some fixes and additional features
This commit is contained in:
Ilya Sosnovsky
parent
43c0962f25
commit
4abbc1a308
2 changed files with 101 additions and 26 deletions
10
auth.sh
10
auth.sh
|
|
@ -1,5 +1,13 @@
|
||||||
#!/usr/bin/env sh
|
#!/usr/bin/env sh
|
||||||
|
|
||||||
|
PATH=$PATH:/usr/local/bin
|
||||||
set -e
|
set -e
|
||||||
|
auth_usr=$(head -1 $1)
|
||||||
|
auth_passwd=$(tail -1 $1)
|
||||||
|
|
||||||
openvpn-user auth --user $(head -1 $1) --password $(tail -1 $1)
|
if [ $common_name = ${auth_usr} ]; then
|
||||||
|
openvpn-user auth --user ${auth_usr} --password ${auth_passwd}
|
||||||
|
else
|
||||||
|
echo "Authorization failed"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
117
openvpn-user.go
117
openvpn-user.go
|
|
@ -10,11 +10,15 @@ import (
|
||||||
"text/tabwriter"
|
"text/tabwriter"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
const (
|
||||||
|
version = "1.0.3-alpha"
|
||||||
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
dbPath = kingpin.Flag("db.path", "path do openvpn-user db").Default("./openvpn-user.db").String()
|
dbPath = kingpin.Flag("db.path", "path do openvpn-user db").Default("./openvpn-user.db").String()
|
||||||
|
|
||||||
dbInitCommand = kingpin.Command("db-init", "Init db.")
|
dbInitCommand = kingpin.Command("db-init", "Init db.")
|
||||||
dbMigrateCommand = kingpin.Command("db-migrate", "STUB: Migrate db.")
|
dbMigrateCommand = kingpin.Command("db-migrate", "STUB: Migrate db.")
|
||||||
|
|
||||||
createCommand = kingpin.Command("create", "Create user.")
|
createCommand = kingpin.Command("create", "Create user.")
|
||||||
createCommandUserFlag = createCommand.Flag("user", "Username.").Required().String()
|
createCommandUserFlag = createCommand.Flag("user", "Username.").Required().String()
|
||||||
|
|
@ -32,8 +36,8 @@ var (
|
||||||
listCommand = kingpin.Command("list", "List active users.")
|
listCommand = kingpin.Command("list", "List active users.")
|
||||||
listAll = listCommand.Flag("all", "Show all users include revoked and deleted.").Default("false").Bool()
|
listAll = listCommand.Flag("all", "Show all users include revoked and deleted.").Default("false").Bool()
|
||||||
|
|
||||||
checkCommand = kingpin.Command("check", "check user existent.")
|
checkCommand = kingpin.Command("check", "check user existent.")
|
||||||
checkCommandUserFlag = checkCommand.Flag("user", "Username.").Required().String()
|
checkCommandUserFlag = checkCommand.Flag("user", "Username.").Required().String()
|
||||||
|
|
||||||
authCommand = kingpin.Command("auth", "Auth user.")
|
authCommand = kingpin.Command("auth", "Auth user.")
|
||||||
authCommandUserFlag = authCommand.Flag("user", "Username.").Required().String()
|
authCommandUserFlag = authCommand.Flag("user", "Username.").Required().String()
|
||||||
|
|
@ -43,17 +47,17 @@ var (
|
||||||
changePasswordCommandUserFlag = changePasswordCommand.Flag("user", "Username.").Required().String()
|
changePasswordCommandUserFlag = changePasswordCommand.Flag("user", "Username.").Required().String()
|
||||||
changePasswordCommandPasswordFlag = changePasswordCommand.Flag("password", "Password.").Required().String()
|
changePasswordCommandPasswordFlag = changePasswordCommand.Flag("password", "Password.").Required().String()
|
||||||
|
|
||||||
//debug = kingpin.Flag("debug", "Enable debug mode.").Default("false").Bool()
|
debug = kingpin.Flag("debug", "Enable debug mode.").Default("false").Bool()
|
||||||
//verbose = kingpin.Flag("verbose", "Enable verbose mode.").Default("false").Bool()
|
|
||||||
|
|
||||||
|
versionCommand = kingpin.Command("version", "Show version.")
|
||||||
)
|
)
|
||||||
|
|
||||||
type User struct {
|
type User struct {
|
||||||
id int64
|
id int64
|
||||||
name string
|
name string
|
||||||
password string
|
password string
|
||||||
revoked bool
|
revoked bool
|
||||||
deleted bool
|
deleted bool
|
||||||
}
|
}
|
||||||
|
|
||||||
func main() {
|
func main() {
|
||||||
|
|
@ -79,8 +83,13 @@ func main() {
|
||||||
initDb()
|
initDb()
|
||||||
case dbMigrateCommand.FullCommand():
|
case dbMigrateCommand.FullCommand():
|
||||||
migrateDb()
|
migrateDb()
|
||||||
|
case versionCommand.FullCommand():
|
||||||
|
showVersion()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
func showVersion() {
|
||||||
|
fmt.Printf("openvpn-user: version %s n", version)
|
||||||
|
}
|
||||||
|
|
||||||
func getDb() *sql.DB {
|
func getDb() *sql.DB {
|
||||||
db, err := sql.Open("sqlite3", *dbPath)
|
db, err := sql.Open("sqlite3", *dbPath)
|
||||||
|
|
@ -108,42 +117,97 @@ func createUser(username, password string) {
|
||||||
_, err := getDb().Exec("INSERT INTO users(username, password) VALUES ($1, $2)", username, string(hash))
|
_, err := getDb().Exec("INSERT INTO users(username, password) VALUES ($1, $2)", username, string(hash))
|
||||||
checkErr(err)
|
checkErr(err)
|
||||||
fmt.Printf("User %s created\n", username)
|
fmt.Printf("User %s created\n", username)
|
||||||
|
} else {
|
||||||
|
fmt.Printf("ERROR: User %s already registered\n", username)
|
||||||
|
os.Exit(1)
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func deleteUser(username string) {
|
func deleteUser(username string) {
|
||||||
_, err := getDb().Exec("UPDATE users SET deleted = 1 WHERE username = $1", username)
|
res, err := getDb().Exec("UPDATE users SET deleted = 1 WHERE username = $1", username)
|
||||||
checkErr(err)
|
checkErr(err)
|
||||||
fmt.Printf("User %s deleted\n", username)
|
if rowsAffected, rowsErr := res.RowsAffected(); rowsErr != nil {
|
||||||
|
if rowsAffected == 1 {
|
||||||
|
fmt.Printf("User %s deleted\n", username)
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
if *debug {
|
||||||
|
fmt.Printf("ERROR: due deleting user %s: %s\n", username, rowsErr)
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func revokedUser(username string) {
|
func revokedUser(username string) {
|
||||||
// TODO: ignore deleted user
|
if !userDeleted(username) {
|
||||||
_, err := getDb().Exec("UPDATE users SET revoked = 1 WHERE username = $1", username)
|
res, err := getDb().Exec("UPDATE users SET revoked = 1 WHERE username = $1", username)
|
||||||
checkErr(err)
|
checkErr(err)
|
||||||
fmt.Printf("User %s revoked\n", username)
|
if rowsAffected, rowsErr := res.RowsAffected(); rowsErr != nil {
|
||||||
|
if rowsAffected == 1 {
|
||||||
|
fmt.Printf("User %s revoked\n", username)
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
if *debug {
|
||||||
|
fmt.Printf("ERROR: due reoking user %s: %s\n", username, rowsErr)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func restoreUser(username string) {
|
func restoreUser(username string) {
|
||||||
// TODO: ignore deleted user
|
if !userDeleted(username) {
|
||||||
_, err := getDb().Exec("UPDATE users SET revoked = 0 WHERE username = $1", username)
|
res, err := getDb().Exec("UPDATE users SET revoked = 0 WHERE username = $1", username)
|
||||||
checkErr(err)
|
checkErr(err)
|
||||||
fmt.Printf("User %s restored\n", username)
|
if rowsAffected, rowsErr := res.RowsAffected(); rowsErr != nil {
|
||||||
|
if rowsAffected == 1 {
|
||||||
|
fmt.Printf("User %s restored\n", username)
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
if *debug {
|
||||||
|
fmt.Printf("ERROR: due restoring user %s: %s\n", username, rowsErr)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func checkUserExistent(username string) bool {
|
func checkUserExistent(username string) bool {
|
||||||
// we need to check if there is already such a user
|
// we need to check if there is already such a user
|
||||||
// return true if user exist
|
// return true if user exist
|
||||||
var c int
|
var c int
|
||||||
_ = getDb().QueryRow("SELECT count(*) FROM users WHERE username = $1", username).Scan(&c)
|
_ = getDb().QueryRow("SELECT count(*) FROM users WHERE username = $1", username).Scan(&c)
|
||||||
if c == 1 {
|
if c == 1 {
|
||||||
fmt.Printf("WARNING: User %s already registered\n", username)
|
fmt.Printf("User %s exist\n", username)
|
||||||
return true
|
return true
|
||||||
} else {
|
} else {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func userDeleted(username string) bool {
|
||||||
|
// return true if user marked as deleted
|
||||||
|
u := User{}
|
||||||
|
_ = getDb().QueryRow("SELECT * FROM users WHERE username = $1", username).Scan(&u)
|
||||||
|
if u.deleted {
|
||||||
|
fmt.Printf("User %s marked as deleted\n", username)
|
||||||
|
return true
|
||||||
|
} else {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func userIsActive(username string) bool {
|
||||||
|
// return true if user exist and not deleted and revoked
|
||||||
|
u := User{}
|
||||||
|
_ = getDb().QueryRow("SELECT * FROM users WHERE username = $1", username).Scan(&u)
|
||||||
|
if !u.revoked && !u.deleted {
|
||||||
|
fmt.Printf("User %s is active\n", username)
|
||||||
|
return true
|
||||||
|
} else {
|
||||||
|
fmt.Println("User may be deleted or revoked")
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
func listUsers() []User {
|
func listUsers() []User {
|
||||||
condition := "WHERE deleted = 0 AND revoked = 0"
|
condition := "WHERE deleted = 0 AND revoked = 0"
|
||||||
var users []User
|
var users []User
|
||||||
|
|
@ -189,20 +253,23 @@ func changeUserPassword(username, password string) {
|
||||||
fmt.Println("Password changed")
|
fmt.Println("Password changed")
|
||||||
}
|
}
|
||||||
|
|
||||||
func authUser(username, password string) {
|
func authUser(username, password string) {
|
||||||
|
|
||||||
row := getDb().QueryRow("select * from users where username = $1", username)
|
row := getDb().QueryRow("select * from users where username = $1", username)
|
||||||
u := User{}
|
u := User{}
|
||||||
err := row.Scan(&u.id, &u.name, &u.password, &u.revoked, &u.deleted)
|
err := row.Scan(&u.id, &u.name, &u.password, &u.revoked, &u.deleted)
|
||||||
checkErr(err)
|
checkErr(err)
|
||||||
|
|
||||||
if ! u.revoked && ! u.deleted {
|
if userIsActive(username) {
|
||||||
err = bcrypt.CompareHashAndPassword([]byte(u.password), []byte(password))
|
err = bcrypt.CompareHashAndPassword([]byte(u.password), []byte(password))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
fmt.Println("Passwords mismatched")
|
fmt.Println("Authorization failed")
|
||||||
|
if *debug {
|
||||||
|
fmt.Println("Passwords mismatched")
|
||||||
|
}
|
||||||
os.Exit(1)
|
os.Exit(1)
|
||||||
} else {
|
} else {
|
||||||
fmt.Println("Auth successful")
|
fmt.Println("Authorization successful")
|
||||||
os.Exit(0)
|
os.Exit(0)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue