123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754 |
- /*
- * swsyd - swsy daemon, make nsswitch easy
- * Copyright (C) 2024 Marcus Pedersén marcus@marcux.org
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
- package sql
- import (
- "fmt"
- "errors"
- "log/slog"
- "slices"
- "strings"
- "time"
- "notabug.org/marcux/swsy/swsyd/common"
- "gorm.io/driver/sqlite"
- "gorm.io/gorm"
- )
- // Represents the passwd
- // file.
- type Password struct {
- ID uint32
- Username string `gorm:"unique" form:"username"`
- Password string `gorm:"default:'x'" form:"-"`
- UID int32 `gorm:"unique" form:"uid"`
- GID int32 `form:"gid"`
- Gecos string `form:"gecos"`
- Home string `form:"home"`
- Shell string `form:"shell"`
- }
- // Represent group file
- type Group struct {
- ID uint32
- Groupname string `gorm:"unique" form:"groupname"`
- GroupPassword string `gorm:"default:'x'" form:"password"`
- GID int32 `gorm:"unique" form:"gid"`
- Users string `form:"-"`
- }
- // Represent shadow file
- type Shadow struct {
- ID uint32
- Username string `gorm:"unique" form:"username"`
- Password string `form:"password"`
- LastChange uint32 `form:"last_change"`
- MinPasswordAge uint32 `gorm:"default:0" form:"min_password_age"`
- MaxPasswordAge uint32 `gorm:"default:99999" form:"max_password_age"`
- WarningPeriod uint32 `gorm:"default:7" form:"warning_period"`
- InactivePeriod uint32 `form:"inactive_period"`
- ExpireDate string `form:"expire_date"`
- }
- // Represent host file
- type Host struct {
- ID uint32
- IPv4 string `form:"ipv4"`
- IPv6 string `form:"ipv6"`
- Hostnames string `gorm:"not null" form:"hostnames"`
- }
- // Returns users with specified
- // name. If user is empty string
- // and uid is a negative value
- // all users are returned.
- // If uid is a positive value
- // specified user is returned.
- // If name and search is soecified
- // all users starting with name is
- // returned. If only name is specified
- // user with exactly that name is returned.
- func GetUser(db *gorm.DB, name string, uid int32, search bool) []Password {
- users := []Password{}
- if len(name) == 0 && uid < 0 {
- rows, err := db.Find(&[]Password{}).Rows()
- if err != nil {
- slog.Error(fmt.Sprintf("Failed to get all password: %s", err))
- return users
- }
-
- defer rows.Close()
- for rows.Next() {
- var u Password
- db.ScanRows(rows, &u)
- users = append(users, u)
- }
- } else if uid >= 0 {
- rows, err := db.Where("UID = ?", uid).Find(&Password{}).Rows()
- if err != nil {
- slog.Error(fmt.Sprintf("Failed to get password with UID: %d, %s", uid, err))
- return users
- }
- defer rows.Close()
- for rows.Next() {
- var u Password
- db.ScanRows(rows, &u)
- users = append(users, u)
- }
- } else if search {
- rows,err := db.Where("username LIKE ?",
- fmt.Sprintf("%s%%", name)).Find(&[]Password{}).Rows()
- if err != nil {
- slog.Error(fmt.Sprintf("Failed to get all users starting with: %s from database", name))
- return users
- }
- defer rows.Close()
- for rows.Next() {
- var u Password
- db.ScanRows(rows, &u)
- users = append(users, u)
- }
- } else {
- rows,err := db.Where("username = ?", name).Find(&Password{}).Rows()
- if err != nil {
- slog.Error(fmt.Sprintf("Failed to get users with username: %s from database", name))
- return users
- }
- defer rows.Close()
- for rows.Next() {
- var u Password
- db.ScanRows(rows, &u)
- users = append(users, u)
- }
- }
- return users
- }
- // Gets group, group
- // specified with either
- // groupname or uid.
- // If both are provided gid
- // will be used, gid must be
- // a negative value to not be used.
- // Search will return groups starting
- // with searched string.
- // If search is provided with gid
- // it will be ignored.
- // If name is empty string, gid is
- // negative and search is true
- // then all groups are returned.
- func GetGroup(db *gorm.DB, name string, gid int32, search bool) []Group {
- groups := []Group{}
-
- if gid >= 0 {
- // Get group with gid
- g := Group{}
- res := db.Where("g_id = ?", gid).First(&g)
- if res.Error != nil {
- slog.Error(fmt.Sprintf("Failed to get group with gid: %d from database: %s", gid, res.Error))
- } else {
- groups = append(groups, g)
- }
- } else if len(name) > 0 && search {
- // Get groups starting with groupnasme.
- rows, err := db.Table("groups").Where("groupname LIKE ?",
- fmt.Sprintf("%s%%", name)).Rows()
- if err != nil {
- slog.Error(fmt.Sprintf("Failed to get group with groupname starting with: %s from database: %s", name, err))
- } else {
- defer rows.Close()
- for rows.Next() {
- g := Group{}
- db.ScanRows(rows, &g)
- groups = append(groups, g)
- }
- }
- } else if len(name) > 0 {
- // Get group with groupname
- g := Group{}
- res := db.Where("groupname = ?", name).First(&g)
- if res.Error != nil {
- slog.Error(fmt.Sprintf("Failed to get group with groupname: %s from database: %s", name, res.Error))
- } else {
- groups = append(groups, g)
- }
- } else if len(name) == 0 && gid < 0 && search {
- rows, err := db.Find(&[]Group{}).Rows()
- if err != nil {
- slog.Error(fmt.Sprintf("Failed to get all groups from database: %s", err))
- } else {
- defer rows.Close()
- for rows.Next() {
- g := Group{}
- db.ScanRows(rows, &g)
- groups = append(groups, g)
- }
- }
- }
- return groups
- }
- // Gets users group, users
- // specified with either
- // username or uid.
- // If both are provided uid
- // will be used, uid must be
- // a negative value to not be used.
- // First value in returned
- // slice is the primary group.
- func GetUserGroups(db *gorm.DB, name string, uid int32) []Group {
- groups := []Group{}
- u := Password{}
-
- if uid >= 0 {
- res := db.Where("uid = ?", uid).First(&u)
- if res.Error != nil {
- slog.Error("GetUserGroups: Failed to get user with uid: %s from database: %s", uid, res.Error)
- return groups
- }
- } else if len(name) > 0 {
- res := db.Where("username = ?", name).First(&u)
- if res.Error != nil {
- slog.Error("GetUserGroups: Failed to get user with username: %s from database: %s", name, res.Error)
- return groups
- }
- } else {
- return groups
- }
- rows, err := db.Table("groups").Where("users LIKE ?",
- fmt.Sprintf("%%%s%%", u.Username)).Rows()
- if err != nil {
- slog.Error(fmt.Sprintf("GetUserGroups: Failed to get all groups for user with uid: %s, %s", uid, err))
- return groups
- }
- defer rows.Close()
- var primGroup Group
-
- for rows.Next() {
- var g Group
- db.ScanRows(rows, &g)
- if g.GID == u.GID {
- primGroup = g
- } else {
- usrs := strings.Split(g.Users, ",")
- for _, usr := range usrs {
- if strings.TrimSpace(usr) == u.Username {
- groups = append(groups, g)
- break
- }
- }
- }
- }
-
- if len(primGroup.Groupname) > 0 {
- groups = append([]Group{primGroup}, groups...)
- }
- return groups
- }
- // Gets shadow fields,
- // specified with either
- // username or uid.
- // If both are provided uid
- // will be used, uid must be
- // a negative value to not be used.
- // Search will return shadow fields
- // starting with searched username.
- // If search is provided with uid
- // it will be ignored.
- // If user is empty string, uid is
- // negative and search is true
- // then all shadow records are returned.
- func GetShadow(db *gorm.DB, user string, uid int32, search bool) []Shadow {
- shadows := []Shadow{}
- if uid >= 0 {
- // Get shadow for uid
- u := Password{}
- res := db.Table("passwords").Where("uid = ?", uid).First(&u)
- if res.Error != nil {
- slog.Error("GetShadow: Failed to get user with UID: %d from database: %s", uid, res.Error)
- return shadows
- }
- s := Shadow{}
- res = db.Table("shadows").Where("username = ?", u.Username).First(&s)
- if res.Error != nil {
- slog.Error("GetShadow: Failed to get shadow with username: %s, %s",
- u.Username, res.Error)
- } else {
- shadows = append(shadows, s)
- }
-
- } else if len(user) > 0 && search {
- // Get shadows starting with user
-
- rows, err := db.Table("shadows").Where("username LIKE ?",
- fmt.Sprintf("%%%s%%", user)).Rows()
- if err != nil {
- slog.Error(fmt.Sprintf("GetShadow: Failed to get all shadow fields for user with name: %s, %s", user, err))
- return shadows
- }
- defer rows.Close()
- for rows.Next() {
- s := Shadow{}
- db.ScanRows(rows, &s)
- shadows = append(shadows, s)
- }
- } else if len(user) > 0 {
- // Get shadow for username
-
- s := Shadow{}
- res := db.Table("shadows").Where("username = ?", user).First(&s)
- if res.Error != nil {
- slog.Error("GetShadow: Failed to get shadow with username: %s, %s",
- user, res.Error)
- } else {
- shadows = append(shadows, s)
- }
- } else if len(user) == 0 && uid < 0 && search {
- // Get all shadow fields
-
- rows, err := db.Find(&[]Shadow{}).Rows()
- if err != nil {
- slog.Error("GetShadow: Failed to get all shadow fields")
- } else {
- defer rows.Close()
-
- for rows.Next() {
- s := Shadow{}
- db.ScanRows(rows, &s)
- shadows = append(shadows, s)
- }
- }
- }
- return shadows
- }
- // Gets host,
- // specified with either
- // hostname, ipv4 or ipv6.
- // If more then one is provided
- // hostname will be used.
- // Search will return hosts
- // starting with searched hostname.
- // If search is provided with any other
- // argument, it will be ignored.
- // If name, ipv4 and ipv6 are empty string
- // and search is true
- // then all hosts are returned.
- func GetHost(db *gorm.DB, name string, ipv4 string, ipv6 string, search bool) []Host {
- hosts := []Host{}
- if search && len(name) == 0 && len(ipv4) == 0 && len(ipv6) == 0 {
- // Get all hosts
- rows, err := db.Find(&[]Host{}).Rows()
- if err != nil {
- slog.Error(fmt.Sprintf("GetHost: Failed to get all hosts: %s", err))
- } else {
- defer rows.Close()
- for rows.Next() {
- h := Host{}
- db.ScanRows(rows, &h)
- hosts = append(hosts, h)
- }
- }
- } else if len(name) > 0 && !search && len(ipv4) == 0 && len(ipv6) == 0 {
- // Get host with hostname
- h := Host{}
- res := db.Table("hosts").Where("hostnames = ?", name).First(&h)
- if res.Error != nil {
- slog.Error(fmt.Sprintf("GetHost: Failed tyo get host with hostname: %s, %s",
- name, res.Error))
- } else {
- hosts = append(hosts, h)
- }
- } else if len(name) > 0 && search && len(ipv4) == 0 && len(ipv6) == 0 {
- // Get host starting with hostname
- rows, err := db.Table("hosts").Where("hostnames LIKE ?",
- fmt.Sprintf("%%%s%%", name)).Rows()
- if err != nil {
- slog.Error(fmt.Sprintf("GetHost: Failed to get hosts starting with: %s, %s",
- name, err))
- } else {
- defer rows.Close()
- for rows.Next() {
- h := Host{}
- db.ScanRows(rows, &h)
- hosts = append(hosts, h)
- }
- }
- } else if len(ipv4) > 0 && !search && len(name) == 0 && len(ipv6) == 0 {
- // Get host with IPv4
- h := Host{}
- res := db.Table("hosts").Where("ipv4 = ?", ipv4).First(&h)
- if res.Error != nil {
- slog.Error(fmt.Sprintf("GetHost: Fasiled to get host with ipv4: %s, %s",
- ipv4, res.Error))
- } else {
- hosts = append(hosts, h)
- }
- } else if len(ipv6) > 0 && !search && len(ipv4) == 0 && len(name) == 0 {
- // Get host with IPv6
- h := Host{}
- res := db.Table("hosts").Where("ipv6 = ?", ipv6).First(&h)
- if res.Error != nil {
- slog.Error(fmt.Sprintf("GetHost: Failed to get host cwith ipv6: %s, %s",
- ipv6, res.Error))
- } else {
- hosts = append(hosts, h)
- }
- }
-
- return hosts
- }
- // Insert user in database
- func InsertUser(db *gorm.DB, conf common.Config, user Password) error {
- u := GetUser(db, user.Username, -1, false)
- if len(u) > 0 {
- return fmt.Errorf("Failed to add user: User with username: %s already exist.", user.Username)
- }
- uids := []int32{}
- gids := []int32{}
-
- rows, err := db.Table("passwords").Where("uid >= ?", conf.MinUid).Order("uid").Rows()
- if err != nil {
- return fmt.Errorf("Failed to get all users where Uid >= %d, %s",
- conf.MinUid, err)
- }
- for rows.Next() {
- p := Password{}
- db.ScanRows(rows, &p)
- uids = append(uids, p.UID)
- }
- rows, err = db.Table("groups").Where("g_id >= ?", conf.MinGid).Order("g_id").Rows()
- for rows.Next() {
- g := Group{}
- db.ScanRows(rows, &g)
- gids = append(gids, g.GID)
- }
- var uid, gid int32 = -1, -1
- if conf.MinUid == conf.MinGid {
- no := 0
- for i := uint64(conf.MinUid); no < len(uids); i++ {
- if ! slices.Contains(uids, int32(i)) {
- if ! slices.Contains(gids, int32(i)) {
- uid = int32(i)
- gid = uid
- break
- }
- }
-
- no++
- }
- if uid == -1 {
- if len(uids) > 0 {
- uid = uids[len(uids)-1] + 1
- } else {
- uid = int32(conf.MinUid)
- }
-
- for {
- if ! slices.Contains(gids, uid) {
- gid = uid
- break
- }
- uid++
- }
- }
- } else {
- uid = int32(conf.MinUid)
- for {
- if ! slices.Contains(uids, uid) {
- break
- }
- uid++
- }
- gid = int32(conf.MinGid)
- for {
- if ! slices.Contains(gids,gid) {
- break
- }
- gid++
- }
- }
- user.UID = uid
- user.GID = gid
- res := db.Create(&user)
- if res.Error != nil {
- return fmt.Errorf("Failed to insert user: %s in database, %s", user.Username, res.Error)
- }
- if res.RowsAffected > 1 {
- return fmt.Errorf("Database error, to many rows affected: %d", res.RowsAffected)
- }
- return nil
- }
- // Insert group in database
- func InsertGroup(db *gorm.DB, conf common.Config, group Group) error {
- grp := GetGroup(db, "", group.GID, false)
- if len(grp) > 0 {
- return fmt.Errorf("Failed to add group, group with GID = %d already exist.", group.GID)
- }
- grp = GetGroup(db, group.Groupname, -1, false)
- if len(grp) > 0 {
- return fmt.Errorf("Failed to add group, group with name: %s already exists.", group.Groupname)
- }
-
- if group.GID == 0 {
- gids := []int32{}
- rows, err := db.Table("groups").Where("g_id >= ?", conf.MinGid).Order("g_id").Rows()
- if err != nil {
- return fmt.Errorf("Failed to get all groups with GID >= %d from database: %s", err)
- }
- for rows.Next() {
- g := Group{}
- db.ScanRows(rows, &g)
- gids = append(gids, g.GID)
- }
- no := 0
- gid := int32(0)
-
- for i := uint64(conf.MinGid); no < len(gids); i++ {
- if ! slices.Contains(gids, int32(i)) {
- gid = int32(i)
- break
- }
-
- no++
- }
- if gid == 0 {
- if len(gids) > 0 {
- gid = gids[len(gids)-1]+1
- } else {
- gid = int32(conf.MinGid)
- }
- }
- group.GID = gid
- }
- res := db.Create(&group)
- if res.Error != nil {
- return fmt.Errorf("Failed to insert group: %s in database, %s", group.Groupname, res.Error)
- }
- if res.RowsAffected > 1 {
- return fmt.Errorf("Database error, to many rows affected: %d", res.RowsAffected)
- }
-
- return nil
- }
- // Insert new shadow in database
- // If uid >= 0 it will be used
- // otherwise shadow.Username
- // will be used
- func InsertShadow(db *gorm.DB, conf common.Config, shadow Shadow, uid int32) error {
- unixTime := time.Now().Unix()
-
- shadow.LastChange = uint32(unixTime)
- if uid >= 0 {
- shs := GetUser(db, "", uid, false)
- if len(shs) <= 0 {
- return fmt.Errorf("User with uid: %d does not exist", uid)
- } else if len(shs) > 1 {
- return fmt.Errorf("Wrong number of rows found in database for uid: %d", uid)
- }
- shadow.Username = shs[0].Username
- } else {
- shs := GetUser(db,shadow.Username, -1, false)
- if len(shs) <= 0 {
- return fmt.Errorf("User with username: %s does not exist", shadow.Username)
- } else if len(shs) > 1 {
- return fmt.Errorf("Wrong number of rows found in database for username: %s", shadow.Username)
- }
- }
- exist := GetShadow(db, shadow.Username, -1, false)
- if len(exist) > 0 {
- return fmt.Errorf("Password for username: %s, already exist", shadow.Username)
- }
-
- res := db.Create(&shadow)
- if res.Error != nil {
- return fmt.Errorf("Failed to insert password in database %s", res.Error)
- }
- if res.RowsAffected > 1 {
- return fmt.Errorf("Database error, to many rows affected: %d", res.RowsAffected)
- }
-
- return nil
- }
- // Insert new host in database
- func InsertHost(db *gorm.DB, conf common.Config, host Host) error {
- ip4Exist := GetHost(db, "", host.IPv4, "", false)
- if len(ip4Exist) > 0 {
- return fmt.Errorf("Failed to add host. Host with IPv4 address: %s, already exist.", host.IPv4)
- }
- ip6Exist := GetHost(db, "", "", host.IPv6, false)
- if len(ip6Exist) > 0 {
- return fmt.Errorf("Failed to add host. Host with IPv6 address: %s already exist.", host.IPv6)
- }
- var hExist []Host
- for _, h := range strings.Fields(host.Hostnames) {
- hExist = GetHost(db, h, "", "", true)
- if len(hExist) > 0 {
- return fmt.Errorf("Failed to add host. Hostname: %s already exist", h)
- }
- }
- res := db.Create(&host)
- if res.Error != nil {
- return fmt.Errorf("Failed to insert host in database %s", res.Error)
- }
- if res.RowsAffected > 1 {
- return fmt.Errorf("Database error, to many rows affected: %d", res.RowsAffected)
- }
-
- return nil
- }
- // Init database and return handle
- func InitDb(c common.Config) (*gorm.DB, error) {
- db, err := gorm.Open(sqlite.Open(c.Dbfile), &gorm.Config{})
- if err != nil {
- return &gorm.DB{}, errors.New(
- fmt.Sprintf("Failed to open database: %s, %s\n",
- "swsy.db", err),
- )
- }
- db.AutoMigrate(&Password{})
- db.AutoMigrate(&Group{})
- db.AutoMigrate(&Shadow{})
- db.AutoMigrate(&Host{})
- return db, nil
- }
|