Send output from external_auth_hook to logs
Signed-off-by: Felix Eckhofer <felix@eckhofer.com>
This commit is contained in:
parent
71f691b208
commit
ec67b67e9e
2 changed files with 22 additions and 1 deletions
|
@ -21,6 +21,8 @@ The program must write, on its standard output:
|
||||||
- an empty string, or no response at all, if authentication succeeds and the existing SFTPGo user does not need to be updated. This means that the credentials already stored in SFTPGo must match those used for the current authentication.
|
- an empty string, or no response at all, if authentication succeeds and the existing SFTPGo user does not need to be updated. This means that the credentials already stored in SFTPGo must match those used for the current authentication.
|
||||||
- a user with an empty username if the authentication fails
|
- a user with an empty username if the authentication fails
|
||||||
|
|
||||||
|
Any output of the program on its standard error will be recorded in the sftpgo logs with sender `external_auth_hook`.
|
||||||
|
|
||||||
If the hook is an HTTP URL then it will be invoked as HTTP POST. The request body will contain a JSON serialized struct with the following fields:
|
If the hook is an HTTP URL then it will be invoked as HTTP POST. The request body will contain a JSON serialized struct with the following fields:
|
||||||
|
|
||||||
- `username`
|
- `username`
|
||||||
|
|
|
@ -3979,7 +3979,26 @@ func getExternalAuthResponse(username, password, pkey, keyboardInteractive, ip,
|
||||||
fmt.Sprintf("SFTPGO_AUTHD_PROTOCOL=%v", protocol),
|
fmt.Sprintf("SFTPGO_AUTHD_PROTOCOL=%v", protocol),
|
||||||
fmt.Sprintf("SFTPGO_AUTHD_TLS_CERT=%v", strings.ReplaceAll(tlsCert, "\n", "\\n")),
|
fmt.Sprintf("SFTPGO_AUTHD_TLS_CERT=%v", strings.ReplaceAll(tlsCert, "\n", "\\n")),
|
||||||
fmt.Sprintf("SFTPGO_AUTHD_KEYBOARD_INTERACTIVE=%v", keyboardInteractive))
|
fmt.Sprintf("SFTPGO_AUTHD_KEYBOARD_INTERACTIVE=%v", keyboardInteractive))
|
||||||
return cmd.Output()
|
|
||||||
|
var stdout bytes.Buffer
|
||||||
|
cmd.Stdout = &stdout
|
||||||
|
|
||||||
|
stderr, err := cmd.StderrPipe()
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
err = cmd.Start()
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
in := bufio.NewScanner(stderr)
|
||||||
|
for in.Scan() {
|
||||||
|
logger.Log(logger.LevelWarn, "external_auth_hook", "", "%s", in.Text())
|
||||||
|
}
|
||||||
|
|
||||||
|
return stdout.Bytes(), cmd.Wait()
|
||||||
}
|
}
|
||||||
|
|
||||||
func updateUserFromExtAuthResponse(user *User, password, pkey string) {
|
func updateUserFromExtAuthResponse(user *User, password, pkey string) {
|
||||||
|
|
Loading…
Reference in a new issue