Go implementation of nslcd

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Luke Shumaker <lukeshu [at] sbcglobal.net>
To: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: Go implementation of nslcd
Date: Wed, 13 Jul 2016 22:21:56 -0400

Well, kind of.  Only the nslcd-protocol side, not the LDAP side.

I've generally found that if you need to write a custom authentication
"plug-in" for something, the easiest thing to do is to grab the LDAP
"plug-in", and gut the LDAP code, replacing it with your stuff.

This ended up being true-ish for NSS/PAM as well!  At first I tried to
hack up nslcd, but it was just too hard.  The LDAP permeated through
the code deeply, and it was hard to change.

Then I looked at pynslcd.  I just wasn't... comfortable with it.  I
wanted more... checks when "compiling".  At the end of the day, I
think typechecking is helpful.  (But, it is what made me think that
other people might be interested in my Go implementation)

By that point, I realized that the nslcd protocol was pretty simple,
and decided to write a Go implementation.

The nslcd protocol part I packaged into a very simple-to-use library:

    https://lukeshu.com/git/go/libnslcd/

    go get lukeshu.com/git/go/libnslcd.git

It even includes a simple stub for implementing a systemd-style
socket-activated service:

    import (
        "os"
        nslcd_systemd "lukeshu.com/git/go/libnslcd.git/systemd"
    )
    
    func main() {
        backend := ...;
        os.Exit(int(nslcd_systemd.Main(backend)))
    }

So literally everything is taken care of for you except for writing
the backend, which implements the
"lukeshu.com/git/go/libnslcd/tree/proto/server".Backend interface.
You can even inherit from .NilBackend, and only implement the methods
interesting to you:

    type MyBackend struct {
        nslcd_server.NilBackend
        ...
    }

    func (b *MyBackend) Passwd_ByName(cred syscall.Ucred, req 
nslcd_proto.Request_Passwd_ByName) <-chan nslcd_proto.Passwd {
        ...
    }

The struct types defined in the `nslcd_proto
"lukeshu.com/git/go/libnslcd.git/proto"` package are very litteral,
direct interpretations of the information in `nslcd.h`.

An example of its uses is `nshd`, part of the parabola-hackers
repository.

    https://git.parabola.nu/packages/parabola-hackers.git/

The systemd unit files are maybe worth taking a look at, because it
turns out that there is a deadlock in systemd that must be worked
around if you have a socket-activated service that provides NSS
lookups.

Anyway, I hope someone finds it interesting or useful.

-- 
Happy hacking,
~ Luke Shumaker
-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/

Go implementation of nslcd, Luke Shumaker

Re: Go implementation of nslcd, Arthur de Jong

Prev by Date: Re: failed to get password: authentication error
Next by Date: Re: Go implementation of nslcd
Previous by thread: Re: failed to get password: authentication error
Next by thread: Re: Go implementation of nslcd