k3s/vendor/github.com/spf13/afero/sftp_test_go

// Copyright © 2015 Jerry Jacobs <jerry.jacobs@xor-gate.org>.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package afero

import (
	"testing"
	"os"
	"log"
	"fmt"
	"net"
	"flag"
	"time"
	"io/ioutil"
	"crypto/rsa"
	_rand "crypto/rand"
	"encoding/pem"
	"crypto/x509"

	"golang.org/x/crypto/ssh"
	"github.com/pkg/sftp"
)

type SftpFsContext struct {
	sshc   *ssh.Client
	sshcfg *ssh.ClientConfig
	sftpc  *sftp.Client
}

// TODO we only connect with hardcoded user+pass for now
// it should be possible to use $HOME/.ssh/id_rsa to login into the stub sftp server
func SftpConnect(user, password, host string) (*SftpFsContext, error) {
/*
	pemBytes, err := ioutil.ReadFile(os.Getenv("HOME") + "/.ssh/id_rsa")
	if err != nil {
		return nil,err
	}

	signer, err := ssh.ParsePrivateKey(pemBytes)
	if err != nil {
		return nil,err
	}

	sshcfg := &ssh.ClientConfig{
		User: user,
		Auth: []ssh.AuthMethod{
			ssh.Password(password),
			ssh.PublicKeys(signer),
		},
	}
*/

	sshcfg := &ssh.ClientConfig{
		User: user,
		Auth: []ssh.AuthMethod{
			ssh.Password(password),
		},
	}

	sshc, err := ssh.Dial("tcp", host, sshcfg)
	if err != nil {
		return nil,err
	}

	sftpc, err := sftp.NewClient(sshc)
	if err != nil {
		return nil,err
	}

	ctx := &SftpFsContext{
		sshc: sshc,
		sshcfg: sshcfg,
		sftpc: sftpc,
	}

	return ctx,nil
}

func (ctx *SftpFsContext) Disconnect() error {
	ctx.sftpc.Close()
	ctx.sshc.Close()
	return nil
}

// TODO for such a weird reason rootpath is "." when writing "file1" with afero sftp backend
func RunSftpServer(rootpath string) {
	var (
		readOnly      bool
		debugLevelStr string
		debugLevel    int
		debugStderr   bool
		rootDir       string
	)

	flag.BoolVar(&readOnly, "R", false, "read-only server")
	flag.BoolVar(&debugStderr, "e", true, "debug to stderr")
	flag.StringVar(&debugLevelStr, "l", "none", "debug level")
	flag.StringVar(&rootDir, "root", rootpath, "root directory")
	flag.Parse()

	debugStream := ioutil.Discard
	if debugStderr {
		debugStream = os.Stderr
		debugLevel = 1
	}

	// An SSH server is represented by a ServerConfig, which holds
	// certificate details and handles authentication of ServerConns.
	config := &ssh.ServerConfig{
		PasswordCallback: func(c ssh.ConnMetadata, pass []byte) (*ssh.Permissions, error) {
			// Should use constant-time compare (or better, salt+hash) in
			// a production setting.
			fmt.Fprintf(debugStream, "Login: %s\n", c.User())
			if c.User() == "test" && string(pass) == "test" {
				return nil, nil
			}
			return nil, fmt.Errorf("password rejected for %q", c.User())
		},
	}

	privateBytes, err := ioutil.ReadFile("./test/id_rsa")
	if err != nil {
		log.Fatal("Failed to load private key", err)
	}

	private, err := ssh.ParsePrivateKey(privateBytes)
	if err != nil {
		log.Fatal("Failed to parse private key", err)
	}

	config.AddHostKey(private)

	// Once a ServerConfig has been configured, connections can be
	// accepted.
	listener, err := net.Listen("tcp", "0.0.0.0:2022")
	if err != nil {
		log.Fatal("failed to listen for connection", err)
	}
	fmt.Printf("Listening on %v\n", listener.Addr())

	nConn, err := listener.Accept()
	if err != nil {
		log.Fatal("failed to accept incoming connection", err)
	}

	// Before use, a handshake must be performed on the incoming
	// net.Conn.
	_, chans, reqs, err := ssh.NewServerConn(nConn, config)
	if err != nil {
		log.Fatal("failed to handshake", err)
	}
	fmt.Fprintf(debugStream, "SSH server established\n")

	// The incoming Request channel must be serviced.
	go ssh.DiscardRequests(reqs)

	// Service the incoming Channel channel.
	for newChannel := range chans {
		// Channels have a type, depending on the application level
		// protocol intended. In the case of an SFTP session, this is "subsystem"
		// with a payload string of "<length=4>sftp"
		fmt.Fprintf(debugStream, "Incoming channel: %s\n", newChannel.ChannelType())
		if newChannel.ChannelType() != "session" {
			newChannel.Reject(ssh.UnknownChannelType, "unknown channel type")
			fmt.Fprintf(debugStream, "Unknown channel type: %s\n", newChannel.ChannelType())
			continue
		}
		channel, requests, err := newChannel.Accept()
		if err != nil {
			log.Fatal("could not accept channel.", err)
		}
		fmt.Fprintf(debugStream, "Channel accepted\n")

		// Sessions have out-of-band requests such as "shell",
		// "pty-req" and "env".  Here we handle only the
		// "subsystem" request.
		go func(in <-chan *ssh.Request) {
			for req := range in {
				fmt.Fprintf(debugStream, "Request: %v\n", req.Type)
				ok := false
				switch req.Type {
				case "subsystem":
					fmt.Fprintf(debugStream, "Subsystem: %s\n", req.Payload[4:])
					if string(req.Payload[4:]) == "sftp" {
						ok = true
					}
				}
				fmt.Fprintf(debugStream, " - accepted: %v\n", ok)
				req.Reply(ok, nil)
			}
		}(requests)

		server, err := sftp.NewServer(channel, channel, debugStream, debugLevel, readOnly, rootpath)
		if err != nil {
			log.Fatal(err)
		}
		if err := server.Serve(); err != nil {
			log.Fatal("sftp server completed with error:", err)
		}
	}
}

// MakeSSHKeyPair make a pair of public and private keys for SSH access.
// Public key is encoded in the format for inclusion in an OpenSSH authorized_keys file.
// Private Key generated is PEM encoded
func MakeSSHKeyPair(bits int, pubKeyPath, privateKeyPath string) error {
	privateKey, err := rsa.GenerateKey(_rand.Reader, bits)
	if err != nil {
		return err
	}

	// generate and write private key as PEM
	privateKeyFile, err := os.Create(privateKeyPath)
	defer privateKeyFile.Close()
	if err != nil {
		return err
	}

	privateKeyPEM := &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(privateKey)}
	if err := pem.Encode(privateKeyFile, privateKeyPEM); err != nil {
		return err
	}

	// generate and write public key
	pub, err := ssh.NewPublicKey(&privateKey.PublicKey)
	if err != nil {
		return err
	}

	return ioutil.WriteFile(pubKeyPath, ssh.MarshalAuthorizedKey(pub), 0655)
}

func TestSftpCreate(t *testing.T) {
	os.Mkdir("./test", 0777)
	MakeSSHKeyPair(1024, "./test/id_rsa.pub", "./test/id_rsa")

	go RunSftpServer("./test/")
	time.Sleep(5 * time.Second)

	ctx, err := SftpConnect("test", "test", "localhost:2022")
	if err != nil {
		t.Fatal(err)
	}
	defer ctx.Disconnect()

	var AppFs Fs = SftpFs{
		SftpClient: ctx.sftpc,
	}

	AppFs.MkdirAll("test/dir1/dir2/dir3", os.FileMode(0777))
	AppFs.Mkdir("test/foo", os.FileMode(0000))
	AppFs.Chmod("test/foo", os.FileMode(0700))
	AppFs.Mkdir("test/bar", os.FileMode(0777))

	file, err := AppFs.Create("file1")
	if err != nil {
		t.Error(err)
	}
	defer file.Close()

	file.Write([]byte("hello\t"))
	file.WriteString("world!\n")

	f1, err := AppFs.Open("file1")
	if err != nil {
		log.Fatalf("open: %v", err)
	}
	defer f1.Close()

	b := make([]byte, 100)

	_, err = f1.Read(b)
	fmt.Println(string(b))

	// TODO check here if "hello\tworld\n" is in buffer b
}
Update vendor 2019-08-30 18:33:25 +00:00			`// Copyright © 2015 Jerry Jacobs <jerry.jacobs@xor-gate.org>.`
			`//`
			`// Licensed under the Apache License, Version 2.0 (the "License");`
			`// you may not use this file except in compliance with the License.`
			`// You may obtain a copy of the License at`
			`// http://www.apache.org/licenses/LICENSE-2.0`
			`//`
			`// Unless required by applicable law or agreed to in writing, software`
			`// distributed under the License is distributed on an "AS IS" BASIS,`
			`// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`// See the License for the specific language governing permissions and`
			`// limitations under the License.`

			`package afero`

			`import (`
			`"testing"`
			`"os"`
			`"log"`
			`"fmt"`
			`"net"`
			`"flag"`
			`"time"`
			`"io/ioutil"`
			`"crypto/rsa"`
			`_rand "crypto/rand"`
			`"encoding/pem"`
			`"crypto/x509"`

			`"golang.org/x/crypto/ssh"`
			`"github.com/pkg/sftp"`
			`)`

			`type SftpFsContext struct {`
			`sshc *ssh.Client`
			`sshcfg *ssh.ClientConfig`
			`sftpc *sftp.Client`
			`}`

			`// TODO we only connect with hardcoded user+pass for now`
			`// it should be possible to use $HOME/.ssh/id_rsa to login into the stub sftp server`
			`func SftpConnect(user, password, host string) (*SftpFsContext, error) {`
			`/*`
			`pemBytes, err := ioutil.ReadFile(os.Getenv("HOME") + "/.ssh/id_rsa")`
			`if err != nil {`
			`return nil,err`
			`}`

			`signer, err := ssh.ParsePrivateKey(pemBytes)`
			`if err != nil {`
			`return nil,err`
			`}`

			`sshcfg := &ssh.ClientConfig{`
			`User: user,`
			`Auth: []ssh.AuthMethod{`
			`ssh.Password(password),`
			`ssh.PublicKeys(signer),`
			`},`
			`}`
			`*/`

			`sshcfg := &ssh.ClientConfig{`
			`User: user,`
			`Auth: []ssh.AuthMethod{`
			`ssh.Password(password),`
			`},`
			`}`

			`sshc, err := ssh.Dial("tcp", host, sshcfg)`
			`if err != nil {`
			`return nil,err`
			`}`

			`sftpc, err := sftp.NewClient(sshc)`
			`if err != nil {`
			`return nil,err`
			`}`

			`ctx := &SftpFsContext{`
			`sshc: sshc,`
			`sshcfg: sshcfg,`
			`sftpc: sftpc,`
			`}`

			`return ctx,nil`
			`}`

			`func (ctx *SftpFsContext) Disconnect() error {`
			`ctx.sftpc.Close()`
			`ctx.sshc.Close()`
			`return nil`
			`}`

			`// TODO for such a weird reason rootpath is "." when writing "file1" with afero sftp backend`
			`func RunSftpServer(rootpath string) {`
			`var (`
			`readOnly bool`
			`debugLevelStr string`
			`debugLevel int`
			`debugStderr bool`
			`rootDir string`
			`)`

			`flag.BoolVar(&readOnly, "R", false, "read-only server")`
			`flag.BoolVar(&debugStderr, "e", true, "debug to stderr")`
			`flag.StringVar(&debugLevelStr, "l", "none", "debug level")`
			`flag.StringVar(&rootDir, "root", rootpath, "root directory")`
			`flag.Parse()`

			`debugStream := ioutil.Discard`
			`if debugStderr {`
			`debugStream = os.Stderr`
			`debugLevel = 1`
			`}`

			`// An SSH server is represented by a ServerConfig, which holds`
			`// certificate details and handles authentication of ServerConns.`
			`config := &ssh.ServerConfig{`
			`PasswordCallback: func(c ssh.ConnMetadata, pass []byte) (*ssh.Permissions, error) {`
			`// Should use constant-time compare (or better, salt+hash) in`
			`// a production setting.`
			`fmt.Fprintf(debugStream, "Login: %s\n", c.User())`
			`if c.User() == "test" && string(pass) == "test" {`
			`return nil, nil`
			`}`
			`return nil, fmt.Errorf("password rejected for %q", c.User())`
			`},`
			`}`

			`privateBytes, err := ioutil.ReadFile("./test/id_rsa")`
			`if err != nil {`
			`log.Fatal("Failed to load private key", err)`
			`}`

			`private, err := ssh.ParsePrivateKey(privateBytes)`
			`if err != nil {`
			`log.Fatal("Failed to parse private key", err)`
			`}`

			`config.AddHostKey(private)`

			`// Once a ServerConfig has been configured, connections can be`
			`// accepted.`
			`listener, err := net.Listen("tcp", "0.0.0.0:2022")`
			`if err != nil {`
			`log.Fatal("failed to listen for connection", err)`
			`}`
			`fmt.Printf("Listening on %v\n", listener.Addr())`

			`nConn, err := listener.Accept()`
			`if err != nil {`
			`log.Fatal("failed to accept incoming connection", err)`
			`}`

			`// Before use, a handshake must be performed on the incoming`
			`// net.Conn.`
			`_, chans, reqs, err := ssh.NewServerConn(nConn, config)`
			`if err != nil {`
			`log.Fatal("failed to handshake", err)`
			`}`
			`fmt.Fprintf(debugStream, "SSH server established\n")`

			`// The incoming Request channel must be serviced.`
			`go ssh.DiscardRequests(reqs)`

			`// Service the incoming Channel channel.`
			`for newChannel := range chans {`
			`// Channels have a type, depending on the application level`
			`// protocol intended. In the case of an SFTP session, this is "subsystem"`
			`// with a payload string of "<length=4>sftp"`
			`fmt.Fprintf(debugStream, "Incoming channel: %s\n", newChannel.ChannelType())`
			`if newChannel.ChannelType() != "session" {`
			`newChannel.Reject(ssh.UnknownChannelType, "unknown channel type")`
			`fmt.Fprintf(debugStream, "Unknown channel type: %s\n", newChannel.ChannelType())`
			`continue`
			`}`
			`channel, requests, err := newChannel.Accept()`
			`if err != nil {`
			`log.Fatal("could not accept channel.", err)`
			`}`
			`fmt.Fprintf(debugStream, "Channel accepted\n")`

			`// Sessions have out-of-band requests such as "shell",`
			`// "pty-req" and "env". Here we handle only the`
			`// "subsystem" request.`
			`go func(in <-chan *ssh.Request) {`
			`for req := range in {`
			`fmt.Fprintf(debugStream, "Request: %v\n", req.Type)`
			`ok := false`
			`switch req.Type {`
			`case "subsystem":`
			`fmt.Fprintf(debugStream, "Subsystem: %s\n", req.Payload[4:])`
			`if string(req.Payload[4:]) == "sftp" {`
			`ok = true`
			`}`
			`}`
			`fmt.Fprintf(debugStream, " - accepted: %v\n", ok)`
			`req.Reply(ok, nil)`
			`}`
			`}(requests)`

			`server, err := sftp.NewServer(channel, channel, debugStream, debugLevel, readOnly, rootpath)`
			`if err != nil {`
			`log.Fatal(err)`
			`}`
			`if err := server.Serve(); err != nil {`
			`log.Fatal("sftp server completed with error:", err)`
			`}`
			`}`
			`}`

			`// MakeSSHKeyPair make a pair of public and private keys for SSH access.`
			`// Public key is encoded in the format for inclusion in an OpenSSH authorized_keys file.`
			`// Private Key generated is PEM encoded`
			`func MakeSSHKeyPair(bits int, pubKeyPath, privateKeyPath string) error {`
			`privateKey, err := rsa.GenerateKey(_rand.Reader, bits)`
			`if err != nil {`
			`return err`
			`}`

			`// generate and write private key as PEM`
			`privateKeyFile, err := os.Create(privateKeyPath)`
			`defer privateKeyFile.Close()`
			`if err != nil {`
			`return err`
			`}`

			`privateKeyPEM := &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(privateKey)}`
			`if err := pem.Encode(privateKeyFile, privateKeyPEM); err != nil {`
			`return err`
			`}`

			`// generate and write public key`
			`pub, err := ssh.NewPublicKey(&privateKey.PublicKey)`
			`if err != nil {`
			`return err`
			`}`

			`return ioutil.WriteFile(pubKeyPath, ssh.MarshalAuthorizedKey(pub), 0655)`
			`}`

			`func TestSftpCreate(t *testing.T) {`
			`os.Mkdir("./test", 0777)`
			`MakeSSHKeyPair(1024, "./test/id_rsa.pub", "./test/id_rsa")`

			`go RunSftpServer("./test/")`
			`time.Sleep(5 * time.Second)`

			`ctx, err := SftpConnect("test", "test", "localhost:2022")`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`defer ctx.Disconnect()`

			`var AppFs Fs = SftpFs{`
			`SftpClient: ctx.sftpc,`
			`}`

			`AppFs.MkdirAll("test/dir1/dir2/dir3", os.FileMode(0777))`
			`AppFs.Mkdir("test/foo", os.FileMode(0000))`
			`AppFs.Chmod("test/foo", os.FileMode(0700))`
			`AppFs.Mkdir("test/bar", os.FileMode(0777))`

			`file, err := AppFs.Create("file1")`
			`if err != nil {`
			`t.Error(err)`
			`}`
			`defer file.Close()`

			`file.Write([]byte("hello\t"))`
			`file.WriteString("world!\n")`

			`f1, err := AppFs.Open("file1")`
			`if err != nil {`
			`log.Fatalf("open: %v", err)`
			`}`
			`defer f1.Close()`

			`b := make([]byte, 100)`

			`_, err = f1.Read(b)`
			`fmt.Println(string(b))`

			`// TODO check here if "hello\tworld\n" is in buffer b`
			`}`