Added Config

README.md

@@ -16,10 +16,10 @@ ManagerA1
 ManagerA2
 ManagerB1
 ManagerB2
-ManagerAB1
-ManagerAB2
 ManagerC1
 ManagerC2
+ManagerABC1
+ManagerABC2
 
 MakerA1
 MakerA2
@@ -39,11 +39,22 @@ GuestC1
 GuestC2
 GuestACB1
 GuestACB2
+
+MakerQRA
+MakerQRB
+MakerQRC
 ```
 
 # Machines
 Machines have all a Dummy Actor
 
+## List of Categories
+```
+CategoryA
+CategoryB
+CategoryC
+```
+
 ## List of Machines
 ```
 MachineA1
@@ -66,21 +77,48 @@ MachineC5
 ```
 
 # Roles
-Something about Roles
+All Roles have only one Permission
+Users have multipile Roles to give them access
+`TestEnv.Admin` have all Permissions
 
 ## List of Roles
 ```
-TestEnv.Disclose.A
+Admin
-TestEnv.Disclose.B
-TestEnv.Disclose.C
 
-TestEnv.Use.A
+ManageA
-TestEnv.Use.B
+ManageB
-TestEnv.Use.C
+ManageC
+
+UseA
+UseB
+UseC
+
+ReadA
+ReadB
+ReadC
+
+DiscloseA
+DiscloseB
+DiscloseC
+```
+
+## List of Permissions
+```
+TestEnv.Admin
 
 TestEnv.Manage.A
 TestEnv.Manage.B
 TestEnv.Manage.C
 
-TestEnv.Admin
+TestEnv.Write.A
+TestEnv.Write.B
+TestEnv.Write.C
+
+TestEnv.Read.A
+TestEnv.Read.B
+TestEnv.Read.C
+
+TestEnv.Disclose.A
+TestEnv.Disclose.B
+TestEnv.Disclose.C
 ```

bffh.dhall

@@ -0,0 +1,294 @@
+{- Main configuration file for bffh
+ - ================================
+ -
+ - In this configuration file you configure almost all parts of how bffh operates, but most importantly:
+ -      * Machines
+ -      * Initiators and Actors
+ -      * Which Initiators and Actors relate to which machine(s)
+ -      * Roles and the permissions granted by them
+ -}
+
+-- The config is in the configuration format/language dhall. You can find more information about dhall over at
+-- https://dhall-lang.org
+
+-- (Our) Dhall is somewhat similar to JSON and YAML in that it expects a top-level object containing the
+-- configuration values
+{
+    -- Configure the addresses and ports bffh listens on
+    listens = [
+        -- BFFH binds a port for every listen object in this array.
+        -- Each listen object is of the format { address = <STRING>, port = <INTEGER> }
+        -- If you don't specify a port bffh will use the default of `59661`
+        -- 'address' can be a IP address or a hostname
+        -- If bffh can not bind a port for the specified combination if will log an error but *continue with the remaining ports*
+        { address = "::", port = Some 59661 }
+    ],
+
+    -- Configure TLS. BFFH requires a PEM-encoded certificate and the associated key as two separate files
+    certfile = "/etc/bffh/cert.pem",
+    keyfile = "/etc/bffh/key.pem",
+
+    -- BFFH right now requires a running MQTT broker.
+    mqtt_url = "tcp://mqtt:1883", 
+
+    -- Path to the database file for bffh. bffh will in fact create two files; ${db_path} and ${db_path}.lock.
+    -- BFFH will *not* create any directories so ensure that the directory exists and the user running bffh has write
+    -- access into them.
+    db_path = "/var/lib/bffh/db",
+
+    -- Audit log path. Bffh will log state changes into this file, one per line.
+    -- Audit log entries are for now JSON:
+    -- {"timestamp":1641497361,"machine":"Testmachine","state":{"state":{"InUse":{"uid":"Testuser","subuid":null,"realm":null}}}}
+    auditlog_path = "/tmp/bffh.audit",
+
+    -- In dhall you can also easily import definitions from other files, e.g. you could write
+    -- roles = ./roles.dhall
+    
+
+
+
+
+
+
+
+
+
+
+    roles = {
+        Admin = {
+            permissions =  [
+                "TestEnv.Admin",
+                "TestEnv.Manage.A",
+                "TestEnv.Manage.B",
+                "TestEnv.Manage.C",
+                "TestEnv.Write.A",
+                "TestEnv.Write.B",
+                "TestEnv.Write.C",
+                "TestEnv.Read.A",
+                "TestEnv.Read.B",
+                "TestEnv.Read.C",
+                "TestEnv.Disclose.A",
+                "TestEnv.Disclose.B",
+                "TestEnv.Disclose.C"
+            ]
+        },
+
+        ManageA = {
+            permissions = [ "TestEnv.Manage.A" ]
+        },
+        ManageB = {
+            permissions = [ "TestEnv.Manage.B" ]
+        },
+        ManageC = {
+            permissions = [ "TestEnv.Manage.C" ]
+        },
+
+        UseA = {
+            permissions = [ "TestEnv.Use.A" ]
+        },
+        UseB = {
+            permissions = [ "TestEnv.Use.B" ]
+        },
+        UseC = {
+            permissions = [ "TestEnv.Use.C" ]
+        },
+
+        ReadA = {
+            permissions = [ "TestEnv.Read.A" ]
+        },
+        ReadB = {
+            permissions = [ "TestEnv.Read.B" ]
+        },
+        ReadC = {
+            permissions = [ "TestEnv.Read.C" ]
+        },
+
+        DiscloseA = {
+            permissions = [ "TestEnv.Disclose.A" ]
+        },
+        DiscloseB = {
+            permissions = [ "TestEnv.Disclose.B" ]
+        },
+        DiscloseC = {
+            permissions = [ "TestEnv.Disclose.C" ]
+        }
+    },
+
+    machines = {
+        MachineA1 = {
+            name = "MachineA1",
+            description = "Description of MachineA1",
+            wiki = "https://fab-access.readthedocs.io",
+            category = "CategoryA",
+            
+            disclose = "TestEnv.Disclose.A",
+            read = "TestEnv.Read.A",
+            write = "TestEnv.Write.A",
+            manage = "TestEnv.Manage.A"
+        },
+        MachineA2 = {
+            name = "MachineA2",
+            description = "Description of MachineA2",
+            wiki = "https://fab-access.readthedocs.io",
+            category = "CategoryA",
+            
+            disclose = "TestEnv.Disclose.A",
+            read = "TestEnv.Read.A",
+            write = "TestEnv.Write.A",
+            manage = "TestEnv.Manage.A"
+        },
+        MachineA3 = {
+            name = "MachineA3",
+            description = "Description of MachineA3",
+            wiki = "https://fab-access.readthedocs.io",
+            category = "CategoryA",
+            
+            disclose = "TestEnv.Disclose.A",
+            read = "TestEnv.Read.A",
+            write = "TestEnv.Write.A",
+            manage = "TestEnv.Manage.A"
+        },
+        MachineA4 = {
+            name = "MachineA4",
+            description = "Description of MachineA4",
+            wiki = "https://fab-access.readthedocs.io",
+            category = "CategoryA",
+            
+            disclose = "TestEnv.Disclose.A",
+            read = "TestEnv.Read.A",
+            write = "TestEnv.Write.A",
+            manage = "TestEnv.Manage.A"
+        },
+        MachineA5 = {
+            name = "MachineA5",
+            description = "Description of MachineA5",
+            wiki = "https://fab-access.readthedocs.io",
+            category = "CategoryA",
+            
+            disclose = "TestEnv.Disclose.A",
+            read = "TestEnv.Read.A",
+            write = "TestEnv.Write.A",
+            manage = "TestEnv.Manage.A"
+        },
+
+        MachineB1 = {
+            name = "MachineB1",
+            description = "Description of MachineB1",
+            wiki = "https://fab-access.readthedocs.io",
+            category = "CategoryB",
+            
+            disclose = "TestEnv.Disclose.B",
+            read = "TestEnv.Read.B",
+            write = "TestEnv.Write.B",
+            manage = "TestEnv.Manage.B"
+        },
+        MachineB2 = {
+            name = "MachineB2",
+            description = "Description of MachineB2",
+            wiki = "https://fab-access.readthedocs.io",
+            category = "CategoryB",
+            
+            disclose = "TestEnv.Disclose.B",
+            read = "TestEnv.Read.B",
+            write = "TestEnv.Write.B",
+            manage = "TestEnv.Manage.B"
+        },
+        MachineB3 = {
+            name = "MachineB3",
+            description = "Description of MachineB3",
+            wiki = "https://fab-access.readthedocs.io",
+            category = "CategoryB",
+            
+            disclose = "TestEnv.Disclose.B",
+            read = "TestEnv.Read.B",
+            write = "TestEnv.Write.B",
+            manage = "TestEnv.Manage.B"
+        },
+        MachineB4 = {
+            name = "MachineB4",
+            description = "Description of MachineB4",
+            wiki = "https://fab-access.readthedocs.io",
+            category = "CategoryB",
+            
+            disclose = "TestEnv.Disclose.B",
+            read = "TestEnv.Read.B",
+            write = "TestEnv.Write.B",
+            manage = "TestEnv.Manage.B"
+        },
+        MachineB5 = {
+            name = "MachineB5",
+            description = "Description of MachineB5",
+            wiki = "https://fab-access.readthedocs.io",
+            category = "CategoryB",
+            
+            disclose = "TestEnv.Disclose.B",
+            read = "TestEnv.Read.B",
+            write = "TestEnv.Write.B",
+            manage = "TestEnv.Manage.B"
+        },
+
+        MachineC1 = {
+            name = "MachineC1",
+            description = "Description of MachineC1",
+            wiki = "https://fab-access.readthedocs.io",
+            category = "CategoryC",
+            
+            disclose = "TestEnv.Disclose.C",
+            read = "TestEnv.Read.C",
+            write = "TestEnv.Write.C",
+            manage = "TestEnv.Manage.C"
+        },
+        MachineC2 = {
+            name = "MachineC2",
+            description = "Description of MachineC2",
+            wiki = "https://fab-access.readthedocs.io",
+            category = "CategoryC",
+            
+            disclose = "TestEnv.Disclose.C",
+            read = "TestEnv.Read.C",
+            write = "TestEnv.Write.C",
+            manage = "TestEnv.Manage.C"
+        },
+        MachineC3 = {
+            name = "MachineC3",
+            description = "Description of MachineC3",
+            wiki = "https://fab-access.readthedocs.io",
+            category = "CategoryC",
+            
+            disclose = "TestEnv.Disclose.C",
+            read = "TestEnv.Read.C",
+            write = "TestEnv.Write.C",
+            manage = "TestEnv.Manage.C"
+        },
+        MachineC4 = {
+            name = "MachineC4",
+            description = "Description of MachineC4",
+            wiki = "https://fab-access.readthedocs.io",
+            category = "CategoryC",
+            
+            disclose = "TestEnv.Disclose.C",
+            read = "TestEnv.Read.C",
+            write = "TestEnv.Write.C",
+            manage = "TestEnv.Manage.C"
+        },
+        MachineC5 = {
+            name = "MachineC5",
+            description = "Description of MachineC5",
+            wiki = "https://fab-access.readthedocs.io",
+            category = "CategoryC",
+            
+            disclose = "TestEnv.Disclose.C",
+            read = "TestEnv.Read.C",
+            write = "TestEnv.Write.C",
+            manage = "TestEnv.Manage.C"
+        },
+    },
+    
+    actors = {=},
+
+    actor_connections = [] : List { machine : Text, actor : Text },
+
+    initiators = {=},
+
+    init_connections = [] : List { machine : Text, initiator : Text },
+}

users.toml

@@ -0,0 +1,173 @@
+[Admin1]
+roles = ["Admin/internal"]
+passwd = "secret"
+noot = "noot!"
+cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+[Admin2]
+roles = ["Admin/internal"]
+passwd = "secret"
+noot = "noot!"
+cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+[ManagerA1]
+roles = ["ManageA/internal", "UseA/internal", "ReadA/internal", "DiscloseA/internal"]
+passwd = "secret"
+noot = "noot!"
+cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+[ManagerA2]
+roles = ["ManageA/internal", "UseA/internal", "ReadA/internal", "DiscloseA/internal"]
+passwd = "secret"
+noot = "noot!"
+cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+[ManagerB1]
+roles = ["ManageB/internal", "UseB/internal", "ReadB/internal", "DiscloseB/internal"]
+passwd = "secret"
+noot = "noot!"
+cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+[ManagerB2]
+roles = ["ManageB/internal", "UseB/internal", "ReadB/internal", "DiscloseB/internal"]
+passwd = "secret"
+noot = "noot!"
+cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+[ManagerC1]
+roles = ["ManageC/internal", "UseC/internal", "ReadC/internal", "DiscloseC/internal"]
+passwd = "secret"
+noot = "noot!"
+cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+[ManagerC2]
+roles = ["ManageC/internal", "UseC/internal", "ReadC/internal", "DiscloseC/internal"]
+passwd = "secret"
+noot = "noot!"
+cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+[ManagerABC1]
+roles = ["ManageA/internal", "UseA/internal", "ReadA/internal", "DiscloseA/internal", "ManageB/internal", "UseB/internal", "ReadB/internal", "DiscloseB/internal", "ManageC/internal", "UseC/internal", "ReadC/internal", "DiscloseC/internal"]
+passwd = "secret"
+noot = "noot!"
+cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+[ManagerABC2]
+roles = ["ManageA/internal", "UseA/internal", "ReadA/internal", "DiscloseA/internal", "ManageB/internal", "UseB/internal", "ReadB/internal", "DiscloseB/internal", "ManageC/internal", "UseC/internal", "ReadC/internal", "DiscloseC/internal"]
+passwd = "secret"
+noot = "noot!"
+cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+[MakerA1]
+roles = ["UseA/internal", "ReadA/internal", "DiscloseA/internal"]
+passwd = "secret"
+noot = "noot!"
+cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+[MakerA2]
+roles = ["UseA/internal", "ReadA/internal", "DiscloseA/internal"]
+passwd = "secret"
+noot = "noot!"
+cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+[MakerB1]
+roles = ["UseB/internal", "ReadB/internal", "DiscloseB/internal"]
+passwd = "secret"
+noot = "noot!"
+cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+[MakerB2]
+roles = ["UseB/internal", "ReadB/internal", "DiscloseB/internal"]
+passwd = "secret"
+noot = "noot!"
+cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+[MakerC1]
+roles = ["UseC/internal", "ReadC/internal", "DiscloseC/internal"]
+passwd = "secret"
+noot = "noot!"
+cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+[MakerC2]
+roles = ["UseC/internal", "ReadC/internal", "DiscloseC/internal"]
+passwd = "secret"
+noot = "noot!"
+cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+[MakerABC1]
+roles = ["UseA/internal", "ReadA/internal", "DiscloseA/internal", "UseB/internal", "ReadB/internal", "DiscloseB/internal", "UseC/internal", "ReadC/internal", "DiscloseC/internal"]
+passwd = "secret"
+noot = "noot!"
+cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+[MakerABC2]
+roles = ["UseA/internal", "ReadA/internal", "DiscloseA/internal", "UseB/internal", "ReadB/internal", "DiscloseB/internal", "UseC/internal", "ReadC/internal", "DiscloseC/internal"]
+passwd = "secret"
+noot = "noot!"
+cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+[GuestA1]
+roles = ["ReadA/internal", "DiscloseA/internal"]
+passwd = "secret"
+noot = "noot!"
+cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+[GuestA2]
+roles = ["ReadA/internal", "DiscloseA/internal"]
+passwd = "secret"
+noot = "noot!"
+cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+[GuestB1]
+roles = ["ReadB/internal", "DiscloseB/internal"]
+passwd = "secret"
+noot = "noot!"
+cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+[GuestB2]
+roles = ["ReadB/internal", "DiscloseB/internal"]
+passwd = "secret"
+noot = "noot!"
+cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+[GuestC1]
+roles = ["ReadC/internal", "DiscloseC/internal"]
+passwd = "secret"
+noot = "noot!"
+cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+[GuestC2]
+roles = ["ReadC/internal", "DiscloseC/internal"]
+passwd = "secret"
+noot = "noot!"
+cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+[GuestABC1]
+roles = ["ReadA/internal", "DiscloseA/internal", "ReadB/internal", "DiscloseB/internal", "ReadC/internal", "DiscloseC/internal"]
+passwd = "secret"
+noot = "noot!"
+cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+[GuestABC2]
+roles = ["ReadA/internal", "DiscloseA/internal", "ReadB/internal", "DiscloseB/internal", "ReadC/internal", "DiscloseC/internal"]
+passwd = "secret"
+noot = "noot!"
+cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+[MakerQRA]
+roles = ["UseA/internal", "ReadA/internal"]
+passwd = "secret"
+noot = "noot!"
+cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+[MakerQRB]
+roles = ["UseB/internal", "ReadB/internal"]
+passwd = "secret"
+noot = "noot!"
+cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+[MakerQRC]
+roles = ["UseC/internal", "ReadC/internal"]
+passwd = "secret"
+noot = "noot!"
+cardkey = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"