mutex whitelistMode and remove some deferred TODOs

2025-06-06 18:33:05 +03:00 · 2021-07-10 13:31:52 +02:00 · 2021-07-10 13:31:52 +02:00 · 4961647f51
commit 4961647f51
parent 18a00b66c8
5 changed files with 25 additions and 14 deletions
--- a/auth.go
+++ b/auth.go
@ -10,6 +10,7 @@ import (
 	"net"
 	"os"
 	"strings"
+	"sync"
 	"time"

 	"github.com/shazow/ssh-chat/set"
@ -53,7 +54,8 @@ func newAuthAddr(addr net.Addr) string {
 // If the contained passphrase is not empty, it complements a whitelist.
 type Auth struct {
 	passphraseHash []byte
-	WhitelistMode  bool
+	whitelistModeMu sync.RWMutex
+	whitelistMode  bool
 	bannedAddr     *set.Set
 	bannedClient   *set.Set
 	banned         *set.Set
@ -74,6 +76,18 @@ func NewAuth() *Auth {
 	}
 }

+func (a *Auth)WhitelistMode() bool{
+	a.whitelistModeMu.RLock()
+	defer a.whitelistModeMu.RUnlock()
+	return a.whitelistMode
+}
+
+func (a *Auth) SetWhitelistMode(value bool){
+	a.whitelistModeMu.Lock()
+	defer a.whitelistModeMu.Unlock()
+	a.whitelistMode = value
+}
+
 // SetPassphrase enables passphrase authentication with the given passphrase.
 // If an empty passphrase is given, disable passphrase authentication.
 func (a *Auth) SetPassphrase(passphrase string) {
@ -87,7 +101,7 @@ func (a *Auth) SetPassphrase(passphrase string) {

 // AllowAnonymous determines if anonymous users are permitted.
 func (a *Auth) AllowAnonymous() bool {
-	return !a.WhitelistMode && a.passphraseHash == nil
+	return !a.WhitelistMode() && a.passphraseHash == nil
 }

 // AcceptPassphrase determines if passphrase authentication is accepted.
--- a/auth_test.go
+++ b/auth_test.go
@ -34,7 +34,7 @@ func TestAuthWhitelist(t *testing.T) {
 	}

 	auth.Whitelist(key, 0)
-	auth.WhitelistMode = true
+	auth.SetWhitelistMode(true)

 	keyClone, err := ClonePublicKey(key)
 	if err != nil {
--- a/cmd/ssh-chat/cmd.go
+++ b/cmd/ssh-chat/cmd.go
@ -145,7 +145,7 @@ func main() {
 	if err != nil {
 		fail(6, "Failed to load whitelist: %v\n", err)
 	}
-	auth.WhitelistMode = options.Whitelist != ""
+	auth.SetWhitelistMode(options.Whitelist != "")

 	if options.Motd != "" {
 		host.GetMOTD = func() (string, error) {
--- a/host.go
+++ b/host.go
@ -700,15 +700,12 @@ func (h *Host) InitCommands(c *chat.Commands) {
 	})

 	c.Add(chat.Command{
-		// TODO: find a better name for reverify
 		// TODO: default for reload
-		// TODO: add keys for a specific duration?
 		// TODO: reverify: what about passphrases?
 		//	- make this a different command (why? a passphrase can't change)
 		//	- who cares, kick them? -- after all, they can just reconnect
 		//	- store a flag in users that authenticated via passphrase and skip here (much more complicated)
 		//  - in which cases does this situation actually happen?
-		// TODO: "panic" (?) command for (import + on + reverify)?
 		// TODO: "print" command with a format for saving to the whitelist file?
 		//   -> hard because the whitelist set only saves fingerprints
 		Op:         true,
@ -796,9 +793,9 @@ func (h *Host) InitCommands(c *chat.Commands) {
 				sendMsg("reverify: kick all users not in the whitelist if whitelisting is enabled")
 				sendMsg("status: show status information")
 			case "on":
-				h.auth.WhitelistMode = true
+				h.auth.SetWhitelistMode(true)
 			case "off":
-				h.auth.WhitelistMode = false
+				h.auth.SetWhitelistMode(false)
 			case "add":
 				forPubkeyUser(func(pk ssh.PublicKey) { h.auth.Whitelist(pk, 0) })
 			case "remove":
@ -839,7 +836,7 @@ func (h *Host) InitCommands(c *chat.Commands) {
 					return err
 				}
 			case "reverify":
-				if !h.auth.WhitelistMode {
+				if !h.auth.WhitelistMode() {
 					sendMsg("whitelist is disabled, so nobody will be kicked")
 					break
 				}
@ -850,7 +847,7 @@ func (h *Host) InitCommands(c *chat.Commands) {
 					return nil
 				})
 			case "status":
-				if h.auth.WhitelistMode {
+				if h.auth.WhitelistMode() {
 					sendMsg("The whitelist is currently enabled.")
 				} else {
 					sendMsg("The whitelist is currently disabled.")
--- a/host_test.go
+++ b/host_test.go
@ -193,7 +193,7 @@ func TestHostWhitelist(t *testing.T) {

 	clientpubkey, _ := ssh.NewPublicKey(clientkey.Public())
 	auth.Whitelist(clientpubkey, 0)
-	auth.WhitelistMode = true
+	auth.SetWhitelistMode(true)

 	err = sshd.ConnectShell(target, "foo", func(r io.Reader, w io.WriteCloser) error { return nil })
 	if err == nil {
@ -247,11 +247,11 @@ func TestHostWhitelistCommand(t *testing.T) {
 		}

 		sendCmd("/whitelist on")
-		if !host.auth.WhitelistMode {
+		if !host.auth.WhitelistMode() {
 			t.Error("whitelist not enabled after /whitelist on")
 		}
 		sendCmd("/whitelist off")
-		if host.auth.WhitelistMode {
+		if host.auth.WhitelistMode() {
 			t.Error("whitelist not disabled after /whitelist off")
 		}