コード例 #1
0
func send(req string, extendTimeout bool) ([]string, error) {
	conn, err := net.DialUnix("unix", nil, &net.UnixAddr{socketPath, "unix"})
	if err != nil {
		return nil, err
	}
	defer conn.Close()
	writeDeadline := time.Now().Add(clientTimeout)
	conn.SetWriteDeadline(writeDeadline)
	_, err = conn.Write([]byte(req))
	if err != nil {
		logger.Errorf("Failed to write request: %v.", err)
		return nil, err
	}
	readDeadline := time.Now().Add(clientTimeout)
	if extendTimeout {
		readDeadline = time.Now().Add(extendedTimeout)
	}
	conn.SetReadDeadline(readDeadline)
	data, err := ioutil.ReadAll(conn)
	if err != nil {
		logger.Errorf("Failed to read response: %v.", err)
		return nil, err
	}
	resp := strings.Split(string(data), "\n")
	err = checkHeader(resp)
	if err != nil {
		logger.Errorf("Request failed: %v.", err)
		return nil, err
	}
	return resp[1:], nil
}
コード例 #2
0
func (s *Server) respond(req string) string {
	parts := strings.Split(req, " ")
	cmd := parts[0]
	args := parts[1:]
	switch cmd {
	case "user_by_name":
		return s.userByName(args)
	case "user_by_uid":
		return s.userByUID(args)
	case "users":
		return s.users()
	case "group_by_name":
		return s.groupByName(args)
	case "group_by_gid":
		return s.groupByGID(args)
	case "groups":
		return s.groups()
	case "names":
		return s.names()
	case "is_name":
		return s.isName(args)
	case "keys":
		return s.authorizedKeys(args)
	default:
		logger.Errorf("Invalid request: %v.", req)
		return "400"
	}
}
コード例 #3
0
func (s *Server) handle(conn net.Conn) {
	defer conn.Close()
	deadline := time.Now().Add(serverTimeout)
	conn.SetReadDeadline(deadline)
	data := make([]byte, maxRequestSize)
	n, err := conn.Read(data)
	if err != nil {
		logger.Errorf("Failed to read request: %v.", err)
		return
	}
	resp := s.respond(string(data[:n]))
	deadline = time.Now().Add(serverTimeout)
	conn.SetWriteDeadline(deadline)
	_, err = conn.Write([]byte(resp))
	if err != nil {
		logger.Errorf("Failed to write response: %v.", err)
	}
}
コード例 #4
0
func (s *Server) groupByGID(args []string) string {
	gid, err := parseID(args)
	if err != nil {
		logger.Errorf("Invalid GID for group: %v.", err)
		return "400"
	}
	logger.Infof("Getting group by GID: %v.", gid)
	group, err := s.Provider.GroupByGID(gid)
	if err != nil {
		return marshalError(err)
	}
	return fmt.Sprintf("200\n%v", marshalGroup(group))
}
コード例 #5
0
func (s *Server) groupByName(args []string) string {
	name, err := parseName(args)
	if err != nil {
		logger.Errorf("Invalid name for group: %v.", err)
		return "400"
	}
	logger.Infof("Getting group by name: %v.", name)
	group, err := s.Provider.GroupByName(name)
	if err != nil {
		return marshalError(err)
	}
	return fmt.Sprintf("200\n%v", marshalGroup(group))
}
コード例 #6
0
func (s *Server) userByUID(args []string) string {
	uid, err := parseID(args)
	if err != nil {
		logger.Errorf("Invalid UID for user: %v.", err)
		return "400"
	}
	logger.Infof("Getting user by UID: %v.", uid)
	user, err := s.Provider.UserByUID(uid)
	if err != nil {
		return marshalError(err)
	}
	return fmt.Sprintf("200\n%v", marshalUser(user))
}
コード例 #7
0
func (s *Server) userByName(args []string) string {
	name, err := parseName(args)
	if err != nil {
		logger.Errorf("Invalid name for user: %v.", err)
		return "400"
	}
	logger.Infof("Getting user by name: %v.", name)
	user, err := s.Provider.UserByName(name)
	if err != nil {
		return marshalError(err)
	}
	return fmt.Sprintf("200\n%v", marshalUser(user))
}
コード例 #8
0
func (s *Server) isName(args []string) string {
	name, err := parseName(args)
	if err != nil {
		logger.Errorf("Invalid name: %v.", err)
		return "400"
	}
	logger.Infof("Checking name: %v.", name)
	is, err := s.Provider.IsName(name)
	if err != nil {
		return marshalError(err)
	} else if is {
		logger.Info("Valid name.")
		return "200"
	} else {
		logger.Info("Invalid name.")
		return "404"
	}
}
コード例 #9
0
func (s *Server) authorizedKeys(args []string) string {
	username, err := parseName(args)
	if err != nil {
		logger.Errorf("Invalid username for keys: %v.", err)
		return "400"
	}
	logger.Infof("Getting keys for user: %v.", username)
	keys, err := s.Provider.AuthorizedKeys(username)
	if err != nil {
		return marshalError(err)
	}
	var buf bytes.Buffer
	buf.WriteString("200")
	for _, k := range keys {
		buf.WriteString("\n")
		buf.WriteString(k)
	}
	return buf.String()
}
コード例 #10
0
func updateAccounts(s *cachingStore) {
	users, groups, err := s.apiClient.UsersAndGroups()
	if err != nil {
		logger.Errorf("Failed refresh: %v.", err)
		return
	}
	s.Lock()
	defer s.Unlock()
	oldUsers := s.usersByName
	s.usersByName = make(map[string]*cachedUser)
	s.usersByUID = make(map[uint32]*cachedUser)
	s.groupsByName = make(map[string]*accounts.Group)
	s.groupsByGID = make(map[uint32]*accounts.Group)
	for _, u := range users {
		user := &accounts.User{
			Name:          u.Username,
			UID:           uint32(u.Uid),
			GID:           uint32(u.Gid),
			Gecos:         u.Gecos,
			HomeDirectory: u.HomeDirectory,
			Shell:         u.Shell,
		}
		cu := &cachedUser{user: user}
		if old, ok := oldUsers[user.Name]; ok {
			cu.keyRefreshTime = old.keyRefreshTime
			cu.keys = old.keys
			cu.sudoer = old.sudoer
		}
		s.usersByName[user.Name] = cu
		s.usersByUID[user.UID] = cu
	}
	for _, g := range groups {
		group := &accounts.Group{
			Name:    g.GroupName,
			GID:     uint32(g.Gid),
			Members: g.Members,
		}
		s.groupsByName[group.Name] = group
		s.groupsByGID[group.GID] = group
	}
	logger.Info("Refreshing users and groups succeeded.")
}
コード例 #11
0
// Serve begins serving accounts information through a socket forever.
func (s *Server) Serve() error {
	os.Remove(socketPath)
	sock, err := net.ListenUnix("unix", &net.UnixAddr{socketPath, "unix"})
	if err != nil {
		return err
	}
	// Make the socket readable and writeable by all.
	os.Chmod(socketPath, os.ModePerm)
	listeningCallback()
	logger.Infof("Listening for connections at %v.", socketPath)
	for {
		conn, err := sock.Accept()
		if err != nil {
			logger.Errorf("Failed to accept connection: %v.", err)
			continue
		}
		logger.Info("Accepted connection.")
		go s.handle(conn)
	}
}
コード例 #12
0
func updateKeys(s *cachingStore) {
	type update struct {
		name string
		view *cua.AuthorizedKeysView
		err  error
		time time.Time
	}
	ch := make(chan update)
	workers := 0
	for _, name := range keysRequiringRefresh(s) {
		go func(n string) {
			view, err := s.apiClient.AuthorizedKeys(n)
			ch <- update{n, view, err, timeNow()}
		}(name)
		workers += 1
	}
	refreshedKeys := make([]update, workers)
	for workers != 0 {
		up := <-ch
		workers -= 1
		if up.err != nil {
			logger.Errorf("Failed key refresh for %v: %v.", up.name, up.err)
			continue
		}
		logger.Infof("Refreshed keys for %v.", up.name)
		refreshedKeys = append(refreshedKeys, up)
	}
	s.Lock()
	defer s.Unlock()
	for _, rk := range refreshedKeys {
		if cu, ok := s.usersByName[rk.name]; ok {
			cu.keys = rk.view.Keys
			cu.sudoer = rk.view.Sudoer
			cu.keyRefreshTime = rk.time
		}
	}
	refreshCallback(s.config)
}