summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/cmd-nshd/.gitignore1
-rw-r--r--src/cmd-nshd/main.go.in32
m---------src/gopkg.in/yaml.v20
m---------src/lukeshu.com/git/go/libgnulinux.git0
m---------src/lukeshu.com/git/go/libnslcd.git0
m---------src/lukeshu.com/git/go/libsystemd.git0
-rw-r--r--src/parabola_hackers/.gitignore2
-rw-r--r--src/parabola_hackers/nslcd_backend/db_config.go40
-rw-r--r--src/parabola_hackers/nslcd_backend/db_group.go141
-rw-r--r--src/parabola_hackers/nslcd_backend/db_pam.go167
-rw-r--r--src/parabola_hackers/nslcd_backend/db_passwd.go82
-rw-r--r--src/parabola_hackers/nslcd_backend/db_shadow.go78
-rw-r--r--src/parabola_hackers/nslcd_backend/hackers.go122
-rw-r--r--src/parabola_hackers/nslcd_backend/util.go58
-rw-r--r--src/parabola_hackers/passwords.go.in94
-rw-r--r--src/parabola_hackers/users.go.in141
-rw-r--r--src/parabola_hackers/util.go47
17 files changed, 0 insertions, 1005 deletions
diff --git a/src/cmd-nshd/.gitignore b/src/cmd-nshd/.gitignore
deleted file mode 100644
index 00870e2..0000000
--- a/src/cmd-nshd/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-/main.go
diff --git a/src/cmd-nshd/main.go.in b/src/cmd-nshd/main.go.in
deleted file mode 100644
index b8c3e71..0000000
--- a/src/cmd-nshd/main.go.in
+++ /dev/null
@@ -1,32 +0,0 @@
-// Copyright 2015-2016 Luke Shumaker <lukeshu@sbcglobal.net>.
-//
-// This is free software; you can redistribute it and/or
-// modify it under the terms of the GNU General Public License as
-// published by the Free Software Foundation; either version 2 of
-// the License, or (at your option) any later version.
-//
-// This software is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public
-// License along with this manual; if not, see
-// <http://www.gnu.org/licenses/>.
-
-// Command nshd is an implementation of nslcd that talks to hackers.git instead of LDAP.
-package main
-
-import (
- "os"
- hackers_nslcd_backend "parabola_hackers/nslcd_backend"
-
- nslcd_systemd "lukeshu.com/git/go/libnslcd.git/systemd"
-)
-
-func main() {
- backend := &hackers_nslcd_backend.Hackers{
- CfgFilename: "@conf_file@",
- }
- os.Exit(int(nslcd_systemd.Main(backend)))
-}
diff --git a/src/gopkg.in/yaml.v2 b/src/gopkg.in/yaml.v2
deleted file mode 160000
-Subproject f7716cbe52baa25d2e9b0d0da546fcf909fc16b
diff --git a/src/lukeshu.com/git/go/libgnulinux.git b/src/lukeshu.com/git/go/libgnulinux.git
deleted file mode 160000
-Subproject d8c4fd9aef9137b04e4311a1f50024ab88d4c6e
diff --git a/src/lukeshu.com/git/go/libnslcd.git b/src/lukeshu.com/git/go/libnslcd.git
deleted file mode 160000
-Subproject 99adee24d96f27f08fecc0a56b3c26c68804529
diff --git a/src/lukeshu.com/git/go/libsystemd.git b/src/lukeshu.com/git/go/libsystemd.git
deleted file mode 160000
-Subproject 89efdfbee5f9a22f9dd1083f7a383daba54d4f1
diff --git a/src/parabola_hackers/.gitignore b/src/parabola_hackers/.gitignore
deleted file mode 100644
index 3be3f08..0000000
--- a/src/parabola_hackers/.gitignore
+++ /dev/null
@@ -1,2 +0,0 @@
-/users.go
-/passwords.go
diff --git a/src/parabola_hackers/nslcd_backend/db_config.go b/src/parabola_hackers/nslcd_backend/db_config.go
deleted file mode 100644
index e78643b..0000000
--- a/src/parabola_hackers/nslcd_backend/db_config.go
+++ /dev/null
@@ -1,40 +0,0 @@
-// Copyright 2015-2016 Luke Shumaker <lukeshu@sbcglobal.net>.
-//
-// This is free software; you can redistribute it and/or
-// modify it under the terms of the GNU General Public License as
-// published by the Free Software Foundation; either version 2 of
-// the License, or (at your option) any later version.
-//
-// This software is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public
-// License along with this manual; if not, see
-// <http://www.gnu.org/licenses/>.
-
-package hackers_nslcd_backend
-
-import (
- s "syscall"
-
- p "lukeshu.com/git/go/libnslcd.git/proto"
-)
-
-func (o *Hackers) Config_Get(cred s.Ucred, req p.Request_Config_Get) <-chan p.Config {
- o.lock.RLock()
- ret := make(chan p.Config)
- go func() {
- defer o.lock.RUnlock()
- defer close(ret)
-
- switch req.Key {
- case p.NSLCD_CONFIG_PAM_PASSWORD_PROHIBIT_MESSAGE:
- if o.cfg.Pam_password_prohibit_message != "" {
- ret <- p.Config{Value: o.cfg.Pam_password_prohibit_message}
- }
- }
- }()
- return ret
-}
diff --git a/src/parabola_hackers/nslcd_backend/db_group.go b/src/parabola_hackers/nslcd_backend/db_group.go
deleted file mode 100644
index 18e54b1..0000000
--- a/src/parabola_hackers/nslcd_backend/db_group.go
+++ /dev/null
@@ -1,141 +0,0 @@
-// Copyright 2015-2016 Luke Shumaker <lukeshu@sbcglobal.net>.
-//
-// This is free software; you can redistribute it and/or
-// modify it under the terms of the GNU General Public License as
-// published by the Free Software Foundation; either version 2 of
-// the License, or (at your option) any later version.
-//
-// This software is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public
-// License along with this manual; if not, see
-// <http://www.gnu.org/licenses/>.
-
-package hackers_nslcd_backend
-
-import (
- "parabola_hackers"
- s "syscall"
-
- p "lukeshu.com/git/go/libnslcd.git/proto"
-)
-
-func (o *Hackers) groupByName(name string, users bool) p.Group {
- members_set, found := o.groups[name]
- if !found {
- return p.Group{ID: -1}
- }
- gid := name2gid(name)
- if gid < 0 {
- return p.Group{ID: -1}
- }
- var members_list []string
- if users {
- members_list = parabola_hackers.Set2list(members_set)
- } else {
- members_list = make([]string, 0)
- }
- return p.Group{
- Name: name,
- PwHash: "x",
- ID: gid,
- Members: members_list,
- }
-}
-
-func (o *Hackers) groupByGid(gid int32, users bool) p.Group {
- name, found := gid2name(gid)
- if !found {
- return p.Group{ID: -1}
- }
- members_set, found := o.groups[name]
- if !found {
- return p.Group{ID: -1}
- }
- var members_list []string
- if users {
- members_list = parabola_hackers.Set2list(members_set)
- } else {
- members_list = make([]string, 0)
- }
- return p.Group{
- Name: name,
- PwHash: "x",
- ID: gid,
- Members: members_list,
- }
-}
-
-func (o *Hackers) Group_ByName(cred s.Ucred, req p.Request_Group_ByName) <-chan p.Group {
- o.lock.RLock()
- ret := make(chan p.Group)
- go func() {
- defer o.lock.RUnlock()
- defer close(ret)
-
- group := o.groupByName(req.Name, true)
- if group.ID < 0 {
- return
- }
- ret <- group
- }()
- return ret
-}
-
-func (o *Hackers) Group_ByGid(cred s.Ucred, req p.Request_Group_ByGid) <-chan p.Group {
- o.lock.RLock()
- ret := make(chan p.Group)
- go func() {
- defer o.lock.RUnlock()
- defer close(ret)
-
- group := o.groupByGid(req.Gid, true)
- if group.ID < 0 {
- return
- }
- ret <- group
- }()
- return ret
-}
-
-// note that the BYMEMBER call returns an empty members list
-func (o *Hackers) Group_ByMember(cred s.Ucred, req p.Request_Group_ByMember) <-chan p.Group {
- o.lock.RLock()
- ret := make(chan p.Group)
- go func() {
- defer o.lock.RUnlock()
- defer close(ret)
-
- uid := o.name2uid(req.Member)
- if uid < 0 {
- return
- }
- for _, name := range o.users[uid].Groups {
- group := o.groupByName(name, false)
- if group.ID >= 0 {
- ret <- group
- }
- }
- }()
- return ret
-}
-
-func (o *Hackers) Group_All(cred s.Ucred, req p.Request_Group_All) <-chan p.Group {
- o.lock.RLock()
- ret := make(chan p.Group)
- go func() {
- defer o.lock.RUnlock()
- defer close(ret)
-
- for name, _ := range o.groups {
- group := o.groupByName(name, true)
- if group.ID >= 0 {
- ret <- group
- }
- }
- }()
- return ret
-}
diff --git a/src/parabola_hackers/nslcd_backend/db_pam.go b/src/parabola_hackers/nslcd_backend/db_pam.go
deleted file mode 100644
index 3374170..0000000
--- a/src/parabola_hackers/nslcd_backend/db_pam.go
+++ /dev/null
@@ -1,167 +0,0 @@
-// Copyright 2015-2016 Luke Shumaker <lukeshu@sbcglobal.net>.
-//
-// This is free software; you can redistribute it and/or
-// modify it under the terms of the GNU General Public License as
-// published by the Free Software Foundation; either version 2 of
-// the License, or (at your option) any later version.
-//
-// This software is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public
-// License along with this manual; if not, see
-// <http://www.gnu.org/licenses/>.
-
-package hackers_nslcd_backend
-
-import (
- "fmt"
- "parabola_hackers"
- s "syscall"
-
- "lukeshu.com/git/go/libgnulinux.git/crypt"
- p "lukeshu.com/git/go/libnslcd.git/proto"
- "lukeshu.com/git/go/libsystemd.git/sd_daemon/logger"
-)
-
-func checkPassword(password string, hash string) bool {
- return crypt.Crypt(password, hash) == hash
-}
-
-func hashPassword(newPassword string, oldHash string) string {
- salt := oldHash
- if salt == "!" {
- str, err := parabola_hackers.RandomString(crypt.SaltAlphabet, 8)
- if err != nil {
- logger.Err("Could not generate a random string")
- str = ""
- }
- salt = "$6$" + str + "$"
- }
- return crypt.Crypt(newPassword, salt)
-}
-
-func (o *Hackers) PAM_Authentication(cred s.Ucred, req p.Request_PAM_Authentication) <-chan p.PAM_Authentication {
- o.lock.RLock()
- ret := make(chan p.PAM_Authentication)
- go func() {
- defer o.lock.RUnlock()
- defer close(ret)
-
- uid := o.name2uid(req.UserName)
- if uid < 0 {
- return
- }
-
- user := o.users[uid]
- obj := p.PAM_Authentication{
- AuthenticationResult: p.NSLCD_PAM_AUTH_ERR,
- UserName: "",
- AuthorizationResult: p.NSLCD_PAM_AUTH_ERR,
- AuthorizationError: "",
- }
- if checkPassword(req.Password, user.Passwd.PwHash) {
- obj.AuthenticationResult = p.NSLCD_PAM_SUCCESS
- obj.AuthorizationResult = obj.AuthenticationResult
- obj.UserName = user.Passwd.Name
- }
- ret <- obj
- }()
- return ret
-}
-
-func (o *Hackers) PAM_Authorization(cred s.Ucred, req p.Request_PAM_Authorization) <-chan p.PAM_Authorization {
- o.lock.RLock()
- ret := make(chan p.PAM_Authorization)
- go func() {
- defer o.lock.RUnlock()
- defer close(ret)
-
- uid := o.name2uid(req.UserName)
- if uid < 0 {
- return
- }
- ret <- p.PAM_Authorization{
- Result: p.NSLCD_PAM_SUCCESS,
- Error: "",
- }
- }()
- return ret
-}
-
-const alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
-
-func (o *Hackers) PAM_SessionOpen(cred s.Ucred, req p.Request_PAM_SessionOpen) <-chan p.PAM_SessionOpen {
- ret := make(chan p.PAM_SessionOpen)
- go func() {
- defer close(ret)
-
- sessionid, err := parabola_hackers.RandomString(alphabet, 24)
- if err != nil {
- return
- }
- ret <- p.PAM_SessionOpen{SessionID: sessionid}
- }()
- return ret
-}
-
-func (o *Hackers) PAM_SessionClose(cred s.Ucred, req p.Request_PAM_SessionClose) <-chan p.PAM_SessionClose {
- ret := make(chan p.PAM_SessionClose)
- go close(ret)
- return ret
-}
-
-func (o *Hackers) PAM_PwMod(cred s.Ucred, req p.Request_PAM_PwMod) <-chan p.PAM_PwMod {
- ret := make(chan p.PAM_PwMod)
- o.lock.Lock()
- go func() {
- defer close(ret)
- defer o.lock.Unlock()
-
- uid := o.name2uid(req.UserName)
- if uid < 0 {
- return
- }
- user := o.users[uid]
-
- // Check the OldPassword
- if req.AsRoot == 1 {
- if !checkPassword(req.OldPassword, user.Passwd.PwHash) {
- ret <- p.PAM_PwMod{
- Result: p.NSLCD_PAM_PERM_DENIED,
- Error: fmt.Sprintf("password change failed: %s", "Old password did not match"),
- }
- return
- }
- }
-
- // Update the PwHash in memory
- user.Passwd.PwHash = hashPassword(req.NewPassword, user.Passwd.PwHash)
- if user.Passwd.PwHash == "" {
- logger.Err("Password hashing failed")
- return
- }
-
- // Update the PwHash on disk
- passwords := make(map[string]string, len(o.users))
- for _, ouser := range o.users {
- passwords[ouser.Passwd.Name] = ouser.Passwd.PwHash
- }
- passwords[user.Passwd.Name] = user.Passwd.PwHash
- err := parabola_hackers.SaveAllPasswords(passwords)
- if err != nil {
- logger.Err("Writing passwords to disk: %v", err)
- return
- }
-
- // Ok, we're done, commit the changes
- o.users[uid] = user
- ret <- p.PAM_PwMod{
- Result: p.NSLCD_PAM_SUCCESS,
- Error: "",
- }
- }()
- return ret
-}
diff --git a/src/parabola_hackers/nslcd_backend/db_passwd.go b/src/parabola_hackers/nslcd_backend/db_passwd.go
deleted file mode 100644
index 3f32ddd..0000000
--- a/src/parabola_hackers/nslcd_backend/db_passwd.go
+++ /dev/null
@@ -1,82 +0,0 @@
-// Copyright 2015-2016 Luke Shumaker <lukeshu@sbcglobal.net>.
-//
-// This is free software; you can redistribute it and/or
-// modify it under the terms of the GNU General Public License as
-// published by the Free Software Foundation; either version 2 of
-// the License, or (at your option) any later version.
-//
-// This software is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public
-// License along with this manual; if not, see
-// <http://www.gnu.org/licenses/>.
-
-package hackers_nslcd_backend
-
-import (
- s "syscall"
-
- p "lukeshu.com/git/go/libnslcd.git/proto"
-)
-
-/* Note that the output password hash value should be one of:
- <empty> - no password set, allow login without password
- ! - used to prevent logins
- x - "valid" encrypted password that does not match any valid password
- often used to indicate that the password is defined elsewhere
- other - encrypted password, in crypt(3) format */
-
-func (o *Hackers) Passwd_ByName(cred s.Ucred, req p.Request_Passwd_ByName) <-chan p.Passwd {
- o.lock.RLock()
- ret := make(chan p.Passwd)
- go func() {
- defer o.lock.RUnlock()
- defer close(ret)
-
- uid := o.name2uid(req.Name)
- if uid < 0 {
- return
- }
- passwd := o.users[uid].Passwd
- passwd.PwHash = "x" // only put actual hashes in the Shadow DB
- ret <- passwd
- }()
- return ret
-}
-
-func (o *Hackers) Passwd_ByUID(cred s.Ucred, req p.Request_Passwd_ByUID) <-chan p.Passwd {
- o.lock.RLock()
- ret := make(chan p.Passwd)
- go func() {
- defer o.lock.RUnlock()
- defer close(ret)
-
- user, found := o.users[req.UID]
- if !found {
- return
- }
- passwd := user.Passwd
- passwd.PwHash = "x" // only put actual hashes in the Shadow DB
- ret <- passwd
- }()
- return ret
-}
-
-func (o *Hackers) Passwd_All(cred s.Ucred, req p.Request_Passwd_All) <-chan p.Passwd {
- o.lock.RLock()
- ret := make(chan p.Passwd)
- go func() {
- defer o.lock.RUnlock()
- defer close(ret)
-
- for _, user := range o.users {
- passwd := user.Passwd
- passwd.PwHash = "x" // only put actual hashes in the Shadow DB
- ret <- passwd
- }
- }()
- return ret
-}
diff --git a/src/parabola_hackers/nslcd_backend/db_shadow.go b/src/parabola_hackers/nslcd_backend/db_shadow.go
deleted file mode 100644
index abfff28..0000000
--- a/src/parabola_hackers/nslcd_backend/db_shadow.go
+++ /dev/null
@@ -1,78 +0,0 @@
-// Copyright 2015-2016 Luke Shumaker <lukeshu@sbcglobal.net>.
-//
-// This is free software; you can redistribute it and/or
-// modify it under the terms of the GNU General Public License as
-// published by the Free Software Foundation; either version 2 of
-// the License, or (at your option) any later version.
-//
-// This software is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public
-// License along with this manual; if not, see
-// <http://www.gnu.org/licenses/>.
-
-package hackers_nslcd_backend
-
-import (
- s "syscall"
-
- p "lukeshu.com/git/go/libnslcd.git/proto"
-)
-
-func (o *Hackers) Shadow_ByName(cred s.Ucred, req p.Request_Shadow_ByName) <-chan p.Shadow {
- o.lock.RLock()
- ret := make(chan p.Shadow)
- go func() {
- defer o.lock.RUnlock()
- defer close(ret)
-
- if cred.Uid != 0 {
- return
- }
- uid := o.name2uid(req.Name)
- user := o.users[uid]
- ret <- p.Shadow{
- Name: user.Passwd.Name,
- PwHash: user.Passwd.PwHash,
- LastChangeDate: -1,
- MinDays: -1,
- MaxDays: -1,
- WarnDays: -1,
- InactDays: -1,
- ExpireDate: -1,
- Flag: -1,
- }
- }()
- return ret
-}
-
-func (o *Hackers) Shadow_All(cred s.Ucred, req p.Request_Shadow_All) <-chan p.Shadow {
- o.lock.RLock()
- ret := make(chan p.Shadow)
- go func() {
- defer o.lock.RUnlock()
- defer close(ret)
-
- if cred.Uid != 0 {
- return
- }
-
- for _, user := range o.users {
- ret <- p.Shadow{
- Name: user.Passwd.Name,
- PwHash: user.Passwd.PwHash,
- LastChangeDate: -1,
- MinDays: -1,
- MaxDays: -1,
- WarnDays: -1,
- InactDays: -1,
- ExpireDate: -1,
- Flag: -1,
- }
- }
- }()
- return ret
-}
diff --git a/src/parabola_hackers/nslcd_backend/hackers.go b/src/parabola_hackers/nslcd_backend/hackers.go
deleted file mode 100644
index bb03862..0000000
--- a/src/parabola_hackers/nslcd_backend/hackers.go
+++ /dev/null
@@ -1,122 +0,0 @@
-// Copyright 2015-2016 Luke Shumaker <lukeshu@sbcglobal.net>.
-//
-// This is free software; you can redistribute it and/or
-// modify it under the terms of the GNU General Public License as
-// published by the Free Software Foundation; either version 2 of
-// the License, or (at your option) any later version.
-//
-// This software is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public
-// License along with this manual; if not, see
-// <http://www.gnu.org/licenses/>.
-
-// Package hackers_nslcd_backend is an nslcd_server Backend that
-// speaks to hackers.git.
-package hackers_nslcd_backend
-
-import (
- "parabola_hackers"
- "sync"
-
- nslcd_server "lukeshu.com/git/go/libnslcd.git/proto/server"
- nslcd_systemd "lukeshu.com/git/go/libnslcd.git/systemd"
- "lukeshu.com/git/go/libsystemd.git/sd_daemon/logger"
-)
-
-type config struct {
- Pam_password_prohibit_message string
-}
-
-type Hackers struct {
- nslcd_server.NilBackend
- lock sync.RWMutex
-
- CfgFilename string
-
- cfg config
- users map[int32]parabola_hackers.User
- groups map[string]map[string]bool
-}
-
-var _ nslcd_systemd.Backend = &Hackers{}
-var _ nslcd_server.Backend = &Hackers{}
-
-func (o *Hackers) Init() error {
- logger.Debug("hackers.git: CfgFilename = %v", o.CfgFilename)
- err := o.Reload()
- if err != nil {
- logger.Err("hackers.git: Could not initialize: %v", err)
- return err
- }
- return nil
-}
-
-func (o *Hackers) Close() {
- logger.Info("hackers.git: Closing session")
- o.lock.Lock()
- defer o.lock.Unlock()
-
- o.users = make(map[int32]parabola_hackers.User, 0)
- o.groups = make(map[string]map[string]bool)
-}
-
-func (o *Hackers) Reload() error {
- logger.Info("hackers.git: Loading session")
- o.lock.Lock()
- defer o.lock.Unlock()
-
- var err error
- o.cfg, err = parse_config(o.CfgFilename)
- if err != nil {
- return err
- }
- logger.Info("hackers.git: pam_password_prohibit_message: %#v", o.cfg.Pam_password_prohibit_message)
-
- logger.Debug("hackers.git: Parsing user data")
- o.users, err = parabola_hackers.LoadAllUsers()
- if err != nil {
- return err
- }
-
- passwords, err := parabola_hackers.LoadAllPasswords()
- if err != nil {
- return err
- }
-
- o.groups = make(map[string]map[string]bool)
- for uid, user := range o.users {
- user.Passwd.GID = usersGid
- hash, hasHash := passwords[user.Passwd.Name]
- if !hasHash {
- hash = "!"
- }
- user.Passwd.PwHash = hash
- o.users[uid] = user
- for _, groupname := range user.Groups {
- o.add_user_to_group(user.Passwd.Name, groupname)
- }
- }
- return nil
-}
-
-func (o *Hackers) name2uid(name string) int32 {
- for uid, data := range o.users {
- if data.Passwd.Name == name {
- return uid
- }
- }
- return -1
-}
-
-func (o *Hackers) add_user_to_group(username string, groupname string) {
- group, found := o.groups[groupname]
- if !found {
- group = make(map[string]bool)
- o.groups[groupname] = group
- }
- group[username] = true
-}
diff --git a/src/parabola_hackers/nslcd_backend/util.go b/src/parabola_hackers/nslcd_backend/util.go
deleted file mode 100644
index 4fb28f3..0000000
--- a/src/parabola_hackers/nslcd_backend/util.go
+++ /dev/null
@@ -1,58 +0,0 @@
-// Copyright 2015-2016 Luke Shumaker <lukeshu@sbcglobal.net>.
-//
-// This is free software; you can redistribute it and/or
-// modify it under the terms of the GNU General Public License as
-// published by the Free Software Foundation; either version 2 of
-// the License, or (at your option) any later version.
-//
-// This software is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public
-// License along with this manual; if not, see
-// <http://www.gnu.org/licenses/>.
-
-package hackers_nslcd_backend
-
-import (
- "io/ioutil"
- "os"
-
- yaml "gopkg.in/yaml.v2"
- "lukeshu.com/git/go/libgnulinux.git/getgr"
-)
-
-func name2gid(name string) int32 {
- gr, err := getgr.ByName(name)
- if gr == nil || err != nil {
- return -1
- } else {
- return int32(gr.Gid)
- }
-}
-
-func gid2name(gid int32) (string, bool) {
- gr, err := getgr.ByGid(gid)
- if gr == nil || err != nil {
- return "", false
- } else {
- return gr.Name, true
- }
-}
-
-var usersGid = name2gid("users")
-
-func parse_config(filename string) (cfg config, err error) {
- file, err := os.Open(filename)
- if err != nil {
- return
- }
- contents, err := ioutil.ReadAll(file)
- if err != nil {
- return
- }
- err = yaml.Unmarshal(contents, &cfg)
- return
-}
diff --git a/src/parabola_hackers/passwords.go.in b/src/parabola_hackers/passwords.go.in
deleted file mode 100644
index 0d763b9..0000000
--- a/src/parabola_hackers/passwords.go.in
+++ /dev/null
@@ -1,94 +0,0 @@
-// Copyright 2015-2016 Luke Shumaker <lukeshu@sbcglobal.net>.
-//
-// This is free software; you can redistribute it and/or
-// modify it under the terms of the GNU General Public License as
-// published by the Free Software Foundation; either version 2 of
-// the License, or (at your option) any later version.
-//
-// This software is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public
-// License along with this manual; if not, see
-// <http://www.gnu.org/licenses/>.
-
-package parabola_hackers
-
-import (
- "fmt"
- "io/ioutil"
- "os"
- "sort"
- "strings"
-
- "lukeshu.com/git/go/libgnulinux.git/crypt"
- "lukeshu.com/git/go/libsystemd.git/sd_daemon/logger"
-)
-
-/* Note that the password hash value should be one of:
- <empty> - no password set, allow login without password
- ! - used to prevent logins
- x - "valid" encrypted password that does not match any valid password
- often used to indicate that the password is defined elsewhere
- other - encrypted password, in crypt(3) format */
-
-const shadow_file = "@shadow_file@"
-
-func LoadAllPasswords() (map[string]string, error) {
- file, err := os.Open(shadow_file)
- if err != nil {
- return nil, err
- }
- contents, err := ioutil.ReadAll(file)
- if err != nil {
- return nil, err
- }
- lines := strings.Split(string(contents), "\n")
- passwords := make(map[string]string, len(lines))
- for i, line := range lines {
- cols := strings.SplitN(line, ":", 2)
- if len(cols) != 2 {
- logger.Err("hackers.git %s:%d: malformed line", shadow_file, i+1)
- continue
- }
- username := cols[0]
- hash := cols[1]
- if hash != "!" && !crypt.SaltOk(hash) {
- hash = "!"
- logger.Err("%s:%d: malformed hash for user: %s", shadow_file, i+1, username)
- }
- passwords[username] = hash
- }
- return passwords, nil
-}
-
-func SaveAllPasswords(passwords map[string]string) error {
- usernames := make([]string, len(passwords))
- i := 0
- for username, _ := range passwords {
- usernames[i] = username
- i++
- }
- sort.Strings(usernames)
-
- file, err := os.OpenFile(shadow_file+"-", os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0600)
- if err != nil {
- return err
- }
-
- for _, username := range usernames {
- fmt.Fprintf(file, "%s:%s\n", username, passwords[username])
- }
- err = file.Sync()
- if err != nil {
- return err
- }
- err = file.Close()
- if err != nil {
- return err
- }
-
- return os.Rename(shadow_file+"-", shadow_file)
-}
diff --git a/src/parabola_hackers/users.go.in b/src/parabola_hackers/users.go.in
deleted file mode 100644
index aeda069..0000000
--- a/src/parabola_hackers/users.go.in
+++ /dev/null
@@ -1,141 +0,0 @@
-// Copyright 2015-2016 Luke Shumaker <lukeshu@sbcglobal.net>.
-//
-// This is free software; you can redistribute it and/or
-// modify it under the terms of the GNU General Public License as
-// published by the Free Software Foundation; either version 2 of
-// the License, or (at your option) any later version.
-//
-// This software is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public
-// License along with this manual; if not, see
-// <http://www.gnu.org/licenses/>.
-
-package parabola_hackers
-
-import (
- "fmt"
- "os/exec"
-
- yaml "gopkg.in/yaml.v2"
- nslcd_proto "lukeshu.com/git/go/libnslcd.git/proto"
- "lukeshu.com/git/go/libsystemd.git/sd_daemon/logger"
-)
-
-/* Note that the password hash value should be one of:
- <empty> - no password set, allow login without password
- ! - used to prevent logins
- x - "valid" encrypted password that does not match any valid password
- often used to indicate that the password is defined elsewhere
- other - encrypted password, in crypt(3) format */
-
-type User struct {
- Passwd nslcd_proto.Passwd
- Groups []string
-}
-
-func LoadAllUsers() (users map[int32]User, err error) {
- contents, err := exec.Command("@bindir@/meta-cat").Output()
- if err != nil {
- return
- }
-
- var _data interface{}
- err = yaml.Unmarshal(contents, &_data)
- if err != nil {
- return
- }
-
- data, isMap := _data.(map[interface{}]interface{})
- errs := []string{}
- if !isMap {
- errs = append(errs, "root node is not a map")
- } else {
- users = make(map[int32]User, len(data))
- for _uid, _user := range data {
- uid, isInt := _uid.(int)
- if !isInt {
- errs = append(errs, fmt.Sprintf("UID is not an int: %T ( %#v )", _uid, _uid))
- continue
- }
- user, _err := parseUser(_user)
- if _err != nil {
- errs = append(errs, fmt.Sprintf("Could not parse data for UID %d: %v", uid, _err))
- continue
- }
- user.Passwd.UID = int32(uid)
- logger.Debug("hackers.git: -> User %d(%s) parsed", user.Passwd.UID, user.Passwd.Name)
- users[user.Passwd.UID] = user
- }
- }
- if len(errs) > 0 {
- users = nil
- err = &yaml.TypeError{Errors: errs}
- }
- return
-}
-
-func parseUser(_data interface{}) (ret User, err error) {
- data, isMap := _data.(map[interface{}]interface{})
- errs := []string{}
- if !isMap {
- errs = append(errs, "root node is not a map")
- } else {
- if iface, isSet := data["username"]; !isSet {
- errs = append(errs, "\"username\" is not set")
- } else if str, isTyp := iface.(string); !isTyp {
- errs = append(errs, "\"username\" is not a string")
- } else {
- ret.Passwd.Name = str
- ret.Passwd.HomeDir = "/home/" + str
- }
-
- if iface, isSet := data["fullname"]; !isSet {
- errs = append(errs, "\"fullname\" is not set")
- } else if str, isTyp := iface.(string); !isTyp {
- errs = append(errs, "\"fullname\" is not a string")
- } else {
- ret.Passwd.GECOS = str
- }
-
- if iface, isSet := data["shell"]; !isSet {
- errs = append(errs, "\"shell\" is not set")
- } else if str, isTyp := iface.(string); !isTyp {
- errs = append(errs, "\"shell\" is not a string")
- } else {
- ret.Passwd.Shell = str
- }
-
- if iface, isSet := data["groups"]; !isSet {
- ret.Groups = make([]string, 0)
- } else if ary, isTyp := iface.([]interface{}); !isTyp {
- errs = append(errs, "\"groups\" is not an array")
- } else {
- groups := make(map[string]bool, len(ary))
- e := false
- for _, iface := range ary {
- if str, isTyp := iface.(string); !isTyp {
- errs = append(errs, "\"group\" item is not an array")
- e = true
- break
- } else {
- groups[str] = true
- }
- }
- if !e {
- ret.Groups = Set2list(groups)
- }
- }
- }
- if len(errs) > 0 {
- err = &yaml.TypeError{Errors: errs}
- }
-
- ret.Passwd.PwHash = "x" // look in shadow for the password hash
- ret.Passwd.GID = -1
-
- return
-}
diff --git a/src/parabola_hackers/util.go b/src/parabola_hackers/util.go
deleted file mode 100644
index 9a241db..0000000
--- a/src/parabola_hackers/util.go
+++ /dev/null
@@ -1,47 +0,0 @@
-// Copyright 2015-2016 Luke Shumaker <lukeshu@sbcglobal.net>.
-//
-// This is free software; you can redistribute it and/or
-// modify it under the terms of the GNU General Public License as
-// published by the Free Software Foundation; either version 2 of
-// the License, or (at your option) any later version.
-//
-// This software is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public
-// License along with this manual; if not, see
-// <http://www.gnu.org/licenses/>.
-
-package parabola_hackers
-
-import (
- "crypto/rand"
- "math/big"
-)
-
-func RandomString(alphabet string, n uint) (str string, err error) {
- var alphabet_len = big.NewInt(int64(len(alphabet)))
- var bigint *big.Int
- _str := make([]byte, n)
- for i := 0; i < len(_str); i++ {
- bigint, err = rand.Int(rand.Reader, alphabet_len)
- if err != nil {
- return
- }
- _str[i] = alphabet[bigint.Int64()]
- }
- str = string(_str[:])
- return
-}
-
-func Set2list(set map[string]bool) []string {
- list := make([]string, len(set))
- i := uint(0)
- for item, _ := range set {
- list[i] = item
- i++
- }
- return list
-}