Add server implementation of basic auth

2025-08-12 03:49:19 +02:00 · 2022-08-24 13:47:26 +02:00 · 2022-08-24 13:47:26 +02:00 · fb58cb299e
commit fb58cb299e
parent 390f6acbcd
8 changed files with 157 additions and 53 deletions
--- a/cmd/auth/auth.go
+++ b/cmd/auth/auth.go
@ -1,38 +1,66 @@
 package main

 import (
+	"context"
 	"errors"
-	"github.com/golang/protobuf/proto"
-	ipc "github.com/james-barrow/golang-ipc"
+	"github.com/bolkedebruin/rdpgw/shared/auth"
 	"github.com/msteinert/pam"
 	"github.com/thought-machine/go-flags"
+	"google.golang.org/grpc"
 	"log"
+	"net"
+	"os"
+	"syscall"
+)
+
+const (
+	protocol = "unix"
 )

 var opts struct {
-	serviceName string `short:"s" long:"service" default:"rdpgw" description:"the PAM service name to use"`
+	ServiceName string `short:"n" long:"name" default:"rdpgw" description:"the PAM service name to use"`
+	SocketAddr  string `short:"s" long:"socket" default:"/tmp/rdpgw-auth.sock" description:"the location of the socket"`
 }

-func auth(service, user, passwd string) error {
-	t, err := pam.StartFunc(service, user, func(s pam.Style, msg string) (string, error) {
+type AuthServiceImpl struct {
+	serviceName string
+}
+
+var _ auth.AuthenticateServer = (*AuthServiceImpl)(nil)
+
+func NewAuthService(serviceName string) auth.AuthenticateServer {
+	s := &AuthServiceImpl{serviceName: serviceName}
+	return s
+}
+
+func (s *AuthServiceImpl) Authenticate(ctx context.Context, message *auth.UserPass) (*auth.AuthResponse, error) {
+	t, err := pam.StartFunc(s.serviceName, message.Username, func(s pam.Style, msg string) (string, error) {
 		switch s {
 		case pam.PromptEchoOff:
-			return passwd, nil
+			return message.Password, nil
 		case pam.PromptEchoOn, pam.ErrorMsg, pam.TextInfo:
 			return "", nil
 		}
 		return "", errors.New("unrecognized PAM message style")
 	})

+	r := &auth.AuthResponse{}
+	r.Authenticated = false
 	if err != nil {
-		return err
+		log.Printf("Error authenticating user: %s due to: %s", message.Username, err)
+		r.Error = err.Error()
+		return r, err
 	}

 	if err = t.Authenticate(0); err != nil {
-		return err
+		log.Printf("Authentication for user: %s failed due to: %s", message.Username, err)
+		r.Error = err.Error()
+		return r, nil
 	}

-	return nil
+	log.Printf("User: %s authenticated", message.Username)
+	r.Authenticated = true
+	return r, nil
 }

 func main() {
@ -41,32 +69,24 @@ func main() {
 		panic(err)
 	}

-	config := &ipc.ServerConfig{UnmaskPermissions: true}
-	sc, err := ipc.StartServer("rdpgw-auth", config)
-	for {
-		msg, err := sc.Read()
-		if err != nil {
-			log.Printf("server error, %s", err)
-			continue
-		}
-		if msg.MsgType > 0 {
-			req := &UserPass{}
-			if err = proto.Unmarshal(msg.Data, req); err != nil {
-				log.Printf("cannot unmarshal request %s", string(msg.Data))
-				continue
-			}
-			err := auth(opts.serviceName, req.Username, req.Password)
-			if err != nil {
-				res := &Response{Status: "cannot authenticate"}
-				out, err := proto.Marshal(res)
-				if err != nil {
-					log.Fatalf("cannot marshal response due to %s", err)
-				}
-				sc.Write(1, out)
+	log.Printf("Starting auth server on %s", opts.SocketAddr)
+	cleanup := func() {
+		if _, err := os.Stat(opts.SocketAddr); err == nil {
+			if err := os.RemoveAll(opts.SocketAddr); err != nil {
+				log.Fatal(err)
 			}
 		}
 	}
+	cleanup()
+
+	oldUmask := syscall.Umask(0)
+	listener, err := net.Listen(protocol, opts.SocketAddr)
+	syscall.Umask(oldUmask)
 	if err != nil {
-		log.Printf("cannot authenticate due to %s", err)
+		log.Fatal(err)
 	}
+	server := grpc.NewServer()
+	service := NewAuthService(opts.ServiceName)
+	auth.RegisterAuthenticateServer(server, service)
+	server.Serve(listener)
 }