diff options
| author | Mohamed Sekour <mohamed.sekour@exfo.com> | 2025-05-05 20:43:49 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-05-05 11:43:49 -0700 |
| commit | 93aed187e94dcaebf8e8f60cc5f180b49289649f (patch) | |
| tree | 7cc3796e3fb47487717539caefdcf2e34968047c /weed/sftpd/auth/auth.go | |
| parent | a2c5510ae1a17446c23d80eddb29d06df1fd0bbe (diff) | |
| download | seaweedfs-93aed187e94dcaebf8e8f60cc5f180b49289649f.tar.xz seaweedfs-93aed187e94dcaebf8e8f60cc5f180b49289649f.zip | |
Add SFTP Server Support (#6753)
* Add SFTP Server Support
Signed-off-by: Mohamed Sekour <mohamed.sekour@exfo.com>
* fix s3 tests and helm lint
Signed-off-by: Mohamed Sekour <mohamed.sekour@exfo.com>
* increase helm chart version
* adjust version
---------
Signed-off-by: Mohamed Sekour <mohamed.sekour@exfo.com>
Co-authored-by: chrislu <chris.lu@gmail.com>
Diffstat (limited to 'weed/sftpd/auth/auth.go')
| -rw-r--r-- | weed/sftpd/auth/auth.go | 76 |
1 files changed, 76 insertions, 0 deletions
diff --git a/weed/sftpd/auth/auth.go b/weed/sftpd/auth/auth.go new file mode 100644 index 000000000..64dee5989 --- /dev/null +++ b/weed/sftpd/auth/auth.go @@ -0,0 +1,76 @@ +// Package auth provides authentication and authorization functionality for the SFTP server +package auth + +import ( + "github.com/seaweedfs/seaweedfs/weed/sftpd/user" + "golang.org/x/crypto/ssh" +) + +// Provider defines the interface for authentication providers +type Provider interface { + // GetAuthMethods returns the SSH server auth methods + GetAuthMethods() []ssh.AuthMethod +} + +// Manager handles authentication and authorization +type Manager struct { + userStore user.Store + passwordAuth *PasswordAuthenticator + publicKeyAuth *PublicKeyAuthenticator + permissionChecker *PermissionChecker + enabledAuthMethods []string +} + +// NewManager creates a new authentication manager +func NewManager(userStore user.Store, fsHelper FileSystemHelper, enabledAuthMethods []string) *Manager { + manager := &Manager{ + userStore: userStore, + enabledAuthMethods: enabledAuthMethods, + } + + // Initialize authenticators based on enabled methods + passwordEnabled := false + publicKeyEnabled := false + + for _, method := range enabledAuthMethods { + switch method { + case "password": + passwordEnabled = true + case "publickey": + publicKeyEnabled = true + } + } + + manager.passwordAuth = NewPasswordAuthenticator(userStore, passwordEnabled) + manager.publicKeyAuth = NewPublicKeyAuthenticator(userStore, publicKeyEnabled) + manager.permissionChecker = NewPermissionChecker(fsHelper) + + return manager +} + +// GetSSHServerConfig returns an SSH server config with the appropriate authentication methods +func (m *Manager) GetSSHServerConfig() *ssh.ServerConfig { + config := &ssh.ServerConfig{} + + // Add password authentication if enabled + if m.passwordAuth.Enabled() { + config.PasswordCallback = m.passwordAuth.Authenticate + } + + // Add public key authentication if enabled + if m.publicKeyAuth.Enabled() { + config.PublicKeyCallback = m.publicKeyAuth.Authenticate + } + + return config +} + +// CheckPermission checks if a user has the required permission on a path +func (m *Manager) CheckPermission(user *user.User, path, permission string) error { + return m.permissionChecker.CheckFilePermission(user, path, permission) +} + +// GetUser retrieves a user from the user store +func (m *Manager) GetUser(username string) (*user.User, error) { + return m.userStore.GetUser(username) +} |