mirror of
https://codeberg.org/superseriousbusiness/gotosocial.git
synced 2024-12-21 00:21:59 +03:00
acc333c40b
When GTS is running in a container runtime which has configured CPU or memory limits or under an init system that uses cgroups to impose CPU and memory limits the values the Go runtime sees for GOMAXPROCS and GOMEMLIMIT are still based on the host resources, not the cgroup. At least for the throttling middlewares which use GOMAXPROCS to configure their queue size, this can result in GTS running with values too big compared to the resources that will actuall be available to it. This introduces 2 dependencies which can pick up resource contraints from the current cgroup and tune the Go runtime accordingly. This should result in the different queues being appropriately sized and in general more predictable performance. These dependencies are a no-op on non-Linux systems or if running in a cgroup that doesn't set a limit on CPU or memory. The automatic tuning of GOMEMLIMIT can be disabled by either explicitly setting GOMEMLIMIT yourself or by setting AUTOMEMLIMIT=off. The automatic tuning of GOMAXPROCS can similarly be counteracted by setting GOMAXPROCS yourself.
102 lines
2.4 KiB
Go
102 lines
2.4 KiB
Go
package dbus
|
|
|
|
import (
|
|
"bufio"
|
|
"bytes"
|
|
"crypto/rand"
|
|
"crypto/sha1"
|
|
"encoding/hex"
|
|
"os"
|
|
)
|
|
|
|
// AuthCookieSha1 returns an Auth that authenticates as the given user with the
|
|
// DBUS_COOKIE_SHA1 mechanism. The home parameter should specify the home
|
|
// directory of the user.
|
|
func AuthCookieSha1(user, home string) Auth {
|
|
return authCookieSha1{user, home}
|
|
}
|
|
|
|
type authCookieSha1 struct {
|
|
user, home string
|
|
}
|
|
|
|
func (a authCookieSha1) FirstData() ([]byte, []byte, AuthStatus) {
|
|
b := make([]byte, 2*len(a.user))
|
|
hex.Encode(b, []byte(a.user))
|
|
return []byte("DBUS_COOKIE_SHA1"), b, AuthContinue
|
|
}
|
|
|
|
func (a authCookieSha1) HandleData(data []byte) ([]byte, AuthStatus) {
|
|
challenge := make([]byte, len(data)/2)
|
|
_, err := hex.Decode(challenge, data)
|
|
if err != nil {
|
|
return nil, AuthError
|
|
}
|
|
b := bytes.Split(challenge, []byte{' '})
|
|
if len(b) != 3 {
|
|
return nil, AuthError
|
|
}
|
|
context := b[0]
|
|
id := b[1]
|
|
svchallenge := b[2]
|
|
cookie := a.getCookie(context, id)
|
|
if cookie == nil {
|
|
return nil, AuthError
|
|
}
|
|
clchallenge := a.generateChallenge()
|
|
if clchallenge == nil {
|
|
return nil, AuthError
|
|
}
|
|
hash := sha1.New()
|
|
hash.Write(bytes.Join([][]byte{svchallenge, clchallenge, cookie}, []byte{':'}))
|
|
hexhash := make([]byte, 2*hash.Size())
|
|
hex.Encode(hexhash, hash.Sum(nil))
|
|
data = append(clchallenge, ' ')
|
|
data = append(data, hexhash...)
|
|
resp := make([]byte, 2*len(data))
|
|
hex.Encode(resp, data)
|
|
return resp, AuthOk
|
|
}
|
|
|
|
// getCookie searches for the cookie identified by id in context and returns
|
|
// the cookie content or nil. (Since HandleData can't return a specific error,
|
|
// but only whether an error occurred, this function also doesn't bother to
|
|
// return an error.)
|
|
func (a authCookieSha1) getCookie(context, id []byte) []byte {
|
|
file, err := os.Open(a.home + "/.dbus-keyrings/" + string(context))
|
|
if err != nil {
|
|
return nil
|
|
}
|
|
defer file.Close()
|
|
rd := bufio.NewReader(file)
|
|
for {
|
|
line, err := rd.ReadBytes('\n')
|
|
if err != nil {
|
|
return nil
|
|
}
|
|
line = line[:len(line)-1]
|
|
b := bytes.Split(line, []byte{' '})
|
|
if len(b) != 3 {
|
|
return nil
|
|
}
|
|
if bytes.Equal(b[0], id) {
|
|
return b[2]
|
|
}
|
|
}
|
|
}
|
|
|
|
// generateChallenge returns a random, hex-encoded challenge, or nil on error
|
|
// (see above).
|
|
func (a authCookieSha1) generateChallenge() []byte {
|
|
b := make([]byte, 16)
|
|
n, err := rand.Read(b)
|
|
if err != nil {
|
|
return nil
|
|
}
|
|
if n != 16 {
|
|
return nil
|
|
}
|
|
enc := make([]byte, 32)
|
|
hex.Encode(enc, b)
|
|
return enc
|
|
}
|