bagage/main.go

package main

import (
	"context"
	"fmt"
	"git.deuxfleurs.fr/Deuxfleurs/bagage/s3"
	"git.deuxfleurs.fr/Deuxfleurs/bagage/sftp"
	"github.com/minio/minio-go/v7"
	"github.com/minio/minio-go/v7/pkg/credentials"
	"golang.org/x/crypto/ssh"
	"io"
	"io/ioutil"
	"log"
	"net"
	"net/http"
	"os"
)

func main() {
	log.Println("=== Starting Bagage ===")
	config := (&Config{}).LoadWithDefault().LoadWithEnv()
	log.Println(config)

	// Some init
	err := os.MkdirAll(config.S3Cache, 0755)
	if err != nil {
		log.Fatalf("init failed: mkdir s3 cache failed: ", err)
	}

	// Launch our submodules
	done := make(chan error)
	go httpServer(config, done)
	go sshServer(config, done)

	err = <-done
	if err != nil {
		log.Fatalf("A component failed: %v", err)
	}
}

type s3creds struct {
	accessKey string
	secretKey string
}

var keychain map[string]s3creds

func sshServer(dconfig *Config, done chan error) {
	keychain = make(map[string]s3creds)

	config := &ssh.ServerConfig{
		PasswordCallback: func(c ssh.ConnMetadata, pass []byte) (*ssh.Permissions, error) {
			log.Printf("Login: %s\n", c.User())
			access_key, secret_key, err := LdapGetS3(dconfig, c.User(), string(pass))
			if err == nil {
				keychain[c.User()] = s3creds{access_key, secret_key}
			}
			return nil, err
		},
	}

	privateBytes, err := ioutil.ReadFile(dconfig.SSHKey)
	if err != nil {
		log.Fatal("Failed to load private key", err)
	}

	private, err := ssh.ParsePrivateKey(privateBytes)
	if err != nil {
		log.Fatal("Failed to parse private key", err)
	}

	config.AddHostKey(private)

	// Once a ServerConfig has been configured, connections can be
	// accepted.
	listener, err := net.Listen("tcp", "0.0.0.0:2222")
	if err != nil {
		log.Fatal("failed to listen for connection", err)
	}
	log.Printf("Listening on %v\n", listener.Addr())

	for {
		nConn, err := listener.Accept()
		if err != nil {
			log.Printf("failed to accept incoming connection: ", err)
			continue
		}
		go handleSSHConn(nConn, dconfig, config)
	}
}

func handleSSHConn(nConn net.Conn, dconfig *Config, config *ssh.ServerConfig) {
	ctx, cancel := context.WithCancel(context.Background())
	defer cancel()

	defer nConn.Close()

	// Before use, a handshake must be performed on the incoming
	// net.Conn.
	serverConn, chans, reqs, err := ssh.NewServerConn(nConn, config)
	if err != nil {
		log.Printf("failed to handshake: ", err)
		return
	}
	defer serverConn.Conn.Close()
	user := serverConn.Conn.User()
	log.Printf("SSH connection established for %v\n", user)

	// The incoming Request channel must be serviced.
	go ssh.DiscardRequests(reqs)

	// Service the incoming Channel channel.
	for newChannel := range chans {
		// Channels have a type, depending on the application level
		// protocol intended. In the case of an SFTP session, this is "subsystem"
		// with a payload string of "<length=4>sftp"
		log.Printf("Incoming channel: %s\n", newChannel.ChannelType())
		if newChannel.ChannelType() != "session" {
			newChannel.Reject(ssh.UnknownChannelType, "unknown channel type")
			log.Printf("Unknown channel type: %s\n", newChannel.ChannelType())
			continue
		}

		channel, requests, err := newChannel.Accept()
		if err != nil {
			log.Print("could not accept channel.", err)
			return
		}
		log.Printf("Channel accepted\n")

		// Sessions have out-of-band requests such as "shell",
		// "pty-req" and "env".  Here we handle only the
		// "subsystem" request.
		go func(in <-chan *ssh.Request) {
			for req := range in {
				log.Printf("Request: %v\n", req.Type)
				ok := false
				switch req.Type {
				case "subsystem":
					log.Printf("Subsystem: %s\n", req.Payload[4:])
					if string(req.Payload[4:]) == "sftp" {
						ok = true
					}
				}
				log.Printf(" - accepted: %v\n", ok)
				req.Reply(ok, nil)
			}
		}(requests)

		creds := keychain[user]
		mc, err := minio.New(dconfig.Endpoint, &minio.Options{
			Creds:  credentials.NewStaticV4(creds.accessKey, creds.secretKey, ""),
			Secure: dconfig.UseSSL,
		})
		if err != nil {
			return
		}

		fs := s3.NewS3FS(mc, dconfig.S3Cache)
		server, err := sftp.NewServer(ctx, channel, &fs)

		if err != nil {
			log.Println(err)
			return
		}

		if err := server.Serve(); err == io.EOF {
			server.Close()
			log.Print("sftp client exited session.")
		} else if err != nil {
			log.Print("sftp server completed with error:", err)
		}
	}
}

func httpServer(config *Config, done chan error) {
	// Assemble components to handle WebDAV requests
	http.Handle(config.DavPath+"/",
		BasicAuthExtract{
			OnNotFound: NotAuthorized{},
			OnCreds: LdapPreAuth{
				WithConfig:      config,
				OnWrongPassword: NotAuthorized{},
				OnFailure:       InternalError{},
				OnCreds: S3Auth{
					WithConfig: config,
					OnFailure:  InternalError{},
					OnMinioClient: WebDav{
						WithConfig: config,
					},
				},
			},
		})

	if err := http.ListenAndServe(config.HttpListen, nil); err != nil {
		done <- fmt.Errorf("Error with WebDAV server: %v", err)
	} else {
		done <- nil
	}
}
Initial commit 2021-08-19 20:12:12 +00:00			`package main`

			`import (`
Working on SFTP 2021-11-19 18:54:49 +00:00			`"context"`
			`"fmt"`
			`"git.deuxfleurs.fr/Deuxfleurs/bagage/s3"`
Path + format 2021-11-20 08:53:05 +00:00			`"git.deuxfleurs.fr/Deuxfleurs/bagage/sftp"`
Working on SFTP 2021-11-19 18:54:49 +00:00			`"github.com/minio/minio-go/v7"`
Path + format 2021-11-20 08:53:05 +00:00			`"github.com/minio/minio-go/v7/pkg/credentials"`
Working on SFTP 2021-11-19 18:54:49 +00:00			`"golang.org/x/crypto/ssh"`
Path + format 2021-11-20 08:53:05 +00:00			`"io"`
			`"io/ioutil"`
Initial commit 2021-08-19 20:12:12 +00:00			`"log"`
Path + format 2021-11-20 08:53:05 +00:00			`"net"`
Initial commit 2021-08-19 20:12:12 +00:00			`"net/http"`
It seems to work 2021-11-20 12:42:20 +00:00			`"os"`
Initial commit 2021-08-19 20:12:12 +00:00			`)`

			`func main() {`
Handle missing trailing slashes + Add Dockerfile 2021-08-20 15:28:10 +00:00			`log.Println("=== Starting Bagage ===")`
Refactor the codebase 2021-08-23 18:40:03 +00:00			`config := (&Config{}).LoadWithDefault().LoadWithEnv()`
			`log.Println(config)`

It seems to work 2021-11-20 12:42:20 +00:00			`// Some init`
Fix cache directory err check+dockerfile 2021-11-20 15:05:58 +00:00			`err := os.MkdirAll(config.S3Cache, 0755)`
			`if err != nil {`
			`log.Fatalf("init failed: mkdir s3 cache failed: ", err)`
			`}`
Working on SFTP 2021-11-19 18:54:49 +00:00
It seems to work 2021-11-20 12:42:20 +00:00			`// Launch our submodules`
			`done := make(chan error)`
Working on SFTP 2021-11-19 18:54:49 +00:00			`go httpServer(config, done)`
			`go sshServer(config, done)`

Fix cache directory err check+dockerfile 2021-11-20 15:05:58 +00:00			`err = <-done`
Working on SFTP 2021-11-19 18:54:49 +00:00			`if err != nil {`
			`log.Fatalf("A component failed: %v", err)`
			`}`
			`}`

			`type s3creds struct {`
			`accessKey string`
			`secretKey string`
			`}`
Path + format 2021-11-20 08:53:05 +00:00
Working on SFTP 2021-11-19 18:54:49 +00:00			`var keychain map[string]s3creds`

Path + format 2021-11-20 08:53:05 +00:00			`func sshServer(dconfig *Config, done chan error) {`
Working on SFTP 2021-11-19 18:54:49 +00:00			`keychain = make(map[string]s3creds)`

			`config := &ssh.ServerConfig{`
			`PasswordCallback: func(c ssh.ConnMetadata, pass []byte) (*ssh.Permissions, error) {`
			`log.Printf("Login: %s\n", c.User())`
			`access_key, secret_key, err := LdapGetS3(dconfig, c.User(), string(pass))`
			`if err == nil {`
Path + format 2021-11-20 08:53:05 +00:00			`keychain[c.User()] = s3creds{access_key, secret_key}`
Working on SFTP 2021-11-19 18:54:49 +00:00			`}`
			`return nil, err`
			`},`
			`}`

			`privateBytes, err := ioutil.ReadFile(dconfig.SSHKey)`
			`if err != nil {`
			`log.Fatal("Failed to load private key", err)`
			`}`

			`private, err := ssh.ParsePrivateKey(privateBytes)`
			`if err != nil {`
			`log.Fatal("Failed to parse private key", err)`
			`}`

			`config.AddHostKey(private)`

			`// Once a ServerConfig has been configured, connections can be`
			`// accepted.`
			`listener, err := net.Listen("tcp", "0.0.0.0:2222")`
			`if err != nil {`
			`log.Fatal("failed to listen for connection", err)`
			`}`
			`log.Printf("Listening on %v\n", listener.Addr())`

			`for {`
			`nConn, err := listener.Accept()`
			`if err != nil {`
			`log.Printf("failed to accept incoming connection: ", err)`
			`continue`
			`}`
			`go handleSSHConn(nConn, dconfig, config)`
			`}`
			`}`

Path + format 2021-11-20 08:53:05 +00:00			`func handleSSHConn(nConn net.Conn, dconfig Config, config ssh.ServerConfig) {`
Working on SFTP 2021-11-19 18:54:49 +00:00			`ctx, cancel := context.WithCancel(context.Background())`
			`defer cancel()`

			`defer nConn.Close()`

			`// Before use, a handshake must be performed on the incoming`
			`// net.Conn.`
			`serverConn, chans, reqs, err := ssh.NewServerConn(nConn, config)`
			`if err != nil {`
			`log.Printf("failed to handshake: ", err)`
Better error management 2021-11-20 14:10:21 +00:00			`return`
Working on SFTP 2021-11-19 18:54:49 +00:00			`}`
			`defer serverConn.Conn.Close()`
			`user := serverConn.Conn.User()`
			`log.Printf("SSH connection established for %v\n", user)`

			`// The incoming Request channel must be serviced.`
			`go ssh.DiscardRequests(reqs)`

			`// Service the incoming Channel channel.`
			`for newChannel := range chans {`
			`// Channels have a type, depending on the application level`
			`// protocol intended. In the case of an SFTP session, this is "subsystem"`
			`// with a payload string of "<length=4>sftp"`
			`log.Printf("Incoming channel: %s\n", newChannel.ChannelType())`
			`if newChannel.ChannelType() != "session" {`
			`newChannel.Reject(ssh.UnknownChannelType, "unknown channel type")`
			`log.Printf("Unknown channel type: %s\n", newChannel.ChannelType())`
			`continue`
			`}`

			`channel, requests, err := newChannel.Accept()`
			`if err != nil {`
			`log.Print("could not accept channel.", err)`
Better error management 2021-11-20 14:10:21 +00:00			`return`
Working on SFTP 2021-11-19 18:54:49 +00:00			`}`
			`log.Printf("Channel accepted\n")`

			`// Sessions have out-of-band requests such as "shell",`
			`// "pty-req" and "env". Here we handle only the`
			`// "subsystem" request.`
			`go func(in <-chan *ssh.Request) {`
			`for req := range in {`
			`log.Printf("Request: %v\n", req.Type)`
			`ok := false`
			`switch req.Type {`
			`case "subsystem":`
			`log.Printf("Subsystem: %s\n", req.Payload[4:])`
			`if string(req.Payload[4:]) == "sftp" {`
			`ok = true`
			`}`
			`}`
			`log.Printf(" - accepted: %v\n", ok)`
			`req.Reply(ok, nil)`
			`}`
			`}(requests)`

Path + format 2021-11-20 08:53:05 +00:00			`creds := keychain[user]`
Working on SFTP 2021-11-19 18:54:49 +00:00			`mc, err := minio.New(dconfig.Endpoint, &minio.Options{`
			`Creds: credentials.NewStaticV4(creds.accessKey, creds.secretKey, ""),`
			`Secure: dconfig.UseSSL,`
			`})`
			`if err != nil {`
			`return`
			`}`

It seems to work 2021-11-20 12:42:20 +00:00			`fs := s3.NewS3FS(mc, dconfig.S3Cache)`
Working on SFTP 2021-11-19 18:54:49 +00:00			`server, err := sftp.NewServer(ctx, channel, &fs)`

			`if err != nil {`
Better error management 2021-11-20 14:10:21 +00:00			`log.Println(err)`
			`return`
Working on SFTP 2021-11-19 18:54:49 +00:00			`}`

			`if err := server.Serve(); err == io.EOF {`
			`server.Close()`
			`log.Print("sftp client exited session.")`
			`} else if err != nil {`
			`log.Print("sftp server completed with error:", err)`
			`}`
			`}`
			`}`

Path + format 2021-11-20 08:53:05 +00:00			`func httpServer(config *Config, done chan error) {`
Refactor the codebase 2021-08-23 18:40:03 +00:00			`// Assemble components to handle WebDAV requests`
			`http.Handle(config.DavPath+"/",`
			`BasicAuthExtract{`
			`OnNotFound: NotAuthorized{},`
			`OnCreds: LdapPreAuth{`
			`WithConfig: config,`
			`OnWrongPassword: NotAuthorized{},`
			`OnFailure: InternalError{},`
			`OnCreds: S3Auth{`
			`WithConfig: config,`
			`OnFailure: InternalError{},`
			`OnMinioClient: WebDav{`
			`WithConfig: config,`
			`},`
			`},`
			`},`
Format the source file 2021-08-19 20:14:53 +00:00			`})`
Initial commit 2021-08-19 20:12:12 +00:00
Refactor the codebase 2021-08-23 18:40:03 +00:00			`if err := http.ListenAndServe(config.HttpListen, nil); err != nil {`
Working on SFTP 2021-11-19 18:54:49 +00:00			`done <- fmt.Errorf("Error with WebDAV server: %v", err)`
			`} else {`
			`done <- nil`
Initial commit 2021-08-19 20:12:12 +00:00			`}`
			`}`