Nicola Murino
df41f0c556
add a setting to skip natural keys validation
...
Enabling the "skip_natural_keys_validation" data provider setting,
the natural keys for REST API/Web Admin as usernames, admin names,
folder names are not restricted to unreserved URI chars
Fixes #334 #308
2021-03-04 09:48:53 +01:00
Nicola Murino
3243181c5f
Add a link to the OpenAPI schema where relevant
...
Fixes #329
2021-03-01 22:22:05 +01:00
Nicola Murino
534b253c20
WebDAV: improve TLS certificate authentication
...
For each user you can now configure:
- TLS certificate auth
- TLS certificate auth and password
- Password auth
For TLS certificate auth, the certificate common name is used as
username
2021-03-01 19:28:11 +01:00
Nicola Murino
a6e36e7cad
FTP: improve TLS certificate authentication
...
For each user you can now configure:
- TLS certificate auth
- TLS certificate auth and password
- Password auth
For TLS auth, the certificate common name must match the name provided
using the "USER" FTP command
2021-02-28 12:10:40 +01:00
Nicola Murino
5da4f931c5
TLS: allow to configure cipher suites
...
Fixes #316
2021-02-18 20:17:16 +01:00
Nicola Murino
b1ce6eb85b
web admin: allow to set an empty password for SFTPGo users
2021-02-15 19:38:53 +01:00
Nicola Murino
46176a54b4
minor doc fixes
2021-02-14 22:08:08 +01:00
Nicola Murino
a21ccad174
web hooks: add mutual TLS support
2021-02-13 14:41:37 +01:00
Nicola Murino
6a6e8fffbc
web hooks: improve resilience by adding a configurable retry
...
the retryable http client is used for hooks that notify events
2021-02-12 21:42:49 +01:00
Nicola Murino
1bccb93fcb
rename default branch from master to main
2021-02-09 19:53:03 +01:00
Nicola Murino
a219d25cac
webdav: update the doc
...
the user specific path is now gone
2021-02-04 07:46:40 +01:00
Nicola Murino
78bf808322
virtual folders: change dataprovider structure
...
This way we no longer depend on the local file system path and so we can
add support for cloud backends in future updates
2021-02-01 19:04:15 +01:00
Nicola Murino
46ab8f8d78
post-login hook: add the full user JSON serialized
...
Fixes #284
2021-01-26 18:05:44 +01:00
Nicola Murino
80f5ccd357
web admin: add backup/restore
2021-01-22 19:42:18 +01:00
Nicola Murino
57976b4085
httpd: add mTLS and multiple bindings support
2021-01-19 18:59:41 +01:00
Nicola Murino
41a1af863e
OpenAPI: minor changes
2021-01-18 13:24:38 +01:00
Nicola Murino
778ec9b88f
REST API v2
...
- add JWT authentication
- admins are now stored inside the data provider
- admin access can be restricted based on the source IP: both proxy
header and connection IP are checked
- deprecate REST API CLI: it is not relevant anymore
Some other changes to the REST API can still happen before releasing
SFTPGo 2.0.0
Fixes #197
2021-01-17 22:29:08 +01:00
Nicola Murino
a8a17a223a
scp: minor improvements
...
document that we don't support wildcard expansion.
I should refactor scp code ...
2021-01-05 22:32:30 +01:00
Nicola Murino
72b2c83392
defender: allow hot-reloading for safe and block lists
2021-01-04 17:52:14 +01:00
Nicola Murino
684f4ba1a6
mutal TLS: add support for revocation lists
2021-01-03 17:03:04 +01:00
Nicola Murino
1e1c46ae1b
defender: minor docs improvements
2021-01-02 20:02:05 +01:00
Nicola Murino
d6b3acdb62
add REST API for the defender
2021-01-02 19:33:24 +01:00
Nicola Murino
037d89a320
add support for a basic built-in defender
...
It can help to prevent DoS and brute force password guessing
2021-01-02 14:05:09 +01:00
Nicola Murino
0966d44c0f
httpd: add support for listening over a Unix-domain socket
...
Fixes #266
2020-12-29 19:02:56 +01:00
Nicola Murino
40e759c983
FTP: add support for client certificate authentication
2020-12-29 09:20:09 +01:00
Nicola Murino
141ca6777c
webdav: add support for client certificate authentication
...
Fixes #263
2020-12-28 19:48:23 +01:00
Nicola Murino
1dce1eff48
improve FTP support
...
- allow to disable active mode
- allow to disable SITE commands
- add optional support for calculating hash value of files
- add optional support for the non standard COMB command
2020-12-24 18:48:06 +01:00
Nicola Murino
c69d63c1f8
add support for multiple bindings
...
Fixes #253
2020-12-23 16:12:30 +01:00
Nicola Murino
bcf0fa073e
telemetry server: add optional https and authentication
2020-12-18 16:04:42 +01:00
Nicola Murino
143df87fee
add some docs for telemetry server
...
move pprof to the telemetry server only
2020-12-18 09:47:22 +01:00
Nicola Murino
f34462e3c3
add support for limiting max concurrent client connections
2020-12-15 19:29:30 +01:00
Nicola Murino
ed43ddd79d
enable hash commands for any supported backend
2020-12-13 15:11:55 +01:00
Nicola Murino
a6985075b9
add sftpfs storage backend
...
Fixes #224
2020-12-12 10:31:09 +01:00
dharmendra kariya
6977a4a18b
Update full-configuration.md ( #240 )
...
just deleting redundant line
2020-12-08 09:09:21 +01:00
Nicola Murino
034d89876d
webdav: fix proppatch handling
...
also respect login delay for cached webdav users and check the home dir as
soon as the user authenticates
Fixes #239
2020-12-06 08:19:41 +01:00
Nicola Murino
4a88ea5c03
add Data At Rest Encryption support
2020-12-05 13:48:13 +01:00
Nicola Murino
95c6d41c35
config: make config file relative to the config dir
...
a configuration parsing error is now fatal
2020-12-03 17:16:35 +01:00
Nicola Murino
a67276ccc2
add build tags to disable kms providers
2020-12-02 09:44:18 +01:00
Nicola Murino
940836b25b
add a note about using sqlite provider over cifs shares
...
See #235
2020-11-30 21:59:56 +01:00
Nicola Murino
634b723b5d
add KMS support
...
Fixes #226
2020-11-30 21:46:34 +01:00
Nicola Murino
4bb9d07dde
user: add a free text field
...
Fixes #230
2020-11-25 22:26:34 +01:00
Nicola Murino
0609188d3f
allow to disable SFTP service
...
Fixes #228
2020-11-24 13:44:57 +01:00
Nicola Murino
dccc583b5d
add a dedicated struct to store encrypted credentials
...
also gcs credentials are now encrypted, both on disk and inside the
provider.
Data provider is automatically migrated and load data will accept
old format too but you should upgrade to the new format to avoid future
issues
2020-11-22 21:53:04 +01:00
Nicola Murino
a6355e298e
add support for limit files using shell like patterns
...
Fixes #209
2020-11-15 22:04:48 +01:00
Nicola Murino
5720d40fee
add setstat_mode 2
...
in this mode chmod/chtimes/chown can be silently ignored only for cloud
based file systems
Fixes #223
2020-11-12 10:39:46 +01:00
Nicola Murino
36151d1ba9
subsystem mode: add base-home-dir flag
2020-11-05 12:12:11 +01:00
Nicola Murino
0119fd03a6
webdav: user caching is now mandatory
...
we cache the lock system with the user, without user caching we cannot
support locks for resource
2020-11-04 22:29:25 +01:00
Nicola Murino
0a14297b48
webdav: performance improvements and bug fixes
...
we need my custom golang/x/net/webdav fork for now
https://github.com/drakkan/net/tree/sftpgo
2020-11-04 19:11:40 +01:00
Nicola Murino
ebb18fa57d
config: manually set viper defaults
...
so we can override config via env var even without a configuration file
Fixes #208
2020-10-30 18:58:57 +01:00
Nicola Murino
58b0ca585c
docs: clarify that the config dir is the working dir by default
...
Fixes #211
2020-10-29 21:54:02 +01:00
Nicola Murino
ac3bae00fc
add support for SFTP subsystem mode
...
Fixes #204
2020-10-29 19:23:33 +01:00
Nicola Murino
e54828a7b8
add metrics for Azure Blob storage
2020-10-26 19:01:17 +01:00
Nicola Murino
f2acde789d
portable mode: add Azure Blob support
2020-10-25 21:42:43 +01:00
Nicola Murino
5ff8f75917
add Azure Blob support
2020-10-25 08:18:48 +01:00
Sean Hildebrand
db7e81e9d0
add prefer_database_credentials configuration parameter
...
When true, users' Google Cloud Storage credentials will be written to
the data provider instead of disk.
Pre-existing credentials on disk will be used as a fallback
Fixes #201
2020-10-22 10:42:40 +02:00
Nicola Murino
bb5207ad77
Add support for loading users/folders on startup
...
Fixes #161
2020-10-20 18:42:37 +02:00
Nicola Murino
b51d795e04
sftpd: auto generate an ed25519 host key too
2020-10-19 14:30:40 +02:00
Ilias Trichopoulos
5b79379c90
Fix typo in Twilio name
2020-10-12 11:36:14 +02:00
Nicola Murino
ce9387f1ab
update dependencies and some docs
2020-10-09 20:25:42 +02:00
Nicola Murino
f22fe6af76
remove py extension from REST API CLI
2020-10-08 16:02:04 +02:00
Nicola Murino
c289ae07d2
Docker workflow: explicitly set image labels
...
while waiting for https://github.com/docker/build-push-action/issues/165
to be fixed.
Some minor changes to the default configuration for Linux packages
2020-10-06 18:03:55 +02:00
Nicola Murino
c992072286
data provider: add a setting to prevent auto-update
2020-10-05 19:42:33 +02:00
Ilias Trichopoulos
c65dd86d5e
Fix typos ( #181 )
2020-10-05 11:29:18 +02:00
Nicola Murino
d1f0e9ae9f
CGS: implement MimeTyper interface
2020-09-28 22:12:46 +02:00
Nicola Murino
13d43a2d31
improve some docs
2020-09-27 09:24:10 +02:00
Nicola Murino
001261433b
howto postgres-s3: update to use the debian package
2020-09-26 19:28:56 +02:00
Nicola Murino
4ebedace1e
systemd unit: run as "sftpgo" system user
...
Update the docs too
Fixes #177
2020-09-25 18:23:04 +02:00
Nicola Murino
38f06ab373
ftpd: fix TLS for active connections
...
See https://github.com/fclairamb/ftpserverlib/issues/177
Some minor doc improvements
2020-09-17 09:45:40 +02:00
Nicola Murino
3c1300721c
add some basic how-to style documents
2020-09-13 19:43:56 +02:00
Nicola Murino
01850c7399
REST API: remove status from ApiResponse
...
it duplicates the header HTTP status
2020-09-08 09:45:21 +02:00
Nicola Murino
bdf18fa862
password hashing: exposes argon2 options
...
So the hashing complexity can be changed depending on available
memory/CPU resources and business requirements
2020-09-04 17:09:31 +02:00
Nicola Murino
a59163e56c
multi-step auth: don't advertise password method if it is disabled
...
also rename the settings to password_authentication so it is more like
OpenSSH, add some test cases and improve documentation
2020-09-01 19:34:40 +02:00
Giorgio Pellero
8391b19abb
Add password_disabled bool to sftpd config, disables password auth callback ( #165 )
2020-09-01 19:26:33 +02:00
Nicola Murino
3925c7ff95
REST API/Web admin: add a parameter to disconnect a user after an update
...
This way you can force the user to login again and so to use the updated
configuration.
A deleted user will be automatically disconnected.
Fixes #163
Improved some docs too.
2020-09-01 16:10:26 +02:00
Nicola Murino
dbed110d02
WebDAV: add caching for authenticated users
...
In this way we get a big performance boost
2020-08-31 19:25:17 +02:00
Nicola Murino
56b00addc4
docker: try to improve the docs
...
See #159
2020-08-24 15:46:31 +02:00
Nicola Murino
5208e4a4ca
sftpd: improve truncate
...
quota usage and max allowed write size are now properly updated after a
truncate
2020-08-22 10:12:00 +02:00
Nicola Murino
f41ce6619f
sftpd: add SSH_FXP_FSETSTAT support
...
This change will fix file editing from sshfs, we need this patch
https://github.com/pkg/sftp/pull/373
for pkg/sftp to support this feature
2020-08-20 13:54:36 +02:00
Nicola Murino
8b0a1817b3
add check password hook
...
its main use case is to allow to easily support things like password+OTP for
protocols without keyboard interactive support such as FTP and WebDAV
2020-08-19 19:36:12 +02:00
Nicola Murino
04c9a5c008
add some examples hooks for one time password logins
...
The examples use Twillo Authy since I use it for my GitHub account.
You can easily use other multi factor authentication software in a
similar way.
2020-08-18 21:21:01 +02:00
Nicola Murino
bbc8c091e6
portable mode: add WebDAV support
2020-08-17 14:08:08 +02:00
Nicola Murino
f3228713bc
Allow individual protocols to be enabled per user
...
Fixes #154
2020-08-17 12:49:20 +02:00
Nicola Murino
fa5333784b
add a maximum allowed size for a single upload
2020-08-16 20:17:02 +02:00
Nicola Murino
0dbf0cc81f
WebDAV: add CORS support
2020-08-15 15:55:20 +02:00
Nicola Murino
196a56726e
FTP improvements
...
- add a setting to require TLS
- add symlink support
require TLS 1.2 for all TLS connections
2020-08-15 13:02:25 +02:00
Nicola Murino
fe857dcb1b
CI: use go 1.15 by default now that it is released
2020-08-12 16:42:38 +02:00
Nicola Murino
aa0ed5dbd0
add post-login hook
...
a login scope is supported too so you can get notifications for failed logins,
successful logins or both
2020-08-12 16:15:12 +02:00
Nicola Murino
a9e21c282a
add WebDAV support
...
Fixes #147
2020-08-11 23:56:10 +02:00
Nicola Murino
91dcc349de
Add client IP address to external auth, pre-login and keyboard interactive hooks
2020-08-04 18:03:28 +02:00
Nicola Murino
22338ed478
add post connect hook
...
Fixes #144
2020-07-30 22:33:49 +02:00
Nicola Murino
93ce96d011
add support for the venerable FTP protocol
...
Fixes #46
2020-07-29 21:56:56 +02:00
Nicola Murino
4e41a5583d
refactoring: add common package
...
The common package defines the interfaces that a protocol must implement
and contain code that can be shared among supported protocols.
This way should be easier to support new protocols
2020-07-24 23:39:38 +02:00
Nicola Murino
3702bc8413
several doc fixes
2020-07-11 13:03:15 +02:00
Nicola Murino
1e10381143
improve help strings formatting
...
Fixes #139
2020-07-09 18:58:22 +02:00
Nicola Murino
96cbce52f9
cmd: add shell completion and man pages generators
2020-07-08 23:21:33 +02:00
Nicola Murino
790c11c453
back to development
2020-07-07 19:40:22 +02:00
Nicola Murino
cf541d62ea
recursive permissions check before renaming/copying directories
2020-06-26 23:38:29 +02:00
Nicola Murino
0056984d4b
Allow to rotate logs on demand
...
Log file can be rotated sending a SIGUSR1 signal on Unix based systems and
using "sftpgo service rotatelogs" on Windows
Fixes #133
2020-06-22 19:11:53 +02:00
Nicola Murino
23a80b01b6
add build tag to disable metrics
2020-06-19 17:08:51 +02:00
Nicola Murino
b30614e9d8
httpd: make the built-in web interface optional
...
The built-in web admin will be disabled if both "templates_path" and
"static_files_path" are empty
Fixes #131
2020-06-18 23:53:38 +02:00
Nicola Murino
e86089a9f3
quota: improve size check
...
get the remaining allowed size when an upload starts and check it against the
uploaded bytes
Fixes #128
2020-06-18 22:38:03 +02:00
Nicola Murino
c491133aff
docs: fix markdown lint warnings
2020-06-15 23:46:11 +02:00
Nicola Murino
37418a7630
SSH system commands: allow git and rsync inside virtual folders
2020-06-15 23:32:12 +02:00
Nicola Murino
73a9c002e0
permissions: improve rename
...
Allow to enable rename permission in a more controlled way granting "delete"
permission on source directory and "upload" permission on target directory
2020-06-13 23:49:28 +02:00
Nicola Murino
3d48fa7382
ssh commands: add sftpgo-copy and sftpgo-remove
...
Fixes #122
2020-06-13 22:48:51 +02:00
Nicola Murino
8e22dd1b13
virtual folders: allow overlapped mapped paths if quota is disabled
...
See #95
2020-06-10 09:11:32 +02:00
Nicola Murino
cd380973df
allows host keys auto generation inside a user configured directory
...
Fixes #124
2020-06-08 18:45:04 +02:00
Nicola Murino
c231b663a3
add docs for virtual folders
...
fix test cases on macOS
2020-06-08 00:15:14 +02:00
Nicola Murino
8306b6bde6
refactor virtual folders
...
The same virtual folder can now be shared among users and different
folder quota limits for each user are supported.
Fixes #120
2020-06-07 23:30:18 +02:00
Nicola Murino
dc011af90d
sftpd actions: add support for pre-delete action
...
Fixes #121
2020-05-24 23:31:14 +02:00
Nicola Murino
c27e3ef436
actions: add a generic hook to define external commands and HTTP URL
...
We can only define a single hook now and it can be an HTTP notification
or an external command, not both
2020-05-24 15:29:39 +02:00
Nicola Murino
5665e9c0e7
improve some docs
2020-05-23 12:47:44 +02:00
Nicola Murino
ad53429cf1
add support for build tag to allow to disable some features
...
The following build tags are available:
- "nogcs", disable Google Cloud Storage backend
- "nos3", disable S3 Compabible Object Storage backends
- "nobolt", disable Bolt data provider
- "nomysql", disable MySQL data provider
- "nopgsql", disable PostgreSQL data provider
- "nosqlite", disable SQLite data provider
- "noportable", disable portable mode
2020-05-23 11:58:05 +02:00
Nicola Murino
a08dd85efd
sftpd: deprecate keys and add a new host_keys config param
...
host_key defines the private host keys as plain list of strings.
Remove the other deprecated config params from the default config too.
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2020-05-16 23:26:44 +02:00
Nicola Murino
7ae8b2cdeb
move REST API CLI in examples directory
...
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2020-05-16 14:02:46 +02:00
Nicola Murino
738c7ab43e
sftpd: add support for SSH user certificate authentication
...
This add support for PROTOCOL.certkeys vendor extension:
https://cvsweb.openbsd.org/src/usr.bin/ssh/PROTOCOL.certkeys?rev=1.8
Fixes #117
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2020-05-15 20:08:53 +02:00
Nicola Murino
f369fdf6f2
httpclient: add a configuration parameter to skip TLS certificate validation
...
In this mode, TLS is susceptible to man-in-the-middle attacks.
This should be used only for testing.
2020-05-03 11:37:50 +02:00
Nicola Murino
b006c5f914
NewOsFs: return an interface and not a pointer
2020-05-02 15:01:56 +02:00
Nicola Murino
3f75d46a16
sftpd: add support for excluding virtual folders from user quota limit
...
Fixes #110
2020-05-01 15:27:53 +02:00
Sam Millar
67c6f27064
Tiny documentation typo fix
2020-04-29 16:13:33 +02:00
Enes Çakır
baac3749b3
add verbose flag for portable mode
2020-04-28 17:03:14 +02:00
Nicola Murino
d377181b25
add a new configuration section for HTTP clients
...
HTTP clients are used for executing hooks such as the ones used for custom
actions, external authentication and pre-login user modifications.
This allows, for example, to use self-signed certificate without defeating the
purpose of using TLS
2020-04-26 23:29:09 +02:00
Nicola Murino
ebd6a11f3a
external auth: add example HTTP server to use as authentication hook
...
The server authenticate against an LDAP server.
2020-04-26 14:48:32 +02:00
Mengsk
9248c5a987
Update performance.md
2020-04-13 21:20:53 +02:00
Nicola Murino
b0ed190591
add an example auth program that allow to authenticate against LDAP
...
External authentication is the way to go to authenticate against LDAP,
at least for now.
Closes #99
2020-04-11 22:30:41 +02:00
Nicola Murino
37357b2d63
add support for checking pbkdf2 passwords with base64 encoded salt
...
This way we can import the default passwords format used in 389ds.
See TestPasswordsHashPbkdf2Sha256_389DS test case to learn how to convert
389ds passwords
2020-04-11 12:25:21 +02:00
Nicola Murino
b1c7317cf6
add support for partial authentication
...
Multi-step authentication is activated disabling all single-step
auth methods for a given user
2020-04-09 23:32:42 +02:00
Nicola Murino
94b46e57f1
sftpd actions: execute defined command on error too
...
add a new field inside the notification to indicate if an error is
detected
2020-04-03 19:25:38 +02:00
Nicola Murino
9046acbe68
add HTTP hooks
...
external auth, pre-login user modification and keyboard interactive
authentication is now supported via HTTP requests too
2020-04-01 23:25:23 +02:00
Nicola Murino
0a9c4914aa
pre-login program: allow to create a new user too
...
clarify the difference between dynamic user creation/update and external
authentication
2020-03-27 23:26:22 +01:00
Nicola Murino
f284008fb5
enable scp in default configuration
...
remove the deprecated enable_scp setting
2020-03-26 23:38:24 +01:00
Nicola Murino
4759254e10
file actions: add bucket and endpoint to notifications
...
The HTTP notifications are now invoked as POST and the notification is
a JSON inside the POST body.
This is a backward incompatible change but this way the actions can be
extended more easily, sorry for the trouble
Fixes #101
2020-03-25 18:36:33 +01:00
Nicola Murino
e22d377203
docs: clarify "ca-certificates" requirement
...
Fixes #98
2020-03-22 20:17:36 +01:00
Nicola Murino
c1194d558c
docs: minor improvements
2020-03-22 14:03:06 +01:00
Nicola Murino
76bb361393
docs: add built-in profiler
2020-03-15 23:33:12 +01:00
Nicola Murino
f4e872c782
portable mode: add flags for s3 upload part size and concurrency
2020-03-15 11:40:06 +01:00
Nicola Murino
1770da545d
s3: upload concurrency is now configurable
...
Please note that if the upload bandwidth between the SFTP client and
SFTPGo is greater than the upload bandwidth between SFTPGo and S3 then
the SFTP client have to wait for the upload of the last parts to S3
after it ends the file upload to SFTPGo, and it may time out.
Keep this in mind if you customize parts size and upload concurrency
2020-03-13 19:13:58 +01:00
Nicola Murino
de3e69f846
s3: add documentation and test cases for upload part size
2020-03-13 17:28:55 +01:00
Nicola Murino
4fe51f7cce
set version to 0.9.6
2020-03-07 13:36:46 +01:00
HiFiPhile
7221bf9b25
Add performance summary
...
Pull request #92
2020-03-06 22:48:55 +01:00
Nicola Murino
61f20f5449
Linux: add basic instructions to run SFTPGo as service
2020-03-06 09:24:55 +01:00
Nicola Murino
5dafbb54de
macOS: add basic instructions to run SFTPGo as service
2020-03-05 23:26:47 +01:00
Nicola Murino
ec8ab28a22
portable mode: add support for file extensions filters
2020-03-05 15:37:10 +01:00
Nicola Murino
9b119765fc
docs: minor improvements
2020-03-04 23:51:16 +01:00
Jo Vandeginste
df02496145
Refactor docs
2020-03-04 23:10:58 +01:00