ftpd

package
v2.6.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 27, 2024 License: AGPL-3.0 Imports: 23 Imported by: 0

Documentation

Overview

Package ftpd implements the FTP protocol

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ReloadCertificateMgr 

func ReloadCertificateMgr() error

ReloadCertificateMgr reloads the certificate manager

Types

type Binding 

type Binding struct {
	// The address to listen on. A blank value means listen on all available network interfaces.
	Address string `json:"address" mapstructure:"address"`
	// The port used for serving requests
	Port int `json:"port" mapstructure:"port"`
	// Apply the proxy configuration, if any, for this binding
	ApplyProxyConfig bool `json:"apply_proxy_config" mapstructure:"apply_proxy_config"`
	// Set to 1 to require TLS for both data and control connection.
	// Set to 2 to enable implicit TLS
	TLSMode int `json:"tls_mode" mapstructure:"tls_mode"`
	// 0 disabled, 1 required
	TLSSessionReuse int `json:"tls_session_reuse" mapstructure:"tls_session_reuse"`
	// Certificate and matching private key for this specific binding, if empty the global
	// ones will be used, if any
	CertificateFile    string `json:"certificate_file" mapstructure:"certificate_file"`
	CertificateKeyFile string `json:"certificate_key_file" mapstructure:"certificate_key_file"`
	// Defines the minimum TLS version. 13 means TLS 1.3, default is TLS 1.2
	MinTLSVersion int `json:"min_tls_version" mapstructure:"min_tls_version"`
	// External IP address for passive connections.
	ForcePassiveIP string `json:"force_passive_ip" mapstructure:"force_passive_ip"`
	// PassiveIPOverrides allows to define different IP addresses for passive connections
	// based on the client IP address
	PassiveIPOverrides []PassiveIPOverride `json:"passive_ip_overrides" mapstructure:"passive_ip_overrides"`
	// Hostname for passive connections. This hostname will be resolved each time a passive
	// connection is requested and this can, depending on the DNS configuration, take a noticeable
	// amount of time. Enable this setting only if you have a dynamic IP address
	PassiveHost string `json:"passive_host" mapstructure:"passive_host"`
	// Set to 1 to require client certificate authentication.
	// Set to 2 to require a client certificate and verfify it if given. In this mode
	// the client is allowed not to send a certificate.
	// You need to define at least a certificate authority for this to work
	ClientAuthType int `json:"client_auth_type" mapstructure:"client_auth_type"`
	// TLSCipherSuites is a list of supported cipher suites for TLS version 1.2.
	// If CipherSuites is nil/empty, a default list of secure cipher suites
	// is used, with a preference order based on hardware performance.
	// Note that TLS 1.3 ciphersuites are not configurable.
	// The supported ciphersuites names are defined here:
	//
	// https://github.com/golang/go/blob/master/src/crypto/tls/cipher_suites.go#L53
	//
	// any invalid name will be silently ignored.
	// The order matters, the ciphers listed first will be the preferred ones.
	TLSCipherSuites []string `json:"tls_cipher_suites" mapstructure:"tls_cipher_suites"`
	// PassiveConnectionsSecurity defines the security checks for passive data connections.
	// Supported values:
	// - 0 require matching peer IP addresses of control and data connection. This is the default
	// - 1 disable any checks
	PassiveConnectionsSecurity int `json:"passive_connections_security" mapstructure:"passive_connections_security"`
	// ActiveConnectionsSecurity defines the security checks for active data connections.
	// The supported values are the same as described for PassiveConnectionsSecurity.
	// Please note that disabling the security checks you will make the FTP service vulnerable to bounce attacks
	// on active data connections, so change the default value only if you are on a trusted/internal network
	ActiveConnectionsSecurity int `json:"active_connections_security" mapstructure:"active_connections_security"`
	// Set to 1 to silently ignore any client requests to perform ASCII translations via the TYPE command.
	// That is, FTP clients can request ASCII translations, and SFTPGo will respond as the client expects,
	// but will not actually perform the translation for either uploads or downloads. This behavior can be
	// useful in circumstances involving older/mainframe clients and EBCDIC files.
	IgnoreASCIITransferType int `json:"ignore_ascii_transfer_type" mapstructure:"ignore_ascii_transfer_type"`
	// Debug enables the FTP debug mode. In debug mode, every FTP command will be logged
	Debug bool `json:"debug" mapstructure:"debug"`
	// contains filtered or unexported fields
}

Binding defines the configuration for a network listener

func (*Binding) GetAddress 

func (b *Binding) GetAddress() string

GetAddress returns the binding address

func (*Binding) GetTLSDescription 

func (b *Binding) GetTLSDescription() string

GetTLSDescription returns the TLS mode as string

func (*Binding) HasProxy 

func (b *Binding) HasProxy() bool

HasProxy returns true if the proxy protocol is active for this binding

func (*Binding) IsValid 

func (b *Binding) IsValid() bool

IsValid returns true if the binding port is > 0

type Configuration 

type Configuration struct {
	// Addresses and ports to bind to
	Bindings []Binding `json:"bindings" mapstructure:"bindings"`
	// The contents of the specified file, if any, are diplayed when someone connects to the server.
	BannerFile string `json:"banner_file" mapstructure:"banner_file"`
	// If files containing a certificate and matching private key for the server are provided the server will accept
	// both plain FTP an explicit FTP over TLS.
	// Certificate and key files can be reloaded on demand sending a "SIGHUP" signal on Unix based systems and a
	// "paramchange" request to the running service on Windows.
	CertificateFile    string `json:"certificate_file" mapstructure:"certificate_file"`
	CertificateKeyFile string `json:"certificate_key_file" mapstructure:"certificate_key_file"`
	// CACertificates defines the set of root certificate authorities to be used to verify client certificates.
	CACertificates []string `json:"ca_certificates" mapstructure:"ca_certificates"`
	// CARevocationLists defines a set a revocation lists, one for each root CA, to be used to check
	// if a client certificate has been revoked
	CARevocationLists []string `json:"ca_revocation_lists" mapstructure:"ca_revocation_lists"`
	// Do not impose the port 20 for active data transfer. Enabling this option allows to run SFTPGo with less privilege
	ActiveTransfersPortNon20 bool `json:"active_transfers_port_non_20" mapstructure:"active_transfers_port_non_20"`
	// Set to true to disable active FTP
	DisableActiveMode bool `json:"disable_active_mode" mapstructure:"disable_active_mode"`
	// Set to true to enable the FTP SITE command.
	// We support chmod and symlink if SITE support is enabled
	EnableSite bool `json:"enable_site" mapstructure:"enable_site"`
	// Set to 1 to enable FTP commands that allow to calculate the hash value of files.
	// These FTP commands will be enabled: HASH, XCRC, MD5/XMD5, XSHA/XSHA1, XSHA256, XSHA512.
	// Please keep in mind that to calculate the hash we need to read the whole file, for
	// remote backends this means downloading the file, for the encrypted backend this means
	// decrypting the file
	HASHSupport int `json:"hash_support" mapstructure:"hash_support"`
	// Set to 1 to enable support for the non standard "COMB" FTP command.
	// Combine is only supported for local filesystem, for cloud backends it has
	// no advantage as it will download the partial files and will upload the
	// combined one. Cloud backends natively support multipart uploads.
	CombineSupport int `json:"combine_support" mapstructure:"combine_support"`
	// Port Range for data connections. Random if not specified
	PassivePortRange PortRange `json:"passive_port_range" mapstructure:"passive_port_range"`
	// contains filtered or unexported fields
}

Configuration defines the configuration for the ftp server

func (*Configuration) Initialize 

func (c *Configuration) Initialize(configDir string) error

Initialize configures and starts the FTP server

func (*Configuration) ShouldBind 

func (c *Configuration) ShouldBind() bool

ShouldBind returns true if there is at least a valid binding

type Connection 

type Connection struct {
	*common.BaseConnection
	// contains filtered or unexported fields
}

Connection details for an FTP connection. It implements common.ActiveConnection and ftpserver.ClientDriver interfaces

func (*Connection) AllocateSpace 

func (c *Connection) AllocateSpace(_ int) error

AllocateSpace implements ClientDriverExtensionAllocate interface

func (*Connection) Chmod 

func (c *Connection) Chmod(name string, mode os.FileMode) error

Chmod changes the mode of the named file/directory

func (*Connection) Chown 

func (c *Connection) Chown(_ string, _, _ int) error

Chown changes the uid and gid of the named file

func (*Connection) Chtimes 

func (c *Connection) Chtimes(name string, atime time.Time, mtime time.Time) error

Chtimes changes the access and modification times of the named file

func (*Connection) Create 

func (c *Connection) Create(_ string) (afero.File, error)

Create is not implemented we use ClientDriverExtentionFileTransfer

func (*Connection) Disconnect 

func (c *Connection) Disconnect() error

Disconnect disconnects the client

func (*Connection) GetAvailableSpace 

func (c *Connection) GetAvailableSpace(dirName string) (int64, error)

GetAvailableSpace implements ClientDriverExtensionAvailableSpace interface

func (*Connection) GetClientVersion 

func (c *Connection) GetClientVersion() string

GetClientVersion returns the connected client's version. It returns "Unknown" if the client does not advertise its version

func (*Connection) GetCommand 

func (c *Connection) GetCommand() string

GetCommand returns the last received FTP command

func (*Connection) GetHandle 

func (c *Connection) GetHandle(name string, flags int, offset int64) (ftpserver.FileTransfer, error)

GetHandle implements ClientDriverExtentionFileTransfer

func (*Connection) GetLocalAddress 

func (c *Connection) GetLocalAddress() string

GetLocalAddress returns local connection address

func (*Connection) GetRemoteAddress 

func (c *Connection) GetRemoteAddress() string

GetRemoteAddress returns the connected client's address

func (*Connection) Mkdir 

func (c *Connection) Mkdir(name string, _ os.FileMode) error

Mkdir creates a directory using the connection filesystem

func (*Connection) MkdirAll 

func (c *Connection) MkdirAll(_ string, _ os.FileMode) error

MkdirAll is not implemented, we don't need it

func (*Connection) Name 

func (c *Connection) Name() string

Name returns the name of this connection

func (*Connection) Open 

func (c *Connection) Open(_ string) (afero.File, error)

Open is not implemented we use ClientDriverExtentionFileTransfer and ClientDriverExtensionFileList

func (*Connection) OpenFile 

func (c *Connection) OpenFile(_ string, _ int, _ os.FileMode) (afero.File, error)

OpenFile is not implemented we use ClientDriverExtentionFileTransfer

func (*Connection) ReadDir 

func (c *Connection) ReadDir(name string) (ftpserver.DirLister, error)

ReadDir implements ClientDriverExtensionFilelist

func (*Connection) Remove 

func (c *Connection) Remove(name string) error

Remove removes a file. We implements ClientDriverExtensionRemoveDir for directories

func (*Connection) RemoveAll 

func (c *Connection) RemoveAll(_ string) error

RemoveAll is not implemented, we don't need it

func (*Connection) RemoveDir 

func (c *Connection) RemoveDir(name string) error

RemoveDir implements ClientDriverExtensionRemoveDir

func (*Connection) Rename 

func (c *Connection) Rename(oldname, newname string) error

Rename renames a file or a directory

func (*Connection) Stat 

func (c *Connection) Stat(name string) (os.FileInfo, error)

Stat returns a FileInfo describing the named file/directory, or an error, if any happens 

func (c *Connection) Symlink(oldname, newname string) error

Symlink implements ClientDriverExtensionSymlink

type PassiveIPOverride 

type PassiveIPOverride struct {
	Networks []string `json:"networks" mapstructure:"networks"`
	// if empty the local address will be returned
	IP string `json:"ip" mapstructure:"ip"`
	// contains filtered or unexported fields
}

PassiveIPOverride defines an exception for the configured passive IP

func (*PassiveIPOverride) GetNetworksAsString 

func (p *PassiveIPOverride) GetNetworksAsString() string

GetNetworksAsString returns the configured networks as string

type PortRange 

type PortRange struct {
	// Range start
	Start int `json:"start" mapstructure:"start"`
	// Range end
	End int `json:"end" mapstructure:"end"`
}

PortRange defines a port range

type Server 

type Server struct {
	ID int
	// contains filtered or unexported fields
}

Server implements the ftpserverlib MainDriver interface

func NewServer 

func NewServer(config *Configuration, configDir string, binding Binding, id int) *Server

NewServer returns a new FTP server driver

func (*Server) AuthUser 

func (s *Server) AuthUser(cc ftpserver.ClientContext, username, password string) (ftpserver.ClientDriver, error)

AuthUser authenticates the user and selects an handling driver

func (*Server) ClientConnected 

func (s *Server) ClientConnected(cc ftpserver.ClientContext) (string, error)

ClientConnected is called to send the very first welcome message

func (*Server) ClientDisconnected 

func (s *Server) ClientDisconnected(cc ftpserver.ClientContext)

ClientDisconnected is called when the user disconnects, even if he never authenticated

func (*Server) GetSettings 

func (s *Server) GetSettings() (*ftpserver.Settings, error)

GetSettings returns FTP server settings

func (*Server) GetTLSConfig 

func (s *Server) GetTLSConfig() (*tls.Config, error)

GetTLSConfig returns the TLS configuration for this server

func (*Server) PreAuthUser 

func (s *Server) PreAuthUser(cc ftpserver.ClientContext, username string) error

PreAuthUser implements the MainDriverExtensionUserVerifier interface

func (*Server) VerifyConnection 

func (s *Server) VerifyConnection(cc ftpserver.ClientContext, user string, tlsConn *tls.Conn) (ftpserver.ClientDriver, error)

VerifyConnection checks whether a user should be authenticated using a client certificate without prompting for a password

func (*Server) VerifyTLSConnectionState added in v2.6.0 

func (s *Server) VerifyTLSConnectionState(_ ftpserver.ClientContext, cs tls.ConnectionState) error

VerifyTLSConnectionState implements the MainDriverExtensionTLSConnectionStateVerifier extension

func (*Server) WrapPassiveListener 

func (s *Server) WrapPassiveListener(listener net.Listener) (net.Listener, error)

WrapPassiveListener implements the MainDriverExtensionPassiveWrapper interface

type ServiceStatus 

type ServiceStatus struct {
	IsActive         bool      `json:"is_active"`
	Bindings         []Binding `json:"bindings"`
	PassivePortRange PortRange `json:"passive_port_range"`
}

ServiceStatus defines the service status

func GetStatus 

func GetStatus() ServiceStatus

GetStatus returns the server status

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.