summaryrefslogtreecommitdiff
path: root/go/parabola_hackers
diff options
context:
space:
mode:
authorLuke Shumaker <lukeshu@sbcglobal.net>2016-06-18 02:08:59 -0400
committerLuke Shumaker <lukeshu@sbcglobal.net>2016-06-18 02:08:59 -0400
commit34cecd4762e364ade049c455997051ca55663b6f (patch)
tree502182256e773704ca238da3e0b47934a8f495ce /go/parabola_hackers
parent374539da4c9e1b4ea5ca889771ce89b27b119f48 (diff)
update to use the mutable strings in nslcd_proto
Diffstat (limited to 'go/parabola_hackers')
-rw-r--r--go/parabola_hackers/nslcd_backend/db_config.go2
-rw-r--r--go/parabola_hackers/nslcd_backend/db_group.go35
-rw-r--r--go/parabola_hackers/nslcd_backend/db_pam.go55
-rw-r--r--go/parabola_hackers/nslcd_backend/db_passwd.go8
-rw-r--r--go/parabola_hackers/nslcd_backend/db_shadow.go2
-rw-r--r--go/parabola_hackers/nslcd_backend/hackers.go9
-rw-r--r--go/parabola_hackers/users.go.in16
-rw-r--r--go/parabola_hackers/util.go2
8 files changed, 70 insertions, 59 deletions
diff --git a/go/parabola_hackers/nslcd_backend/db_config.go b/go/parabola_hackers/nslcd_backend/db_config.go
index e78643b..281b058 100644
--- a/go/parabola_hackers/nslcd_backend/db_config.go
+++ b/go/parabola_hackers/nslcd_backend/db_config.go
@@ -32,7 +32,7 @@ func (o *Hackers) Config_Get(cred s.Ucred, req p.Request_Config_Get) <-chan p.Co
switch req.Key {
case p.NSLCD_CONFIG_PAM_PASSWORD_PROHIBIT_MESSAGE:
if o.cfg.Pam_password_prohibit_message != "" {
- ret <- p.Config{Value: o.cfg.Pam_password_prohibit_message}
+ ret <- p.Config{Value: p.String(o.cfg.Pam_password_prohibit_message)}
}
}
}()
diff --git a/go/parabola_hackers/nslcd_backend/db_group.go b/go/parabola_hackers/nslcd_backend/db_group.go
index 18e54b1..caced21 100644
--- a/go/parabola_hackers/nslcd_backend/db_group.go
+++ b/go/parabola_hackers/nslcd_backend/db_group.go
@@ -17,12 +17,21 @@
package hackers_nslcd_backend
import (
- "parabola_hackers"
s "syscall"
p "lukeshu.com/git/go/libnslcd.git/proto"
)
+func set2list(set map[string]bool) []p.String {
+ list := make([]p.String, len(set))
+ i := uint(0)
+ for item, _ := range set {
+ list[i] = p.String(item)
+ i++
+ }
+ return list
+}
+
func (o *Hackers) groupByName(name string, users bool) p.Group {
members_set, found := o.groups[name]
if !found {
@@ -32,15 +41,15 @@ func (o *Hackers) groupByName(name string, users bool) p.Group {
if gid < 0 {
return p.Group{ID: -1}
}
- var members_list []string
+ var members_list []p.String
if users {
- members_list = parabola_hackers.Set2list(members_set)
+ members_list = set2list(members_set)
} else {
- members_list = make([]string, 0)
+ members_list = make([]p.String, 0)
}
return p.Group{
- Name: name,
- PwHash: "x",
+ Name: p.String(name),
+ PwHash: p.String("x"),
ID: gid,
Members: members_list,
}
@@ -55,15 +64,15 @@ func (o *Hackers) groupByGid(gid int32, users bool) p.Group {
if !found {
return p.Group{ID: -1}
}
- var members_list []string
+ var members_list []p.String
if users {
- members_list = parabola_hackers.Set2list(members_set)
+ members_list = set2list(members_set)
} else {
- members_list = make([]string, 0)
+ members_list = make([]p.String, 0)
}
return p.Group{
- Name: name,
- PwHash: "x",
+ Name: p.String(name),
+ PwHash: p.String("x"),
ID: gid,
Members: members_list,
}
@@ -76,7 +85,7 @@ func (o *Hackers) Group_ByName(cred s.Ucred, req p.Request_Group_ByName) <-chan
defer o.lock.RUnlock()
defer close(ret)
- group := o.groupByName(req.Name, true)
+ group := o.groupByName(string(req.Name), true)
if group.ID < 0 {
return
}
@@ -109,7 +118,7 @@ func (o *Hackers) Group_ByMember(cred s.Ucred, req p.Request_Group_ByMember) <-c
defer o.lock.RUnlock()
defer close(ret)
- uid := o.name2uid(req.Member)
+ uid := o.name2uid(string(req.Member))
if uid < 0 {
return
}
diff --git a/go/parabola_hackers/nslcd_backend/db_pam.go b/go/parabola_hackers/nslcd_backend/db_pam.go
index 607c550..e20a63f 100644
--- a/go/parabola_hackers/nslcd_backend/db_pam.go
+++ b/go/parabola_hackers/nslcd_backend/db_pam.go
@@ -18,6 +18,7 @@ package hackers_nslcd_backend
import (
"fmt"
+ "os"
"parabola_hackers"
s "syscall"
@@ -26,12 +27,12 @@ import (
"lukeshu.com/git/go/libsystemd.git/sd_daemon/logger"
)
-func checkPassword(password string, hash string) bool {
- return crypt.Crypt(password, hash) == hash
+func checkPassword(password p.String, hash p.String) bool {
+ return crypt.Crypt(string(password), string(hash)) == string(hash)
}
-func hashPassword(newPassword string, oldHash string) string {
- salt := oldHash
+func hashPassword(newPassword p.String, oldHash p.String) p.String {
+ salt := string(oldHash)
if salt == "!" {
str, err := parabola_hackers.RandomString(crypt.SaltAlphabet, 8)
if err != nil {
@@ -40,7 +41,7 @@ func hashPassword(newPassword string, oldHash string) string {
}
salt = "$6$" + str + "$"
}
- return crypt.Crypt(newPassword, salt)
+ return p.String(crypt.Crypt(string(newPassword), salt))
}
func (o *Hackers) PAM_Authentication(cred s.Ucred, req p.Request_PAM_Authentication) <-chan p.PAM_Authentication {
@@ -50,17 +51,17 @@ func (o *Hackers) PAM_Authentication(cred s.Ucred, req p.Request_PAM_Authenticat
defer o.lock.RUnlock()
defer close(ret)
- if req.UserName == "" && req.Password == "" && cred.Uid == 0 {
+ if len(req.UserName) == 0 && len(req.Password) == 0 && cred.Uid == 0 {
ret <- p.PAM_Authentication{
AuthenticationResult: p.NSLCD_PAM_SUCCESS,
- UserName: "",
+ UserName: p.String(""),
AuthorizationResult: p.NSLCD_PAM_SUCCESS,
- AuthorizationError: "",
+ AuthorizationError: p.String(""),
}
return
}
- uid := o.name2uid(req.UserName)
+ uid := o.name2uid(string(req.UserName))
if uid < 0 {
return
}
@@ -68,9 +69,9 @@ func (o *Hackers) PAM_Authentication(cred s.Ucred, req p.Request_PAM_Authenticat
user := o.users[uid]
obj := p.PAM_Authentication{
AuthenticationResult: p.NSLCD_PAM_AUTH_ERR,
- UserName: "",
+ UserName: p.String(""),
AuthorizationResult: p.NSLCD_PAM_AUTH_ERR,
- AuthorizationError: "",
+ AuthorizationError: p.String(""),
}
if checkPassword(req.Password, user.Passwd.PwHash) {
obj.AuthenticationResult = p.NSLCD_PAM_SUCCESS
@@ -89,13 +90,13 @@ func (o *Hackers) PAM_Authorization(cred s.Ucred, req p.Request_PAM_Authorizatio
defer o.lock.RUnlock()
defer close(ret)
- uid := o.name2uid(req.UserName)
+ uid := o.name2uid(string(req.UserName))
if uid < 0 {
return
}
ret <- p.PAM_Authorization{
Result: p.NSLCD_PAM_SUCCESS,
- Error: "",
+ Error: p.String(""),
}
}()
return ret
@@ -112,7 +113,7 @@ func (o *Hackers) PAM_SessionOpen(cred s.Ucred, req p.Request_PAM_SessionOpen) <
if err != nil {
return
}
- ret <- p.PAM_SessionOpen{SessionID: sessionid}
+ ret <- p.PAM_SessionOpen{SessionID: p.String(sessionid)}
}()
return ret
}
@@ -130,7 +131,7 @@ func (o *Hackers) PAM_PwMod(cred s.Ucred, req p.Request_PAM_PwMod) <-chan p.PAM_
defer close(ret)
defer o.lock.Unlock()
- uid := o.name2uid(req.UserName)
+ uid := o.name2uid(string(req.UserName))
if uid < 0 {
return
}
@@ -138,20 +139,20 @@ func (o *Hackers) PAM_PwMod(cred s.Ucred, req p.Request_PAM_PwMod) <-chan p.PAM_
// Check the OldPassword
if req.AsRoot == 1 && cred.Uid == 0 {
- // bypass the password check
- } else {
- if !checkPassword(req.OldPassword, user.Passwd.PwHash) {
- ret <- p.PAM_PwMod{
- Result: p.NSLCD_PAM_PERM_DENIED,
- Error: fmt.Sprintf("password change failed: %s", "Old password did not match"),
- }
- return
+ goto update
+ }
+ if !checkPassword(req.OldPassword, user.Passwd.PwHash) {
+ ret <- p.PAM_PwMod{
+ Result: p.NSLCD_PAM_PERM_DENIED,
+ Error: p.String(fmt.Sprintf("password change failed: %s", "Old password did not match")),
}
+ return
}
+ update:
// Update the PwHash in memory
user.Passwd.PwHash = hashPassword(req.NewPassword, user.Passwd.PwHash)
- if user.Passwd.PwHash == "" {
+ if len(user.Passwd.PwHash) == 0 {
logger.Err("Password hashing failed")
return
}
@@ -159,9 +160,9 @@ func (o *Hackers) PAM_PwMod(cred s.Ucred, req p.Request_PAM_PwMod) <-chan p.PAM_
// Update the PwHash on disk
passwords := make(map[string]string, len(o.users))
for _, ouser := range o.users {
- passwords[ouser.Passwd.Name] = ouser.Passwd.PwHash
+ passwords[string(ouser.Passwd.Name)] = string(ouser.Passwd.PwHash)
}
- passwords[user.Passwd.Name] = user.Passwd.PwHash
+ passwords[string(user.Passwd.Name)] = string(user.Passwd.PwHash)
err := parabola_hackers.SaveAllPasswords(passwords)
if err != nil {
logger.Err("Writing passwords to disk: %v", err)
@@ -172,7 +173,7 @@ func (o *Hackers) PAM_PwMod(cred s.Ucred, req p.Request_PAM_PwMod) <-chan p.PAM_
o.users[uid] = user
ret <- p.PAM_PwMod{
Result: p.NSLCD_PAM_SUCCESS,
- Error: "",
+ Error: p.String(""),
}
}()
return ret
diff --git a/go/parabola_hackers/nslcd_backend/db_passwd.go b/go/parabola_hackers/nslcd_backend/db_passwd.go
index 3f32ddd..7bac808 100644
--- a/go/parabola_hackers/nslcd_backend/db_passwd.go
+++ b/go/parabola_hackers/nslcd_backend/db_passwd.go
@@ -36,12 +36,12 @@ func (o *Hackers) Passwd_ByName(cred s.Ucred, req p.Request_Passwd_ByName) <-cha
defer o.lock.RUnlock()
defer close(ret)
- uid := o.name2uid(req.Name)
+ uid := o.name2uid(string(req.Name))
if uid < 0 {
return
}
passwd := o.users[uid].Passwd
- passwd.PwHash = "x" // only put actual hashes in the Shadow DB
+ passwd.PwHash = p.String("x") // only put actual hashes in the Shadow DB
ret <- passwd
}()
return ret
@@ -59,7 +59,7 @@ func (o *Hackers) Passwd_ByUID(cred s.Ucred, req p.Request_Passwd_ByUID) <-chan
return
}
passwd := user.Passwd
- passwd.PwHash = "x" // only put actual hashes in the Shadow DB
+ passwd.PwHash = p.String("x") // only put actual hashes in the Shadow DB
ret <- passwd
}()
return ret
@@ -74,7 +74,7 @@ func (o *Hackers) Passwd_All(cred s.Ucred, req p.Request_Passwd_All) <-chan p.Pa
for _, user := range o.users {
passwd := user.Passwd
- passwd.PwHash = "x" // only put actual hashes in the Shadow DB
+ passwd.PwHash = p.String("x") // only put actual hashes in the Shadow DB
ret <- passwd
}
}()
diff --git a/go/parabola_hackers/nslcd_backend/db_shadow.go b/go/parabola_hackers/nslcd_backend/db_shadow.go
index abfff28..db114d8 100644
--- a/go/parabola_hackers/nslcd_backend/db_shadow.go
+++ b/go/parabola_hackers/nslcd_backend/db_shadow.go
@@ -32,7 +32,7 @@ func (o *Hackers) Shadow_ByName(cred s.Ucred, req p.Request_Shadow_ByName) <-cha
if cred.Uid != 0 {
return
}
- uid := o.name2uid(req.Name)
+ uid := o.name2uid(string(req.Name))
user := o.users[uid]
ret <- p.Shadow{
Name: user.Passwd.Name,
diff --git a/go/parabola_hackers/nslcd_backend/hackers.go b/go/parabola_hackers/nslcd_backend/hackers.go
index bb03862..c436824 100644
--- a/go/parabola_hackers/nslcd_backend/hackers.go
+++ b/go/parabola_hackers/nslcd_backend/hackers.go
@@ -22,6 +22,7 @@ import (
"parabola_hackers"
"sync"
+ p "lukeshu.com/git/go/libnslcd.git/proto"
nslcd_server "lukeshu.com/git/go/libnslcd.git/proto/server"
nslcd_systemd "lukeshu.com/git/go/libnslcd.git/systemd"
"lukeshu.com/git/go/libsystemd.git/sd_daemon/logger"
@@ -90,14 +91,14 @@ func (o *Hackers) Reload() error {
o.groups = make(map[string]map[string]bool)
for uid, user := range o.users {
user.Passwd.GID = usersGid
- hash, hasHash := passwords[user.Passwd.Name]
+ hash, hasHash := passwords[string(user.Passwd.Name)]
if !hasHash {
hash = "!"
}
- user.Passwd.PwHash = hash
+ user.Passwd.PwHash = p.String(hash)
o.users[uid] = user
for _, groupname := range user.Groups {
- o.add_user_to_group(user.Passwd.Name, groupname)
+ o.add_user_to_group(string(user.Passwd.Name), groupname)
}
}
return nil
@@ -105,7 +106,7 @@ func (o *Hackers) Reload() error {
func (o *Hackers) name2uid(name string) int32 {
for uid, data := range o.users {
- if data.Passwd.Name == name {
+ if string(data.Passwd.Name) == name {
return uid
}
}
diff --git a/go/parabola_hackers/users.go.in b/go/parabola_hackers/users.go.in
index aeda069..edd8a59 100644
--- a/go/parabola_hackers/users.go.in
+++ b/go/parabola_hackers/users.go.in
@@ -21,7 +21,7 @@ import (
"os/exec"
yaml "gopkg.in/yaml.v2"
- nslcd_proto "lukeshu.com/git/go/libnslcd.git/proto"
+ p "lukeshu.com/git/go/libnslcd.git/proto"
"lukeshu.com/git/go/libsystemd.git/sd_daemon/logger"
)
@@ -33,7 +33,7 @@ import (
other - encrypted password, in crypt(3) format */
type User struct {
- Passwd nslcd_proto.Passwd
+ Passwd p.Passwd
Groups []string
}
@@ -89,8 +89,8 @@ func parseUser(_data interface{}) (ret User, err error) {
} else if str, isTyp := iface.(string); !isTyp {
errs = append(errs, "\"username\" is not a string")
} else {
- ret.Passwd.Name = str
- ret.Passwd.HomeDir = "/home/" + str
+ ret.Passwd.Name = p.String(str)
+ ret.Passwd.HomeDir = p.String("/home/" + str)
}
if iface, isSet := data["fullname"]; !isSet {
@@ -98,7 +98,7 @@ func parseUser(_data interface{}) (ret User, err error) {
} else if str, isTyp := iface.(string); !isTyp {
errs = append(errs, "\"fullname\" is not a string")
} else {
- ret.Passwd.GECOS = str
+ ret.Passwd.GECOS = p.String(str)
}
if iface, isSet := data["shell"]; !isSet {
@@ -106,7 +106,7 @@ func parseUser(_data interface{}) (ret User, err error) {
} else if str, isTyp := iface.(string); !isTyp {
errs = append(errs, "\"shell\" is not a string")
} else {
- ret.Passwd.Shell = str
+ ret.Passwd.Shell = p.String(str)
}
if iface, isSet := data["groups"]; !isSet {
@@ -126,7 +126,7 @@ func parseUser(_data interface{}) (ret User, err error) {
}
}
if !e {
- ret.Groups = Set2list(groups)
+ ret.Groups = set2list(groups)
}
}
}
@@ -134,7 +134,7 @@ func parseUser(_data interface{}) (ret User, err error) {
err = &yaml.TypeError{Errors: errs}
}
- ret.Passwd.PwHash = "x" // look in shadow for the password hash
+ ret.Passwd.PwHash = p.String("x") // look in shadow for the password hash
ret.Passwd.GID = -1
return
diff --git a/go/parabola_hackers/util.go b/go/parabola_hackers/util.go
index 9a241db..8dd9374 100644
--- a/go/parabola_hackers/util.go
+++ b/go/parabola_hackers/util.go
@@ -36,7 +36,7 @@ func RandomString(alphabet string, n uint) (str string, err error) {
return
}
-func Set2list(set map[string]bool) []string {
+func set2list(set map[string]bool) []string {
list := make([]string, len(set))
i := uint(0)
for item, _ := range set {