Generate unique UIDs and GIDs #663
Conversation
adombeck
force-pushed
the
509-random-unique-ids
branch
3 times, most recently
from
cb2ba1b to
8e15caf
Compare
adombeck
force-pushed
the
509-random-unique-ids
branch
from
8e15caf to
745d7c6
Compare
|
rebased on main and resolved conflicts |
adombeck
force-pushed
the
509-random-unique-ids
branch
5 times, most recently
from
12c61bb to
75fe88c
Compare
|
I extracted the new code to handle temporary users and groups into a separate package and added some more tests. |
adombeck
force-pushed
the
509-random-unique-ids
branch
from
75fe88c to
0eb85a5
Compare
Should have been removed by 4fd03a4.
It seems to be unused since ddbba26.
Combine TestUserByID and TestUserByName, TestGroupByID and TestGroupByName, because the test bodies were identical (except for the called function).
* Remove obsolete tests: They were testing behavior which has changed. * Fix tests by using either predictable UIDs or replacing UIDs in golden files with placeholders (normalizing) * Limit number of pre-auth user records to avoid denial of service by sending many SSH requests for unique users to fill up the UID range. * Remove field UID from users.UserInfo struct because it's not set in internal/brokers/broker.go anymore and there is no need to expose this field. * Rename localgroups package to localentries because it now also provides functions for passwd entries. * Check for error when calling getpwent or getgrent
adombeck
force-pushed
the
509-random-unique-ids
branch
from
0eb85a5 to
e186eca
Compare
internal/users/manager_test.go
Outdated
|
|
||
| func TestMain(m *testing.M) { | ||
| log.SetLevel(log.DebugLevel) | ||
| os.Exit(m.Run()) |
There was a problem hiding this comment.
Just use m.Run() as per #691
internal/users/tempentries/groups.go
Outdated
| registerMutex: sync.Mutex{}, | ||
| rwMutex: sync.RWMutex{}, |
There was a problem hiding this comment.
We normally call them just Mu in the codebase here, so can shorten the suffixes
There was a problem hiding this comment.
Yeah, I've seen that. I thought rwMutex would be a bit easier to understand than rwMu, but I don't care much, so I'll change it.
internal/users/tempentries/groups.go
Outdated
| func (r *temporaryGroupRecords) groupEntry(group groupRecord) types.GroupEntry { | ||
| return types.GroupEntry{Name: group.name, GID: group.gid, Passwd: group.passwd} | ||
| } |
There was a problem hiding this comment.
Does this need to be part of temporaryGroupRecords?
internal/users/tempentries/groups.go
Outdated
| if cleanupErr := cleanup(); cleanupErr != nil { | ||
| err = errors.Join(err, cleanupErr) | ||
| } |
There was a problem hiding this comment.
Could it just be errors.Join(err, cleanup())?
There was a problem hiding this comment.
It could, but I would find that harder to read. When you read that, you need to know and remember that errors.Join ignores nil arguments.
| void unset_errno(void) { | ||
| errno = 0; | ||
| } | ||
|
|
||
| int get_errno(void) { | ||
| return errno; | ||
| } |
There was a problem hiding this comment.
Maybe this will fit better in the new errno.go file?
There was a problem hiding this comment.
When I try to move it:
diff --git a/internal/users/localentries/errno.go b/internal/users/localentries/errno.go
index 8f345f3c..1cbf30ba 100644
--- a/internal/users/localentries/errno.go
+++ b/internal/users/localentries/errno.go
@@ -2,4 +2,22 @@ package localentries
import "sync"
+/*
+#include <stdlib.h>
+#include <pwd.h>
+#include <grp.h>
+#include <errno.h>
+#include <string.h>
+
+void unset_errno(void) {
+ errno = 0;
+}
+
+int get_errno(void) {
+ return errno;
+}
+*/
+//#cgo LDFLAGS: -Wl,--allow-multiple-definition
+import "C"
+
var errnoMutex sync.Mutex
diff --git a/internal/users/localentries/getgrent_c.go b/internal/users/localentries/getgrent_c.go
index e99bc254..c4a5a8a2 100644
--- a/internal/users/localentries/getgrent_c.go
+++ b/internal/users/localentries/getgrent_c.go
@@ -7,16 +7,7 @@ package localentries
#include <stdlib.h>
#include <pwd.h>
#include <grp.h>
-#include <errno.h>
#include <string.h>
-
-void unset_errno(void) {
- errno = 0;
-}
-
-int get_errno(void) {
- return errno;
-}
*/
//#cgo LDFLAGS: -Wl,--allow-multiple-definition
import "C"
diff --git a/internal/users/localentries/getpwent_c.go b/internal/users/localentries/getpwent_c.go
index b635b474..aca04aed 100644
--- a/internal/users/localentries/getpwent_c.go
+++ b/internal/users/localentries/getpwent_c.go
@@ -7,16 +7,7 @@ package localentries
#include <stdlib.h>
#include <pwd.h>
#include <grp.h>
-#include <errno.h>
#include <string.h>
-
-void unset_errno(void) {
- errno = 0;
-}
-
-int get_errno(void) {
- return errno;
-}
*/
//#cgo LDFLAGS: -Wl,--allow-multiple-definition
import "C"then building the package fails:
go test ./internal/users/localentries/...
# github.com/ubuntu/authd/internal/users/localentries
internal/users/localentries/getgrent_c.go:94:30: could not determine kind of name for C.EBADF
internal/users/localentries/getgrent_c.go:40:15: could not determine kind of name for C.ENOENT
internal/users/localentries/getgrent_c.go:94:39: could not determine kind of name for C.EPERM
internal/users/localentries/getgrent_c.go:94:21: could not determine kind of name for C.ESRCH
internal/users/localentries/getgrent_c.go:37:12: could not determine kind of name for C.get_errno
internal/users/localentries/getgrent_c.go:34:2: could not determine kind of name for C.unset_errno
FAIL github.com/ubuntu/authd/internal/users/localentries [build failed]
FAIL github.com/ubuntu/authd/internal/users/localentries/testutils [build failed]
FAIL
There was a problem hiding this comment.
I've done some cleanups on this regards, please see commits at https://github.com/3v1n0/authd/commits/509-random-unique-ids/
There was a problem hiding this comment.
not sure if you get a notification, I have a question here
There was a problem hiding this comment.
Yeah, I think I did, however check the branch again as I've moved things to a more central place and added tests, in case we need to reuse it
|
|
||
| import "sync" | ||
|
|
||
| var errnoMutex sync.Mutex |
There was a problem hiding this comment.
| var errnoMutex sync.Mutex | |
| var errnoMu sync.Mutex |
| Passwd string | ||
| } | ||
|
|
||
| var getgrentMutex sync.Mutex |
There was a problem hiding this comment.
| var getgrentMutex sync.Mutex | |
| var getgrentMu sync.Mutex |
| Gecos string | ||
| } | ||
|
|
||
| var getpwentMutex sync.Mutex |
There was a problem hiding this comment.
| var getpwentMutex sync.Mutex | |
| var getpwentMu sync.Mutex |
| @@ -61,7 +61,7 @@ func (r *TemporaryRecords) UserByName(name string) (types.UserEntry, error) { | |||
| // | |||
| // Returns the generated UID and a cleanup function that should be called to remove the temporary user once the user was | |||
| // added to the database. | |||
| func (r *TemporaryRecords) RegisterUser(name string) (uid uint32, cleanup func() error, err error) { | |||
| func (r *TemporaryRecords) RegisterUser(name string) (uid uint32, cleanup func(), err error) { | |||
There was a problem hiding this comment.
Do we have a reason to have named values here (a part from clarity, that I agree is nice)?
As the cleanup can be a bit dangerous, since it's going to be set to nil by default, and calling it by mistake before being set, will lead to a crash without being caught before.
These changes have already partly been reviewed in https://github.com/canonical/authd-private/pull/9.
Closes #509
UDENG-5416
UDENG-4352