Skip to content

Commit 26d7632

Browse files
FusionFusion
committed
Initial commit
1 parent 9b5317c commit 26d7632

File tree

5 files changed

+365
-1
lines changed

5 files changed

+365
-1
lines changed

Makefile

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
# Note: to make a plugin compatible with a binary built in debug mode, add `-gcflags='all=-N -l'`
2+
3+
PLUGIN_OS ?= linux
4+
PLUGIN_ARCH ?= amd64
5+
6+
plugin_postgres: bin/$(PLUGIN_OS)$(PLUGIN_ARCH)/postgres.so
7+
8+
bin/$(PLUGIN_OS)$(PLUGIN_ARCH)/postgres.so: pkg/plugins/glauth-postgres/postgres.go
9+
GOOS=$(PLUGIN_OS) GOARCH=$(PLUGIN_ARCH) go build ${TRIM_FLAGS} -ldflags "${BUILD_VARS}" -buildmode=plugin -o $@ $^
10+
11+
plugin_postgres_linux_amd64:
12+
PLUGIN_OS=linux PLUGIN_ARCH=amd64 make plugin_postgres
13+
14+
plugin_postgres_linux_arm64:
15+
PLUGIN_OS=linux PLUGIN_ARCH=arm64 make plugin_postgres
16+
17+
plugin_postgres_darwin_amd64:
18+
PLUGIN_OS=darwin PLUGIN_ARCH=amd64 make plugin_postgres
19+
20+
plugin_postgres_darwin_arm64:
21+
PLUGIN_OS=darwin PLUGIN_ARCH=arm64 make plugin_postgres

README.md

Lines changed: 184 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1,184 @@
1-
# glauth-postgres
1+
# GLAuth Plugin
2+
3+
This is a GLAuth plugin; that is, a backend that are not compiled in GLAuth by default.
4+
5+
To quote 'Butonic' (Jörn Friedrich Dreyer):
6+
7+
> Just keep the 'lightweight' in mind.
8+
9+
To build either back-end, type
10+
```
11+
make plugin_name
12+
```
13+
where 'name' is the plugin's name; so, for instance: `make plugin_sqlite`
14+
15+
To build back-ends for specific architectures, specify `PLUGIN_OS` and `PLUGIN_ARCH` --
16+
For instance, to build the sqlite plugin for the new Mac M1s:
17+
```
18+
make plugin_sqlite PLUGIN_OS=darwin PLUGIN_ARCH=arm64
19+
```
20+
21+
## Database Plugins
22+
23+
To use a database plugin, edit the configuration file (see pkg/plugins/sample-database.cfg) so that:
24+
25+
```
26+
...
27+
[backend]
28+
datastore = "plugin"
29+
plugin = "dynamic library you created using the previous 'make' command"
30+
database = "database connection string"
31+
...
32+
```
33+
so, let's say you built the 'sqlite' plugin, you would now specify its library: `database = sqlite.so`
34+
35+
### SQLite, MySQL, Postgres
36+
37+
Tables:
38+
- users, groups are self-explanatory
39+
- includegroups store the 'includegroups' relationships
40+
- othergroups, on the other hand, are a comma-separated list found in the users table (performance)
41+
42+
Here is how to insert example data using your database's REPL (more detailed information can be found in pkg/plugins/sample-database.cfg)
43+
44+
```sql
45+
INSERT INTO groups(name, gidnumber) VALUES('superheros', 5501);
46+
INSERT INTO groups(name, gidnumber) VALUES('svcaccts', 5502);
47+
INSERT INTO groups(name, gidnumber) VALUES('civilians', 5503);
48+
INSERT INTO groups(name, gidnumber) VALUES('caped', 5504);
49+
INSERT INTO groups(name, gidnumber) VALUES('lovesailing', 5505);
50+
INSERT INTO groups(name, gidnumber) VALUES('smoker', 5506);
51+
INSERT INTO includegroups(parentgroupid, includegroupid) VALUES(5503, 5501);
52+
INSERT INTO includegroups(parentgroupid, includegroupid) VALUES(5504, 5502);
53+
INSERT INTO includegroups(parentgroupid, includegroupid) VALUES(5504, 5501);
54+
INSERT INTO users(name, uidnumber, primarygroup, passsha256) VALUES('hackers', 5001, 5501, '6478579e37aff45f013e14eeb30b3cc56c72ccdc310123bcdf53e0333e3f416a');
55+
INSERT INTO users(name, uidnumber, primarygroup, passsha256) VALUES('johndoe', 5002, 5502, '6478579e37aff45f013e14eeb30b3cc56c72ccdc310123bcdf53e0333e3f416a');
56+
INSERT INTO users(name, mail, uidnumber, primarygroup, passsha256) VALUES('serviceuser', "serviceuser@example.com", 5003, 5502, '652c7dc687d98c9889304ed2e408c74b611e86a40caa51c4b43f1dd5913c5cd0');
57+
INSERT INTO users(name, uidnumber, primarygroup, passsha256, othergroups, custattr) VALUES('user4', 5004, 5504, '652c7dc687d98c9889304ed2e408c74b611e86a40caa51c4b43f1dd5913c5cd0', '5505,5506', '{"employeetype":["Intern","Temp"],"employeenumber":[12345,54321]}');
58+
INSERT INTO capabilities(userid, action, object) VALUES(5001, "search", "ou=superheros,dc=glauth,dc=com");
59+
INSERT INTO capabilities(userid, action, object) VALUES(5003, "search", "*");
60+
```
61+
This should be equivalent to this configuration:
62+
```text
63+
[[users]]
64+
name = "hackers"
65+
uidnumber = 5001
66+
primarygroup = 5501
67+
passsha256 = "6478579e37aff45f013e14eeb30b3cc56c72ccdc310123bcdf53e0333e3f416a" # dogood
68+
[[users.capabilities]]
69+
action = "search"
70+
object = "ou=superheros,dc=glauth,dc=com"
71+
72+
[[users]]
73+
name = "johndoe"
74+
uidnumber = 5002
75+
primarygroup = 5502
76+
passsha256 = "6478579e37aff45f013e14eeb30b3cc56c72ccdc310123bcdf53e0333e3f416a" # dogood
77+
78+
[[users]]
79+
name = "serviceuser"
80+
mail = "serviceuser@example.com"
81+
uidnumber = 5003
82+
passsha256 = "652c7dc687d98c9889304ed2e408c74b611e86a40caa51c4b43f1dd5913c5cd0" # mysecret
83+
primarygroup = 5502
84+
[[users.capabilities]]
85+
action = "search"
86+
object = "*"
87+
88+
[[users]]
89+
name = "user4"
90+
uidnumber = 5003
91+
primarygroup = 5504
92+
othergroups = [5505, 5506]
93+
passsha256 = "652c7dc687d98c9889304ed2e408c74b611e86a40caa51c4b43f1dd5913c5cd0" # mysecret
94+
[[users.customattributes]]
95+
employeetype = ["Intern", "Temp"]
96+
employeenumber = [12345, 54321]
97+
98+
[[groups]]
99+
name = "superheros"
100+
gidnumber = 5501
101+
102+
[[groups]]
103+
name = "svcaccts"
104+
gidnumber = 5502
105+
106+
[[groups]]
107+
name = "civilians"
108+
gidnumber = 5503
109+
includegroups = [ 5501 ]
110+
111+
[[groups]]
112+
name = "caped"
113+
gidnumber = 5504
114+
includegroups = [ 5502, 5501 ]
115+
```
116+
and LDAP should return these `memberOf` values:
117+
```text
118+
uid: hackers
119+
ou: superheros
120+
memberOf: cn=caped,ou=groups,dc=militate,dc=com
121+
memberOf: cn=civilians,ou=groups,dc=militate,dc=com
122+
memberOf: cn=superheros,ou=groups,dc=militate,dc=com
123+
124+
uid: johndoe
125+
ou: svcaccts
126+
memberOf: cn=caped,ou=groups,dc=militate,dc=com
127+
memberOf: cn=svcaccts,ou=groups,dc=militate,dc=com
128+
129+
uid: serviceuser
130+
ou: caped
131+
memberOf: cn=caped,ou=groups,dc=militate,dc=com
132+
133+
uid: user4
134+
ou: caped
135+
memberOf: cn=caped,ou=groups,dc=militate,dc=com
136+
memberOf: cn=lovesailing,ou=groups,dc=militate,dc=com
137+
memberOf: cn=smoker,ou=groups,dc=militate,dc=com
138+
```
139+
If you have the ldap client package installed, this can be easily confirmed by running
140+
```
141+
ldapsearch -H ldap://localhost:3893 -D cn=hackers,ou=superheros,dc=glauth,dc=com -w dogood -x -bdc=glauth,dc=com cn=hackers
142+
```
143+
and so on.
144+
145+
146+
### Discussion: database schema
147+
148+
While GLAuth is not meant to support millions of user accounts, some decent performance is still expected! In fact, when searching through records using a database query, we should see a performance of O(log n) as opposed to, when searching through a flat config, O(n).
149+
150+
While it would be friendlier to offer related attributes in `join`ed tables, we may end up re-creating a "browse" scenario unintentionally.
151+
152+
For instance, when retrieving custom attributes, we could go through an attribute table: `custattr[userid, attribute, value#n]`
153+
154+
However, this means that a `join` statement between the account table and the custom attribute table would yield the cartesian product of each account x attributes; we would need to iterate through the results and collate them.
155+
156+
Alternatively, in Postgres and MySQL, we could rely on the database engine's built-in support for `crosstab` which pivots the second table's results into corresponding columns. This would not be supported in SQLite and would also mean building pretty nasty execution plans.
157+
158+
**So, what's the decision?**
159+
160+
In GLAuth 2.x, when including information that does not benefit from being normalized (e.g. custom attributes) we are following the "nosql" trend (irony!) of storing this data in a JSON structure.
161+
162+
## PAM Plugin
163+
164+
To authenticate against local users, edit the configuration file (see pkg/plugins/sample-pam.cfg) so that:
165+
166+
```
167+
...
168+
[backend]
169+
datastore = "plugin"
170+
plugin = "bin/pam.so"
171+
...
172+
```
173+
174+
When building this plugin, one must first ensure that the proper development headers are installed. For instance, on Ubuntu:
175+
```
176+
sudo apt-get install libpam0g-dev
177+
```
178+
179+
You will likely also wish to tweak the `groupWithSearchCapability` setting, to assign an appropriate secondary group.
180+
181+
Then, to perform a search:
182+
```
183+
ldapsearch -LLL -H ldap://localhost:3893 -D cn=<unix user name>,ou=<a group the user belongs to>,dc=glauth,dc=com -w <unix user password> -x -bdc=glauth,dc=com cn=<unix user name>
184+
```

go.mod

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
module github.com/glauth/glauth-sqlite
2+
3+
go 1.18
4+
5+
require (
6+
github.com/glauth/glauth/v2 v2.1.0
7+
github.com/lib/pq v1.10.7
8+
)
9+
10+
require (
11+
github.com/GeertJohan/yubigo v0.0.0-20190917122436-175bc097e60e // indirect
12+
github.com/boombuler/barcode v1.0.1 // indirect
13+
github.com/go-logr/logr v0.4.0 // indirect
14+
github.com/go-sql-driver/mysql v1.5.0 // indirect
15+
github.com/mattn/go-sqlite3 v1.14.6 // indirect
16+
github.com/nmcclain/asn1-ber v0.0.0-20170104154839-2661553a0484 // indirect
17+
github.com/nmcclain/ldap v0.0.0-20210720162743-7f8d1e44eeba // indirect
18+
github.com/pquerna/otp v1.3.0 // indirect
19+
github.com/yaegashi/msgraph.go v0.1.1-0.20200221123608-2d438cf2a7cc // indirect
20+
golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97 // indirect
21+
)

go.sum

Lines changed: 70 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,70 @@
1+
cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
2+
github.com/GeertJohan/yubigo v0.0.0-20190917122436-175bc097e60e h1:Bqtt5C+uVk+vH/t5dmB47uDCTwxw16EYHqvJnmY2aQc=
3+
github.com/GeertJohan/yubigo v0.0.0-20190917122436-175bc097e60e/go.mod h1:njRCDrl+1RQ/A/+KVU8Ho2EWAxUSkohOWczdW3dzDG0=
4+
github.com/arl/statsviz v0.4.0/go.mod h1:+5inUy/dxy11x/KSmicG3ZrEEy0Yr81AFm3dn4QC04M=
5+
github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
6+
github.com/boombuler/barcode v1.0.1 h1:NDBbPmhS+EqABEs5Kg3n/5ZNjy73Pz7SIV+KCeqyXcs=
7+
github.com/boombuler/barcode v1.0.1/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
8+
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
9+
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
10+
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
11+
github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
12+
github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
13+
github.com/glauth/glauth/v2 v2.1.0 h1:zPSX9XGqZUCG7h3y59YSRb/92oN0V+yclyYNn1XBuJQ=
14+
github.com/glauth/glauth/v2 v2.1.0/go.mod h1:Ygm93he/PmVvg2IbJRivdVs+6UwJPsMvWTen5+vJlrE=
15+
github.com/go-logr/logr v0.4.0 h1:K7/B1jt6fIBQVd4Owv2MqGQClcgf0R266+7C/QjRcLc=
16+
github.com/go-logr/logr v0.4.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
17+
github.com/go-sql-driver/mysql v1.5.0 h1:ozyZYNQW3x3HtqT1jira07DN2PArx2v7/mN66gGcHOs=
18+
github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
19+
github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
20+
github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
21+
github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
22+
github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
23+
github.com/hydronica/toml v0.4.2/go.mod h1:c7QhbYq3Wp9SlOWuG7MAieKUyXP2P/hXhy/YqWfbS/4=
24+
github.com/jinzhu/copier v0.0.0-20190924061706-b57f9002281a/go.mod h1:yL958EeXv8Ylng6IfnvG4oflryUi3vgA3xPs9hmII1s=
25+
github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
26+
github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
27+
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
28+
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
29+
github.com/lib/pq v1.10.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
30+
github.com/lib/pq v1.10.7 h1:p7ZhMD+KsSRozJr34udlUrhboJwWAgCg34+/ZZNvZZw=
31+
github.com/lib/pq v1.10.7/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
32+
github.com/mattn/go-sqlite3 v1.14.6 h1:dNPt6NO46WmLVt2DLNpwczCmdV5boIZ6g/tlDrlRUbg=
33+
github.com/mattn/go-sqlite3 v1.14.6/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
34+
github.com/nmcclain/asn1-ber v0.0.0-20170104154839-2661553a0484 h1:D9EvfGQvlkKaDr2CRKN++7HbSXbefUNDrPq60T+g24s=
35+
github.com/nmcclain/asn1-ber v0.0.0-20170104154839-2661553a0484/go.mod h1:O1EljZ+oHprtxDDPHiMWVo/5dBT6PlvWX5PSwj80aBA=
36+
github.com/nmcclain/ldap v0.0.0-20210720162743-7f8d1e44eeba h1:DO8NFYdcRv1dnyAINJIBm6Bw2XibtLvQniNFGzf2W8E=
37+
github.com/nmcclain/ldap v0.0.0-20210720162743-7f8d1e44eeba/go.mod h1:4S0XndRL8HNOaQBfdViJ2F/GPCgL524xlXRuXFH12/U=
38+
github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk=
39+
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
40+
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
41+
github.com/pquerna/otp v1.3.0 h1:oJV/SkzR33anKXwQU3Of42rL4wbrffP4uvUf1SvS5Xs=
42+
github.com/pquerna/otp v1.3.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1AEg=
43+
github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
44+
github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
45+
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
46+
github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0Q=
47+
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
48+
github.com/yaegashi/msgraph.go v0.1.1-0.20200221123608-2d438cf2a7cc h1:ejaC8rvIvCWmsaFrvmGOxhBuMxxhBB1xRshuM98XQ7M=
49+
github.com/yaegashi/msgraph.go v0.1.1-0.20200221123608-2d438cf2a7cc/go.mod h1:tso14hwzqX4VbnWTNsxiL0DvMb2OwbGISFA7jDibdWc=
50+
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
51+
golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97 h1:/UOmuWzQfxxo9UtlXMwuQU8CMgg1eZXqTRwkSQJWKOI=
52+
golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
53+
golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
54+
golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
55+
golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
56+
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
57+
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
58+
golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
59+
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
60+
golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
61+
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
62+
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
63+
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
64+
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
65+
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
66+
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
67+
golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
68+
google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
69+
gopkg.in/amz.v3 v3.0.0-20201001071545-24fc1eceb27b/go.mod h1:cE0dCGx2UfBTjLFlzEx4EXJUmoX6BXBoX9GjKOvqha4=
70+
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=

postgres.go

Lines changed: 69 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,69 @@
1+
package main
2+
3+
import (
4+
"database/sql"
5+
6+
_ "github.com/lib/pq"
7+
8+
"github.com/glauth/glauth/v2/pkg/plugins"
9+
"github.com/glauth/glauth/v2/pkg/handler"
10+
)
11+
12+
type PostgresBackend struct {
13+
}
14+
15+
func NewPostgresHandler(opts ...handler.Option) handler.Handler {
16+
backend := PostgresBackend{}
17+
return plugins.NewDatabaseHandler(backend, opts...)
18+
}
19+
20+
func (b PostgresBackend) GetDriverName() string {
21+
return "postgres"
22+
}
23+
24+
func (b PostgresBackend) GetPrepareSymbol() string {
25+
return "$1"
26+
}
27+
28+
// Create db/schema if necessary
29+
func (b PostgresBackend) CreateSchema(db *sql.DB) {
30+
statement, _ := db.Prepare(`
31+
CREATE TABLE IF NOT EXISTS users (
32+
id SERIAL PRIMARY KEY,
33+
name TEXT NOT NULL,
34+
uidnumber INTEGER NOT NULL,
35+
primarygroup INTEGER NOT NULL,
36+
othergroups TEXT DEFAULT '',
37+
givenname TEXT DEFAULT '',
38+
sn TEXT DEFAULT '',
39+
mail TEXT DEFAULT '',
40+
loginshell TEXT DEFAULT '',
41+
homedirectory TEXT DEFAULT '',
42+
disabled SMALLINT DEFAULT 0,
43+
passsha256 TEXT DEFAULT '',
44+
passbcrypt TEXT DEFAULT '',
45+
otpsecret TEXT DEFAULT '',
46+
yubikey TEXT DEFAULT '',
47+
sshkeys TEXT DEFAULT '',
48+
custattr TEXT DEFAULT '{}')
49+
`)
50+
statement.Exec()
51+
statement, _ = db.Prepare("CREATE UNIQUE INDEX IF NOT EXISTS idx_user_name on users(name)")
52+
statement.Exec()
53+
statement, _ = db.Prepare("CREATE TABLE IF NOT EXISTS groups (id SERIAL PRIMARY KEY, name TEXT NOT NULL, gidnumber INTEGER NOT NULL)")
54+
statement.Exec()
55+
statement, _ = db.Prepare("CREATE UNIQUE INDEX IF NOT EXISTS idx_group_name on groups(name)")
56+
statement.Exec()
57+
statement, _ = db.Prepare("CREATE TABLE IF NOT EXISTS includegroups (id SERIAL PRIMARY KEY, parentgroupid INTEGER NOT NULL, includegroupid INTEGER NOT NULL)")
58+
statement.Exec()
59+
statement, _ = db.Prepare("CREATE TABLE IF NOT EXISTS capabilities (id SERIAL PRIMARY KEY, userid INTEGER NOT NULL, action TEXT NOT NULL, object TEXT NOT NULL)")
60+
statement.Exec()
61+
}
62+
63+
// Migrate schema if necessary
64+
func (b PostgresBackend) MigrateSchema(db *sql.DB, checker func(*sql.DB, string) bool) {
65+
if !checker(db, "sshkeys") {
66+
statement, _ := db.Prepare("ALTER TABLE users ADD COLUMN sshkeys TEXT DEFAULT ''")
67+
statement.Exec()
68+
}
69+
}

0 commit comments

Comments
 (0)