sftpfs: simplify client creation

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
This commit is contained in:
Nicola Murino 2024-04-27 12:03:38 +02:00
parent 0a8a0ee771
commit dd9b0b151f
No known key found for this signature in database
GPG key ID: 935D2952DEC4EECF

View file

@ -67,27 +67,6 @@ type SFTPFsConfig struct {
PrivateKey *kms.Secret `json:"private_key,omitempty"` PrivateKey *kms.Secret `json:"private_key,omitempty"`
KeyPassphrase *kms.Secret `json:"key_passphrase,omitempty"` KeyPassphrase *kms.Secret `json:"key_passphrase,omitempty"`
forbiddenSelfUsernames []string `json:"-"` forbiddenSelfUsernames []string `json:"-"`
signer ssh.Signer
}
func (c *SFTPFsConfig) populateSigner() error {
if c.PrivateKey.GetPayload() != "" {
signer, err := c.getSigner()
if err != nil {
return fmt.Errorf("sftpfs: unable to parse the private key: %w", err)
}
c.signer = signer
return nil
}
return nil
}
func (c *SFTPFsConfig) getSigner() (ssh.Signer, error) {
if c.KeyPassphrase.GetPayload() != "" {
return ssh.ParsePrivateKeyWithPassphrase([]byte(c.PrivateKey.GetPayload()),
[]byte(c.KeyPassphrase.GetPayload()))
}
return ssh.ParsePrivateKey([]byte(c.PrivateKey.GetPayload()))
} }
// HideConfidentialData hides confidential data // HideConfidentialData hides confidential data
@ -352,9 +331,6 @@ func NewSFTPFs(connectionID, mountPath, localTempDir string, forbiddenSelfUserna
return nil, err return nil, err
} }
} }
if err := config.populateSigner(); err != nil {
return nil, err
}
config.forbiddenSelfUsernames = forbiddenSelfUsernames config.forbiddenSelfUsernames = forbiddenSelfUsernames
sftpFs := &SFTPFs{ sftpFs := &SFTPFs{
connectionID: connectionID, connectionID: connectionID,
@ -955,6 +931,17 @@ func (c *sftpConnection) OpenConnection() error {
return c.openConnNoLock() return c.openConnNoLock()
} }
func (c *sftpConnection) getKeySigner() (ssh.Signer, error) {
privPayload := c.config.PrivateKey.GetPayload()
if privPayload == "" {
return nil, nil
}
if key := c.config.KeyPassphrase.GetPayload(); key != "" {
return ssh.ParsePrivateKeyWithPassphrase([]byte(privPayload), []byte(key))
}
return ssh.ParsePrivateKey([]byte(privPayload))
}
func (c *sftpConnection) openConnNoLock() error { func (c *sftpConnection) openConnNoLock() error {
if c.isConnected { if c.isConnected {
logger.Debug(c.logSender, "", "reusing connection") logger.Debug(c.logSender, "", "reusing connection")
@ -989,14 +976,18 @@ func (c *sftpConnection) openConnNoLock() error {
logger.Log(logger.LevelWarn, c.logSender, "", "login without host key validation, please provide at least a fingerprint!") logger.Log(logger.LevelWarn, c.logSender, "", "login without host key validation, please provide at least a fingerprint!")
return nil return nil
}, },
Timeout: 10 * time.Second, Timeout: 15 * time.Second,
ClientVersion: fmt.Sprintf("SSH-2.0-SFTPGo_%v", version.Get().Version), ClientVersion: fmt.Sprintf("SSH-2.0-SFTPGo_%v", version.Get().Version),
} }
if c.config.signer != nil { signer, err := c.getKeySigner()
clientConfig.Auth = append(clientConfig.Auth, ssh.PublicKeys(c.config.signer)) if err != nil {
return fmt.Errorf("sftpfs: unable to parse the private key: %w", err)
} }
if c.config.Password.GetPayload() != "" { if signer != nil {
clientConfig.Auth = append(clientConfig.Auth, ssh.Password(c.config.Password.GetPayload())) clientConfig.Auth = append(clientConfig.Auth, ssh.PublicKeys(signer))
}
if pwd := c.config.Password.GetPayload(); pwd != "" {
clientConfig.Auth = append(clientConfig.Auth, ssh.Password(pwd))
} }
supportedAlgos := ssh.SupportedAlgorithms() supportedAlgos := ssh.SupportedAlgorithms()
insecureAlgos := ssh.InsecureAlgorithms() insecureAlgos := ssh.InsecureAlgorithms()