Working on SFTP

1 files changed, 156 insertions, 1 deletions

diff --git a/main.go b/main.go
index cd68a46..accc002 100644
--- a/main.go
+++ b/main.go
@@ -1,6 +1,16 @@
 package main
 
 import (
+	"context"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net"
+	"git.deuxfleurs.fr/Deuxfleurs/bagage/sftp"
+	"git.deuxfleurs.fr/Deuxfleurs/bagage/s3"
+	"github.com/minio/minio-go/v7/pkg/credentials"
+	"github.com/minio/minio-go/v7"
+	"golang.org/x/crypto/ssh"
 	"log"
 	"net/http"
 )
@@ -11,6 +21,149 @@ func main() {
 
 	log.Println(config)
 
+	done := make(chan error)
+
+	go httpServer(config, done)
+	go sshServer(config, done)
+
+	err := <- done
+	if err != nil {
+		log.Fatalf("A component failed: %v", err)
+	}
+}
+
+type s3creds struct {
+	accessKey string
+	secretKey string
+}
+var keychain map[string]s3creds
+
+func sshServer(dconfig* Config, done chan error) {
+	keychain = make(map[string]s3creds)
+
+	config := &ssh.ServerConfig{
+		PasswordCallback: func(c ssh.ConnMetadata, pass []byte) (*ssh.Permissions, error) {
+			log.Printf("Login: %s\n", c.User())
+			access_key, secret_key, err := LdapGetS3(dconfig, c.User(), string(pass))
+			if err == nil {
+				keychain[c.User()] = s3creds{ access_key, secret_key }
+			}
+			return nil, err
+		},
+	}
+
+	privateBytes, err := ioutil.ReadFile(dconfig.SSHKey)
+	if err != nil {
+		log.Fatal("Failed to load private key", err)
+	}
+
+	private, err := ssh.ParsePrivateKey(privateBytes)
+	if err != nil {
+		log.Fatal("Failed to parse private key", err)
+	}
+
+	config.AddHostKey(private)
+
+	// Once a ServerConfig has been configured, connections can be
+	// accepted.
+	listener, err := net.Listen("tcp", "0.0.0.0:2222")
+	if err != nil {
+		log.Fatal("failed to listen for connection", err)
+	}
+	log.Printf("Listening on %v\n", listener.Addr())
+
+	for {
+		nConn, err := listener.Accept()
+		if err != nil {
+			log.Printf("failed to accept incoming connection: ", err)
+			continue
+		}
+		go handleSSHConn(nConn, dconfig, config)
+	}
+}
+
+func handleSSHConn(nConn net.Conn, dconfig* Config, config *ssh.ServerConfig) {
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+
+	defer nConn.Close()
+
+	// Before use, a handshake must be performed on the incoming
+	// net.Conn.
+	serverConn, chans, reqs, err := ssh.NewServerConn(nConn, config)
+	if err != nil {
+		log.Printf("failed to handshake: ", err)
+	}
+	defer serverConn.Conn.Close()
+	user := serverConn.Conn.User()
+	log.Printf("SSH connection established for %v\n", user)
+
+	// The incoming Request channel must be serviced.
+	go ssh.DiscardRequests(reqs)
+
+	// Service the incoming Channel channel.
+	for newChannel := range chans {
+		// Channels have a type, depending on the application level
+		// protocol intended. In the case of an SFTP session, this is "subsystem"
+		// with a payload string of "<length=4>sftp"
+		log.Printf("Incoming channel: %s\n", newChannel.ChannelType())
+		if newChannel.ChannelType() != "session" {
+			newChannel.Reject(ssh.UnknownChannelType, "unknown channel type")
+			log.Printf("Unknown channel type: %s\n", newChannel.ChannelType())
+			continue
+		}
+
+		channel, requests, err := newChannel.Accept()
+		if err != nil {
+			log.Print("could not accept channel.", err)
+		}
+		log.Printf("Channel accepted\n")
+
+		// Sessions have out-of-band requests such as "shell",
+		// "pty-req" and "env".  Here we handle only the
+		// "subsystem" request.
+		go func(in <-chan *ssh.Request) {
+			for req := range in {
+				log.Printf("Request: %v\n", req.Type)
+				ok := false
+				switch req.Type {
+				case "subsystem":
+					log.Printf("Subsystem: %s\n", req.Payload[4:])
+					if string(req.Payload[4:]) == "sftp" {
+						ok = true
+					}
+				}
+				log.Printf(" - accepted: %v\n", ok)
+				req.Reply(ok, nil)
+			}
+		}(requests)
+
+		creds := keychain[user] 
+		mc, err := minio.New(dconfig.Endpoint, &minio.Options{
+			Creds:  credentials.NewStaticV4(creds.accessKey, creds.secretKey, ""),
+			Secure: dconfig.UseSSL,
+		})
+		if err != nil {
+			return
+		}
+
+		fs := s3.NewS3FS(mc)
+		server, err := sftp.NewServer(ctx, channel, &fs)
+
+		if err != nil {
+			log.Fatal(err)
+		}
+
+		if err := server.Serve(); err == io.EOF {
+			server.Close()
+			log.Print("sftp client exited session.")
+		} else if err != nil {
+			log.Print("sftp server completed with error:", err)
+		}
+	}
+}
+
+func httpServer(config* Config, done chan error) {
 	// Assemble components to handle WebDAV requests
 	http.Handle(config.DavPath+"/",
 		BasicAuthExtract{
@@ -30,6 +183,8 @@ func main() {
 		})
 
 	if err := http.ListenAndServe(config.HttpListen, nil); err != nil {
-		log.Fatalf("Error with WebDAV server: %v", err)
+		done <- fmt.Errorf("Error with WebDAV server: %v", err)
+	} else {
+		done <- nil
 	}
 }