/
ui_unix.go
147 lines (131 loc) · 3.68 KB
/
ui_unix.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
//go:build !windows
/***************************************************************
*
* Copyright (C) 2024, Pelican Project, Morgridge Institute for Research
*
* Licensed under the Apache License, Version 2.0 (the "License"); you
* may not use this file except in compliance with the License. You may
* obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
***************************************************************/
package web_ui
import (
"bufio"
"fmt"
"os"
"path/filepath"
"strings"
"syscall"
"github.com/pelicanplatform/pelican/param"
"github.com/pkg/errors"
log "github.com/sirupsen/logrus"
"golang.org/x/crypto/bcrypt"
)
func doReload() error {
db := authDB.Load()
if db == nil {
log.Debug("Cannot reload auth database - not configured")
return nil
}
fileName := param.Server_UIPasswordFile.GetString()
fp, err := os.OpenFile(fileName, os.O_RDONLY|os.O_CREATE, 0600)
if err != nil {
log.Warning("Failed to open auth database for reload:", err)
return err
}
defer fp.Close()
if err = syscall.Flock(int(fp.Fd()), syscall.LOCK_SH); err != nil {
log.Warning("Failed to lock the auth database for read:", err)
return err
}
defer func() {
if err := syscall.Flock(int(fp.Fd()), syscall.LOCK_UN); err != nil {
log.Warning("Failed to unlock the auth database:", err)
}
}()
err = db.Reload(nil)
if err != nil {
log.Warningln("Failed to reload auth database:", err)
return err
}
log.Debug("Successfully reloaded the auth database")
return nil
}
func writePasswordEntryImpl(user, password string) error {
fileName := param.Server_UIPasswordFile.GetString()
passwordBytes := []byte(password)
if len(passwordBytes) > 72 {
return errors.New("Password too long")
}
hashed, err := bcrypt.GenerateFromPassword(passwordBytes, bcrypt.DefaultCost)
if err != nil {
return err
}
directory := filepath.Dir(fileName)
err = os.MkdirAll(directory, 0750)
if err != nil {
return err
}
fp, err := os.OpenFile(fileName, os.O_RDWR|os.O_CREATE, 0600)
if err != nil {
return err
}
defer fp.Close()
if _, err := fp.Seek(0, 0); err != nil {
log.Warning("Failed to seek to the beginning of the auth database:", err)
return err
}
if err = syscall.Flock(int(fp.Fd()), syscall.LOCK_EX); err != nil {
log.Warning("Failed to lock the auth database for read:", err)
return err
}
defer func() {
if err := syscall.Flock(int(fp.Fd()), syscall.LOCK_UN); err != nil {
log.Warning("Failed to unlock the auth database:", err)
}
}()
credentials := make(map[string]string)
scanner := bufio.NewScanner(fp)
scanner.Split(bufio.ScanLines)
for scanner.Scan() {
info := strings.SplitN(scanner.Text(), ":", 2)
if len(info) == 1 {
log.Warning("Invalid line in the authdb file:", scanner.Text())
continue
}
credentials[info[0]] = info[1]
}
credentials[user] = string(hashed)
fp2, err := os.OpenFile(fileName, os.O_RDWR|os.O_TRUNC|os.O_APPEND, 0600)
if err != nil {
return err
}
defer fp2.Close()
for user, pass := range credentials {
entry := fmt.Sprintf("%s:%s\n", user, pass)
if _, err = fp2.Write([]byte(entry)); err != nil {
return err
}
}
return nil
}
func WritePasswordEntry(user, password string) error {
if err := writePasswordEntryImpl(user, password); err != nil {
return err
}
db := authDB.Load()
if db != nil {
if err := db.Reload(nil); err != nil {
return err
}
}
return nil
}