diff --git a/go.mod b/go.mod index 98a9dc41..f5d7c7bf 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.19 require ( cloud.google.com/go/storage v1.27.0 - github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.4 + github.com/Azure/azure-sdk-for-go/sdk/azcore v1.2.0 github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v0.5.1 github.com/GehirnInc/crypt v0.0.0-20200316065508-bb7000b8a962 github.com/alexedwards/argon2id v0.0.0-20211130144151-3585854a6387 @@ -155,7 +155,7 @@ require ( github.com/tklauser/numcpus v0.5.0 // indirect github.com/toorop/go-dkim v0.0.0-20201103131630-e1cd1a0a5208 // indirect github.com/yusufpapurcu/wmi v1.2.2 // indirect - go.opencensus.io v0.23.0 // indirect + go.opencensus.io v0.24.0 // indirect golang.org/x/mod v0.6.0 // indirect golang.org/x/text v0.4.0 // indirect golang.org/x/tools v0.2.0 // indirect diff --git a/go.sum b/go.sum index 7331b499..228087c4 100644 --- a/go.sum +++ b/go.sum @@ -101,8 +101,8 @@ github.com/Azure/azure-sdk-for-go v66.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9mo github.com/Azure/azure-sdk-for-go/sdk/azcore v0.19.0/go.mod h1:h6H6c8enJmmocHUbLiiGY6sx7f9i+X3m1CHdd5c6Rdw= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.0.0/go.mod h1:uGG2W01BaETf0Ozp+QxxKJdMBNRWPdstHG0Fmdwn1/U= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.1/go.mod h1:uGG2W01BaETf0Ozp+QxxKJdMBNRWPdstHG0Fmdwn1/U= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.4 h1:pqrAR74b6EoR4kcxF7L7Wg2B8Jgil9UUZtMvxhEFqWo= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.4/go.mod h1:uGG2W01BaETf0Ozp+QxxKJdMBNRWPdstHG0Fmdwn1/U= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.2.0 h1:sVW/AFBTGyJxDaMYlq0ct3jUXTtj12tQ6zE2GZUgVQw= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.2.0/go.mod h1:uGG2W01BaETf0Ozp+QxxKJdMBNRWPdstHG0Fmdwn1/U= github.com/Azure/azure-sdk-for-go/sdk/azidentity v0.11.0/go.mod h1:HcM1YX14R7CJcghJGOYCgdezslRSVzqwLf/q+4Y2r/0= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.0.0/go.mod h1:+6sju8gk8FRmSajX3Oz4G5Gm7P+mbqE9FVaXXFYTkCM= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.1.0 h1:QkAcEIAKbNL4KoFr4SathZPhDhF4mVwpBMFlYjyAqy8= @@ -1635,8 +1635,9 @@ go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= -go.opencensus.io v0.23.0 h1:gqCw0LfLxScz8irSi8exQc7fyQ0fKQU/qnC/X8+V/1M= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= +go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= +go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= go.opentelemetry.io/contrib v0.20.0/go.mod h1:G/EtFaa6qaN7+LxqfIAT3GiZa7Wv5DTBUzl5H4LY0Kc= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.20.0/go.mod h1:oVGt1LRbBOBq1A5BQLlUg9UaU/54aiHw8cgjV3aWZ/E= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.28.0/go.mod h1:vEhqr0m4eTc+DWxfsXoXue2GBgV2uUwVznkGIHW/e5w= diff --git a/internal/plugin/auth.go b/internal/plugin/auth.go index d6b5446d..7ddc1613 100644 --- a/internal/plugin/auth.go +++ b/internal/plugin/auth.go @@ -15,7 +15,6 @@ package plugin import ( - "crypto/sha256" "errors" "fmt" "os/exec" @@ -113,10 +112,9 @@ func (p *authPlugin) initialize() error { return fmt.Errorf("invalid options for auth plugin %#v: %v", p.config.Cmd, err) } - var secureConfig *plugin.SecureConfig - if p.config.SHA256Sum != "" { - secureConfig.Checksum = []byte(p.config.SHA256Sum) - secureConfig.Hash = sha256.New() + secureConfig, err := p.config.getSecureConfig() + if err != nil { + return err } client := plugin.NewClient(&plugin.ClientConfig{ HandshakeConfig: auth.Handshake, diff --git a/internal/plugin/ipfilter.go b/internal/plugin/ipfilter.go index e0274e1c..d797a61d 100644 --- a/internal/plugin/ipfilter.go +++ b/internal/plugin/ipfilter.go @@ -15,7 +15,6 @@ package plugin import ( - "crypto/sha256" "fmt" "os/exec" @@ -54,10 +53,9 @@ func (p *ipFilterPlugin) cleanup() { func (p *ipFilterPlugin) initialize() error { logger.Debug(logSender, "", "create new IP filter plugin %#v", p.config.Cmd) killProcess(p.config.Cmd) - var secureConfig *plugin.SecureConfig - if p.config.SHA256Sum != "" { - secureConfig.Checksum = []byte(p.config.SHA256Sum) - secureConfig.Hash = sha256.New() + secureConfig, err := p.config.getSecureConfig() + if err != nil { + return err } client := plugin.NewClient(&plugin.ClientConfig{ HandshakeConfig: ipfilter.Handshake, diff --git a/internal/plugin/kms.go b/internal/plugin/kms.go index db46a986..01c24e3e 100644 --- a/internal/plugin/kms.go +++ b/internal/plugin/kms.go @@ -15,7 +15,6 @@ package plugin import ( - "crypto/sha256" "fmt" "os/exec" "path/filepath" @@ -75,10 +74,9 @@ func (p *kmsPlugin) initialize() error { if err := p.config.KMSOptions.validate(); err != nil { return fmt.Errorf("invalid options for kms plugin %#v: %v", p.config.Cmd, err) } - var secureConfig *plugin.SecureConfig - if p.config.SHA256Sum != "" { - secureConfig.Checksum = []byte(p.config.SHA256Sum) - secureConfig.Hash = sha256.New() + secureConfig, err := p.config.getSecureConfig() + if err != nil { + return err } client := plugin.NewClient(&plugin.ClientConfig{ HandshakeConfig: kmsplugin.Handshake, diff --git a/internal/plugin/metadata.go b/internal/plugin/metadata.go index e48cf0da..bb407151 100644 --- a/internal/plugin/metadata.go +++ b/internal/plugin/metadata.go @@ -15,7 +15,6 @@ package plugin import ( - "crypto/sha256" "fmt" "os/exec" @@ -54,10 +53,9 @@ func (p *metadataPlugin) cleanup() { func (p *metadataPlugin) initialize() error { killProcess(p.config.Cmd) logger.Debug(logSender, "", "create new metadata plugin %#v", p.config.Cmd) - var secureConfig *plugin.SecureConfig - if p.config.SHA256Sum != "" { - secureConfig.Checksum = []byte(p.config.SHA256Sum) - secureConfig.Hash = sha256.New() + secureConfig, err := p.config.getSecureConfig() + if err != nil { + return err } client := plugin.NewClient(&plugin.ClientConfig{ HandshakeConfig: metadata.Handshake, diff --git a/internal/plugin/notifier.go b/internal/plugin/notifier.go index 5a4862af..3643b010 100644 --- a/internal/plugin/notifier.go +++ b/internal/plugin/notifier.go @@ -15,7 +15,6 @@ package plugin import ( - "crypto/sha256" "fmt" "os/exec" "sync" @@ -138,10 +137,9 @@ func (p *notifierPlugin) initialize() error { if !p.config.NotifierOptions.hasActions() { return fmt.Errorf("no actions defined for the notifier plugin %#v", p.config.Cmd) } - var secureConfig *plugin.SecureConfig - if p.config.SHA256Sum != "" { - secureConfig.Checksum = []byte(p.config.SHA256Sum) - secureConfig.Hash = sha256.New() + secureConfig, err := p.config.getSecureConfig() + if err != nil { + return err } client := plugin.NewClient(&plugin.ClientConfig{ HandshakeConfig: notifier.Handshake, diff --git a/internal/plugin/plugin.go b/internal/plugin/plugin.go index 081ad46e..24131a12 100644 --- a/internal/plugin/plugin.go +++ b/internal/plugin/plugin.go @@ -16,7 +16,9 @@ package plugin import ( + "crypto/sha256" "crypto/x509" + "encoding/hex" "errors" "fmt" "sync" @@ -24,6 +26,7 @@ import ( "time" "github.com/hashicorp/go-hclog" + "github.com/hashicorp/go-plugin" "github.com/sftpgo/sdk/plugin/auth" "github.com/sftpgo/sdk/plugin/eventsearcher" "github.com/sftpgo/sdk/plugin/ipfilter" @@ -82,6 +85,20 @@ type Config struct { kmsID int } +func (c *Config) getSecureConfig() (*plugin.SecureConfig, error) { + if c.SHA256Sum != "" { + checksum, err := hex.DecodeString(c.SHA256Sum) + if err != nil { + return nil, fmt.Errorf("invalid sha256 hash %q: %w", c.SHA256Sum, err) + } + return &plugin.SecureConfig{ + Checksum: checksum, + Hash: sha256.New(), + }, nil + } + return nil, nil +} + func (c *Config) newKMSPluginSecretProvider(base kms.BaseSecret, url, masterKey string) kms.SecretProvider { return &kmsPluginSecretProvider{ BaseSecret: base, @@ -774,16 +791,17 @@ func setLogLevel(logLevel string) { func startCheckTicker() { logger.Debug(logSender, "", "start plugins checker") - checker := time.NewTicker(30 * time.Second) go func() { + ticker := time.NewTicker(30 * time.Second) + defer ticker.Stop() + for { select { case <-Handler.done: logger.Debug(logSender, "", "handler done, stop plugins checker") - checker.Stop() return - case <-checker.C: + case <-ticker.C: Handler.checkCrashedPlugins() } } diff --git a/internal/plugin/searcher.go b/internal/plugin/searcher.go index abeb7688..7086bca9 100644 --- a/internal/plugin/searcher.go +++ b/internal/plugin/searcher.go @@ -15,7 +15,6 @@ package plugin import ( - "crypto/sha256" "fmt" "os/exec" @@ -54,10 +53,9 @@ func (p *searcherPlugin) cleanup() { func (p *searcherPlugin) initialize() error { killProcess(p.config.Cmd) logger.Debug(logSender, "", "create new searcher plugin %#v", p.config.Cmd) - var secureConfig *plugin.SecureConfig - if p.config.SHA256Sum != "" { - secureConfig.Checksum = []byte(p.config.SHA256Sum) - secureConfig.Hash = sha256.New() + secureConfig, err := p.config.getSecureConfig() + if err != nil { + return err } client := plugin.NewClient(&plugin.ClientConfig{ HandshakeConfig: eventsearcher.Handshake, diff --git a/internal/vfs/sftpfs.go b/internal/vfs/sftpfs.go index 617dfe5b..9a13f21d 100644 --- a/internal/vfs/sftpfs.go +++ b/internal/vfs/sftpfs.go @@ -1016,17 +1016,18 @@ func (c *sftpConnection) getClient() (*sftp.Client, error) { } func (c *sftpConnection) Wait() { - waitEnd := make(chan struct{}) - ticker := time.NewTicker(30 * time.Second) + done := make(chan struct{}) go func() { var watchdogInProgress atomic.Bool + ticker := time.NewTicker(30 * time.Second) + defer ticker.Stop() + for { select { case <-ticker.C: if watchdogInProgress.Load() { logger.Error(c.logSender, "", "watchdog still in progress, closing hanging connection") - ticker.Stop() c.sshClient.Close() return } @@ -1039,9 +1040,8 @@ func (c *sftpConnection) Wait() { logger.Error(c.logSender, "", "watchdog error: %v", err) } }() - case <-waitEnd: + case <-done: logger.Debug(c.logSender, "", "quitting watchdog") - ticker.Stop() return } } @@ -1051,7 +1051,7 @@ func (c *sftpConnection) Wait() { // we don't detect the event. err := c.sftpClient.Wait() logger.Log(logger.LevelDebug, c.logSender, "", "sftp channel closed: %v", err) - close(waitEnd) + close(done) c.mu.Lock() defer c.mu.Unlock()