beenull/sftpgo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1208 commits 8 branches 48 tags 35 MiB
Commit graph

373 commits

Author SHA1 Message Date
Nicola Murino
2f56375121
improve SFTP loop detection 2021-04-01 18:53:48 +02:00
Nicola Murino
5f49af1780
external auth: allow to inspect and preserve an existing user 2021-03-26 15:19:01 +01:00
Nicola Murino
54c0c1b80d
Windows: manually check if we can bind on the configured port/ports 
Windows allows the coexistence of three types of sockets on the same
transport-layer service port, for example, 127.0.0.1:8080, [::1]:8080
and [::ffff:0.0.0.0]:8080

Go don't properly handles this, so we use a ugly hack

Fixes #350
 2021-03-21 22:21:04 +01:00
Nicola Murino
d6dc3a507e
extend virtual folders support to all storage backends 
Fixes #241
 2021-03-21 19:15:47 +01:00
Nicola Murino
0286da2356
try to auto create virtual folders if missing 2021-03-10 22:30:56 +01:00
Nicola Murino
055506e518
sftpfs: add an option to disable concurrent reads 2021-03-06 15:41:40 +01:00
Nicola Murino
895117718e
SSH system command: add os separator to the resolved path when appropriate 
Fixes #327
 2021-03-01 22:10:45 +01:00
Nicola Murino
a6e36e7cad
FTP: improve TLS certificate authentication 
For each user you can now configure:

- TLS certificate auth
- TLS certificate auth and password
- Password auth

For TLS auth, the certificate common name must match the name provided
using the "USER" FTP command
 2021-02-28 12:10:40 +01:00
Nicola Murino
ca3e15578e
Use new methods in the io and os packages instead of ioutil ones 
ioutil is deprecated in Go 1.16 and SFTPGo is an application, not
a library, we have no reason to keep compatibility with old Go
versions.

Go 1.16 fix some cifs related issues too.
 2021-02-25 21:53:04 +01:00
Nicola Murino
3e1b07324d
GCS: remove compat code 2021-02-22 22:06:23 +01:00
Nicola Murino
be9230e85b
micro optimizations spotted using the go-critic linter 2021-02-16 19:11:36 +01:00
Nicola Murino
46176a54b4
minor doc fixes 2021-02-14 22:08:08 +01:00
Nicola Murino
a21ccad174
web hooks: add mutual TLS support 2021-02-13 14:41:37 +01:00
Nicola Murino
51f110bc7b
sftpd: add statvfs@openssh.com support 2021-02-11 19:45:52 +01:00
Nicola Murino
1cde50f050
sftpd: improve logging if filesystem creation fails 2021-02-03 09:45:04 +01:00
Nicola Murino
78bf808322
virtual folders: change dataprovider structure 
This way we no longer depend on the local file system path and so we can
add support for cloud backends in future updates
 2021-02-01 19:04:15 +01:00
Nicola Murino
46ab8f8d78
post-login hook: add the full user JSON serialized 
Fixes #284
 2021-01-26 18:05:44 +01:00
Nicola Murino
2b9ba1d520
web admin: try to uniform UI 2021-01-23 09:28:45 +01:00
Nicola Murino
aff75953e3
ssh requests: send a reply only if the client requested it 2021-01-21 09:28:41 +01:00
Nicola Murino
c0e09374a8
scp: fix wildcard uploads 
Fixes #285
 2021-01-20 22:37:59 +01:00
Nicola Murino
57976b4085
httpd: add mTLS and multiple bindings support 2021-01-19 18:59:41 +01:00
Nicola Murino
41a1af863e
OpenAPI: minor changes 2021-01-18 13:24:38 +01:00
Nicola Murino
778ec9b88f
REST API v2 
- add JWT authentication
- admins are now stored inside the data provider
- admin access can be restricted based on the source IP: both proxy
  header and connection IP are checked
- deprecate REST API CLI: it is not relevant anymore

Some other changes to the REST API can still happen before releasing
SFTPGo 2.0.0

Fixes #197
 2021-01-17 22:29:08 +01:00
Nicola Murino
a8a17a223a
scp: minor improvements 
document that we don't support wildcard expansion.

I should refactor scp code ...
 2021-01-05 22:32:30 +01:00
Nicola Murino
daac90c4e1
fix a potential race condition for pre-login and ext auth 
hooks

doing something like this:

err = provider.updateUser(u)
...
return provider.userExists(username)

could be racy if another update happen before

provider.userExists(username)

also pass a pointer to updateUser so if the user is modified inside
"validateUser" we can just return the modified user without do a new
query
 2021-01-05 09:50:22 +01:00
Nicola Murino
037d89a320
add support for a basic built-in defender 
It can help to prevent DoS and brute force password guessing
 2021-01-02 14:05:09 +01:00
Nicola Murino
1dce1eff48
improve FTP support 
- allow to disable active mode
- allow to disable SITE commands
- add optional support for calculating hash value of files
- add optional support for the non standard COMB command
 2020-12-24 18:48:06 +01:00
Nicola Murino
187a5b1908
sftpd: properly handle listener accept errors 
continue on temporary errors and exit from the serve loop for the
other ones
 2020-12-23 19:53:07 +01:00
Nicola Murino
c69d63c1f8
add support for multiple bindings 
Fixes #253
 2020-12-23 16:12:30 +01:00
Nicola Murino
143df87fee
add some docs for telemetry server 
move pprof to the telemetry server only
 2020-12-18 09:47:22 +01:00
Nicola Murino
f34462e3c3
add support for limiting max concurrent client connections 2020-12-15 19:29:30 +01:00
Nicola Murino
ed43ddd79d
enable hash commands for any supported backend 2020-12-13 15:11:55 +01:00
Nicola Murino
a6985075b9
add sftpfs storage backend 
Fixes #224
 2020-12-12 10:31:09 +01:00
Nicola Murino
50982229e1
REST API: add a method to get the status of the services 
added a status page to the built-in web admin
 2020-12-08 11:18:34 +01:00
Nicola Murino
4a88ea5c03
add Data At Rest Encryption support 2020-12-05 13:48:13 +01:00
Nicola Murino
634b723b5d
add KMS support 
Fixes #226
 2020-11-30 21:46:34 +01:00
Nicola Murino
dccc583b5d
add a dedicated struct to store encrypted credentials 
also gcs credentials are now encrypted, both on disk and inside the
provider.

Data provider is automatically migrated and load data will accept
old format too but you should upgrade to the new format to avoid future
issues
 2020-11-22 21:53:04 +01:00
Nicola Murino
5d789a01b7
update pkg/sftp 
These patches are now merged upstream:

https://github.com/pkg/sftp/pull/392
https://github.com/pkg/sftp/pull/393
 2020-11-18 19:06:12 +01:00
Nicola Murino
ca0ff0d630
add a File interface so we can avoid to use os.File directly 2020-11-17 19:36:39 +01:00
Nicola Murino
a6355e298e
add support for limit files using shell like patterns 
Fixes #209
 2020-11-15 22:04:48 +01:00
Nicola Murino
dc845fa2f4
webdav: fix permission errors if the client try to read multiple times 2020-11-14 19:19:41 +01:00
Nicola Murino
5720d40fee
add setstat_mode 2 
in this mode chmod/chtimes/chown can be silently ignored only for cloud
based file systems

Fixes #223
 2020-11-12 10:39:46 +01:00
Nicola Murino
4c5a0d663e
sftpd: return the error Operation Unsupported for unexpected reads 
a cloud based file cannot be opened for read and write at the same
time. Return a proper error if a client try to do this.

It can happen only for SFTP
 2020-11-09 21:01:56 +01:00
Nicola Murino
6ad4cc317c
cloud backends: stat and other performance improvements 2020-11-02 19:16:12 +01:00
Nicola Murino
950a5ad9ea
add a recoverer where appropriate 
I have never seen this, but a malformed packet can easily crash pkg/sftp
 2020-10-31 11:02:04 +01:00
Nicola Murino
ac3bae00fc
add support for SFTP subsystem mode 
Fixes #204
 2020-10-29 19:23:33 +01:00
Nicola Murino
975a2f3632
sftpd: fix the max upload file size check for overwrites 
improved test case too
 2020-10-25 08:52:31 +01:00
Nicola Murino
5ff8f75917
add Azure Blob support 2020-10-25 08:18:48 +01:00
Sean Hildebrand
db7e81e9d0
add prefer_database_credentials configuration parameter 
When true, users' Google Cloud Storage credentials will be written to
the data provider instead of disk.
Pre-existing credentials on disk will be used as a fallback

Fixes #201
 2020-10-22 10:42:40 +02:00
Nicola Murino
6a8039e76a
sftpd: log fingerprints for used host keys 2020-10-21 14:27:58 +02:00
Nicola Murino
b51d795e04
sftpd: auto generate an ed25519 host key too 2020-10-19 14:30:40 +02:00
Mark Sagi-Kazar
5e2db77ef9 refactor: add an enum for filesystem providers 
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
 2020-10-05 21:40:21 +02:00
Nicola Murino
f9827f958b
sftpd auto host keys: try to auto-create parent dir if missing 2020-10-05 14:16:57 +02:00
Nicola Murino
4ebedace1e systemd unit: run as "sftpgo" system user 
Update the docs too

Fixes #177
 2020-09-25 18:23:04 +02:00
Nicola Murino
bf708cb8bc osfs: improve isSubDir check 2020-09-21 19:32:33 +02:00
Nicola Murino
6c1a7449fe ssh commands: return better error messages 
This improve the fix for #171 and return better error message for
SSH commands other than SCP too
 2020-09-19 10:14:30 +02:00
Nicola Murino
209badf10c scp: return better error messages 
Fixes #171
 2020-09-18 19:13:09 +02:00
Nicola Murino
242dde4480 sftpd: ensure to always close idle connections 
after the last commit this wasn't the case anymore

Completly fixes #169
 2020-09-18 18:15:28 +02:00
Nicola Murino
2df0dd1f70 sshd: map each channel with a new connection 
Fixes #169
 2020-09-18 10:52:53 +02:00
Nicola Murino
98a6d138d4 sftpd: add a test case to ensure we return sftp.ErrSSHFxNoSuchFile ... 
if stat/lstat fails on a missing file
 2020-09-17 12:30:48 +02:00
Nicola Murino
3c1300721c add some basic how-to style documents 2020-09-13 19:43:56 +02:00
Nicola Murino
61003c8079 sftpd: add lstat support 2020-09-11 09:30:25 +02:00
Nicola Murino
a59163e56c multi-step auth: don't advertise password method if it is disabled 
also rename the settings to password_authentication so it is more like
OpenSSH, add some test cases and improve documentation
 2020-09-01 19:34:40 +02:00
Giorgio Pellero
8391b19abb
Add password_disabled bool to sftpd config, disables password auth callback (#165) 2020-09-01 19:26:33 +02:00
Nicola Murino
3925c7ff95 REST API/Web admin: add a parameter to disconnect a user after an update 
This way you can force the user to login again and so to use the updated
configuration.

A deleted user will be automatically disconnected.

Fixes #163

Improved some docs too.
 2020-09-01 16:10:26 +02:00
Nicola Murino
dbed110d02 WebDAV: add caching for authenticated users 
In this way we get a big performance boost
 2020-08-31 19:25:17 +02:00
Nicola Murino
4748e6f54d
sftpd: handle read and write from the same handle (#158) 
Fixes #155
 2020-08-31 06:45:22 +02:00
Nicola Murino
2746c0b0f1 move stat to base connection and differentiate between Stat and Lstat 
we will use Lstat once it will be exposed in pkg/sftp
 2020-08-25 18:23:00 +02:00
Nicola Murino
02e35ee002 sftpd: add Readlink support 2020-08-22 14:52:17 +02:00
Nicola Murino
5208e4a4ca sftpd: improve truncate 
quota usage and max allowed write size are now properly updated after a
truncate
 2020-08-22 10:12:00 +02:00
Nicola Murino
f41ce6619f sftpd: add SSH_FXP_FSETSTAT support 
This change will fix file editing from sshfs, we need this patch

https://github.com/pkg/sftp/pull/373

for pkg/sftp to support this feature
 2020-08-20 13:54:36 +02:00
Nicola Murino
933427310d fix check pwd hook when using memory provider 2020-08-19 19:47:52 +02:00
Nicola Murino
8b0a1817b3 add check password hook 
its main use case is to allow to easily support things like password+OTP for
protocols without keyboard interactive support such as FTP and WebDAV
 2020-08-19 19:36:12 +02:00
Nicola Murino
f3228713bc Allow individual protocols to be enabled per user 
Fixes #154
 2020-08-17 12:49:20 +02:00
Nicola Murino
fa5333784b add a maximum allowed size for a single upload 2020-08-16 20:17:02 +02:00
Nicola Murino
0dbf0cc81f WebDAV: add CORS support 2020-08-15 15:55:20 +02:00
Nicola Murino
aa0ed5dbd0 add post-login hook 
a login scope is supported too so you can get notifications for failed logins,
successful logins or both
 2020-08-12 16:15:12 +02:00
Nicola Murino
a9e21c282a add WebDAV support 
Fixes #147
 2020-08-11 23:56:10 +02:00
Antoine Deschênes
9a15a54885
sftpd: set failed connection loglevel to debug (#152) 2020-08-06 21:20:31 +02:00
Nicola Murino
91dcc349de Add client IP address to external auth, pre-login and keyboard interactive hooks 2020-08-04 18:03:28 +02:00
Nicola Murino
fa41bfd06a Cloud backends: add support for FTP REST command 
So partial downloads are now supported as for local fs
 2020-08-03 18:03:09 +02:00
Nicola Murino
22338ed478 add post connect hook 
Fixes #144
 2020-07-30 22:33:49 +02:00
Nicola Murino
93ce96d011 add support for the venerable FTP protocol 
Fixes #46
 2020-07-29 21:56:56 +02:00
Nicola Murino
cc2f04b0e4 fix concurrency test case on go 1.13 
a sleep seems required, needs investigation
 2020-07-25 08:55:17 +02:00
Nicola Murino
4e41a5583d refactoring: add common package 
The common package defines the interfaces that a protocol must implement
and contain code that can be shared among supported protocols.

This way should be easier to support new protocols
 2020-07-24 23:39:38 +02:00
Nicola Murino
da0f470f1c document FreeBSD support 
improve some tests cleanup
 2020-07-10 19:20:37 +02:00
Nicola Murino
0ea2ca3141 simplify data provider usage 
remove the obsolete SQL scripts too. They are not required since v0.9.6
 2020-07-08 19:59:31 +02:00
Nicola Murino
ee1131f254 enable SCP test cases on Windows 2020-06-30 23:25:25 +02:00
Nicola Murino
dd593b1035 ssh commands: send a generic error for unexpected failures 
and log the real error, it could leak a filesystem path
 2020-06-29 18:53:33 +02:00
Nicola Murino
165110872b add release workflow 
for each tag a new release, including binaries, is automatically created
 2020-06-28 15:57:33 +02:00
Nicola Murino
6ab4e9f533 add test case for concurrent logins 2020-06-27 12:36:42 +02:00
Nicola Murino
cf541d62ea recursive permissions check before renaming/copying directories 2020-06-26 23:38:29 +02:00
Nicola Murino
e86089a9f3 quota: improve size check 
get the remaining allowed size when an upload starts and check it against the
uploaded bytes

Fixes #128
 2020-06-18 22:38:03 +02:00
Nicola Murino
3ceba7a147 sftpgo-copy: add quota limits check 2020-06-16 22:49:18 +02:00
Nicola Murino
37418a7630 SSH system commands: allow git and rsync inside virtual folders 2020-06-15 23:32:12 +02:00
Nicola Murino
73a9c002e0 permissions: improve rename 
Allow to enable rename permission in a more controlled way granting "delete"
permission on source directory and "upload" permission on target directory
 2020-06-13 23:49:28 +02:00
Nicola Murino
3d48fa7382 ssh commands: add sftpgo-copy and sftpgo-remove 
Fixes #122
 2020-06-13 22:48:51 +02:00
Nicola Murino
8e22dd1b13 virtual folders: allow overlapped mapped paths if quota is disabled 
See #95
 2020-06-10 09:11:32 +02:00
Nicola Murino
7807fa7cc2 use os.ModePerm for files and directory creation 2020-06-08 19:40:17 +02:00
Nicola Murino
cd380973df allows host keys auto generation inside a user configured directory 
Fixes #124
 2020-06-08 18:45:04 +02:00
Nicola Murino
01d681faa3 external auth: allow to map multiple login username to a single account 
some external auth users want to map multiple login usernames with a single
SGTPGo account.
For example an SFTP user logins using "user1" or "user2" and the external auth
returns "user" in both cases, so we use the username returned from external auth
and not the one used to login

Fixes #125
 2020-06-08 13:06:02 +02:00
Nicola Murino
c231b663a3 add docs for virtual folders 
fix test cases on macOS
 2020-06-08 00:15:14 +02:00
Nicola Murino
8306b6bde6 refactor virtual folders 
The same virtual folder can now be shared among users and different
folder quota limits for each user are supported.

Fixes #120
 2020-06-07 23:30:18 +02:00
Nicola Murino
dc011af90d sftpd actions: add support for pre-delete action 
Fixes #121
 2020-05-24 23:31:14 +02:00
Nicola Murino
c27e3ef436 actions: add a generic hook to define external commands and HTTP URL 
We can only define a single hook now and it can be an HTTP notification
or an external command, not both
 2020-05-24 15:29:39 +02:00
Nicola Murino
15298b0409 sftpd: remove unused expectedSize field from Transfer struct 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2020-05-20 20:17:59 +02:00
Nicola Murino
cfa710037c cloud backends: fix SFTP error message for some write failures 
Fixes #119

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2020-05-19 19:17:43 +02:00
Nicola Murino
a08dd85efd sftpd: deprecate keys and add a new host_keys config param 
host_key defines the private host keys as plain list of strings.

Remove the other deprecated config params from the default config too.

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2020-05-16 23:26:44 +02:00
Nicola Murino
469d36d979 certificate auth: fix source address checking inside crypto/ssh 
So we can avoid to check source address ourself

81aafe6d26

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2020-05-16 15:15:32 +02:00
Nicola Murino
cf148db75d add test case for expired SSH certificate 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2020-05-15 23:23:49 +02:00
Nicola Murino
738c7ab43e sftpd: add support for SSH user certificate authentication 
This add support for PROTOCOL.certkeys vendor extension:

https://cvsweb.openbsd.org/src/usr.bin/ssh/PROTOCOL.certkeys?rev=1.8

Fixes #117

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2020-05-15 20:08:53 +02:00
Nicola Murino
e0f2ab9c01 test cases: minor improvements 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2020-05-10 12:37:29 +02:00
Nicola Murino
e0183217b6 test cases: simplify TestLoginInvalidFs 
we can simulate an invalid filesystem config using a GCS user without a
credentials file
 2020-05-07 19:47:46 +02:00
Nicola Murino
0c6e2b566b fix test cases on Windows 2020-05-06 23:16:08 +02:00
Nicola Murino
f02e24437a add more linters 
test cases migration to testify is now complete.
Linters are enabled for test cases too
 2020-05-06 19:36:34 +02:00
Nicola Murino
b006c5f914 NewOsFs: return an interface and not a pointer 2020-05-02 15:01:56 +02:00
Nicola Murino
3f75d46a16 sftpd: add support for excluding virtual folders from user quota limit 
Fixes #110
 2020-05-01 15:27:53 +02:00
Nicola Murino
d70959c34c fix some lint issues 2020-04-30 14:23:55 +02:00
Nicola Murino
d377181b25 add a new configuration section for HTTP clients 
HTTP clients are used for executing hooks such as the ones used for custom
actions, external authentication and pre-login user modifications.

This allows, for example, to use self-signed certificate without defeating the
purpose of using TLS
 2020-04-26 23:29:09 +02:00
Nicola Murino
0a47412e8c scp, ssh commands: hide the real fs path on errors 
The underlying filesystem errors for permissions and non-existing files
can contain the real storage path.
Map these errors to more generic ones to avoid to leak this info

Fixes #109
 2020-04-22 12:26:18 +02:00
Nicola Murino
37357b2d63 add support for checking pbkdf2 passwords with base64 encoded salt 
This way we can import the default passwords format used in 389ds.

See TestPasswordsHashPbkdf2Sha256_389DS test case to learn how to convert
389ds passwords
 2020-04-11 12:25:21 +02:00
Nicola Murino
5a5912ea66 switch to my pkg/sftp branch and enable the request-server allocator 
This way we have performance comparable to OpenSSH if the cipher
isn't the bottleneck
 2020-04-10 23:35:57 +02:00
Nicola Murino
b1c7317cf6 add support for partial authentication 
Multi-step authentication is activated disabling all single-step
auth methods for a given user
 2020-04-09 23:32:42 +02:00
Nicola Murino
94b46e57f1 sftpd actions: execute defined command on error too 
add a new field inside the notification to indicate if an error is
detected
 2020-04-03 19:25:38 +02:00
Nicola Murino
9046acbe68 add HTTP hooks 
external auth, pre-login user modification and keyboard interactive
authentication is now supported via HTTP requests too
 2020-04-01 23:25:23 +02:00
Nicola Murino
075bbe2aef added test case that checks quota for files inside virtual folders 2020-03-29 11:10:03 +02:00
Nicola Murino
b52d078986 pbkdf2: fix password comparison 
the key len for the derived function must be equal to the len of the
expected key
 2020-03-28 16:09:06 +01:00
Nicola Murino
0a9c4914aa pre-login program: allow to create a new user too 
clarify the difference between dynamic user creation/update and external
authentication
 2020-03-27 23:26:22 +01:00
Nicola Murino
f284008fb5 enable scp in default configuration 
remove the deprecated enable_scp setting
 2020-03-26 23:38:24 +01:00
Nicola Murino
4759254e10 file actions: add bucket and endpoint to notifications 
The HTTP notifications are now invoked as POST and the notification is
a JSON inside the POST body.

This is a backward incompatible change but this way the actions can be
extended more easily, sorry for the trouble

Fixes #101
 2020-03-25 18:36:33 +01:00
Nicola Murino
81c8e8d898 add profiler support 
profiling is now available via the HTTP base URL /debug/pprof/

examples, use this URL to start and download a 30 seconds CPU profile:

/debug/pprof/profile?seconds=30

use this URL to profile used memory:

/debug/pprof/heap?gc=1

use this URL to profile allocated memory:

/debug/pprof/allocs?gc=1

Full docs here:

https://golang.org/pkg/net/http/pprof/
 2020-03-15 15:16:35 +01:00
Nicola Murino
9b119765fc docs: minor improvements 2020-03-04 23:51:16 +01:00
Nicola Murino
016abda6d7 improve docs 2020-03-03 23:25:23 +01:00
Nicola Murino
ed1c7cac17 update deps 
we now use git master for pkg/sftp: it includes the performance patches
from my copy branch.
 2020-03-02 10:13:49 +01:00
Nicola Murino
833b702b90 proxy protocol: add list of allowed IP addresses and IP ranges 
"proxy_allowed" setting allows to specify the allowed IP address and IP
ranges that can send the proxy header. This setting combined with
"proxy_protocol" allows to ignore the header or to reject connections
that send the proxy header from a non listed IP
 2020-03-01 23:12:28 +01:00
Nicola Murino
b885d453a2 filters: we can now set allowed and denied files extensions 2020-03-01 22:10:29 +01:00
Nicola Murino
7163fde724 proxy protocol: added an option to make the proxy header required 
now we can configure SFTPGo to accept or reject requests without the proxy
header when the proxy protocol is enabled
 2020-02-29 00:02:06 +01:00
Nicola Murino
830e3d1f64 Support for HAProxy PROXY protocol 
you can proxy and/or load balance the SFTP/SCP service without losing
the information about the client's address.
 2020-02-27 09:21:30 +01:00
Mengsk
637463a068 Rename before_login_program to pre_login_program 
and some documentation update
 2020-02-25 16:34:54 +01:00
Nicola Murino
e69536f540 fixed some typos and improved a log 2020-02-25 12:46:52 +01:00
Nicola Murino
eb1b869b73 virtual folders fixes 
scp now properly handles virtual folders.

rsync is disabled for users with virtual folders: we execute a system
command and it is not aware about virtual folders.

git is not allowed if the repo path is inside a virtual folder
 2020-02-24 18:54:35 +01:00
Nicola Murino
703ccc8d91 add support for dynamic users modifications 
A custom program can be executed before the users login to modify the
configurations for the user trying to login.
You can, for example, allow login based on time range.

Fixes #77
 2020-02-23 18:50:59 +01:00
Nicola Murino
45b9366dd0 add support for virtual folders 
directories outside the user home directory can be exposed as virtual folders
 2020-02-23 11:30:26 +01:00
Nicola Murino
bc11cdd8d5 add support for per user authentication methods 
You can, for example, deny one or more authentication methods to one or
more users.
 2020-02-19 22:39:30 +01:00
Nicola Murino
62b20cd884 scp: check for write errors 
exits as soon as there is a write error instead of get the same error when
the transfer is closed
 2020-02-19 11:26:40 +01:00
Nicola Murino
c8cc81cf4a sftpd: autogenerate ecdsa key 
With default configuration we now generate RSA and ECDSA server keys.
 2020-02-16 18:17:39 +01:00
Nicola Murino
0b7be1175d parse ssh commands with shlex 
instead of use our bugged home made method.

Fixes #72
 2020-02-14 16:17:32 +01:00
Nicola Murino
b99495ebbb sftpd download: remove check for download size 
some clients, for example rclone can request only part of a file, we have
no way to detect this so we haven't return an error if the downloaded size
does not match the file size
 2020-02-14 11:09:16 +01:00
Nicola Murino
5b47292366 sftpd: improve error logs 
Now logs for cloud filesystems are more readable.

Also use standard output as default for debian Dockerfile
 2020-02-13 08:26:45 +01:00
Nicola Murino
8eff2df39c subdir perms: allow empty perms 
empty perms will allow nothing on the specified subdir.

Non empty permissions for the "/" dir are still required.

Fixes #70
 2020-02-10 19:28:35 +01:00