summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLuke Shumaker <lukeshu@lukeshu.com>2017-12-18 15:12:33 -0500
committerLuke Shumaker <lukeshu@lukeshu.com>2017-12-19 00:07:07 -0500
commit58ea9bb4a0803dfd1f9014ce0966699fc4b4633b (patch)
treef863f31e9baeee69c0973b983a5d10afc29e8f12
parent6b23f1082f0d67293892726471af031c1bad882a (diff)
update dependencies
actually, roll "errors" back to the last tagged version, instead of master
m---------go/src/git.lukeshu.com/go/libnslcd0
m---------go/src/git.lukeshu.com/go/libsystemd0
m---------go/src/github.com/pkg/errors0
m---------go/src/gopkg.in/yaml.v20
-rw-r--r--go/src/nshd/main.go3
-rw-r--r--go/src/nshd/nslcd_backend/db_config.go5
-rw-r--r--go/src/nshd/nslcd_backend/db_group.go11
-rw-r--r--go/src/nshd/nslcd_backend/db_pam.go17
-rw-r--r--go/src/nshd/nslcd_backend/db_passwd.go9
-rw-r--r--go/src/nshd/nslcd_backend/db_shadow.go18
10 files changed, 45 insertions, 18 deletions
diff --git a/go/src/git.lukeshu.com/go/libnslcd b/go/src/git.lukeshu.com/go/libnslcd
-Subproject 549843228517e1d72840e18caf369d211623ddd
+Subproject dfe22c5b083443ed00df9431cbd3cd7a7b4fd6a
diff --git a/go/src/git.lukeshu.com/go/libsystemd b/go/src/git.lukeshu.com/go/libsystemd
-Subproject dc9fd4538267a3f793c9eee27c8bb118e784b77
+Subproject 0a43955333992153412a6b8a99b2825c3d0a74c
diff --git a/go/src/github.com/pkg/errors b/go/src/github.com/pkg/errors
-Subproject c605e284fe17294bda444b34710735b29d1a9d9
+Subproject 645ef00459ed84a119197bfb8d8205042c6df63
diff --git a/go/src/gopkg.in/yaml.v2 b/go/src/gopkg.in/yaml.v2
-Subproject eb3733d160e74a9c7e442f435eb3bea458e1d19
+Subproject 287cf08546ab5e7e37d55a84f7ed3fd1db036de
diff --git a/go/src/nshd/main.go b/go/src/nshd/main.go
index 9ce3589..3f77ec2 100644
--- a/go/src/nshd/main.go
+++ b/go/src/nshd/main.go
@@ -19,6 +19,7 @@
package main
import (
+ "context"
"os"
"time"
@@ -37,5 +38,5 @@ func main() {
Timeout: 1 * time.Second,
RequestMaxSize:/* 1 KiB */ 1024,
}
- os.Exit(int(nslcd_systemd.Main(backend, limits)))
+ os.Exit(int(nslcd_systemd.Main(backend, limits, context.Background())))
}
diff --git a/go/src/nshd/nslcd_backend/db_config.go b/go/src/nshd/nslcd_backend/db_config.go
index d00bf02..e59e811 100644
--- a/go/src/nshd/nslcd_backend/db_config.go
+++ b/go/src/nshd/nslcd_backend/db_config.go
@@ -17,11 +17,12 @@
package nslcd_backend
import (
+ "context"
+
p "git.lukeshu.com/go/libnslcd/nslcd_proto"
- s "golang.org/x/sys/unix"
)
-func (o *Hackers) Config_Get(cred s.Ucred, req p.Request_Config_Get) <-chan p.Config {
+func (o *Hackers) Config_Get(ctx context.Context, req p.Request_Config_Get) <-chan p.Config {
o.lock.RLock()
ret := make(chan p.Config)
go func() {
diff --git a/go/src/nshd/nslcd_backend/db_group.go b/go/src/nshd/nslcd_backend/db_group.go
index 04c7e3b..e6c259b 100644
--- a/go/src/nshd/nslcd_backend/db_group.go
+++ b/go/src/nshd/nslcd_backend/db_group.go
@@ -17,10 +17,11 @@
package nslcd_backend
import (
+ "context"
+
"nshd/util"
p "git.lukeshu.com/go/libnslcd/nslcd_proto"
- s "golang.org/x/sys/unix"
)
func (o *Hackers) groupByName(name string, users bool) p.Group {
@@ -69,7 +70,7 @@ func (o *Hackers) groupByGid(gid int32, users bool) p.Group {
}
}
-func (o *Hackers) Group_ByName(cred s.Ucred, req p.Request_Group_ByName) <-chan p.Group {
+func (o *Hackers) Group_ByName(ctx context.Context, req p.Request_Group_ByName) <-chan p.Group {
o.lock.RLock()
ret := make(chan p.Group)
go func() {
@@ -85,7 +86,7 @@ func (o *Hackers) Group_ByName(cred s.Ucred, req p.Request_Group_ByName) <-chan
return ret
}
-func (o *Hackers) Group_ByGid(cred s.Ucred, req p.Request_Group_ByGid) <-chan p.Group {
+func (o *Hackers) Group_ByGid(ctx context.Context, req p.Request_Group_ByGid) <-chan p.Group {
o.lock.RLock()
ret := make(chan p.Group)
go func() {
@@ -102,7 +103,7 @@ func (o *Hackers) Group_ByGid(cred s.Ucred, req p.Request_Group_ByGid) <-chan p.
}
// note that the BYMEMBER call returns an empty members list
-func (o *Hackers) Group_ByMember(cred s.Ucred, req p.Request_Group_ByMember) <-chan p.Group {
+func (o *Hackers) Group_ByMember(ctx context.Context, req p.Request_Group_ByMember) <-chan p.Group {
o.lock.RLock()
ret := make(chan p.Group)
go func() {
@@ -123,7 +124,7 @@ func (o *Hackers) Group_ByMember(cred s.Ucred, req p.Request_Group_ByMember) <-c
return ret
}
-func (o *Hackers) Group_All(cred s.Ucred, req p.Request_Group_All) <-chan p.Group {
+func (o *Hackers) Group_All(ctx context.Context, req p.Request_Group_All) <-chan p.Group {
o.lock.RLock()
ret := make(chan p.Group)
go func() {
diff --git a/go/src/nshd/nslcd_backend/db_pam.go b/go/src/nshd/nslcd_backend/db_pam.go
index 96a5567..bec3fbf 100644
--- a/go/src/nshd/nslcd_backend/db_pam.go
+++ b/go/src/nshd/nslcd_backend/db_pam.go
@@ -17,6 +17,7 @@
package nslcd_backend
import (
+ "context"
"fmt"
"os"
@@ -24,7 +25,7 @@ import (
"nshd/util"
p "git.lukeshu.com/go/libnslcd/nslcd_proto"
- s "golang.org/x/sys/unix"
+ "git.lukeshu.com/go/libnslcd/nslcd_server"
"git.lukeshu.com/go/libgnulinux/crypt"
"git.lukeshu.com/go/libsystemd/sd_daemon"
@@ -71,13 +72,18 @@ func (o *Hackers) canChangePassword(user nshd_files.User, oldpassword string) bo
// call NSS getspnam(3), which will call our Shadow_ByName()), but
// pam_ldap.so calls this as a pre-flight check for
// pam_sm_chauthtok()/PAM_PwMod().
-func (o *Hackers) PAM_Authentication(cred s.Ucred, req p.Request_PAM_Authentication) <-chan p.PAM_Authentication {
+func (o *Hackers) PAM_Authentication(ctx context.Context, req p.Request_PAM_Authentication) <-chan p.PAM_Authentication {
o.lock.RLock()
ret := make(chan p.PAM_Authentication)
go func() {
defer o.lock.RUnlock()
defer close(ret)
+ cred, ok := nslcd_server.PeerCredFromContext(ctx)
+ if !ok {
+ return
+ }
+
if len(req.UserName) == 0 && len(req.Password) == 0 && cred.Uid == 0 {
// Being called by root; root can do what root
// wants.
@@ -119,13 +125,18 @@ func (o *Hackers) PAM_Authentication(cred s.Ucred, req p.Request_PAM_Authenticat
return ret
}
-func (o *Hackers) PAM_PwMod(cred s.Ucred, req p.Request_PAM_PwMod) <-chan p.PAM_PwMod {
+func (o *Hackers) PAM_PwMod(ctx context.Context, req p.Request_PAM_PwMod) <-chan p.PAM_PwMod {
ret := make(chan p.PAM_PwMod)
o.lock.Lock()
go func() {
defer o.lock.Unlock()
defer close(ret)
+ cred, ok := nslcd_server.PeerCredFromContext(ctx)
+ if !ok {
+ return
+ }
+
uid := o.name2uid(req.UserName)
if uid < 0 {
return
diff --git a/go/src/nshd/nslcd_backend/db_passwd.go b/go/src/nshd/nslcd_backend/db_passwd.go
index 535c7e1..7405623 100644
--- a/go/src/nshd/nslcd_backend/db_passwd.go
+++ b/go/src/nshd/nslcd_backend/db_passwd.go
@@ -17,8 +17,9 @@
package nslcd_backend
import (
+ "context"
+
p "git.lukeshu.com/go/libnslcd/nslcd_proto"
- s "golang.org/x/sys/unix"
)
/* Note that the output password hash value should be one of:
@@ -34,7 +35,7 @@ import (
in", but fails to authorize; passing the buck to the next database.
*/
-func (o *Hackers) Passwd_ByName(cred s.Ucred, req p.Request_Passwd_ByName) <-chan p.Passwd {
+func (o *Hackers) Passwd_ByName(ctx context.Context, req p.Request_Passwd_ByName) <-chan p.Passwd {
o.lock.RLock()
ret := make(chan p.Passwd)
go func() {
@@ -52,7 +53,7 @@ func (o *Hackers) Passwd_ByName(cred s.Ucred, req p.Request_Passwd_ByName) <-cha
return ret
}
-func (o *Hackers) Passwd_ByUID(cred s.Ucred, req p.Request_Passwd_ByUID) <-chan p.Passwd {
+func (o *Hackers) Passwd_ByUID(ctx context.Context, req p.Request_Passwd_ByUID) <-chan p.Passwd {
o.lock.RLock()
ret := make(chan p.Passwd)
go func() {
@@ -70,7 +71,7 @@ func (o *Hackers) Passwd_ByUID(cred s.Ucred, req p.Request_Passwd_ByUID) <-chan
return ret
}
-func (o *Hackers) Passwd_All(cred s.Ucred, req p.Request_Passwd_All) <-chan p.Passwd {
+func (o *Hackers) Passwd_All(ctx context.Context, req p.Request_Passwd_All) <-chan p.Passwd {
o.lock.RLock()
ret := make(chan p.Passwd)
go func() {
diff --git a/go/src/nshd/nslcd_backend/db_shadow.go b/go/src/nshd/nslcd_backend/db_shadow.go
index ab1d68f..6cf6dbc 100644
--- a/go/src/nshd/nslcd_backend/db_shadow.go
+++ b/go/src/nshd/nslcd_backend/db_shadow.go
@@ -17,17 +17,24 @@
package nslcd_backend
import (
+ "context"
+
p "git.lukeshu.com/go/libnslcd/nslcd_proto"
- s "golang.org/x/sys/unix"
+ "git.lukeshu.com/go/libnslcd/nslcd_server"
)
-func (o *Hackers) Shadow_ByName(cred s.Ucred, req p.Request_Shadow_ByName) <-chan p.Shadow {
+func (o *Hackers) Shadow_ByName(ctx context.Context, req p.Request_Shadow_ByName) <-chan p.Shadow {
o.lock.RLock()
ret := make(chan p.Shadow)
go func() {
defer o.lock.RUnlock()
defer close(ret)
+ cred, ok := nslcd_server.PeerCredFromContext(ctx)
+ if !ok {
+ return
+ }
+
if cred.Uid != 0 {
return
}
@@ -48,13 +55,18 @@ func (o *Hackers) Shadow_ByName(cred s.Ucred, req p.Request_Shadow_ByName) <-cha
return ret
}
-func (o *Hackers) Shadow_All(cred s.Ucred, req p.Request_Shadow_All) <-chan p.Shadow {
+func (o *Hackers) Shadow_All(ctx context.Context, req p.Request_Shadow_All) <-chan p.Shadow {
o.lock.RLock()
ret := make(chan p.Shadow)
go func() {
defer o.lock.RUnlock()
defer close(ret)
+ cred, ok := nslcd_server.PeerCredFromContext(ctx)
+ if !ok {
+ return
+ }
+
if cred.Uid != 0 {
return
}