plugin

package
v2.6.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 15, 2024 License: AGPL-3.0 Imports: 24 Imported by: 0

Documentation

Overview

Package plugin provides support for the SFTPGo plugin system

Index

Constants

View Source 
const (
	AuthScopePassword            = 1
	AuthScopePublicKey           = 2
	AuthScopeKeyboardInteractive = 4
	AuthScopeTLSCertificate      = 8
)

Supported auth scopes

Variables

This section is empty.

Functions

func Initialize 

func Initialize(configs []Config, logLevel string) error

Initialize initializes the configured plugins

Types

type AuthConfig 

type AuthConfig struct {
	// Scope defines the scope for the authentication plugin.
	// - 1 means passwords only
	// - 2 means public keys only
	// - 4 means keyboard interactive only
	// - 8 means TLS certificates only
	// you can combine the scopes, for example 3 means password and public key, 5 password and keyboard
	// interactive and so on
	Scope int `json:"scope" mapstructure:"scope"`
}

AuthConfig defines configuration parameters for auth plugins

type Config 

type Config struct {
	// Plugin type
	Type string `json:"type" mapstructure:"type"`
	// NotifierOptions defines options for notifiers plugins
	NotifierOptions NotifierConfig `json:"notifier_options" mapstructure:"notifier_options"`
	// KMSOptions defines options for a KMS plugin
	KMSOptions KMSConfig `json:"kms_options" mapstructure:"kms_options"`
	// AuthOptions defines options for authentication plugins
	AuthOptions AuthConfig `json:"auth_options" mapstructure:"auth_options"`
	// Path to the plugin executable
	Cmd string `json:"cmd" mapstructure:"cmd"`
	// Args to pass to the plugin executable
	Args []string `json:"args" mapstructure:"args"`
	// SHA256 checksum for the plugin executable.
	// If not empty it will be used to verify the integrity of the executable
	SHA256Sum string `json:"sha256sum" mapstructure:"sha256sum"`
	// If enabled the client and the server automatically negotiate mTLS for
	// transport authentication. This ensures that only the original client will
	// be allowed to connect to the server, and all other connections will be
	// rejected. The client will also refuse to connect to any server that isn't
	// the original instance started by the client.
	AutoMTLS bool `json:"auto_mtls" mapstructure:"auto_mtls"`
	// EnvPrefix defines the prefix for env vars to pass from the SFTPGo process
	// environment to the plugin. Set to "none" to not pass any environment
	// variable, set to "*" to pass all environment variables. If empty, the
	// prefix is returned as the plugin name in uppercase with "-" replaced with
	// "_" and a trailing "_". For example if the plugin name is
	// sftpgo-plugin-eventsearch the prefix will be SFTPGO_PLUGIN_EVENTSEARCH_
	EnvPrefix string `json:"env_prefix" mapstructure:"env_prefix"`
	// Additional environment variable names to pass from the SFTPGo process
	// environment to the plugin.
	EnvVars []string `json:"env_vars" mapstructure:"env_vars"`
	// contains filtered or unexported fields
}

Config defines a plugin configuration

type KMSConfig 

type KMSConfig struct {
	Scheme          string `json:"scheme" mapstructure:"scheme"`
	EncryptedStatus string `json:"encrypted_status" mapstructure:"encrypted_status"`
}

KMSConfig defines configuration parameters for kms plugins

type KeyboardAuthRequest 

type KeyboardAuthRequest struct {
	RequestID string   `json:"request_id"`
	Step      int      `json:"step"`
	Username  string   `json:"username,omitempty"`
	IP        string   `json:"ip,omitempty"`
	Password  string   `json:"password,omitempty"`
	Answers   []string `json:"answers,omitempty"`
	Questions []string `json:"questions,omitempty"`
}

KeyboardAuthRequest defines the request for a keyboard interactive authentication step

type KeyboardAuthResponse 

type KeyboardAuthResponse struct {
	Instruction string   `json:"instruction"`
	Questions   []string `json:"questions"`
	Echos       []bool   `json:"echos"`
	AuthResult  int      `json:"auth_result"`
	CheckPwd    int      `json:"check_password"`
}

KeyboardAuthResponse defines the response for a keyboard interactive authentication step

func (*KeyboardAuthResponse) Validate 

func (r *KeyboardAuthResponse) Validate() error

Validate returns an error if the KeyboardAuthResponse is invalid

type Manager 

type Manager struct {

	// List of configured plugins
	Configs []Config `json:"plugins" mapstructure:"plugins"`
	// contains filtered or unexported fields
}

Manager handles enabled plugins 

var (
	// Handler defines the plugins manager
	Handler Manager

	// ErrNoSearcher defines the error to return for events searches if no plugin is configured
	ErrNoSearcher = errors.New("no events searcher plugin defined")
)

func (*Manager) Authenticate 

func (m *Manager) Authenticate(username, password, ip, protocol string, pkey string,
	tlsCert *x509.Certificate, authScope int, userAsJSON []byte,
) ([]byte, error)

Authenticate tries to authenticate the specified user using an external plugin

func (*Manager) Cleanup 

func (m *Manager) Cleanup()

Cleanup releases all the active plugins

func (*Manager) ExecuteKeyboardInteractiveStep 

func (m *Manager) ExecuteKeyboardInteractiveStep(req *KeyboardAuthRequest) (*KeyboardAuthResponse, error)

ExecuteKeyboardInteractiveStep executes a keyboard interactive step

func (*Manager) HasAuthScope 

func (m *Manager) HasAuthScope(scope int) bool

HasAuthScope returns true if there is an auth plugin that support the specified scope

func (*Manager) HasAuthenticators 

func (m *Manager) HasAuthenticators() bool

HasAuthenticators returns true if there is at least an auth plugin

func (*Manager) HasNotifiers 

func (m *Manager) HasNotifiers() bool

HasNotifiers returns true if there is at least a notifier plugin

func (*Manager) HasSearcher added in v2.5.0 

func (m *Manager) HasSearcher() bool

HasSearcher returns true if an event searcher plugin is defined

func (*Manager) IsIPBanned 

func (m *Manager) IsIPBanned(ip, protocol string) bool

IsIPBanned returns true if the IP filter plugin does not allow the specified ip. If no IP filter plugin is defined this method returns false

func (*Manager) NotifyFsEvent 

func (m *Manager) NotifyFsEvent(event *notifier.FsEvent)

NotifyFsEvent sends the fs event notifications using any defined notifier plugins

func (*Manager) NotifyLogEvent added in v2.5.1 

func (m *Manager) NotifyLogEvent(event notifier.LogEventType, protocol, username, ip, role string, err error)

NotifyLogEvent sends the log event notifications using any defined notifier plugins

func (*Manager) NotifyProviderEvent 

func (m *Manager) NotifyProviderEvent(event *notifier.ProviderEvent, object Renderer)

NotifyProviderEvent sends the provider event notifications using any defined notifier plugins

func (*Manager) ReloadFilter 

func (m *Manager) ReloadFilter()

ReloadFilter sends a reload request to the IP filter plugin

func (*Manager) SearchFsEvents 

func (m *Manager) SearchFsEvents(searchFilters *eventsearcher.FsEventSearch) ([]byte, error)

SearchFsEvents returns the filesystem events matching the specified filters

func (*Manager) SearchLogEvents added in v2.5.1 

func (m *Manager) SearchLogEvents(searchFilters *eventsearcher.LogEventSearch) ([]byte, error)

SearchLogEvents returns the log events matching the specified filters

func (*Manager) SearchProviderEvents 

func (m *Manager) SearchProviderEvents(searchFilters *eventsearcher.ProviderEventSearch) ([]byte, error)

SearchProviderEvents returns the provider events matching the specified filters

type NotifierConfig 

type NotifierConfig struct {
	FsEvents          []string `json:"fs_events" mapstructure:"fs_events"`
	ProviderEvents    []string `json:"provider_events" mapstructure:"provider_events"`
	ProviderObjects   []string `json:"provider_objects" mapstructure:"provider_objects"`
	LogEvents         []int    `json:"log_events" mapstructure:"log_events"`
	RetryMaxTime      int      `json:"retry_max_time" mapstructure:"retry_max_time"`
	RetryQueueMaxSize int      `json:"retry_queue_max_size" mapstructure:"retry_queue_max_size"`
}

NotifierConfig defines configuration parameters for notifiers plugins

type Renderer 

type Renderer interface {
	RenderAsJSON(reload bool) ([]byte, error)
}

Renderer defines the interface for generic objects rendering

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.
JackTT - Gopher 🇻🇳