2022-03-10 20:52:34 +01:00
|
|
|
#![warn(unused_imports, unused_import_braces)]
|
2022-04-27 17:30:04 +02:00
|
|
|
//#![warn(missing_debug_implementations)]
|
|
|
|
//#![warn(missing_docs)]
|
|
|
|
//#![warn(missing_crate_level_docs)]
|
2021-10-28 00:32:25 +02:00
|
|
|
|
2021-10-28 01:10:35 +02:00
|
|
|
//! Diflouroborane
|
|
|
|
//!
|
2022-03-08 16:41:38 +01:00
|
|
|
//! This is the capnp component of the FabAccess project.
|
2021-10-28 01:10:35 +02:00
|
|
|
//! The entry point of bffhd can be found in [bin/bffhd/main.rs](../bin/bffhd/main.rs)
|
2021-10-27 23:20:35 +02:00
|
|
|
|
2022-12-25 11:54:36 +01:00
|
|
|
use miette::Diagnostic;
|
|
|
|
use std::io;
|
|
|
|
use thiserror::Error;
|
|
|
|
|
2022-03-11 22:13:54 +01:00
|
|
|
pub mod config;
|
|
|
|
|
2021-10-28 01:10:35 +02:00
|
|
|
/// Internal Databases build on top of LMDB, a mmap()'ed B-tree DB optimized for reads
|
2021-10-27 23:20:35 +02:00
|
|
|
pub mod db;
|
2021-11-26 02:25:48 +01:00
|
|
|
|
2021-10-28 01:10:35 +02:00
|
|
|
/// Shared error type
|
2021-10-27 23:20:35 +02:00
|
|
|
pub mod error;
|
2021-11-26 02:25:48 +01:00
|
|
|
|
2022-03-08 18:52:49 +01:00
|
|
|
pub mod authentication;
|
2022-03-10 20:52:34 +01:00
|
|
|
pub mod authorization;
|
2022-05-05 15:50:44 +02:00
|
|
|
pub mod users;
|
2021-11-26 21:01:43 +01:00
|
|
|
|
2021-10-28 01:10:35 +02:00
|
|
|
/// Resources
|
2021-11-26 02:25:48 +01:00
|
|
|
pub mod resources;
|
|
|
|
|
2021-12-15 23:42:16 +01:00
|
|
|
pub mod actors;
|
2022-06-07 14:05:46 +02:00
|
|
|
pub mod initiators;
|
2021-12-15 23:42:16 +01:00
|
|
|
|
|
|
|
pub mod sensors;
|
|
|
|
|
2022-03-08 16:41:38 +01:00
|
|
|
pub mod capnp;
|
2021-11-26 21:01:43 +01:00
|
|
|
|
2022-03-11 22:13:54 +01:00
|
|
|
pub mod utils;
|
|
|
|
|
2022-05-18 17:01:03 +02:00
|
|
|
// Store build information in the `env` module.
|
|
|
|
shadow_rs::shadow!(env);
|
2022-05-13 18:24:47 +02:00
|
|
|
|
2022-05-05 15:50:44 +02:00
|
|
|
mod audit;
|
2022-03-11 22:13:54 +01:00
|
|
|
mod keylog;
|
|
|
|
mod logging;
|
2022-03-12 17:31:53 +01:00
|
|
|
mod session;
|
2022-05-05 15:50:44 +02:00
|
|
|
mod tls;
|
2022-03-11 22:13:54 +01:00
|
|
|
|
2022-05-05 15:50:44 +02:00
|
|
|
use std::sync::Arc;
|
2022-03-15 20:00:43 +01:00
|
|
|
|
2022-06-24 12:25:52 +02:00
|
|
|
use futures_util::{FutureExt, StreamExt};
|
2022-06-02 17:46:26 +02:00
|
|
|
use miette::{Context, IntoDiagnostic, Report};
|
2022-03-13 20:33:26 +01:00
|
|
|
use once_cell::sync::OnceCell;
|
2022-03-15 20:00:43 +01:00
|
|
|
|
2022-03-20 22:46:04 +01:00
|
|
|
use crate::audit::AuditLog;
|
2022-03-12 17:31:53 +01:00
|
|
|
use crate::authentication::AuthenticationHandle;
|
2022-03-15 19:13:55 +01:00
|
|
|
use crate::authorization::roles::Roles;
|
2022-03-11 22:13:54 +01:00
|
|
|
use crate::capnp::APIServer;
|
2022-05-05 15:50:44 +02:00
|
|
|
use crate::config::Config;
|
2022-03-13 20:11:37 +01:00
|
|
|
use crate::resources::modules::fabaccess::MachineState;
|
2022-03-13 20:33:26 +01:00
|
|
|
use crate::resources::search::ResourcesHandle;
|
|
|
|
use crate::resources::state::db::StateDB;
|
2022-05-05 15:50:44 +02:00
|
|
|
use crate::resources::Resource;
|
2022-03-12 17:31:53 +01:00
|
|
|
use crate::session::SessionManager;
|
2022-03-11 22:13:54 +01:00
|
|
|
use crate::tls::TlsConfig;
|
2022-03-13 22:50:37 +01:00
|
|
|
use crate::users::db::UserDB;
|
|
|
|
use crate::users::Users;
|
2022-05-05 15:50:44 +02:00
|
|
|
use executor::pool::Executor;
|
2022-07-24 16:07:49 +02:00
|
|
|
use lightproc::recoverable_handle::RecoverableHandle;
|
2022-05-05 15:50:44 +02:00
|
|
|
use signal_hook::consts::signal::*;
|
2022-06-22 14:43:09 +02:00
|
|
|
use tracing::Span;
|
2022-03-11 22:13:54 +01:00
|
|
|
|
|
|
|
pub struct Diflouroborane {
|
2022-03-15 19:13:55 +01:00
|
|
|
config: Config,
|
2022-03-11 22:13:54 +01:00
|
|
|
executor: Executor<'static>,
|
2022-03-16 18:10:59 +01:00
|
|
|
pub statedb: StateDB,
|
2022-03-15 19:13:55 +01:00
|
|
|
pub users: Users,
|
|
|
|
pub roles: Roles,
|
|
|
|
pub resources: ResourcesHandle,
|
2022-06-22 14:43:09 +02:00
|
|
|
span: Span,
|
2022-03-11 22:13:54 +01:00
|
|
|
}
|
|
|
|
|
2022-03-13 20:33:26 +01:00
|
|
|
pub static RESOURCES: OnceCell<ResourcesHandle> = OnceCell::new();
|
|
|
|
|
2023-01-09 16:58:32 +01:00
|
|
|
pub static CONFIG: OnceCell<Config> = OnceCell::new();
|
|
|
|
|
2022-07-11 12:14:49 +02:00
|
|
|
struct SignalHandlerErr;
|
|
|
|
impl error::Description for SignalHandlerErr {
|
|
|
|
const CODE: &'static str = "signals::new";
|
|
|
|
}
|
|
|
|
|
2022-12-25 11:54:36 +01:00
|
|
|
#[derive(Debug, Error, Diagnostic)]
|
|
|
|
pub enum BFFHError {
|
|
|
|
#[error("DB operation failed")]
|
|
|
|
DBError(
|
|
|
|
#[from]
|
|
|
|
#[source]
|
|
|
|
db::Error,
|
|
|
|
),
|
|
|
|
#[error("failed to initialize global user store")]
|
|
|
|
UsersError(
|
|
|
|
#[from]
|
|
|
|
#[source]
|
|
|
|
users::Error,
|
|
|
|
),
|
|
|
|
#[error("failed to initialize state database")]
|
|
|
|
StateDBError(
|
|
|
|
#[from]
|
|
|
|
#[source]
|
|
|
|
resources::state::db::StateDBError,
|
|
|
|
),
|
|
|
|
#[error("audit log failed")]
|
|
|
|
AuditLogError(
|
|
|
|
#[from]
|
|
|
|
#[source]
|
|
|
|
audit::Error,
|
|
|
|
),
|
|
|
|
#[error("Failed to initialize signal handler")]
|
|
|
|
SignalsError(#[source] std::io::Error),
|
|
|
|
#[error("error in actor subsystem")]
|
|
|
|
ActorError(
|
|
|
|
#[from]
|
|
|
|
#[source]
|
|
|
|
actors::ActorError,
|
|
|
|
),
|
|
|
|
#[error("failed to initialize TLS config")]
|
|
|
|
TlsSetup(
|
|
|
|
#[from]
|
|
|
|
#[source]
|
|
|
|
tls::Error,
|
|
|
|
),
|
|
|
|
#[error("API handler failed")]
|
|
|
|
ApiError(
|
|
|
|
#[from]
|
|
|
|
#[source]
|
|
|
|
capnp::Error,
|
|
|
|
),
|
|
|
|
}
|
|
|
|
|
2022-03-11 22:13:54 +01:00
|
|
|
impl Diflouroborane {
|
2022-07-24 16:39:33 +02:00
|
|
|
pub fn setup() {}
|
2022-07-24 16:07:49 +02:00
|
|
|
|
2022-12-25 11:54:36 +01:00
|
|
|
pub fn new(config: Config) -> Result<Self, BFFHError> {
|
2022-06-21 22:23:55 +02:00
|
|
|
let mut server = logging::init(&config.logging);
|
2022-06-22 14:43:09 +02:00
|
|
|
let span = tracing::info_span!(
|
|
|
|
target: "bffh",
|
|
|
|
"bffh"
|
|
|
|
);
|
|
|
|
let span2 = span.clone();
|
|
|
|
let _guard = span2.enter();
|
2022-05-14 15:36:32 +02:00
|
|
|
tracing::info!(version = env::VERSION, "Starting BFFH");
|
2022-03-11 22:13:54 +01:00
|
|
|
|
2022-03-15 19:13:55 +01:00
|
|
|
let executor = Executor::new();
|
2022-03-11 22:13:54 +01:00
|
|
|
|
2022-06-21 22:23:55 +02:00
|
|
|
if let Some(aggregator) = server.aggregator.take() {
|
|
|
|
executor.spawn(aggregator.run());
|
|
|
|
}
|
2022-06-22 19:01:51 +02:00
|
|
|
tracing::info!("Server is being spawned");
|
|
|
|
let handle = executor.spawn(server.serve());
|
2022-06-24 12:25:52 +02:00
|
|
|
executor.spawn(handle.map(|result| match result {
|
|
|
|
Some(Ok(())) => {
|
|
|
|
tracing::info!("console server finished without error");
|
2022-06-22 19:01:51 +02:00
|
|
|
}
|
2022-06-24 12:25:52 +02:00
|
|
|
Some(Err(error)) => {
|
|
|
|
tracing::info!(%error, "console server finished with error");
|
|
|
|
}
|
|
|
|
None => {
|
|
|
|
tracing::info!("console server finished with panic");
|
|
|
|
}
|
|
|
|
}));
|
2022-06-21 22:23:55 +02:00
|
|
|
|
2022-06-02 17:46:26 +02:00
|
|
|
let env = StateDB::open_env(&config.db_path)?;
|
|
|
|
|
|
|
|
let statedb = StateDB::create_with_env(env.clone())?;
|
2022-03-13 22:50:37 +01:00
|
|
|
|
2022-06-02 17:46:26 +02:00
|
|
|
let users = Users::new(env.clone())?;
|
2022-03-15 19:13:55 +01:00
|
|
|
let roles = Roles::new(config.roles.clone());
|
2022-03-13 22:50:37 +01:00
|
|
|
|
2022-12-25 11:54:36 +01:00
|
|
|
let _audit_log = AuditLog::new(&config)?;
|
2022-03-20 22:46:04 +01:00
|
|
|
|
2022-03-13 20:33:26 +01:00
|
|
|
let resources = ResourcesHandle::new(config.machines.iter().map(|(id, desc)| {
|
2022-05-05 15:50:44 +02:00
|
|
|
Resource::new(Arc::new(resources::Inner::new(
|
|
|
|
id.to_string(),
|
|
|
|
statedb.clone(),
|
|
|
|
desc.clone(),
|
|
|
|
)))
|
2022-03-13 20:33:26 +01:00
|
|
|
}));
|
2023-01-09 16:58:32 +01:00
|
|
|
RESOURCES.set(resources.clone()).unwrap();
|
|
|
|
CONFIG.set(config.clone()).unwrap();
|
2022-03-13 21:54:48 +01:00
|
|
|
|
2022-05-05 15:50:44 +02:00
|
|
|
Ok(Self {
|
|
|
|
config,
|
|
|
|
executor,
|
|
|
|
statedb,
|
|
|
|
users,
|
|
|
|
roles,
|
|
|
|
resources,
|
2022-06-22 14:43:09 +02:00
|
|
|
span,
|
2022-05-05 15:50:44 +02:00
|
|
|
})
|
2022-03-15 19:13:55 +01:00
|
|
|
}
|
|
|
|
|
2022-12-25 11:54:36 +01:00
|
|
|
pub fn run(&mut self) -> Result<(), BFFHError> {
|
2022-06-22 14:43:09 +02:00
|
|
|
let _guard = self.span.enter();
|
2022-05-05 15:50:44 +02:00
|
|
|
let mut signals = signal_hook_async_std::Signals::new(&[SIGINT, SIGQUIT, SIGTERM])
|
2022-12-25 11:54:36 +01:00
|
|
|
.map_err(BFFHError::SignalsError)?;
|
2022-03-15 19:13:55 +01:00
|
|
|
|
2022-06-07 14:05:46 +02:00
|
|
|
let sessionmanager = SessionManager::new(self.users.clone(), self.roles.clone());
|
|
|
|
let authentication = AuthenticationHandle::new(self.users.clone());
|
|
|
|
|
|
|
|
initiators::load(
|
|
|
|
self.executor.clone(),
|
|
|
|
&self.config,
|
|
|
|
self.resources.clone(),
|
|
|
|
sessionmanager.clone(),
|
|
|
|
authentication.clone(),
|
|
|
|
);
|
2022-03-15 19:13:55 +01:00
|
|
|
actors::load(self.executor.clone(), &self.config, self.resources.clone())?;
|
2022-03-13 21:54:48 +01:00
|
|
|
|
2022-12-25 11:54:36 +01:00
|
|
|
let tlsconfig = TlsConfig::new(self.config.tlskeylog.as_ref(), !self.config.is_quiet())?;
|
2022-03-15 19:13:55 +01:00
|
|
|
let acceptor = tlsconfig.make_tls_acceptor(&self.config.tlsconfig)?;
|
2022-03-11 22:13:54 +01:00
|
|
|
|
2022-05-05 15:50:44 +02:00
|
|
|
let apiserver = self.executor.run(APIServer::bind(
|
|
|
|
self.executor.clone(),
|
|
|
|
&self.config.listens,
|
|
|
|
acceptor,
|
|
|
|
sessionmanager,
|
|
|
|
authentication,
|
|
|
|
))?;
|
2022-03-11 22:13:54 +01:00
|
|
|
|
2022-03-11 22:43:50 +01:00
|
|
|
let (mut tx, rx) = async_oneshot::oneshot();
|
|
|
|
|
|
|
|
self.executor.spawn(apiserver.handle_until(rx));
|
|
|
|
|
|
|
|
let f = async {
|
|
|
|
let mut sig = None;
|
|
|
|
while {
|
|
|
|
sig = signals.next().await;
|
|
|
|
sig.is_none()
|
|
|
|
} {}
|
|
|
|
tracing::info!(signal = %sig.unwrap(), "Received signal");
|
|
|
|
tx.send(());
|
|
|
|
};
|
|
|
|
|
|
|
|
self.executor.run(f);
|
2022-03-11 22:13:54 +01:00
|
|
|
Ok(())
|
|
|
|
}
|
2022-03-13 21:30:26 +01:00
|
|
|
}
|
2022-07-24 16:07:49 +02:00
|
|
|
|
|
|
|
struct ShutdownHandler {
|
|
|
|
tasks: Vec<RecoverableHandle<()>>,
|
|
|
|
}
|
|
|
|
impl ShutdownHandler {
|
|
|
|
pub fn new(tasks: Vec<RecoverableHandle<()>>) -> Self {
|
|
|
|
Self { tasks }
|
|
|
|
}
|
|
|
|
|
|
|
|
pub fn shutdown(&mut self) {
|
|
|
|
for handle in self.tasks.drain(..) {
|
|
|
|
handle.cancel()
|
|
|
|
}
|
|
|
|
}
|
2022-07-24 16:39:33 +02:00
|
|
|
}
|