Mirror/k3s
1
0
Fork 0
mirror of https://github.com/k3s-io/k3s.git synced 2024-06-07 19:41:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
f3a0248a03
k3s/pkg/passwd/passwd.go

157 lines
2.6 KiB
Go
Raw Normal View History

Refactor tokens, bootstrap, and cli args
2019-10-27 05:53:25 +00:00
package passwd
import (
"encoding/csv"
"fmt"
"io"
"os"
"strings"
"github.com/rancher/k3s/pkg/token"
get build on windows and get api_server to work
2020-02-22 18:39:33 +00:00
"github.com/rancher/k3s/pkg/util"
Refactor tokens, bootstrap, and cli args
2019-10-27 05:53:25 +00:00
)
type entry struct {
pass string
role string
}
type Passwd struct {
changed bool
names map[string]entry
}
func Read(file string) (*Passwd, error) {
result := &Passwd{
names: map[string]entry{},
}
f, err := os.Open(file)
if err != nil {
if os.IsNotExist(err) {
return result, nil
}
return nil, err
}
defer f.Close()
reader := csv.NewReader(f)
reader.FieldsPerRecord = -1
for {
record, err := reader.Read()
if err == io.EOF {
break
}
if err != nil {
return nil, err
}
Fix node-passwd on upgrade missing 3 columns
2019-11-05 09:35:16 +00:00
if len(record) < 2 {
return nil, fmt.Errorf("password file '%s' must have at least 2 columns (password, name), found %d", file, len(record))
Refactor tokens, bootstrap, and cli args
2019-10-27 05:53:25 +00:00
}
e := entry{
pass: record[0],
}
if len(record) > 3 {
e.role = record[3]
}
result.names[record[1]] = e
}
return result, nil
}
func (p *Passwd) Check(name, pass string) (matches bool, exists bool) {
e, ok := p.names[name]
if !ok {
return false, false
}
return e.pass == pass, true
}
func (p *Passwd) EnsureUser(name, role, passwd string) error {
tokenPrefix := "::" + name + ":"
idx := strings.Index(passwd, tokenPrefix)
if idx > 0 && strings.HasPrefix(passwd, "K10") {
passwd = passwd[idx+len(tokenPrefix):]
}
if e, ok := p.names[name]; ok {
if passwd != "" && e.pass != passwd {
p.changed = true
e.pass = passwd
}
if e.role != role {
p.changed = true
e.role = role
}
p.names[name] = e
return nil
}
if passwd == "" {
token, err := token.Random(16)
if err != nil {
return err
}
passwd = token
}
p.changed = true
p.names[name] = entry{
pass: passwd,
role: role,
}
return nil
}
func (p *Passwd) Pass(name string) (string, bool) {
e, ok := p.names[name]
if !ok {
return "", false
}
return e.pass, true
}
func (p *Passwd) Write(passwdFile string) error {
if !p.changed {
return nil
}
var records [][]string
for name, e := range p.names {
records = append(records, []string{
e.pass,
name,
name,
e.role,
})
}
return writePasswords(passwdFile, records)
}
func writePasswords(passwdFile string, records [][]string) error {
do not rename inuse files
2020-02-22 06:45:05 +00:00
err := func() error {
// ensure to close tmp file before rename for filesystems like NTFS
out, err := os.Create(passwdFile + ".tmp")
if err != nil {
return err
}
defer out.Close()
Refactor tokens, bootstrap, and cli args
2019-10-27 05:53:25 +00:00
get build on windows and get api_server to work
2020-02-22 18:39:33 +00:00
if err := util.SetFileModeForFile(out, 0600); err != nil {
do not rename inuse files
2020-02-22 06:45:05 +00:00
return err
}
Refactor tokens, bootstrap, and cli args
2019-10-27 05:53:25 +00:00
do not rename inuse files
2020-02-22 06:45:05 +00:00
return csv.NewWriter(out).WriteAll(records)
}()
if err != nil {
Refactor tokens, bootstrap, and cli args
2019-10-27 05:53:25 +00:00
return err
}
return os.Rename(passwdFile+".tmp", passwdFile)
}
Reference in New Issue Copy Permalink