254 Commits

This Branch

This Branch

All Branches

Author	SHA1	Message	Date
Warren	7b033e5276	Implement SMB streaming read using chunked READ requests ... - Add file_id and read_chunk_size fields to SmbVfsFile - Use Tree::open_file() to get file_id for reads - Issue READ requests on each read() call (64KB chunks) - Close file handle in Drop Benefits: - No memory overhead for large files - Read-ahead caching possible - Compatible with SMB2 protocol All 229 tests pass.	2026-06-20 21:24:55 +08:00
Warren	c91dbe2cc3	Fix SSH cipher key length: dynamically determine based on negotiated algorithm ... - Add cipher_key_len() helper function - Store encryption_ctos/stoc in KexExchangeHandler - Use algorithm name to determine key_len (aes256 → 32, aes128 → 16) - Remove hardcoded cipher_key_len=32 TODO All 229 tests pass.	2026-06-20 21:16:25 +08:00
Warren	914eacb230	Suppress non_snake_case warning for RFC 4253 notation (K, H, X)	2026-06-20 21:10:28 +08:00
Warren	dbca6e6d35	Fix clippy warnings: unused imports, minor style fixes	2026-06-20 21:08:50 +08:00
Warren	24029501d9	Add placeholder smb-server integration test files	2026-06-20 21:07:27 +08:00
Warren	55b31a69c1	Update AGENTS.md: SMB VFS features complete (set_len, set_stat, streaming write, CLI)	2026-06-20 21:02:54 +08:00
Warren	3986fb28fb	SMB CLI: Add S3 VFS backend support (--s3 flag) ... Usage: smb-start --s3 --s3-endpoint https://s3.example.com --s3-bucket mybucket --s3-access-key AKIA... --s3-secret-key secret... All SMB operations now work over S3-compatible storage. All 229 tests pass.	2026-06-20 20:49:22 +08:00
Warren	d1467f03bd	SMB CLI: Add multi-user support (--user name:password) ... - Add --user CLI argument (repeatable) format: name:password - Default user 'demo:demo123' if no users specified - All users get ReadWrite access to the share - Note: SMB3 encryption not available (smb-server v1 out of scope) Example: smb-start --user alice:pass1 --user bob:pass2 --share-name myshare All 229 tests pass.	2026-06-20 20:44:23 +08:00
Warren	51ca0c4633	SMB VFS: Add set_len, set_stat, streaming write, auto_reconnect ... - set_len() via SMB SET_INFO compound (CREATE → SET_INFO → CLOSE) with FileEndOfFileInformation (class 14) - set_stat() via SMB SET_INFO compound with FileBasicInformation (class 4) for timestamp updates (atime, mtime) - Streaming write using Tree::create_file_writer + FileWriter::write_chunk + finish for pipelined uploads - Add file_writer: Option<FileWriter> to SmbVfsFile for streaming state - Enable auto_reconnect by default (new_with_options param) - Add systemtime_to_filetime helper for timestamp conversion All 229 tests pass.	2026-06-20 20:26:35 +08:00
Warren	8a85c2ef7c	SMB comprehensive unit tests (229 passed, 0 failed) ... smb_server_backend.rs tests (+135 lines): - Full VfsHandle lifecycle: file create/write/read/flush/close, stat, truncate (zero + extend), set_times, list_dir error, write past end - Directory: create/stat/list/close, contains-created-file, read/write/truncate error cases - All OpenIntent variants: Create (new + existing fail), OpenOrCreate (new + existing), OverwriteOrCreate (new + truncate existing), Truncate (existing + nonexistent fail) - Directory OpenIntent: Create (new + existing fail), Open (existing), OpenOrCreate (new + existing) - non_directory flag on dir (IsDirectory), directory flag on file (NotADirectory) - Unlink: file, directory, nonexistent (NotFound) - Rename: success + content preserved, nonexistent source (NotFound), existing target (Exists) - Error mapping: all 8 VfsError variants (adds Unsupported, UnexpectedEof) - FILETIME: roundtrip, below-offset returns epoch, exactly-offset - vfs_stat_to_file_info: custom name, dir name from path, alloc_size smb_fs.rs tests (+40 lines): - Error mapping: NotFound, AlreadyExists, AccessDenied, IsADirectory, NotADirectory, DiskFull, SharingViolation, ConnectionLost, TimedOut, SessionExpired, InvalidData, Auth, Io, Cancelled - Filetime: conversion, below-epoch, exact epoch boundary - Path: leading slash stripping, root, deep paths - Rejects trailing backslash	2026-06-20 19:57:20 +08:00
Warren	7eb528d35f	SMB Server Phase 2: VFS backend build fix + integration test ... - Add VfsFile: Send supertrait for Mutex compatibility - Fix SmbServerCommand: struct → Subcommand enum with Start variant - Fix tracing_subscriber::init() → try_init() to avoid panic when logger already initialized - Fix CLI subcommand name: smb-server → smb-start (flatten naming) - Add #[command(name = "smb-start")] for CLI disambiguation - Fix unused variable warnings (smb_fs.rs, smb_server_backend.rs) - Remove unused VfsFile imports (webdav.rs, scp_handler.rs) - Integration test: Docker smbclient verified (list, upload, read)	2026-06-20 19:42:29 +08:00
Warren	45d050c0b3	P0: exit-status for subsystem, improved error msgs, integration test suite	2026-06-20 16:40:29 +08:00
Warren	5b439dfbef	Phase 17: SCP over SFTP subsystem + EOF/CLOSE fixes	2026-06-20 16:31:00 +08:00
Warren	56217bc9a5	Fix exit-status: save exit code in ALL 3 try_wait() paths (not just timeout)	2026-06-20 16:11:58 +08:00
Warren	87f5afb9d3	Web Frontend Phase 3: add Upload tab to category_view.html	2026-06-20 16:05:56 +08:00
Warren	3ebc10f195	Remove dead code: compute_exchange_hash + write_ssh_mpint_to_hash in kex_complete.rs (replaced by kex_exchange.rs version)	2026-06-20 15:59:17 +08:00
Warren	8bcda75f83	Fix exit-status: send SSH_MSG_CHANNEL_REQUEST exit-status per RFC 4254 §6.10	2026-06-20 15:47:07 +08:00
Warren	e0e145e277	fix(ssh): Re-add uint32 prefix for shared secret K in exchange hash and key derivation ... OpenSSH sshbuf_put_bignum2_bytes() writes uint32(len) + mpint_data to the buffer (confirmed from sshbuf-getput-basic.c line 569). Both kex_gen_hash() via sshbuf_putb() and kex_derive_keys() via ssh_digest_update_buffer() consume the full buffer including the uint32 prefix. Fixes 'incorrect signature' error on OpenSSH 10.2.	2026-06-20 15:41:43 +08:00
Warren	6ef1537c1b	fix(ssh): Add detailed MAC calculation logging for debugging	2026-06-20 14:13:17 +08:00
Warren	ee704095d7	docs: Add Phase 8.3 Docker test results and analysis	2026-06-20 13:44:03 +08:00
Warren	f124082d3d	fix(ssh): Change bind_address to 0.0.0.0 for Docker container access (Phase 8.3)	2026-06-20 13:43:12 +08:00
Warren	fcd2aad0ff	docs: Add Phase 8.3 SCP subsystem test results and summary	2026-06-20 13:16:41 +08:00
Warren	d5a9e95753	feat(ssh): Implement complete SCP file transfer state machine (Phase 8.3)	2026-06-20 12:54:55 +08:00
Warren	cc30a8e9b1	feat(ssh): Add ScpState state machine for SCP file transfer (Phase 8.3 init)	2026-06-20 12:53:25 +08:00
Warren	cdfe227704	docs: Add Phase 8 SCP subsystem technical architecture documentation	2026-06-20 12:46:11 +08:00
Warren	ac84489654	feat(ssh): Replace blocking handle_scp() with direct SCP protocol parsing (Phase 8.2)	2026-06-20 12:06:06 +08:00
Warren	fc6648e4fd	feat(ssh): Implement SCP protocol handling with ChannelReadWrite (Phase 8 complete)	2026-06-20 11:48:57 +08:00
Warren	ac17e1725c	feat(ssh): Add SCP subsystem packet processing framework (Phase 8 partial)	2026-06-20 11:32:55 +08:00
Warren	3e6acee2c5	feat(ssh): Add SCP subsystem initialization (Phase 8 partial)	2026-06-20 01:45:08 +08:00
Warren	495025d006	docs: Update AGENTS.md with Phase 20 WebDAV + SFTP analysis	2026-06-20 01:26:56 +08:00
Warren	62927825d5	feat(web): Add WebDAV endpoint to web server (Port 11438)	2026-06-20 01:14:55 +08:00
Warren	00767c1d26	perf(ssh): Remove ChaCha20-Poly1305 algorithm (AES-GCM already achieves 100 MB/s)	2026-06-19 23:36:47 +08:00
Warren	5f61ebd328	docs: Update AGENTS.md with Phase 3 BufferPool completion	2026-06-19 21:54:56 +08:00
Warren	a4493b8528	perf(ssh): Phase 3 BufferPool - preallocate Vec in hot paths ... Phase 3: Preallocate Vec with capacity to reduce allocations channel.rs: - poll_exec_stdout_and_client(): Vec::with_capacity(channels * 3 + 1) - poll_exec_stdout_with_fds(): Vec::with_capacity(channels * 2) cipher.rs: - AES-CTR decrypt: payload Vec::with_capacity(payload_length) Performance improvement: - ~25% total improvement (Phase 1-3 cumulative) - 100MB transfer: 1 second (~100 MB/s) - 140x improvement from initial 712 KB/s Test: 158 passed, 0 failed	2026-06-19 21:54:01 +08:00
Warren	04a86f77fc	docs: Update AGENTS.md with Phase 18 stdin fix progress	2026-06-19 20:19:39 +08:00
Warren	bd89152e81	feat(ssh): Optimize SSH performance Phase 1-2c + stdin fix ... Phase 1: take_payload() optimization - cipher.rs: Added take_payload() to EncryptedPacket - server.rs: Use take_payload() to avoid .to_vec() copy Phase 2a: reuse_buf for CHANNEL_DATA - channel.rs: Added reuse_buf to ExecProcess - handle_channel_data(): Read directly into reuse buffer Phase 2b: read_buf for stdout/stderr - channel.rs: Added read_buf to ExecProcess - poll_exec_stdout_and_client(): Use read_buf for all reads Phase 2c: AES-GCM padding optimization - cipher.rs: Removed padding .to_vec() in AES-GCM decrypt stdin fix: All exec commands use interactive process - channel.rs: Removed conditional rsync/SCP detection - All exec commands now use handle_interactive_exec() - Fixes cat/grep/sed stdin support (small files working) AES-GCM improvements: - cipher.rs: Added CipherMode enum (AES-GCM vs AES-CTR) - cipher.rs: AES-256 key derivation (32 bytes) - cipher.rs: Nonce format follows OpenSSH inc_iv() - kex.rs: Added aes256-gcm@openssh.com to algorithms Performance: ~21% improvement for small files Test: 158 passed, 0 failed Limitation: Large files (>10MB) not working yet (poll loop issue)	2026-06-19 20:18:20 +08:00
Warren	1650708ac7	Implement Phase 1 AES-GCM packet processing: AEAD encryption/decryption ... Phase 1 complete implementation: - AES-GCM AEAD encryption (EncryptedPacket::new) - AES-GCM AEAD decryption (EncryptedPacket::read) - AES-GCM packet structure: packet_length plaintext + ciphertext + 16-byte tag - AES-GCM nonce: sequence_number (4 bytes -> 12 bytes) - AES-CTR fallback preserved (MtE mode) Key differences AES-GCM vs AES-CTR: - AES-GCM: packet_length is plaintext (as AAD) - AES-CTR: packet_length is encrypted - AES-GCM: 16-byte GCM tag (no separate MAC) - AES-CTR: 32-byte HMAC-SHA256 MAC Performance improvement: - AES-GCM: encrypt+authenticate in one step (AEAD) - AES-CTR: MAC-then-Encrypt (2 steps) Testing: - OpenSSH client negotiated aes256-gcm@openssh.com - cipher_mode set to AesGcm successfully - Next: full SSH connection test	2026-06-19 10:20:29 +08:00
Warren	3575ab7e66	Implement Phase 1: AES-256-GCM algorithm negotiation and cipher mode setting ... Performance optimization Phase 1 implementation: - Add aes-gcm crate dependency (v0.10) - Add CipherMode enum (AesCtr vs AesGcm) - Modify KEX algorithm negotiation: add aes256-gcm@openssh.com - Dynamic cipher mode setting based on KEX result - Fix HMAC trait conflict with fully-qualified syntax Strategy: Conservative approach - Support AES-GCM algorithm negotiation (OpenSSH compatible) - Dynamic cipher mode setting - AES-CTR fallback preserved (packet processing unchanged) Next steps: - Test OpenSSH client AES-GCM negotiation - Implement AES-GCM packet processing if needed - Continue to Phase 4 (parallel encryption)	2026-06-19 10:10:53 +08:00
Warren	c59e33f6e4	Add Caddy configuration management and performance optimization Phase 1-6	2026-06-19 09:53:03 +08:00
Warren	f49e0a8b36	Update AGENTS.md: WebDAV and Download Center status	2026-06-19 09:20:59 +08:00
Warren	a235be312f	Fix duplicate route panic: Remove conflicting '/' route	2026-06-19 09:20:20 +08:00
Warren	00824df4ae	Update AGENTS.md: WebDAV VFS complete, protect Download Center ... - Document WebDAV VFS integration status - Add warning about not affecting Port 11438 - Revert WebDAV routes (temporarily) to protect Download Center - WebDAV can be tested via CLI: webdav-start --port 8002	2026-06-19 09:12:37 +08:00
Warren	eb80c07c85	Implement WebDAV VFS integration: dav-server 0.11 compatible ... - Add webdav.rs module: VfsDavFs, VfsDavFile, VfsDavMetaData - Implement DavFileSystem + Clone for GuardedFileSystem blanket impl - Add clone_boxed to VfsBackend trait (required for Sync) - Update CLI webdav.rs to use VFS instead of SQLite - Add bytes dependency - All 155 tests pass	2026-06-19 08:19:16 +08:00
Warren	df4f3ea4bd	Document WebDAV VFS integration progress (incomplete) ... - Add warning about Download Center protection - Document WebDAV integration status - Note GuardedFileSystem trait issue	2026-06-19 07:32:34 +08:00
Warren	e2d58538f9	Implement Upload Hook for momentry integration (Phase 1) ... - Add upload_hook.rs module: trigger video_probe + video_register on upload - Add UploadHookSection to config: video extensions, binary paths - Integrate with SFTP: handle_close triggers hook on write files - Integrate with SCP/rsync: child process exit triggers hook - All 155 tests pass	2026-06-19 06:26:20 +08:00
Warren	c71811090b	Update AGENTS.md: Add CI Pipeline documentation (v1.19)	2026-06-19 05:22:08 +08:00
Warren	d94cb2df4c	Fix code quality: trailing whitespace, unused imports, clippy warnings ... - Fix trailing whitespace in kex.rs and s3.rs - Add missing KexProposal import in kex_complete.rs - Auto-fix clippy warnings across all crates - All 153 tests pass	2026-06-19 05:21:38 +08:00
Warren	4b37e524cf	Add CI Pipeline: build, test, clippy, fmt check ... - ci.yml: main workflow with build, test, clippy, fmt - macos-build: macOS-specific job - security-audit: dedicated security test job - Remove old linux-test.yml	2026-06-19 04:27:53 +08:00
Warren	756d4154f3	Update AGENTS.md: Security Audit Phase 9 documentation	2026-06-19 04:14:43 +08:00
Warren	963513ef0b	Add Security Audit Phase 9: comprehensive SSH security tests ... - auth_security: password brute force, public key, user status, home dir - crypto_security: AES-CTR, HMAC-SHA256, Curve25519, Ed25519 - file_access_security: path traversal, absolute path, symlink attack - channel_security: window limits, request validation - 18 new security tests, all pass (153 total)	2026-06-19 01:37:59 +08:00