afero/sftp_test.go

287 lines
7.2 KiB
Go
Raw Normal View History

2015-12-26 22:36:25 +03:00
// Copyright © 2015 Jerry Jacobs <jerry.jacobs@xor-gate.org>.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package afero
import (
"testing"
2015-12-26 22:36:25 +03:00
"os"
"log"
"fmt"
"net"
"flag"
"time"
2015-12-26 22:36:25 +03:00
"io/ioutil"
"crypto/rsa"
_rand "crypto/rand"
"encoding/pem"
"crypto/x509"
2015-12-26 22:36:25 +03:00
"golang.org/x/crypto/ssh"
"github.com/pkg/sftp"
)
type SftpFsContext struct {
sshc *ssh.Client
sshcfg *ssh.ClientConfig
sftpc *sftp.Client
}
// TODO we only connect with hardcoded user+pass for now
// it should be possible to use $HOME/.ssh/id_rsa to login into the stub sftp server
func SftpConnect(user, password, host string) (*SftpFsContext, error) {
/*
2015-12-26 22:36:25 +03:00
pemBytes, err := ioutil.ReadFile(os.Getenv("HOME") + "/.ssh/id_rsa")
if err != nil {
return nil,err
}
signer, err := ssh.ParsePrivateKey(pemBytes)
if err != nil {
return nil,err
}
sshcfg := &ssh.ClientConfig{
User: user,
Auth: []ssh.AuthMethod{
ssh.Password(password),
2015-12-26 22:36:25 +03:00
ssh.PublicKeys(signer),
},
}
*/
sshcfg := &ssh.ClientConfig{
User: user,
Auth: []ssh.AuthMethod{
ssh.Password(password),
},
}
2015-12-26 22:36:25 +03:00
sshc, err := ssh.Dial("tcp", host, sshcfg)
if err != nil {
return nil,err
}
sftpc, err := sftp.NewClient(sshc)
if err != nil {
return nil,err
}
ctx := &SftpFsContext{
sshc: sshc,
sshcfg: sshcfg,
sftpc: sftpc,
}
return ctx,nil
}
func (ctx *SftpFsContext) Disconnect() error {
ctx.sftpc.Close()
ctx.sshc.Close()
return nil
}
2016-01-02 16:12:59 +03:00
// TODO for such a weird reason rootpath is "." when writing "file1" with afero sftp backend
func RunSftpServer(rootpath string) {
var (
readOnly bool
debugLevelStr string
debugLevel int
debugStderr bool
rootDir string
)
flag.BoolVar(&readOnly, "R", false, "read-only server")
2016-01-02 16:12:59 +03:00
flag.BoolVar(&debugStderr, "e", true, "debug to stderr")
flag.StringVar(&debugLevelStr, "l", "none", "debug level")
2016-01-02 16:12:59 +03:00
flag.StringVar(&rootDir, "root", rootpath, "root directory")
flag.Parse()
debugStream := ioutil.Discard
if debugStderr {
debugStream = os.Stderr
debugLevel = 1
}
// An SSH server is represented by a ServerConfig, which holds
// certificate details and handles authentication of ServerConns.
config := &ssh.ServerConfig{
PasswordCallback: func(c ssh.ConnMetadata, pass []byte) (*ssh.Permissions, error) {
// Should use constant-time compare (or better, salt+hash) in
// a production setting.
fmt.Fprintf(debugStream, "Login: %s\n", c.User())
if c.User() == "test" && string(pass) == "test" {
return nil, nil
}
return nil, fmt.Errorf("password rejected for %q", c.User())
},
}
privateBytes, err := ioutil.ReadFile("./test/id_rsa")
if err != nil {
log.Fatal("Failed to load private key", err)
}
private, err := ssh.ParsePrivateKey(privateBytes)
if err != nil {
log.Fatal("Failed to parse private key", err)
}
config.AddHostKey(private)
// Once a ServerConfig has been configured, connections can be
// accepted.
listener, err := net.Listen("tcp", "0.0.0.0:2022")
if err != nil {
log.Fatal("failed to listen for connection", err)
}
fmt.Printf("Listening on %v\n", listener.Addr())
nConn, err := listener.Accept()
if err != nil {
log.Fatal("failed to accept incoming connection", err)
}
// Before use, a handshake must be performed on the incoming
// net.Conn.
_, chans, reqs, err := ssh.NewServerConn(nConn, config)
if err != nil {
log.Fatal("failed to handshake", err)
}
fmt.Fprintf(debugStream, "SSH server established\n")
// The incoming Request channel must be serviced.
go ssh.DiscardRequests(reqs)
// Service the incoming Channel channel.
for newChannel := range chans {
// Channels have a type, depending on the application level
// protocol intended. In the case of an SFTP session, this is "subsystem"
// with a payload string of "<length=4>sftp"
fmt.Fprintf(debugStream, "Incoming channel: %s\n", newChannel.ChannelType())
if newChannel.ChannelType() != "session" {
newChannel.Reject(ssh.UnknownChannelType, "unknown channel type")
fmt.Fprintf(debugStream, "Unknown channel type: %s\n", newChannel.ChannelType())
continue
}
channel, requests, err := newChannel.Accept()
if err != nil {
log.Fatal("could not accept channel.", err)
}
fmt.Fprintf(debugStream, "Channel accepted\n")
// Sessions have out-of-band requests such as "shell",
// "pty-req" and "env". Here we handle only the
// "subsystem" request.
go func(in <-chan *ssh.Request) {
for req := range in {
fmt.Fprintf(debugStream, "Request: %v\n", req.Type)
ok := false
switch req.Type {
case "subsystem":
fmt.Fprintf(debugStream, "Subsystem: %s\n", req.Payload[4:])
if string(req.Payload[4:]) == "sftp" {
ok = true
}
}
fmt.Fprintf(debugStream, " - accepted: %v\n", ok)
req.Reply(ok, nil)
}
}(requests)
2016-01-02 16:12:59 +03:00
server, err := sftp.NewServer(channel, channel, debugStream, debugLevel, readOnly, rootpath)
if err != nil {
log.Fatal(err)
}
if err := server.Serve(); err != nil {
log.Fatal("sftp server completed with error:", err)
}
}
}
// MakeSSHKeyPair make a pair of public and private keys for SSH access.
// Public key is encoded in the format for inclusion in an OpenSSH authorized_keys file.
// Private Key generated is PEM encoded
func MakeSSHKeyPair(bits int, pubKeyPath, privateKeyPath string) error {
privateKey, err := rsa.GenerateKey(_rand.Reader, bits)
if err != nil {
return err
}
// generate and write private key as PEM
privateKeyFile, err := os.Create(privateKeyPath)
defer privateKeyFile.Close()
if err != nil {
return err
}
privateKeyPEM := &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(privateKey)}
if err := pem.Encode(privateKeyFile, privateKeyPEM); err != nil {
return err
}
// generate and write public key
pub, err := ssh.NewPublicKey(&privateKey.PublicKey)
if err != nil {
return err
}
return ioutil.WriteFile(pubKeyPath, ssh.MarshalAuthorizedKey(pub), 0655)
}
2015-12-26 22:36:25 +03:00
func TestSftpCreate(t *testing.T) {
os.Mkdir("./test", 0777)
MakeSSHKeyPair(1024, "./test/id_rsa.pub", "./test/id_rsa")
2016-01-02 16:12:59 +03:00
go RunSftpServer("./test/")
time.Sleep(5 * time.Second)
ctx, err := SftpConnect("test", "test", "localhost:2022")
2015-12-26 22:36:25 +03:00
if err != nil {
t.Fatal(err)
}
defer ctx.Disconnect()
var AppFs Fs = SftpFs{
2015-12-26 22:36:25 +03:00
SftpClient: ctx.sftpc,
}
AppFs.MkdirAll("test/dir1/dir2/dir3", os.FileMode(0777))
AppFs.Mkdir("test/foo", os.FileMode(0000))
AppFs.Chmod("test/foo", os.FileMode(0700))
AppFs.Mkdir("test/bar", os.FileMode(0777))
file, err := AppFs.Create("file1")
2015-12-26 22:36:25 +03:00
if err != nil {
t.Error(err)
}
defer file.Close()
2016-01-02 16:12:59 +03:00
file.Write([]byte("hello\t"))
file.WriteString("world!\n")
f1, err := AppFs.Open("file1")
if err != nil {
log.Fatalf("open: %v", err)
}
defer f1.Close()
b := make([]byte, 100)
_, err = f1.Read(b)
fmt.Println(string(b))
2016-01-02 16:12:59 +03:00
// TODO check here if "hello\tworld\n" is in buffer b
2015-12-26 22:36:25 +03:00
}