--- /dev/null
+// Copyright © 2015 Jerry Jacobs <jerry.jacobs@xor-gate.org>.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package afero
+
+import (
+ "testing"
+ "os"
+ "log"
+ "fmt"
+ "net"
+ "flag"
+ "time"
+ "io/ioutil"
+ "crypto/rsa"
+ _rand "crypto/rand"
+ "encoding/pem"
+ "crypto/x509"
+
+ "golang.org/x/crypto/ssh"
+ "github.com/pkg/sftp"
+)
+
+type SftpFsContext struct {
+ sshc *ssh.Client
+ sshcfg *ssh.ClientConfig
+ sftpc *sftp.Client
+}
+
+// TODO we only connect with hardcoded user+pass for now
+// it should be possible to use $HOME/.ssh/id_rsa to login into the stub sftp server
+func SftpConnect(user, password, host string) (*SftpFsContext, error) {
+/*
+ pemBytes, err := ioutil.ReadFile(os.Getenv("HOME") + "/.ssh/id_rsa")
+ if err != nil {
+ return nil,err
+ }
+
+ signer, err := ssh.ParsePrivateKey(pemBytes)
+ if err != nil {
+ return nil,err
+ }
+
+ sshcfg := &ssh.ClientConfig{
+ User: user,
+ Auth: []ssh.AuthMethod{
+ ssh.Password(password),
+ ssh.PublicKeys(signer),
+ },
+ }
+*/
+
+ sshcfg := &ssh.ClientConfig{
+ User: user,
+ Auth: []ssh.AuthMethod{
+ ssh.Password(password),
+ },
+ }
+
+ sshc, err := ssh.Dial("tcp", host, sshcfg)
+ if err != nil {
+ return nil,err
+ }
+
+ sftpc, err := sftp.NewClient(sshc)
+ if err != nil {
+ return nil,err
+ }
+
+ ctx := &SftpFsContext{
+ sshc: sshc,
+ sshcfg: sshcfg,
+ sftpc: sftpc,
+ }
+
+ return ctx,nil
+}
+
+func (ctx *SftpFsContext) Disconnect() error {
+ ctx.sftpc.Close()
+ ctx.sshc.Close()
+ return nil
+}
+
+// TODO for such a weird reason rootpath is "." when writing "file1" with afero sftp backend
+func RunSftpServer(rootpath string) {
+ var (
+ readOnly bool
+ debugLevelStr string
+ debugLevel int
+ debugStderr bool
+ rootDir string
+ )
+
+ flag.BoolVar(&readOnly, "R", false, "read-only server")
+ flag.BoolVar(&debugStderr, "e", true, "debug to stderr")
+ flag.StringVar(&debugLevelStr, "l", "none", "debug level")
+ flag.StringVar(&rootDir, "root", rootpath, "root directory")
+ flag.Parse()
+
+ debugStream := ioutil.Discard
+ if debugStderr {
+ debugStream = os.Stderr
+ debugLevel = 1
+ }
+
+ // An SSH server is represented by a ServerConfig, which holds
+ // certificate details and handles authentication of ServerConns.
+ config := &ssh.ServerConfig{
+ PasswordCallback: func(c ssh.ConnMetadata, pass []byte) (*ssh.Permissions, error) {
+ // Should use constant-time compare (or better, salt+hash) in
+ // a production setting.
+ fmt.Fprintf(debugStream, "Login: %s\n", c.User())
+ if c.User() == "test" && string(pass) == "test" {
+ return nil, nil
+ }
+ return nil, fmt.Errorf("password rejected for %q", c.User())
+ },
+ }
+
+ privateBytes, err := ioutil.ReadFile("./test/id_rsa")
+ if err != nil {
+ log.Fatal("Failed to load private key", err)
+ }
+
+ private, err := ssh.ParsePrivateKey(privateBytes)
+ if err != nil {
+ log.Fatal("Failed to parse private key", err)
+ }
+
+ config.AddHostKey(private)
+
+ // Once a ServerConfig has been configured, connections can be
+ // accepted.
+ listener, err := net.Listen("tcp", "0.0.0.0:2022")
+ if err != nil {
+ log.Fatal("failed to listen for connection", err)
+ }
+ fmt.Printf("Listening on %v\n", listener.Addr())
+
+ nConn, err := listener.Accept()
+ if err != nil {
+ log.Fatal("failed to accept incoming connection", err)
+ }
+
+ // Before use, a handshake must be performed on the incoming
+ // net.Conn.
+ _, chans, reqs, err := ssh.NewServerConn(nConn, config)
+ if err != nil {
+ log.Fatal("failed to handshake", err)
+ }
+ fmt.Fprintf(debugStream, "SSH server established\n")
+
+ // The incoming Request channel must be serviced.
+ go ssh.DiscardRequests(reqs)
+
+ // Service the incoming Channel channel.
+ for newChannel := range chans {
+ // Channels have a type, depending on the application level
+ // protocol intended. In the case of an SFTP session, this is "subsystem"
+ // with a payload string of "<length=4>sftp"
+ fmt.Fprintf(debugStream, "Incoming channel: %s\n", newChannel.ChannelType())
+ if newChannel.ChannelType() != "session" {
+ newChannel.Reject(ssh.UnknownChannelType, "unknown channel type")
+ fmt.Fprintf(debugStream, "Unknown channel type: %s\n", newChannel.ChannelType())
+ continue
+ }
+ channel, requests, err := newChannel.Accept()
+ if err != nil {
+ log.Fatal("could not accept channel.", err)
+ }
+ fmt.Fprintf(debugStream, "Channel accepted\n")
+
+ // Sessions have out-of-band requests such as "shell",
+ // "pty-req" and "env". Here we handle only the
+ // "subsystem" request.
+ go func(in <-chan *ssh.Request) {
+ for req := range in {
+ fmt.Fprintf(debugStream, "Request: %v\n", req.Type)
+ ok := false
+ switch req.Type {
+ case "subsystem":
+ fmt.Fprintf(debugStream, "Subsystem: %s\n", req.Payload[4:])
+ if string(req.Payload[4:]) == "sftp" {
+ ok = true
+ }
+ }
+ fmt.Fprintf(debugStream, " - accepted: %v\n", ok)
+ req.Reply(ok, nil)
+ }
+ }(requests)
+
+ server, err := sftp.NewServer(channel, channel, debugStream, debugLevel, readOnly, rootpath)
+ if err != nil {
+ log.Fatal(err)
+ }
+ if err := server.Serve(); err != nil {
+ log.Fatal("sftp server completed with error:", err)
+ }
+ }
+}
+
+// MakeSSHKeyPair make a pair of public and private keys for SSH access.
+// Public key is encoded in the format for inclusion in an OpenSSH authorized_keys file.
+// Private Key generated is PEM encoded
+func MakeSSHKeyPair(bits int, pubKeyPath, privateKeyPath string) error {
+ privateKey, err := rsa.GenerateKey(_rand.Reader, bits)
+ if err != nil {
+ return err
+ }
+
+ // generate and write private key as PEM
+ privateKeyFile, err := os.Create(privateKeyPath)
+ defer privateKeyFile.Close()
+ if err != nil {
+ return err
+ }
+
+ privateKeyPEM := &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(privateKey)}
+ if err := pem.Encode(privateKeyFile, privateKeyPEM); err != nil {
+ return err
+ }
+
+ // generate and write public key
+ pub, err := ssh.NewPublicKey(&privateKey.PublicKey)
+ if err != nil {
+ return err
+ }
+
+ return ioutil.WriteFile(pubKeyPath, ssh.MarshalAuthorizedKey(pub), 0655)
+}
+
+func TestSftpCreate(t *testing.T) {
+ os.Mkdir("./test", 0777)
+ MakeSSHKeyPair(1024, "./test/id_rsa.pub", "./test/id_rsa")
+
+ go RunSftpServer("./test/")
+ time.Sleep(5 * time.Second)
+
+ ctx, err := SftpConnect("test", "test", "localhost:2022")
+ if err != nil {
+ t.Fatal(err)
+ }
+ defer ctx.Disconnect()
+
+ var AppFs Fs = SftpFs{
+ SftpClient: ctx.sftpc,
+ }
+
+ AppFs.MkdirAll("test/dir1/dir2/dir3", os.FileMode(0777))
+ AppFs.Mkdir("test/foo", os.FileMode(0000))
+ AppFs.Chmod("test/foo", os.FileMode(0700))
+ AppFs.Mkdir("test/bar", os.FileMode(0777))
+
+ file, err := AppFs.Create("file1")
+ if err != nil {
+ t.Error(err)
+ }
+ defer file.Close()
+
+ file.Write([]byte("hello\t"))
+ file.WriteString("world!\n")
+
+ f1, err := AppFs.Open("file1")
+ if err != nil {
+ log.Fatalf("open: %v", err)
+ }
+ defer f1.Close()
+
+ b := make([]byte, 100)
+
+ _, err = f1.Read(b)
+ fmt.Println(string(b))
+
+ // TODO check here if "hello\tworld\n" is in buffer b
+}
OSDN Git Service
