sftpd config: MaxAuthTries is now configurable
This commit is contained in:
parent
6053a0617f
commit
5c861a7c46
5 changed files with 17 additions and 13 deletions
|
@ -61,6 +61,7 @@ The `sftpgo.conf` configuration file contains the following sections:
|
|||
- `bind_port`, integer the port used for serving SFTP requests. Default: 2022
|
||||
- `bind_address`, string. Leave blank to listen on all available network interfaces. Default: ""
|
||||
- `idle_timeout`, integer. Time in minutes after which an idle client will be disconnected. Default: 15
|
||||
- `max_auth_tries` integer. Maximum number of authentication attempts permitted per connection. If set to a negative number, the number of attempts are unlimited. If set to zero, the number of attempts are limited to 6.
|
||||
- `umask`, string. Umask for the new files and directories. This setting has no effect on Windows. Default: "0022"
|
||||
- **"data_provider"**, the configuration for the data provider
|
||||
- `driver`, string. Supported drivers are `sqlite`, `mysql`, `postgresql`
|
||||
|
|
|
@ -28,10 +28,11 @@ func init() {
|
|||
// create a default configuration to use if no config file is provided
|
||||
globalConf = globalConfig{
|
||||
SFTPD: sftpd.Configuration{
|
||||
BindPort: 2022,
|
||||
BindAddress: "",
|
||||
IdleTimeout: 15,
|
||||
Umask: "0022",
|
||||
BindPort: 2022,
|
||||
BindAddress: "",
|
||||
IdleTimeout: 15,
|
||||
MaxAuthTries: 0,
|
||||
Umask: "0022",
|
||||
},
|
||||
ProviderConf: dataprovider.Config{
|
||||
Driver: "sqlite",
|
||||
|
@ -74,13 +75,13 @@ func LoadConfig(configPath string) error {
|
|||
//globalConf.basePath = basePath
|
||||
file, err := os.Open(configPath)
|
||||
if err != nil {
|
||||
logger.Warn(logSender, "error loading configuration file: %v. Default configuration will be used", err)
|
||||
logger.Warn(logSender, "error loading configuration file: %v. Default configuration will be used: %+v", err, globalConf)
|
||||
return err
|
||||
}
|
||||
defer file.Close()
|
||||
err = json.NewDecoder(file).Decode(&globalConf)
|
||||
if err != nil {
|
||||
logger.Warn(logSender, "error parsing config file: %v", err)
|
||||
logger.Warn(logSender, "error parsing config file: %v. Default configuration will be used: %+v", err, globalConf)
|
||||
return err
|
||||
}
|
||||
logger.Debug(logSender, "config loaded: %+v", globalConf)
|
||||
|
|
|
@ -138,7 +138,7 @@ func (c Connection) Filewrite(request *sftp.Request) (io.WriterAt, error) {
|
|||
}
|
||||
|
||||
if statErr != nil {
|
||||
logger.Error("error performing file stat %v: %v", p, statErr)
|
||||
logger.Error(logSender, "error performing file stat %v: %v", p, statErr)
|
||||
return nil, sftp.ErrSshFxFailure
|
||||
}
|
||||
|
||||
|
@ -149,7 +149,7 @@ func (c Connection) Filewrite(request *sftp.Request) (io.WriterAt, error) {
|
|||
|
||||
// Not sure this would ever happen, but lets not find out.
|
||||
if stat.IsDir() {
|
||||
logger.Warn("attempted to open a directory for writing to: %v", p)
|
||||
logger.Warn(logSender, "attempted to open a directory for writing to: %v", p)
|
||||
return nil, sftp.ErrSshFxOpUnsupported
|
||||
}
|
||||
|
||||
|
|
|
@ -27,10 +27,11 @@ import (
|
|||
|
||||
// Configuration server configuration
|
||||
type Configuration struct {
|
||||
BindPort int `json:"bind_port"`
|
||||
BindAddress string `json:"bind_address"`
|
||||
IdleTimeout int `json:"idle_timeout"`
|
||||
Umask string `json:"umask"`
|
||||
BindPort int `json:"bind_port"`
|
||||
BindAddress string `json:"bind_address"`
|
||||
IdleTimeout int `json:"idle_timeout"`
|
||||
MaxAuthTries int `json:"max_auth_tries"`
|
||||
Umask string `json:"umask"`
|
||||
}
|
||||
|
||||
// Initialize the SFTP server and add a persistent listener to handle inbound SFTP connections.
|
||||
|
@ -43,7 +44,7 @@ func (c Configuration) Initialize(configDir string) error {
|
|||
}
|
||||
serverConfig := &ssh.ServerConfig{
|
||||
NoClientAuth: false,
|
||||
MaxAuthTries: 10,
|
||||
MaxAuthTries: c.MaxAuthTries,
|
||||
PasswordCallback: func(conn ssh.ConnMetadata, pass []byte) (*ssh.Permissions, error) {
|
||||
sp, err := c.validatePasswordCredentials(conn, pass)
|
||||
if err != nil {
|
||||
|
|
|
@ -3,6 +3,7 @@
|
|||
"bind_port":2022,
|
||||
"bind_address": "",
|
||||
"idle_timeout": 15,
|
||||
"max_auth_tries": 0,
|
||||
"umask": "0022"
|
||||
},
|
||||
"data_provider": {
|
||||
|
|
Loading…
Reference in a new issue