mirror of
https://github.com/drakkan/sftpgo.git
synced 2025-12-07 23:00:55 +03:00
Fixes #855
update OpenAPI definition, add test cases, fix lint Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
This commit is contained in:
Nicola Murino
@@ -26,7 +26,7 @@ func (f *Filesystem) SetEmptySecrets() {
|
||||
f.CryptConfig.Passphrase = kms.NewEmptySecret()
|
||||
f.SFTPConfig.Password = kms.NewEmptySecret()
|
||||
f.SFTPConfig.PrivateKey = kms.NewEmptySecret()
|
||||
f.SFTPConfig.Passphrase = kms.NewEmptySecret()
|
||||
f.SFTPConfig.KeyPassphrase = kms.NewEmptySecret()
|
||||
}
|
||||
|
||||
// SetEmptySecretsIfNil sets the secrets to empty if nil
|
||||
@@ -52,8 +52,8 @@ func (f *Filesystem) SetEmptySecretsIfNil() {
|
||||
if f.SFTPConfig.PrivateKey == nil {
|
||||
f.SFTPConfig.PrivateKey = kms.NewEmptySecret()
|
||||
}
|
||||
if f.SFTPConfig.Passphrase == nil {
|
||||
f.SFTPConfig.Passphrase = kms.NewEmptySecret()
|
||||
if f.SFTPConfig.KeyPassphrase == nil {
|
||||
f.SFTPConfig.KeyPassphrase = kms.NewEmptySecret()
|
||||
}
|
||||
}
|
||||
|
||||
@@ -76,15 +76,7 @@ func (f *Filesystem) SetNilSecretsIfEmpty() {
|
||||
if f.CryptConfig.Passphrase != nil && f.CryptConfig.Passphrase.IsEmpty() {
|
||||
f.CryptConfig.Passphrase = nil
|
||||
}
|
||||
if f.SFTPConfig.Password != nil && f.SFTPConfig.Password.IsEmpty() {
|
||||
f.SFTPConfig.Password = nil
|
||||
}
|
||||
if f.SFTPConfig.PrivateKey != nil && f.SFTPConfig.PrivateKey.IsEmpty() {
|
||||
f.SFTPConfig.PrivateKey = nil
|
||||
}
|
||||
if f.SFTPConfig.Passphrase != nil && f.SFTPConfig.Passphrase.IsEmpty() {
|
||||
f.SFTPConfig.Passphrase = nil
|
||||
}
|
||||
f.SFTPConfig.setNilSecretsIfEmpty()
|
||||
}
|
||||
|
||||
// IsEqual returns true if the fs is equal to other
|
||||
@@ -198,7 +190,7 @@ func (f *Filesystem) HasRedactedSecret() bool {
|
||||
if f.SFTPConfig.PrivateKey.IsRedacted() {
|
||||
return true
|
||||
}
|
||||
if f.SFTPConfig.Passphrase.IsRedacted() {
|
||||
if f.SFTPConfig.KeyPassphrase.IsRedacted() {
|
||||
return true
|
||||
}
|
||||
}
|
||||
@@ -284,9 +276,9 @@ func (f *Filesystem) GetACopy() Filesystem {
|
||||
DisableCouncurrentReads: f.SFTPConfig.DisableCouncurrentReads,
|
||||
BufferSize: f.SFTPConfig.BufferSize,
|
||||
},
|
||||
Password: f.SFTPConfig.Password.Clone(),
|
||||
PrivateKey: f.SFTPConfig.PrivateKey.Clone(),
|
||||
Passphrase: f.SFTPConfig.Passphrase.Clone(),
|
||||
Password: f.SFTPConfig.Password.Clone(),
|
||||
PrivateKey: f.SFTPConfig.PrivateKey.Clone(),
|
||||
KeyPassphrase: f.SFTPConfig.KeyPassphrase.Clone(),
|
||||
},
|
||||
}
|
||||
if len(f.SFTPConfig.Fingerprints) > 0 {
|
||||
|
||||
@@ -168,7 +168,7 @@ func (v *BaseVirtualFolder) HasRedactedSecret() bool {
|
||||
if v.FsConfig.SFTPConfig.PrivateKey.IsRedacted() {
|
||||
return true
|
||||
}
|
||||
if v.FsConfig.SFTPConfig.Passphrase.IsRedacted() {
|
||||
if v.FsConfig.SFTPConfig.KeyPassphrase.IsRedacted() {
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
||||
@@ -40,8 +40,8 @@ type SFTPFsConfig struct {
|
||||
sdk.BaseSFTPFsConfig
|
||||
Password *kms.Secret `json:"password,omitempty"`
|
||||
PrivateKey *kms.Secret `json:"private_key,omitempty"`
|
||||
KeyPassphrase *kms.Secret `json:"key_passphrase,omitempty"`
|
||||
forbiddenSelfUsernames []string `json:"-"`
|
||||
Passphrase *kms.Secret `json:"passphrase,omitempty"`
|
||||
}
|
||||
|
||||
// HideConfidentialData hides confidential data
|
||||
@@ -52,8 +52,20 @@ func (c *SFTPFsConfig) HideConfidentialData() {
|
||||
if c.PrivateKey != nil {
|
||||
c.PrivateKey.Hide()
|
||||
}
|
||||
if c.Passphrase != nil {
|
||||
c.Passphrase.Hide()
|
||||
if c.KeyPassphrase != nil {
|
||||
c.KeyPassphrase.Hide()
|
||||
}
|
||||
}
|
||||
|
||||
func (c *SFTPFsConfig) setNilSecretsIfEmpty() {
|
||||
if c.Password != nil && c.Password.IsEmpty() {
|
||||
c.Password = nil
|
||||
}
|
||||
if c.PrivateKey != nil && c.PrivateKey.IsEmpty() {
|
||||
c.PrivateKey = nil
|
||||
}
|
||||
if c.KeyPassphrase != nil && c.KeyPassphrase.IsEmpty() {
|
||||
c.KeyPassphrase = nil
|
||||
}
|
||||
}
|
||||
|
||||
@@ -86,7 +98,7 @@ func (c *SFTPFsConfig) isEqual(other *SFTPFsConfig) bool {
|
||||
if !c.Password.IsEqual(other.Password) {
|
||||
return false
|
||||
}
|
||||
if !c.Passphrase.IsEqual(other.Passphrase) {
|
||||
if !c.KeyPassphrase.IsEqual(other.KeyPassphrase) {
|
||||
return false
|
||||
}
|
||||
return c.PrivateKey.IsEqual(other.PrivateKey)
|
||||
@@ -99,8 +111,8 @@ func (c *SFTPFsConfig) setEmptyCredentialsIfNil() {
|
||||
if c.PrivateKey == nil {
|
||||
c.PrivateKey = kms.NewEmptySecret()
|
||||
}
|
||||
if c.Passphrase == nil {
|
||||
c.Passphrase = kms.NewEmptySecret()
|
||||
if c.KeyPassphrase == nil {
|
||||
c.KeyPassphrase = kms.NewEmptySecret()
|
||||
}
|
||||
}
|
||||
|
||||
@@ -147,6 +159,12 @@ func (c *SFTPFsConfig) validateCredentials() error {
|
||||
if !c.PrivateKey.IsEmpty() && !c.PrivateKey.IsValidInput() {
|
||||
return errors.New("invalid private key")
|
||||
}
|
||||
if c.KeyPassphrase.IsEncrypted() && !c.KeyPassphrase.IsValid() {
|
||||
return errors.New("invalid encrypted private key passphrase")
|
||||
}
|
||||
if !c.KeyPassphrase.IsEmpty() && !c.KeyPassphrase.IsValidInput() {
|
||||
return errors.New("invalid private key passphrase")
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
@@ -167,10 +185,10 @@ func (c *SFTPFsConfig) ValidateAndEncryptCredentials(additionalData string) erro
|
||||
return util.NewValidationError(fmt.Sprintf("could not encrypt SFTP fs private key: %v", err))
|
||||
}
|
||||
}
|
||||
if c.Passphrase.IsPlain() {
|
||||
c.Passphrase.SetAdditionalData(additionalData)
|
||||
if err := c.Passphrase.Encrypt(); err != nil {
|
||||
return err
|
||||
if c.KeyPassphrase.IsPlain() {
|
||||
c.KeyPassphrase.SetAdditionalData(additionalData)
|
||||
if err := c.KeyPassphrase.Encrypt(); err != nil {
|
||||
return util.NewValidationError(fmt.Sprintf("could not encrypt SFTP fs private key passphrase: %v", err))
|
||||
}
|
||||
}
|
||||
return nil
|
||||
@@ -211,8 +229,8 @@ func NewSFTPFs(connectionID, mountPath, localTempDir string, forbiddenSelfUserna
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
if !config.Passphrase.IsEmpty() {
|
||||
if err := config.Passphrase.TryDecrypt(); err != nil {
|
||||
if !config.KeyPassphrase.IsEmpty() {
|
||||
if err := config.KeyPassphrase.TryDecrypt(); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
@@ -800,18 +818,15 @@ func (fs *SFTPFs) createConnection() error {
|
||||
}
|
||||
if fs.config.PrivateKey.GetPayload() != "" {
|
||||
var signer ssh.Signer
|
||||
if fs.config.Passphrase.GetPayload() != "" {
|
||||
signer, err = ssh.ParsePrivateKeyWithPassphrase([]byte(fs.config.PrivateKey.GetPayload()), []byte(fs.config.Passphrase.GetPayload()))
|
||||
if err != nil {
|
||||
fs.err <- err
|
||||
return err
|
||||
}
|
||||
if fs.config.KeyPassphrase.GetPayload() != "" {
|
||||
signer, err = ssh.ParsePrivateKeyWithPassphrase([]byte(fs.config.PrivateKey.GetPayload()),
|
||||
[]byte(fs.config.KeyPassphrase.GetPayload()))
|
||||
} else {
|
||||
signer, err = ssh.ParsePrivateKey([]byte(fs.config.PrivateKey.GetPayload()))
|
||||
if err != nil {
|
||||
fs.err <- err
|
||||
return err
|
||||
}
|
||||
}
|
||||
if err != nil {
|
||||
fs.err <- err
|
||||
return fmt.Errorf("sftpfs: unable to parse the private key: %w", err)
|
||||
}
|
||||
clientConfig.Auth = append(clientConfig.Auth, ssh.PublicKeys(signer))
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user