summaryrefslogtreecommitdiff
path: root/go/src/nshd/nslcd_backend/hackers.go
blob: 44107b2b3c21d321b1bd31a7b6b22c75da3bbf04 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
// Copyright 2015-2016 Luke Shumaker <lukeshu@sbcglobal.net>.
//
// This is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License as
// published by the Free Software Foundation; either version 2 of
// the License, or (at your option) any later version.
//
// This software is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public
// License along with this manual; if not, see
// <http://www.gnu.org/licenses/>.

// Package nslcd_backend is an nslcd_server Backend that
// speaks to hackers.git.
package nslcd_backend

import (
	"fmt"
	"sync"

	"nshd/nshd_files"

	"git.lukeshu.com/go/libnslcd/nslcd_server"
	"git.lukeshu.com/go/libnslcd/nslcd_systemd"
	"git.lukeshu.com/go/libsystemd/sd_daemon"
)

type config struct {
	Pam_password_prohibit_message string
}

type Hackers struct {
	nslcd_server.NilBackend
	lock sync.RWMutex

	CfgFilename string

	cfg    config
	users  map[int32]nshd_files.User
	groups map[string]map[string]bool
}

var _ nslcd_systemd.Backend = &Hackers{}
var _ nslcd_server.Backend = &Hackers{}

func (o *Hackers) Init() error {
	sd_daemon.Log.Debug(fmt.Sprintf("hackers.git: CfgFilename = %v", o.CfgFilename))
	err := o.Reload()
	if err != nil {
		sd_daemon.Log.Err(fmt.Sprintf("hackers.git: Could not initialize: %v", err))
		return err
	}
	return nil
}

func (o *Hackers) Close() {
	sd_daemon.Log.Info("hackers.git: Closing session")
	o.lock.Lock()
	defer o.lock.Unlock()

	o.users = make(map[int32]nshd_files.User, 0)
	o.groups = make(map[string]map[string]bool)
}

func (o *Hackers) Reload() error {
	sd_daemon.Log.Info("hackers.git: Loading session")
	o.lock.Lock()
	defer o.lock.Unlock()

	var err error
	o.cfg, err = parse_config(o.CfgFilename)
	if err != nil {
		return err
	}
	sd_daemon.Log.Info(fmt.Sprintf("hackers.git: pam_password_prohibit_message: %#v", o.cfg.Pam_password_prohibit_message))

	sd_daemon.Log.Debug("hackers.git: Parsing user data")
	o.users, err = nshd_files.LoadAllUsers()
	if err != nil {
		return err
	}

	passwords, err := nshd_files.LoadAllPasswords()
	if err != nil {
		return err
	}

	o.groups = make(map[string]map[string]bool)
	for uid, user := range o.users {
		user.Passwd.GID = usersGid
		hash, hasHash := passwords[user.Passwd.Name]
		if !hasHash {
			hash = "!"
		}
		user.Passwd.PwHash = hash
		o.users[uid] = user
		for _, groupname := range user.Groups {
			o.add_user_to_group(user.Passwd.Name, groupname)
		}
	}
	return nil
}

func (o *Hackers) name2uid(name string) int32 {
	for uid, data := range o.users {
		if data.Passwd.Name == name {
			return uid
		}
	}
	return -1
}

func (o *Hackers) add_user_to_group(username string, groupname string) {
	group, found := o.groups[groupname]
	if !found {
		group = make(map[string]bool)
		o.groups[groupname] = group
	}
	group[username] = true
}