update deps and replace deprecated methods

Signed-off-by: Nicola Murino <[email protected]>

go.mod

@@ -185,6 +185,7 @@ require (
 replace (
 	github.com/fclairamb/ftpserverlib => github.com/drakkan/ftpserverlib v0.0.0-20240603150004-6a8f643fbf2e
 	github.com/jlaffaye/ftp => github.com/drakkan/ftp v0.0.0-20240430173938-7ba8270c8e7f
+	github.com/pires/go-proxyproto => github.com/drakkan/go-proxyproto v0.0.0-20240811060125-2e92d08b5373
 	github.com/robfig/cron/v3 => github.com/drakkan/cron/v3 v3.0.0-20230222140221-217a1e4d96c0
-	golang.org/x/crypto => github.com/drakkan/crypto v0.0.0-20240726170110-f4e4a4627441
+	golang.org/x/crypto => github.com/drakkan/crypto v0.0.0-20240811065748-0aba51313995
 )

go.sum

@@ -113,12 +113,14 @@ github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0 h1:rpfIENRNNilwHwZeG5+P150SMrnN
 github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0/go.mod h1:v57UDF4pDQJcEfFUCRop3lJL149eHGSe9Jvczhzjo/0=
 github.com/drakkan/cron/v3 v3.0.0-20230222140221-217a1e4d96c0 h1:EW9gIJRmt9lzk66Fhh4S8VEtURA6QHZqGeSRE9Nb2/U=
 github.com/drakkan/cron/v3 v3.0.0-20230222140221-217a1e4d96c0/go.mod h1:eQICP3HwyT7UooqI/z+Ov+PtYAWygg1TEWWzGIFLtro=
-github.com/drakkan/crypto v0.0.0-20240726170110-f4e4a4627441 h1:1iNKXQ0IOEUADDah6knbVh2SBhDH0Bu0kkrOXpTkXvA=
-github.com/drakkan/crypto v0.0.0-20240726170110-f4e4a4627441/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M=
+github.com/drakkan/crypto v0.0.0-20240811065748-0aba51313995 h1:241DJt2v74QAjbmdZHjnzlLUioW4zNwXA607kyBySOU=
+github.com/drakkan/crypto v0.0.0-20240811065748-0aba51313995/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54=
 github.com/drakkan/ftp v0.0.0-20240430173938-7ba8270c8e7f h1:S9JUlrOzjK58UKoLqqb40YLyVlt0bcIFtYrvnanV3zc=
 github.com/drakkan/ftp v0.0.0-20240430173938-7ba8270c8e7f/go.mod h1:4p8lUl4vQ80L598CygL+3IFtm+3nggvvW/palOlViwE=
 github.com/drakkan/ftpserverlib v0.0.0-20240603150004-6a8f643fbf2e h1:VBpqQeChkGXSV1FXCtvd3BJTyB+DcMgiu7SfkpsGuKw=
 github.com/drakkan/ftpserverlib v0.0.0-20240603150004-6a8f643fbf2e/go.mod h1:aAwyOAC6IIe+IZeeGD1QjuE3GGDzqW/c5Xtn+Dp0JUM=
+github.com/drakkan/go-proxyproto v0.0.0-20240811060125-2e92d08b5373 h1:0ltrbDRr7KT2aSgj2IXOzRraH2xdR+CWZjm5uC4ChXU=
+github.com/drakkan/go-proxyproto v0.0.0-20240811060125-2e92d08b5373/go.mod h1:iknsfgnH8EkjrMeMyvfKByp9TiBZCKZM0jx2xmKqnVY=
 github.com/drakkan/webdav v0.0.0-20240503091431-218ec83910bb h1:067/Uo8cfeY7QC0yzWCr/RImuNcM0rLWAsBUyMks59o=
 github.com/drakkan/webdav v0.0.0-20240503091431-218ec83910bb/go.mod h1:zOVb1QDhwwqWn2L2qZ0U3swMSO4GTSNyIwXCGO/UGWE=
 github.com/eikenb/pipeat v0.0.0-20210730190139-06b3e6902001 h1:/ZshrfQzayqRSBDodmp3rhNCHJCff+utvgBuWRbiqu4=
@@ -300,8 +302,6 @@ github.com/otiai10/mint v1.5.1 h1:XaPLeE+9vGbuyEHem1JNk3bYc7KKqyI/na0/mLd/Kks=
 github.com/otiai10/mint v1.5.1/go.mod h1:MJm72SBthJjz8qhefc4z1PYEieWmy8Bku7CjcAqyUSM=
 github.com/pelletier/go-toml/v2 v2.2.2 h1:aYUidT7k73Pcl9nb2gScu7NSrKCSHIDE89b3+6Wq+LM=
 github.com/pelletier/go-toml/v2 v2.2.2/go.mod h1:1t835xjRzz80PqgE6HHgN2JOsmgYu/h4qDAS4n929Rs=
-github.com/pires/go-proxyproto v0.7.0 h1:IukmRewDQFWC7kfnb66CSomk2q/seBuilHBYFwyq0Hs=
-github.com/pires/go-proxyproto v0.7.0/go.mod h1:Vz/1JPY/OACxWGQNIRY2BeyDmpoaWmEP40O9LbuiFR4=
 github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ=
 github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
@@ -478,7 +478,7 @@ golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.23.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg=
 golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE=
@@ -487,7 +487,6 @@ golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=
 golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
 golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY=
-golang.org/x/term v0.22.0/go.mod h1:F3qCibpT5AMpCRfhfT53vVJwhLtIVHhB9XDjfFvnMI4=
 golang.org/x/term v0.23.0 h1:F6D4vR+EHoL9/sWAWgAR1H2DcHr4PareCbAaCo1RpuU=
 golang.org/x/term v0.23.0/go.mod h1:DgV24QBUrK6jhZXl+20l6UWznPlwAHm1Q1mGHtydmSk=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -497,7 +496,6 @@ golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
-golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
 golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc=
 golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
 golang.org/x/time v0.6.0 h1:eTDhh4ZXt5Qf0augr54TN6suAUudPcawVZeIAPU7D4U=

internal/common/common.go

@@ -660,7 +660,7 @@ func (c *Configuration) GetProxyListener(listener net.Listener) (net.Listener, e
 
 		return &proxyproto.Listener{
 			Listener:          listener,
-			Policy:            getProxyPolicy(c.proxyAllowed, c.proxySkipped, defaultPolicy),
+			ConnPolicy:        getProxyPolicy(c.proxyAllowed, c.proxySkipped, defaultPolicy),
 			ReadHeaderTimeout: 10 * time.Second,
 		}, nil
 	}
@@ -835,13 +835,13 @@ func (c *Configuration) ExecutePostConnectHook(ipAddr, protocol string) error {
 	return nil
 }
 
-func getProxyPolicy(allowed, skipped []func(net.IP) bool, def proxyproto.Policy) proxyproto.PolicyFunc {
-	return func(upstream net.Addr) (proxyproto.Policy, error) {
-		upstreamIP, err := util.GetIPFromNetAddr(upstream)
+func getProxyPolicy(allowed, skipped []func(net.IP) bool, def proxyproto.Policy) proxyproto.ConnPolicyFunc {
+	return func(connPolicyOptions proxyproto.ConnPolicyOptions) (proxyproto.Policy, error) {
+		upstreamIP, err := util.GetIPFromNetAddr(connPolicyOptions.Upstream)
 		if err != nil {
 			// Something is wrong with the source IP, better reject the
-			// connection if a proxy header is found.
-			return proxyproto.REJECT, err
+			// connection.
+			return proxyproto.REJECT, proxyproto.ErrInvalidUpstream
 		}
 
 		for _, skippedFrom := range skipped {
@@ -860,7 +860,7 @@ func getProxyPolicy(allowed, skipped []func(net.IP) bool, def proxyproto.Policy)
 		}
 
 		if def == proxyproto.REQUIRE {
-			return proxyproto.REJECT, nil
+			return proxyproto.REJECT, proxyproto.ErrInvalidUpstream
 		}
 		return def, nil
 	}

internal/common/common_test.go

@@ -1042,9 +1042,13 @@ func TestQuotaScansRole(t *testing.T) {
 
 func TestProxyPolicy(t *testing.T) {
 	addr := net.TCPAddr{}
+	downstream := net.TCPAddr{IP: net.ParseIP("1.1.1.1")}
 	p := getProxyPolicy(nil, nil, proxyproto.IGNORE)
-	policy, err := p(&addr)
-	assert.Error(t, err)
+	policy, err := p(proxyproto.ConnPolicyOptions{
+		Upstream:   &addr,
+		Downstream: &downstream,
+	})
+	assert.ErrorIs(t, err, proxyproto.ErrInvalidUpstream)
 	assert.Equal(t, proxyproto.REJECT, policy)
 	ip1 := net.ParseIP("10.8.1.1")
 	ip2 := net.ParseIP("10.8.1.2")
@@ -1054,30 +1058,54 @@ func TestProxyPolicy(t *testing.T) {
 	skipped, err := util.ParseAllowedIPAndRanges([]string{ip2.String(), ip3.String()})
 	assert.NoError(t, err)
 	p = getProxyPolicy(allowed, skipped, proxyproto.IGNORE)
-	policy, err = p(&net.TCPAddr{IP: ip1})
+	policy, err = p(proxyproto.ConnPolicyOptions{
+		Upstream:   &net.TCPAddr{IP: ip1},
+		Downstream: &downstream,
+	})
 	assert.NoError(t, err)
 	assert.Equal(t, proxyproto.USE, policy)
-	policy, err = p(&net.TCPAddr{IP: ip2})
+	policy, err = p(proxyproto.ConnPolicyOptions{
+		Upstream:   &net.TCPAddr{IP: ip2},
+		Downstream: &downstream,
+	})
 	assert.NoError(t, err)
 	assert.Equal(t, proxyproto.SKIP, policy)
-	policy, err = p(&net.TCPAddr{IP: ip3})
+	policy, err = p(proxyproto.ConnPolicyOptions{
+		Upstream:   &net.TCPAddr{IP: ip3},
+		Downstream: &downstream,
+	})
 	assert.NoError(t, err)
 	assert.Equal(t, proxyproto.SKIP, policy)
-	policy, err = p(&net.TCPAddr{IP: net.ParseIP("10.8.1.4")})
+	policy, err = p(proxyproto.ConnPolicyOptions{
+		Upstream:   &net.TCPAddr{IP: net.ParseIP("10.8.1.4")},
+		Downstream: &downstream,
+	})
 	assert.NoError(t, err)
 	assert.Equal(t, proxyproto.IGNORE, policy)
 	p = getProxyPolicy(allowed, skipped, proxyproto.REQUIRE)
-	policy, err = p(&net.TCPAddr{IP: ip1})
+	policy, err = p(proxyproto.ConnPolicyOptions{
+		Upstream:   &net.TCPAddr{IP: ip1},
+		Downstream: &downstream,
+	})
 	assert.NoError(t, err)
 	assert.Equal(t, proxyproto.REQUIRE, policy)
-	policy, err = p(&net.TCPAddr{IP: ip2})
+	policy, err = p(proxyproto.ConnPolicyOptions{
+		Upstream:   &net.TCPAddr{IP: ip2},
+		Downstream: &downstream,
+	})
 	assert.NoError(t, err)
 	assert.Equal(t, proxyproto.SKIP, policy)
-	policy, err = p(&net.TCPAddr{IP: ip3})
+	policy, err = p(proxyproto.ConnPolicyOptions{
+		Upstream:   &net.TCPAddr{IP: ip3},
+		Downstream: &downstream,
+	})
 	assert.NoError(t, err)
 	assert.Equal(t, proxyproto.SKIP, policy)
-	policy, err = p(&net.TCPAddr{IP: net.ParseIP("10.8.1.5")})
-	assert.NoError(t, err)
+	policy, err = p(proxyproto.ConnPolicyOptions{
+		Upstream:   &net.TCPAddr{IP: net.ParseIP("10.8.1.5")},
+		Downstream: &downstream,
+	})
+	assert.ErrorIs(t, err, proxyproto.ErrInvalidUpstream)
 	assert.Equal(t, proxyproto.REJECT, policy)
 }
 
@@ -1094,14 +1122,14 @@ func TestProxyProtocolVersion(t *testing.T) {
 	assert.NoError(t, err)
 	proxyListener, ok := listener.(*proxyproto.Listener)
 	require.True(t, ok)
-	assert.NotNil(t, proxyListener.Policy)
+	assert.NotNil(t, proxyListener.ConnPolicy)
 
 	c.ProxyProtocol = 2
 	listener, err = c.GetProxyListener(nil)
 	assert.NoError(t, err)
 	proxyListener, ok = listener.(*proxyproto.Listener)
 	require.True(t, ok)
-	assert.NotNil(t, proxyListener.Policy)
+	assert.NotNil(t, proxyListener.ConnPolicy)
 }
 
 func TestStartupHook(t *testing.T) {

internal/common/protocol_test.go

@@ -9062,11 +9062,8 @@ func TestHTTPFs(t *testing.T) {
 }
 
 func TestProxyProtocol(t *testing.T) {
-	resp, err := httpclient.Get(fmt.Sprintf("http://%v", httpProxyAddr))
-	if assert.NoError(t, err) {
-		defer resp.Body.Close()
-		assert.Equal(t, http.StatusOK, resp.StatusCode)
-	}
+	_, err := httpclient.Get(fmt.Sprintf("http://%v", httpProxyAddr))
+	assert.Error(t, err)
 }
 
 func TestSetProtocol(t *testing.T) {

internal/sftpd/sftpd_test.go

@@ -1226,11 +1226,8 @@ func TestProxyProtocol(t *testing.T) {
 		defer client.Close()
 		assert.NoError(t, checkBasicSFTP(client))
 	}
-	conn, client, err = getSftpClientWithAddr(user, usePubKey, "127.0.0.1:2224")
-	if assert.NoError(t, err) {
-		defer client.Close()
-		defer conn.Close()
-	}
+	_, _, err = getSftpClientWithAddr(user, usePubKey, "127.0.0.1:2224")
+	assert.Error(t, err)
 	_, err = httpdtest.RemoveUser(user, http.StatusOK)
 	assert.NoError(t, err)
 	err = os.RemoveAll(user.GetHomeDir())