From 58ea9bb4a0803dfd1f9014ce0966699fc4b4633b Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Mon, 18 Dec 2017 15:12:33 -0500 Subject: update dependencies actually, roll "errors" back to the last tagged version, instead of master --- go/src/git.lukeshu.com/go/libnslcd | 2 +- go/src/git.lukeshu.com/go/libsystemd | 2 +- go/src/github.com/pkg/errors | 2 +- go/src/gopkg.in/yaml.v2 | 2 +- go/src/nshd/main.go | 3 ++- go/src/nshd/nslcd_backend/db_config.go | 5 +++-- go/src/nshd/nslcd_backend/db_group.go | 11 ++++++----- go/src/nshd/nslcd_backend/db_pam.go | 17 ++++++++++++++--- go/src/nshd/nslcd_backend/db_passwd.go | 9 +++++---- go/src/nshd/nslcd_backend/db_shadow.go | 18 +++++++++++++++--- 10 files changed, 49 insertions(+), 22 deletions(-) diff --git a/go/src/git.lukeshu.com/go/libnslcd b/go/src/git.lukeshu.com/go/libnslcd index 5498432..dfe22c5 160000 --- a/go/src/git.lukeshu.com/go/libnslcd +++ b/go/src/git.lukeshu.com/go/libnslcd @@ -1 +1 @@ -Subproject commit 549843228517e1d72840e18caf369d211623dddb +Subproject commit dfe22c5b083443ed00df9431cbd3cd7a7b4fd6a7 diff --git a/go/src/git.lukeshu.com/go/libsystemd b/go/src/git.lukeshu.com/go/libsystemd index dc9fd45..0a43955 160000 --- a/go/src/git.lukeshu.com/go/libsystemd +++ b/go/src/git.lukeshu.com/go/libsystemd @@ -1 +1 @@ -Subproject commit dc9fd4538267a3f793c9eee27c8bb118e784b778 +Subproject commit 0a43955333992153412a6b8a99b2825c3d0a74ca diff --git a/go/src/github.com/pkg/errors b/go/src/github.com/pkg/errors index c605e28..645ef00 160000 --- a/go/src/github.com/pkg/errors +++ b/go/src/github.com/pkg/errors @@ -1 +1 @@ -Subproject commit c605e284fe17294bda444b34710735b29d1a9d90 +Subproject commit 645ef00459ed84a119197bfb8d8205042c6df63d diff --git a/go/src/gopkg.in/yaml.v2 b/go/src/gopkg.in/yaml.v2 index eb3733d..287cf08 160000 --- a/go/src/gopkg.in/yaml.v2 +++ b/go/src/gopkg.in/yaml.v2 @@ -1 +1 @@ -Subproject commit eb3733d160e74a9c7e442f435eb3bea458e1d19f +Subproject commit 287cf08546ab5e7e37d55a84f7ed3fd1db036de5 diff --git a/go/src/nshd/main.go b/go/src/nshd/main.go index 9ce3589..3f77ec2 100644 --- a/go/src/nshd/main.go +++ b/go/src/nshd/main.go @@ -19,6 +19,7 @@ package main import ( + "context" "os" "time" @@ -37,5 +38,5 @@ func main() { Timeout: 1 * time.Second, RequestMaxSize:/* 1 KiB */ 1024, } - os.Exit(int(nslcd_systemd.Main(backend, limits))) + os.Exit(int(nslcd_systemd.Main(backend, limits, context.Background()))) } diff --git a/go/src/nshd/nslcd_backend/db_config.go b/go/src/nshd/nslcd_backend/db_config.go index d00bf02..e59e811 100644 --- a/go/src/nshd/nslcd_backend/db_config.go +++ b/go/src/nshd/nslcd_backend/db_config.go @@ -17,11 +17,12 @@ package nslcd_backend import ( + "context" + p "git.lukeshu.com/go/libnslcd/nslcd_proto" - s "golang.org/x/sys/unix" ) -func (o *Hackers) Config_Get(cred s.Ucred, req p.Request_Config_Get) <-chan p.Config { +func (o *Hackers) Config_Get(ctx context.Context, req p.Request_Config_Get) <-chan p.Config { o.lock.RLock() ret := make(chan p.Config) go func() { diff --git a/go/src/nshd/nslcd_backend/db_group.go b/go/src/nshd/nslcd_backend/db_group.go index 04c7e3b..e6c259b 100644 --- a/go/src/nshd/nslcd_backend/db_group.go +++ b/go/src/nshd/nslcd_backend/db_group.go @@ -17,10 +17,11 @@ package nslcd_backend import ( + "context" + "nshd/util" p "git.lukeshu.com/go/libnslcd/nslcd_proto" - s "golang.org/x/sys/unix" ) func (o *Hackers) groupByName(name string, users bool) p.Group { @@ -69,7 +70,7 @@ func (o *Hackers) groupByGid(gid int32, users bool) p.Group { } } -func (o *Hackers) Group_ByName(cred s.Ucred, req p.Request_Group_ByName) <-chan p.Group { +func (o *Hackers) Group_ByName(ctx context.Context, req p.Request_Group_ByName) <-chan p.Group { o.lock.RLock() ret := make(chan p.Group) go func() { @@ -85,7 +86,7 @@ func (o *Hackers) Group_ByName(cred s.Ucred, req p.Request_Group_ByName) <-chan return ret } -func (o *Hackers) Group_ByGid(cred s.Ucred, req p.Request_Group_ByGid) <-chan p.Group { +func (o *Hackers) Group_ByGid(ctx context.Context, req p.Request_Group_ByGid) <-chan p.Group { o.lock.RLock() ret := make(chan p.Group) go func() { @@ -102,7 +103,7 @@ func (o *Hackers) Group_ByGid(cred s.Ucred, req p.Request_Group_ByGid) <-chan p. } // note that the BYMEMBER call returns an empty members list -func (o *Hackers) Group_ByMember(cred s.Ucred, req p.Request_Group_ByMember) <-chan p.Group { +func (o *Hackers) Group_ByMember(ctx context.Context, req p.Request_Group_ByMember) <-chan p.Group { o.lock.RLock() ret := make(chan p.Group) go func() { @@ -123,7 +124,7 @@ func (o *Hackers) Group_ByMember(cred s.Ucred, req p.Request_Group_ByMember) <-c return ret } -func (o *Hackers) Group_All(cred s.Ucred, req p.Request_Group_All) <-chan p.Group { +func (o *Hackers) Group_All(ctx context.Context, req p.Request_Group_All) <-chan p.Group { o.lock.RLock() ret := make(chan p.Group) go func() { diff --git a/go/src/nshd/nslcd_backend/db_pam.go b/go/src/nshd/nslcd_backend/db_pam.go index 96a5567..bec3fbf 100644 --- a/go/src/nshd/nslcd_backend/db_pam.go +++ b/go/src/nshd/nslcd_backend/db_pam.go @@ -17,6 +17,7 @@ package nslcd_backend import ( + "context" "fmt" "os" @@ -24,7 +25,7 @@ import ( "nshd/util" p "git.lukeshu.com/go/libnslcd/nslcd_proto" - s "golang.org/x/sys/unix" + "git.lukeshu.com/go/libnslcd/nslcd_server" "git.lukeshu.com/go/libgnulinux/crypt" "git.lukeshu.com/go/libsystemd/sd_daemon" @@ -71,13 +72,18 @@ func (o *Hackers) canChangePassword(user nshd_files.User, oldpassword string) bo // call NSS getspnam(3), which will call our Shadow_ByName()), but // pam_ldap.so calls this as a pre-flight check for // pam_sm_chauthtok()/PAM_PwMod(). -func (o *Hackers) PAM_Authentication(cred s.Ucred, req p.Request_PAM_Authentication) <-chan p.PAM_Authentication { +func (o *Hackers) PAM_Authentication(ctx context.Context, req p.Request_PAM_Authentication) <-chan p.PAM_Authentication { o.lock.RLock() ret := make(chan p.PAM_Authentication) go func() { defer o.lock.RUnlock() defer close(ret) + cred, ok := nslcd_server.PeerCredFromContext(ctx) + if !ok { + return + } + if len(req.UserName) == 0 && len(req.Password) == 0 && cred.Uid == 0 { // Being called by root; root can do what root // wants. @@ -119,13 +125,18 @@ func (o *Hackers) PAM_Authentication(cred s.Ucred, req p.Request_PAM_Authenticat return ret } -func (o *Hackers) PAM_PwMod(cred s.Ucred, req p.Request_PAM_PwMod) <-chan p.PAM_PwMod { +func (o *Hackers) PAM_PwMod(ctx context.Context, req p.Request_PAM_PwMod) <-chan p.PAM_PwMod { ret := make(chan p.PAM_PwMod) o.lock.Lock() go func() { defer o.lock.Unlock() defer close(ret) + cred, ok := nslcd_server.PeerCredFromContext(ctx) + if !ok { + return + } + uid := o.name2uid(req.UserName) if uid < 0 { return diff --git a/go/src/nshd/nslcd_backend/db_passwd.go b/go/src/nshd/nslcd_backend/db_passwd.go index 535c7e1..7405623 100644 --- a/go/src/nshd/nslcd_backend/db_passwd.go +++ b/go/src/nshd/nslcd_backend/db_passwd.go @@ -17,8 +17,9 @@ package nslcd_backend import ( + "context" + p "git.lukeshu.com/go/libnslcd/nslcd_proto" - s "golang.org/x/sys/unix" ) /* Note that the output password hash value should be one of: @@ -34,7 +35,7 @@ import ( in", but fails to authorize; passing the buck to the next database. */ -func (o *Hackers) Passwd_ByName(cred s.Ucred, req p.Request_Passwd_ByName) <-chan p.Passwd { +func (o *Hackers) Passwd_ByName(ctx context.Context, req p.Request_Passwd_ByName) <-chan p.Passwd { o.lock.RLock() ret := make(chan p.Passwd) go func() { @@ -52,7 +53,7 @@ func (o *Hackers) Passwd_ByName(cred s.Ucred, req p.Request_Passwd_ByName) <-cha return ret } -func (o *Hackers) Passwd_ByUID(cred s.Ucred, req p.Request_Passwd_ByUID) <-chan p.Passwd { +func (o *Hackers) Passwd_ByUID(ctx context.Context, req p.Request_Passwd_ByUID) <-chan p.Passwd { o.lock.RLock() ret := make(chan p.Passwd) go func() { @@ -70,7 +71,7 @@ func (o *Hackers) Passwd_ByUID(cred s.Ucred, req p.Request_Passwd_ByUID) <-chan return ret } -func (o *Hackers) Passwd_All(cred s.Ucred, req p.Request_Passwd_All) <-chan p.Passwd { +func (o *Hackers) Passwd_All(ctx context.Context, req p.Request_Passwd_All) <-chan p.Passwd { o.lock.RLock() ret := make(chan p.Passwd) go func() { diff --git a/go/src/nshd/nslcd_backend/db_shadow.go b/go/src/nshd/nslcd_backend/db_shadow.go index ab1d68f..6cf6dbc 100644 --- a/go/src/nshd/nslcd_backend/db_shadow.go +++ b/go/src/nshd/nslcd_backend/db_shadow.go @@ -17,17 +17,24 @@ package nslcd_backend import ( + "context" + p "git.lukeshu.com/go/libnslcd/nslcd_proto" - s "golang.org/x/sys/unix" + "git.lukeshu.com/go/libnslcd/nslcd_server" ) -func (o *Hackers) Shadow_ByName(cred s.Ucred, req p.Request_Shadow_ByName) <-chan p.Shadow { +func (o *Hackers) Shadow_ByName(ctx context.Context, req p.Request_Shadow_ByName) <-chan p.Shadow { o.lock.RLock() ret := make(chan p.Shadow) go func() { defer o.lock.RUnlock() defer close(ret) + cred, ok := nslcd_server.PeerCredFromContext(ctx) + if !ok { + return + } + if cred.Uid != 0 { return } @@ -48,13 +55,18 @@ func (o *Hackers) Shadow_ByName(cred s.Ucred, req p.Request_Shadow_ByName) <-cha return ret } -func (o *Hackers) Shadow_All(cred s.Ucred, req p.Request_Shadow_All) <-chan p.Shadow { +func (o *Hackers) Shadow_All(ctx context.Context, req p.Request_Shadow_All) <-chan p.Shadow { o.lock.RLock() ret := make(chan p.Shadow) go func() { defer o.lock.RUnlock() defer close(ret) + cred, ok := nslcd_server.PeerCredFromContext(ctx) + if !ok { + return + } + if cred.Uid != 0 { return } -- cgit v1.2.2