rotating log files; shutdown on SIGTERM; filter users by active only

Author: TheMrSheldon

include/gitlabapi.hpp

@@ -20,6 +20,7 @@ namespace gitlab {
 		UserID id;
 		std::string username;
 		std::string name;
+		std::string state;
 
 		std::vector<Group> groups;
 	};

src/authorized_keys.cpp

@@ -20,6 +20,9 @@ int main(int argc, char* argv[]) {
 	if (static_cast<Error>(userresp.getErrcode()) != Error::Ok)
 		return userresp.getErrcode();
 
+	if (std::string("active") != userresp.getUser().getState().cStr())
+		return -3;
+
 	// Get the ssh public keys from user by ID via RPC to the daemon
 	auto keyreq = daemon->getSSHKeysRequest();
 	keyreq.setId(userresp.getUser().getId());

src/gitlabapi.cpp

@@ -45,6 +45,7 @@ Error GitLab::fetchUserByUsername(std::string username, User& user) const {
 	user.id = userJson["id"].Get<decltype(user.id)>();
 	user.username = userJson["username"].GetString();
 	user.name = userJson["name"].GetString();
+	user.state = userJson["state"].GetString();
 	return Error::Ok;
 }
 
@@ -59,6 +60,7 @@ Error GitLab::fetchUserByID(UserID id, User& user) const {
 	user.id = userJson["id"].Get<decltype(user.id)>();
 	user.username = userJson["username"].GetString();
 	user.name = userJson["name"].GetString();
+	user.state = userJson["state"].GetString();
 	return Error::Ok;
 }
 

src/gitlabnssd.cpp

@@ -8,7 +8,7 @@
 
 #include <lrucache.hpp>
 
-#include <spdlog/sinks/basic_file_sink.h>
+#include <spdlog/sinks/rotating_file_sink.h>
 #include <spdlog/sinks/stdout_color_sinks.h>
 #include <spdlog/spdlog.h>
 
@@ -33,12 +33,14 @@ static void initLogger() {
 #if DEBUG
 	auto console_sink = std::make_shared<spdlog::sinks::stdout_color_sink_mt>();
 #endif
-	auto basic_sink = std::make_shared<spdlog::sinks::basic_file_sink_mt>("/var/log/gitlabnss.log");
+	// auto filesink = std::make_shared<spdlog::sinks::basic_file_sink_mt>("/var/log/gitlabnss.log");
+	auto filesink =
+			std::make_shared<spdlog::sinks::rotating_file_sink_mt>("/var/log/gitlabnss.log", 5 * 1024 * 1024, 3);
 	std::vector<spdlog::sink_ptr> sinks{
 #if DEBUG
 			console_sink,
 #endif
-			basic_sink
+			filesink
 	};
 	auto logger = std::make_shared<spdlog::logger>("", sinks.begin(), sinks.end());
 	logger->set_level(spdlog::level::trace);
@@ -111,6 +113,7 @@ class GitLabDaemonImpl final : public GitLabDaemon::Server {
 			output.setId(user.id);
 			output.setName(user.name);
 			output.setUsername(user.username);
+			output.setState(user.state);
 			auto groups = output.initGroups(user.groups.size());
 			for (auto i = 0; i < user.groups.size(); ++i) {
 				if (decltype(groupMap)::iterator it; (it = groupMap.find(user.groups[i].id)) != groupMap.end()) {
@@ -143,6 +146,7 @@ class GitLabDaemonImpl final : public GitLabDaemon::Server {
 			output.setId(user.id);
 			output.setName(user.name);
 			output.setUsername(user.username);
+			output.setState(user.state);
 			auto groups = output.initGroups(user.groups.size());
 			for (auto i = 0; i < user.groups.size(); ++i) {
 				if (decltype(groupMap)::iterator it; (it = groupMap.find(user.groups[i].id)) != groupMap.end()) {
@@ -243,8 +247,9 @@ int main(int argc, char* argv[]) {
 	if (chmod(socketPath.c_str(), static_cast<mode_t>(config.general.socketPerms)) != 0)
 		spdlog::warn("Failed to change permissions with errno {}", errno);
 
-	spdlog::info("Instantiating SIGINT handler");
+	spdlog::info("Instantiating SIGINT and SIGTERM handlers");
 	std::signal(SIGINT, +[](int signal) { fulfiller->fulfill(); });
+	std::signal(SIGTERM, +[](int signal) { fulfiller->fulfill(); });
 
 	// Run until SIGINT is signaled; accept connections and handle requests.
 	spdlog::info("Listening...");

src/nss_interface.cpp

@@ -2,7 +2,7 @@
 #include <error.hpp>
 #include <rpcclient.hpp>
 
-#include <spdlog/sinks/basic_file_sink.h>
+#include <spdlog/sinks/rotating_file_sink.h>
 #include <spdlog/sinks/stdout_color_sinks.h>
 #include <spdlog/spdlog.h>
 
@@ -23,12 +23,14 @@ static auto initLogger() {
 #if DEBUG
 	auto console_sink = std::make_shared<spdlog::sinks::stdout_color_sink_mt>();
 #endif
-	auto basic_sink = std::make_shared<spdlog::sinks::basic_file_sink_mt>("/var/log/gitlabnss-client.log");
+	// auto filesink = std::make_shared<spdlog::sinks::basic_file_sink_mt>("/var/log/gitlabnss-client.log");
+	auto filesink =
+			std::make_shared<spdlog::sinks::rotating_file_sink_mt>("/var/log/gitlabnss.log", 5 * 1024 * 1024, 3);
 	std::vector<spdlog::sink_ptr> sinks{
 #if DEBUG
 			console_sink,
 #endif
-			basic_sink
+			filesink
 	};
 	auto logger = std::make_shared<spdlog::logger>("", sinks.begin(), sinks.end());
 	logger->set_level(spdlog::level::trace);
@@ -92,15 +94,18 @@ nss_status _nss_gitlab_getpwuid_r(uid_t uid, passwd* pwd, char* buf, size_t bufl
 	auto promise = request.send().wait(waitScope);
 
 	auto user = promise.getUser();
-	switch (static_cast<Error>(promise.getErrcode())) {
-	case Error::Ok:
+	auto err = static_cast<Error>(promise.getErrcode());
+	if (err == Error::Ok && std::string("active") == user.getState().cStr()) {
 		populatePasswd(*pwd, user, {buf, buflen});
 		SPDLOG_LOGGER_DEBUG(logger, "Found!");
 		return nss_status::NSS_STATUS_SUCCESS;
-	case Error::NotFound:
+	} else if (err == Error::Ok) {
+		SPDLOG_LOGGER_DEBUG(logger, "User is not active (status: {})", user.getState().cStr());
+		return nss_status::NSS_STATUS_NOTFOUND;
+	} else if (err == Error::NotFound) {
 		SPDLOG_LOGGER_DEBUG(logger, "Not Found");
 		return nss_status::NSS_STATUS_NOTFOUND;
-	default:
+	} else {
 		SPDLOG_LOGGER_ERROR(logger, "Other Error");
 		SPDLOG_LOGGER_ERROR(logger, "Error {}", promise.getErrcode());
 		return nss_status::NSS_STATUS_UNAVAIL;
@@ -121,15 +126,18 @@ nss_status _nss_gitlab_getpwnam_r(const char* name, passwd* pwd, char* buf, size
 	auto promise = request.send().wait(waitScope);
 
 	auto user = promise.getUser();
-	switch (static_cast<Error>(promise.getErrcode())) {
-	case Error::Ok:
+	auto err = static_cast<Error>(promise.getErrcode());
+	if (err == Error::Ok && std::string("active") == user.getState().cStr()) {
 		populatePasswd(*pwd, user, {buf, buflen});
 		SPDLOG_LOGGER_DEBUG(logger, "Found!");
 		return nss_status::NSS_STATUS_SUCCESS;
-	case Error::NotFound:
+	} else if (err == Error::Ok) {
+		SPDLOG_LOGGER_DEBUG(logger, "User is not active (status: {})", user.getState().cStr());
+		return nss_status::NSS_STATUS_NOTFOUND;
+	} else if (err == Error::NotFound) {
 		SPDLOG_LOGGER_DEBUG(logger, "Not Found");
 		return nss_status::NSS_STATUS_NOTFOUND;
-	default:
+	} else {
 		SPDLOG_LOGGER_ERROR(logger, "Other Error");
 		SPDLOG_LOGGER_ERROR(logger, "Error {}", promise.getErrcode());
 		return nss_status::NSS_STATUS_UNAVAIL;
@@ -241,8 +249,8 @@ nss_status _nss_gitlab_initgroups_dyn(
 	auto promise = request.send().wait(waitScope);
 
 	auto user = promise.getUser();
-	switch (static_cast<Error>(promise.getErrcode())) {
-	case Error::Ok:
+	auto err = static_cast<Error>(promise.getErrcode());
+	if (err == Error::Ok && std::string("active") == user.getState().cStr()) {
 		if (limit < 0 || limit > user.getGroups().size())
 			limit = user.getGroups().size();
 		// Check if groups is large enough, otherwise extend it
@@ -261,10 +269,13 @@ nss_status _nss_gitlab_initgroups_dyn(
 		}
 		SPDLOG_LOGGER_DEBUG(logger, "Found!");
 		return nss_status::NSS_STATUS_SUCCESS;
-	case Error::NotFound:
+	} else if (err == Error::Ok) {
+		SPDLOG_LOGGER_DEBUG(logger, "User is not active (status: {})", user.getState().cStr());
+		return nss_status::NSS_STATUS_NOTFOUND;
+	} else if (err == Error::NotFound) {
 		SPDLOG_LOGGER_DEBUG(logger, "Not Found");
 		return nss_status::NSS_STATUS_NOTFOUND;
-	default:
+	} else {
 		SPDLOG_LOGGER_ERROR(logger, "Other Error");
 		SPDLOG_LOGGER_ERROR(logger, "Error {}", promise.getErrcode());
 		return nss_status::NSS_STATUS_UNAVAIL;

src/protocol/messages.capnp

@@ -18,6 +18,7 @@ struct User {
     name @2 :Text;
     # Sorted such that primary group is first
     groups @3 :List(Group);
+    state @4 :Text;
 }
 
 interface GitLabDaemon {