vmario/fabaccess-bffh
1
0
Fork 0
mirror of https://gitlab.com/fabinfra/fabaccess/bffh.git synced 2024-11-22 14:57:56 +01:00
Code Issues Packages Projects Releases Wiki Activity

Modules renaming

Browse Source
This commit is contained in:
Nadja Reitzenstein 2022-03-08 16:41:38 +01:00
parent f932ff8e7a
commit 10e4ff080c
13 changed files with 112 additions and 254 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Cargo.lock generated
View File

@ -739,6 +739,7 @@ dependencies = [
"futures-test", "futures-test",
"futures-util", "futures-util",
"inventory", "inventory",
"lazy_static",
"libc", "libc",
"lmdb-rkv", "lmdb-rkv",
"once_cell", "once_cell",

1
Cargo.toml
View File

@ -75,6 +75,7 @@ serde_dhall = { version = "0.10.1", default-features = false }
serde_json = "1.0" serde_json = "1.0"
once_cell = "1.8" once_cell = "1.8"
lazy_static = "1.4.0"
rustls = "0.20" rustls = "0.20"
futures-rustls = "0.22" futures-rustls = "0.22"

94
bffhd/capnp/authentication.rs Normal file
View File

@ -0,0 +1,94 @@
use std::io::Cursor;
use capnp::capability::Promise;
use capnp::Error;
use capnp_rpc::pry;
use rsasl::session::{Session, Step};
use api::auth::authentication::{
Server,
AbortParams,
AbortResults,
StepParams,
StepResults,
};
use api::auth::response::{
Reason,
Action,
};
pub struct Authentication {
state: State,
}
enum State {
InvalidMechanism,
Finished,
Aborted,
Running(Session)
}
impl Server for Authentication {
fn step(&mut self, params: StepParams, mut results: StepResults) -> Promise<(), Error> {
use State::*;
let new = match self.state {
InvalidMechanism => {
let builder = results.get();
let mut b = builder.init_error();
b.set_reason(Reason::BadMechanism);
b.set_action(Action::Permanent);
None
},
Finished => {
let builder = results.get();
let mut b = builder.init_error();
b.set_reason(Reason::Finished);
b.set_action(Action::Permanent);
None
},
Aborted => {
let builder = results.get();
let mut b = builder.init_error();
b.set_reason(Reason::Aborted);
b.set_action(Action::Permanent);
None
},
Running(ref mut session) => {
// TODO: If null what happens?
let data: &[u8] = pry!(pry!(params.get()).get_data());
let mut builder = results.get();
let mut out = Cursor::new(Vec::new());
match session.step(Some(data), &mut out) {
Ok(Step::Done(data)) => {
let mut b = builder.init_successful();
let mut session_builder = b.init_session();
let session = super::session::Session::new();
session.build(&mut session_builder);
Some(State::Finished)
},
Ok(Step::NeedsMore(data)) => {
//builder.set_challenge(data.deref());
None
},
Err(_) => {
let mut b = builder.init_error();
b.set_reason(Reason::Aborted);
b.set_action(Action::Permanent);
Some(State::Aborted)
}
}
}
};
if let Some(new) = new {
std::mem::replace(&mut self.state, new);
}
Promise::ok(())
}
fn abort(&mut self, _: AbortParams, _: AbortResults) -> Promise<(), Error> {
std::mem::replace(&mut self.state, State::Aborted);
Promise::ok(())
}
}

24
bffhd/server/mod.rs → bffhd/capnp/mod.rs
View File

@ -1,17 +1,12 @@
use std::future::Future; use std::future::Future;
use futures_util::future::FutureExt;
use async_rustls::TlsStream;
use capnp::capability::Promise; use capnp::capability::Promise;
use capnp::Error; use capnp::Error;
use capnp_rpc::rpc_twoparty_capnp::Side; use futures_rustls::server::TlsStream;
use capnp_rpc::RpcSystem; use futures_util::{AsyncRead, AsyncWrite};
use capnp_rpc::twoparty::VatNetwork;
use smol::io::{AsyncRead, AsyncWrite};
use crate::error::Result; use crate::error::Result;
use api::bootstrap::{ use api::bootstrap::{
Client,
Server, Server,
MechanismsParams, MechanismsParams,
MechanismsResults, MechanismsResults,
@ -33,19 +28,8 @@ impl APIHandler {
pub fn handle<IO: 'static + Unpin + AsyncRead + AsyncWrite>(&mut self, stream: TlsStream<IO>) pub fn handle<IO: 'static + Unpin + AsyncRead + AsyncWrite>(&mut self, stream: TlsStream<IO>)
-> impl Future<Output = Result<()>> -> impl Future<Output = Result<()>>
{ {
let (mut reader, mut writer) = smol::io::split(stream); unimplemented!();
futures_util::future::ready(Ok(()))
let bootstrap = ApiSystem {};
let rpc: Client = capnp_rpc::new_client(bootstrap);
let network = VatNetwork::new(
reader,
writer,
Side::Server,
Default::default(),
);
let rpc_system = RpcSystem::new(Box::new(network), Some(rpc.client));
rpc_system.map(|r| r.map_err(Into::into))
} }
} }

0
bffhd/server/resources.rs → bffhd/capnp/resources.rs
View File

4
bffhd/server/session.rs → bffhd/capnp/session.rs
View File

@ -1,6 +1,6 @@
use api::session::Builder; use api::session::Builder;
use crate::server::resources::Resources; use crate::capnp::resources::Resources;
use crate::server::users::Users; use crate::capnp::users::Users;
#[derive(Debug, Clone)] #[derive(Debug, Clone)]
pub struct Session { pub struct Session {

0
bffhd/server/users.rs → bffhd/capnp/users.rs
View File

8
bffhd/error.rs
View File

@ -1,12 +1,12 @@
use std::io; use std::io;
use std::fmt; use std::fmt;
use rsasl::SaslError; use rsasl::error::SessionError;
use crate::db::DBError; use crate::db::DBError;
#[derive(Debug)] #[derive(Debug)]
/// Shared error type /// Shared error type
pub enum Error { pub enum Error {
SASL(SaslError), SASL(SessionError),
IO(io::Error), IO(io::Error),
Boxed(Box<dyn std::error::Error>), Boxed(Box<dyn std::error::Error>),
Capnp(capnp::Error), Capnp(capnp::Error),
@ -39,8 +39,8 @@ impl fmt::Display for Error {
} }
} }
impl From<SaslError> for Error { impl From<SessionError> for Error {
fn from(e: SaslError) -> Error { fn from(e: SessionError) -> Error {
Error::SASL(e) Error::SASL(e)
} }
} }

5
bffhd/initiators/mod.rs
View File

@ -5,7 +5,6 @@ use async_channel as channel;
use async_oneshot as oneshot; use async_oneshot as oneshot;
use futures_signals::signal::Signal; use futures_signals::signal::Signal;
use futures_util::future::BoxFuture; use futures_util::future::BoxFuture;
use smol::future::FutureExt;
use crate::resource::{Error, Update}; use crate::resource::{Error, Update};
use crate::resource::claim::{ResourceID, UserID}; use crate::resource::claim::{ResourceID, UserID};
use crate::resource::state::State; use crate::resource::state::State;
@ -126,7 +125,7 @@ impl<S: Signal<Item=ResourceSink> + Unpin, I: Initiator + Unpin> Future for Init
// If we've send an update to the resource in question we have error channel set, so // If we've send an update to the resource in question we have error channel set, so
// we poll that first to determine if the resource has acted on it yet. // we poll that first to determine if the resource has acted on it yet.
if let Some(ref mut errchan) = self.error_channel { if let Some(ref mut errchan) = self.error_channel {
match errchan.poll(cx) { match Pin::new(errchan).poll(cx) {
// In case there's an ongoing // In case there's an ongoing
Poll::Pending => return Poll::Pending, Poll::Pending => return Poll::Pending,
Poll::Ready(Ok(error)) => { Poll::Ready(Ok(error)) => {
@ -142,7 +141,7 @@ impl<S: Signal<Item=ResourceSink> + Unpin, I: Initiator + Unpin> Future for Init
} }
if let Some(ref mut init_fut) = self.initiator_future { if let Some(ref mut init_fut) = self.initiator_future {
match init_fut.poll(cx) { match init_fut.as_mut().poll(cx) {
Poll::Pending => return Poll::Pending, Poll::Pending => return Poll::Pending,
Poll::Ready(Ok(())) => {}, Poll::Ready(Ok(())) => {},
Poll::Ready(Err(_e)) => { Poll::Ready(Err(_e)) => {

4
bffhd/lib.rs
View File

@ -5,7 +5,7 @@
//! Diflouroborane //! Diflouroborane
//! //!
//! This is the server component of the FabAccess project. //! This is the capnp component of the FabAccess project.
//! The entry point of bffhd can be found in [bin/bffhd/main.rs](../bin/bffhd/main.rs) //! The entry point of bffhd can be found in [bin/bffhd/main.rs](../bin/bffhd/main.rs)
/// Internal Databases build on top of LMDB, a mmap()'ed B-tree DB optimized for reads /// Internal Databases build on top of LMDB, a mmap()'ed B-tree DB optimized for reads
@ -29,6 +29,6 @@ pub mod initiators;
pub mod sensors; pub mod sensors;
pub mod server; pub mod capnp;
pub mod utils; pub mod utils;

221
bffhd/server/authentication.rs
View File

@ -1,221 +0,0 @@
use api::utils::l10n_string;
use crate::error;
use std::ops::Deref;
use capnp::capability::Promise;
use capnp::Error;
use capnp_rpc::pry;
use rsasl::{rsasl_err_to_str, SASL, Session as SaslSession, Property, ReturnCode, RSASL, DiscardOnDrop, Mechanisms};
use rsasl::session::Step::{Done, NeedsMore};
use api::auth::authentication::{
Server,
AbortParams,
AbortResults,
StepParams,
StepResults,
};
use api::auth::response::{
Reason,
Action,
};
use crate::users::{UserDB, PassDB};
#[derive(Debug)]
pub struct AuthenticationProvider {
sasl: RSASL<AppData, SessionData>,
}
impl AuthenticationProvider {
pub fn new() -> error::Result<Self> {
let sasl = SASL::new()?;
Ok(Self { sasl })
}
pub fn mechanisms(&self) -> error::Result<Mechanisms> {
Ok(self.sasl.server_mech_list()?)
}
pub fn try_start_session(&mut self, mechanism: &str) -> error::Result<Authentication> {
let session = self.sasl.server_start(mechanism)?;
Ok(Authentication {
state: State::Running(session),
})
}
pub fn bad_mechanism(&self) -> Authentication {
Authentication {
state: State::InvalidMechanism,
}
}
pub fn start_session(&mut self, mechanism: &str) -> Authentication {
self.try_start_session(mechanism)
.unwrap_or_else(|_| self.bad_mechanism())
}
}
#[derive(Debug)]
struct Callback;
#[derive(Debug)]
struct AppData {
userdb: UserDB,
passdb: PassDB,
}
#[derive(Debug)]
struct SessionData;
impl rsasl::Callback<AppData, SessionData> for Callback {
fn callback(sasl: &mut SASL<AppData, SessionData>,
session: &mut SaslSession<SessionData>,
prop: Property
) -> Result<(), ReturnCode>
{
match prop {
Property::GSASL_VALIDATE_SIMPLE => {
// Access the authentication id, i.e. the username to check the password for
let authcid = session
.get_property(Property::GSASL_AUTHID)
.ok_or(rsasl::GSASL_NO_AUTHID)
.map_err(|_| rsasl::GSASL_NO_AUTHID)
.and_then(|cstr| cstr.to_str()
.map_err(|_| rsasl::GSASL_NO_AUTHID))?;
// Access the password itself
let password = session
.get_property(Property::GSASL_PASSWORD)
.ok_or(rsasl::GSASL_NO_PASSWORD)
.and_then(|cstr| cstr.to_str()
.map_err(|_| rsasl::GSASL_NO_AUTHID))?;
let AppData { userdb: _, passdb } = sasl.retrieve_mut()
.ok_or(rsasl::GSASL_NO_CALLBACK)?;
if let Ok(Some(Ok(true))) = passdb.verify_password(authcid, &password.as_bytes()) {
Ok(())
} else {
Err(rsasl::GSASL_AUTHENTICATION_ERROR)
}
},
_ => Err(rsasl::GSASL_NO_CALLBACK),
}
}
}
#[derive(Debug)]
pub struct Authentication {
state: State<SessionData>,
}
#[derive(Debug)]
enum State<E> {
InvalidMechanism,
Finished,
Aborted,
Running(DiscardOnDrop<SaslSession<E>>)
}
impl Server for Authentication {
fn step(&mut self, params: StepParams, mut results: StepResults) -> Promise<(), Error> {
use State::*;
let new = match self.state {
InvalidMechanism => {
let builder = results.get();
let mut b = builder.init_error();
b.set_reason(Reason::BadMechanism);
b.set_action(Action::Permanent);
None
},
Finished => {
let builder = results.get();
let mut b = builder.init_error();
b.set_reason(Reason::Finished);
b.set_action(Action::Permanent);
None
},
Aborted => {
let builder = results.get();
let mut b = builder.init_error();
b.set_reason(Reason::Aborted);
b.set_action(Action::Permanent);
None
},
Running(ref mut session) => {
// TODO: If null what happens?
let data: &[u8] = pry!(pry!(params.get()).get_data());
let mut builder = results.get();
match session.step(data) {
Ok(Done(data)) => {
let mut b = builder.init_successful();
if !data.is_empty() {
b.reborrow().set_additional_data(data.deref())
}
let mut session_builder = b.init_session();
let session = super::session::Session::new();
session.build(&mut session_builder);
Some(State::Finished)
},
Ok(NeedsMore(data)) => {
builder.set_challenge(data.deref());
None
},
Err(_) => {
let mut b = builder.init_error();
b.set_reason(Reason::Aborted);
b.set_action(Action::Permanent);
Some(State::Aborted)
}
}
}
};
if let Some(new) = new {
std::mem::replace(&mut self.state, new);
}
Promise::ok(())
}
fn abort(&mut self, _: AbortParams, _: AbortResults) -> Promise<(), Error> {
std::mem::replace(&mut self.state, State::Aborted);
Promise::ok(())
}
}
#[repr(transparent)]
struct SaslE {
e: ReturnCode,
}
impl l10n_string::Server for SaslE {
fn get(&mut self,
params: l10n_string::GetParams,
mut results: l10n_string::GetResults
) -> Promise<(), Error>
{
let lang = pry!(pry!(params.get()).get_lang());
if lang == "en" {
let mut builder = results.get();
builder.set_lang("en");
builder.set_content(rsasl_err_to_str(self.e)
.unwrap_or("Unknown gsasl error"));
}
Promise::ok(())
}
fn available(
&mut self,
_: l10n_string::AvailableParams,
mut results: l10n_string::AvailableResults
) -> Promise<(), Error> {
let builder = results.get();
let mut langs = builder.init_langs(1);
langs.set(0, "en");
Promise::ok(())
}
}

2
bin/bffhd/main.rs
View File

@ -150,7 +150,7 @@ fn main() -> Result<(), Error> {
ex.spawn(init).detach(); ex.spawn(init).detach();
} }
server::serve_api_connections(log.clone(), config, db, network, ex) capnp::serve_api_connections(log.clone(), config, db, network, ex)
} }
*/ */

2
runtime/executor/src/lib.rs
View File

@ -10,7 +10,7 @@
//! Main differences between other executors are: //! Main differences between other executors are:
//! * Uses SMP based execution scheme to exploit cache affinity on multiple cores and execution is //! * Uses SMP based execution scheme to exploit cache affinity on multiple cores and execution is
//! equally distributed over the system resources, which means utilizing the all system. //! equally distributed over the system resources, which means utilizing the all system.
//! * Uses NUMA-aware allocation for scheduler's queues and exploit locality on server workloads. //! * Uses NUMA-aware allocation for scheduler's queues and exploit locality on capnp workloads.
//! * Tailored for creating middleware and working with actor model like concurrency and distributed communication. //! * Tailored for creating middleware and working with actor model like concurrency and distributed communication.
//! //!
//! **NOTE:** Bastion Executor is independent of it's framework implementation. //! **NOTE:** Bastion Executor is independent of it's framework implementation.