Refactor working dir to use skel

tg123 · Oct 24, 2024 · 7e4ab69 · 7e4ab69
1 parent 4535d8b
commit 7e4ab69
Show file tree

Hide file tree

Showing 9 changed files with 311 additions and 351 deletions.
diff --git a/libplugin/skel.go b/libplugin/skel.go
@@ -24,10 +24,10 @@ const SkelPluginAuthMethodAll SkelPluginAuthMethod = SkelPluginAuthMethodPasswor
 
 type SkelPlugin struct {
 	cache    *cache.Cache
-	listPipe func() ([]SkelPipe, error)
+	listPipe func(ConnMetadata) ([]SkelPipe, error)
 }
 
-func NewSkelPlugin(listPipe func() ([]SkelPipe, error)) *SkelPlugin {
+func NewSkelPlugin(listPipe func(ConnMetadata) ([]SkelPipe, error)) *SkelPlugin {
 	return &SkelPlugin{
 		cache:    cache.New(1*time.Minute, 10*time.Minute),
 		listPipe: listPipe,
@@ -83,10 +83,10 @@ func (p *SkelPlugin) CreateConfig() *SshPiperPluginConfig {
 	}
 }
 
-func (p *SkelPlugin) SupportedMethods(_ ConnMetadata) ([]string, error) {
+func (p *SkelPlugin) SupportedMethods(conn ConnMetadata) ([]string, error) {
 	set := make(map[string]bool)
 
-	pipes, err := p.listPipe()
+	pipes, err := p.listPipe(conn)
 	if err != nil {
 		return nil, err
 	}
@@ -133,7 +133,7 @@ func (p *SkelPlugin) VerifyHostKeyCallback(conn ConnMetadata, hostname, netaddr
 }
 
 func (p *SkelPlugin) match(conn ConnMetadata, verify func(SkelPipeFrom) (bool, error)) (SkelPipeFrom, SkelPipeTo, error) {
-	pipes, err := p.listPipe()
+	pipes, err := p.listPipe(conn)
 	if err != nil {
 		return nil, nil, err
 	}

diff --git a/plugin/docker/skel.go b/plugin/docker/skel.go
@@ -86,7 +86,7 @@ func (s *skelpipeFromWrapper) MatchConn(conn libplugin.ConnMetadata) (libplugin.
 }
 
 func (s *skelpipePasswordWrapper) TestPassword(conn libplugin.ConnMetadata, password []byte) (bool, error) {
-	return true, nil // yaml do not test input password
+	return true, nil // do not test input password
 }
 
 func (s *skelpipePublicKeyWrapper) AuthorizedKeys(conn libplugin.ConnMetadata) ([]byte, error) {
@@ -110,7 +110,7 @@ func (s *skelpipeToWrapper) OverridePassword(conn libplugin.ConnMetadata) ([]byt
 	return nil, nil
 }
 
-func (p *plugin) listPipe() ([]libplugin.SkelPipe, error) {
+func (p *plugin) listPipe(_ libplugin.ConnMetadata) ([]libplugin.SkelPipe, error) {
 	dpipes, err := p.list()
 	if err != nil {
 		return nil, err

diff --git a/plugin/internal/workingdir/workingdir.go b/plugin/internal/workingdir/workingdir.go
diff --git a/plugin/kubernetes/skel.go b/plugin/kubernetes/skel.go
@@ -237,7 +237,7 @@ func loadStringAndFile(base64orraw string, filepath string) ([][]byte, error) {
 	return all, nil
 }
 
-func (p *plugin) listPipe() ([]libplugin.SkelPipe, error) {
+func (p *plugin) listPipe(_ libplugin.ConnMetadata) ([]libplugin.SkelPipe, error) {
 	kpipes, err := p.list()
 	if err != nil {
 		return nil, err

diff --git a/plugin/workingdir/main.go b/plugin/workingdir/main.go
@@ -1,31 +1,10 @@
 package main
 
 import (
-	"fmt"
-	"path"
-
 	"github.com/tg123/sshpiper/libplugin"
 	"github.com/urfave/cli/v2"
-
-	"github.com/tg123/sshpiper/plugin/internal/workingdir"
 )
 
-func createWorkingdir(c *cli.Context, user string) (*workingdir.Workingdir, error) {
-	if !c.Bool("allow-baduser-name") {
-		if !workingdir.IsUsernameSecure(user) {
-			return nil, fmt.Errorf("bad username: %s", user)
-		}
-	}
-
-	root := c.String("root")
-
-	return &workingdir.Workingdir{
-		Path:        path.Join(root, user),
-		NoCheckPerm: c.Bool("no-check-perm"),
-		Strict:      c.Bool("strict-hostkey"),
-	}, nil
-}
-
 func main() {
 
 	libplugin.CreateAndRunPluginTemplate(&libplugin.PluginTemplate{
@@ -58,64 +37,33 @@ func main() {
 				Usage:   "disable password authentication and only use public key authentication",
 				EnvVars: []string{"SSHPIPERD_WORKINGDIR_NOPASSWORD_AUTH"},
 			},
+			&cli.BoolFlag{
+				Name:    "recursive-search",
+				Usage:   "search subdirectories under user directory for upsteam",
+				EnvVars: []string{"SSHPIPERD_WORKINGDIR_RECURSIVESEARCH"},
+			},
 		},
 		CreateConfig: func(c *cli.Context) (*libplugin.SshPiperPluginConfig, error) {
 
-			return &libplugin.SshPiperPluginConfig{
-
-				NextAuthMethodsCallback: func(_ libplugin.ConnMetadata) ([]string, error) {
-					if c.Bool("no-password-auth") {
-						return []string{"publickey"}, nil
-					}
-
-					return []string{"password", "publickey"}, nil
-				},
-
-				PasswordCallback: func(conn libplugin.ConnMetadata, password []byte) (*libplugin.Upstream, error) {
-					w, err := createWorkingdir(c, conn.User())
-					if err != nil {
-						return nil, err
-					}
-
-					u, err := w.CreateUpstream()
-					if err != nil {
-						return nil, err
-					}
-
-					u.Auth = libplugin.CreatePasswordAuth(password)
-					return u, nil
-				},
-
-				PublicKeyCallback: func(conn libplugin.ConnMetadata, key []byte) (*libplugin.Upstream, error) {
-					w, err := createWorkingdir(c, conn.User())
-					if err != nil {
-						return nil, err
-					}
-
-					u, err := w.CreateUpstream()
-					if err != nil {
-						return nil, err
-					}
-
-					k, err := w.Mapkey(key)
-					if err != nil {
-						return nil, err
-					}
-
-					u.Auth = libplugin.CreatePrivateKeyAuth(k)
-
-					return u, nil
-				},
-
-				VerifyHostKeyCallback: func(conn libplugin.ConnMetadata, hostname, netaddr string, key []byte) error {
-					w, err := createWorkingdir(c, conn.User())
-					if err != nil {
-						return err
-					}
-
-					return w.VerifyHostKey(hostname, netaddr, key)
-				},
-			}, nil
+			fac := workdingdirFactory{
+				root:             c.String("root"),
+				allowBadUsername: c.Bool("allow-baduser-name"),
+				noPasswordAuth:   c.Bool("no-password-auth"),
+				noCheckPerm:      c.Bool("no-check-perm"),
+				strictHostKey:    c.Bool("strict-hostkey"),
+				recursiveSearch:  c.Bool("recursive-search"),
+			}
+
+			skel := libplugin.NewSkelPlugin(fac.listPipe)
+			config := skel.CreateConfig()
+			config.NextAuthMethodsCallback = func(_ libplugin.ConnMetadata) ([]string, error) {
+				if fac.noPasswordAuth {
+					return []string{"publickey"}, nil
+				}
+
+				return []string{"password", "publickey"}, nil
+			}
+			return config, nil
 		},
 	})
 }