Mirrors/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-07 14:50:55 +03:00
Code Issues Packages Projects Releases Wiki Activity

expose KMS as plugin

Browse Source
This commit is contained in:
Nicola Murino
2021-07-16 18:22:42 +02:00
parent 776dffcf12
commit 6d313f6d8f
16 changed files with 1136 additions and 84 deletions
Download Patch File Download Diff File Expand all files Collapse all files

181
sdk/plugin/kms.go Normal file
View File

@@ -0,0 +1,181 @@
package plugin
import (
"crypto/sha256"
"fmt"
"os/exec"
"path/filepath"
"github.com/hashicorp/go-hclog"
"github.com/hashicorp/go-plugin"
"github.com/drakkan/sftpgo/v2/kms"
"github.com/drakkan/sftpgo/v2/logger"
kmsplugin "github.com/drakkan/sftpgo/v2/sdk/plugin/kms"
"github.com/drakkan/sftpgo/v2/util"
)
var (
validKMSSchemes = []string{kms.SchemeAWS, kms.SchemeGCP, kms.SchemeVaultTransit, kms.SchemeAzureKeyVault}
validKMSEncryptedStatuses = []string{kms.SecretStatusVaultTransit, kms.SecretStatusAWS, kms.SecretStatusGCP,
kms.SecretStatusAzureKeyVault}
)
// KMSConfig defines configuration parameters for kms plugins
type KMSConfig struct {
Scheme string `json:"scheme" mapstructure:"scheme"`
EncryptedStatus string `json:"encrypted_status" mapstructure:"encrypted_status"`
}
func (c *KMSConfig) isValid() error {
if !util.IsStringInSlice(c.Scheme, validKMSSchemes) {
return fmt.Errorf("invalid kms scheme: %v", c.Scheme)
}
if !util.IsStringInSlice(c.EncryptedStatus, validKMSEncryptedStatuses) {
return fmt.Errorf("invalid kms encrypted status: %v", c.EncryptedStatus)
}
return nil
}
type kmsPlugin struct {
config Config
service kmsplugin.Service
client *plugin.Client
}
func newKMSPlugin(config Config) (*kmsPlugin, error) {
p := &kmsPlugin{
config: config,
}
if err := p.initialize(); err != nil {
logger.Warn(logSender, "", "unable to create kms plugin: %v, config %+v", err, config)
return nil, err
}
return p, nil
}
func (p *kmsPlugin) initialize() error {
killProcess(p.config.Cmd)
logger.Debug(logSender, "", "create new kms plugin %#v", p.config.Cmd)
if err := p.config.KMSOptions.isValid(); err != nil {
return fmt.Errorf("invalid options for kms plugin %#v: %v", p.config.Cmd, err)
}
var secureConfig *plugin.SecureConfig
if p.config.SHA256Sum != "" {
secureConfig.Checksum = []byte(p.config.SHA256Sum)
secureConfig.Hash = sha256.New()
}
client := plugin.NewClient(&plugin.ClientConfig{
HandshakeConfig: kmsplugin.Handshake,
Plugins: kmsplugin.PluginMap,
Cmd: exec.Command(p.config.Cmd, p.config.Args...),
AllowedProtocols: []plugin.Protocol{
plugin.ProtocolGRPC,
},
AutoMTLS: p.config.AutoMTLS,
SecureConfig: secureConfig,
Managed: false,
Logger: &logger.HCLogAdapter{
Logger: hclog.New(&hclog.LoggerOptions{
Name: fmt.Sprintf("%v.%v", logSender, kmsplugin.PluginName),
Level: pluginsLogLevel,
DisableTime: true,
}),
},
})
rpcClient, err := client.Client()
if err != nil {
logger.Debug(logSender, "", "unable to get rpc client for kms plugin %#v: %v", p.config.Cmd, err)
return err
}
raw, err := rpcClient.Dispense(kmsplugin.PluginName)
if err != nil {
logger.Debug(logSender, "", "unable to get plugin %v from rpc client for command %#v: %v",
kmsplugin.PluginName, p.config.Cmd, err)
return err
}
p.client = client
p.service = raw.(kmsplugin.Service)
return nil
}
func (p *kmsPlugin) exited() bool {
return p.client.Exited()
}
func (p *kmsPlugin) cleanup() {
p.client.Kill()
}
func (p *kmsPlugin) Encrypt(secret kms.BaseSecret, url string, masterKey string) (string, string, int32, error) {
return p.service.Encrypt(secret.Payload, secret.AdditionalData, url, masterKey)
}
func (p *kmsPlugin) Decrypt(secret kms.BaseSecret, url string, masterKey string) (string, error) {
return p.service.Decrypt(secret.Payload, secret.Key, secret.AdditionalData, secret.Mode, url, masterKey)
}
type kmsPluginSecretProvider struct {
kms.BaseSecret
URL string
MasterKey string
config *Config
}
func (s *kmsPluginSecretProvider) Name() string {
return fmt.Sprintf("KMSPlugin_%v_%v_%v", filepath.Base(s.config.Cmd), s.config.KMSOptions.Scheme, s.config.kmsID)
}
func (s *kmsPluginSecretProvider) IsEncrypted() bool {
return s.Status == s.config.KMSOptions.EncryptedStatus
}
func (s *kmsPluginSecretProvider) Encrypt() error {
if s.Status != kms.SecretStatusPlain {
return kms.ErrWrongSecretStatus
}
if s.Payload == "" {
return kms.ErrInvalidSecret
}
payload, key, mode, err := Handler.kmsEncrypt(s.BaseSecret, s.URL, s.MasterKey, s.config.kmsID)
if err != nil {
return err
}
s.Status = s.config.KMSOptions.EncryptedStatus
s.Payload = payload
s.Key = key
s.Mode = int(mode)
return nil
}
func (s *kmsPluginSecretProvider) Decrypt() error {
if !s.IsEncrypted() {
return kms.ErrWrongSecretStatus
}
payload, err := Handler.kmsDecrypt(s.BaseSecret, s.URL, s.MasterKey, s.config.kmsID)
if err != nil {
return err
}
s.Status = kms.SecretStatusPlain
s.Payload = payload
s.Key = ""
s.AdditionalData = ""
s.Mode = 0
return nil
}
func (s *kmsPluginSecretProvider) Clone() kms.SecretProvider {
baseSecret := kms.BaseSecret{
Status: s.Status,
Payload: s.Payload,
Key: s.Key,
AdditionalData: s.AdditionalData,
Mode: s.Mode,
}
return s.config.newKMSPluginSecretProvider(baseSecret, s.URL, s.MasterKey)
}

84
sdk/plugin/kms/grpc.go Normal file
View File

@@ -0,0 +1,84 @@
package kms
import (
"context"
"time"
"github.com/drakkan/sftpgo/v2/sdk/plugin/kms/proto"
)
const (
rpcTimeout = 20 * time.Second
)
// GRPCClient is an implementation of KMS interface that talks over RPC.
type GRPCClient struct {
client proto.KMSClient
}
// Encrypt implements the KMSService interface
func (c *GRPCClient) Encrypt(payload, additionalData, URL, masterKey string) (string, string, int32, error) {
ctx, cancel := context.WithTimeout(context.Background(), rpcTimeout)
defer cancel()
resp, err := c.client.Encrypt(ctx, &proto.EncryptRequest{
Payload: payload,
AdditionalData: additionalData,
Url: URL,
MasterKey: masterKey,
})
if err != nil {
return "", "", 0, err
}
return resp.Payload, resp.Key, resp.Mode, nil
}
// Decrypt implements the KMSService interface
func (c *GRPCClient) Decrypt(payload, key, additionalData string, mode int, URL, masterKey string) (string, error) {
ctx, cancel := context.WithTimeout(context.Background(), rpcTimeout)
defer cancel()
resp, err := c.client.Decrypt(ctx, &proto.DecryptRequest{
Payload: payload,
Key: key,
AdditionalData: additionalData,
Mode: int32(mode),
Url: URL,
MasterKey: masterKey,
})
if err != nil {
return "", err
}
return resp.Payload, nil
}
// GRPCServer defines the gRPC server that GRPCClient talks to.
type GRPCServer struct {
Impl Service
}
// Encrypt implements the serve side encrypt method
func (s *GRPCServer) Encrypt(ctx context.Context, req *proto.EncryptRequest) (*proto.EncryptResponse, error) {
payload, key, mode, err := s.Impl.Encrypt(req.Payload, req.AdditionalData, req.Url, req.MasterKey)
if err != nil {
return nil, err
}
return &proto.EncryptResponse{
Payload: payload,
Key: key,
Mode: mode,
}, nil
}
// Decrypt implements the serve side decrypt method
func (s *GRPCServer) Decrypt(ctx context.Context, req *proto.DecryptRequest) (*proto.DecryptResponse, error) {
payload, err := s.Impl.Decrypt(req.Payload, req.Key, req.AdditionalData, int(req.Mode), req.Url, req.MasterKey)
if err != nil {
return nil, err
}
return &proto.DecryptResponse{
Payload: payload,
}, nil
}

56
sdk/plugin/kms/kms.go Normal file
View File

@@ -0,0 +1,56 @@
// Package kms defines the implementation for kms plugins.
// KMS plugins allow to encrypt/decrypt sensitive data.
package kms
import (
"context"
"github.com/hashicorp/go-plugin"
"google.golang.org/grpc"
"github.com/drakkan/sftpgo/v2/sdk/plugin/kms/proto"
)
const (
// PluginName defines the name for a kms plugin
PluginName = "kms"
)
// Handshake is a common handshake that is shared by plugin and host.
var Handshake = plugin.HandshakeConfig{
ProtocolVersion: 1,
MagicCookieKey: "SFTPGO_KMS_PLUGIN",
MagicCookieValue: "223e3571-7ed2-4b96-b4b3-c7eb87d7ca1d",
}
// PluginMap is the map of plugins we can dispense.
var PluginMap = map[string]plugin.Plugin{
PluginName: &Plugin{},
}
// Service defines the interface for kms plugins
type Service interface {
Encrypt(payload, additionalData, URL, masterKey string) (string, string, int32, error)
Decrypt(payload, key, additionalData string, mode int, URL, masterKey string) (string, error)
}
// Plugin defines the implementation to serve/connect to a notifier plugin
type Plugin struct {
plugin.Plugin
Impl Service
}
// GRPCServer defines the GRPC server implementation for this plugin
func (p *Plugin) GRPCServer(broker *plugin.GRPCBroker, s *grpc.Server) error {
proto.RegisterKMSServer(s, &GRPCServer{
Impl: p.Impl,
})
return nil
}
// GRPCClient defines the GRPC client implementation for this plugin
func (p *Plugin) GRPCClient(ctx context.Context, broker *plugin.GRPCBroker, c *grpc.ClientConn) (interface{}, error) {
return &GRPCClient{
client: proto.NewKMSClient(c),
}, nil
}

559
sdk/plugin/kms/proto/kms.pb.go Normal file
View File

@@ -0,0 +1,559 @@
// Code generated by protoc-gen-go. DO NOT EDIT.
// versions:
// protoc-gen-go v1.26.0
// protoc v3.17.3
// source: kms/proto/kms.proto
package proto
import (
context "context"
grpc "google.golang.org/grpc"
codes "google.golang.org/grpc/codes"
status "google.golang.org/grpc/status"
protoreflect "google.golang.org/protobuf/reflect/protoreflect"
protoimpl "google.golang.org/protobuf/runtime/protoimpl"
reflect "reflect"
sync "sync"
)
const (
// Verify that this generated code is sufficiently up-to-date.
_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
// Verify that runtime/protoimpl is sufficiently up-to-date.
_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
)
type EncryptRequest struct {
state protoimpl.MessageState
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
Payload string `protobuf:"bytes,1,opt,name=payload,proto3" json:"payload,omitempty"`
AdditionalData string `protobuf:"bytes,2,opt,name=additional_data,json=additionalData,proto3" json:"additional_data,omitempty"`
Url string `protobuf:"bytes,3,opt,name=url,proto3" json:"url,omitempty"`
MasterKey string `protobuf:"bytes,4,opt,name=master_key,json=masterKey,proto3" json:"master_key,omitempty"`
}
func (x *EncryptRequest) Reset() {
*x = EncryptRequest{}
if protoimpl.UnsafeEnabled {
mi := &file_kms_proto_kms_proto_msgTypes[0]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
}
func (x *EncryptRequest) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*EncryptRequest) ProtoMessage() {}
func (x *EncryptRequest) ProtoReflect() protoreflect.Message {
mi := &file_kms_proto_kms_proto_msgTypes[0]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use EncryptRequest.ProtoReflect.Descriptor instead.
func (*EncryptRequest) Descriptor() ([]byte, []int) {
return file_kms_proto_kms_proto_rawDescGZIP(), []int{0}
}
func (x *EncryptRequest) GetPayload() string {
if x != nil {
return x.Payload
}
return ""
}
func (x *EncryptRequest) GetAdditionalData() string {
if x != nil {
return x.AdditionalData
}
return ""
}
func (x *EncryptRequest) GetUrl() string {
if x != nil {
return x.Url
}
return ""
}
func (x *EncryptRequest) GetMasterKey() string {
if x != nil {
return x.MasterKey
}
return ""
}
type EncryptResponse struct {
state protoimpl.MessageState
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
Payload string `protobuf:"bytes,1,opt,name=payload,proto3" json:"payload,omitempty"`
Key string `protobuf:"bytes,2,opt,name=key,proto3" json:"key,omitempty"`
Mode int32 `protobuf:"varint,3,opt,name=mode,proto3" json:"mode,omitempty"`
}
func (x *EncryptResponse) Reset() {
*x = EncryptResponse{}
if protoimpl.UnsafeEnabled {
mi := &file_kms_proto_kms_proto_msgTypes[1]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
}
func (x *EncryptResponse) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*EncryptResponse) ProtoMessage() {}
func (x *EncryptResponse) ProtoReflect() protoreflect.Message {
mi := &file_kms_proto_kms_proto_msgTypes[1]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use EncryptResponse.ProtoReflect.Descriptor instead.
func (*EncryptResponse) Descriptor() ([]byte, []int) {
return file_kms_proto_kms_proto_rawDescGZIP(), []int{1}
}
func (x *EncryptResponse) GetPayload() string {
if x != nil {
return x.Payload
}
return ""
}
func (x *EncryptResponse) GetKey() string {
if x != nil {
return x.Key
}
return ""
}
func (x *EncryptResponse) GetMode() int32 {
if x != nil {
return x.Mode
}
return 0
}
type DecryptRequest struct {
state protoimpl.MessageState
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
Payload string `protobuf:"bytes,1,opt,name=payload,proto3" json:"payload,omitempty"`
Key string `protobuf:"bytes,2,opt,name=key,proto3" json:"key,omitempty"`
AdditionalData string `protobuf:"bytes,3,opt,name=additional_data,json=additionalData,proto3" json:"additional_data,omitempty"`
Mode int32 `protobuf:"varint,4,opt,name=mode,proto3" json:"mode,omitempty"`
Url string `protobuf:"bytes,5,opt,name=url,proto3" json:"url,omitempty"`
MasterKey string `protobuf:"bytes,6,opt,name=master_key,json=masterKey,proto3" json:"master_key,omitempty"`
}
func (x *DecryptRequest) Reset() {
*x = DecryptRequest{}
if protoimpl.UnsafeEnabled {
mi := &file_kms_proto_kms_proto_msgTypes[2]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
}
func (x *DecryptRequest) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*DecryptRequest) ProtoMessage() {}
func (x *DecryptRequest) ProtoReflect() protoreflect.Message {
mi := &file_kms_proto_kms_proto_msgTypes[2]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use DecryptRequest.ProtoReflect.Descriptor instead.
func (*DecryptRequest) Descriptor() ([]byte, []int) {
return file_kms_proto_kms_proto_rawDescGZIP(), []int{2}
}
func (x *DecryptRequest) GetPayload() string {
if x != nil {
return x.Payload
}
return ""
}
func (x *DecryptRequest) GetKey() string {
if x != nil {
return x.Key
}
return ""
}
func (x *DecryptRequest) GetAdditionalData() string {
if x != nil {
return x.AdditionalData
}
return ""
}
func (x *DecryptRequest) GetMode() int32 {
if x != nil {
return x.Mode
}
return 0
}
func (x *DecryptRequest) GetUrl() string {
if x != nil {
return x.Url
}
return ""
}
func (x *DecryptRequest) GetMasterKey() string {
if x != nil {
return x.MasterKey
}
return ""
}
type DecryptResponse struct {
state protoimpl.MessageState
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
Payload string `protobuf:"bytes,1,opt,name=payload,proto3" json:"payload,omitempty"`
}
func (x *DecryptResponse) Reset() {
*x = DecryptResponse{}
if protoimpl.UnsafeEnabled {
mi := &file_kms_proto_kms_proto_msgTypes[3]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
}
func (x *DecryptResponse) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*DecryptResponse) ProtoMessage() {}
func (x *DecryptResponse) ProtoReflect() protoreflect.Message {
mi := &file_kms_proto_kms_proto_msgTypes[3]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use DecryptResponse.ProtoReflect.Descriptor instead.
func (*DecryptResponse) Descriptor() ([]byte, []int) {
return file_kms_proto_kms_proto_rawDescGZIP(), []int{3}
}
func (x *DecryptResponse) GetPayload() string {
if x != nil {
return x.Payload
}
return ""
}
var File_kms_proto_kms_proto protoreflect.FileDescriptor
var file_kms_proto_kms_proto_rawDesc = []byte{
0x0a, 0x13, 0x6b, 0x6d, 0x73, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x6b, 0x6d, 0x73, 0x2e,
0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x05, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x84, 0x01, 0x0a,
0x0e, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12,
0x18, 0x0a, 0x07, 0x70, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
0x52, 0x07, 0x70, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x12, 0x27, 0x0a, 0x0f, 0x61, 0x64, 0x64,
0x69, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x5f, 0x64, 0x61, 0x74, 0x61, 0x18, 0x02, 0x20, 0x01,
0x28, 0x09, 0x52, 0x0e, 0x61, 0x64, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x44, 0x61,
0x74, 0x61, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x72, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52,
0x03, 0x75, 0x72, 0x6c, 0x12, 0x1d, 0x0a, 0x0a, 0x6d, 0x61, 0x73, 0x74, 0x65, 0x72, 0x5f, 0x6b,
0x65, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6d, 0x61, 0x73, 0x74, 0x65, 0x72,
0x4b, 0x65, 0x79, 0x22, 0x51, 0x0a, 0x0f, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x52, 0x65,
0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x70, 0x61, 0x79, 0x6c, 0x6f, 0x61,
0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x70, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64,
0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b,
0x65, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05,
0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x22, 0xaa, 0x01, 0x0a, 0x0e, 0x44, 0x65, 0x63, 0x72, 0x79,
0x70, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x18, 0x0a, 0x07, 0x70, 0x61, 0x79,
0x6c, 0x6f, 0x61, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x70, 0x61, 0x79, 0x6c,
0x6f, 0x61, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x27, 0x0a, 0x0f, 0x61, 0x64, 0x64, 0x69, 0x74, 0x69, 0x6f,
0x6e, 0x61, 0x6c, 0x5f, 0x64, 0x61, 0x74, 0x61, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e,
0x61, 0x64, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x44, 0x61, 0x74, 0x61, 0x12, 0x12,
0x0a, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x05, 0x52, 0x04, 0x6d, 0x6f,
0x64, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x72, 0x6c, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52,
0x03, 0x75, 0x72, 0x6c, 0x12, 0x1d, 0x0a, 0x0a, 0x6d, 0x61, 0x73, 0x74, 0x65, 0x72, 0x5f, 0x6b,
0x65, 0x79, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6d, 0x61, 0x73, 0x74, 0x65, 0x72,
0x4b, 0x65, 0x79, 0x22, 0x2b, 0x0a, 0x0f, 0x44, 0x65, 0x63, 0x72, 0x79, 0x70, 0x74, 0x52, 0x65,
0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x70, 0x61, 0x79, 0x6c, 0x6f, 0x61,
0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x70, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64,
0x32, 0x79, 0x0a, 0x03, 0x4b, 0x4d, 0x53, 0x12, 0x38, 0x0a, 0x07, 0x45, 0x6e, 0x63, 0x72, 0x79,
0x70, 0x74, 0x12, 0x15, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x45, 0x6e, 0x63, 0x72, 0x79,
0x70, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x70, 0x72, 0x6f, 0x74,
0x6f, 0x2e, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
0x65, 0x12, 0x38, 0x0a, 0x07, 0x44, 0x65, 0x63, 0x72, 0x79, 0x70, 0x74, 0x12, 0x15, 0x2e, 0x70,
0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x44, 0x65, 0x63, 0x72, 0x79, 0x70, 0x74, 0x52, 0x65, 0x71, 0x75,
0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x44, 0x65, 0x63, 0x72,
0x79, 0x70, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x16, 0x5a, 0x14, 0x73,
0x64, 0x6b, 0x2f, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2f, 0x6b, 0x6d, 0x73, 0x2f, 0x70, 0x72,
0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
}
var (
file_kms_proto_kms_proto_rawDescOnce sync.Once
file_kms_proto_kms_proto_rawDescData = file_kms_proto_kms_proto_rawDesc
)
func file_kms_proto_kms_proto_rawDescGZIP() []byte {
file_kms_proto_kms_proto_rawDescOnce.Do(func() {
file_kms_proto_kms_proto_rawDescData = protoimpl.X.CompressGZIP(file_kms_proto_kms_proto_rawDescData)
})
return file_kms_proto_kms_proto_rawDescData
}
var file_kms_proto_kms_proto_msgTypes = make([]protoimpl.MessageInfo, 4)
var file_kms_proto_kms_proto_goTypes = []interface{}{
(*EncryptRequest)(nil), // 0: proto.EncryptRequest
(*EncryptResponse)(nil), // 1: proto.EncryptResponse
(*DecryptRequest)(nil), // 2: proto.DecryptRequest
(*DecryptResponse)(nil), // 3: proto.DecryptResponse
}
var file_kms_proto_kms_proto_depIdxs = []int32{
0, // 0: proto.KMS.Encrypt:input_type -> proto.EncryptRequest
2, // 1: proto.KMS.Decrypt:input_type -> proto.DecryptRequest
1, // 2: proto.KMS.Encrypt:output_type -> proto.EncryptResponse
3, // 3: proto.KMS.Decrypt:output_type -> proto.DecryptResponse
2, // [2:4] is the sub-list for method output_type
0, // [0:2] is the sub-list for method input_type
0, // [0:0] is the sub-list for extension type_name
0, // [0:0] is the sub-list for extension extendee
0, // [0:0] is the sub-list for field type_name
}
func init() { file_kms_proto_kms_proto_init() }
func file_kms_proto_kms_proto_init() {
if File_kms_proto_kms_proto != nil {
return
}
if !protoimpl.UnsafeEnabled {
file_kms_proto_kms_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*EncryptRequest); i {
case 0:
return &v.state
case 1:
return &v.sizeCache
case 2:
return &v.unknownFields
default:
return nil
}
}
file_kms_proto_kms_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*EncryptResponse); i {
case 0:
return &v.state
case 1:
return &v.sizeCache
case 2:
return &v.unknownFields
default:
return nil
}
}
file_kms_proto_kms_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*DecryptRequest); i {
case 0:
return &v.state
case 1:
return &v.sizeCache
case 2:
return &v.unknownFields
default:
return nil
}
}
file_kms_proto_kms_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*DecryptResponse); i {
case 0:
return &v.state
case 1:
return &v.sizeCache
case 2:
return &v.unknownFields
default:
return nil
}
}
}
type x struct{}
out := protoimpl.TypeBuilder{
File: protoimpl.DescBuilder{
GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
RawDescriptor: file_kms_proto_kms_proto_rawDesc,
NumEnums: 0,
NumMessages: 4,
NumExtensions: 0,
NumServices: 1,
},
GoTypes: file_kms_proto_kms_proto_goTypes,
DependencyIndexes: file_kms_proto_kms_proto_depIdxs,
MessageInfos: file_kms_proto_kms_proto_msgTypes,
}.Build()
File_kms_proto_kms_proto = out.File
file_kms_proto_kms_proto_rawDesc = nil
file_kms_proto_kms_proto_goTypes = nil
file_kms_proto_kms_proto_depIdxs = nil
}
// Reference imports to suppress errors if they are not otherwise used.
var _ context.Context
var _ grpc.ClientConnInterface
// This is a compile-time assertion to ensure that this generated file
// is compatible with the grpc package it is being compiled against.
const _ = grpc.SupportPackageIsVersion6
// KMSClient is the client API for KMS service.
//
// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
type KMSClient interface {
Encrypt(ctx context.Context, in *EncryptRequest, opts ...grpc.CallOption) (*EncryptResponse, error)
Decrypt(ctx context.Context, in *DecryptRequest, opts ...grpc.CallOption) (*DecryptResponse, error)
}
type kMSClient struct {
cc grpc.ClientConnInterface
}
func NewKMSClient(cc grpc.ClientConnInterface) KMSClient {
return &kMSClient{cc}
}
func (c *kMSClient) Encrypt(ctx context.Context, in *EncryptRequest, opts ...grpc.CallOption) (*EncryptResponse, error) {
out := new(EncryptResponse)
err := c.cc.Invoke(ctx, "/proto.KMS/Encrypt", in, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *kMSClient) Decrypt(ctx context.Context, in *DecryptRequest, opts ...grpc.CallOption) (*DecryptResponse, error) {
out := new(DecryptResponse)
err := c.cc.Invoke(ctx, "/proto.KMS/Decrypt", in, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
// KMSServer is the server API for KMS service.
type KMSServer interface {
Encrypt(context.Context, *EncryptRequest) (*EncryptResponse, error)
Decrypt(context.Context, *DecryptRequest) (*DecryptResponse, error)
}
// UnimplementedKMSServer can be embedded to have forward compatible implementations.
type UnimplementedKMSServer struct {
}
func (*UnimplementedKMSServer) Encrypt(context.Context, *EncryptRequest) (*EncryptResponse, error) {
return nil, status.Errorf(codes.Unimplemented, "method Encrypt not implemented")
}
func (*UnimplementedKMSServer) Decrypt(context.Context, *DecryptRequest) (*DecryptResponse, error) {
return nil, status.Errorf(codes.Unimplemented, "method Decrypt not implemented")
}
func RegisterKMSServer(s *grpc.Server, srv KMSServer) {
s.RegisterService(&_KMS_serviceDesc, srv)
}
func _KMS_Encrypt_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(EncryptRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(KMSServer).Encrypt(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: "/proto.KMS/Encrypt",
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(KMSServer).Encrypt(ctx, req.(*EncryptRequest))
}
return interceptor(ctx, in, info, handler)
}
func _KMS_Decrypt_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(DecryptRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(KMSServer).Decrypt(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: "/proto.KMS/Decrypt",
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(KMSServer).Decrypt(ctx, req.(*DecryptRequest))
}
return interceptor(ctx, in, info, handler)
}
var _KMS_serviceDesc = grpc.ServiceDesc{
ServiceName: "proto.KMS",
HandlerType: (*KMSServer)(nil),
Methods: []grpc.MethodDesc{
{
MethodName: "Encrypt",
Handler: _KMS_Encrypt_Handler,
},
{
MethodName: "Decrypt",
Handler: _KMS_Decrypt_Handler,
},
},
Streams: []grpc.StreamDesc{},
Metadata: "kms/proto/kms.proto",
}

35
sdk/plugin/kms/proto/kms.proto Normal file
View File

@@ -0,0 +1,35 @@
syntax = "proto3";
package proto;
option go_package = "sdk/plugin/kms/proto";
message EncryptRequest {
string payload = 1;
string additional_data = 2;
string url = 3;
string master_key = 4;
}
message EncryptResponse {
string payload = 1;
string key = 2;
int32 mode = 3;
}
message DecryptRequest {
string payload = 1;
string key = 2;
string additional_data = 3;
int32 mode = 4;
string url = 5;
string master_key = 6;
}
message DecryptResponse {
string payload = 1;
}
service KMS {
rpc Encrypt(EncryptRequest) returns (EncryptResponse);
rpc Decrypt(DecryptRequest) returns (DecryptResponse);
}

1
sdk/plugin/mkproto.sh
View File

@@ -1,5 +1,6 @@
#!/bin/bash
protoc notifier/proto/notifier.proto --go_out=plugins=grpc:../.. --go_out=../../..
protoc kms/proto/kms.proto --go_out=plugins=grpc:../.. --go_out=../../..

10
sdk/plugin/notifier.go
View File

@@ -40,7 +40,7 @@ func newNotifierPlugin(config Config) (*notifierPlugin, error) {
config: config,
}
if err := p.initialize(); err != nil {
logger.Warn(logSender, "", "unable to create notifier plugin: %v, config %v", err, config)
logger.Warn(logSender, "", "unable to create notifier plugin: %v, config %+v", err, config)
return nil, err
}
return p, nil
@@ -56,9 +56,9 @@ func (p *notifierPlugin) cleanup() {
func (p *notifierPlugin) initialize() error {
killProcess(p.config.Cmd)
logger.Debug(logSender, "", "create new plugin %v", p.config.Cmd)
logger.Debug(logSender, "", "create new notifier plugin %#v", p.config.Cmd)
if !p.config.NotifierOptions.hasActions() {
return fmt.Errorf("no actions defined for the notifier plugin %v", p.config.Cmd)
return fmt.Errorf("no actions defined for the notifier plugin %#v", p.config.Cmd)
}
var secureConfig *plugin.SecureConfig
if p.config.SHA256Sum != "" {
@@ -85,12 +85,12 @@ func (p *notifierPlugin) initialize() error {
})
rpcClient, err := client.Client()
if err != nil {
logger.Debug(logSender, "", "unable to get rpc client for plugin %v: %v", p.config.Cmd, err)
logger.Debug(logSender, "", "unable to get rpc client for plugin %#v: %v", p.config.Cmd, err)
return err
}
raw, err := rpcClient.Dispense(notifier.PluginName)
if err != nil {
logger.Debug(logSender, "", "unable to get plugin %v from rpc client for plugin %v: %v",
logger.Debug(logSender, "", "unable to get plugin %v from rpc client for command %#v: %v",
notifier.PluginName, p.config.Cmd, err)
return err
}

2
sdk/plugin/notifier/notifier.go
View File

@@ -1,4 +1,4 @@
// Package notifier defines the implementation for event notifier plugin.
// Package notifier defines the implementation for event notifier plugins.
// Notifier plugins allow to receive filesystem events such as file uploads,
// downloads etc. and user events such as add, update, delete.
package notifier

226
sdk/plugin/plugin.go
View File

@@ -4,10 +4,14 @@ package plugin
import (
"fmt"
"sync"
"sync/atomic"
"time"
"github.com/hashicorp/go-hclog"
"github.com/drakkan/sftpgo/v2/kms"
"github.com/drakkan/sftpgo/v2/logger"
kmsplugin "github.com/drakkan/sftpgo/v2/sdk/plugin/kms"
"github.com/drakkan/sftpgo/v2/sdk/plugin/notifier"
)
@@ -30,8 +34,10 @@ type Renderer interface {
type Config struct {
// Plugin type
Type string `json:"type" mapstructure:"type"`
// NotifierOptions defines additional options for notifiers plugins
// NotifierOptions defines options for notifiers plugins
NotifierOptions NotifierConfig `json:"notifier_options" mapstructure:"notifier_options"`
// KMSOptions defines options for a KMS plugin
KMSOptions KMSConfig `json:"kms_options" mapstructure:"kms_options"`
// Path to the plugin executable
Cmd string `json:"cmd" mapstructure:"cmd"`
// Args to pass to the plugin executable
@@ -45,20 +51,43 @@ type Config struct {
// rejected. The client will also refuse to connect to any server that isn't
// the original instance started by the client.
AutoMTLS bool `json:"auto_mtls" mapstructure:"auto_mtls"`
// unique identifier for kms plugins
kmsID int
}
func (c *Config) newKMSPluginSecretProvider(base kms.BaseSecret, url, masterKey string) kms.SecretProvider {
return &kmsPluginSecretProvider{
BaseSecret: base,
URL: url,
MasterKey: masterKey,
config: c,
}
}
// Manager handles enabled plugins
type Manager struct {
closed int32
done chan bool
// List of configured plugins
Configs []Config `json:"plugins" mapstructure:"plugins"`
mu sync.RWMutex
notifLock sync.RWMutex
notifiers []*notifierPlugin
kmsLock sync.RWMutex
kms []*kmsPlugin
}
// Initialize initializes the configured plugins
func Initialize(configs []Config, logVerbose bool) error {
Handler = Manager{
Configs: configs,
done: make(chan bool),
closed: 0,
}
if len(configs) == 0 {
return nil
}
if err := Handler.validateConfigs(); err != nil {
return err
}
if logVerbose {
@@ -67,7 +96,8 @@ func Initialize(configs []Config, logVerbose bool) error {
pluginsLogLevel = hclog.Info
}
for _, config := range configs {
kmsID := 0
for idx, config := range Handler.Configs {
switch config.Type {
case notifier.PluginName:
plugin, err := newNotifierPlugin(config)
@@ -75,92 +105,172 @@ func Initialize(configs []Config, logVerbose bool) error {
return err
}
Handler.notifiers = append(Handler.notifiers, plugin)
case kmsplugin.PluginName:
plugin, err := newKMSPlugin(config)
if err != nil {
return err
}
Handler.kms = append(Handler.kms, plugin)
Handler.Configs[idx].kmsID = kmsID
kmsID++
kms.RegisterSecretProvider(config.KMSOptions.Scheme, config.KMSOptions.EncryptedStatus,
Handler.Configs[idx].newKMSPluginSecretProvider)
logger.Debug(logSender, "", "registered secret provider for scheme: %v, encrypted status: %v",
config.KMSOptions.Scheme, config.KMSOptions.EncryptedStatus)
default:
return fmt.Errorf("unsupported plugin type: %v", config.Type)
}
}
startCheckTicker()
return nil
}
func (m *Manager) validateConfigs() error {
kmsSchemes := make(map[string]bool)
kmsEncryptions := make(map[string]bool)
for _, config := range m.Configs {
if config.Type == kmsplugin.PluginName {
if _, ok := kmsSchemes[config.KMSOptions.Scheme]; ok {
return fmt.Errorf("invalid KMS configuration, duplicated scheme %#v", config.KMSOptions.Scheme)
}
if _, ok := kmsEncryptions[config.KMSOptions.EncryptedStatus]; ok {
return fmt.Errorf("invalid KMS configuration, duplicated encrypted status %#v", config.KMSOptions.EncryptedStatus)
}
kmsSchemes[config.KMSOptions.Scheme] = true
kmsEncryptions[config.KMSOptions.EncryptedStatus] = true
}
}
return nil
}
// NotifyFsEvent sends the fs event notifications using any defined notifier plugins
func (m *Manager) NotifyFsEvent(action, username, fsPath, fsTargetPath, sshCmd, protocol string, fileSize int64, err error) {
m.mu.RLock()
m.notifLock.RLock()
defer m.notifLock.RUnlock()
var crashedIdxs []int
for idx, n := range m.notifiers {
for _, n := range m.notifiers {
if n.exited() {
crashedIdxs = append(crashedIdxs, idx)
} else {
n.notifyFsAction(action, username, fsPath, fsTargetPath, sshCmd, protocol, fileSize, err)
}
}
m.mu.RUnlock()
if len(crashedIdxs) > 0 {
m.restartCrashedNotifiers(crashedIdxs)
m.mu.RLock()
defer m.mu.RUnlock()
for idx := range crashedIdxs {
if !m.notifiers[idx].exited() {
m.notifiers[idx].notifyFsAction(action, username, fsPath, fsTargetPath, sshCmd, protocol, fileSize, err)
}
logger.Warn(logSender, "", "notifer plugin %v is not active, unable to send fs event", n.config.Cmd)
continue
}
n.notifyFsAction(action, username, fsPath, fsTargetPath, sshCmd, protocol, fileSize, err)
}
}
// NotifyUserEvent sends the user event notifications using any defined notifier plugins
func (m *Manager) NotifyUserEvent(action string, user Renderer) {
m.mu.RLock()
m.notifLock.RLock()
defer m.notifLock.RUnlock()
var crashedIdxs []int
for idx, n := range m.notifiers {
for _, n := range m.notifiers {
if n.exited() {
crashedIdxs = append(crashedIdxs, idx)
} else {
n.notifyUserAction(action, user)
}
}
m.mu.RUnlock()
if len(crashedIdxs) > 0 {
m.restartCrashedNotifiers(crashedIdxs)
m.mu.RLock()
defer m.mu.RUnlock()
for idx := range crashedIdxs {
if !m.notifiers[idx].exited() {
m.notifiers[idx].notifyUserAction(action, user)
}
logger.Warn(logSender, "", "notifer plugin %v is not active, unable to send user event", n.config.Cmd)
continue
}
n.notifyUserAction(action, user)
}
}
func (m *Manager) restartCrashedNotifiers(crashedIdxs []int) {
for _, idx := range crashedIdxs {
m.mu.Lock()
defer m.mu.Unlock()
func (m *Manager) kmsEncrypt(secret kms.BaseSecret, url string, masterKey string, kmsID int) (string, string, int32, error) {
m.kmsLock.RLock()
plugin := m.kms[kmsID]
m.kmsLock.RUnlock()
if m.notifiers[idx].exited() {
logger.Info(logSender, "", "try to restart crashed plugin %v", m.Configs[idx].Cmd)
plugin, err := newNotifierPlugin(m.Configs[idx])
if err == nil {
m.notifiers[idx] = plugin
} else {
logger.Warn(logSender, "", "plugin %v crashed and restart failed: %v", m.Configs[idx].Cmd, err)
}
return plugin.Encrypt(secret, url, masterKey)
}
func (m *Manager) kmsDecrypt(secret kms.BaseSecret, url string, masterKey string, kmsID int) (string, error) {
m.kmsLock.RLock()
plugin := m.kms[kmsID]
m.kmsLock.RUnlock()
return plugin.Decrypt(secret, url, masterKey)
}
func (m *Manager) checkCrashedPlugins() {
m.notifLock.RLock()
for idx, n := range m.notifiers {
if n.exited() {
defer Handler.restartNotifierPlugin(n.config, idx)
}
}
m.notifLock.RUnlock()
m.kmsLock.RLock()
for idx, k := range m.kms {
if k.exited() {
defer Handler.restartKMSPlugin(k.config, idx)
}
}
m.kmsLock.RUnlock()
}
func (m *Manager) restartNotifierPlugin(config Config, idx int) {
if atomic.LoadInt32(&m.closed) == 1 {
return
}
logger.Info(logSender, "", "try to restart notifier crashed plugin %#v, idx: %v", config.Cmd, idx)
plugin, err := newNotifierPlugin(config)
if err != nil {
logger.Warn(logSender, "", "unable to restart notifier plugin %#v, err: %v", config.Cmd, err)
return
}
m.notifLock.Lock()
m.notifiers[idx] = plugin
m.notifLock.Unlock()
}
func (m *Manager) restartKMSPlugin(config Config, idx int) {
if atomic.LoadInt32(&m.closed) == 1 {
return
}
logger.Info(logSender, "", "try to restart crashed kms plugin %#v, idx: %v", config.Cmd, idx)
plugin, err := newKMSPlugin(config)
if err != nil {
logger.Warn(logSender, "", "unable to restart kms plugin %#v, err: %v", config.Cmd, err)
return
}
m.kmsLock.Lock()
m.kms[idx] = plugin
m.kmsLock.Unlock()
}
// Cleanup releases all the active plugins
func (m *Manager) Cleanup() {
atomic.StoreInt32(&m.closed, 1)
close(m.done)
m.notifLock.Lock()
for _, n := range m.notifiers {
logger.Debug(logSender, "", "cleanup plugin %v", n.config.Cmd)
logger.Debug(logSender, "", "cleanup notifier plugin %v", n.config.Cmd)
n.cleanup()
}
m.notifLock.Unlock()
m.kmsLock.Lock()
for _, k := range m.kms {
logger.Debug(logSender, "", "cleanup kms plugin %v", k.config.Cmd)
k.cleanup()
}
m.kmsLock.Unlock()
}
func startCheckTicker() {
logger.Debug(logSender, "", "start plugins checker")
checker := time.NewTicker(30 * time.Second)
go func() {
for {
select {
case <-Handler.done:
logger.Debug(logSender, "", "handler done, stop plugins checker")
checker.Stop()
return
case <-checker.C:
Handler.checkCrashedPlugins()
}
}
}()
}