// Copyright © 2015 Jerry Jacobs . // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. package afero import ( "testing" "os" "log" "fmt" "net" "flag" "time" "io/ioutil" "crypto/rsa" _rand "crypto/rand" "encoding/pem" "crypto/x509" "golang.org/x/crypto/ssh" "github.com/pkg/sftp" ) type SftpFsContext struct { sshc *ssh.Client sshcfg *ssh.ClientConfig sftpc *sftp.Client } // TODO we only connect with hardcoded user+pass for now // it should be possible to use $HOME/.ssh/id_rsa to login into the stub sftp server func SftpConnect(user, password, host string) (*SftpFsContext, error) { /* pemBytes, err := ioutil.ReadFile(os.Getenv("HOME") + "/.ssh/id_rsa") if err != nil { return nil,err } signer, err := ssh.ParsePrivateKey(pemBytes) if err != nil { return nil,err } sshcfg := &ssh.ClientConfig{ User: user, Auth: []ssh.AuthMethod{ ssh.Password(password), ssh.PublicKeys(signer), }, } */ sshcfg := &ssh.ClientConfig{ User: user, Auth: []ssh.AuthMethod{ ssh.Password(password), }, } sshc, err := ssh.Dial("tcp", host, sshcfg) if err != nil { return nil,err } sftpc, err := sftp.NewClient(sshc) if err != nil { return nil,err } ctx := &SftpFsContext{ sshc: sshc, sshcfg: sshcfg, sftpc: sftpc, } return ctx,nil } func (ctx *SftpFsContext) Disconnect() error { ctx.sftpc.Close() ctx.sshc.Close() return nil } // TODO for such a weird reason rootpath is "." when writing "file1" with afero sftp backend func RunSftpServer(rootpath string) { var ( readOnly bool debugLevelStr string debugLevel int debugStderr bool rootDir string ) flag.BoolVar(&readOnly, "R", false, "read-only server") flag.BoolVar(&debugStderr, "e", true, "debug to stderr") flag.StringVar(&debugLevelStr, "l", "none", "debug level") flag.StringVar(&rootDir, "root", rootpath, "root directory") flag.Parse() debugStream := ioutil.Discard if debugStderr { debugStream = os.Stderr debugLevel = 1 } // An SSH server is represented by a ServerConfig, which holds // certificate details and handles authentication of ServerConns. config := &ssh.ServerConfig{ PasswordCallback: func(c ssh.ConnMetadata, pass []byte) (*ssh.Permissions, error) { // Should use constant-time compare (or better, salt+hash) in // a production setting. fmt.Fprintf(debugStream, "Login: %s\n", c.User()) if c.User() == "test" && string(pass) == "test" { return nil, nil } return nil, fmt.Errorf("password rejected for %q", c.User()) }, } privateBytes, err := ioutil.ReadFile("./test/id_rsa") if err != nil { log.Fatal("Failed to load private key", err) } private, err := ssh.ParsePrivateKey(privateBytes) if err != nil { log.Fatal("Failed to parse private key", err) } config.AddHostKey(private) // Once a ServerConfig has been configured, connections can be // accepted. listener, err := net.Listen("tcp", "0.0.0.0:2022") if err != nil { log.Fatal("failed to listen for connection", err) } fmt.Printf("Listening on %v\n", listener.Addr()) nConn, err := listener.Accept() if err != nil { log.Fatal("failed to accept incoming connection", err) } // Before use, a handshake must be performed on the incoming // net.Conn. _, chans, reqs, err := ssh.NewServerConn(nConn, config) if err != nil { log.Fatal("failed to handshake", err) } fmt.Fprintf(debugStream, "SSH server established\n") // The incoming Request channel must be serviced. go ssh.DiscardRequests(reqs) // Service the incoming Channel channel. for newChannel := range chans { // Channels have a type, depending on the application level // protocol intended. In the case of an SFTP session, this is "subsystem" // with a payload string of "sftp" fmt.Fprintf(debugStream, "Incoming channel: %s\n", newChannel.ChannelType()) if newChannel.ChannelType() != "session" { newChannel.Reject(ssh.UnknownChannelType, "unknown channel type") fmt.Fprintf(debugStream, "Unknown channel type: %s\n", newChannel.ChannelType()) continue } channel, requests, err := newChannel.Accept() if err != nil { log.Fatal("could not accept channel.", err) } fmt.Fprintf(debugStream, "Channel accepted\n") // Sessions have out-of-band requests such as "shell", // "pty-req" and "env". Here we handle only the // "subsystem" request. go func(in <-chan *ssh.Request) { for req := range in { fmt.Fprintf(debugStream, "Request: %v\n", req.Type) ok := false switch req.Type { case "subsystem": fmt.Fprintf(debugStream, "Subsystem: %s\n", req.Payload[4:]) if string(req.Payload[4:]) == "sftp" { ok = true } } fmt.Fprintf(debugStream, " - accepted: %v\n", ok) req.Reply(ok, nil) } }(requests) server, err := sftp.NewServer(channel, channel, debugStream, debugLevel, readOnly, rootpath) if err != nil { log.Fatal(err) } if err := server.Serve(); err != nil { log.Fatal("sftp server completed with error:", err) } } } // MakeSSHKeyPair make a pair of public and private keys for SSH access. // Public key is encoded in the format for inclusion in an OpenSSH authorized_keys file. // Private Key generated is PEM encoded func MakeSSHKeyPair(bits int, pubKeyPath, privateKeyPath string) error { privateKey, err := rsa.GenerateKey(_rand.Reader, bits) if err != nil { return err } // generate and write private key as PEM privateKeyFile, err := os.Create(privateKeyPath) defer privateKeyFile.Close() if err != nil { return err } privateKeyPEM := &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(privateKey)} if err := pem.Encode(privateKeyFile, privateKeyPEM); err != nil { return err } // generate and write public key pub, err := ssh.NewPublicKey(&privateKey.PublicKey) if err != nil { return err } return ioutil.WriteFile(pubKeyPath, ssh.MarshalAuthorizedKey(pub), 0655) } func TestSftpCreate(t *testing.T) { os.Mkdir("./test", 0777) MakeSSHKeyPair(1024, "./test/id_rsa.pub", "./test/id_rsa") go RunSftpServer("./test/") time.Sleep(5 * time.Second) ctx, err := SftpConnect("test", "test", "localhost:2022") if err != nil { t.Fatal(err) } defer ctx.Disconnect() var AppFs Fs = SftpFs{ SftpClient: ctx.sftpc, } AppFs.MkdirAll("test/dir1/dir2/dir3", os.FileMode(0777)) AppFs.Mkdir("test/foo", os.FileMode(0000)) AppFs.Chmod("test/foo", os.FileMode(0700)) AppFs.Mkdir("test/bar", os.FileMode(0777)) file, err := AppFs.Create("file1") if err != nil { t.Error(err) } defer file.Close() file.Write([]byte("hello\t")) file.WriteString("world!\n") f1, err := AppFs.Open("file1") if err != nil { log.Fatalf("open: %v", err) } defer f1.Close() b := make([]byte, 100) _, err = f1.Read(b) fmt.Println(string(b)) // TODO check here if "hello\tworld\n" is in buffer b }