Mirrors/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-07 14:50:55 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,247 Commits 9 Branches 53 Tags
cc0ee9f43b879a492d246e4055efdd6a423f695b
Commit Graph

629 Commits

Author SHA1 Message Date
Nicola Murino
4a414f0fa4 test cases: fix some random failures 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-11-21 07:52:45 +01:00
Nicola Murino
f30a9a2095 OIDC cookie: use a cryptographically secure random string 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-11-21 07:52:36 +01:00
Nicola Murino
ed5ff9c5cc sftpd: remove allocator 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-11-21 07:52:24 +01:00
Nicola Murino
c37b7f0493 provider rule events: allows to filter by user groups 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-11-15 14:01:08 +01:00
Nicola Murino
0f073a40fd logger: add cipher suite 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-11-13 18:33:07 +01:00
Nicola Murino
618723c457 httpd: always use an opaque signing key 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-11-12 19:27:34 +01:00
Nicola Murino
4cb6acefb2 oidc/oauth2: use an opaque state 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-11-11 19:43:57 +01:00
Nicola Murino
f22ec2275f fix new lint warnings 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-11-10 20:58:22 +01:00
Nicola Murino
b524da11e9 EventManager: disable commands by default 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-11-10 12:08:17 +01:00
Nicola Murino
3dd412f6e3 WebAdmin and REST API: remove too granular permissions 
Our permissions system for admin users is too granular and some
permissions overlap. For example, you can define an administrator
with the "manage_system" permission and not with the "manage_admins"
or "manage_user" permission, but the "manage_system" permission
allows you to restore a backup and then create users and
administrators. The following permissions will be removed:
"manage_admins", "manage_apikeys", "manage_system", "retention_checks",
"manage_event_rules", "manage_roles", "manage_ip_lists". Now you
need to add the "*" permission to replace the removed granular
permissions because the removed permissions allow actions that
should only be allowed to super administrators.
There is no point in having separate, overlapping permissions.

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-11-10 10:46:28 +01:00
Nicola Murino
ef98ee7d11 don't allow admins to change their own permissions 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-11-09 20:24:35 +01:00
Nicola Murino
7aac64531f WebAdmin: check CSRF header when deleting blocked hosts 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-11-09 18:44:31 +01:00
Nicola Murino
03724d5eb1 remove fallback if rand.Reader fails 
Failing to read from rand.Reader essentially can't happen, and if it
does is not possible to fallback securely, so just panic

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-11-09 18:44:25 +01:00
Nicola Murino
82b437c502 plugins: fix passing additional environment variables 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-11-05 18:06:58 +01:00
Nicola Murino
88b1850b58 EventManager: allow to define the allowed system commands 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-11-01 11:37:33 +01:00
Nicola Murino
60558de728 proxy protocol: add more logs 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-10-31 18:04:55 +01:00
Nicola Murino
beff4432dc plugin: remove invalid chars from error message 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-10-29 18:11:53 +01:00
Nicola Murino
21bd8c5660 node: use a plain string as key 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-10-28 18:34:36 +01:00
Nicola Murino
e4e31ec4fb TestMaxSessionsSameConnection: make more reproducible 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-10-26 21:50:15 +02:00
Nicola Murino
ae1487d733 fix connection limits 
an SFTP client can start multiple transfers on a single connection

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-10-26 21:18:19 +02:00
Nicola Murino
c69fbe6bf9 tls: allow to configure all supported TLS versions and ciphers 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-10-23 19:50:37 +02:00
Nicola Murino
8d697bcc94 WebClient: enforce 2fa and password requirements also with OIDC 
password and 2fa can be used with other protocols

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-10-21 20:40:44 +02:00
Nicola Murino
ca41b59fc4 DirLister: returns appropriate protocol errors 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-10-16 19:04:09 +02:00
Nicola Murino
d8691d1e1a update translations 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-10-13 17:00:17 +02:00
Nicola Murino
5cb1b9c1e9 Web: add CheckRedirect to pages using baselogin.html 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-10-12 12:54:21 +02:00
Nicola Murino
b23e67ae6a EventManager: add escaped virtual path 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-10-12 11:25:07 +02:00
Nicola Murino
eba4c93efd user: add additional emails 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-10-11 19:20:51 +02:00
Nicola Murino
4103344989 EventManager: add datetime placeholder 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-10-08 18:39:00 +02:00
Nicola Murino
6626c8846b log: fix level for transfer logs 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-10-03 19:07:07 +02:00
Nicola Murino
424999dacd kms: add support for Oracle Key Vault 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-10-02 18:14:05 +02:00
Nicola Murino
27e98b85ce WebAdmin: hide certs if they cannot be used 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-09-27 15:53:12 +02:00
Nicola Murino
126cb1ee0d remove some useless hooks 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-09-27 15:52:51 +02:00
Nicola Murino
eeef23139d EventManager: filter action execution based on event status 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-09-23 19:55:03 +02:00
Nicola Murino
433d45ed87 WebUI: add a token validation mode that allows checking the signature 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-09-21 14:06:25 +02:00
Nicola Murino
5162c5de87 WebUIs: add a nil check for token in refresh cookie method 
token should never be null here because we have an authenticated user
however add the same check as elsewhere

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-09-16 20:11:02 +02:00
Nicola Murino
6896d2bfb1 httpd: validate reference also for CSRF token in headers 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-09-14 21:45:25 +02:00
Nicola Murino
14cabda5c2 update shortuid to v4 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-09-08 18:01:14 +02:00
Nicola Murino
1b928ef6b2 sqlite: execute PRAGMA optimize on startup 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-09-06 19:35:18 +02:00
Nicola Murino
fd6126134e execute provider events also for plugin auth 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-09-06 19:17:31 +02:00
Nicola Murino
3b5fba2eec update deps 
and also change the ACME request limit now that it is configurable

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-09-01 13:50:34 +02:00
Nicola Murino
bb422ad5b9 GCS: add user agent 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-08-28 19:47:38 +02:00
Nicola Murino
dc42680e1c add pipeReaderAt and pipeWriterAt interfaces 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-08-25 17:35:28 +02:00
Nicola Murino
d8e4978b61 smtp: replace deprecated method 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-08-17 09:17:22 +02:00
Nicola Murino
b9b370fbb8 add some pre-validation hooks 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-08-17 09:11:42 +02:00
Nicola Murino
2fbf608895 S3: add SSE customer key 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-08-15 10:09:06 +02:00
Nicola Murino
d783ffc13f fix new lint warnings 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-08-14 08:46:18 +02:00
Nicola Murino
fa710b36c2 httpd: allow to configure cache control header 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-08-12 21:19:44 +02:00
Nicola Murino
321c3f00d2 fix lint warning 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-08-11 09:26:07 +02:00
Nicola Murino
ec4bf3d76a update deps and replace deprecated methods 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-08-11 08:59:21 +02:00
Nicola Murino
68e62d3d9b httpd: allow to use proxy protocol 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
 2024-08-10 21:02:38 +02:00