Example #1
1
func authInit() {
	os.MkdirAll(path.Join(common.BaseDir, "auth"), 0755)
	err := os.RemoveAll(path.Join(common.BaseDir, "auth", "secure"))
	if err != nil {
		log.Printf("Failed to clean out the secure directory. %v\n", err)
		os.Exit(-1)
	}
	err = os.RemoveAll(path.Join(common.BaseDir, "auth", "user"))
	if err != nil {
		log.Printf("Failed to clean out the user directory. %v\n", err)
		os.Exit(-1)
	}
	os.MkdirAll(path.Join(common.BaseDir, "auth", "user"), 0755)
	os.MkdirAll(path.Join(common.BaseDir, "auth", "secure"), 0700)
	if common.System && platform.PlatformGet() == platform.Windows {
		err = common.Cacls(path.Join(common.BaseDir, "auth", "secure"), "/p", "NT AUTHORITY\\SYSTEM:f", "BUILTIN\\Administrators:F")
		if err != nil {
			log.Printf("Failed to run cacls %v\n", err)
			os.Exit(-1)
		}
		err = common.Cacls(path.Join(common.BaseDir, "auth", "user"), "/p", "NT AUTHORITY\\SYSTEM:f", "BUILTIN\\Users:r", "BUILTIN\\Administrators:F")
		if err != nil {
			log.Printf("Failed to run cacls on auth user %v\n", err)
			os.Exit(-1)
		}
	}
}
func configInit() {
	t, err := template.ParseFiles(filepath.Join(common.UiDirGet(), "config.html"))
	if err != nil {
		log.Printf("config.html parse failed %v\n", err)
		return
	} else {
		configTemplate = t
	}

	configChannel = make(chan configRequest)

	ConfigRun()

	web.ServMux.Handle("/config/", http.RedirectHandler("/ui/config.html", http.StatusMovedPermanently))
	web.ServMux.HandleFunc("/config/all/", configHandle)

	os.MkdirAll(filepath.Join(common.BaseDir, "config"), 0700)
	if common.System && platform.PlatformGet() == platform.Windows {
		err = common.Cacls(filepath.Join(common.BaseDir, "config"), "/p", "NT AUTHORITY\\SYSTEM:f", "BUILTIN\\Administrators:F")
		if err != nil {
			log.Printf("Failed to run cacls %v\n", err)
			os.Exit(-1)
		}
	}

	processConfig()
	m.updatePaths(&allConfigs)
}
Example #3
0
func (store *AuthStore) GetFile(user string) (string, string) {
	store.mutex.Lock()
	defer store.mutex.Unlock()
	var upath string
	passwd := store.user2pass[user]
	if passwd != "" {
		upath = store.getFinalFilename(user)
	} else {
		buffer := make([]byte, 33, 33)
		spath := store.getProtectedFilename(user)
		upath = store.getFinalFilename(user)
		file, err := os.OpenFile(spath, os.O_RDWR|os.O_CREATE, 0600)
		if err != nil {
			log.Printf("Error writing user auth file. %v\n", err)
		} else {
			_, err := rand.Read(buffer)
			if err != nil {
				log.Println("Error on random.", err)
			}
			passwd = base64.StdEncoding.EncodeToString(buffer)
			file.Write([]byte(passwd + "\n"))
			store.user2pass[user] = passwd
			file.Close()
			uid, err := strconv.Atoi(user)
			if err != nil {
				//FIXME
			}
			if common.System {
				switch platform.PlatformGet() {
				case platform.Windows:
					//TODO - remove??? NGT 2/19/2012
					//err = common.Cacls(spath, "/p", "NT AUTHORITY\\SYSTEM:f", user + ":r", "BUILTIN\\Administrators:F")
					user = strings.TrimSpace(user)
					err = common.Cacls(spath, "/p", "NT AUTHORITY\\SYSTEM:f", user+":r", "BUILTIN\\Administrators:F")
				case platform.Linux:
					//FIXME validate username
					cmd := exec.Command("setfacl", "-m", "user:"******":r", spath)
					err = cmd.Run()
				case platform.Darwin:
					log.Panic("Darwin not yet supported")
				default:
					log.Panic("%v+ not yet supported", runtime.GOOS)
				}
				if err != nil {
					log.Printf("Error %v |%s|\n", err, user)
					return "", ""
				}
			}
			if platform.PlatformGet() == platform.Windows {
				err = os.Remove(upath)
			}
			err = os.Rename(spath, upath)
			if err != nil {
				log.Println("Error %v", err)
			}
		}
	}
	return upath, passwd
}
func createDatabaseDir() {
	dir := common.StateDir
	os.MkdirAll(dir, 0700)
	if common.System && platform.PlatformGet() == platform.Windows {
		err := common.Cacls(dir, "/p", "NT AUTHORITY\\SYSTEM:f", "BUILTIN\\Administrators:F")
		if err != nil {
			log.Panic("Failed to run cacls %v\n", err)
		}
	}
}
func credsInit() *CredsManager {
	cm := &CredsManager{}
	cm.userCreds = make(map[string]*pacificaauth.Auth)
	cm.outage = make(map[string]*time.Time)
	web.ServMux.HandleFunc("/passcreds/", func(w http.ResponseWriter, req *http.Request) { passcredsHandle(cm, w, req) })
	web.ServMux.HandleFunc("/status/xml/", func(w http.ResponseWriter, req *http.Request) { statusXmlHandle(cm, w, req) })
	os.MkdirAll(filepath.Join(common.BaseDir, "auth", "creds"), 0700)
	err := os.RemoveAll(filepath.Join(common.BaseDir, "auth", "tmpcreds"))
	if err != nil {
		log.Printf("Failed to clean out the tmpcreds directory. %v\n", err)
		os.Exit(-1)
	}
	os.MkdirAll(filepath.Join(common.BaseDir, "auth", "tmpcreds"), 0700)
	if common.System && platform.PlatformGet() == platform.Windows {
		err = common.Cacls(filepath.Join(common.BaseDir, "auth", "creds"), "/p", "NT AUTHORITY\\SYSTEM:f", "BUILTIN\\Administrators:F")
		if err != nil {
			log.Printf("Failed to run cacls %v\n", err)
			os.Exit(-1)
		}
		err = common.Cacls(filepath.Join(common.BaseDir, "auth", "tmpcreds"), "/p", "NT AUTHORITY\\SYSTEM:f", "BUILTIN\\Administrators:F")
		if err != nil {
			log.Printf("Failed to run cacls %v\n", err)
			os.Exit(-1)
		}
	}
	creds, err := filepath.Glob(filepath.Join(common.BaseDir, "auth", "creds", "*"))
	if err == nil {
		for _, credfile := range creds {
			user := common.FsDecodeUser(credfile)
			if user != "" {
				file, err := os.Open(credfile)
				if err == nil {
					auth := pacificaauth.NewAuth(file)
					if auth != nil {
						log.Printf("Found cred file. %v %v\n", credfile, user)
						cm.userCreds[user] = auth
					}
				}
			}
		}
	}
	return cm
}
func bundlerInit() {
	os.MkdirAll(filepath.Join(common.BaseDir, "bundles"), 0755)
	err := os.RemoveAll(filepath.Join(common.BaseDir, "bundles", "inprogress"))
	if err != nil {
		log.Printf("Failed to clean out the inprogress. %v\n", err)
		os.Exit(-1)
	}
	os.MkdirAll(filepath.Join(common.BaseDir, "bundles", "inprogress"), 0755)
	if common.System && platform.PlatformGet() == platform.Windows {
		err = common.Cacls(filepath.Join(common.BaseDir, "bundles", "inprogress"), "/p", "NT AUTHORITY\\SYSTEM:f", "BUILTIN\\Users:r", "BUILTIN\\Administrators:F")
		if err != nil {
			log.Printf("Failed to run cacls %v\n", err)
			os.Exit(-1)
		}
	}
}
func bundlerNew(bm *BundleManager) *bundler {
	self := &bundler{bm: bm, wake: sync.NewCond(&sync.Mutex{})}
	err := bm.BundleStateChangeWatchSet(BundleState_ToBundle, func(user string, bundle_id int, state BundleState) { self.Wakeup() })
	if err != nil {
		log.Printf("Failed to register wakeup callback with the bundle manager.")
		return nil
	}
	go func() {
		for {
			found := false
			ids, err := self.bm.bundleIdsForStateGet(BundleState_ToBundle)
			if err == nil && ids != nil {
				for user, list := range ids {
					for _, id := range list {
						log.Printf("Got bundles %v %v\n", user, id)
						bundle_filename := filepath.Join(common.BaseDir, "bundles", "inprogress", strconv.Itoa(id)+".tar")
						file, err := os.Create(bundle_filename)
						if err != nil {
							log.Printf("Could not open temp file. %v", err)
							continue
						}
						file.Close()
						if common.System {
							if platform.PlatformGet() == platform.Linux {
								cmd := exec.Command("setfacl", "-m", "user:"******":rw", bundle_filename)
								err = cmd.Run()
								if err != nil {
									log.Printf("Failed to set acl on bundle. %v\n", err)
									continue
								}
							} else if platform.PlatformGet() == platform.Windows {
								//TODO - remove or fix so that permissions are set for system user only.
								/*userstr := common.UserdDefaultUsername() + ":C"
								err = common.Cacls(bundle_filename, "/p", "NT AUTHORITY\\SYSTEM:f", userstr, "BUILTIN\\Administrators:F")
								if err != nil {
									log.Printf("Failed to run cacls %v\n", err)
									continue
								}*/
							}
						}
						err = bundleFiles(bundle_filename, user, id)
						if err != nil {
							continue
						}
						var newstate BundleState
						metadata_filename := filepath.Join(common.BaseDir, "bundles", "inprogress", strconv.Itoa(id)+".txt")
						file, err = os.Create(metadata_filename)
						if err != nil {
							log.Printf("Could not open temp file. %v", err)
							continue
						} else {
							err = writeMetadata(self.bm, user, id, file)
							file.Close()
							if err != nil {
								continue
							}
							_, _, fe, _, err := common.UserBundleFile(user, bundle_filename, metadata_filename, "metadata.txt")
							if err != nil || rpc.BundleFileErrorIsError(fe) {
								log.Printf("Failed to add metadata to bundle. %v", err)
								continue
							}
							newstate = BundleState_ToUpload
						}
						if common.System {
							if platform.PlatformGet() == platform.Linux {
								cmd := exec.Command("setfacl", "-x", "user:"******"Failed to remove acl on bundle. %v\n", err)
									continue
								}
							} else if platform.PlatformGet() == platform.Windows {
								err = common.Cacls(bundle_filename, "/p", "NT AUTHORITY\\SYSTEM:f", "BUILTIN\\Administrators:F")
								if err != nil {
									log.Printf("Failed to run cacls %v\n", err)
									continue
								}
							}
						}
						bundle_new_filename := filepath.Join(common.BaseDir, "bundles", strconv.Itoa(id)+".tar")
						os.Remove(bundle_new_filename)
						err = os.Rename(bundle_filename, bundle_new_filename)
						if err != nil {
							log.Printf("Failed to rename bundle. %v\n", err)
							continue
						}
						err = bm.bundleStringSet(user, id, "bundle_location", bundle_new_filename)
						if err != nil {
							log.Printf("Failed to set bundle location. %v\n", err)
							continue
						}
						err = bm.BundleStateSet(user, id, newstate)
						if err != nil {
							log.Printf("Failed to transition bundle from bundling to upload. %v\n", err)
							continue
						}
						found = true
					}
				}
			}
			if found == false {
				self.wake.L.Lock()
				count, err := self.bm.bundleIdsForStateCount(BundleState_ToBundle)
				if err == nil && count < 1 {
					self.wake.Wait()
				}
				self.wake.L.Unlock()
			}
		}
	}()
	return self
}