diff options
Diffstat (limited to 'weed/sftpd/auth/auth.go')
| -rw-r--r-- | weed/sftpd/auth/auth.go | 76 |
1 files changed, 76 insertions, 0 deletions
diff --git a/weed/sftpd/auth/auth.go b/weed/sftpd/auth/auth.go new file mode 100644 index 000000000..64dee5989 --- /dev/null +++ b/weed/sftpd/auth/auth.go @@ -0,0 +1,76 @@ +// Package auth provides authentication and authorization functionality for the SFTP server +package auth + +import ( + "github.com/seaweedfs/seaweedfs/weed/sftpd/user" + "golang.org/x/crypto/ssh" +) + +// Provider defines the interface for authentication providers +type Provider interface { + // GetAuthMethods returns the SSH server auth methods + GetAuthMethods() []ssh.AuthMethod +} + +// Manager handles authentication and authorization +type Manager struct { + userStore user.Store + passwordAuth *PasswordAuthenticator + publicKeyAuth *PublicKeyAuthenticator + permissionChecker *PermissionChecker + enabledAuthMethods []string +} + +// NewManager creates a new authentication manager +func NewManager(userStore user.Store, fsHelper FileSystemHelper, enabledAuthMethods []string) *Manager { + manager := &Manager{ + userStore: userStore, + enabledAuthMethods: enabledAuthMethods, + } + + // Initialize authenticators based on enabled methods + passwordEnabled := false + publicKeyEnabled := false + + for _, method := range enabledAuthMethods { + switch method { + case "password": + passwordEnabled = true + case "publickey": + publicKeyEnabled = true + } + } + + manager.passwordAuth = NewPasswordAuthenticator(userStore, passwordEnabled) + manager.publicKeyAuth = NewPublicKeyAuthenticator(userStore, publicKeyEnabled) + manager.permissionChecker = NewPermissionChecker(fsHelper) + + return manager +} + +// GetSSHServerConfig returns an SSH server config with the appropriate authentication methods +func (m *Manager) GetSSHServerConfig() *ssh.ServerConfig { + config := &ssh.ServerConfig{} + + // Add password authentication if enabled + if m.passwordAuth.Enabled() { + config.PasswordCallback = m.passwordAuth.Authenticate + } + + // Add public key authentication if enabled + if m.publicKeyAuth.Enabled() { + config.PublicKeyCallback = m.publicKeyAuth.Authenticate + } + + return config +} + +// CheckPermission checks if a user has the required permission on a path +func (m *Manager) CheckPermission(user *user.User, path, permission string) error { + return m.permissionChecker.CheckFilePermission(user, path, permission) +} + +// GetUser retrieves a user from the user store +func (m *Manager) GetUser(username string) (*user.User, error) { + return m.userStore.GetUser(username) +} |