sftpd

package
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 6, 2020 License: GPL-3.0 Imports: 37 Imported by: 0

Documentation

Overview

Package sftpd implements the SSH File Transfer Protocol as described in https://tools.ietf.org/html/draft-ietf-secsh-filexfer-02. It uses pkg/sftp library: https://github.com/pkg/sftp

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AddQuotaScan 

func AddQuotaScan(username string) bool

AddQuotaScan add a user to the ones with active quota scans. Returns false if the user has a quota scan already running

func AddVFolderQuotaScan 

func AddVFolderQuotaScan(folderPath string) bool

AddVFolderQuotaScan add a virtual folder to the ones with active quota scans. Returns false if the folder has a quota scan already running

func CheckIdleConnections 

func CheckIdleConnections()

CheckIdleConnections disconnects clients idle for too long, based on IdleTimeout setting

func CloseActiveConnection 

func CloseActiveConnection(connectionID string) bool

CloseActiveConnection closes an active SFTP connection. It returns true on success

func GetDefaultSSHCommands 

func GetDefaultSSHCommands() []string

GetDefaultSSHCommands returns the SSH commands enabled as default

func GetSupportedSSHCommands 

func GetSupportedSSHCommands() []string

GetSupportedSSHCommands returns the supported SSH commands

func RemoveQuotaScan 

func RemoveQuotaScan(username string) error

RemoveQuotaScan removes a user from the ones with active quota scans

func RemoveVFolderQuotaScan 

func RemoveVFolderQuotaScan(folderPath string) error

RemoveVFolderQuotaScan removes a folder from the ones with active quota scans

func SetDataProvider 

func SetDataProvider(provider dataprovider.Provider)

SetDataProvider sets the data provider to use to authenticate users and to get/update their disk quota

Types

type Actions 

type Actions struct {
	// Valid values are download, upload, delete, rename, ssh_cmd. Empty slice to disable
	ExecuteOn []string `json:"execute_on" mapstructure:"execute_on"`
	// Deprecated: please use Hook
	Command string `json:"command" mapstructure:"command"`
	// Deprecated: please use Hook
	HTTPNotificationURL string `json:"http_notification_url" mapstructure:"http_notification_url"`
	// Absolute path to an external program or an HTTP URL
	Hook string `json:"hook" mapstructure:"hook"`
}

Actions to execute on SFTP create, download, delete and rename. An external command can be executed and/or an HTTP notification can be fired

type ActiveQuotaScan 

type ActiveQuotaScan struct {
	// Username to which the quota scan refers
	Username string `json:"username"`
	// quota scan start time as unix timestamp in milliseconds
	StartTime int64 `json:"start_time"`
}

ActiveQuotaScan defines an active quota scan for a user home dir

func GetQuotaScans 

func GetQuotaScans() []ActiveQuotaScan

GetQuotaScans returns the active quota scans for users home directories

type ActiveVirtualFolderQuotaScan 

type ActiveVirtualFolderQuotaScan struct {
	// folder path to which the quota scan refers
	MappedPath string `json:"mapped_path"`
	// quota scan start time as unix timestamp in milliseconds
	StartTime int64 `json:"start_time"`
}

ActiveVirtualFolderQuotaScan defines an active quota scan for a virtual folder

func GetVFoldersQuotaScans 

func GetVFoldersQuotaScans() []ActiveVirtualFolderQuotaScan

GetVFoldersQuotaScans returns the active quota scans for virtual folders

type Configuration 

type Configuration struct {
	// Identification string used by the server
	Banner string `json:"banner" mapstructure:"banner"`
	// The port used for serving SFTP requests
	BindPort int `json:"bind_port" mapstructure:"bind_port"`
	// The address to listen on. A blank value means listen on all available network interfaces.
	BindAddress string `json:"bind_address" mapstructure:"bind_address"`
	// Maximum idle timeout as minutes. If a client is idle for a time that exceeds this setting it will be disconnected.
	// 0 means disabled
	IdleTimeout int `json:"idle_timeout" mapstructure:"idle_timeout"`
	// Maximum number of authentication attempts permitted per connection.
	// If set to a negative number, the number of attempts is unlimited.
	// If set to zero, the number of attempts are limited to 6.
	MaxAuthTries int `json:"max_auth_tries" mapstructure:"max_auth_tries"`
	// Umask for new files
	Umask string `json:"umask" mapstructure:"umask"`
	// UploadMode 0 means standard, the files are uploaded directly to the requested path.
	// 1 means atomic: the files are uploaded to a temporary path and renamed to the requested path
	// when the client ends the upload. Atomic mode avoid problems such as a web server that
	// serves partial files when the files are being uploaded.
	// In atomic mode if there is an upload error the temporary file is deleted and so the requested
	// upload path will not contain a partial file.
	// 2 means atomic with resume support: as atomic but if there is an upload error the temporary
	// file is renamed to the requested path and not deleted, this way a client can reconnect and resume
	// the upload.
	UploadMode int `json:"upload_mode" mapstructure:"upload_mode"`
	// Actions to execute on SFTP create, download, delete and rename
	Actions Actions `json:"actions" mapstructure:"actions"`
	// Deprecated: please use HostKeys
	Keys []Key `json:"keys" mapstructure:"keys"`
	// HostKeys define the daemon's private host keys.
	// Each host key can be defined as a path relative to the configuration directory or an absolute one.
	// If empty or missing, the daemon will search or try to generate "id_rsa" and "id_ecdsa" host keys
	// inside the configuration directory.
	HostKeys []string `json:"host_keys" mapstructure:"host_keys"`
	// KexAlgorithms specifies the available KEX (Key Exchange) algorithms in
	// preference order.
	KexAlgorithms []string `json:"kex_algorithms" mapstructure:"kex_algorithms"`
	// Ciphers specifies the ciphers allowed
	Ciphers []string `json:"ciphers" mapstructure:"ciphers"`
	// MACs Specifies the available MAC (message authentication code) algorithms
	// in preference order
	MACs []string `json:"macs" mapstructure:"macs"`
	// TrustedUserCAKeys specifies a list of public keys paths of certificate authorities
	// that are trusted to sign user certificates for authentication.
	// The paths can be absolute or relative to the configuration directory
	TrustedUserCAKeys []string `json:"trusted_user_ca_keys" mapstructure:"trusted_user_ca_keys"`
	// LoginBannerFile the contents of the specified file, if any, are sent to
	// the remote user before authentication is allowed.
	LoginBannerFile string `json:"login_banner_file" mapstructure:"login_banner_file"`
	// SetstatMode 0 means "normal mode": requests for changing permissions and owner/group are executed.
	// 1 means "ignore mode": requests for changing permissions and owner/group are silently ignored.
	SetstatMode int `json:"setstat_mode" mapstructure:"setstat_mode"`
	// List of enabled SSH commands.
	// We support the following SSH commands:
	// - "scp". SCP is an experimental feature, we have our own SCP implementation since
	//      we can't rely on scp system command to proper handle permissions, quota and
	//      user's home dir restrictions.
	// 		The SCP protocol is quite simple but there is no official docs about it,
	// 		so we need more testing and feedbacks before enabling it by default.
	// 		We may not handle some borderline cases or have sneaky bugs.
	// 		Please do accurate tests yourself before enabling SCP and let us known
	// 		if something does not work as expected for your use cases.
	//      SCP between two remote hosts is supported using the `-3` scp option.
	// - "md5sum", "sha1sum", "sha256sum", "sha384sum", "sha512sum". Useful to check message
	//      digests for uploaded files. These commands are implemented inside SFTPGo so they
	//      work even if the matching system commands are not available, for example on Windows.
	// - "cd", "pwd". Some mobile SFTP clients does not support the SFTP SSH_FXP_REALPATH and so
	//      they use "cd" and "pwd" SSH commands to get the initial directory.
	//      Currently `cd` do nothing and `pwd` always returns the "/" path.
	//
	// The following SSH commands are enabled by default: "md5sum", "sha1sum", "cd", "pwd".
	// "*" enables all supported SSH commands.
	EnabledSSHCommands []string `json:"enabled_ssh_commands" mapstructure:"enabled_ssh_commands"`
	// Deprecated: please use KeyboardInteractiveHook
	KeyboardInteractiveProgram string `json:"keyboard_interactive_auth_program" mapstructure:"keyboard_interactive_auth_program"`
	// Absolute path to an external program or an HTTP URL to invoke for keyboard interactive authentication.
	// Leave empty to disable this authentication mode.
	KeyboardInteractiveHook string `json:"keyboard_interactive_auth_hook" mapstructure:"keyboard_interactive_auth_hook"`
	// Support for HAProxy PROXY protocol.
	// If you are running SFTPGo behind a proxy server such as HAProxy, AWS ELB or NGNIX, you can enable
	// the proxy protocol. It provides a convenient way to safely transport connection information
	// such as a client's address across multiple layers of NAT or TCP proxies to get the real
	// client IP address instead of the proxy IP. Both protocol versions 1 and 2 are supported.
	// - 0 means disabled
	// - 1 means proxy protocol enabled. Proxy header will be used and requests without proxy header will be accepted.
	// - 2 means proxy protocol required. Proxy header will be used and requests without proxy header will be rejected.
	// If the proxy protocol is enabled in SFTPGo then you have to enable the protocol in your proxy configuration too,
	// for example for HAProxy add "send-proxy" or "send-proxy-v2" to each server configuration line.
	ProxyProtocol int `json:"proxy_protocol" mapstructure:"proxy_protocol"`
	// List of IP addresses and IP ranges allowed to send the proxy header.
	// If proxy protocol is set to 1 and we receive a proxy header from an IP that is not in the list then the
	// connection will be accepted and the header will be ignored.
	// If proxy protocol is set to 2 and we receive a proxy header from an IP that is not in the list then the
	// connection will be rejected.
	ProxyAllowed []string `json:"proxy_allowed" mapstructure:"proxy_allowed"`
	// contains filtered or unexported fields
}

Configuration for the SFTP server

func (Configuration) AcceptInboundConnection 

func (c Configuration) AcceptInboundConnection(conn net.Conn, config *ssh.ServerConfig)

AcceptInboundConnection handles an inbound connection to the server instance and determines if the request should be served or not.

func (Configuration) Initialize 

func (c Configuration) Initialize(configDir string) error

Initialize the SFTP server and add a persistent listener to handle inbound SFTP connections.

type Connection 

type Connection struct {
	// Unique identifier for the connection
	ID string
	// logged in user's details
	User dataprovider.User
	// client's version string
	ClientVersion string
	// Remote address for this connection
	RemoteAddr net.Addr
	// start time for this connection
	StartTime time.Time
	// contains filtered or unexported fields
}

Connection details for an authenticated user

func (Connection) Filecmd 

func (c Connection) Filecmd(request *sftp.Request) error

Filecmd hander for basic SFTP system calls related to files, but not anything to do with reading or writing to those files.

func (Connection) Filelist 

func (c Connection) Filelist(request *sftp.Request) (sftp.ListerAt, error)

Filelist is the handler for SFTP filesystem list calls. This will handle calls to list the contents of a directory as well as perform file/folder stat calls.

func (Connection) Fileread 

func (c Connection) Fileread(request *sftp.Request) (io.ReaderAt, error)

Fileread creates a reader for a file on the system and returns the reader back.

func (Connection) Filewrite 

func (c Connection) Filewrite(request *sftp.Request) (io.WriterAt, error)

Filewrite handles the write actions for a file on the system.

func (Connection) Log 

func (c Connection) Log(level logger.LogLevel, sender string, format string, v ...interface{})

Log outputs a log entry to the configured logger

type ConnectionStatus 

type ConnectionStatus struct {
	// Logged in username
	Username string `json:"username"`
	// Unique identifier for the connection
	ConnectionID string `json:"connection_id"`
	// client's version string
	ClientVersion string `json:"client_version"`
	// Remote address for this connection
	RemoteAddress string `json:"remote_address"`
	// Connection time as unix timestamp in milliseconds
	ConnectionTime int64 `json:"connection_time"`
	// Last activity as unix timestamp in milliseconds
	LastActivity int64 `json:"last_activity"`
	// Protocol for this connection: SFTP, SCP, SSH
	Protocol string `json:"protocol"`
	// active uploads/downloads
	Transfers []connectionTransfer `json:"active_transfers"`
	// for protocol SSH this is the issued command
	SSHCommand string `json:"ssh_command"`
}

ConnectionStatus status for an active connection

func GetConnectionsStats 

func GetConnectionsStats() []ConnectionStatus

GetConnectionsStats returns stats for active connections

func (ConnectionStatus) GetConnectionDuration 

func (c ConnectionStatus) GetConnectionDuration() string

GetConnectionDuration returns the connection duration as string

func (ConnectionStatus) GetConnectionInfo 

func (c ConnectionStatus) GetConnectionInfo() string

GetConnectionInfo returns connection info. Protocol,Client Version and RemoteAddress are returned. For SSH commands the issued command is returned too.

func (ConnectionStatus) GetTransfersAsString 

func (c ConnectionStatus) GetTransfersAsString() string

GetTransfersAsString returns the active transfers as string

type Key 

type Key struct {
	// The private key path as absolute path or relative to the configuration directory
	PrivateKey string `json:"private_key" mapstructure:"private_key"`
}

Key contains information about host keys Deprecated: please use HostKeys

type Transfer 

type Transfer struct {
	// contains filtered or unexported fields
}

Transfer contains the transfer details for an upload or a download. It implements the io Reader and Writer interface to handle files downloads and uploads

func (*Transfer) Close 

func (t *Transfer) Close() error

Close it is called when the transfer is completed. It closes the underlying file, logs the transfer info, updates the user quota (for uploads) and executes any defined action. If there is an error no action will be executed and, in atomic mode, we try to delete the temporary file

func (*Transfer) ReadAt 

func (t *Transfer) ReadAt(p []byte, off int64) (n int, err error)

ReadAt reads len(p) bytes from the File to download starting at byte offset off and updates the bytes sent. It handles download bandwidth throttling too

func (*Transfer) TransferError 

func (t *Transfer) TransferError(err error)

TransferError is called if there is an unexpected error. For example network or client issues

func (*Transfer) WriteAt 

func (t *Transfer) WriteAt(p []byte, off int64) (n int, err error)

WriteAt writes len(p) bytes to the uploaded file starting at byte offset off and updates the bytes received. It handles upload bandwidth throttling too

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.