1
0
Fork 0
mirror of synced 2024-11-22 00:55:34 -05:00

some fixes and additional features

This commit is contained in:
Ilya Sosnovsky 2021-02-08 12:53:09 +03:00
parent 43c0962f25
commit 4abbc1a308
2 changed files with 101 additions and 26 deletions

10
auth.sh
View file

@ -1,5 +1,13 @@
#!/usr/bin/env sh
PATH=$PATH:/usr/local/bin
set -e
auth_usr=$(head -1 $1)
auth_passwd=$(tail -1 $1)
openvpn-user auth --user $(head -1 $1) --password $(tail -1 $1)
if [ $common_name = ${auth_usr} ]; then
openvpn-user auth --user ${auth_usr} --password ${auth_passwd}
else
echo "Authorization failed"
exit 1
fi

View file

@ -10,6 +10,10 @@ import (
"text/tabwriter"
)
const (
version = "1.0.3-alpha"
)
var (
dbPath = kingpin.Flag("db.path", "path do openvpn-user db").Default("./openvpn-user.db").String()
@ -43,9 +47,9 @@ var (
changePasswordCommandUserFlag = changePasswordCommand.Flag("user", "Username.").Required().String()
changePasswordCommandPasswordFlag = changePasswordCommand.Flag("password", "Password.").Required().String()
//debug = kingpin.Flag("debug", "Enable debug mode.").Default("false").Bool()
//verbose = kingpin.Flag("verbose", "Enable verbose mode.").Default("false").Bool()
debug = kingpin.Flag("debug", "Enable debug mode.").Default("false").Bool()
versionCommand = kingpin.Command("version", "Show version.")
)
type User struct {
@ -79,8 +83,13 @@ func main() {
initDb()
case dbMigrateCommand.FullCommand():
migrateDb()
case versionCommand.FullCommand():
showVersion()
}
}
func showVersion() {
fmt.Printf("openvpn-user: version %s n", version)
}
func getDb() *sql.DB {
db, err := sql.Open("sqlite3", *dbPath)
@ -108,28 +117,58 @@ func createUser(username, password string) {
_, err := getDb().Exec("INSERT INTO users(username, password) VALUES ($1, $2)", username, string(hash))
checkErr(err)
fmt.Printf("User %s created\n", username)
} else {
fmt.Printf("ERROR: User %s already registered\n", username)
os.Exit(1)
}
}
func deleteUser(username string) {
_, err := getDb().Exec("UPDATE users SET deleted = 1 WHERE username = $1", username)
res, err := getDb().Exec("UPDATE users SET deleted = 1 WHERE username = $1", username)
checkErr(err)
if rowsAffected, rowsErr := res.RowsAffected(); rowsErr != nil {
if rowsAffected == 1 {
fmt.Printf("User %s deleted\n", username)
}
} else {
if *debug {
fmt.Printf("ERROR: due deleting user %s: %s\n", username, rowsErr)
}
}
}
func revokedUser(username string) {
// TODO: ignore deleted user
_, err := getDb().Exec("UPDATE users SET revoked = 1 WHERE username = $1", username)
if !userDeleted(username) {
res, err := getDb().Exec("UPDATE users SET revoked = 1 WHERE username = $1", username)
checkErr(err)
if rowsAffected, rowsErr := res.RowsAffected(); rowsErr != nil {
if rowsAffected == 1 {
fmt.Printf("User %s revoked\n", username)
}
} else {
if *debug {
fmt.Printf("ERROR: due reoking user %s: %s\n", username, rowsErr)
}
}
}
}
func restoreUser(username string) {
// TODO: ignore deleted user
_, err := getDb().Exec("UPDATE users SET revoked = 0 WHERE username = $1", username)
if !userDeleted(username) {
res, err := getDb().Exec("UPDATE users SET revoked = 0 WHERE username = $1", username)
checkErr(err)
if rowsAffected, rowsErr := res.RowsAffected(); rowsErr != nil {
if rowsAffected == 1 {
fmt.Printf("User %s restored\n", username)
}
} else {
if *debug {
fmt.Printf("ERROR: due restoring user %s: %s\n", username, rowsErr)
}
}
}
}
func checkUserExistent(username string) bool {
// we need to check if there is already such a user
@ -137,13 +176,38 @@ func checkUserExistent(username string) bool {
var c int
_ = getDb().QueryRow("SELECT count(*) FROM users WHERE username = $1", username).Scan(&c)
if c == 1 {
fmt.Printf("WARNING: User %s already registered\n", username)
fmt.Printf("User %s exist\n", username)
return true
} else {
return false
}
}
func userDeleted(username string) bool {
// return true if user marked as deleted
u := User{}
_ = getDb().QueryRow("SELECT * FROM users WHERE username = $1", username).Scan(&u)
if u.deleted {
fmt.Printf("User %s marked as deleted\n", username)
return true
} else {
return false
}
}
func userIsActive(username string) bool {
// return true if user exist and not deleted and revoked
u := User{}
_ = getDb().QueryRow("SELECT * FROM users WHERE username = $1", username).Scan(&u)
if !u.revoked && !u.deleted {
fmt.Printf("User %s is active\n", username)
return true
} else {
fmt.Println("User may be deleted or revoked")
return false
}
}
func listUsers() []User {
condition := "WHERE deleted = 0 AND revoked = 0"
var users []User
@ -196,13 +260,16 @@ func authUser(username, password string) {
err := row.Scan(&u.id, &u.name, &u.password, &u.revoked, &u.deleted)
checkErr(err)
if ! u.revoked && ! u.deleted {
if userIsActive(username) {
err = bcrypt.CompareHashAndPassword([]byte(u.password), []byte(password))
if err != nil {
fmt.Println("Authorization failed")
if *debug {
fmt.Println("Passwords mismatched")
}
os.Exit(1)
} else {
fmt.Println("Auth successful")
fmt.Println("Authorization successful")
os.Exit(0)
}
}