Only report user info from API

Author: SeanThomasWilliams

auth.go

@@ -7,28 +7,58 @@ import (
 	"fmt"
 	"io/ioutil"
 	"net/http"
+	"os"
 	"time"
 )
 
-const userID = 1337
-const groupID = 100
+const baseUserUID = 2000
+const GroupID = 100 // users
 
 type User struct {
 	Admin    bool   `json:"is_staff"`
 	Email    string `json:"email"`
-	ID       int    `json:"id"`
+	ID       uint   `json:"id"`
+	UID      uint   `json:"uid"`
 	Username string `json:"username"`
 }
 
 func (u User) GetPasswdLine() []byte {
-	return []byte(fmt.Sprintf("%s:x:%d:%d::/home/%s:/bin/bash\n", u.Username, userID, groupID, u.Username))
+	return []byte(fmt.Sprintf("%s:x:%d:%d::/home/%s:/bin/bash\n", u.Username, u.UID, GroupID, u.Username))
 }
 
 type TokenUser struct {
 	Token string `json:"token"`
 	User  User   `json:"user"`
 }
 
+func (t TokenUser) WriteTokenFile() error {
+	if _, err := os.Stat(AppConfig.TokenFile); os.IsNotExist(err) {
+		return ioutil.WriteFile(AppConfig.TokenFile, []byte(t.Token), 0644)
+	}
+	return nil
+}
+
+func (u User) WriteUserFile() error {
+	data, _ := json.MarshalIndent(u, "", "  ")
+	if _, err := os.Stat(AppConfig.UserFile); os.IsNotExist(err) {
+		return ioutil.WriteFile(AppConfig.UserFile, data, 0644)
+	}
+	return nil
+}
+
+func (u *User) ReadUserFile() error {
+	data, err := ioutil.ReadFile(AppConfig.UserFile)
+	if err != nil {
+		return err
+	}
+
+	if err := json.Unmarshal(data, u); err != nil {
+		return err
+	}
+
+	return nil
+}
+
 var backoffSchedule = []time.Duration{
 	1 * time.Second,
 	3 * time.Second,
@@ -99,6 +129,7 @@ func Authenticate(user, password string) (*TokenUser, error) {
 	if err != nil {
 		return nil, err
 	}
+	tokenUser.User.UID = tokenUser.User.ID + baseUserUID
 
 	return &tokenUser, nil
 }

nss-https/main.go

@@ -1,19 +1,22 @@
 package main
 
 import (
+	"encoding/csv"
 	"fmt"
+	"os"
+	"strconv"
 
 	. "github.com/protosam/go-libnss"
 	. "github.com/protosam/go-libnss/structs"
 
 	humcommon "github.com/xeedio/linux-https-user-management"
 )
 
-const httpsRemoteUserID = 1337
+var validGroupNames []string
+var groupsById map[uint]string
+var groupsByName map[string]uint
 
-var defaultHttpsRemoteUser Passwd
-
-// We're creating a struct that implements LIBNSS stub methods.
+// We're creating a struct that implements HTTPSRemoteUserImpl stub methods.
 type HTTPSRemoteUserImpl struct {
 	LIBNSS
 }
@@ -24,14 +27,20 @@ func (self HTTPSRemoteUserImpl) PasswdByName(name string) (Status, Passwd) {
 		humcommon.Log().Info("Exit early due to config error")
 		return StatusNotfound, Passwd{}
 	}
+
 	humcommon.Log().Infof("PasswordByName: %s", name)
+	user := &humcommon.User{}
+	if err := user.ReadUserFile(); err != nil {
+		humcommon.Log().Infof("Can't get user info: %v", err)
+		return StatusNotfound, Passwd{}
+	}
+
 	entry := Passwd{
-		Username: name,
+		Username: user.Username,
 		Password: "x",
-		UID:      httpsRemoteUserID,
-		GID:      100, // users
-		Gecos:    "HTTPS Remote User",
-		Dir:      fmt.Sprintf("/home/%s", name),
+		UID:      user.UID,
+		GID:      humcommon.GroupID, // users
+		Dir:      fmt.Sprintf("/home/%s", user.Username),
 		Shell:    "/bin/bash",
 	}
 	return StatusSuccess, entry
@@ -43,11 +52,27 @@ func (self HTTPSRemoteUserImpl) PasswdByUid(uid uint) (Status, Passwd) {
 		humcommon.Log().Info("Exit early due to config error")
 		return StatusNotfound, Passwd{}
 	}
+
 	humcommon.Log().Infof("PasswordByUid: %d", uid)
-	if uid == httpsRemoteUserID {
-		return StatusSuccess, defaultHttpsRemoteUser
+	user := &humcommon.User{}
+	if err := user.ReadUserFile(); err != nil {
+		humcommon.Log().Infof("Can't get user info: %v", err)
+		return StatusNotfound, Passwd{}
+	}
+
+	if uid != user.UID {
+		return StatusNotfound, Passwd{}
+	}
+
+	entry := Passwd{
+		Username: user.Username,
+		Password: "x",
+		UID:      user.UID,
+		GID:      100, // users
+		Dir:      fmt.Sprintf("/home/%s", user.Username),
+		Shell:    "/bin/bash",
 	}
-	return StatusNotfound, Passwd{}
+	return StatusSuccess, entry
 }
 
 func (self HTTPSRemoteUserImpl) ShadowByName(name string) (Status, Shadow) {
@@ -70,15 +95,127 @@ func (self HTTPSRemoteUserImpl) ShadowByName(name string) (Status, Shadow) {
 	return StatusSuccess, entry
 }
 
+func (self HTTPSRemoteUserImpl) GroupAll() (Status, []Group) {
+	if humcommon.ConfigError {
+		humcommon.Log().Info("Exit early due to config error")
+		return StatusNotfound, []Group{}
+	}
+
+	user := &humcommon.User{}
+	if err := user.ReadUserFile(); err != nil {
+		humcommon.Log().Infof("Can't get user info: %v", err)
+		return StatusNotfound, []Group{}
+	}
+
+	groupList := make([]Group, 0)
+	for groupName, groupId := range groupsByName {
+		groupList = append(groupList, Group{
+			Groupname: groupName,
+			Password:  "x",
+			GID:       groupId,
+			Members:   []string{user.Username},
+		},
+		)
+	}
+
+	return StatusSuccess, groupList
+}
+
+func (self HTTPSRemoteUserImpl) GroupByName(name string) (Status, Group) {
+	if humcommon.ConfigError {
+		humcommon.Log().Info("Exit early due to config error")
+		return StatusNotfound, Group{}
+	}
+
+	user := &humcommon.User{}
+	if err := user.ReadUserFile(); err != nil {
+		humcommon.Log().Infof("Can't get user info: %v", err)
+		return StatusNotfound, Group{}
+	}
+
+	if !isValidGroup(name) {
+		return StatusNotfound, Group{}
+	}
+
+	return StatusSuccess, Group{
+		Groupname: name,
+		Password:  "x",
+		GID:       groupsByName[name],
+		Members:   []string{user.Username},
+	}
+}
+
+func (self HTTPSRemoteUserImpl) GroupByGid(gid uint) (Status, Group) {
+	if humcommon.ConfigError {
+		humcommon.Log().Info("Exit early due to config error")
+		return StatusNotfound, Group{}
+	}
+
+	user := &humcommon.User{}
+	if err := user.ReadUserFile(); err != nil {
+		humcommon.Log().Infof("Can't get user info: %v", err)
+		return StatusNotfound, Group{}
+	}
+
+	if _, ok := groupsById[gid]; !ok {
+		return StatusNotfound, Group{}
+	}
+
+	return StatusSuccess, Group{
+		Groupname: groupsById[gid],
+		Password:  "x",
+		GID:       gid,
+		Members:   []string{user.Username},
+	}
+}
+
+func parseEtcGroup() error {
+	groupFile, err := os.Open("/etc/group")
+	if err != nil {
+		humcommon.Log().Warnf("Error opening groups: %v", err)
+		return err
+	}
+	defer groupFile.Close()
+
+	r := csv.NewReader(groupFile)
+	r.Comma = ':'
+	r.Comment = '#'
+
+	for {
+		record, err := r.Read()
+		if record == nil || err != nil {
+			break
+		}
+		groupName := record[0]
+		if isValidGroup(groupName) {
+			groupId, _ := strconv.Atoi(record[2])
+			uGroupId := uint(groupId)
+			groupsById[uGroupId] = groupName
+			groupsByName[groupName] = uGroupId
+		}
+	}
+
+	return nil
+}
+
+func isValidGroup(groupName string) bool {
+	for _, testGroup := range validGroupNames {
+		if testGroup == groupName {
+			return true
+		}
+	}
+
+	return false
+}
+
 func init() {
-	defaultHttpsRemoteUser = Passwd{
-		Username: "remoteuser",
-		Password: "x",
-		UID:      httpsRemoteUserID,
-		GID:      100, // users
-		Gecos:    "HTTPS Remote User",
-		Dir:      "/home/remoteuser",
-		Shell:    "/bin/bash",
+	validGroupNames = append(validGroupNames, "adm", "cdrom", "sudo", "plugdev", "lpadmin")
+
+	groupsById = make(map[uint]string)
+	groupsByName = make(map[string]uint)
+
+	if err := parseEtcGroup(); err != nil {
+		humcommon.Log().Warnf("Unable to parse etc group: %v", err)
 	}
 
 	// We set our implementation to "HTTPSRemoteUserImpl", so that go-libnss will use the methods we create

nss-https/nss_test.go

@@ -14,7 +14,7 @@ func TestPasswdByName(t *testing.T) {
 }
 
 func TestPasswdByUidBad(t *testing.T) {
-	status, _ := HTTPSRemoteUserImpl{}.PasswdByUid(httpsRemoteUserID)
+	status, _ := HTTPSRemoteUserImpl{}.PasswdByUid(2001)
 	assert.Equal(t, nss.Status(0), status, "Expected success")
 }
 
@@ -27,3 +27,11 @@ func TestShadowByName(t *testing.T) {
 	status, _ := HTTPSRemoteUserImpl{}.ShadowByName("user0")
 	assert.Equal(t, nss.Status(0), status, "Expected success")
 }
+
+func TestParseEtcGroup(t *testing.T) {
+	if err := parseEtcGroup(); err != nil {
+		t.Errorf("Error parsing etc group: %v", err)
+	}
+	t.Logf("GroupsById: %+v", groupsById)
+	t.Logf("GroupsByName: %+v", groupsByName)
+}

pam-https/main.go

@@ -2,7 +2,6 @@ package main
 
 import (
 	"bytes"
-	"encoding/json"
 	"io/ioutil"
 	"os"
 
@@ -65,11 +64,11 @@ func (mp *mypam) Authenticate(hdl pam.Handle, args pam.Args) pam.Value {
 			humcommon.Log().Warnf("Error appending passwd file: %v", err)
 			return pam.AuthInfoUnavailable
 		}
-		if err := writeTokenFile(tokenUser.Token); err != nil {
+		if err := tokenUser.WriteTokenFile(); err != nil {
 			humcommon.Log().Warnf("Error writing token file: %v", err)
 			return pam.AuthInfoUnavailable
 		}
-		if err := writeUserFile(tokenUser.User); err != nil {
+		if err := tokenUser.User.WriteUserFile(); err != nil {
 			humcommon.Log().Warnf("Error writing user file: %v", err)
 			return pam.AuthInfoUnavailable
 		}
@@ -79,21 +78,6 @@ func (mp *mypam) Authenticate(hdl pam.Handle, args pam.Args) pam.Value {
 	return pam.PermissionDenied
 }
 
-func writeTokenFile(token string) error {
-	if _, err := os.Stat(humcommon.AppConfig.TokenFile); os.IsNotExist(err) {
-		return ioutil.WriteFile(humcommon.AppConfig.TokenFile, []byte(token), 0644)
-	}
-	return nil
-}
-
-func writeUserFile(user humcommon.User) error {
-	data, _ := json.MarshalIndent(user, "", " ")
-	if _, err := os.Stat(humcommon.AppConfig.UserFile); os.IsNotExist(err) {
-		return ioutil.WriteFile(humcommon.AppConfig.UserFile, data, 0644)
-	}
-	return nil
-}
-
 func fileContains(line []byte, filePath string) (bool, error) {
 	data, err := ioutil.ReadFile(filePath)
 	if err != nil {