mirror of
https://github.com/chrislusf/seaweedfs
synced 2025-07-17 00:52:47 +02:00
93aed187e9
* Add SFTP Server Support Signed-off-by: Mohamed Sekour <mohamed.sekour@exfo.com> * fix s3 tests and helm lint Signed-off-by: Mohamed Sekour <mohamed.sekour@exfo.com> * increase helm chart version * adjust version --------- Signed-off-by: Mohamed Sekour <mohamed.sekour@exfo.com> Co-authored-by: chrislu <chris.lu@gmail.com>
76 lines
2.2 KiB
Go
76 lines
2.2 KiB
Go
// Package auth provides authentication and authorization functionality for the SFTP server
|
|
package auth
|
|
|
|
import (
|
|
"github.com/seaweedfs/seaweedfs/weed/sftpd/user"
|
|
"golang.org/x/crypto/ssh"
|
|
)
|
|
|
|
// Provider defines the interface for authentication providers
|
|
type Provider interface {
|
|
// GetAuthMethods returns the SSH server auth methods
|
|
GetAuthMethods() []ssh.AuthMethod
|
|
}
|
|
|
|
// Manager handles authentication and authorization
|
|
type Manager struct {
|
|
userStore user.Store
|
|
passwordAuth *PasswordAuthenticator
|
|
publicKeyAuth *PublicKeyAuthenticator
|
|
permissionChecker *PermissionChecker
|
|
enabledAuthMethods []string
|
|
}
|
|
|
|
// NewManager creates a new authentication manager
|
|
func NewManager(userStore user.Store, fsHelper FileSystemHelper, enabledAuthMethods []string) *Manager {
|
|
manager := &Manager{
|
|
userStore: userStore,
|
|
enabledAuthMethods: enabledAuthMethods,
|
|
}
|
|
|
|
// Initialize authenticators based on enabled methods
|
|
passwordEnabled := false
|
|
publicKeyEnabled := false
|
|
|
|
for _, method := range enabledAuthMethods {
|
|
switch method {
|
|
case "password":
|
|
passwordEnabled = true
|
|
case "publickey":
|
|
publicKeyEnabled = true
|
|
}
|
|
}
|
|
|
|
manager.passwordAuth = NewPasswordAuthenticator(userStore, passwordEnabled)
|
|
manager.publicKeyAuth = NewPublicKeyAuthenticator(userStore, publicKeyEnabled)
|
|
manager.permissionChecker = NewPermissionChecker(fsHelper)
|
|
|
|
return manager
|
|
}
|
|
|
|
// GetSSHServerConfig returns an SSH server config with the appropriate authentication methods
|
|
func (m *Manager) GetSSHServerConfig() *ssh.ServerConfig {
|
|
config := &ssh.ServerConfig{}
|
|
|
|
// Add password authentication if enabled
|
|
if m.passwordAuth.Enabled() {
|
|
config.PasswordCallback = m.passwordAuth.Authenticate
|
|
}
|
|
|
|
// Add public key authentication if enabled
|
|
if m.publicKeyAuth.Enabled() {
|
|
config.PublicKeyCallback = m.publicKeyAuth.Authenticate
|
|
}
|
|
|
|
return config
|
|
}
|
|
|
|
// CheckPermission checks if a user has the required permission on a path
|
|
func (m *Manager) CheckPermission(user *user.User, path, permission string) error {
|
|
return m.permissionChecker.CheckFilePermission(user, path, permission)
|
|
}
|
|
|
|
// GetUser retrieves a user from the user store
|
|
func (m *Manager) GetUser(username string) (*user.User, error) {
|
|
return m.userStore.GetUser(username)
|
|
}
|