Add SFTP Server Support (#6753)
* Add SFTP Server Support Signed-off-by: Mohamed Sekour <mohamed.sekour@exfo.com> * fix s3 tests and helm lint Signed-off-by: Mohamed Sekour <mohamed.sekour@exfo.com> * increase helm chart version * adjust version --------- Signed-off-by: Mohamed Sekour <mohamed.sekour@exfo.com> Co-authored-by: chrislu <chris.lu@gmail.com>
This commit is contained in:
Mohamed Sekour
76
weed/sftpd/auth/auth.go
Normal file
76
weed/sftpd/auth/auth.go
Normal file
@@ -0,0 +1,76 @@
|
||||
// Package auth provides authentication and authorization functionality for the SFTP server
|
||||
package auth
|
||||
|
||||
import (
|
||||
"github.com/seaweedfs/seaweedfs/weed/sftpd/user"
|
||||
"golang.org/x/crypto/ssh"
|
||||
)
|
||||
|
||||
// Provider defines the interface for authentication providers
|
||||
type Provider interface {
|
||||
// GetAuthMethods returns the SSH server auth methods
|
||||
GetAuthMethods() []ssh.AuthMethod
|
||||
}
|
||||
|
||||
// Manager handles authentication and authorization
|
||||
type Manager struct {
|
||||
userStore user.Store
|
||||
passwordAuth *PasswordAuthenticator
|
||||
publicKeyAuth *PublicKeyAuthenticator
|
||||
permissionChecker *PermissionChecker
|
||||
enabledAuthMethods []string
|
||||
}
|
||||
|
||||
// NewManager creates a new authentication manager
|
||||
func NewManager(userStore user.Store, fsHelper FileSystemHelper, enabledAuthMethods []string) *Manager {
|
||||
manager := &Manager{
|
||||
userStore: userStore,
|
||||
enabledAuthMethods: enabledAuthMethods,
|
||||
}
|
||||
|
||||
// Initialize authenticators based on enabled methods
|
||||
passwordEnabled := false
|
||||
publicKeyEnabled := false
|
||||
|
||||
for _, method := range enabledAuthMethods {
|
||||
switch method {
|
||||
case "password":
|
||||
passwordEnabled = true
|
||||
case "publickey":
|
||||
publicKeyEnabled = true
|
||||
}
|
||||
}
|
||||
|
||||
manager.passwordAuth = NewPasswordAuthenticator(userStore, passwordEnabled)
|
||||
manager.publicKeyAuth = NewPublicKeyAuthenticator(userStore, publicKeyEnabled)
|
||||
manager.permissionChecker = NewPermissionChecker(fsHelper)
|
||||
|
||||
return manager
|
||||
}
|
||||
|
||||
// GetSSHServerConfig returns an SSH server config with the appropriate authentication methods
|
||||
func (m *Manager) GetSSHServerConfig() *ssh.ServerConfig {
|
||||
config := &ssh.ServerConfig{}
|
||||
|
||||
// Add password authentication if enabled
|
||||
if m.passwordAuth.Enabled() {
|
||||
config.PasswordCallback = m.passwordAuth.Authenticate
|
||||
}
|
||||
|
||||
// Add public key authentication if enabled
|
||||
if m.publicKeyAuth.Enabled() {
|
||||
config.PublicKeyCallback = m.publicKeyAuth.Authenticate
|
||||
}
|
||||
|
||||
return config
|
||||
}
|
||||
|
||||
// CheckPermission checks if a user has the required permission on a path
|
||||
func (m *Manager) CheckPermission(user *user.User, path, permission string) error {
|
||||
return m.permissionChecker.CheckFilePermission(user, path, permission)
|
||||
}
|
||||
|
||||
// GetUser retrieves a user from the user store
|
||||
func (m *Manager) GetUser(username string) (*user.User, error) {
|
||||
return m.userStore.GetUser(username)
|
||||
}
|
||||
Reference in New Issue
Block a user