海运的博客

仅通过check_password_hook验证用户，用户信息使用web配置，将以下脚本保存为文件添加到sftpgo.json配置文件内check_password_hook参数。

#!/bin/bash -eu
#if [[ "${SFTPGO_AUTHD_USERNAME}" = "guest" ]] && [[ "${SFTPGO_AUTHD_PASSWORD}" = "pass" ]]; then
if [[ "${SFTPGO_AUTHD_USERNAME}" = "anonymous" ]] || [[ "${SFTPGO_AUTHD_USERNAME}" = "guest" ]]; then
cat <<EOF
{
  "status": 1
}
EOF
exit 0
fi

使用external_auth_hook外部验证用户并直接返回虚拟目录权限等信息：

#!/bin/bash -eu
if [[ "${SFTPGO_AUTHD_USERNAME}" = "anonymous" ]] || [[ "${SFTPGO_AUTHD_USERNAME}" = "guest" ]]; then
cat <<EOF
{
  "status": 1,
  "username": "${SFTPGO_AUTHD_USERNAME}",
  "home_dir": "/data/ftp",
  "permissions": {
    "/": ["list", "download"]
  },
  "virtual_folders": [
    {
      "name": "dir1",
      "mapped_path": "/data/dir1",
      "virtual_path": "/dir1"
    }, 
    {
      "name": "dir2",
      "mapped_path": "/data/dir2",
      "virtual_path": "/dir2"
    } 
  ]
}
EOF
fi

ftp/webdav匿名访问允许空密码patch：

diff -urN -x .git sftpgo2/ftpd/server.go sftpgo/ftpd/server.go
--- sftpgo2/ftpd/server.go      2022-04-05 18:55:25.959456839 +0800
+++ sftpgo/ftpd/server.go       2022-04-05 19:01:32.841334341 +0800
@@ -9,6 +9,7 @@
        "os"
        "path/filepath"
        "sync"
+        "strings"
 
        ftpserver "github.com/fclairamb/ftpserverlib"
 
@@ -182,6 +183,9 @@
 
 // AuthUser authenticates the user and selects an handling driver
 func (s *Server) AuthUser(cc ftpserver.ClientContext, username, password string) (ftpserver.ClientDriver, error) {
+       if len(strings.TrimSpace(password)) == 0 {
+               password = "guest"
+       }
        loginMethod := dataprovider.LoginMethodPassword
        if s.isTLSConnVerified(cc.ID()) {
                loginMethod = dataprovider.LoginMethodTLSCertificateAndPwd

diff -urN -x .git sftpgo2/webdavd/server.go sftpgo/webdavd/server.go
--- sftpgo2/webdavd/server.go   2022-04-05 18:55:25.995456233 +0800
+++ sftpgo/webdavd/server.go    2022-04-05 19:01:44.537140407 +0800
@@ -13,6 +13,7 @@
        "path/filepath"
        "runtime/debug"
        "time"
+        "strings"
 
        "github.com/go-chi/chi/v5/middleware"
        "github.com/rs/cors"
@@ -232,6 +233,9 @@
        var tlsCert *x509.Certificate
        loginMethod := dataprovider.LoginMethodPassword
        username, password, ok := r.BasicAuth()
+       if len(strings.TrimSpace(password)) == 0 {
+               password = "guest"
+       }
        if s.binding.isMutualTLSEnabled() && r.TLS != nil {
                if len(r.TLS.PeerCertificates) > 0 {
                        tlsCert = r.TLS.PeerCertificates[0]

参考：
https://github.com/drakkan/sftpgo/issues/373
https://github.com/drakkan/sftpgo/blob/main/docs/check-password-hook.md
https://github.com/drakkan/sftpgo/blob/main/docs/external-auth.md

标签：ftp, webdav, sftpgo, patch