithy-go v1.22.0 h1:uunKnWlcoL3zO7q+gG2Pk53joueEOsnNB28QdMsmiMM= github.com/aws/smithy-go v1.22.1 h1:/HPHZQ0g7f4eUeK6HKglFz8uwVfZKgoI25rb/J+dnro=
github.com/aws/smithy-go v1.22.0/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg= github.com/aws/smithy-go v1.22.1/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg=
github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
github.com/bmatcuk/doublestar/v4 v4.7.1 h1:fdDeAqgT47acgwd9bd9HxJRDmc9UAmPpc+2m0CXv75Q= github.com/bmatcuk/doublestar/v4 v4.7.1 h1:fdDeAqgT47acgwd9bd9HxJRDmc9UAmPpc+2m0CXv75Q=
@ -547,19 +547,19 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20240903120638-7835f813f4da h1:noIWHXmPHxILtqtCOPIhSt0ABwskkZKjD3bXGnZGpNY= golang.org/x/xerrors v0.0.0-20240903120638-7835f813f4da h1:noIWHXmPHxILtqtCOPIhSt0ABwskkZKjD3bXGnZGpNY=
golang.org/x/xerrors v0.0.0-20240903120638-7835f813f4da/go.mod h1:NDW/Ps6MPRej6fsCIbMTohpP40sJ/P/vI1MoTEGwX90= golang.org/x/xerrors v0.0.0-20240903120638-7835f813f4da/go.mod h1:NDW/Ps6MPRej6fsCIbMTohpP40sJ/P/vI1MoTEGwX90=
google.golang.org/api v0.206.0 h1:A27GClesCSheW5P2BymVHjpEeQ2XHH8DI8Srs2HI2L8= google.golang.org/api v0.207.0 h1:Fvt6IGCYjf7YLcQ+GCegeAI2QSQCfIWhRkmrMPj3JRM=
google.golang.org/api v0.206.0/go.mod h1:BtB8bfjTYIrai3d8UyvPmV9REGgox7coh+ZRwm0b+W8= google.golang.org/api v0.207.0/go.mod h1:I53S168Yr/PNDNMi5yPnDc0/LGRZO6o7PoEbl/HY3CM=
google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
google.golang.org/genproto v0.0.0-20241113202542-65e8d215514f h1:zDoHYmMzMacIdjNe+P2XiTmPsLawi/pCbSPfxt6lTfw= google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 h1:ToEetK57OidYuqD4Q5w+vfEnPvPpuTwedCNVohYJfNk=
google.golang.org/genproto v0.0.0-20241113202542-65e8d215514f/go.mod h1:Q5m6g8b5KaFFzsQFIGdJkSJDGeJiybVenoYFMMa3ohI= google.golang.org/genproto v0.0.0-20241118233622-e639e219e697/go.mod h1:JJrvXBWRZaFMxBufik1a4RpFw4HhgVtBBWQeQgUj2cc=
google.golang.org/genproto/googleapis/api v0.0.0-20241113202542-65e8d215514f h1:M65LEviCfuZTfrfzwwEoxVtgvfkFkBUbFnRbxCXuXhU= google.golang.org/genproto/googleapis/api v0.0.0-20241118233622-e639e219e697 h1:pgr/4QbFyktUv9CtQ/Fq4gzEE6/Xs7iCXbktaGzLHbQ=
google.golang.org/genproto/googleapis/api v0.0.0-20241113202542-65e8d215514f/go.mod h1:Yo94eF2nj7igQt+TiJ49KxjIH8ndLYPZMIRSiRcEbg0= google.golang.org/genproto/googleapis/api v0.0.0-20241118233622-e639e219e697/go.mod h1:+D9ySVjN8nY8YCVjc5O7PZDIdZporIDY3KaGfJunh88=
google.golang.org/genproto/googleapis/rpc v0.0.0-20241113202542-65e8d215514f h1:C1QccEa9kUwvMgEUORqQD9S17QesQijxjZ84sO82mfo= google.golang.org/genproto/googleapis/rpc v0.0.0-20241118233622-e639e219e697 h1:LWZqQOEjDyONlF1H6afSWpAL/znlREo2tHfLoe+8LMA=
google.golang.org/genproto/googleapis/rpc v0.0.0-20241113202542-65e8d215514f/go.mod h1:GX3210XPVPUjJbTUbvwI8f2IpZDMZuPJWDzDuebbviI= google.golang.org/genproto/googleapis/rpc v0.0.0-20241118233622-e639e219e697/go.mod h1:5uTbfoYQed2U9p3KIj2/Zzm02PYhndfdmML0qC3q3FU=
google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=

View file

@ -1328,7 +1328,7 @@ func writeHTTPPart(m *multipart.Writer, part dataprovider.HTTPPart, h textproto.
return nil return nil
} }
func getHTTPRuleActionBody(c *dataprovider.EventActionHTTPConfig, replacer *strings.Replacer, func getHTTPRuleActionBody(c *dataprovider.EventActionHTTPConfig, replacer *strings.Replacer, //nolint:gocyclo
cancel context.CancelFunc, user dataprovider.User, params *EventParams, addObjectData bool, cancel context.CancelFunc, user dataprovider.User, params *EventParams, addObjectData bool,
) (io.Reader, string, error) { ) (io.Reader, string, error) {
var body io.Reader var body io.Reader
@ -1374,6 +1374,9 @@ func getHTTPRuleActionBody(c *dataprovider.EventActionHTTPConfig, replacer *stri
go func() { go func() {
defer w.Close() defer w.Close()
defer user.CloseFs() //nolint:errcheck defer user.CloseFs() //nolint:errcheck
if conn != nil {
defer conn.CloseFS() //nolint:errcheck
}
for _, part := range c.Parts { for _, part := range c.Parts {
h := make(textproto.MIMEHeader) h := make(textproto.MIMEHeader)
@ -1591,6 +1594,8 @@ func executeEmailRuleAction(c dataprovider.EventActionEmailConfig, params *Event
return fmt.Errorf("error getting email attachments, unable to check root fs for user %q: %w", user.Username, err) return fmt.Errorf("error getting email attachments, unable to check root fs for user %q: %w", user.Username, err)
} }
conn := NewBaseConnection(connectionID, protocolEventAction, "", "", user) conn := NewBaseConnection(connectionID, protocolEventAction, "", "", user)
defer conn.CloseFS() //nolint:errcheck
res, err := getMailAttachments(conn, fileAttachments, replacer) res, err := getMailAttachments(conn, fileAttachments, replacer)
if err != nil { if err != nil {
return err return err
@ -1652,6 +1657,8 @@ func executeDeleteFsActionForUser(deletes []string, replacer *strings.Replacer,
return fmt.Errorf("delete error, unable to check root fs for user %q: %w", user.Username, err) return fmt.Errorf("delete error, unable to check root fs for user %q: %w", user.Username, err)
} }
conn := NewBaseConnection(connectionID, protocolEventAction, "", "", user) conn := NewBaseConnection(connectionID, protocolEventAction, "", "", user)
defer conn.CloseFS() //nolint:errcheck
for _, item := range replacePathsPlaceholders(deletes, replacer) { for _, item := range replacePathsPlaceholders(deletes, replacer) {
info, err := conn.DoStat(item, 0, false) info, err := conn.DoStat(item, 0, false)
if err != nil { if err != nil {
@ -1720,6 +1727,8 @@ func executeMkDirsFsActionForUser(dirs []string, replacer *strings.Replacer, use
return fmt.Errorf("mkdir error, unable to check root fs for user %q: %w", user.Username, err) return fmt.Errorf("mkdir error, unable to check root fs for user %q: %w", user.Username, err)
} }
conn := NewBaseConnection(connectionID, protocolEventAction, "", "", user) conn := NewBaseConnection(connectionID, protocolEventAction, "", "", user)
defer conn.CloseFS() //nolint:errcheck
for _, item := range replacePathsPlaceholders(dirs, replacer) { for _, item := range replacePathsPlaceholders(dirs, replacer) {
if err = conn.CheckParentDirs(path.Dir(item)); err != nil { if err = conn.CheckParentDirs(path.Dir(item)); err != nil {
return fmt.Errorf("unable to check parent dirs for %q, user %q: %w", item, user.Username, err) return fmt.Errorf("unable to check parent dirs for %q, user %q: %w", item, user.Username, err)
@ -1779,6 +1788,8 @@ func executeRenameFsActionForUser(renames []dataprovider.RenameConfig, replacer
return fmt.Errorf("rename error, unable to check root fs for user %q: %w", user.Username, err) return fmt.Errorf("rename error, unable to check root fs for user %q: %w", user.Username, err)
} }
conn := NewBaseConnection(connectionID, protocolEventAction, "", "", user) conn := NewBaseConnection(connectionID, protocolEventAction, "", "", user)
defer conn.CloseFS() //nolint:errcheck
for _, item := range renames { for _, item := range renames {
source := util.CleanPath(replaceWithReplacer(item.Key, replacer)) source := util.CleanPath(replaceWithReplacer(item.Key, replacer))
target := util.CleanPath(replaceWithReplacer(item.Value, replacer)) target := util.CleanPath(replaceWithReplacer(item.Value, replacer))
@ -1808,6 +1819,8 @@ func executeCopyFsActionForUser(keyVals []dataprovider.KeyValue, replacer *strin
return fmt.Errorf("copy error, unable to check root fs for user %q: %w", user.Username, err) return fmt.Errorf("copy error, unable to check root fs for user %q: %w", user.Username, err)
} }
conn := NewBaseConnection(connectionID, protocolEventAction, "", "", user) conn := NewBaseConnection(connectionID, protocolEventAction, "", "", user)
defer conn.CloseFS() //nolint:errcheck
for _, item := range keyVals { for _, item := range keyVals {
source := util.CleanPath(replaceWithReplacer(item.Key, replacer)) source := util.CleanPath(replaceWithReplacer(item.Key, replacer))
target := util.CleanPath(replaceWithReplacer(item.Value, replacer)) target := util.CleanPath(replaceWithReplacer(item.Value, replacer))
@ -1839,6 +1852,8 @@ func executeExistFsActionForUser(exist []string, replacer *strings.Replacer,
return fmt.Errorf("existence check error, unable to check root fs for user %q: %w", user.Username, err) return fmt.Errorf("existence check error, unable to check root fs for user %q: %w", user.Username, err)
} }
conn := NewBaseConnection(connectionID, protocolEventAction, "", "", user) conn := NewBaseConnection(connectionID, protocolEventAction, "", "", user)
defer conn.CloseFS() //nolint:errcheck
for _, item := range replacePathsPlaceholders(exist, replacer) { for _, item := range replacePathsPlaceholders(exist, replacer) {
if _, err = conn.DoStat(item, 0, false); err != nil { if _, err = conn.DoStat(item, 0, false); err != nil {
return fmt.Errorf("error checking existence for path %q, user %q: %w", item, user.Username, err) return fmt.Errorf("error checking existence for path %q, user %q: %w", item, user.Username, err)
@ -1997,6 +2012,8 @@ func executeCompressFsActionForUser(c dataprovider.EventActionFsCompress, replac
return fmt.Errorf("compress error, unable to check root fs for user %q: %w", user.Username, err) return fmt.Errorf("compress error, unable to check root fs for user %q: %w", user.Username, err)
} }
conn := NewBaseConnection(connectionID, protocolEventAction, "", "", user) conn := NewBaseConnection(connectionID, protocolEventAction, "", "", user)
defer conn.CloseFS() //nolint:errcheck
name := util.CleanPath(replaceWithReplacer(c.Name, replacer)) name := util.CleanPath(replaceWithReplacer(c.Name, replacer))
conn.CheckParentDirs(path.Dir(name)) //nolint:errcheck conn.CheckParentDirs(path.Dir(name)) //nolint:errcheck
paths := make([]string, 0, len(c.Paths)) paths := make([]string, 0, len(c.Paths))

View file

@ -575,6 +575,7 @@ func validateBrowsableShare(share dataprovider.Share, connection *Connection) er
basePath := share.Paths[0] basePath := share.Paths[0]
info, err := connection.Stat(basePath, 0) info, err := connection.Stat(basePath, 0)
if err != nil { if err != nil {
connection.CloseFS() //nolint:errcheck
return util.NewI18nError( return util.NewI18nError(
fmt.Errorf("unable to check the share directory: %w", err), fmt.Errorf("unable to check the share directory: %w", err),
util.I18nErrorShareInvalidPath, util.I18nErrorShareInvalidPath,

View file

@ -13556,7 +13556,9 @@ func TestMaxTransfers(t *testing.T) {
err = os.RemoveAll(user.GetHomeDir()) err = os.RemoveAll(user.GetHomeDir())
assert.NoError(t, err) assert.NoError(t, err)
assert.Len(t, common.Connections.GetStats(""), 0) assert.Len(t, common.Connections.GetStats(""), 0)
assert.Equal(t, int32(0), common.Connections.GetTotalTransfers()) assert.Eventually(t, func() bool {
return common.Connections.GetTotalTransfers() == 0
}, 1000*time.Millisecond, 50*time.Millisecond)
common.Config.MaxPerHostConnections = oldValue common.Config.MaxPerHostConnections = oldValue
} }

View file

@ -15,8 +15,6 @@
package httpd package httpd
import ( import (
"crypto/sha256"
"encoding/hex"
"encoding/json" "encoding/json"
"errors" "errors"
"sync" "sync"
@ -53,10 +51,8 @@ type oauth2PendingAuth struct {
} }
func newOAuth2PendingAuth(provider int, redirectURL, clientID string, clientSecret *kms.Secret) oauth2PendingAuth { func newOAuth2PendingAuth(provider int, redirectURL, clientID string, clientSecret *kms.Secret) oauth2PendingAuth {
state := sha256.Sum256(util.GenerateRandomBytes(32))
return oauth2PendingAuth{ return oauth2PendingAuth{
State: hex.EncodeToString(state[:]), State: util.GenerateOpaqueString(),
Provider: provider, Provider: provider,
ClientID: clientID, ClientID: clientID,
ClientSecret: clientSecret, ClientSecret: clientSecret,

View file

@ -16,8 +16,6 @@ package httpd
import ( import (
"context" "context"
"crypto/sha256"
"encoding/hex"
"errors" "errors"
"fmt" "fmt"
"net/http" "net/http"
@ -204,12 +202,9 @@ type oidcPendingAuth struct {
} }
func newOIDCPendingAuth(audience tokenAudience) oidcPendingAuth { func newOIDCPendingAuth(audience tokenAudience) oidcPendingAuth {
state := sha256.Sum256(util.GenerateRandomBytes(32))
nonce := util.GenerateUniqueID()
return oidcPendingAuth{ return oidcPendingAuth{
State: hex.EncodeToString(state[:]), State: util.GenerateOpaqueString(),
Nonce: nonce, Nonce: util.GenerateOpaqueString(),
Audience: audience, Audience: audience,
IssuedAt: util.GetTimeAsMsSinceEpoch(time.Now()), IssuedAt: util.GetTimeAsMsSinceEpoch(time.Now()),
} }
@ -684,7 +679,7 @@ func (s *httpdServer) handleOIDCRedirect(w http.ResponseWriter, r *http.Request)
RefreshToken: oauth2Token.RefreshToken, RefreshToken: oauth2Token.RefreshToken,
IDToken: rawIDToken, IDToken: rawIDToken,
Nonce: idToken.Nonce, Nonce: idToken.Nonce,
Cookie: xid.New().String(), Cookie: util.GenerateOpaqueString(),
} }
if !oauth2Token.Expiry.IsZero() { if !oauth2Token.Expiry.IsZero() {
token.ExpiresAt = util.GetTimeAsMsSinceEpoch(oauth2Token.Expiry) token.ExpiresAt = util.GetTimeAsMsSinceEpoch(oauth2Token.Expiry)

View file

@ -152,8 +152,8 @@ func TestOIDCLoginLogout(t *testing.T) {
assert.Contains(t, rr.Body.String(), util.I18nInvalidAuth) assert.Contains(t, rr.Body.String(), util.I18nInvalidAuth)
expiredAuthReq := oidcPendingAuth{ expiredAuthReq := oidcPendingAuth{
State: xid.New().String(), State: util.GenerateOpaqueString(),
Nonce: xid.New().String(), Nonce: util.GenerateOpaqueString(),
Audience: tokenAudienceWebClient, Audience: tokenAudienceWebClient,
IssuedAt: util.GetTimeAsMsSinceEpoch(time.Now().Add(-10 * time.Minute)), IssuedAt: util.GetTimeAsMsSinceEpoch(time.Now().Add(-10 * time.Minute)),
} }
@ -564,7 +564,7 @@ func TestOIDCRefreshToken(t *testing.T) {
r, err := http.NewRequest(http.MethodGet, webUsersPath, nil) r, err := http.NewRequest(http.MethodGet, webUsersPath, nil)
assert.NoError(t, err) assert.NoError(t, err)
token := oidcToken{ token := oidcToken{
Cookie: xid.New().String(), Cookie: util.GenerateOpaqueString(),
AccessToken: xid.New().String(), AccessToken: xid.New().String(),
TokenType: "Bearer", TokenType: "Bearer",
ExpiresAt: util.GetTimeAsMsSinceEpoch(time.Now().Add(-1 * time.Minute)), ExpiresAt: util.GetTimeAsMsSinceEpoch(time.Now().Add(-1 * time.Minute)),
@ -668,7 +668,7 @@ func TestOIDCRefreshToken(t *testing.T) {
func TestOIDCRefreshUser(t *testing.T) { func TestOIDCRefreshUser(t *testing.T) {
token := oidcToken{ token := oidcToken{
Cookie: xid.New().String(), Cookie: util.GenerateOpaqueString(),
AccessToken: xid.New().String(), AccessToken: xid.New().String(),
TokenType: "Bearer", TokenType: "Bearer",
ExpiresAt: util.GetTimeAsMsSinceEpoch(time.Now().Add(1 * time.Minute)), ExpiresAt: util.GetTimeAsMsSinceEpoch(time.Now().Add(1 * time.Minute)),
@ -782,7 +782,7 @@ func TestValidateOIDCToken(t *testing.T) {
}, },
} }
token := oidcToken{ token := oidcToken{
Cookie: xid.New().String(), Cookie: util.GenerateOpaqueString(),
AccessToken: xid.New().String(), AccessToken: xid.New().String(),
ExpiresAt: util.GetTimeAsMsSinceEpoch(time.Now().Add(-2 * time.Minute)), ExpiresAt: util.GetTimeAsMsSinceEpoch(time.Now().Add(-2 * time.Minute)),
} }
@ -798,8 +798,8 @@ func TestValidateOIDCToken(t *testing.T) {
server.tokenAuth = jwtauth.New("PS256", util.GenerateRandomBytes(32), nil) server.tokenAuth = jwtauth.New("PS256", util.GenerateRandomBytes(32), nil)
token = oidcToken{ token = oidcToken{
Cookie: xid.New().String(), Cookie: util.GenerateOpaqueString(),
AccessToken: xid.New().String(), AccessToken: util.GenerateUniqueID(),
} }
oidcMgr.addToken(token) oidcMgr.addToken(token)
rr = httptest.NewRecorder() rr = httptest.NewRecorder()
@ -813,7 +813,7 @@ func TestValidateOIDCToken(t *testing.T) {
assert.Len(t, oidcMgr.tokens, 0) assert.Len(t, oidcMgr.tokens, 0)
token = oidcToken{ token = oidcToken{
Cookie: xid.New().String(), Cookie: util.GenerateOpaqueString(),
AccessToken: xid.New().String(), AccessToken: xid.New().String(),
Role: "admin", Role: "admin",
} }
@ -1107,7 +1107,7 @@ func TestMemoryOIDCManager(t *testing.T) {
AccessToken: xid.New().String(), AccessToken: xid.New().String(),
Nonce: xid.New().String(), Nonce: xid.New().String(),
SessionID: xid.New().String(), SessionID: xid.New().String(),
Cookie: xid.New().String(), Cookie: util.GenerateOpaqueString(),
Username: xid.New().String(), Username: xid.New().String(),
Role: "admin", Role: "admin",
Permissions: []string{dataprovider.PermAdminAny}, Permissions: []string{dataprovider.PermAdminAny},
@ -1157,7 +1157,7 @@ func TestMemoryOIDCManager(t *testing.T) {
token.UsedAt = usedAt token.UsedAt = usedAt
oidcMgr.tokens[token.Cookie] = token oidcMgr.tokens[token.Cookie] = token
newToken := oidcToken{ newToken := oidcToken{
Cookie: xid.New().String(), Cookie: util.GenerateOpaqueString(),
} }
oidcMgr.addToken(newToken) oidcMgr.addToken(newToken)
oidcMgr.cleanup() oidcMgr.cleanup()
@ -1663,7 +1663,7 @@ func TestDbOIDCManager(t *testing.T) {
} }
token := oidcToken{ token := oidcToken{
Cookie: xid.New().String(), Cookie: util.GenerateOpaqueString(),
AccessToken: xid.New().String(), AccessToken: xid.New().String(),
TokenType: "Bearer", TokenType: "Bearer",
RefreshToken: xid.New().String(), RefreshToken: xid.New().String(),

View file

@ -694,7 +694,7 @@ func (c *Configuration) handleSftpConnection(channel ssh.Channel, connection *Co
defer common.Connections.Remove(connection.GetID()) defer common.Connections.Remove(connection.GetID())
// Create the server instance for the channel using the handler we created above. // Create the server instance for the channel using the handler we created above.
server := sftp.NewRequestServer(channel, c.createHandlers(connection), sftp.WithRSAllocator(), server := sftp.NewRequestServer(channel, c.createHandlers(connection),
sftp.WithStartDirectory(connection.User.Filters.StartDirectory)) sftp.WithStartDirectory(connection.User.Filters.StartDirectory))
defer server.Close() defer server.Close()

View file

@ -4457,7 +4457,9 @@ func TestMaxTransfers(t *testing.T) {
assert.NoError(t, err) assert.NoError(t, err)
err = os.RemoveAll(user.GetHomeDir()) err = os.RemoveAll(user.GetHomeDir())
assert.NoError(t, err) assert.NoError(t, err)
assert.Equal(t, int32(0), common.Connections.GetTotalTransfers()) assert.Eventually(t, func() bool {
return common.Connections.GetTotalTransfers() == 0
}, 1000*time.Millisecond, 50*time.Millisecond)
common.Config.MaxPerHostConnections = oldValue common.Config.MaxPerHostConnections = oldValue
} }

View file

@ -80,7 +80,7 @@ func ServeSubSystemConnection(user *dataprovider.User, connectionID string, read
FilePut: connection, FilePut: connection,
FileCmd: connection, FileCmd: connection,
FileList: connection, FileList: connection,
}, sftp.WithRSAllocator()) })
defer server.Close() defer server.Close()
return server.Serve() return server.Serve()

View file

@ -22,8 +22,10 @@ import (
"crypto/elliptic" "crypto/elliptic"
"crypto/rand" "crypto/rand"
"crypto/rsa" "crypto/rsa"
"crypto/sha256"
"crypto/tls" "crypto/tls"
"crypto/x509" "crypto/x509"
"encoding/hex"
"encoding/json" "encoding/json"
"encoding/pem" "encoding/pem"
"errors" "errors"
@ -550,7 +552,7 @@ func createDirPathIfMissing(file string, perm os.FileMode) error {
return nil return nil
} }
// GenerateRandomBytes generates the secret to use for JWT auth // GenerateRandomBytes generates random bytes with the specified length
func GenerateRandomBytes(length int) []byte { func GenerateRandomBytes(length int) []byte {
b := make([]byte, length) b := make([]byte, length)
_, err := io.ReadFull(rand.Reader, b) _, err := io.ReadFull(rand.Reader, b)
@ -560,6 +562,12 @@ func GenerateRandomBytes(length int) []byte {
return b return b
} }
// GenerateOpaqueString generates a cryptographically secure opaque string
func GenerateOpaqueString() string {
randomBytes := sha256.Sum256(GenerateRandomBytes(32))
return hex.EncodeToString(randomBytes[:])
}
// GenerateUniqueID returns an unique ID // GenerateUniqueID returns an unique ID
func GenerateUniqueID() string { func GenerateUniqueID() string {
u, err := uuid.NewRandom() u, err := uuid.NewRandom()

View file

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
NFPM_VERSION=2.41.0 NFPM_VERSION=2.41.1
NFPM_ARCH=${NFPM_ARCH:-amd64} NFPM_ARCH=${NFPM_ARCH:-amd64}
if [ -z ${SFTPGO_VERSION} ] if [ -z ${SFTPGO_VERSION} ]
then then