Пример #1
1
func authInit() {
	os.MkdirAll(path.Join(common.BaseDir, "auth"), 0755)
	err := os.RemoveAll(path.Join(common.BaseDir, "auth", "secure"))
	if err != nil {
		log.Printf("Failed to clean out the secure directory. %v\n", err)
		os.Exit(-1)
	}
	err = os.RemoveAll(path.Join(common.BaseDir, "auth", "user"))
	if err != nil {
		log.Printf("Failed to clean out the user directory. %v\n", err)
		os.Exit(-1)
	}
	os.MkdirAll(path.Join(common.BaseDir, "auth", "user"), 0755)
	os.MkdirAll(path.Join(common.BaseDir, "auth", "secure"), 0700)
	if common.System && platform.PlatformGet() == platform.Windows {
		err = common.Cacls(path.Join(common.BaseDir, "auth", "secure"), "/p", "NT AUTHORITY\\SYSTEM:f", "BUILTIN\\Administrators:F")
		if err != nil {
			log.Printf("Failed to run cacls %v\n", err)
			os.Exit(-1)
		}
		err = common.Cacls(path.Join(common.BaseDir, "auth", "user"), "/p", "NT AUTHORITY\\SYSTEM:f", "BUILTIN\\Users:r", "BUILTIN\\Administrators:F")
		if err != nil {
			log.Printf("Failed to run cacls on auth user %v\n", err)
			os.Exit(-1)
		}
	}
}
Пример #2
0
func (store *AuthStore) GetFile(user string) (string, string) {
	store.mutex.Lock()
	defer store.mutex.Unlock()
	var upath string
	passwd := store.user2pass[user]
	if passwd != "" {
		upath = store.getFinalFilename(user)
	} else {
		buffer := make([]byte, 33, 33)
		spath := store.getProtectedFilename(user)
		upath = store.getFinalFilename(user)
		file, err := os.OpenFile(spath, os.O_RDWR|os.O_CREATE, 0600)
		if err != nil {
			log.Printf("Error writing user auth file. %v\n", err)
		} else {
			_, err := rand.Read(buffer)
			if err != nil {
				log.Println("Error on random.", err)
			}
			passwd = base64.StdEncoding.EncodeToString(buffer)
			file.Write([]byte(passwd + "\n"))
			store.user2pass[user] = passwd
			file.Close()
			uid, err := strconv.Atoi(user)
			if err != nil {
				//FIXME
			}
			if common.System {
				switch platform.PlatformGet() {
				case platform.Windows:
					//TODO - remove??? NGT 2/19/2012
					//err = common.Cacls(spath, "/p", "NT AUTHORITY\\SYSTEM:f", user + ":r", "BUILTIN\\Administrators:F")
					user = strings.TrimSpace(user)
					err = common.Cacls(spath, "/p", "NT AUTHORITY\\SYSTEM:f", user+":r", "BUILTIN\\Administrators:F")
				case platform.Linux:
					//FIXME validate username
					cmd := exec.Command("setfacl", "-m", "user:"******":r", spath)
					err = cmd.Run()
				case platform.Darwin:
					log.Panic("Darwin not yet supported")
				default:
					log.Panic("%v+ not yet supported", runtime.GOOS)
				}
				if err != nil {
					log.Printf("Error %v |%s|\n", err, user)
					return "", ""
				}
			}
			if platform.PlatformGet() == platform.Windows {
				err = os.Remove(upath)
			}
			err = os.Rename(spath, upath)
			if err != nil {
				log.Println("Error %v", err)
			}
		}
	}
	return upath, passwd
}
Пример #3
0
func authHandle(w http.ResponseWriter, req *http.Request) {
	c := strings.Count(req.URL.Path, "/")
	l := len(req.URL.Path)
	if c == 2 || (c == 3 && req.URL.Path[l-1:l] == "/" && req.URL.Path[l-2:l-1] != "/") {
		ss := strings.Split(req.URL.Path, "/")
		user := ss[2]
		if user == "" {
			w.WriteHeader(http.StatusBadRequest)
		} else {
			switch platform.PlatformGet() {
			case platform.Windows:
				if strings.Index(user, ":") != -1 {
					w.WriteHeader(http.StatusBadRequest)
				} else {
					path, _ := authStore.GetFile(strings.ToLower(user))
					w.Write([]byte(path + "\n"))
				}
			case platform.Linux:
				path, _ := authStore.GetFile(user)
				w.Write([]byte(path + "\n"))
			case platform.Darwin:
				log.Panic("Darwin not yet supported")
			default:
				log.Panic("%v+ not yet supported", runtime.GOOS)
			}
		}
	} else {
		w.WriteHeader(http.StatusBadRequest)
	}
}
func (self *UserConfig) Save(filename string) error {
	j, err := json.Marshal(self)
	if err != nil {
		return err
	}

	buff := new(bytes.Buffer)
	json.Indent(buff, j, "", "\t")

	file, err := os.Create(filename + ".new")
	if err != nil {
		return err
	}

	_, err = file.Write(buff.Bytes())
	if err != nil {
		return err
	}
	file.Close()

	if platform.PlatformGet() == platform.Windows {
		os.Remove(filename)
	}
	if err := os.Rename(filename+".new", filename); err != nil {
		log.Printf("Failed to rename %s, error %v", filename, err)
		return err
	}

	return nil
}
func configInit() {
	t, err := template.ParseFiles(filepath.Join(common.UiDirGet(), "config.html"))
	if err != nil {
		log.Printf("config.html parse failed %v\n", err)
		return
	} else {
		configTemplate = t
	}

	configChannel = make(chan configRequest)

	ConfigRun()

	web.ServMux.Handle("/config/", http.RedirectHandler("/ui/config.html", http.StatusMovedPermanently))
	web.ServMux.HandleFunc("/config/all/", configHandle)

	os.MkdirAll(filepath.Join(common.BaseDir, "config"), 0700)
	if common.System && platform.PlatformGet() == platform.Windows {
		err = common.Cacls(filepath.Join(common.BaseDir, "config"), "/p", "NT AUTHORITY\\SYSTEM:f", "BUILTIN\\Administrators:F")
		if err != nil {
			log.Printf("Failed to run cacls %v\n", err)
			os.Exit(-1)
		}
	}

	processConfig()
	m.updatePaths(&allConfigs)
}
func createDatabaseDir() {
	dir := common.StateDir
	os.MkdirAll(dir, 0700)
	if common.System && platform.PlatformGet() == platform.Windows {
		err := common.Cacls(dir, "/p", "NT AUTHORITY\\SYSTEM:f", "BUILTIN\\Administrators:F")
		if err != nil {
			log.Panic("Failed to run cacls %v\n", err)
		}
	}
}
Пример #7
0
func userdInit() {
	userd = make(map[string]*rpc.Client)
	if System == false || platform.PlatformGet() != platform.Linux {
		var err error
		userd_fallback, err = userdSpawn("")
		if err != nil {
			log.Printf("Failed to get default userd. %v\n", err)
			os.Exit(1)
		}
	}
}
Пример #8
0
func bundlerInit() {
	os.MkdirAll(filepath.Join(common.BaseDir, "bundles"), 0755)
	err := os.RemoveAll(filepath.Join(common.BaseDir, "bundles", "inprogress"))
	if err != nil {
		log.Printf("Failed to clean out the inprogress. %v\n", err)
		os.Exit(-1)
	}
	os.MkdirAll(filepath.Join(common.BaseDir, "bundles", "inprogress"), 0755)
	if common.System && platform.PlatformGet() == platform.Windows {
		err = common.Cacls(filepath.Join(common.BaseDir, "bundles", "inprogress"), "/p", "NT AUTHORITY\\SYSTEM:f", "BUILTIN\\Users:r", "BUILTIN\\Administrators:F")
		if err != nil {
			log.Printf("Failed to run cacls %v\n", err)
			os.Exit(-1)
		}
	}
}
Пример #9
0
func userdForUserGet(user string) (*rpc.Client, error) {
	if System && platform.PlatformGet() == platform.Linux {
		mutex.Lock()
		defer mutex.Unlock()
		if userd[user] != nil {
			return userd[user], nil
		}
		tmpuserd, err := userdSpawn(user)
		if err != nil {
			return nil, err
		}
		userd[user] = tmpuserd
		return tmpuserd, nil
	}
	if userd_fallback == nil {
		return nil, errors.New("Bad userd")
	}
	return userd_fallback, nil
}
Пример #10
0
func credsInit() *CredsManager {
	cm := &CredsManager{}
	cm.userCreds = make(map[string]*pacificaauth.Auth)
	cm.outage = make(map[string]*time.Time)
	web.ServMux.HandleFunc("/passcreds/", func(w http.ResponseWriter, req *http.Request) { passcredsHandle(cm, w, req) })
	web.ServMux.HandleFunc("/status/xml/", func(w http.ResponseWriter, req *http.Request) { statusXmlHandle(cm, w, req) })
	os.MkdirAll(filepath.Join(common.BaseDir, "auth", "creds"), 0700)
	err := os.RemoveAll(filepath.Join(common.BaseDir, "auth", "tmpcreds"))
	if err != nil {
		log.Printf("Failed to clean out the tmpcreds directory. %v\n", err)
		os.Exit(-1)
	}
	os.MkdirAll(filepath.Join(common.BaseDir, "auth", "tmpcreds"), 0700)
	if common.System && platform.PlatformGet() == platform.Windows {
		err = common.Cacls(filepath.Join(common.BaseDir, "auth", "creds"), "/p", "NT AUTHORITY\\SYSTEM:f", "BUILTIN\\Administrators:F")
		if err != nil {
			log.Printf("Failed to run cacls %v\n", err)
			os.Exit(-1)
		}
		err = common.Cacls(filepath.Join(common.BaseDir, "auth", "tmpcreds"), "/p", "NT AUTHORITY\\SYSTEM:f", "BUILTIN\\Administrators:F")
		if err != nil {
			log.Printf("Failed to run cacls %v\n", err)
			os.Exit(-1)
		}
	}
	creds, err := filepath.Glob(filepath.Join(common.BaseDir, "auth", "creds", "*"))
	if err == nil {
		for _, credfile := range creds {
			user := common.FsDecodeUser(credfile)
			if user != "" {
				file, err := os.Open(credfile)
				if err == nil {
					auth := pacificaauth.NewAuth(file)
					if auth != nil {
						log.Printf("Found cred file. %v %v\n", credfile, user)
						cm.userCreds[user] = auth
					}
				}
			}
		}
	}
	return cm
}
Пример #11
0
func Init() {
	log.Println("Common subsystem init.")

	if System && BaseDir == DefaultBaseDirGet() {
		BaseDir = DefaultSystemBaseDirGet()
	}
//FIXME Old migration code. Remove someday.
	oldname := strings.Replace(BaseDir, "pacifica", "myemsl", -1)
	oldname = strings.Replace(oldname, "Pacifica", "MyEMSL", -1)
	fi, err := os.Stat(oldname)
	if err == nil && fi.IsDir() {
		fi, err := os.Stat(oldname)
		if err != nil {
			log.Printf("This system needs to be migrated but cant. Error %v.\n", err)
			os.Exit(-1)
		}
		if !fi.IsDir() {
			log.Printf("This system needs to be migrated but cant. Error %v.\n", err)
			os.Exit(-1)
		}
		file, err := os.Open(oldname)
		if err != nil {
			log.Printf("This system needs to be migrated but cant. Error %v.\n", err)
			os.Exit(-1)
		}
		os.MkdirAll(BaseDir, 0755)
		names, err := file.Readdirnames(-1)
		if err != nil {
			log.Printf("This system needs to be migrated but cant. Error %v.\n", err)
			os.Exit(-1)
		}
		for _, n := range names {
			err = os.Rename(filepath.Join(oldname, n), filepath.Join(BaseDir, n))
			if err != nil {
				log.Printf("This system needs to be migrated but cant. Error %v.\n", err)
				os.Exit(-1)
			}
		}
		err = os.Remove(oldname)
		if err != nil {
			log.Printf("This system needs to be migrated but cant. Error %v.\n", err)
			os.Exit(-1)
		}
	}
//FIXME End of old migration code.
	os.MkdirAll(BaseDir, 0755)
	setupLogger(LogDirGet())
	StateDir = filepath.Join(BaseDir, "state")
	os.MkdirAll(StateDir, 0700)
	os.MkdirAll(filepath.Join(BaseDir, "auth"), 0755)
	if System && platform.PlatformGet() == platform.Windows {
		err := Cacls(BaseDir, "/p", "NT AUTHORITY\\SYSTEM:f", "BUILTIN\\Users:r", "BUILTIN\\Administrators:F")
		if err != nil {
			log.Printf("Failed to run cacls %v\n", err)
			os.Exit(-1)
		}
	}
	if System && platform.PlatformGet() == platform.Windows {
		err := Cacls(StateDir, "/p", "NT AUTHORITY\\SYSTEM:f", "BUILTIN\\Administrators:F")
		if err != nil {
			log.Printf("Failed to run cacls %v\n", err)
			os.Exit(-1)
		}
	}
	_, err = os.Stat(BaseDir)
	if err != nil {
		log.Printf("The specified basedir is not valid, %v\n", err)
	}
	VersionCheckerInit()
	userdInit()
	uuidInit()
	log.Printf("Got uuid %s\n", Uuid)
}
Пример #12
0
func passcredsHandle(cm *CredsManager, w http.ResponseWriter, req *http.Request) {
	if web.AuthCheck(w, req) {
		if req.Method != "PUT" {
			w.WriteHeader(http.StatusMethodNotAllowed)
		} else {
			file, err := ioutil.TempFile(filepath.Join(common.BaseDir, "auth", "tmpcreds"), "creds")
			if err != nil {
				//FIXME what to return here?
				w.WriteHeader(http.StatusBadRequest)
				return
			}
			var buffer [BUFFSIZE]byte
			total := 0
			for {
				num, err := req.Body.Read(buffer[:])
				if (err != nil && err != io.EOF) || num < 0 {
					w.WriteHeader(http.StatusBadRequest)
					log.Printf("Failed to read during pass creds. %v %v", file.Name(), err)
					file.Close()
					os.Remove(file.Name())

					return
				}
				if num == 0 {
					break
				}
				total += num
				if total > MAXCRED {
					w.WriteHeader(http.StatusBadRequest)
					log.Printf("Cred call too big.")
					file.Close()
					os.Remove(file.Name())
					return
				}
				_, err = file.Write(buffer[0:num])
				if err != nil {
					//FIXME what to return here?
					w.WriteHeader(http.StatusBadRequest)
					log.Printf("Failed to write to temp cred file. %v\n", err)
					file.Close()
					os.Remove(file.Name())
					return
				}
			}
			_, err = file.Seek(0, 0)
			if err != nil {
				//FIXME what to return here?
				w.WriteHeader(http.StatusBadRequest)
				os.Remove(file.Name())
				return
			}
			auth := pacificaauth.NewAuth(file)
			file.Close()
			log.Println("testauth:", auth.Services["testauth"])
			client := auth.NewClient()
			r, err := client.Get(auth.Services["testauth"])
			if err != nil {
				log.Println(err)
				os.Remove(file.Name())
				return
			}
			log.Println(r.StatusCode)
			user := web.AuthUser(req)
			upath := filepath.Join(common.BaseDir, "auth", "creds", common.FsEncodeUser(user))
			if platform.PlatformGet() == platform.Windows {
				err = os.Remove(upath)
			}
			err = os.Rename(file.Name(), upath)
			if err != nil {
				log.Println(err)
				os.Remove(file.Name())
				return
			}
			if cm.userCreds[user] != nil {
				oldclient := cm.userCreds[user].NewClient()
				r, err = oldclient.Get(auth.Services["logout"])
				if err != nil {
					log.Println(err)
				} else {
					log.Printf("Logged out %v: %v\n", user, r.StatusCode)
				}
			}
			cm.userCreds[user] = auth
			cm.outage[user] = nil
		}
	}
}
Пример #13
0
func bundlerNew(bm *BundleManager) *bundler {
	self := &bundler{bm: bm, wake: sync.NewCond(&sync.Mutex{})}
	err := bm.BundleStateChangeWatchSet(BundleState_ToBundle, func(user string, bundle_id int, state BundleState) { self.Wakeup() })
	if err != nil {
		log.Printf("Failed to register wakeup callback with the bundle manager.")
		return nil
	}
	go func() {
		for {
			found := false
			ids, err := self.bm.bundleIdsForStateGet(BundleState_ToBundle)
			if err == nil && ids != nil {
				for user, list := range ids {
					for _, id := range list {
						log.Printf("Got bundles %v %v\n", user, id)
						bundle_filename := filepath.Join(common.BaseDir, "bundles", "inprogress", strconv.Itoa(id)+".tar")
						file, err := os.Create(bundle_filename)
						if err != nil {
							log.Printf("Could not open temp file. %v", err)
							continue
						}
						file.Close()
						if common.System {
							if platform.PlatformGet() == platform.Linux {
								cmd := exec.Command("setfacl", "-m", "user:"******":rw", bundle_filename)
								err = cmd.Run()
								if err != nil {
									log.Printf("Failed to set acl on bundle. %v\n", err)
									continue
								}
							} else if platform.PlatformGet() == platform.Windows {
								//TODO - remove or fix so that permissions are set for system user only.
								/*userstr := common.UserdDefaultUsername() + ":C"
								err = common.Cacls(bundle_filename, "/p", "NT AUTHORITY\\SYSTEM:f", userstr, "BUILTIN\\Administrators:F")
								if err != nil {
									log.Printf("Failed to run cacls %v\n", err)
									continue
								}*/
							}
						}
						err = bundleFiles(bundle_filename, user, id)
						if err != nil {
							continue
						}
						var newstate BundleState
						metadata_filename := filepath.Join(common.BaseDir, "bundles", "inprogress", strconv.Itoa(id)+".txt")
						file, err = os.Create(metadata_filename)
						if err != nil {
							log.Printf("Could not open temp file. %v", err)
							continue
						} else {
							err = writeMetadata(self.bm, user, id, file)
							file.Close()
							if err != nil {
								continue
							}
							_, _, fe, _, err := common.UserBundleFile(user, bundle_filename, metadata_filename, "metadata.txt")
							if err != nil || rpc.BundleFileErrorIsError(fe) {
								log.Printf("Failed to add metadata to bundle. %v", err)
								continue
							}
							newstate = BundleState_ToUpload
						}
						if common.System {
							if platform.PlatformGet() == platform.Linux {
								cmd := exec.Command("setfacl", "-x", "user:"******"Failed to remove acl on bundle. %v\n", err)
									continue
								}
							} else if platform.PlatformGet() == platform.Windows {
								err = common.Cacls(bundle_filename, "/p", "NT AUTHORITY\\SYSTEM:f", "BUILTIN\\Administrators:F")
								if err != nil {
									log.Printf("Failed to run cacls %v\n", err)
									continue
								}
							}
						}
						bundle_new_filename := filepath.Join(common.BaseDir, "bundles", strconv.Itoa(id)+".tar")
						os.Remove(bundle_new_filename)
						err = os.Rename(bundle_filename, bundle_new_filename)
						if err != nil {
							log.Printf("Failed to rename bundle. %v\n", err)
							continue
						}
						err = bm.bundleStringSet(user, id, "bundle_location", bundle_new_filename)
						if err != nil {
							log.Printf("Failed to set bundle location. %v\n", err)
							continue
						}
						err = bm.BundleStateSet(user, id, newstate)
						if err != nil {
							log.Printf("Failed to transition bundle from bundling to upload. %v\n", err)
							continue
						}
						found = true
					}
				}
			}
			if found == false {
				self.wake.L.Lock()
				count, err := self.bm.bundleIdsForStateCount(BundleState_ToBundle)
				if err == nil && count < 1 {
					self.wake.Wait()
				}
				self.wake.L.Unlock()
			}
		}
	}()
	return self
}