diff options
| -rw-r--r-- | .gitignore | 1 | ||||
| -rw-r--r-- | Makefile | 5 | ||||
| -rw-r--r-- | parabola-hackers.yml | 6 | ||||
| -rw-r--r-- | src/nshd/hackers_git/db_config.go | 4 | ||||
| -rw-r--r-- | src/nshd/hackers_git/hackers.go | 35 | ||||
| -rw-r--r-- | src/nshd/hackers_git/hackers_parse.go | 67 | ||||
| -rw-r--r-- | src/nshd/main.go.in (renamed from src/nshd/main.go) | 8 |
7 files changed, 73 insertions, 53 deletions
@@ -5,6 +5,7 @@ *.o *~ +/src/nshd/main.go /nshd.service /nshd.sysusers /scripts/common.rb @@ -55,11 +55,11 @@ $(srcdir)/LICENSE.apache-2.0.txt: $(NET) $(srcdir)/LICENSE.wtfpl-2.txt: $(NET) curl http://www.wtfpl.net/txt/copying/ > $@ -$(outdir)/bin/nshd: private golang.FLAGS+=-ldflags '-X nshd.conf_file=$(conf_file)' $(outdir)/bin/nshd: src/lukeshu.com/git/go/libnslcd.git/proto/server/interface_backend.go $(outdir)/bin/nshd: src/lukeshu.com/git/go/libnslcd.git/proto/server/func_handlerequest.go $(outdir)/bin/nshd: src/lukeshu.com/git/go/libnslcd.git/proto/server/type_nilbackend.go -$(outdir)/bin/nshd: $(call golang.src,$(srcdir)) $(var)conf_file +$(outdir)/bin/nshd: src/nshd/main.go +$(outdir)/bin/nshd: $(call golang.src,$(srcdir)) $(var)conf_file $(var)bindir $(call golang.install,$(topsrcdir),nshd) $(outdir)/%.o: $(srcdir)/%.c $(var)CC $(var)CPPFLAGS $(var)CFLAGS @@ -72,6 +72,7 @@ $(outdir)/%: $(srcdir)/%.in $(outdir)/nshd.service: $(var)user $(var)bindir $(outdir)/nshd.sysusers: $(var)user $(outdir)/scripts/common.rb: $(var)conf_file +$(outdir)/src/nshd/main.go: $(var)conf_file $(var)bindir $(DESTDIR)$(bindir)/%: $(outdir)/bin/% install -TDm755 $< $@ diff --git a/parabola-hackers.yml b/parabola-hackers.yml index c09f21b..e830f50 100644 --- a/parabola-hackers.yml +++ b/parabola-hackers.yml @@ -1,7 +1,6 @@ --- # Where to look for "${uid}.yml" files -#yamldir: "/var/lib/hackers-git/users" -yamldir: "users" +yamldir: "/var/lib/hackers-git/users" # Which groups imply membership in other groups (since UNIX groups # can't be nested). Only one level of nesting is supported ATM. @@ -36,5 +35,4 @@ pam_password_prohibit_message: '' # Where to keep files that can be cached between versions when making # the pacman keyring. -#keyring_cachedir: "/var/cache/parabola-hackers" -keyring_cachedir: "cache" +keyring_cachedir: "/var/cache/parabola-hackers" diff --git a/src/nshd/hackers_git/db_config.go b/src/nshd/hackers_git/db_config.go index dc3b99e..f049b90 100644 --- a/src/nshd/hackers_git/db_config.go +++ b/src/nshd/hackers_git/db_config.go @@ -35,8 +35,8 @@ func (o *Hackers) Config_Get(cred s.Ucred, req p.Request_Config_Get) <-chan p.Co switch req.Key { case p.NSLCD_CONFIG_PAM_PASSWORD_PROHIBIT_MESSAGE: - if o.Cfg.Pam_password_prohibit_message != "" { - ret <- p.Config{Value: o.Cfg.Pam_password_prohibit_message} + if o.cfg.Pam_password_prohibit_message != "" { + ret <- p.Config{Value: o.cfg.Pam_password_prohibit_message} } } }() diff --git a/src/nshd/hackers_git/hackers.go b/src/nshd/hackers_git/hackers.go index b72698f..19efafd 100644 --- a/src/nshd/hackers_git/hackers.go +++ b/src/nshd/hackers_git/hackers.go @@ -28,7 +28,6 @@ import ( "lukeshu.com/git/go/libnslcd.git/proto/server" "lukeshu.com/git/go/libnslcd.git/systemd" "lukeshu.com/git/go/libsystemd.git/sd_daemon/logger" - "path/filepath" "sync" ) @@ -37,16 +36,18 @@ type user struct { groups []string } -type Config struct { +type config struct { Pam_password_prohibit_message string - Yamldir string } type Hackers struct { nslcd_server.NilBackend - Cfg Config lock sync.RWMutex + CfgFilename string + YamlCat string + + cfg config users map[int32]user groups map[string]map[string]bool } @@ -55,6 +56,8 @@ var _ nslcd_systemd.Backend = &Hackers{} var _ nslcd_server.Backend = &Hackers{} func (o *Hackers) Init() error { + logger.Debug("hackers.git: CfgFilename = %v", o.CfgFilename) + logger.Debug("hackers.git: YamlCat = %v", o.YamlCat) err := o.Reload() if err != nil { logger.Err("hackers.git: Could not initialize: %v", err) @@ -77,28 +80,24 @@ func (o *Hackers) Reload() error { o.lock.Lock() defer o.lock.Unlock() - filenames, err := filepath.Glob(o.Cfg.Yamldir + "/*.yml") + var err error + o.cfg, err = parse_config(o.CfgFilename) if err != nil { return err } - o.users = make(map[int32]user, len(filenames)) - o.groups = make(map[string]map[string]bool) - for _, filename := range filenames { - logger.Debug("hackers.git: Loading YAML file: %s", filename) - user, err := parse_user_yaml(filename) - if err != nil { - logger.Warning("hackers.git: -> File ignored: %v", err) - continue - } + logger.Debug("hackers.git: Parsing user data") + o.users, err = parse_users(o.YamlCat) + if err != nil { + return err + } + + o.groups = make(map[string]map[string]bool) + for _, user := range o.users { for _, groupname := range user.groups { o.add_user_to_group(user.passwd.Name, groupname) } - user.passwd.PwHash = parse_user_password(user.passwd.HomeDir + "/.password") - o.users[user.passwd.UID] = user - logger.Debug("hackers.git: -> User %d(%s) added", user.passwd.UID, user.passwd.Name) } - return nil } diff --git a/src/nshd/hackers_git/hackers_parse.go b/src/nshd/hackers_git/hackers_parse.go index d5370eb..9dcfcc7 100644 --- a/src/nshd/hackers_git/hackers_parse.go +++ b/src/nshd/hackers_git/hackers_parse.go @@ -27,33 +27,13 @@ import ( "io/ioutil" "lukeshu.com/git/go/libsystemd.git/sd_daemon/logger" "os" - "path" - "strconv" + "os/exec" "strings" ) -func filename2uid(filename string) int32 { - basename := path.Base(filename) - parts := strings.SplitN(basename, ".", 2) - if len(parts) != 2 || parts[1] != "yml" { - return -1 - } - uid, err := strconv.ParseInt(parts[0], 10, 32) - if err != nil { - return -1 - } - return int32(uid) -} - var usersGid = name2gid("users") -func parse_user_yaml(filename string) (ret user, err error) { - ret.passwd.UID = filename2uid(filename) - - if ret.passwd.UID < 0 { - err = fmt.Errorf("Invalid user filename: %q", filename) - return - } +func parse_config(filename string) (cfg config, err error) { file, err := os.Open(filename) if err != nil { return @@ -62,11 +42,52 @@ func parse_user_yaml(filename string) (ret user, err error) { if err != nil { return } + err = yaml.Unmarshal(contents, &cfg) + return +} + +func parse_users(yaml_cat string) (users map[int32]user, err error) { + contents, err := exec.Command(yaml_cat).Output() + if err != nil { + return + } + var _data interface{} err = yaml.Unmarshal(contents, &_data) if err != nil { return } + + data, isMap := _data.(map[interface{}]interface{}) + errs := []string{} + if !isMap { + errs = append(errs, "root node is not a map") + } else { + users = make(map[int32]user, len(data)) + for _uid, _user := range data { + uid, isInt := _uid.(int) + if !isInt { + errs = append(errs, fmt.Sprintf("UID is not an int: %T ( %#v )", _uid, _uid)) + continue + } + user, _err := parse_user(_user) + if _err != nil { + errs = append(errs, fmt.Sprintf("Could not parse data for UID %d: %v", uid, _err)) + continue + } + user.passwd.UID = int32(uid) + logger.Debug("hackers.git: -> User %d(%s) parsed", user.passwd.UID, user.passwd.Name) + users[user.passwd.UID] = user + } + } + if len(errs) > 0 { + users = nil + err = &yaml.TypeError{Errors: errs} + } + return +} + +func parse_user(_data interface{}) (ret user, err error) { data, isMap := _data.(map[interface{}]interface{}) errs := []string{} if !isMap { @@ -122,7 +143,7 @@ func parse_user_yaml(filename string) (ret user, err error) { err = &yaml.TypeError{Errors: errs} } - ret.passwd.PwHash = "!" + ret.passwd.PwHash = parse_user_password(ret.passwd.HomeDir + "/.password") ret.passwd.GID = usersGid return diff --git a/src/nshd/main.go b/src/nshd/main.go.in index 6871518..59e032e 100644 --- a/src/nshd/main.go +++ b/src/nshd/main.go.in @@ -29,9 +29,9 @@ import ( ) func main() { - backend := &hackers_git.Hackers{Cfg: hackers_git.Config{ - Pam_password_prohibit_message: "", - Yamldir: "/var/cache/parabola-hackers/users", - }} + backend := &hackers_git.Hackers{ + CfgFilename: "@conf_file@", + YamlCat: "@bindir@/meta-cat", + } os.Exit(int(nslcd_systemd.Main(backend))) } |