mirror of
https://github.com/shazow/ssh-chat.git
synced 2025-06-08 11:22:10 +03:00
mutex whitelistMode and remove some deferred TODOs
This commit is contained in:
mik2k2
parent
18a00b66c8
commit
4961647f51
18
auth.go
18
auth.go
@ -10,6 +10,7 @@ import (
|
|||||||
"net"
|
"net"
|
||||||
"os"
|
"os"
|
||||||
"strings"
|
"strings"
|
||||||
|
"sync"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/shazow/ssh-chat/set"
|
"github.com/shazow/ssh-chat/set"
|
||||||
@ -53,7 +54,8 @@ func newAuthAddr(addr net.Addr) string {
|
|||||||
// If the contained passphrase is not empty, it complements a whitelist.
|
// If the contained passphrase is not empty, it complements a whitelist.
|
||||||
type Auth struct {
|
type Auth struct {
|
||||||
passphraseHash []byte
|
passphraseHash []byte
|
||||||
WhitelistMode bool
|
whitelistModeMu sync.RWMutex
|
||||||
|
whitelistMode bool
|
||||||
bannedAddr *set.Set
|
bannedAddr *set.Set
|
||||||
bannedClient *set.Set
|
bannedClient *set.Set
|
||||||
banned *set.Set
|
banned *set.Set
|
||||||
@ -74,6 +76,18 @@ func NewAuth() *Auth {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (a *Auth)WhitelistMode() bool{
|
||||||
|
a.whitelistModeMu.RLock()
|
||||||
|
defer a.whitelistModeMu.RUnlock()
|
||||||
|
return a.whitelistMode
|
||||||
|
}
|
||||||
|
|
||||||
|
func (a *Auth) SetWhitelistMode(value bool){
|
||||||
|
a.whitelistModeMu.Lock()
|
||||||
|
defer a.whitelistModeMu.Unlock()
|
||||||
|
a.whitelistMode = value
|
||||||
|
}
|
||||||
|
|
||||||
// SetPassphrase enables passphrase authentication with the given passphrase.
|
// SetPassphrase enables passphrase authentication with the given passphrase.
|
||||||
// If an empty passphrase is given, disable passphrase authentication.
|
// If an empty passphrase is given, disable passphrase authentication.
|
||||||
func (a *Auth) SetPassphrase(passphrase string) {
|
func (a *Auth) SetPassphrase(passphrase string) {
|
||||||
@ -87,7 +101,7 @@ func (a *Auth) SetPassphrase(passphrase string) {
|
|||||||
|
|
||||||
// AllowAnonymous determines if anonymous users are permitted.
|
// AllowAnonymous determines if anonymous users are permitted.
|
||||||
func (a *Auth) AllowAnonymous() bool {
|
func (a *Auth) AllowAnonymous() bool {
|
||||||
return !a.WhitelistMode && a.passphraseHash == nil
|
return !a.WhitelistMode() && a.passphraseHash == nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// AcceptPassphrase determines if passphrase authentication is accepted.
|
// AcceptPassphrase determines if passphrase authentication is accepted.
|
||||||
|
|||||||
@ -34,7 +34,7 @@ func TestAuthWhitelist(t *testing.T) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
auth.Whitelist(key, 0)
|
auth.Whitelist(key, 0)
|
||||||
auth.WhitelistMode = true
|
auth.SetWhitelistMode(true)
|
||||||
|
|
||||||
keyClone, err := ClonePublicKey(key)
|
keyClone, err := ClonePublicKey(key)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|||||||
@ -145,7 +145,7 @@ func main() {
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
fail(6, "Failed to load whitelist: %v\n", err)
|
fail(6, "Failed to load whitelist: %v\n", err)
|
||||||
}
|
}
|
||||||
auth.WhitelistMode = options.Whitelist != ""
|
auth.SetWhitelistMode(options.Whitelist != "")
|
||||||
|
|
||||||
if options.Motd != "" {
|
if options.Motd != "" {
|
||||||
host.GetMOTD = func() (string, error) {
|
host.GetMOTD = func() (string, error) {
|
||||||
|
|||||||
11
host.go
11
host.go
@ -700,15 +700,12 @@ func (h *Host) InitCommands(c *chat.Commands) {
|
|||||||
})
|
})
|
||||||
|
|
||||||
c.Add(chat.Command{
|
c.Add(chat.Command{
|
||||||
// TODO: find a better name for reverify
|
|
||||||
// TODO: default for reload
|
// TODO: default for reload
|
||||||
// TODO: add keys for a specific duration?
|
|
||||||
// TODO: reverify: what about passphrases?
|
// TODO: reverify: what about passphrases?
|
||||||
// - make this a different command (why? a passphrase can't change)
|
// - make this a different command (why? a passphrase can't change)
|
||||||
// - who cares, kick them? -- after all, they can just reconnect
|
// - who cares, kick them? -- after all, they can just reconnect
|
||||||
// - store a flag in users that authenticated via passphrase and skip here (much more complicated)
|
// - store a flag in users that authenticated via passphrase and skip here (much more complicated)
|
||||||
// - in which cases does this situation actually happen?
|
// - in which cases does this situation actually happen?
|
||||||
// TODO: "panic" (?) command for (import + on + reverify)?
|
|
||||||
// TODO: "print" command with a format for saving to the whitelist file?
|
// TODO: "print" command with a format for saving to the whitelist file?
|
||||||
// -> hard because the whitelist set only saves fingerprints
|
// -> hard because the whitelist set only saves fingerprints
|
||||||
Op: true,
|
Op: true,
|
||||||
@ -796,9 +793,9 @@ func (h *Host) InitCommands(c *chat.Commands) {
|
|||||||
sendMsg("reverify: kick all users not in the whitelist if whitelisting is enabled")
|
sendMsg("reverify: kick all users not in the whitelist if whitelisting is enabled")
|
||||||
sendMsg("status: show status information")
|
sendMsg("status: show status information")
|
||||||
case "on":
|
case "on":
|
||||||
h.auth.WhitelistMode = true
|
h.auth.SetWhitelistMode(true)
|
||||||
case "off":
|
case "off":
|
||||||
h.auth.WhitelistMode = false
|
h.auth.SetWhitelistMode(false)
|
||||||
case "add":
|
case "add":
|
||||||
forPubkeyUser(func(pk ssh.PublicKey) { h.auth.Whitelist(pk, 0) })
|
forPubkeyUser(func(pk ssh.PublicKey) { h.auth.Whitelist(pk, 0) })
|
||||||
case "remove":
|
case "remove":
|
||||||
@ -839,7 +836,7 @@ func (h *Host) InitCommands(c *chat.Commands) {
|
|||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
case "reverify":
|
case "reverify":
|
||||||
if !h.auth.WhitelistMode {
|
if !h.auth.WhitelistMode() {
|
||||||
sendMsg("whitelist is disabled, so nobody will be kicked")
|
sendMsg("whitelist is disabled, so nobody will be kicked")
|
||||||
break
|
break
|
||||||
}
|
}
|
||||||
@ -850,7 +847,7 @@ func (h *Host) InitCommands(c *chat.Commands) {
|
|||||||
return nil
|
return nil
|
||||||
})
|
})
|
||||||
case "status":
|
case "status":
|
||||||
if h.auth.WhitelistMode {
|
if h.auth.WhitelistMode() {
|
||||||
sendMsg("The whitelist is currently enabled.")
|
sendMsg("The whitelist is currently enabled.")
|
||||||
} else {
|
} else {
|
||||||
sendMsg("The whitelist is currently disabled.")
|
sendMsg("The whitelist is currently disabled.")
|
||||||
|
|||||||
@ -193,7 +193,7 @@ func TestHostWhitelist(t *testing.T) {
|
|||||||
|
|
||||||
clientpubkey, _ := ssh.NewPublicKey(clientkey.Public())
|
clientpubkey, _ := ssh.NewPublicKey(clientkey.Public())
|
||||||
auth.Whitelist(clientpubkey, 0)
|
auth.Whitelist(clientpubkey, 0)
|
||||||
auth.WhitelistMode = true
|
auth.SetWhitelistMode(true)
|
||||||
|
|
||||||
err = sshd.ConnectShell(target, "foo", func(r io.Reader, w io.WriteCloser) error { return nil })
|
err = sshd.ConnectShell(target, "foo", func(r io.Reader, w io.WriteCloser) error { return nil })
|
||||||
if err == nil {
|
if err == nil {
|
||||||
@ -247,11 +247,11 @@ func TestHostWhitelistCommand(t *testing.T) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
sendCmd("/whitelist on")
|
sendCmd("/whitelist on")
|
||||||
if !host.auth.WhitelistMode {
|
if !host.auth.WhitelistMode() {
|
||||||
t.Error("whitelist not enabled after /whitelist on")
|
t.Error("whitelist not enabled after /whitelist on")
|
||||||
}
|
}
|
||||||
sendCmd("/whitelist off")
|
sendCmd("/whitelist off")
|
||||||
if host.auth.WhitelistMode {
|
if host.auth.WhitelistMode() {
|
||||||
t.Error("whitelist not disabled after /whitelist off")
|
t.Error("whitelist not disabled after /whitelist off")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user