Skip to content
Snippets Groups Projects
Verified Commit 5edfd9e1 authored by Nik | Klampfradler's avatar Nik | Klampfradler
Browse files

Remove unnecessary cache object

parent 751f4bbd
No related branches found
No related tags found
No related merge requests found
......@@ -43,45 +43,27 @@ const USER_TOKEN_FILENAME: &str = "user_token.json";
/// Holds (partial or full) information about a user
/// This will mostly be the context user (see `Cache`), and is filled with
/// as much detail about the user as is available
pub struct UserInfo<'a> {
pub struct UserInfo {
/// Numeric user ID
uid: Option<uid_t>,
/// Username as used for authentication
username: Option<String>,
/// Passwd struct (once full getpwnam/getpwuid resolution was possible)
passwd: Option<Passwd<'a>>,
passwd: Option<Passwd>,
/// OAuth access token if freshly retrieved or known from disk backed storage
access_token: Option<BasicTokenResponse>
}
/// In-memory structure to hold global process state
/// Needed because the PAM and NSS components might be used chained (if NSS
/// resolution is necessary to complete PAM authentication), and we need to
/// remember state between the calls.
pub struct Cache<'a> {
/// The user currently calling the library
/// For NSS, this will be the process owner; for PAM, this will be the user
/// logging in (after successful authentication)
pub context_user: UserInfo<'a>
}
impl Cache {
pub fn new() -> Cache {
let euid = unsafe {
geteuid()
};
Cache {
context_user: UserInfo {
uid: None,
username: None,
passwd: None,
access_token: None
}
impl UserInfo {
pub fn new() -> UserInfo {
Self {
uid: None,
username: None,
passwd: None,
access_token: None
}
}
}
impl <'a>UserInfo<'a> {
/// Set the information of this user object to that of the process owner
// FIXME Move to Cache, with a from_current_user generator method here
pub fn set_current_user(&mut self) {
......@@ -189,7 +171,7 @@ impl <'a>UserInfo<'a> {
pub fn set_username(&mut self, username: String) {
self.username = Some(username);
if self.passwd.is_some() && self.passwd.as_ref().unwrap().pw_name != self.username.as_ref().unwrap() {
if self.passwd.is_some() && self.passwd.as_ref().unwrap().pw_name != self.username.as_ref().unwrap().to_string() {
// Invalidate passwd because UID does not match anymore
self.passwd = None;
self.try_resolve();
......@@ -202,12 +184,12 @@ impl <'a>UserInfo<'a> {
/// Return the home directory from the passwd slot,
/// attempting NSS resolution before doing so
pub fn get_home_directory(&mut self) -> Result<&str, io::Error> {
pub fn get_home_directory(&mut self) -> Result<String, io::Error> {
if self.passwd.is_none() {
self.try_resolve();
}
match &self.passwd {
Some(passwd) => Ok(passwd.pw_dir),
Some(passwd) => Ok(passwd.pw_dir.clone()),
None => Err(io::Error::new(io::ErrorKind::InvalidInput, "foo"))
}
}
......@@ -277,7 +259,7 @@ impl <'a>UserInfo<'a> {
// Determine home directory and override $HOME to make the XDG code return
// XDG directories for a different user
let user_home = self.get_home_directory()?;
env::set_var("HOME", user_home);
env::set_var("HOME", &user_home);
debug!("Home directory for UID {} is {}", uid, user_home);
}
......@@ -401,8 +383,12 @@ fn get_original_euid() -> uid_t {
}
lazy_static! {
static ref CACHE: Mutex<Cache> = Mutex::new(Cache::new());
/// Current context user
/// Needed because the PAM and NSS components might be used chained (if NSS
/// resolution is necessary to complete PAM authentication), and we need to
/// remember state between the calls.
static ref CONTEXT_USER: Mutex<UserInfo> = Mutex::new(UserInfo::new());
}
pub fn get_cache() -> MutexGuard<'static, Cache> {
CACHE.lock().unwrap()
pub fn get_context_user() -> MutexGuard<'static, UserInfo> {
CONTEXT_USER.lock().unwrap()
}
......@@ -18,7 +18,7 @@ use crate::config::{
get_optional,
};
use config::Config;
use crate::cache::get_cache;
use crate::cache::get_context_user;
use crate::logging::setup_log;
......@@ -53,8 +53,8 @@ fn nss_hook_prepare() -> Config {
// Set the context user to the current user, but only if not already set
// When doing PAM, we might get called back into by libc to do some NSS
// lookup, and we want to keep the PAM login user context in that case
if !get_cache().context_user.is_initialized() {
get_cache().context_user.set_current_user();
if !get_context_user().is_initialized() {
get_context_user().set_current_user();
}
return conf;
......@@ -67,8 +67,8 @@ impl PasswdHooks for OidcPasswd {
let conf = nss_hook_prepare();
info!("[NSS] passwd.get_all_entries called");
let mut cache = get_cache();
let user_token_res = cache.context_user.get_access_token();
let mut context_user = get_context_user();
let user_token_res = context_user.get_access_token();
// FIXME Implement caching of system token
let system_token_res = get_access_token_client(&conf, "nss", "", "");
let system_token_res = system_token_res.as_ref();
......@@ -100,8 +100,8 @@ impl PasswdHooks for OidcPasswd {
let conf = nss_hook_prepare();
info!("[NSS] passwd.get_entry_by_uid called for {}", uid);
let mut cache = get_cache();
let user_token_res = cache.context_user.get_access_token();
let mut context_user = get_context_user();
let user_token_res = context_user.get_access_token();
// FIXME Implement caching of system token
let system_token_res = get_access_token_client(&conf, "nss", "", "");
let system_token_res = system_token_res.as_ref();
......@@ -133,8 +133,8 @@ impl PasswdHooks for OidcPasswd {
let conf = nss_hook_prepare();
info!("[NSS] passwd.get_entry_by_name called for {}", name);
let mut cache = get_cache();
let user_token_res = cache.context_user.get_access_token();
let mut context_user = get_context_user();
let user_token_res = context_user.get_access_token();
// FIXME Implement caching of system token
let system_token_res = get_access_token_client(&conf, "nss", "", "");
let system_token_res = system_token_res.as_ref();
......
......@@ -24,7 +24,7 @@ use crate::oauth::get_access_token_password;
use crate::logging::setup_log;
use crate::cache::{get_cache, set_is_getpwnam_safe};
use crate::cache::{get_context_user, set_is_getpwnam_safe};
use pamsm::{PamServiceModule, Pam, PamFlag, PamError, PamLibExt};
......@@ -91,8 +91,8 @@ impl PamServiceModule for PamOidc {
Ok(t) => {
info!("Authenticated {} using Resource Owner Password Grant", username);
set_is_getpwnam_safe(false);
get_cache().context_user.set_username(username.to_string());
get_cache().context_user.set_access_token(t);
get_context_user().set_username(username.to_string());
get_context_user().set_access_token(t);
set_is_getpwnam_safe(true);
return PamError::SUCCESS;
},
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment