From c5d3ee9d98f09ad5b6db6630f435f01b1f36d9ba Mon Sep 17 00:00:00 2001
From: Daniel Berteaud <dbd@ehtrace.com>
Date: Tue, 25 Oct 2022 10:00:08 +0200
Subject: [PATCH] Update to 2022-10-25 10:00

---
 roles/sftpgo/defaults/main.yml                | 10 +----
 .../files/hooks/anonymous-ftp-password-hook   | 16 --------
 .../files/hooks/example-external-auth.sh      | 40 +++++++++++++++++++
 roles/sftpgo/tasks/install.yml                |  8 ++++
 4 files changed, 50 insertions(+), 24 deletions(-)
 delete mode 100644 roles/sftpgo/files/hooks/anonymous-ftp-password-hook
 create mode 100644 roles/sftpgo/files/hooks/example-external-auth.sh

diff --git a/roles/sftpgo/defaults/main.yml b/roles/sftpgo/defaults/main.yml
index 3ce814b..cf07004 100644
--- a/roles/sftpgo/defaults/main.yml
+++ b/roles/sftpgo/defaults/main.yml
@@ -1,11 +1,11 @@
 ---
 
 # Version to deploy
-sftpgo_version: 2.3.6
+sftpgo_version: 2.4.0
 # URL of the archive
 sftpgo_archive_url: https://github.com/drakkan/sftpgo/releases/download/v{{ sftpgo_version }}/sftpgo_v{{ sftpgo_version }}_linux_x86_64.tar.xz
 # Expected sha1 of the archive
-sftpgo_archive_sha256: 19a8df7194711c9fc1a5e5e7bbeed28781ea8204c8bdc941653ac7169846a746
+sftpgo_archive_sha256: 27de6446706c91717eabd6c4d74f80c0bba906639b698a409730e91b77d870fc
 
 # Should ansible handle upgrades ? If False, only initial install will be done
 sftpgo_manage_upgrade: True
@@ -86,12 +86,6 @@ sftpgo_base_conf:
     delayed_quota_update: 60
     pool_size: 5
     users_base_dir: "{{ sftpgo_root_dir }}/data/home/"
-    # If you want to allow anonymous FTP, you can create a user named anonymous (set a password to whatever you want, it won't be checked)
-    # and enable the following settings
-    # This hook will accept any password for the anonymous user
-    # check_password_hook: "{{ sftpgo_root_dir }}/bin/anonymous-ftp-password-hook"
-    # This will restrict the hook to the FTP protocol
-    # check_password_scope: 2
   httpd:
     bindings:
       port: 8080
diff --git a/roles/sftpgo/files/hooks/anonymous-ftp-password-hook b/roles/sftpgo/files/hooks/anonymous-ftp-password-hook
deleted file mode 100644
index 5ca9907..0000000
--- a/roles/sftpgo/files/hooks/anonymous-ftp-password-hook
+++ /dev/null
@@ -1,16 +0,0 @@
-#!/bin/bash -e
-  
-if [[ "${SFTPGO_AUTHD_USERNAME:=}" != "anonymous" ]]; then
-  cat <<_EOF
-{
-  "status": 2,
-  "to_verify": "${SFTPGO_AUTHD_PASSWORD:=}"
-}
-_EOF
-else
-  cat <<_EOF
-{
-  "status": 1
-}
-_EOF
-fi
diff --git a/roles/sftpgo/files/hooks/example-external-auth.sh b/roles/sftpgo/files/hooks/example-external-auth.sh
new file mode 100644
index 0000000..3ecd3b8
--- /dev/null
+++ b/roles/sftpgo/files/hooks/example-external-auth.sh
@@ -0,0 +1,40 @@
+#!/bin/bash -eu
+
+if [[ "${SFTPGO_AUTHD_USERNAME:=}" != "anonymous" ]]; then
+  exit 0
+fi
+  cat <<EOF
+{
+  "status": 1,
+  "username": "anonymous",
+  "home_dir": "/opt/sftpgo/data/home/anonymous",
+  "permissions": {
+    "/": [
+      "list",
+      "download"
+    ]
+  },
+  "virtual_folders": [
+    {
+      "id": 1,
+      "name": "firmwares",
+      "mapped_path": "/opt/sftpgo/data/folders/firmwares",
+      "description": "Android firmwares",
+      "used_quota_size": 0,
+      "used_quota_files": 0,
+      "last_quota_update": 0,
+      "filesystem": {
+        "provider": 0,
+        "s3config": {},
+        "gcsconfig": {},
+        "azblobconfig": {},
+        "cryptconfig": {},
+        "sftpconfig": {}
+      },
+      "virtual_path": "/firmwares",
+      "quota_size": -1,
+      "quota_files": -1
+    }
+  ]
+}
+EOF
diff --git a/roles/sftpgo/tasks/install.yml b/roles/sftpgo/tasks/install.yml
index 2aedd47..0e69634 100644
--- a/roles/sftpgo/tasks/install.yml
+++ b/roles/sftpgo/tasks/install.yml
@@ -76,6 +76,14 @@
   template: src=dehydrated_hook.j2 dest=/etc/dehydrated/hooks_deploy_cert.d/sftpgo mode=755
   tags: sftpgo
 
+- name: Remove obsolete SFTPGo hooks
+  file: path={{ sftpgo_root_dir }}/bin/{{ item }} state=absent
+  loop:
+    - anonymous-ftp-password-hook
+    - check-anonymous.sh
+    - external-auth.sh
+  tags: sftpgo
+
 - name: Install SFTPGo hooks
   copy: src=hooks/ dest={{ sftpgo_root_dir }}/bin/ mode=755
   tags: sftpgo