Support an SSH (SFTP) server

Sources/Citadel/Algorithms/RSA.swift

@@ -51,8 +51,7 @@ extension Insecure.RSA {
 //
 //            let result = message.power(publicExponent, modulus: modulus)
 //            return EncryptedMessage(rawRepresentation: result.serialize())
-//            throw CitadelError.unsupported
-            fatalError()
+            throw CitadelError.unsupported
         }
 
         public func isValidSignature<D: DataProtocol>(_ signature: Signature, for digest: D) -> Bool {
@@ -266,8 +265,7 @@ extension Insecure.RSA {
 //
 //                return signature.power(privateExponent, modulus: modulus).serialize()
 //            }
-//            throw CitadelError.unsupported
-            fatalError()
+            throw CitadelError.unsupported
         }
 
         internal func generatedSharedSecret(with publicKey: PublicKey, modulus: BigUInt) -> Data {

Sources/Citadel/Errors.swift

@@ -15,5 +15,6 @@ enum SFTPError: Error {
     case connectionClosed
     case missingResponse
     case fileHandleInvalid
+    case errorStatus(SFTPMessage.Status)
     case unsupportedVersion(SFTPProtocolVersion)
 }

Sources/Citadel/SFTP/SFTPClient.swift

@@ -30,7 +30,7 @@ public final class SFTPClient {
 
         let deserializeHandler = ByteToMessageHandler(SFTPMessageParser())
         let serializeHandler = MessageToByteHandler(SFTPMessageSerializer())
-        let sftpInboundHandler = SFTPInboundHandler(responses: responses, logger: logger)
+        let sftpInboundHandler = SFTPClientInboundHandler(responses: responses, logger: logger)
 
         return channel.pipeline.addHandlers(
             SSHChannelDataUnwrapper(),
@@ -276,48 +276,3 @@ final class SFTPResponses {
         }
     }
 }
-
-final class SFTPInboundHandler: ChannelInboundHandler {
-    typealias InboundIn = SFTPMessage
-
-    let responses: SFTPResponses
-    let logger: Logger
-
-    init(responses: SFTPResponses, logger: Logger) {
-        self.responses = responses
-        self.logger = logger
-    }
-
-    func channelRead(context: ChannelHandlerContext, data: NIOAny) {
-        let message = unwrapInboundIn(data)
-
-        self.logger.trace("SFTP IN:  \(message.debugDescription)")
-        //self.logger.trace("SFTP IN:  \(message.debugRawBytesRepresentation)")
-
-        if !self.responses.isInitialized, case .version(let version) = message {
-            if version.version != .v3 {
-                logger.warning("SFTP ERROR: Server version is unrecognized or incompatible: \(version.version.rawValue)")
-                context.fireErrorCaught(SFTPError.unsupportedVersion(version.version))
-            } else {
-                responses.initialized.succeed(version)
-            }
-        } else if let response = SFTPResponse(message: message) {
-            if let promise = responses.responses.removeValue(forKey: response.requestId) {
-                if case .status(let status) = response, status.errorCode != .ok {
-                    // logged as debug rather than warning because there are many cases in which a protocol error is
-                    // not only nonfatal, but even expected (such as SSH_FX_EOF).
-                    self.logger.debug("SFTP error received: \(status)")
-                    promise.fail(status)
-                } else {
-                    promise.succeed(response)
-                }
-            } else {
-                self.logger.warning("SFTP response received for nonexistent request, this is a protocol error")
-                context.fireErrorCaught(SFTPError.noResponseTarget)
-            }
-        } else {
-            self.logger.warning("SFTP received unrecognized response message, this is a protocol error")
-            context.fireErrorCaught(SFTPError.invalidResponse)
-        }
-    }
-}

Sources/Citadel/SFTP/SFTPClientInboundHandler.swift

@@ -0,0 +1,46 @@
+import Foundation
+import NIO
+import NIOSSH
+import Logging
+
+final class SFTPClientInboundHandler: ChannelInboundHandler {
+    typealias InboundIn = SFTPMessage
+
+    let responses: SFTPResponses
+    let logger: Logger
+
+    init(responses: SFTPResponses, logger: Logger) {
+        self.responses = responses
+        self.logger = logger
+    }
+
+    func channelRead(context: ChannelHandlerContext, data: NIOAny) {
+        let message = unwrapInboundIn(data)
+
+        if !self.responses.isInitialized, case .version(let version) = message {
+            if version.version != .v3 {
+                logger.warning("SFTP ERROR: Server version is unrecognized or incompatible: \(version.version.rawValue)")
+                context.fireErrorCaught(SFTPError.unsupportedVersion(version.version))
+            } else {
+                responses.initialized.succeed(version)
+            }
+        } else if let response = SFTPResponse(message: message) {
+            if let promise = responses.responses.removeValue(forKey: response.requestId) {
+                if case .status(let status) = response, status.errorCode != .ok {
+                    // logged as debug rather than warning because there are many cases in which a protocol error is
+                    // not only nonfatal, but even expected (such as SSH_FX_EOF).
+                    self.logger.debug("SFTP error received: \(status)")
+                    promise.fail(status)
+                } else {
+                    promise.succeed(response)
+                }
+            } else {
+                self.logger.warning("SFTP response received for nonexistent request, this is a protocol error")
+                context.fireErrorCaught(SFTPError.noResponseTarget)
+            }
+        } else {
+            self.logger.warning("SFTP received unrecognized response message, this is a protocol error")
+            context.fireErrorCaught(SFTPError.invalidResponse)
+        }
+    }
+}

Sources/Citadel/SFTP/SFTPFile.swift

@@ -97,10 +97,19 @@ public final class SFTPFile {
         let sliceLength = 32_000 // https://github.com/apple/swift-nio-ssh/issues/99
 
         while data.readableBytes > 0, let slice = data.readSlice(length: Swift.min(sliceLength, data.readableBytes)) {
-            _ = try await self.client.sendRequest(.write(.init(
+            let result = try await self.client.sendRequest(.write(.init(
                 requestId: self.client.allocateRequestId(),
                 handle: self.handle, offset: offset + UInt64(data.readerIndex) - UInt64(slice.readableBytes), data: slice
             )))
+
+            guard case .status(let status) = result else {
+                throw SFTPError.invalidResponse
+            }
+
+            guard status.errorCode == .ok else {
+                throw SFTPError.errorStatus(status)
+            }
+
             self.logger.debug("SFTP wrote \(slice.readableBytes) @ \(Int(offset) + data.readerIndex - slice.readableBytes) to file \(self.handle.sftpHandleDebugDescription)")
         }
 
@@ -120,8 +129,18 @@ public final class SFTPFile {
         }
 
         self.logger.debug("SFTP closing and invalidating file \(self.handle.sftpHandleDebugDescription)")
+
         self.isActive = false
-        _ = try await self.client.sendRequest(.closeFile(.init(requestId: self.client.allocateRequestId(), handle: self.handle)))
+        let result = try await self.client.sendRequest(.closeFile(.init(requestId: self.client.allocateRequestId(), handle: self.handle)))
+
+        guard case .status(let status) = result else {
+            throw SFTPError.invalidResponse
+        }
+
+        guard status.errorCode == .ok else {
+            throw SFTPError.errorStatus(status)
+        }
+
         self.logger.debug("SFTP closed file \(self.handle.sftpHandleDebugDescription)")
     }
 }

Sources/Citadel/SFTP/SFTPFileFlags.swift

@@ -126,6 +126,11 @@ public struct SFTPFileAttributes: CustomDebugStringConvertible {
 //    let extended_count: UInt32?
 
     public static let none = SFTPFileAttributes()
+    public static let all: SFTPFileAttributes = {
+        var attr = SFTPFileAttributes()
+        attr.permissions = 777
+        return attr
+    }()
 
     public var debugDescription: String { "unimplemented" }
 }

Sources/Citadel/SFTP/SFTPMessage.swift

@@ -95,7 +95,7 @@ enum SFTPResponse {
             self = .data(message)
         case .mkdir(let message):
             self = .mkdir(message)
-        case .openFile, .closeFile, .read, .write, .initialize, .version:
+        case .attributes, .openFile, .closeFile, .read, .write, .initialize, .version, .stat, .lstat:
             return nil
         }
     }
@@ -234,6 +234,40 @@ public enum SFTPMessage {
         fileprivate var debugVariantWithoutLargeData: Self { self }
     }
 
+    public struct Stat: SFTPMessageContent {
+        public static let id = SFTPMessageType.stat
+
+        public let requestId: UInt32
+        public let path: String
+
+        public var debugDescription: String { "{\(self.requestId)}('\(self.path)'" }
+
+        fileprivate var debugVariantWithoutLargeData: Self { self }
+    }
+
+    public struct LStat: SFTPMessageContent {
+        public static let id = SFTPMessageType.lstat
+
+        public let requestId: UInt32
+        public let path: String
+
+        public var debugDescription: String { "{\(self.requestId)}('\(self.path)'" }
+
+        fileprivate var debugVariantWithoutLargeData: Self { self }
+    }
+
+    public struct Attributes: SFTPMessageContent {
+        public static let id = SFTPMessageType.attributes
+
+        public let requestId: UInt32
+        public let attributes: SFTPFileAttributes
+
+        public var debugDescription: String { "{\(self.requestId)}('\(self.attributes)'" }
+
+        fileprivate var debugVariantWithoutLargeData: Self { self }
+    }
+
+
     /// Client.
     ///
     /// Starts SFTP session and indicates client version.
@@ -286,13 +320,26 @@ public enum SFTPMessage {
     /// No response, directory gets created or an error is thrown.
     case mkdir(MkDir)
 
+    case stat(Stat)
+    case lstat(LStat)
+    case attributes(Attributes)
+
     public var messageType: SFTPMessageType {
         switch self {
-        case .initialize(let message as SFTPMessageContent), .version(let message as SFTPMessageContent),
-             .openFile(let message as SFTPMessageContent), .closeFile(let message as SFTPMessageContent),
-             .read(let message as SFTPMessageContent), .write(let message as SFTPMessageContent),
-             .handle(let message as SFTPMessageContent), .status(let message as SFTPMessageContent),
-             .data(let message as SFTPMessageContent), .mkdir(let message as SFTPMessageContent):
+        case
+                .initialize(let message as SFTPMessageContent),
+                .version(let message as SFTPMessageContent),
+                .openFile(let message as SFTPMessageContent),
+                .closeFile(let message as SFTPMessageContent),
+                .read(let message as SFTPMessageContent),
+                .write(let message as SFTPMessageContent),
+                .handle(let message as SFTPMessageContent),
+                .status(let message as SFTPMessageContent),
+                .data(let message as SFTPMessageContent),
+                .mkdir(let message as SFTPMessageContent),
+                .stat(let message as SFTPMessageContent),
+                .lstat(let message as SFTPMessageContent),
+                .attributes(let message as SFTPMessageContent):
             return message.id
         }
     }
@@ -303,7 +350,9 @@ public enum SFTPMessage {
              .openFile(let message as SFTPMessageContent), .closeFile(let message as SFTPMessageContent),
              .read(let message as SFTPMessageContent), .write(let message as SFTPMessageContent),
              .handle(let message as SFTPMessageContent), .status(let message as SFTPMessageContent),
-             .data(let message as SFTPMessageContent), .mkdir(let message as SFTPMessageContent):
+             .data(let message as SFTPMessageContent), .mkdir(let message as SFTPMessageContent),
+             .stat(let message as SFTPMessageContent), .lstat(let message as SFTPMessageContent),
+             .attributes(let message as SFTPMessageContent):
             return "\(message.id)\(message.debugDescription)"
         }
     }
@@ -320,6 +369,9 @@ public enum SFTPMessage {
         case .status(let message): return Self.status(message.debugVariantWithoutLargeData)
         case .data(let message): return Self.data(message.debugVariantWithoutLargeData)
         case .mkdir(let message): return Self.mkdir(message.debugVariantWithoutLargeData)
+        case .stat(let message): return Self.stat(message.debugVariantWithoutLargeData)
+        case .lstat(let message): return Self.lstat(message.debugVariantWithoutLargeData)
+        case .attributes(let message): return Self.attributes(message.debugVariantWithoutLargeData)
         }
     }
 

Sources/Citadel/SFTP/SFTPMessageParser.swift

@@ -166,9 +166,54 @@ struct SFTPMessageParser: ByteToMessageDecoder {
                     data: data.slice()
                 )
             )
-        case .name, .attributes, .lstat, .fstat, .setstat, .fsetstat, .opendir, .readdir, .remove, .mkdir, .rmdir,
-             .realpath, .stat, .readlink, .symlink, .extended, .extendedReply:
-            fatalError("TODO")
+        case .stat:
+            guard
+                let requestId = payload.readInteger(as: UInt32.self),
+                let path = payload.readSSHString()
+            else {
+                throw SFTPError.invalidPayload(type: type)
+            }
+
+            message = .stat(
+                .init(
+                    requestId: requestId,
+                    path: path
+                )
+            )
+        case .mkdir:
+            guard
+                let requestId = payload.readInteger(as: UInt32.self),
+                let path = payload.readSSHString(),
+                let attributes = payload.readSFTPFileAttributes()
+            else {
+                throw SFTPError.invalidPayload(type: type)
+            }
+
+            message = .mkdir(
+                .init(
+                    requestId: requestId,
+                    filePath: path,
+                    attributes: attributes
+                )
+            )
+        case .lstat:
+            guard
+                let requestId = payload.readInteger(as: UInt32.self),
+                let path = payload.readSSHString()
+            else {
+                throw SFTPError.invalidPayload(type: type)
+            }
+
+            message = .lstat(
+                .init(
+                    requestId: requestId,
+                    path: path
+                )
+            )
+        case .name, .attributes, .fstat, .setstat, .fsetstat, .opendir, .readdir, .remove, .rmdir,
+             .realpath, .readlink, .symlink, .extended, .extendedReply:
+            print(type)
+            throw SFTPError.invalidPayload(type: type)
         }
 
         context.fireChannelRead(wrapInboundOut(message))

Sources/Citadel/SFTP/SFTPSerializer.swift

@@ -60,6 +60,18 @@ final class SFTPMessageSerializer: MessageToByteEncoder {
             out.writeInteger(mkdir.requestId)
             out.writeSSHString(mkdir.filePath)
             out.writeSFTPFileAttribues(mkdir.attributes)
+        case .stat(let stat):
+            out.writeInteger(SFTPMessage.Stat.id.rawValue)
+            out.writeInteger(stat.requestId)
+            out.writeSSHString(stat.path)
+        case .lstat(let lstat):
+            out.writeInteger(SFTPMessage.LStat.id.rawValue)
+            out.writeInteger(lstat.requestId)
+            out.writeSSHString(lstat.path)
+        case .attributes(let fstat):
+            out.writeInteger(SFTPMessage.Attributes.id.rawValue)
+            out.writeInteger(fstat.requestId)
+            out.writeSFTPFileAttribues(fstat.attributes)
         }
 
         let length = out.writerIndex - lengthIndex - 4