diff options
-rw-r--r-- | src/main.go | 13 | ||||
-rw-r--r-- | src/nslcd-proto/.gitignore | 1 | ||||
-rw-r--r-- | src/nslcd-proto/Makefile | 10 | ||||
-rw-r--r-- | src/nslcd-proto/handle.go | 11 | ||||
-rw-r--r-- | src/nslcd-proto/nslcd.h | 307 | ||||
-rw-r--r-- | src/nslcd-proto/structures.go | 249 | ||||
-rw-r--r-- | src/nslcd_proto/.gitignore | 6 | ||||
-rw-r--r-- | src/nslcd_proto/Makefile | 31 | ||||
-rw-r--r-- | src/nslcd_proto/enumerator@T.got | 26 | ||||
-rwxr-xr-x | src/nslcd_proto/func_handlerequest.go.sh | 54 | ||||
-rw-r--r-- | src/nslcd_proto/io.go (renamed from src/nslcd-proto/io.go) | 40 | ||||
-rw-r--r-- | src/nslcd_proto/nslcd_h.go | 449 | ||||
-rwxr-xr-x | src/nslcd_proto/struct_backend.go.sh | 10 | ||||
-rw-r--r-- | src/nslcd_proto/util.go (renamed from src/nslcd-proto/util.go) | 31 | ||||
-rw-r--r-- | src/sd_daemon/listen_fds.go (renamed from src/sd-daemon/listen_fds.go) | 2 | ||||
-rw-r--r-- | src/sd_daemon/logger/logger.go (renamed from src/sd-daemon/logger/logger.go) | 9 |
16 files changed, 641 insertions, 608 deletions
diff --git a/src/main.go b/src/main.go index 9067cdf..83cb879 100644 --- a/src/main.go +++ b/src/main.go @@ -1,2 +1,11 @@ -//include "nslcd.h" -import "C" +package nshd + +import ( + _ "./nslcd_proto" + _ "./sd_daemon" + _ "./sd_daemon/logger" +) + +func main() { + +} diff --git a/src/nslcd-proto/.gitignore b/src/nslcd-proto/.gitignore deleted file mode 100644 index 75e7f93..0000000 --- a/src/nslcd-proto/.gitignore +++ /dev/null @@ -1 +0,0 @@ -/backend.go diff --git a/src/nslcd-proto/Makefile b/src/nslcd-proto/Makefile deleted file mode 100644 index fce3d2f..0000000 --- a/src/nslcd-proto/Makefile +++ /dev/null @@ -1,10 +0,0 @@ -backend.go: structures.go Makefile - { \ - echo 'package nslcd_proto' && \ - echo 'type Backend interface {' && \ - sed -rn 's/^type Request_([^_ ]+)(_\S+)?.*/\1\2(Request_\1\2) []\1/p' $< | grep -v PAM && \ - sed -rn 's/^type Request_(PAM)(_\S+)?.*/\1\2(Request_\1\2) []\1\2/p' $< && \ - echo '}' && \ - :; } | gofmt > $@ - -.DELETE_ON_ERROR: diff --git a/src/nslcd-proto/handle.go b/src/nslcd-proto/handle.go deleted file mode 100644 index 07f8d84..0000000 --- a/src/nslcd-proto/handle.go +++ /dev/null @@ -1,11 +0,0 @@ -package nslcd_proto - -import "io" - -// Initialize() error { func -// e := c.SetReadDeadline(...) -// e := c.SetWriteDeadline(...) -// } - -func Handle(in io.Reader, out io.Writer) { - diff --git a/src/nslcd-proto/nslcd.h b/src/nslcd-proto/nslcd.h deleted file mode 100644 index 4a73fbf..0000000 --- a/src/nslcd-proto/nslcd.h +++ /dev/null @@ -1,307 +0,0 @@ -/* - nslcd.h - file describing client/server protocol - - Copyright (C) 2006 West Consulting - Copyright (C) 2006, 2007, 2009, 2010, 2011, 2012, 2013 Arthur de Jong - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with this library; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - 02110-1301 USA -*/ - -#ifndef _NSLCD_H -#define _NSLCD_H 1 - -/* - The protocol used between the nslcd client and server is a simple binary - protocol. It is request/response based where the client initiates a - connection, does a single request and closes the connection again. Any - mangled or not understood messages will be silently ignored by the server. - - A request looks like: - INT32 NSLCD_VERSION - INT32 NSLCD_ACTION_* - [request parameters if any] - A response looks like: - INT32 NSLCD_VERSION - INT32 NSLCD_ACTION_* (the original request type) - [result(s)] - INT32 NSLCD_RESULT_END - A single result entry looks like: - INT32 NSLCD_RESULT_BEGIN - [result value(s)] - If a response would return multiple values (e.g. for NSLCD_ACTION_*_ALL - functions) each return value will be preceded by a NSLCD_RESULT_BEGIN - value. After the last returned result the server sends - NSLCD_RESULT_END. If some error occurs (e.g. LDAP server unavailable, - error in the request, etc) the server terminates the connection to signal - an error condition (breaking the protocol). - - These are the available basic data types: - INT32 - 32-bit integer value - TYPE - a typed field that is transferred using sizeof() - STRING - a string length (32bit) followed by the string value (not - null-terminted) the string itself is assumed to be UTF-8 - STRINGLIST - a 32-bit number noting the number of strings followed by - the strings one at a time - - Furthermore the ADDRESS compound data type is defined as: - INT32 type of address: e.g. AF_INET or AF_INET6 - INT32 lenght of address - RAW the address itself - With the ADDRESSLIST using the same construct as with STRINGLIST. - - The protocol uses network byte order for all types. -*/ - -/* The current version of the protocol. This protocol should only be - updated with major backwards-incompatible changes. */ -#define NSLCD_VERSION 0x00000002 - -/* Get a NSLCD configuration option. There is one request parameter: - INT32 NSLCD_CONFIG_* - the result value is: - STRING value, interpretation depending on request */ -#define NSLCD_ACTION_CONFIG_GET 0x00010001 - -/* return the message, if any, that is presented to the user when password - modification through PAM is prohibited */ -#define NSLCD_CONFIG_PAM_PASSWORD_PROHIBIT_MESSAGE 1 - -/* Email alias (/etc/aliases) NSS requests. The result values for a - single entry are: - STRING alias name - STRINGLIST alias rcpts */ -#define NSLCD_ACTION_ALIAS_BYNAME 0x00020001 -#define NSLCD_ACTION_ALIAS_ALL 0x00020008 - -/* Ethernet address/name mapping NSS requests. The result values for a - single entry are: - STRING ether name - TYPE(uint8_t[6]) ether address */ -#define NSLCD_ACTION_ETHER_BYNAME 0x00030001 -#define NSLCD_ACTION_ETHER_BYETHER 0x00030002 -#define NSLCD_ACTION_ETHER_ALL 0x00030008 - -/* Group and group membership related NSS requests. The result values - for a single entry are: - STRING group name - STRING group password - INT32 group id - STRINGLIST members (usernames) of the group - (note that the BYMEMER call returns an emtpy members list) */ -#define NSLCD_ACTION_GROUP_BYNAME 0x00040001 -#define NSLCD_ACTION_GROUP_BYGID 0x00040002 -#define NSLCD_ACTION_GROUP_BYMEMBER 0x00040006 -#define NSLCD_ACTION_GROUP_ALL 0x00040008 - -/* Hostname (/etc/hosts) lookup NSS requests. The result values - for an entry are: - STRING host name - STRINGLIST host aliases - ADDRESSLIST host addresses */ -#define NSLCD_ACTION_HOST_BYNAME 0x00050001 -#define NSLCD_ACTION_HOST_BYADDR 0x00050002 -#define NSLCD_ACTION_HOST_ALL 0x00050008 - -/* Netgroup NSS result entries contain a number of parts. A result entry - starts with: - STRING netgroup name - followed by zero or more references to other netgroups or netgroup - triples. A reference to another netgroup looks like: - INT32 NSLCD_NETGROUP_TYPE_NETGROUP - STRING other netgroup name - A a netgroup triple looks like: - INT32 NSLCD_NETGROUP_TYPE_TRIPLE - STRING host - STRING user - STRING domain - A netgroup result entry is terminated by: - INT32 NSLCD_NETGROUP_TYPE_END - */ -#define NSLCD_ACTION_NETGROUP_BYNAME 0x00060001 -#define NSLCD_ACTION_NETGROUP_ALL 0x00060008 -#define NSLCD_NETGROUP_TYPE_NETGROUP 1 -#define NSLCD_NETGROUP_TYPE_TRIPLE 2 -#define NSLCD_NETGROUP_TYPE_END 3 - -/* Network name (/etc/networks) NSS requests. Result values for a single - entry are: - STRING network name - STRINGLIST network aliases - ADDRESSLIST network addresses */ -#define NSLCD_ACTION_NETWORK_BYNAME 0x00070001 -#define NSLCD_ACTION_NETWORK_BYADDR 0x00070002 -#define NSLCD_ACTION_NETWORK_ALL 0x00070008 - -/* User account (/etc/passwd) NSS requests. Result values are: - STRING user name - STRING user password - INT32 user id - INT32 group id - STRING gecos information - STRING home directory - STRING login shell */ -#define NSLCD_ACTION_PASSWD_BYNAME 0x00080001 -#define NSLCD_ACTION_PASSWD_BYUID 0x00080002 -#define NSLCD_ACTION_PASSWD_ALL 0x00080008 - -/* Protocol information requests. Result values are: - STRING protocol name - STRINGLIST protocol aliases - INT32 protocol number */ -#define NSLCD_ACTION_PROTOCOL_BYNAME 0x00090001 -#define NSLCD_ACTION_PROTOCOL_BYNUMBER 0x00090002 -#define NSLCD_ACTION_PROTOCOL_ALL 0x00090008 - -/* RPC information requests. Result values are: - STRING rpc name - STRINGLIST rpc aliases - INT32 rpc number */ -#define NSLCD_ACTION_RPC_BYNAME 0x000a0001 -#define NSLCD_ACTION_RPC_BYNUMBER 0x000a0002 -#define NSLCD_ACTION_RPC_ALL 0x000a0008 - -/* Service (/etc/services) information requests. The BYNAME and BYNUMBER - requests contain an extra protocol string in the request which, if not - blank, will filter the services by this protocol. Result values are: - STRING service name - STRINGLIST service aliases - INT32 service (port) number - STRING service protocol */ -#define NSLCD_ACTION_SERVICE_BYNAME 0x000b0001 -#define NSLCD_ACTION_SERVICE_BYNUMBER 0x000b0002 -#define NSLCD_ACTION_SERVICE_ALL 0x000b0008 - -/* Extended user account (/etc/shadow) information requests. Result - values for a single entry are: - STRING user name - STRING user password - INT32 last password change - INT32 mindays - INT32 maxdays - INT32 warn - INT32 inact - INT32 expire - INT32 flag */ -/* It is my understanding that an empty value for those INT32 fields - is expressed with a negative number. -- lukeshu */ -#define NSLCD_ACTION_SHADOW_BYNAME 0x000c0001 -#define NSLCD_ACTION_SHADOW_ALL 0x000c0008 - -/* PAM-related requests. The request parameters for all these requests - begin with: - STRING user name - STRING service name - STRING ruser - STRING rhost - STRING tty - If the user is not known in LDAP no result may be returned (immediately - return NSLCD_RESULT_END instead of a PAM error code). */ - -/* PAM authentication check request. The extra request values are: - STRING password - and the result value consists of: - INT32 authc NSLCD_PAM_* result code - STRING user name (the cannonical user name) - INT32 authz NSLCD_PAM_* result code - STRING authorisation error message - If the username is empty in this request an attempt is made to - authenticate as the administrator (set using rootpwmoddn). - Some authorisation checks are already done during authentication so the - response also includes authorisation information. */ -#define NSLCD_ACTION_PAM_AUTHC 0x000d0001 - -/* PAM authorisation check request. The result value consists of: - INT32 authz NSLCD_PAM_* result code - STRING authorisation error message - The authentication check may have already returned some authorisation - information. The authorisation error message, if supplied, will be used - by the PAM module instead of a message that is generated by the PAM - module itself. */ -#define NSLCD_ACTION_PAM_AUTHZ 0x000d0002 - -/* PAM session open request. The result value consists of: - STRING session id - This session id may be used to close this session with. */ -#define NSLCD_ACTION_PAM_SESS_O 0x000d0003 - -/* PAM session close request. This request has the following - extra request value: - STRING session id - and this calls only returns an empty response value. */ -#define NSLCD_ACTION_PAM_SESS_C 0x000d0004 - -/* PAM password modification request. This requests has the following extra - request values: - INT32 asroot: 0=oldpasswd is user passwd, 1=oldpasswd is root passwd - STRING old password - STRING new password - and returns there extra result values: - INT32 NSLCD_PAM_* result code - STRING error message */ -#define NSLCD_ACTION_PAM_PWMOD 0x000d0005 - -/* User information change request. This request allows one to change - their full name and other information. The request parameters for this - request are: - STRING user name - INT32 asroot: 0=passwd is user passwd, 1=passwd is root passwd - STRING password - followed by one or more of the below, terminated by NSLCD_USERMOD_END - INT32 NSLCD_USERMOD_* - STRING new value - the response consists of one or more of the entries below, terminated - by NSLCD_USERMOD_END: - INT32 NSLCD_USERMOD_* - STRING response - (if the response is blank, the change went OK, otherwise the string - contains an error message) - */ -#define NSLCD_ACTION_USERMOD 0x000e0001 - -/* These are the possible values for the NSLCD_ACTION_USERMOD operation - above. */ -#define NSLCD_USERMOD_END 0 /* end of change values */ -#define NSLCD_USERMOD_RESULT 1 /* global result value */ -#define NSLCD_USERMOD_FULLNAME 2 /* full name */ -#define NSLCD_USERMOD_ROOMNUMBER 3 /* room number */ -#define NSLCD_USERMOD_WORKPHONE 4 /* office phone number */ -#define NSLCD_USERMOD_HOMEPHONE 5 /* home phone number */ -#define NSLCD_USERMOD_OTHER 6 /* other info */ -#define NSLCD_USERMOD_HOMEDIR 7 /* home directory */ -#define NSLCD_USERMOD_SHELL 8 /* login shell */ - -/* Request result codes. */ -#define NSLCD_RESULT_BEGIN 1 -#define NSLCD_RESULT_END 2 - -/* Partial list of PAM result codes. */ -#define NSLCD_PAM_SUCCESS 0 /* everything ok */ -#define NSLCD_PAM_PERM_DENIED 6 /* Permission denied */ -#define NSLCD_PAM_AUTH_ERR 7 /* Authc failure */ -#define NSLCD_PAM_CRED_INSUFFICIENT 8 /* Cannot access authc data */ -#define NSLCD_PAM_AUTHINFO_UNAVAIL 9 /* Cannot retrieve authc info */ -#define NSLCD_PAM_USER_UNKNOWN 10 /* User not known */ -#define NSLCD_PAM_MAXTRIES 11 /* Retry limit reached */ -#define NSLCD_PAM_NEW_AUTHTOK_REQD 12 /* Password expired */ -#define NSLCD_PAM_ACCT_EXPIRED 13 /* Account expired */ -#define NSLCD_PAM_SESSION_ERR 14 /* Cannot make/remove session record */ -#define NSLCD_PAM_AUTHTOK_ERR 20 /* Authentication token manipulation error */ -#define NSLCD_PAM_AUTHTOK_DISABLE_AGING 23 /* Password aging disabled */ -#define NSLCD_PAM_IGNORE 25 /* Ignore module */ -#define NSLCD_PAM_ABORT 26 /* Fatal error */ -#define NSLCD_PAM_AUTHTOK_EXPIRED 27 /* authentication token has expired */ - -#endif /* not _NSLCD_H */ diff --git a/src/nslcd-proto/structures.go b/src/nslcd-proto/structures.go deleted file mode 100644 index 7d36940..0000000 --- a/src/nslcd-proto/structures.go +++ /dev/null @@ -1,249 +0,0 @@ - -package nslcd_proto - -import ( - "io" - "fmt" - "net" -) - -//#include "nslcd.h" -import "C" - -type Config struct { - Value string -} -type Request_Config struct { Key int32 } - -type Alias struct { - Name string - Recipients []string -} -type Request_Alias_ByName struct { Name string } -type Request_Alias_All struct {} - -type Ether struct { - Name string - Address [6]byte -} -type Request_Ether_ByName struct { Name string } -type Request_Ether_ByEther struct { Address [6]byte } -type Request_Ether_All struct {} - -type Group struct { - Name string - Password string - ID int32 - Members []string -} -type Request_Group_ByName struct { Name string } -type Request_Group_ByGid struct { GID int32 } -type Request_Group_ByMember struct { Member string } -type Request_Group_All struct {} - -type Host struct { - Name string - Aliases []string - Addresses []net.IP -} -type Request_Host_ByName struct { Name string } -type Request_Host_ByAddr struct { Address net.IP } -type Request_Host_All struct {} - -type Netgroup_Netgroup struct { - Name string -} -type Netgroup_Triple struct { - Host string - User string - Domain string -} -type Netgroup_PartList []interface{} -func (data Netgroup_PartList) NslcdWrite(fd io.Writer) { - for _, part := range data { - var t int32 = -1 - switch part.(type) { - case Netgroup_Netgroup: t = C.NSLCD_NETGROUP_TYPE_NETGROUP - case Netgroup_Triple: t = C.NSLCD_NETGROUP_TYPE_TRIPLE - } - if t < 0 { - panic("invalid netgroup type") - } - write(fd, t) - write(fd, part) - } - write(fd, int32(C.NSLCD_NETGROUP_TYPE_END)) -} -func (data *Netgroup_PartList) NslcdRead(fd io.Reader) { - *data = make([]interface{}, 0) - for { - var t int32 - var v interface{} - read(fd, &t) - switch t { - case C.NSLCD_NETGROUP_TYPE_NETGROUP: - v = Netgroup_Netgroup{} - case C.NSLCD_NETGROUP_TYPE_TRIPLE: - v = Netgroup_Triple{} - case C.NSLCD_NETGROUP_TYPE_END: - return - default: - panic(NslcdError(fmt.Sprintf("unrecognized netgroup type: %d", t))) - } - read(fd, &v) - *data = append(*data, v) - } -} -var _ NslcdObject = Netgroup_PartList{} -var _ NslcdObjectPtr = &Netgroup_PartList{} -type Netgroup struct { - Name string - Parts Netgroup_PartList -} -type Request_Netgroup_ByName struct { Name string } -type Request_Netgroup_All struct {} - -type Network struct { - Name string - Aliases []string - Addresses []net.IP -} -type Request_Network_ByName struct { Name string } -type Request_Network_ByAddr struct { Address net.IP } -type Request_Network_All struct {} - -type Passwd struct { - Name string - Password string - UID int32 - GID int32 - GECOS string - HomeDir string - Shell string -} -type Request_Passwd_ByName struct { Name string } -type Request_Passwd_ByUID struct { UID int32 } -type Request_Passwd_All struct {} - -type Protocol struct { - Name string - Aliases []string - Number int32 -} -type Request_Protocol_ByName struct { Name string } -type Request_Protocol_ByNumber struct { Number int32 } -type Request_Protocol_All struct {} - -type RPC struct { - Name string - Aliases []string - Number int32 -} -type Request_RPC_ByName struct { Name string } -type Request_RPC_ByNumber struct { Number int32 } -type Request_RPC_All struct {} - -type Service struct { - Name string - Aliases []string - PortNumber int32 - Protocol string -} -type Request_Service_ByName struct { Name string } -type Request_Service_ByNumber struct { Number int32 } -type Request_Service_All struct {} - -type Shadow struct { - Name string - Password string - LastChangeDate int32 - MinDays int32 - MaxDays int32 - WarnDays int32 - InactDays int32 - ExpireDate int32 - Flag int32 -} -type Request_Shadow_ByName struct { Name string } -type Request_Shadow_All struct {} - -type PAM_Base struct { - UserName string - ServiceName string - RUser string - RHost string - TTY string -} - -type Request_PAM_Authentication struct { - Base PAM_Base - Password string -} -type PAM_Authentication struct { - AuthenticationResult int32 - UserName string - AuthorizationResult int32 - AuthorizationError string -} - -type PAM_Authorization struct { - Result int32 - Error string -} -type Request_PAM_Authorization struct {} - -type PAM_SessionOpen struct { - SessionID string -} -type Request_PAM_SessionOpen struct {} - -type PAM_SessionClose struct {} -type Request_PAM_SessionClose struct { - SessionID string -} - -type Request_PAM_PwMod struct { - AsRoot int32 - OldPassword string - NewPassword string -} -type PAM_PwMod struct { - Result int32 - Error string -} - -type UserMod_Item struct { - Key int32 - Value string -} -type UserMod_ItemList []UserMod_Item -func (data UserMod_ItemList) NslcdWrite(fd io.Writer) { - for _, item := range data { - write(fd, item) - } - write(fd, int32(C.NSLCD_USERMOD_END)) -} -func (data *UserMod_ItemList) NslcdRead(fd io.Reader) { - *data = make([]UserMod_Item, 0) - for { - var t int32 - read(fd, &t) - if t == C.NSLCD_USERMOD_END { - return - } - var v UserMod_Item - read(fd, &v) - *data = append(*data, v) - } -} -var _ NslcdObject = UserMod_ItemList{} -var _ NslcdObjectPtr = &UserMod_ItemList{} -type Request_UserMod struct { - UserName string - AsRoot int32 - Password string - Items UserMod_ItemList -} -type UserMod struct { - Items []UserMod_Item -} diff --git a/src/nslcd_proto/.gitignore b/src/nslcd_proto/.gitignore new file mode 100644 index 0000000..8a88ae3 --- /dev/null +++ b/src/nslcd_proto/.gitignore @@ -0,0 +1,6 @@ +/struct_backend.go +/func_handlerequest.go +/requests.txt +/responses.txt +/enumerator-list.mk +*@*.go diff --git a/src/nslcd_proto/Makefile b/src/nslcd_proto/Makefile new file mode 100644 index 0000000..2014bdd --- /dev/null +++ b/src/nslcd_proto/Makefile @@ -0,0 +1,31 @@ +all: struct_backend.go func_handlerequest.go +.PHONY: all + +clean: + rm -f -- struct_backend.go func_handlerequest.go enumerator@*.go + rm -f -- enumerator-list.mk requests.txt responses.txt +.PHONY: clean + +ifeq (,$(filter clean,$(MAKECMDGOALS))) +-include enumerator-list.mk +endif + +enumerator@%.go: enumerator@T.got + < $< sed 's/<T>/$*/g' > $@ + +enumerator-list.mk: responses.txt Makefile + < $< sed -rn 's/.*/all: enumerator@&.go/p' > $@ + +requests.txt: nslcd_h.go Makefile + < $< grep -Eo 'Request_([^_ ]+)(_\S+)?' | sed 's/^Request_//' > $@ +responses.txt: struct_backend.go Makefile + < $< sed -rn 's/.* (\S+)_Enumerator$$/\1/p' | sort -u > $@ + +%.go: %.go.sh + ./$^ > $@ + +struct_backend.go: requests.txt +func_handlerequest.go: requests.txt + +.DELETE_ON_ERROR: +.SECONDARY: diff --git a/src/nslcd_proto/enumerator@T.got b/src/nslcd_proto/enumerator@T.got new file mode 100644 index 0000000..88c3603 --- /dev/null +++ b/src/nslcd_proto/enumerator@T.got @@ -0,0 +1,26 @@ +// -*- Mode: Go -*- +package nslcd_proto + +type <T>_Enumerator interface { + GetNext() (n <T>, err error) + GenericGetNext() (n interface{}, err error) +} + +type <T>_List struct { + dat []<T> + i int +} + +func New_<T>_List(ary []<T>) *<T>_List { + return &<T>_List{ary, 0} +} + +func (o *<T>_List) GetNext() (n <T>, err error) { + n = o.dat[o.i] + err = nil + o.i++ + return +} +func (o *<T>_List) GenericGetNext() (n interface{}, err error) { + return o.GetNext() +} diff --git a/src/nslcd_proto/func_handlerequest.go.sh b/src/nslcd_proto/func_handlerequest.go.sh new file mode 100755 index 0000000..0f0c686 --- /dev/null +++ b/src/nslcd_proto/func_handlerequest.go.sh @@ -0,0 +1,54 @@ +#!/usr/bin/env bash +# -*- Mode: Go -*- +requests=$1 +cat <<EOF +package nslcd_proto + +import ( + "fmt" + "io" +) + +type enumerator interface { + GenericGetNext() (n interface{}, err error) +} + +func handleRequest(in io.Reader, out io.Writer, backend Backend) { + var version int32 + read(in, &version) + if version != NSLCD_VERSION { + panic(NslcdError(fmt.Sprintf("version mismatch: server=%#08x client=%#08x", NSLCD_VERSION, version))) + } + var action int32 + read(in, &action) + + var res enumerator = nil + switch action { +$( +while read -r request; do + cat <<EOT + case NSLCD_ACTION_${request^^}: + var req Request_${request} + read(in, &req) + res = backend.${request}(req) +EOT +done < "$requests" +) + default: + panic(NslcdError(fmt.Sprintf("unknown request action: %#08x", action))) + } + write(out, NSLCD_VERSION) + write(out, action) + + var result interface{} + var err error + for result, err = res.GenericGetNext(); (result != nil) && (err != nil); result, err = res.GenericGetNext() { + write(out, NSLCD_RESULT_BEGIN) + write(out, result) + } + if err != nil { + panic(err) + } + write(out, NSLCD_RESULT_END) +} +EOF diff --git a/src/nslcd-proto/io.go b/src/nslcd_proto/io.go index 9ed6fd5..0804e98 100644 --- a/src/nslcd-proto/io.go +++ b/src/nslcd_proto/io.go @@ -11,9 +11,16 @@ import ( //#include <sys/socket.h> import "C" +type NslcdObject interface { + NslcdWrite(fd io.Writer) +} +type NslcdObjectPtr interface { + NslcdRead(fd io.Reader) +} + func write(fd io.Writer, data interface{}) { switch data := data.(type) { - // basic data types + // basic data types case []byte: _, err := fd.Write(data) if err != nil { @@ -26,7 +33,7 @@ func write(fd io.Writer, data interface{}) { } case NslcdObject: data.NslcdWrite(fd) - // composite datatypes + // composite datatypes case string: write(fd, int32(len(data))) write(fd, []byte(data)) @@ -38,8 +45,10 @@ func write(fd io.Writer, data interface{}) { case net.IP: var af int32 = -1 switch len(data) { - case net.IPv4len: af = C.AF_INET - case net.IPv6len: af = C.AF_INET6 + case net.IPv4len: + af = C.AF_INET + case net.IPv6len: + af = C.AF_INET6 } var bytes []byte if af < 0 { @@ -63,7 +72,7 @@ func write(fd io.Writer, data interface{}) { write(fd, v.Field(i).Interface()) } default: - panic("invalid NSLCD protocol data") + panic("Invalid structure for NSLCD protocol data") } } panic("not reached") @@ -71,7 +80,7 @@ func write(fd io.Writer, data interface{}) { func read(fd io.Reader, data interface{}) { switch data := data.(type) { - // basic data types + // basic data types case *[]byte: _, err := fd.Read(*data) if err != nil { @@ -84,7 +93,7 @@ func read(fd io.Reader, data interface{}) { } case NslcdObjectPtr: data.NslcdRead(fd) - // composite datatypes + // composite datatypes case *string: var len int32 read(fd, &len) @@ -103,15 +112,17 @@ func read(fd io.Reader, data interface{}) { read(fd, &af) var _len int32 switch af { - case C.AF_INET: _len = net.IPv4len; - case C.AF_INET6: _len = net.IPv6len; + case C.AF_INET: + _len = net.IPv4len + case C.AF_INET6: + _len = net.IPv6len default: - panic(NslcdError(fmt.Sprintf("incorrect address family specified: %d", af))); + panic(NslcdError(fmt.Sprintf("incorrect address family specified: %d", af))) } var len int32 read(fd, &len) - if (len != _len) { - panic(NslcdError(fmt.Sprintf("address length incorrect: %d", len))); + if len != _len { + panic(NslcdError(fmt.Sprintf("address length incorrect: %d", len))) } buf := make([]byte, len) read(fd, &buf) @@ -123,9 +134,6 @@ func read(fd io.Reader, data interface{}) { for i := 0; i < int(num); i++ { read(fd, &((*data)[i])) } - // Entities - case Netgroup: - read(fd, &data.Name) default: v := reflect.ValueOf(data) switch v.Kind() { @@ -134,7 +142,7 @@ func read(fd io.Reader, data interface{}) { read(fd, v.Field(i).Interface()) } default: - panic("invalid NSLCD protocol data") + panic("Invalid structure for NSLCD protocol data") } } panic("not reached") diff --git a/src/nslcd_proto/nslcd_h.go b/src/nslcd_proto/nslcd_h.go new file mode 100644 index 0000000..56c1316 --- /dev/null +++ b/src/nslcd_proto/nslcd_h.go @@ -0,0 +1,449 @@ +// This file is based heavily on nslcd.h from nss-pam-ldapd +/* + nslcd.h - file describing client/server protocol + + Copyright (C) 2006 West Consulting + Copyright (C) 2006, 2007, 2009, 2010, 2011, 2012, 2013 Arthur de Jong + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + 02110-1301 USA +*/ + +package nslcd_proto + +import ( + "fmt" + "io" + "net" +) + +type void struct{} + +/* + The protocol used between the nslcd client and server is a simple binary + protocol. It is request/response based where the client initiates a + connection, does a single request and closes the connection again. Any + mangled or not understood messages will be silently ignored by the server. + + A request looks like: + INT32 NSLCD_VERSION + INT32 NSLCD_ACTION_* + [request parameters if any] + A response looks like: + INT32 NSLCD_VERSION + INT32 NSLCD_ACTION_* (the original request type) + [result(s)] + INT32 NSLCD_RESULT_END + A single result entry looks like: + NSLCD_RESULT_BEGIN int32 + [result value(s)] + If a response would return multiple values (e.g. for NSLCD_ACTION_*_ALL + functions) each return value will be preceded by a NSLCD_RESULT_BEGIN + value. After the last returned result the server sends + NSLCD_RESULT_END. If some error occurs (e.g. LDAP server unavailable, + error in the request, etc) the server terminates the connection to signal + an error condition (breaking the protocol). + + These are the available basic data types: + INT32 - 32-bit integer value + TYPE - a typed field that is transferred using sizeof() + STRING - a string length (32bit) followed by the string value (not + null-terminted) the string itself is assumed to be UTF-8 + STRINGLIST - a 32-bit number noting the number of strings followed by + the strings one at a time + + Furthermore the ADDRESS compound data type is defined as: + INT32 type of address: e.g. AF_INET or AF_INET6 + INT32 lenght of address + RAW the address itself + With the ADDRESSLIST using the same construct as with STRINGLIST. + + The protocol uses network byte order for all types. +*/ +// These basic data types are implemented in `io.go` + +/* The current version of the protocol. This protocol should only be + updated with major backwards-incompatible changes. */ +const NSLCD_VERSION int32 = 0x00000002 + +/* Get a NSLCD configuration option. There is one request parameter: */ +type Request_Config_Get struct { + Key int32 +} +/* the result value is: */ +type Config struct { + Value string /* interpretation depending on request */ +} +const NSLCD_ACTION_CONFIG_GET int32 = 0x00010001 + +const ( + /* return the message, if any, that is presented to the user when password + modification through PAM is prohibited */ + NSLCD_CONFIG_PAM_PASSWORD_PROHIBIT_MESSAGE int32 = 1 +) + +/* Email alias (/etc/aliases) NSS requests. The result values for a + single entry are: */ +type Alias struct { + Name string + Recipients []string +} +const NSLCD_ACTION_ALIAS_BYNAME int32 = 0x00020001; type Request_Alias_ByName string +const NSLCD_ACTION_ALIAS_ALL int32 = 0x00020008; type Request_Alias_All void + +/* Ethernet address/name mapping NSS requests. The result values for a + single entry are: */ +type Ether struct { + Name string + Address [6]byte +} +const NSLCD_ACTION_ETHER_BYNAME int32 = 0x00030001; type Request_Ether_ByName string +const NSLCD_ACTION_ETHER_BYETHER int32 = 0x00030002; type Request_Ether_ByEther [6]byte +const NSLCD_ACTION_ETHER_ALL int32 = 0x00030008; type Request_Ether_All void + +/* Group and group membership related NSS requests. The result values + for a single entry are: */ +type Group struct { + Name string + Password string + ID int32 + Members []string +} +/* (note that the BYMEMER call returns an emtpy members list) */ +const NSLCD_ACTION_GROUP_BYNAME int32 = 0x00040001; type Request_Group_ByName string +const NSLCD_ACTION_GROUP_BYGID int32 = 0x00040002; type Request_Group_ByGid int32 +const NSLCD_ACTION_GROUP_BYMEMBER int32 = 0x00040006; type Request_Group_ByMember string +const NSLCD_ACTION_GROUP_ALL int32 = 0x00040008; type Request_Group_All void + +/* Hostname (/etc/hosts) lookup NSS requests. The result values + for an entry are: */ +type Host struct { + Name string + Aliases []string + Addresses []net.IP +} +const NSLCD_ACTION_HOST_BYNAME int32 = 0x00050001; type Request_Host_ByName string +const NSLCD_ACTION_HOST_BYADDR int32 = 0x00050002; type Request_Host_ByAddr net.IP +const NSLCD_ACTION_HOST_ALL int32 = 0x00050008; type Request_Host_All void + +/* Netgroup NSS result entries contain a number of parts. A result entry + starts with: + STRING netgroup name + followed by zero or more references to other netgroups or netgroup + triples. A reference to another netgroup looks like: + INT32 NSLCD_NETGROUP_TYPE_NETGROUP + STRING other netgroup name + A a netgroup triple looks like: + INT32 NSLCD_NETGROUP_TYPE_TRIPLE + STRING host + STRING user + STRING domain + A netgroup result entry is terminated by: + INT32 NSLCD_NETGROUP_TYPE_END + */ +type Netgroup_Netgroup struct { + Name string +} +type Netgroup_Triple struct { + Host string + User string + Domain string +} +type Netgroup_PartList []interface{} +func (data Netgroup_PartList) NslcdWrite(fd io.Writer) { + for _, part := range data { + var t int32 = -1 + switch part.(type) { + case Netgroup_Netgroup: t = NSLCD_NETGROUP_TYPE_NETGROUP + case Netgroup_Triple: t = NSLCD_NETGROUP_TYPE_TRIPLE + } + if t < 0 { + panic("unrecognized netgroup type") + } + write(fd, t) + write(fd, part) + } + write(fd, NSLCD_NETGROUP_TYPE_END) +} +func (data *Netgroup_PartList) NslcdRead(fd io.Reader) { + *data = make([]interface{}, 0) + for { + var t int32 + var v interface{} + read(fd, &t) + switch t { + case NSLCD_NETGROUP_TYPE_NETGROUP: + v = Netgroup_Netgroup{} + case NSLCD_NETGROUP_TYPE_TRIPLE: + v = Netgroup_Triple{} + case NSLCD_NETGROUP_TYPE_END: + return + default: + panic(NslcdError(fmt.Sprintf("unrecognized netgroup type: %#08x", t))) + } + read(fd, &v) + *data = append(*data, v) + } +} +var _ NslcdObject = Netgroup_PartList{} +var _ NslcdObjectPtr = &Netgroup_PartList{} +type Netgroup struct { + Name string + Parts Netgroup_PartList +} +const NSLCD_ACTION_NETGROUP_BYNAME int32 = 0x00060001; type Request_Netgroup_ByName string +const NSLCD_ACTION_NETGROUP_ALL int32 = 0x00060008; type Request_Netgroup_All void +const ( + NSLCD_NETGROUP_TYPE_NETGROUP int32 = 1 + NSLCD_NETGROUP_TYPE_TRIPLE int32 = 2 + NSLCD_NETGROUP_TYPE_END int32 = 3 +) + +/* Network name (/etc/networks) NSS requests. Result values for a single + entry are: */ +type Network struct { + Name string + Aliases []string + Addresses []net.IP +} +const NSLCD_ACTION_NETWORK_BYNAME int32 = 0x00070001; type Request_Network_ByName string +const NSLCD_ACTION_NETWORK_BYADDR int32 = 0x00070002; type Request_Network_ByAddr net.IP +const NSLCD_ACTION_NETWORK_ALL int32 = 0x00070008; type Request_Network_All void + +/* User account (/etc/passwd) NSS requests. Result values are: */ +type Passwd struct { + Name string + Password string + UID int32 + GID int32 + GECOS string + HomeDir string + Shell string +} +const NSLCD_ACTION_PASSWD_BYNAME int32 = 0x00080001; type Request_Passwd_ByName string +const NSLCD_ACTION_PASSWD_BYUID int32 = 0x00080002; type Request_Passwd_ByUID int32 +const NSLCD_ACTION_PASSWD_ALL int32 = 0x00080008; type Request_Passwd_All void + +/* Protocol information requests. Result values are: */ +type Protocol struct { + Name string + Aliases []string + Number int32 +} +const NSLCD_ACTION_PROTOCOL_BYNAME int32 = 0x00090001; type Request_Protocol_ByName string +const NSLCD_ACTION_PROTOCOL_BYNUMBER int32 = 0x00090002; type Request_Protocol_ByNumber int32 +const NSLCD_ACTION_PROTOCOL_ALL int32 = 0x00090008; type Request_Protocol_All void + +/* RPC information requests. Result values are: */ +type RPC struct { + Name string + Aliases []string + Number int32 +} +const NSLCD_ACTION_RPC_BYNAME int32 = 0x000a0001; type Request_RPC_ByName string +const NSLCD_ACTION_RPC_BYNUMBER int32 = 0x000a0002; type Request_RPC_ByNumber int32 +const NSLCD_ACTION_RPC_ALL int32 = 0x000a0008; type Request_RPC_All void + +/* Service (/etc/services) information requests. The BYNAME and BYNUMBER + requests contain an extra protocol string in the request which, if not + blank, will filter the services by this protocol. Result values are: */ +type Service struct { + Name string + Aliases []string + PortNumber int32 + Protocol string +} +const NSLCD_ACTION_SERVICE_BYNAME int32 = 0x000b0001; type Request_Service_ByName string +const NSLCD_ACTION_SERVICE_BYNUMBER int32 = 0x000b0002; type Request_Service_ByNumber int32 +const NSLCD_ACTION_SERVICE_ALL int32 = 0x000b0008; type Request_Service_All void + +/* Extended user account (/etc/shadow) information requests. Result + values for a single entry are: */ +type Shadow struct { + Name string + Password string + LastChangeDate int32 + MinDays int32 + MaxDays int32 + WarnDays int32 + InactDays int32 + ExpireDate int32 + Flag int32 +} +const NSLCD_ACTION_SHADOW_BYNAME int32 = 0x000c0001; type Request_Shadow_ByName string +const NSLCD_ACTION_SHADOW_ALL int32 = 0x000c0008; type Request_Shadow_All void + +/* PAM-related requests. The request parameters for all these requests + begin with: */ +type PAM_Base struct { + UserName string + ServiceName string + RUser string + RHost string + TTY string +} +/* If the user is not known in LDAP no result may be returned (immediately + return NSLCD_RESULT_END instead of a PAM error code). */ + +/* PAM authentication check request. The extra request values are: */ +type Request_PAM_Authentication struct { + Base PAM_Base + Password string +} +/* and the result value consists of: */ +type PAM_Authentication struct { + AuthenticationResult int32 + UserName string + AuthorizationResult int32 + AuthorizationError string +} +/* If the username is empty in this request an attempt is made to + authenticate as the administrator (set using rootpwmoddn). + Some authorisation checks are already done during authentication so the + response also includes authorisation information. */ +const NSLCD_ACTION_PAM_AUTHENTICATION int32 = 0x000d0001 + +/* PAM authorisation check request. The result value consists of: */ +type PAM_Authorization struct { + Result int32 + Error string +} +/* The authentication check may have already returned some authorisation + information. The authorisation error message, if supplied, will be used + by the PAM module instead of a message that is generated by the PAM + module itself. */ +const NSLCD_ACTION_PAM_AUTHORIZATION int32 = 0x000d0002; type Request_PAM_Authorization void + +/* PAM session open request. The result value consists of: */ +type PAM_SessionOpen struct { + SessionID string +} +/* This session id may be used to close this session with. */ +const NSLCD_ACTION_PAM_SESSIONOPEN int32 = 0x000d0003; type Request_PAM_SessionOpen void + +/* PAM session close request. This request has the following + extra request value: */ +type Request_PAM_SessionClose struct { + SessionID string +} +/* and this calls only returns an empty response value. */ +type PAM_SessionClose void +const NSLCD_ACTION_PAM_SESSIONCLOSE int32 = 0x000d0004 + +/* PAM password modification request. This requests has the following extra + request values: */ +type Request_PAM_PwMod struct { + AsRoot int32 /* 0=oldpasswd is user passwd, 1=oldpasswd is root passwd */ + OldPassword string + NewPassword string +} +/* and returns the result values: */ +type PAM_PwMod struct { + Result int32 + Error string +} +const NSLCD_ACTION_PAM_PWMOD int32 = 0x000d0005 + +/* User information change request. This request allows one to change + their full name and other information. The request parameters for this + request are: + STRING user name + INT32 asroot: 0=passwd is user passwd, 1=passwd is root passwd + STRING password + followed by one or more of the below, terminated by NSLCD_USERMOD_END + INT32 NSLCD_USERMOD_* + STRING new value + the response consists of one or more of the entries below, terminated + by NSLCD_USERMOD_END: + INT32 NSLCD_USERMOD_* + STRING response + (if the response is blank, the change went OK, otherwise the string + contains an error message) + */ +type UserMod_Item struct { + Key int32 + Value string +} +type UserMod_ItemList []UserMod_Item +func (data UserMod_ItemList) NslcdWrite(fd io.Writer) { + for _, item := range data { + write(fd, item) + } + write(fd, NSLCD_USERMOD_END) +} +func (data *UserMod_ItemList) NslcdRead(fd io.Reader) { + *data = make([]UserMod_Item, 0) + for { + var t int32 + read(fd, &t) + if t == NSLCD_USERMOD_END { + return + } + var v UserMod_Item + read(fd, &v) + *data = append(*data, v) + } +} +var _ NslcdObject = UserMod_ItemList{} +var _ NslcdObjectPtr = &UserMod_ItemList{} +type Request_UserMod struct { + UserName string + AsRoot int32 + Password string + Items UserMod_ItemList +} +type UserMod struct { + Items []UserMod_Item +} +const NSLCD_ACTION_USERMOD int32 = 0x000e0001 + +/* These are the possible values for the NSLCD_ACTION_USERMOD operation + above. */ +const ( + NSLCD_USERMOD_END int32 = 0 /* end of change values */ + NSLCD_USERMOD_RESULT int32 = 1 /* global result value */ + NSLCD_USERMOD_FULLNAME int32 = 2 /* full name */ + NSLCD_USERMOD_ROOMNUMBER int32 = 3 /* room number */ + NSLCD_USERMOD_WORKPHONE int32 = 4 /* office phone number */ + NSLCD_USERMOD_HOMEPHONE int32 = 5 /* home phone number */ + NSLCD_USERMOD_OTHER int32 = 6 /* other info */ + NSLCD_USERMOD_HOMEDIR int32 = 7 /* home directory */ + NSLCD_USERMOD_SHELL int32 = 8 /* login shell */ +) + +/* Request result codes. */ +const ( + NSLCD_RESULT_BEGIN int32 = 1 + NSLCD_RESULT_END int32 = 2 +) + +/* Partial list of PAM result codes. */ +const ( + NSLCD_PAM_SUCCESS int32 = 0 /* everything ok */ + NSLCD_PAM_PERM_DENIED int32 = 6 /* Permission denied */ + NSLCD_PAM_AUTH_ERR int32 = 7 /* Authc failure */ + NSLCD_PAM_CRED_INSUFFICIENT int32 = 8 /* Cannot access authc data */ + NSLCD_PAM_AUTHINFO_UNAVAIL int32 = 9 /* Cannot retrieve authc info */ + NSLCD_PAM_USER_UNKNOWN int32 = 10 /* User not known */ + NSLCD_PAM_MAXTRIES int32 = 11 /* Retry limit reached */ + NSLCD_PAM_NEW_AUTHTOK_REQD int32 = 12 /* Password expired */ + NSLCD_PAM_ACCT_EXPIRED int32 = 13 /* Account expired */ + NSLCD_PAM_SESSION_ERR int32 = 14 /* Cannot make/remove session record */ + NSLCD_PAM_AUTHTOK_ERR int32 = 20 /* Authentication token manipulation error */ + NSLCD_PAM_AUTHTOK_DISABLE_AGING int32 = 23 /* Password aging disabled */ + NSLCD_PAM_IGNORE int32 = 25 /* Ignore module */ + NSLCD_PAM_ABORT int32 = 26 /* Fatal error */ + NSLCD_PAM_AUTHTOK_EXPIRED int32 = 27 /* authentication token has expired */ +) diff --git a/src/nslcd_proto/struct_backend.go.sh b/src/nslcd_proto/struct_backend.go.sh new file mode 100755 index 0000000..792ae84 --- /dev/null +++ b/src/nslcd_proto/struct_backend.go.sh @@ -0,0 +1,10 @@ +#!/usr/bin/env bash +requests=$1 +cat <<EOF | gofmt +package nslcd_proto + +type Backend interface { + $(sed -rn 's/([^_]+)(.*)/\1\2(Request_\1\2) \1_Enumerator/p' "$requests" | grep -v PAM) + $(sed -rn 's/(PAM)(.*)/\1\2(Request_\1\2) \1\2_Enumerator/p' "$requests") +} +EOF diff --git a/src/nslcd-proto/util.go b/src/nslcd_proto/util.go index ec74df2..38c5705 100644 --- a/src/nslcd-proto/util.go +++ b/src/nslcd_proto/util.go @@ -3,17 +3,11 @@ package nslcd_proto import "io" type NslcdError string + func (o NslcdError) Error() string { return string(o) } -type NslcdObject interface { - NslcdWrite(fd io.Writer) -} -type NslcdObjectPtr interface { - NslcdRead(fd io.Reader) -} - func Write(fd io.Writer, data interface{}) (err error) { err = nil defer func() { @@ -42,6 +36,27 @@ func Read(fd io.Reader, data interface{}) (err error) { } } }() - read(fd, data); + read(fd, data) return } + +func HandleRequest(in io.Reader, out io.Writer, backend Backend) (err error) { + err = nil + defer func() { + if r := recover(); r != nil { + switch r := r.(type) { + case error: + err = r + default: + panic(r) + } + } + }() + handleRequest(in, out, backend) + return +} + +// Initialize() error { func +// e := c.SetReadDeadline(...) +// e := c.SetWriteDeadline(...) +// } diff --git a/src/sd-daemon/listen_fds.go b/src/sd_daemon/listen_fds.go index c90d373..45ef699 100644 --- a/src/sd-daemon/listen_fds.go +++ b/src/sd_daemon/listen_fds.go @@ -14,7 +14,7 @@ // limitations under the License. // Package activation implements primitives for systemd socket activation. -package listen +package sd_daemon import ( "os" diff --git a/src/sd-daemon/logger/logger.go b/src/sd_daemon/logger/logger.go index cfabe9f..6c09604 100644 --- a/src/sd-daemon/logger/logger.go +++ b/src/sd_daemon/logger/logger.go @@ -1,13 +1,16 @@ package logger -import ("fmt"; "os") +import ( + "fmt" + "os" +) //#include <systemd/sd-daemon.h> import "C" func log(level string, format string, a ...interface{}) { - f := level + format + "\n"; - fmt.Fprintf(os.Stderr, f, a); + f := level + format + "\n" + fmt.Fprintf(os.Stderr, f, a) } /* system is unusable */ func Emerg( format string, a ...interface{}) { log(C.SD_EMERG , format, a); } |