From 34cecd4762e364ade049c455997051ca55663b6f Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Sat, 18 Jun 2016 02:08:59 -0400 Subject: update to use the mutable strings in nslcd_proto --- go/parabola_hackers/nslcd_backend/db_config.go | 2 +- go/parabola_hackers/nslcd_backend/db_group.go | 35 ++++++++++------ go/parabola_hackers/nslcd_backend/db_pam.go | 55 +++++++++++++------------- go/parabola_hackers/nslcd_backend/db_passwd.go | 8 ++-- go/parabola_hackers/nslcd_backend/db_shadow.go | 2 +- go/parabola_hackers/nslcd_backend/hackers.go | 9 +++-- go/parabola_hackers/users.go.in | 16 ++++---- go/parabola_hackers/util.go | 2 +- 8 files changed, 70 insertions(+), 59 deletions(-) (limited to 'go/parabola_hackers') diff --git a/go/parabola_hackers/nslcd_backend/db_config.go b/go/parabola_hackers/nslcd_backend/db_config.go index e78643b..281b058 100644 --- a/go/parabola_hackers/nslcd_backend/db_config.go +++ b/go/parabola_hackers/nslcd_backend/db_config.go @@ -32,7 +32,7 @@ func (o *Hackers) Config_Get(cred s.Ucred, req p.Request_Config_Get) <-chan p.Co switch req.Key { case p.NSLCD_CONFIG_PAM_PASSWORD_PROHIBIT_MESSAGE: if o.cfg.Pam_password_prohibit_message != "" { - ret <- p.Config{Value: o.cfg.Pam_password_prohibit_message} + ret <- p.Config{Value: p.String(o.cfg.Pam_password_prohibit_message)} } } }() diff --git a/go/parabola_hackers/nslcd_backend/db_group.go b/go/parabola_hackers/nslcd_backend/db_group.go index 18e54b1..caced21 100644 --- a/go/parabola_hackers/nslcd_backend/db_group.go +++ b/go/parabola_hackers/nslcd_backend/db_group.go @@ -17,12 +17,21 @@ package hackers_nslcd_backend import ( - "parabola_hackers" s "syscall" p "lukeshu.com/git/go/libnslcd.git/proto" ) +func set2list(set map[string]bool) []p.String { + list := make([]p.String, len(set)) + i := uint(0) + for item, _ := range set { + list[i] = p.String(item) + i++ + } + return list +} + func (o *Hackers) groupByName(name string, users bool) p.Group { members_set, found := o.groups[name] if !found { @@ -32,15 +41,15 @@ func (o *Hackers) groupByName(name string, users bool) p.Group { if gid < 0 { return p.Group{ID: -1} } - var members_list []string + var members_list []p.String if users { - members_list = parabola_hackers.Set2list(members_set) + members_list = set2list(members_set) } else { - members_list = make([]string, 0) + members_list = make([]p.String, 0) } return p.Group{ - Name: name, - PwHash: "x", + Name: p.String(name), + PwHash: p.String("x"), ID: gid, Members: members_list, } @@ -55,15 +64,15 @@ func (o *Hackers) groupByGid(gid int32, users bool) p.Group { if !found { return p.Group{ID: -1} } - var members_list []string + var members_list []p.String if users { - members_list = parabola_hackers.Set2list(members_set) + members_list = set2list(members_set) } else { - members_list = make([]string, 0) + members_list = make([]p.String, 0) } return p.Group{ - Name: name, - PwHash: "x", + Name: p.String(name), + PwHash: p.String("x"), ID: gid, Members: members_list, } @@ -76,7 +85,7 @@ func (o *Hackers) Group_ByName(cred s.Ucred, req p.Request_Group_ByName) <-chan defer o.lock.RUnlock() defer close(ret) - group := o.groupByName(req.Name, true) + group := o.groupByName(string(req.Name), true) if group.ID < 0 { return } @@ -109,7 +118,7 @@ func (o *Hackers) Group_ByMember(cred s.Ucred, req p.Request_Group_ByMember) <-c defer o.lock.RUnlock() defer close(ret) - uid := o.name2uid(req.Member) + uid := o.name2uid(string(req.Member)) if uid < 0 { return } diff --git a/go/parabola_hackers/nslcd_backend/db_pam.go b/go/parabola_hackers/nslcd_backend/db_pam.go index 607c550..e20a63f 100644 --- a/go/parabola_hackers/nslcd_backend/db_pam.go +++ b/go/parabola_hackers/nslcd_backend/db_pam.go @@ -18,6 +18,7 @@ package hackers_nslcd_backend import ( "fmt" + "os" "parabola_hackers" s "syscall" @@ -26,12 +27,12 @@ import ( "lukeshu.com/git/go/libsystemd.git/sd_daemon/logger" ) -func checkPassword(password string, hash string) bool { - return crypt.Crypt(password, hash) == hash +func checkPassword(password p.String, hash p.String) bool { + return crypt.Crypt(string(password), string(hash)) == string(hash) } -func hashPassword(newPassword string, oldHash string) string { - salt := oldHash +func hashPassword(newPassword p.String, oldHash p.String) p.String { + salt := string(oldHash) if salt == "!" { str, err := parabola_hackers.RandomString(crypt.SaltAlphabet, 8) if err != nil { @@ -40,7 +41,7 @@ func hashPassword(newPassword string, oldHash string) string { } salt = "$6$" + str + "$" } - return crypt.Crypt(newPassword, salt) + return p.String(crypt.Crypt(string(newPassword), salt)) } func (o *Hackers) PAM_Authentication(cred s.Ucred, req p.Request_PAM_Authentication) <-chan p.PAM_Authentication { @@ -50,17 +51,17 @@ func (o *Hackers) PAM_Authentication(cred s.Ucred, req p.Request_PAM_Authenticat defer o.lock.RUnlock() defer close(ret) - if req.UserName == "" && req.Password == "" && cred.Uid == 0 { + if len(req.UserName) == 0 && len(req.Password) == 0 && cred.Uid == 0 { ret <- p.PAM_Authentication{ AuthenticationResult: p.NSLCD_PAM_SUCCESS, - UserName: "", + UserName: p.String(""), AuthorizationResult: p.NSLCD_PAM_SUCCESS, - AuthorizationError: "", + AuthorizationError: p.String(""), } return } - uid := o.name2uid(req.UserName) + uid := o.name2uid(string(req.UserName)) if uid < 0 { return } @@ -68,9 +69,9 @@ func (o *Hackers) PAM_Authentication(cred s.Ucred, req p.Request_PAM_Authenticat user := o.users[uid] obj := p.PAM_Authentication{ AuthenticationResult: p.NSLCD_PAM_AUTH_ERR, - UserName: "", + UserName: p.String(""), AuthorizationResult: p.NSLCD_PAM_AUTH_ERR, - AuthorizationError: "", + AuthorizationError: p.String(""), } if checkPassword(req.Password, user.Passwd.PwHash) { obj.AuthenticationResult = p.NSLCD_PAM_SUCCESS @@ -89,13 +90,13 @@ func (o *Hackers) PAM_Authorization(cred s.Ucred, req p.Request_PAM_Authorizatio defer o.lock.RUnlock() defer close(ret) - uid := o.name2uid(req.UserName) + uid := o.name2uid(string(req.UserName)) if uid < 0 { return } ret <- p.PAM_Authorization{ Result: p.NSLCD_PAM_SUCCESS, - Error: "", + Error: p.String(""), } }() return ret @@ -112,7 +113,7 @@ func (o *Hackers) PAM_SessionOpen(cred s.Ucred, req p.Request_PAM_SessionOpen) < if err != nil { return } - ret <- p.PAM_SessionOpen{SessionID: sessionid} + ret <- p.PAM_SessionOpen{SessionID: p.String(sessionid)} }() return ret } @@ -130,7 +131,7 @@ func (o *Hackers) PAM_PwMod(cred s.Ucred, req p.Request_PAM_PwMod) <-chan p.PAM_ defer close(ret) defer o.lock.Unlock() - uid := o.name2uid(req.UserName) + uid := o.name2uid(string(req.UserName)) if uid < 0 { return } @@ -138,20 +139,20 @@ func (o *Hackers) PAM_PwMod(cred s.Ucred, req p.Request_PAM_PwMod) <-chan p.PAM_ // Check the OldPassword if req.AsRoot == 1 && cred.Uid == 0 { - // bypass the password check - } else { - if !checkPassword(req.OldPassword, user.Passwd.PwHash) { - ret <- p.PAM_PwMod{ - Result: p.NSLCD_PAM_PERM_DENIED, - Error: fmt.Sprintf("password change failed: %s", "Old password did not match"), - } - return + goto update + } + if !checkPassword(req.OldPassword, user.Passwd.PwHash) { + ret <- p.PAM_PwMod{ + Result: p.NSLCD_PAM_PERM_DENIED, + Error: p.String(fmt.Sprintf("password change failed: %s", "Old password did not match")), } + return } + update: // Update the PwHash in memory user.Passwd.PwHash = hashPassword(req.NewPassword, user.Passwd.PwHash) - if user.Passwd.PwHash == "" { + if len(user.Passwd.PwHash) == 0 { logger.Err("Password hashing failed") return } @@ -159,9 +160,9 @@ func (o *Hackers) PAM_PwMod(cred s.Ucred, req p.Request_PAM_PwMod) <-chan p.PAM_ // Update the PwHash on disk passwords := make(map[string]string, len(o.users)) for _, ouser := range o.users { - passwords[ouser.Passwd.Name] = ouser.Passwd.PwHash + passwords[string(ouser.Passwd.Name)] = string(ouser.Passwd.PwHash) } - passwords[user.Passwd.Name] = user.Passwd.PwHash + passwords[string(user.Passwd.Name)] = string(user.Passwd.PwHash) err := parabola_hackers.SaveAllPasswords(passwords) if err != nil { logger.Err("Writing passwords to disk: %v", err) @@ -172,7 +173,7 @@ func (o *Hackers) PAM_PwMod(cred s.Ucred, req p.Request_PAM_PwMod) <-chan p.PAM_ o.users[uid] = user ret <- p.PAM_PwMod{ Result: p.NSLCD_PAM_SUCCESS, - Error: "", + Error: p.String(""), } }() return ret diff --git a/go/parabola_hackers/nslcd_backend/db_passwd.go b/go/parabola_hackers/nslcd_backend/db_passwd.go index 3f32ddd..7bac808 100644 --- a/go/parabola_hackers/nslcd_backend/db_passwd.go +++ b/go/parabola_hackers/nslcd_backend/db_passwd.go @@ -36,12 +36,12 @@ func (o *Hackers) Passwd_ByName(cred s.Ucred, req p.Request_Passwd_ByName) <-cha defer o.lock.RUnlock() defer close(ret) - uid := o.name2uid(req.Name) + uid := o.name2uid(string(req.Name)) if uid < 0 { return } passwd := o.users[uid].Passwd - passwd.PwHash = "x" // only put actual hashes in the Shadow DB + passwd.PwHash = p.String("x") // only put actual hashes in the Shadow DB ret <- passwd }() return ret @@ -59,7 +59,7 @@ func (o *Hackers) Passwd_ByUID(cred s.Ucred, req p.Request_Passwd_ByUID) <-chan return } passwd := user.Passwd - passwd.PwHash = "x" // only put actual hashes in the Shadow DB + passwd.PwHash = p.String("x") // only put actual hashes in the Shadow DB ret <- passwd }() return ret @@ -74,7 +74,7 @@ func (o *Hackers) Passwd_All(cred s.Ucred, req p.Request_Passwd_All) <-chan p.Pa for _, user := range o.users { passwd := user.Passwd - passwd.PwHash = "x" // only put actual hashes in the Shadow DB + passwd.PwHash = p.String("x") // only put actual hashes in the Shadow DB ret <- passwd } }() diff --git a/go/parabola_hackers/nslcd_backend/db_shadow.go b/go/parabola_hackers/nslcd_backend/db_shadow.go index abfff28..db114d8 100644 --- a/go/parabola_hackers/nslcd_backend/db_shadow.go +++ b/go/parabola_hackers/nslcd_backend/db_shadow.go @@ -32,7 +32,7 @@ func (o *Hackers) Shadow_ByName(cred s.Ucred, req p.Request_Shadow_ByName) <-cha if cred.Uid != 0 { return } - uid := o.name2uid(req.Name) + uid := o.name2uid(string(req.Name)) user := o.users[uid] ret <- p.Shadow{ Name: user.Passwd.Name, diff --git a/go/parabola_hackers/nslcd_backend/hackers.go b/go/parabola_hackers/nslcd_backend/hackers.go index bb03862..c436824 100644 --- a/go/parabola_hackers/nslcd_backend/hackers.go +++ b/go/parabola_hackers/nslcd_backend/hackers.go @@ -22,6 +22,7 @@ import ( "parabola_hackers" "sync" + p "lukeshu.com/git/go/libnslcd.git/proto" nslcd_server "lukeshu.com/git/go/libnslcd.git/proto/server" nslcd_systemd "lukeshu.com/git/go/libnslcd.git/systemd" "lukeshu.com/git/go/libsystemd.git/sd_daemon/logger" @@ -90,14 +91,14 @@ func (o *Hackers) Reload() error { o.groups = make(map[string]map[string]bool) for uid, user := range o.users { user.Passwd.GID = usersGid - hash, hasHash := passwords[user.Passwd.Name] + hash, hasHash := passwords[string(user.Passwd.Name)] if !hasHash { hash = "!" } - user.Passwd.PwHash = hash + user.Passwd.PwHash = p.String(hash) o.users[uid] = user for _, groupname := range user.Groups { - o.add_user_to_group(user.Passwd.Name, groupname) + o.add_user_to_group(string(user.Passwd.Name), groupname) } } return nil @@ -105,7 +106,7 @@ func (o *Hackers) Reload() error { func (o *Hackers) name2uid(name string) int32 { for uid, data := range o.users { - if data.Passwd.Name == name { + if string(data.Passwd.Name) == name { return uid } } diff --git a/go/parabola_hackers/users.go.in b/go/parabola_hackers/users.go.in index aeda069..edd8a59 100644 --- a/go/parabola_hackers/users.go.in +++ b/go/parabola_hackers/users.go.in @@ -21,7 +21,7 @@ import ( "os/exec" yaml "gopkg.in/yaml.v2" - nslcd_proto "lukeshu.com/git/go/libnslcd.git/proto" + p "lukeshu.com/git/go/libnslcd.git/proto" "lukeshu.com/git/go/libsystemd.git/sd_daemon/logger" ) @@ -33,7 +33,7 @@ import ( other - encrypted password, in crypt(3) format */ type User struct { - Passwd nslcd_proto.Passwd + Passwd p.Passwd Groups []string } @@ -89,8 +89,8 @@ func parseUser(_data interface{}) (ret User, err error) { } else if str, isTyp := iface.(string); !isTyp { errs = append(errs, "\"username\" is not a string") } else { - ret.Passwd.Name = str - ret.Passwd.HomeDir = "/home/" + str + ret.Passwd.Name = p.String(str) + ret.Passwd.HomeDir = p.String("/home/" + str) } if iface, isSet := data["fullname"]; !isSet { @@ -98,7 +98,7 @@ func parseUser(_data interface{}) (ret User, err error) { } else if str, isTyp := iface.(string); !isTyp { errs = append(errs, "\"fullname\" is not a string") } else { - ret.Passwd.GECOS = str + ret.Passwd.GECOS = p.String(str) } if iface, isSet := data["shell"]; !isSet { @@ -106,7 +106,7 @@ func parseUser(_data interface{}) (ret User, err error) { } else if str, isTyp := iface.(string); !isTyp { errs = append(errs, "\"shell\" is not a string") } else { - ret.Passwd.Shell = str + ret.Passwd.Shell = p.String(str) } if iface, isSet := data["groups"]; !isSet { @@ -126,7 +126,7 @@ func parseUser(_data interface{}) (ret User, err error) { } } if !e { - ret.Groups = Set2list(groups) + ret.Groups = set2list(groups) } } } @@ -134,7 +134,7 @@ func parseUser(_data interface{}) (ret User, err error) { err = &yaml.TypeError{Errors: errs} } - ret.Passwd.PwHash = "x" // look in shadow for the password hash + ret.Passwd.PwHash = p.String("x") // look in shadow for the password hash ret.Passwd.GID = -1 return diff --git a/go/parabola_hackers/util.go b/go/parabola_hackers/util.go index 9a241db..8dd9374 100644 --- a/go/parabola_hackers/util.go +++ b/go/parabola_hackers/util.go @@ -36,7 +36,7 @@ func RandomString(alphabet string, n uint) (str string, err error) { return } -func Set2list(set map[string]bool) []string { +func set2list(set map[string]bool) []string { list := make([]string, len(set)) i := uint(0) for item, _ := range set { -- cgit v1.2.2