AB#2222 replace unlicensed passwd package with own implementation

access_manager/access_manager_test.go

@@ -208,10 +208,10 @@ func TestDeployKeys(t *testing.T) {
 						assert.True(ok)
 
 						// Check if user has been recreated with correct UID/GID
-						actualUID, err := strconv.Atoi(userEntry.Uid)
+						actualUID, err := strconv.Atoi(userEntry.UID)
 						assert.NoError(err)
 						assert.EqualValues(tc.existingUsers[user].UID, actualUID)
-						actualGID, err := strconv.Atoi(userEntry.Gid)
+						actualGID, err := strconv.Atoi(userEntry.GID)
 						assert.NoError(err)
 						assert.EqualValues(tc.existingUsers[user].GID, actualGID)
 
@@ -288,10 +288,10 @@ func TestEvictRootKey(t *testing.T) {
 	assert.True(ok)
 
 	// Check if user has been recreated with correct UID/GID
-	actualUID, err := strconv.Atoi(userEntry.Uid)
+	actualUID, err := strconv.Atoi(userEntry.UID)
 	assert.NoError(err)
 	assert.EqualValues(0, actualUID)
-	actualGID, err := strconv.Atoi(userEntry.Gid)
+	actualGID, err := strconv.Atoi(userEntry.GID)
 	assert.NoError(err)
 	assert.EqualValues(0, actualGID)
 

go.mod

@@ -81,7 +81,6 @@ require (
 	github.com/spf13/cobra v1.5.0
 	github.com/stretchr/testify v1.7.1
 	github.com/talos-systems/talos/pkg/machinery v1.0.4
-	github.com/willdonnelly/passwd v0.0.0-20141013001024-7935dab3074c
 	go.uber.org/goleak v1.1.12
 	go.uber.org/multierr v1.8.0
 	go.uber.org/zap v1.21.0

go.sum

@@ -1445,8 +1445,6 @@ github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17
 github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
 github.com/vishvananda/netns v0.0.0-20210104183010-2eb08e3e575f/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
 github.com/vmware/govmomi v0.20.3/go.mod h1:URlwyTFZX72RmxtxuaFL2Uj3fD1JTvZdx59bHWk6aFU=
-github.com/willdonnelly/passwd v0.0.0-20141013001024-7935dab3074c h1:4+NVyrLUuEmvE3r3Xst7gPuKhAP6X04ACpMmPvtK0M0=
-github.com/willdonnelly/passwd v0.0.0-20141013001024-7935dab3074c/go.mod h1:xcvfY9pOw6s4wyrhilFSbMthL6KzgrfCIETHHUOQ/fQ=
 github.com/willf/bitset v1.1.11-0.20200630133818-d5bec3311243/go.mod h1:RjeCKbqT1RxIR/KWY6phxZiaY1IyutSBfGjNPySAYV4=
 github.com/willf/bitset v1.1.11/go.mod h1:83CECat5yLh5zVOf4P1ErAgKA5UDvKtgyUABdr3+MjI=
 github.com/xanzy/go-gitlab v0.31.0/go.mod h1:sPLojNBn68fMUWSxIJtdVVIP8uSBYqesTfDUseX11Ug=

hack/go.mod

@@ -32,9 +32,7 @@ replace (
 	k8s.io/sample-controller => k8s.io/sample-controller v0.24.0
 )
 
-replace (
-	github.com/edgelesssys/constellation => ./..
-)
+replace github.com/edgelesssys/constellation => ./..
 
 require (
 	github.com/edgelesssys/constellation v1.0.0
@@ -56,7 +54,6 @@ require (
 	github.com/emirpasic/gods v1.12.0 // indirect
 	github.com/go-git/gcfg v1.5.0 // indirect
 	github.com/go-git/go-billy/v5 v5.3.1 // indirect
-	github.com/icholy/replace v0.5.0 // indirect
 	github.com/imdario/mergo v0.3.12 // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
 	github.com/kevinburke/ssh_config v0.0.0-20201106050909-4977a11b4351 // indirect
@@ -145,7 +142,6 @@ require (
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/talos-systems/talos/pkg/machinery v1.0.4 // indirect
-	github.com/willdonnelly/passwd v0.0.0-20141013001024-7935dab3074c // indirect
 	go.opencensus.io v0.23.0 // indirect
 	go.uber.org/atomic v1.9.0 // indirect
 	go.uber.org/multierr v1.8.0 // indirect

hack/go.sum

@@ -636,8 +636,6 @@ github.com/huandu/xstrings v1.2.0/go.mod h1:DvyZB1rfVYsBIigL8HwpZgxHwXozlTgGqn63
 github.com/hudl/fargo v1.3.0/go.mod h1:y3CKSmjA+wD2gak7sUSXTAoopbhU08POFhmITJgmKTg=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
-github.com/icholy/replace v0.5.0 h1:Nx80zYQVlowdba+3Y6dvHDnmxaGtBrDlf2wYn9GyIXQ=
-github.com/icholy/replace v0.5.0/go.mod h1:zzi8pxElj2t/5wHHHYmH45D+KxytX/t4w3ClY5nlK+g=
 github.com/imdario/mergo v0.3.4/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
 github.com/imdario/mergo v0.3.8/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
 github.com/imdario/mergo v0.3.9/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
@@ -961,8 +959,6 @@ github.com/ulikunitz/xz v0.5.7/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oW
 github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
 github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
 github.com/urfave/cli v1.22.4/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
-github.com/willdonnelly/passwd v0.0.0-20141013001024-7935dab3074c h1:4+NVyrLUuEmvE3r3Xst7gPuKhAP6X04ACpMmPvtK0M0=
-github.com/willdonnelly/passwd v0.0.0-20141013001024-7935dab3074c/go.mod h1:xcvfY9pOw6s4wyrhilFSbMthL6KzgrfCIETHHUOQ/fQ=
 github.com/xanzy/go-gitlab v0.31.0/go.mod h1:sPLojNBn68fMUWSxIJtdVVIP8uSBYqesTfDUseX11Ug=
 github.com/xanzy/ssh-agent v0.2.1/go.mod h1:mLlQY/MoOhWBj+gOGMQkOeiEvkx+8pJSI+0Bx9h2kr4=
 github.com/xanzy/ssh-agent v0.3.0 h1:wUMzuKtKilRgBAD1sUb8gOwwRr2FGoBVumcjoOACClI=
@@ -1346,7 +1342,6 @@ golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBn
 golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190624222133-a101b041ded4/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190729092621-ff9f1409240a/go.mod h1:jcCCGcm9btYwXyDqrUWc6MKQKKGJCWEQ3AfLSRIbEuI=
 golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
@@ -1657,7 +1652,6 @@ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C
 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.0-20220512140231-539c8e751b99 h1:dbuHpmKjkDzSOMKAWl10QNlgaZUd3V1q99xc81tt2Kc=
 gopkg.in/yaml.v3 v3.0.0-20220512140231-539c8e751b99/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk=
 honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=

internal/deploy/user/linux_user.go

@@ -162,17 +162,17 @@ func (l *LinuxUserManager) GetLinuxUser(username string) (LinuxUser, error) {
 		return LinuxUser{}, ErrUserDoesNotExist
 	}
 	entry := entries[username]
-	uid, err := strconv.Atoi(entry.Uid)
+	uid, err := strconv.Atoi(entry.UID)
 	if err != nil {
 		return LinuxUser{}, fmt.Errorf("parsing users uid: %w", err)
 	}
-	gid, err := strconv.Atoi(entry.Gid)
+	gid, err := strconv.Atoi(entry.GID)
 	if err != nil {
 		return LinuxUser{}, fmt.Errorf("parsing users gid: %w", err)
 	}
 	return LinuxUser{
 		Username: username,
-		Home:     entry.Home,
+		Home:     entry.Directory,
 		UID:      uid,
 		GID:      gid,
 	}, nil

internal/deploy/user/passwd.go

@@ -1,12 +1,25 @@
 package user
 
 import (
+	"bufio"
+	"errors"
+	"strings"
+
 	"github.com/spf13/afero"
-	"github.com/willdonnelly/passwd"
 )
 
-// Entries contains the information for each user defined in '/etc/passwd'. Re-exported to allow other module to only import this passwd module.
-type Entries map[string]passwd.Entry
+// Entry is an entry of a '/etc/passwd' file.
+type Entry struct {
+	Password  string
+	UID       string
+	GID       string
+	GECOS     string
+	Directory string
+	Shell     string
+}
+
+// Entries contains the information for each user defined in '/etc/passwd'.
+type Entries map[string]Entry
 
 // Passwd allows to parse users from '/etc/passwd' on the local system.
 type Passwd struct{}
@@ -24,6 +37,26 @@ func (p Passwd) parseFile(fs afero.Fs, path string) (Entries, error) {
 	}
 	defer file.Close()
 
-	entries, err := passwd.ParseReader(file)
-	return Entries(entries), err
+	entries := Entries{}
+	scanner := bufio.NewScanner(file)
+
+	for scanner.Scan() {
+		// File format: https://man7.org/linux/man-pages/man5/passwd.5.html
+
+		fields := strings.Split(scanner.Text(), ":")
+		if len(fields) != 7 {
+			return nil, errors.New("invalid number of fields")
+		}
+
+		entries[fields[0]] = Entry{
+			Password:  fields[1],
+			UID:       fields[2],
+			GID:       fields[3],
+			GECOS:     fields[4],
+			Directory: fields[5],
+			Shell:     fields[6],
+		}
+	}
+
+	return entries, scanner.Err()
 }

internal/deploy/user/passwd_test.go

@@ -22,12 +22,35 @@ func TestParse(t *testing.T) {
 			createFile:     true,
 			wantEntries: Entries{
 				"root": {
-					Pass:  "x",
-					Uid:   "0",
-					Gid:   "0",
-					Gecos: "root",
-					Home:  "/root",
-					Shell: "/bin/bash",
+					Password:  "x",
+					UID:       "0",
+					GID:       "0",
+					GECOS:     "root",
+					Directory: "/root",
+					Shell:     "/bin/bash",
+				},
+			},
+			wantErr: false,
+		},
+		"multiple lines": {
+			passwdContents: "root:x:0:0:root:/root:/bin/bash\nfoo:y:1:2:bar:baz:sh",
+			createFile:     true,
+			wantEntries: Entries{
+				"root": {
+					Password:  "x",
+					UID:       "0",
+					GID:       "0",
+					GECOS:     "root",
+					Directory: "/root",
+					Shell:     "/bin/bash",
+				},
+				"foo": {
+					Password:  "y",
+					UID:       "1",
+					GID:       "2",
+					GECOS:     "bar",
+					Directory: "baz",
+					Shell:     "sh",
 				},
 			},
 			wantErr: false,