common

package
v2.0.0-...-83f77b2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 3, 2022 License: AGPL-3.0 Imports: 49 Imported by: 0

Documentation

Overview

Package common defines code shared among file transfer packages and protocols

Index

Constants

View Source 
const (

	// Pre-download action name
	OperationPreDownload = "pre-download"
	// Pre-upload action name
	OperationPreUpload = "pre-upload"

	// SSH command action name
	OperationSSHCmd = "ssh_cmd"
)

constants

View Source 
const (
	StatAttrUIDGID = 1
	StatAttrPerms  = 2
	StatAttrTimes  = 4
	StatAttrSize   = 8
)

Stat flags

View Source 
const (
	TransferUpload = iota
	TransferDownload
)

Transfer types

View Source 
const (
	ProtocolSFTP          = "SFTP"
	ProtocolSCP           = "SCP"
	ProtocolSSH           = "SSH"
	ProtocolFTP           = "FTP"
	ProtocolWebDAV        = "DAV"
	ProtocolHTTP          = "HTTP"
	ProtocolHTTPShare     = "HTTPShare"
	ProtocolDataRetention = "DataRetention"
	ProtocolOIDC          = "OIDC"
)

Supported protocols

View Source 
const (
	UploadModeStandard = iota
	UploadModeAtomic
	UploadModeAtomicWithResume
)

Upload modes

View Source 
const (
	// notify results using the defined "data_retention_hook"
	RetentionCheckNotificationHook = "Hook"
	// notify results by email
	RetentionCheckNotificationEmail = "Email"
)

Supported notification methods

View Source 
const (
	DefenderDriverMemory   = "memory"
	DefenderDriverProvider = "provider"
)

Supported defender drivers

View Source 
const (
	// DefaultTLSKeyPaidID defines the id to use for non-binding specific key pairs
	DefaultTLSKeyPaidID = "default"
)
View Source 
const (
	// HTTPAuthenticationHeader defines the HTTP authentication
	HTTPAuthenticationHeader = "WWW-Authenticate"
)

Variables

View Source 
var (
	ErrPermissionDenied  = errors.New("permission denied")
	ErrNotExist          = errors.New("no such file or directory")
	ErrOpUnsupported     = errors.New("operation unsupported")
	ErrGenericFailure    = errors.New("failure")
	ErrQuotaExceeded     = errors.New("denying write due to space limit")
	ErrReadQuotaExceeded = errors.New("denying read due to quota limit")
	ErrConnectionDenied  = errors.New("you are not allowed to connect")
	ErrNoBinding         = errors.New("no binding configured")
	ErrCrtRevoked        = errors.New("your certificate has been revoked")
	ErrNoCredentials     = errors.New("no credential provided")
	ErrInternalFailure   = errors.New("internal failure")
	ErrTransferAborted   = errors.New("transfer aborted")
	ErrShuttingDown      = errors.New("the service is shutting down")
)

errors definitions

View Source 
var (
	// Config is the configuration for the supported protocols
	Config Configuration
	// Connections is the list of active connections
	Connections ActiveConnections
	// QuotaScans is the list of active quota scans
	QuotaScans ActiveScans
	// ActiveMetadataChecks holds the active metadata checks
	ActiveMetadataChecks MetadataChecks
)
View Source 
var (
	// ErrTransferClosed defines the error returned for a closed transfer
	ErrTransferClosed = errors.New("transfer already closed")
)

Functions

func AddDefenderEvent 

func AddDefenderEvent(ip string, event HostEvent)

AddDefenderEvent adds the specified defender event for the given IP

func CheckClosing 

func CheckClosing() error

CheckClosing returns an error if the service is closing

func DeleteDefenderHost 

func DeleteDefenderHost(ip string) bool

DeleteDefenderHost removes the specified IP address from the defender lists

func ExecuteActionNotification 

func ExecuteActionNotification(conn *BaseConnection, operation, filePath, virtualPath, target, virtualTarget, sshCmd string,
	fileSize int64, err error,
) error

ExecuteActionNotification executes the defined hook, if any, for the specified action

func ExecutePreAction 

func ExecutePreAction(conn *BaseConnection, operation, filePath, virtualPath string, fileSize int64, openFlags int) error

ExecutePreAction executes a pre-* action and returns the result

func GetDefenderBanTime 

func GetDefenderBanTime(ip string) (*time.Time, error)

GetDefenderBanTime returns the ban time for the given IP or nil if the IP is not banned or the defender is disabled

func GetDefenderHost 

func GetDefenderHost(ip string) (dataprovider.DefenderEntry, error)

GetDefenderHost returns a defender host by ip, if any

func GetDefenderHosts 

func GetDefenderHosts() ([]dataprovider.DefenderEntry, error)

GetDefenderHosts returns hosts that are banned or for which some violations have been detected

func GetDefenderScore 

func GetDefenderScore(ip string) (int, error)

GetDefenderScore returns the score for the given IP

func HandleCertificateEvent 

func HandleCertificateEvent(params EventParams)

HandleCertificateEvent checks and executes action rules for certificate events

func Initialize 

func Initialize(c Configuration, isShared int) error

Initialize sets the common configuration

func InitializeActionHandler 

func InitializeActionHandler(handler ActionHandler)

InitializeActionHandler lets the user choose an action handler implementation.

Do NOT call this function after application initialization.

func IsBanned 

func IsBanned(ip string) bool

IsBanned returns true if the specified IP address is banned

func LimitRate 

func LimitRate(protocol, ip string) (time.Duration, error)

LimitRate blocks until all the configured rate limiters allow one event to happen. It returns an error if the time to wait exceeds the max allowed delay

func Reload 

func Reload() error

Reload reloads the whitelist, the IP filter plugin and the defender's block and safe lists

func WaitForTransfers 

func WaitForTransfers(graceTime int)

WaitForTransfers waits, for the specified grace time, for currently ongoing client-initiated transfer sessions to completes. A zero graceTime means no wait

Types

type ActionHandler 

type ActionHandler interface {
	Handle(notification *notifier.FsEvent) error
}

ActionHandler handles a notification for a Protocol Action.

type ActiveConnection 

type ActiveConnection interface {
	GetID() string
	GetUsername() string
	GetRole() string
	GetMaxSessions() int
	GetLocalAddress() string
	GetRemoteAddress() string
	GetClientVersion() string
	GetProtocol() string
	GetConnectionTime() time.Time
	GetLastActivity() time.Time
	GetCommand() string
	Disconnect() error
	AddTransfer(t ActiveTransfer)
	RemoveTransfer(t ActiveTransfer)
	GetTransfers() []ConnectionTransfer
	SignalTransferClose(transferID int64, err error)
	CloseFS() error
}

ActiveConnection defines the interface for the current active connections

type ActiveConnections 

type ActiveConnections struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

ActiveConnections holds the currect active connections with the associated transfers

func (*ActiveConnections) Add 

func (conns *ActiveConnections) Add(c ActiveConnection) error

Add adds a new connection to the active ones

func (*ActiveConnections) AddClientConnection 

func (conns *ActiveConnections) AddClientConnection(ipAddr string)

AddClientConnection stores a new client connection

func (*ActiveConnections) AddSSHConnection 

func (conns *ActiveConnections) AddSSHConnection(c *SSHConnection)

AddSSHConnection adds a new ssh connection to the active ones

func (*ActiveConnections) Close 

func (conns *ActiveConnections) Close(connectionID, role string) bool

Close closes an active connection. It returns true on success

func (*ActiveConnections) GetActiveSessions 

func (conns *ActiveConnections) GetActiveSessions(username string) int

GetActiveSessions returns the number of active sessions for the given username. We return the open sessions for any protocol

func (*ActiveConnections) GetClientConnections 

func (conns *ActiveConnections) GetClientConnections() int32

GetClientConnections returns the total number of client connections

func (*ActiveConnections) GetStats 

func (conns *ActiveConnections) GetStats(role string) []ConnectionStatus

GetStats returns stats for active connections

func (*ActiveConnections) IsNewConnectionAllowed 

func (conns *ActiveConnections) IsNewConnectionAllowed(ipAddr string) error

IsNewConnectionAllowed returns an error if the maximum number of concurrent allowed connections is exceeded or a whitelist is defined and the specified ipAddr is not listed or the service is shutting down

func (*ActiveConnections) Remove 

func (conns *ActiveConnections) Remove(connectionID string)

Remove removes a connection from the active ones

func (*ActiveConnections) RemoveClientConnection 

func (conns *ActiveConnections) RemoveClientConnection(ipAddr string)

RemoveClientConnection removes a disconnected client from the tracked ones

func (*ActiveConnections) RemoveSSHConnection 

func (conns *ActiveConnections) RemoveSSHConnection(connectionID string)

RemoveSSHConnection removes a connection from the active ones

func (*ActiveConnections) Swap 

func (conns *ActiveConnections) Swap(c ActiveConnection) error

Swap replaces an existing connection with the given one. This method is useful if you have to change some connection details for example for FTP is used to update the connection once the user authenticates

type ActiveQuotaScan 

type ActiveQuotaScan struct {
	// Username to which the quota scan refers
	Username string `json:"username"`
	// quota scan start time as unix timestamp in milliseconds
	StartTime int64  `json:"start_time"`
	Role      string `json:"-"`
}

ActiveQuotaScan defines an active quota scan for a user

type ActiveRetentionChecks 

type ActiveRetentionChecks struct {
	sync.RWMutex
	Checks []RetentionCheck
}

ActiveRetentionChecks holds the active retention checks 

var (
	// RetentionChecks is the list of active retention checks
	RetentionChecks ActiveRetentionChecks
)

func (*ActiveRetentionChecks) Add 

func (c *ActiveRetentionChecks) Add(check RetentionCheck, user *dataprovider.User) *RetentionCheck

Add a new retention check, returns nil if a retention check for the given username is already active. The returned result can be used to start the check

func (*ActiveRetentionChecks) Get 

func (c *ActiveRetentionChecks) Get(role string) []RetentionCheck

Get returns the active retention checks

type ActiveScans 

type ActiveScans struct {
	sync.RWMutex
	UserScans   []ActiveQuotaScan
	FolderScans []ActiveVirtualFolderQuotaScan
}

ActiveScans holds the active quota scans

func (*ActiveScans) AddUserQuotaScan 

func (s *ActiveScans) AddUserQuotaScan(username, role string) bool

AddUserQuotaScan adds a user to the ones with active quota scans. Returns false if the user has a quota scan already running

func (*ActiveScans) AddVFolderQuotaScan 

func (s *ActiveScans) AddVFolderQuotaScan(folderName string) bool

AddVFolderQuotaScan adds a virtual folder to the ones with active quota scans. Returns false if the folder has a quota scan already running

func (*ActiveScans) GetUsersQuotaScans 

func (s *ActiveScans) GetUsersQuotaScans(role string) []ActiveQuotaScan

GetUsersQuotaScans returns the active users quota scans

func (*ActiveScans) GetVFoldersQuotaScans 

func (s *ActiveScans) GetVFoldersQuotaScans() []ActiveVirtualFolderQuotaScan

GetVFoldersQuotaScans returns the active quota scans for virtual folders

func (*ActiveScans) RemoveUserQuotaScan 

func (s *ActiveScans) RemoveUserQuotaScan(username string) bool

RemoveUserQuotaScan removes a user from the ones with active quota scans. Returns false if the user has no active quota scans

func (*ActiveScans) RemoveVFolderQuotaScan 

func (s *ActiveScans) RemoveVFolderQuotaScan(folderName string) bool

RemoveVFolderQuotaScan removes a folder from the ones with active quota scans. Returns false if the folder has no active quota scans

type ActiveTransfer 

type ActiveTransfer interface {
	GetID() int64
	GetType() int
	GetSize() int64
	GetDownloadedSize() int64
	GetUploadedSize() int64
	GetVirtualPath() string
	GetStartTime() time.Time
	SignalClose(err error)
	Truncate(fsPath string, size int64) (int64, error)
	GetRealFsPath(fsPath string) string
	SetTimes(fsPath string, atime time.Time, mtime time.Time) bool
	GetTruncatedSize() int64
	HasSizeLimit() bool
}

ActiveTransfer defines the interface for the current active transfers

type ActiveVirtualFolderQuotaScan 

type ActiveVirtualFolderQuotaScan struct {
	// folder name to which the quota scan refers
	Name string `json:"name"`
	// quota scan start time as unix timestamp in milliseconds
	StartTime int64 `json:"start_time"`
}

ActiveVirtualFolderQuotaScan defines an active quota scan for a virtual folder

type BaseConnection 

type BaseConnection struct {

	// Unique identifier for the connection
	ID string
	// user associated with this connection if any
	User dataprovider.User

	sync.RWMutex
	// contains filtered or unexported fields
}

BaseConnection defines common fields for a connection using any supported protocol

func NewBaseConnection 

func NewBaseConnection(id, protocol, localAddr, remoteAddr string, user dataprovider.User) *BaseConnection

NewBaseConnection returns a new BaseConnection

func (*BaseConnection) AddTransfer 

func (c *BaseConnection) AddTransfer(t ActiveTransfer)

AddTransfer associates a new transfer to this connection

func (*BaseConnection) CheckParentDirs 

func (c *BaseConnection) CheckParentDirs(virtualPath string) error

CheckParentDirs tries to create the specified directory and any missing parent dirs

func (*BaseConnection) CloseFS 

func (c *BaseConnection) CloseFS() error

CloseFS closes the underlying fs

func (*BaseConnection) CreateDir 

func (c *BaseConnection) CreateDir(virtualPath string, checkFilePatterns bool) error

CreateDir creates a new directory at the specified fsPath 

func (c *BaseConnection) CreateSymlink(virtualSourcePath, virtualTargetPath string) error

CreateSymlink creates fsTargetPath as a symbolic link to fsSourcePath

func (*BaseConnection) DoStat 

func (c *BaseConnection) DoStat(virtualPath string, mode int, checkFilePatterns bool) (os.FileInfo, error)

DoStat execute a Stat if mode = 0, Lstat if mode = 1

func (*BaseConnection) GetConnectionTime 

func (c *BaseConnection) GetConnectionTime() time.Time

GetConnectionTime returns the initial connection time

func (*BaseConnection) GetErrorForDeniedFile 

func (c *BaseConnection) GetErrorForDeniedFile(policy int) error

GetErrorForDeniedFile return permission denied or not exist error based on the specified policy

func (*BaseConnection) GetFsAndResolvedPath 

func (c *BaseConnection) GetFsAndResolvedPath(virtualPath string) (vfs.Fs, string, error)

GetFsAndResolvedPath returns the fs and the fs path matching virtualPath

func (*BaseConnection) GetFsError 

func (c *BaseConnection) GetFsError(fs vfs.Fs, err error) error

GetFsError converts a filesystem error to a protocol error

func (*BaseConnection) GetGenericError 

func (c *BaseConnection) GetGenericError(err error) error

GetGenericError returns an appropriate generic error for the connection protocol

func (*BaseConnection) GetID 

func (c *BaseConnection) GetID() string

GetID returns the connection ID

func (*BaseConnection) GetLastActivity 

func (c *BaseConnection) GetLastActivity() time.Time

GetLastActivity returns the last connection activity

func (*BaseConnection) GetMaxSessions 

func (c *BaseConnection) GetMaxSessions() int

GetMaxSessions returns the maximum number of concurrent sessions allowed

func (*BaseConnection) GetMaxWriteSize 

func (c *BaseConnection) GetMaxWriteSize(quotaResult vfs.QuotaCheckResult, isResume bool, fileSize int64,
	isUploadResumeSupported bool,
) (int64, error)

GetMaxWriteSize returns the allowed size for an upload or an error if no enough size is available for a resume/append

func (*BaseConnection) GetNotExistError 

func (c *BaseConnection) GetNotExistError() error

GetNotExistError returns an appropriate not exist error for the connection protocol

func (*BaseConnection) GetOpUnsupportedError 

func (c *BaseConnection) GetOpUnsupportedError() error

GetOpUnsupportedError returns an appropriate operation not supported error for the connection protocol

func (*BaseConnection) GetPermissionDeniedError 

func (c *BaseConnection) GetPermissionDeniedError() error

GetPermissionDeniedError returns an appropriate permission denied error for the connection protocol

func (*BaseConnection) GetProtocol 

func (c *BaseConnection) GetProtocol() string

GetProtocol returns the protocol for the connection

func (*BaseConnection) GetQuotaExceededError 

func (c *BaseConnection) GetQuotaExceededError() error

GetQuotaExceededError returns an appropriate storage limit exceeded error for the connection protocol

func (*BaseConnection) GetReadQuotaExceededError 

func (c *BaseConnection) GetReadQuotaExceededError() error

GetReadQuotaExceededError returns an appropriate read quota limit exceeded error for the connection protocol

func (*BaseConnection) GetRemoteIP 

func (c *BaseConnection) GetRemoteIP() string

GetRemoteIP returns the remote ip address

func (*BaseConnection) GetRole 

func (c *BaseConnection) GetRole() string

GetRole returns the role for the user associated with this connection

func (*BaseConnection) GetTransferID 

func (c *BaseConnection) GetTransferID() int64

GetTransferID returns an unique transfer ID for this connection

func (*BaseConnection) GetTransferQuota 

func (c *BaseConnection) GetTransferQuota() dataprovider.TransferQuota

GetTransferQuota returns the data transfers quota

func (*BaseConnection) GetTransfers 

func (c *BaseConnection) GetTransfers() []ConnectionTransfer

GetTransfers returns the active transfers

func (*BaseConnection) GetUsername 

func (c *BaseConnection) GetUsername() string

GetUsername returns the authenticated username associated with this connection if any

func (*BaseConnection) HasSpace 

func (c *BaseConnection) HasSpace(checkFiles, getUsage bool, requestPath string) (vfs.QuotaCheckResult,
	dataprovider.TransferQuota,
)

HasSpace checks user's quota usage

func (*BaseConnection) IsNotExistError 

func (c *BaseConnection) IsNotExistError(err error) bool

IsNotExistError returns true if the specified fs error is not exist for the connection protocol

func (*BaseConnection) IsQuotaExceededError 

func (c *BaseConnection) IsQuotaExceededError(err error) bool

IsQuotaExceededError returns true if the given error is a quota exceeded error

func (*BaseConnection) IsRemoveDirAllowed 

func (c *BaseConnection) IsRemoveDirAllowed(fs vfs.Fs, fsPath, virtualPath string) error

IsRemoveDirAllowed returns an error if removing this directory is not allowed

func (*BaseConnection) IsRemoveFileAllowed 

func (c *BaseConnection) IsRemoveFileAllowed(virtualPath string) error

IsRemoveFileAllowed returns an error if removing this file is not allowed

func (*BaseConnection) ListDir 

func (c *BaseConnection) ListDir(virtualPath string) ([]os.FileInfo, error)

ListDir reads the directory matching virtualPath and returns a list of directory entries

func (*BaseConnection) Log 

func (c *BaseConnection) Log(level logger.LogLevel, format string, v ...any)

Log outputs a log entry to the configured logger

func (*BaseConnection) RemoveAll 

func (c *BaseConnection) RemoveAll(virtualPath string) error

RemoveAll removes the specified path and any children it contains

func (*BaseConnection) RemoveDir 

func (c *BaseConnection) RemoveDir(virtualPath string) error

RemoveDir removes a directory at the specified fsPath

func (*BaseConnection) RemoveFile 

func (c *BaseConnection) RemoveFile(fs vfs.Fs, fsPath, virtualPath string, info os.FileInfo) error

RemoveFile removes a file at the specified fsPath

func (*BaseConnection) RemoveTransfer 

func (c *BaseConnection) RemoveTransfer(t ActiveTransfer)

RemoveTransfer removes the specified transfer from the active ones

func (*BaseConnection) Rename 

func (c *BaseConnection) Rename(virtualSourcePath, virtualTargetPath string) error

Rename renames (moves) virtualSourcePath to virtualTargetPath

func (*BaseConnection) SetProtocol 

func (c *BaseConnection) SetProtocol(protocol string)

SetProtocol sets the protocol for this connection

func (*BaseConnection) SetStat 

func (c *BaseConnection) SetStat(virtualPath string, attributes *StatAttributes) error

SetStat set StatAttributes for the specified fsPath

func (*BaseConnection) SignalTransferClose 

func (c *BaseConnection) SignalTransferClose(transferID int64, err error)

SignalTransferClose makes the transfer fail on the next read/write with the specified error

func (*BaseConnection) SignalTransfersAbort 

func (c *BaseConnection) SignalTransfersAbort() error

SignalTransfersAbort signals to the active transfers to exit as soon as possible

func (*BaseConnection) UpdateLastActivity 

func (c *BaseConnection) UpdateLastActivity()

UpdateLastActivity updates last activity for this connection

type BaseTransfer 

type BaseTransfer struct {
	ID            int64
	BytesSent     atomic.Int64
	BytesReceived atomic.Int64
	Fs            vfs.Fs
	File          vfs.File
	Connection    *BaseConnection

	MaxWriteSize   int64
	MinWriteOffset int64
	InitialSize    int64

	AbortTransfer atomic.Bool

	sync.Mutex

	ErrTransfer error
	// contains filtered or unexported fields
}

BaseTransfer contains protocols common transfer details for an upload or a download.

func NewBaseTransfer 

func NewBaseTransfer(file vfs.File, conn *BaseConnection, cancelFn func(), fsPath, effectiveFsPath, requestPath string,
	transferType int, minWriteOffset, initialSize, maxWriteSize, truncatedSize int64, isNewFile bool, fs vfs.Fs,
	transferQuota dataprovider.TransferQuota,
) *BaseTransfer

NewBaseTransfer returns a new BaseTransfer and adds it to the given connection

func (*BaseTransfer) CheckRead 

func (t *BaseTransfer) CheckRead() error

CheckRead returns an error if read if not allowed

func (*BaseTransfer) CheckWrite 

func (t *BaseTransfer) CheckWrite() error

CheckWrite returns an error if write if not allowed

func (*BaseTransfer) Close 

func (t *BaseTransfer) Close() error

Close it is called when the transfer is completed. It logs the transfer info, updates the user quota (for uploads) and executes any defined action. If there is an error no action will be executed and, in atomic mode, we try to delete the temporary file

func (*BaseTransfer) GetAbortError 

func (t *BaseTransfer) GetAbortError() error

GetAbortError returns the error to send to the client if the transfer was aborted

func (*BaseTransfer) GetDownloadedSize 

func (t *BaseTransfer) GetDownloadedSize() int64

GetDownloadedSize returns the transferred size

func (*BaseTransfer) GetFsPath 

func (t *BaseTransfer) GetFsPath() string

GetFsPath returns the transfer filesystem path

func (*BaseTransfer) GetID 

func (t *BaseTransfer) GetID() int64

GetID returns the transfer ID

func (*BaseTransfer) GetRealFsPath 

func (t *BaseTransfer) GetRealFsPath(fsPath string) string

GetRealFsPath returns the real transfer filesystem path. If atomic uploads are enabled this differ from fsPath

func (*BaseTransfer) GetSize 

func (t *BaseTransfer) GetSize() int64

GetSize returns the transferred size

func (*BaseTransfer) GetStartTime 

func (t *BaseTransfer) GetStartTime() time.Time

GetStartTime returns the start time

func (*BaseTransfer) GetTransferQuota 

func (t *BaseTransfer) GetTransferQuota() dataprovider.TransferQuota

GetTransferQuota returns data transfer quota limits

func (*BaseTransfer) GetTruncatedSize 

func (t *BaseTransfer) GetTruncatedSize() int64

GetTruncatedSize returns the truncated sized if this is an upload overwriting an existing file

func (*BaseTransfer) GetType 

func (t *BaseTransfer) GetType() int

GetType returns the transfer type

func (*BaseTransfer) GetUploadedSize 

func (t *BaseTransfer) GetUploadedSize() int64

GetUploadedSize returns the transferred size

func (*BaseTransfer) GetVirtualPath 

func (t *BaseTransfer) GetVirtualPath() string

GetVirtualPath returns the transfer virtual path

func (*BaseTransfer) HandleThrottle 

func (t *BaseTransfer) HandleThrottle()

HandleThrottle manage bandwidth throttling

func (*BaseTransfer) HasSizeLimit 

func (t *BaseTransfer) HasSizeLimit() bool

HasSizeLimit returns true if there is an upload or download size limit

func (*BaseTransfer) SetCancelFn 

func (t *BaseTransfer) SetCancelFn(cancelFn func())

SetCancelFn sets the cancel function for the transfer

func (*BaseTransfer) SetFtpMode 

func (t *BaseTransfer) SetFtpMode(mode string)

SetFtpMode sets the FTP mode for the current transfer

func (*BaseTransfer) SetTimes 

func (t *BaseTransfer) SetTimes(fsPath string, atime time.Time, mtime time.Time) bool

SetTimes stores access and modification times if fsPath matches the current file

func (*BaseTransfer) SignalClose 

func (t *BaseTransfer) SignalClose(err error)

SignalClose signals that the transfer should be closed after the next read/write. The optional error argument allow to send a specific error, otherwise a generic transfer aborted error is sent

func (*BaseTransfer) TransferError 

func (t *BaseTransfer) TransferError(err error)

TransferError is called if there is an unexpected error. For example network or client issues

func (*BaseTransfer) Truncate 

func (t *BaseTransfer) Truncate(fsPath string, size int64) (int64, error)

Truncate changes the size of the opened file. Supported for local fs only

type CertManager 

type CertManager struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

CertManager defines a TLS certificate manager

func NewCertManager 

func NewCertManager(keyPairs []TLSKeyPair, configDir, logSender string) (*CertManager, error)

NewCertManager creates a new certificate manager

func (*CertManager) GetCertificateFunc 

func (m *CertManager) GetCertificateFunc(certID string) func(*tls.ClientHelloInfo) (*tls.Certificate, error)

GetCertificateFunc returns the loaded certificate

func (*CertManager) GetRootCAs 

func (m *CertManager) GetRootCAs() *x509.CertPool

GetRootCAs returns the set of root certificate authorities that servers use if required to verify a client certificate

func (*CertManager) IsRevoked 

func (m *CertManager) IsRevoked(crt *x509.Certificate, caCrt *x509.Certificate) bool

IsRevoked returns true if the specified certificate has been revoked

func (*CertManager) LoadCRLs 

func (m *CertManager) LoadCRLs() error

LoadCRLs tries to load certificate revocation lists from the given paths

func (*CertManager) LoadRootCAs 

func (m *CertManager) LoadRootCAs() error

LoadRootCAs tries to load root CA certificate authorities from the given paths

func (*CertManager) Reload 

func (m *CertManager) Reload() error

Reload tries to reload certificate and CRLs

func (*CertManager) SetCACertificates 

func (m *CertManager) SetCACertificates(caCertificates []string)

SetCACertificates sets the root CA authorities file paths. This should not be changed at runtime

func (*CertManager) SetCARevocationLists 

func (m *CertManager) SetCARevocationLists(caRevocationLists []string)

SetCARevocationLists sets the CA revocation lists file paths. This should not be changed at runtime

type Configuration 

type Configuration struct {
	// Maximum idle timeout as minutes. If a client is idle for a time that exceeds this setting it will be disconnected.
	// 0 means disabled
	IdleTimeout int `json:"idle_timeout" mapstructure:"idle_timeout"`
	// UploadMode 0 means standard, the files are uploaded directly to the requested path.
	// 1 means atomic: the files are uploaded to a temporary path and renamed to the requested path
	// when the client ends the upload. Atomic mode avoid problems such as a web server that
	// serves partial files when the files are being uploaded.
	// In atomic mode if there is an upload error the temporary file is deleted and so the requested
	// upload path will not contain a partial file.
	// 2 means atomic with resume support: as atomic but if there is an upload error the temporary
	// file is renamed to the requested path and not deleted, this way a client can reconnect and resume
	// the upload.
	UploadMode int `json:"upload_mode" mapstructure:"upload_mode"`
	// Actions to execute for SFTP file operations and SSH commands
	Actions ProtocolActions `json:"actions" mapstructure:"actions"`
	// SetstatMode 0 means "normal mode": requests for changing permissions and owner/group are executed.
	// 1 means "ignore mode": requests for changing permissions and owner/group are silently ignored.
	// 2 means "ignore mode for cloud fs": requests for changing permissions and owner/group are
	// silently ignored for cloud based filesystem such as S3, GCS, Azure Blob. Requests  for changing
	// modification times are ignored for cloud based filesystem if they are not supported.
	SetstatMode int `json:"setstat_mode" mapstructure:"setstat_mode"`
	// TempPath defines the path for temporary files such as those used for atomic uploads or file pipes.
	// If you set this option you must make sure that the defined path exists, is accessible for writing
	// by the user running SFTPGo, and is on the same filesystem as the users home directories otherwise
	// the renaming for atomic uploads will become a copy and therefore may take a long time.
	// The temporary files are not namespaced. The default is generally fine. Leave empty for the default.
	TempPath string `json:"temp_path" mapstructure:"temp_path"`
	// Support for HAProxy PROXY protocol.
	// If you are running SFTPGo behind a proxy server such as HAProxy, AWS ELB or NGNIX, you can enable
	// the proxy protocol. It provides a convenient way to safely transport connection information
	// such as a client's address across multiple layers of NAT or TCP proxies to get the real
	// client IP address instead of the proxy IP. Both protocol versions 1 and 2 are supported.
	// - 0 means disabled
	// - 1 means proxy protocol enabled. Proxy header will be used and requests without proxy header will be accepted.
	// - 2 means proxy protocol required. Proxy header will be used and requests without proxy header will be rejected.
	// If the proxy protocol is enabled in SFTPGo then you have to enable the protocol in your proxy configuration too,
	// for example for HAProxy add "send-proxy" or "send-proxy-v2" to each server configuration line.
	ProxyProtocol int `json:"proxy_protocol" mapstructure:"proxy_protocol"`
	// List of IP addresses and IP ranges allowed to send the proxy header.
	// If proxy protocol is set to 1 and we receive a proxy header from an IP that is not in the list then the
	// connection will be accepted and the header will be ignored.
	// If proxy protocol is set to 2 and we receive a proxy header from an IP that is not in the list then the
	// connection will be rejected.
	ProxyAllowed []string `json:"proxy_allowed" mapstructure:"proxy_allowed"`
	// Absolute path to an external program or an HTTP URL to invoke as soon as SFTPGo starts.
	// If you define an HTTP URL it will be invoked using a `GET` request.
	// Please note that SFTPGo services may not yet be available when this hook is run.
	// Leave empty do disable.
	StartupHook string `json:"startup_hook" mapstructure:"startup_hook"`
	// Absolute path to an external program or an HTTP URL to invoke after a user connects
	// and before he tries to login. It allows you to reject the connection based on the source
	// ip address. Leave empty do disable.
	PostConnectHook string `json:"post_connect_hook" mapstructure:"post_connect_hook"`
	// Absolute path to an external program or an HTTP URL to invoke after an SSH/FTP connection ends.
	// Leave empty do disable.
	PostDisconnectHook string `json:"post_disconnect_hook" mapstructure:"post_disconnect_hook"`
	// Absolute path to an external program or an HTTP URL to invoke after a data retention check completes.
	// Leave empty do disable.
	DataRetentionHook string `json:"data_retention_hook" mapstructure:"data_retention_hook"`
	// Maximum number of concurrent client connections. 0 means unlimited
	MaxTotalConnections int `json:"max_total_connections" mapstructure:"max_total_connections"`
	// Maximum number of concurrent client connections from the same host (IP). 0 means unlimited
	MaxPerHostConnections int `json:"max_per_host_connections" mapstructure:"max_per_host_connections"`
	// Path to a file containing a list of IP addresses and/or networks to allow.
	// Only the listed IPs/networks can access the configured services, all other client connections
	// will be dropped before they even try to authenticate.
	WhiteListFile string `json:"whitelist_file" mapstructure:"whitelist_file"`
	// Allow users on this instance to use other users/virtual folders on this instance as storage backend.
	// Enable this setting if you know what you are doing.
	AllowSelfConnections int `json:"allow_self_connections" mapstructure:"allow_self_connections"`
	// Defender configuration
	DefenderConfig DefenderConfig `json:"defender" mapstructure:"defender"`
	// Rate limiter configurations
	RateLimitersConfig []RateLimiterConfig `json:"rate_limiters" mapstructure:"rate_limiters"`
	// contains filtered or unexported fields
}

Configuration defines configuration parameters common to all supported protocols

func (*Configuration) ExecutePostConnectHook 

func (c *Configuration) ExecutePostConnectHook(ipAddr, protocol string) error

ExecutePostConnectHook executes the post connect hook if defined

func (*Configuration) ExecuteStartupHook 

func (c *Configuration) ExecuteStartupHook() error

ExecuteStartupHook runs the startup hook if defined

func (*Configuration) GetProxyListener 

func (c *Configuration) GetProxyListener(listener net.Listener) (*proxyproto.Listener, error)

GetProxyListener returns a wrapper for the given listener that supports the HAProxy Proxy Protocol

func (*Configuration) IsAtomicUploadEnabled 

func (c *Configuration) IsAtomicUploadEnabled() bool

IsAtomicUploadEnabled returns true if atomic upload is enabled

type ConnectionStatus 

type ConnectionStatus struct {
	// Logged in username
	Username string `json:"username"`
	// Unique identifier for the connection
	ConnectionID string `json:"connection_id"`
	// client's version string
	ClientVersion string `json:"client_version,omitempty"`
	// Remote address for this connection
	RemoteAddress string `json:"remote_address"`
	// Connection time as unix timestamp in milliseconds
	ConnectionTime int64 `json:"connection_time"`
	// Last activity as unix timestamp in milliseconds
	LastActivity int64 `json:"last_activity"`
	// Protocol for this connection
	Protocol string `json:"protocol"`
	// active uploads/downloads
	Transfers []ConnectionTransfer `json:"active_transfers,omitempty"`
	// SSH command or WebDAV method
	Command string `json:"command,omitempty"`
	// Node identifier, omitted for single node installations
	Node string `json:"node,omitempty"`
}

ConnectionStatus returns the status for an active connection

func (*ConnectionStatus) GetConnectionDuration 

func (c *ConnectionStatus) GetConnectionDuration() string

GetConnectionDuration returns the connection duration as string

func (*ConnectionStatus) GetConnectionInfo 

func (c *ConnectionStatus) GetConnectionInfo() string

GetConnectionInfo returns connection info. Protocol,Client Version and RemoteAddress are returned.

func (*ConnectionStatus) GetTransfersAsString 

func (c *ConnectionStatus) GetTransfersAsString() string

GetTransfersAsString returns the active transfers as string

type ConnectionTransfer 

type ConnectionTransfer struct {
	ID            int64  `json:"-"`
	OperationType string `json:"operation_type"`
	StartTime     int64  `json:"start_time"`
	Size          int64  `json:"size"`
	VirtualPath   string `json:"path"`
	HasSizeLimit  bool   `json:"-"`
	ULSize        int64  `json:"-"`
	DLSize        int64  `json:"-"`
}

ConnectionTransfer defines the trasfer details to expose

type Defender 

type Defender interface {
	GetHosts() ([]dataprovider.DefenderEntry, error)
	GetHost(ip string) (dataprovider.DefenderEntry, error)
	AddEvent(ip string, event HostEvent)
	IsBanned(ip string) bool
	GetBanTime(ip string) (*time.Time, error)
	GetScore(ip string) (int, error)
	DeleteHost(ip string) bool
	Reload() error
}

Defender defines the interface that a defender must implements

type DefenderConfig 

type DefenderConfig struct {
	// Set to true to enable the defender
	Enabled bool `json:"enabled" mapstructure:"enabled"`
	// Defender implementation to use, we support "memory" and "provider".
	// Using "provider" as driver you can share the defender events among
	// multiple SFTPGo instances. For a single instance "memory" provider will
	// be much faster
	Driver string `json:"driver" mapstructure:"driver"`
	// BanTime is the number of minutes that a host is banned
	BanTime int `json:"ban_time" mapstructure:"ban_time"`
	// Percentage increase of the ban time if a banned host tries to connect again
	BanTimeIncrement int `json:"ban_time_increment" mapstructure:"ban_time_increment"`
	// Threshold value for banning a client
	Threshold int `json:"threshold" mapstructure:"threshold"`
	// Score for invalid login attempts, eg. non-existent user accounts or
	// client disconnected for inactivity without authentication attempts
	ScoreInvalid int `json:"score_invalid" mapstructure:"score_invalid"`
	// Score for valid login attempts, eg. user accounts that exist
	ScoreValid int `json:"score_valid" mapstructure:"score_valid"`
	// Score for limit exceeded events, generated from the rate limiters or for max connections
	// per-host exceeded
	ScoreLimitExceeded int `json:"score_limit_exceeded" mapstructure:"score_limit_exceeded"`
	// Defines the time window, in minutes, for tracking client errors.
	// A host is banned if it has exceeded the defined threshold during
	// the last observation time minutes
	ObservationTime int `json:"observation_time" mapstructure:"observation_time"`
	// The number of banned IPs and host scores kept in memory will vary between the
	// soft and hard limit for the "memory" driver. For the "provider" driver the
	// soft limit is ignored and the hard limit is used to limit the number of entries
	// to return when you request for the entire host list from the defender
	EntriesSoftLimit int `json:"entries_soft_limit" mapstructure:"entries_soft_limit"`
	EntriesHardLimit int `json:"entries_hard_limit" mapstructure:"entries_hard_limit"`
	// Path to a file containing a list of IP addresses and/or networks to never ban
	SafeListFile string `json:"safelist_file" mapstructure:"safelist_file"`
	// Path to a file containing a list of IP addresses and/or networks to always ban
	BlockListFile string `json:"blocklist_file" mapstructure:"blocklist_file"`
	// List of IP addresses and/or networks to never ban.
	// For large lists prefer SafeListFile
	SafeList []string `json:"safelist" mapstructure:"safelist"`
	// List of IP addresses and/or networks to always ban.
	// For large lists prefer BlockListFile
	BlockList []string `json:"blocklist" mapstructure:"blocklist"`
}

DefenderConfig defines the "defender" configuration

type EventParams 

type EventParams struct {
	Name              string
	Groups            []sdk.GroupMapping
	Event             string
	Status            int
	VirtualPath       string
	FsPath            string
	VirtualTargetPath string
	FsTargetPath      string
	ObjectName        string
	ObjectType        string
	FileSize          int64
	Protocol          string
	IP                string
	Timestamp         int64
	Object            plugin.Renderer
	// contains filtered or unexported fields
}

EventParams defines the supported event parameters

func (*EventParams) AddError 

func (p *EventParams) AddError(err error)

AddError adds a new error to the event params and update the status if needed

type HTTPAuthProvider 

type HTTPAuthProvider interface {
	ValidateCredentials(username, password string) bool
	IsEnabled() bool
}

HTTPAuthProvider defines the interface for HTTP auth providers

func NewBasicAuthProvider 

func NewBasicAuthProvider(authUserFile string) (HTTPAuthProvider, error)

NewBasicAuthProvider returns an HTTPAuthProvider implementing Basic Auth

type HostEvent 

type HostEvent int

HostEvent is the enumerable for the supported host events 

const (
	HostEventLoginFailed HostEvent = iota
	HostEventUserNotFound
	HostEventNoLoginTried
	HostEventLimitExceeded
)

Supported host events

type HostList 

type HostList struct {
	IPAddresses map[string]bool
	Ranges      cidranger.Ranger
}

HostList defines the structure used to keep the HostListFile in memory

type HostListFile 

type HostListFile struct {
	IPAddresses  []string `json:"addresses"`
	CIDRNetworks []string `json:"networks"`
}

HostListFile defines the structure expected for safe/block list files

type MetadataCheck 

type MetadataCheck struct {
	// Username to which the metadata check refers
	Username string `json:"username"`
	// check start time as unix timestamp in milliseconds
	StartTime int64  `json:"start_time"`
	Role      string `json:"-"`
}

MetadataCheck defines an active metadata check

type MetadataChecks 

type MetadataChecks struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

MetadataChecks holds the active metadata checks

func (*MetadataChecks) Add 

func (c *MetadataChecks) Add(username, role string) bool

Add adds a user to the ones with active metadata checks. Return false if a metadata check is already active for the specified user

func (*MetadataChecks) Get 

func (c *MetadataChecks) Get(role string) []MetadataCheck

Get returns the active metadata checks

func (*MetadataChecks) Remove 

func (c *MetadataChecks) Remove(username string) bool

Remove removes a user from the ones with active metadata checks

type ProtocolActions 

type ProtocolActions struct {
	// Valid values are download, upload, pre-delete, delete, rename, ssh_cmd. Empty slice to disable
	ExecuteOn []string `json:"execute_on" mapstructure:"execute_on"`
	// Actions to be performed synchronously.
	// The pre-delete action is always executed synchronously while the other ones are asynchronous.
	// Executing an action synchronously means that SFTPGo will not return a result code to the client
	// (which is waiting for it) until your hook have completed its execution.
	ExecuteSync []string `json:"execute_sync" mapstructure:"execute_sync"`
	// Absolute path to an external program or an HTTP URL
	Hook string `json:"hook" mapstructure:"hook"`
}

ProtocolActions defines the action to execute on file operations and SSH commands

type RateLimiterConfig 

type RateLimiterConfig struct {
	// Average defines the maximum rate allowed. 0 means disabled
	Average int64 `json:"average" mapstructure:"average"`
	// Period defines the period as milliseconds. Default: 1000 (1 second).
	// The rate is actually defined by dividing average by period.
	// So for a rate below 1 req/s, one needs to define a period larger than a second.
	Period int64 `json:"period" mapstructure:"period"`
	// Burst is the maximum number of requests allowed to go through in the
	// same arbitrarily small period of time. Default: 1.
	Burst int `json:"burst" mapstructure:"burst"`
	// Type defines the rate limiter type:
	// - rateLimiterTypeGlobal is a global rate limiter independent from the source
	// - rateLimiterTypeSource is a per-source rate limiter
	Type int `json:"type" mapstructure:"type"`
	// Protocols defines the protocols for this rate limiter.
	// Available protocols are: "SFTP", "FTP", "DAV".
	// A rate limiter with no protocols defined is disabled
	Protocols []string `json:"protocols" mapstructure:"protocols"`
	// AllowList defines a list of IP addresses and IP ranges excluded from rate limiting
	AllowList []string `json:"allow_list" mapstructure:"mapstructure"`
	// If the rate limit is exceeded, the defender is enabled, and this is a per-source limiter,
	// a new defender event will be generated
	GenerateDefenderEvents bool `json:"generate_defender_events" mapstructure:"generate_defender_events"`
	// The number of per-ip rate limiters kept in memory will vary between the
	// soft and hard limit
	EntriesSoftLimit int `json:"entries_soft_limit" mapstructure:"entries_soft_limit"`
	EntriesHardLimit int `json:"entries_hard_limit" mapstructure:"entries_hard_limit"`
}

RateLimiterConfig defines the configuration for a rate limiter

type RateLimiterType 

type RateLimiterType int

RateLimiterType defines the supported rate limiters types

type RetentionCheck 

type RetentionCheck struct {
	// Username to which the retention check refers
	Username string `json:"username"`
	// retention check start time as unix timestamp in milliseconds
	StartTime int64 `json:"start_time"`
	// affected folders
	Folders []dataprovider.FolderRetention `json:"folders"`
	// how cleanup results will be notified
	Notifications []RetentionCheckNotification `json:"notifications,omitempty"`
	// email to use if the notification method is set to email
	Email string `json:"email,omitempty"`
	Role  string `json:"-"`
	// contains filtered or unexported fields
}

RetentionCheck defines an active retention check

func (*RetentionCheck) Start 

func (c *RetentionCheck) Start() error

Start starts the retention check

func (*RetentionCheck) Validate 

func (c *RetentionCheck) Validate() error

Validate returns an error if the specified folders are not valid

type RetentionCheckNotification 

type RetentionCheckNotification = string

RetentionCheckNotification defines the supported notification methods for a retention check result

type SSHConnection 

type SSHConnection struct {
	// contains filtered or unexported fields
}

SSHConnection defines an ssh connection. Each SSH connection can open several channels for SFTP or SSH commands

func NewSSHConnection 

func NewSSHConnection(id string, conn net.Conn) *SSHConnection

NewSSHConnection returns a new SSHConnection

func (*SSHConnection) Close 

func (c *SSHConnection) Close() error

Close closes the underlying network connection

func (*SSHConnection) GetID 

func (c *SSHConnection) GetID() string

GetID returns the ID for this SSHConnection

func (*SSHConnection) GetLastActivity 

func (c *SSHConnection) GetLastActivity() time.Time

GetLastActivity returns the last connection activity

func (*SSHConnection) UpdateLastActivity 

func (c *SSHConnection) UpdateLastActivity()

UpdateLastActivity updates last activity for this connection

type StatAttributes 

type StatAttributes struct {
	Mode  os.FileMode
	Atime time.Time
	Mtime time.Time
	UID   int
	GID   int
	Flags int
	Size  int64
}

StatAttributes defines the attributes for set stat commands

type TLSKeyPair 

type TLSKeyPair struct {
	Cert string
	Key  string
	ID   string
}

TLSKeyPair defines the paths and the unique identifier for a TLS key pair

type TransfersChecker 

type TransfersChecker interface {
	AddTransfer(transfer dataprovider.ActiveTransfer)
	RemoveTransfer(ID int64, connectionID string)
	UpdateTransferCurrentSizes(ulSize, dlSize, ID int64, connectionID string)
	GetOverquotaTransfers() []overquotaTransfer
}

TransfersChecker defines the interface that transfer checkers must implement. A transfer checker ensure that multiple concurrent transfers does not exceeded the remaining user quota

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.