vmario/fabaccess-bffh
1
0
Fork 0
mirror of https://gitlab.com/fabinfra/fabaccess/bffh.git synced 2024-11-22 06:47:56 +01:00
Code Issues Packages Projects Releases Wiki Activity

Tracing and dumping

Browse Source
This commit is contained in:
Nadja Reitzenstein 2022-03-15 19:56:41 +01:00
parent 48003ef51c
commit 2e5f343d52
8 changed files with 50 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
bffhd/authorization/mod.rs
View File

@ -22,8 +22,4 @@ impl AuthorizationHandle {
let user = self.users.get_user(uid.as_ref())?; let user = self.users.get_user(uid.as_ref())?;
Some(user.userdata.roles.clone()) Some(user.userdata.roles.clone())
} }
pub fn is_permitted<'a>(&self, roles: impl IntoIterator<Item=&'a Role>, perm: impl AsRef<Permission>) -> bool {
unimplemented!()
}
} }

2
bffhd/capnp/authenticationsystem.rs
View File

@ -54,6 +54,8 @@ enum State {
impl AuthenticationSystem for Authentication { impl AuthenticationSystem for Authentication {
fn step(&mut self, params: StepParams, mut results: StepResults) -> Promise<(), Error> { fn step(&mut self, params: StepParams, mut results: StepResults) -> Promise<(), Error> {
let span = tracing::trace_span!("step");
let _guard = span.enter();
let mut builder = results.get(); let mut builder = results.get();
if let State::Running(mut session, manager) = if let State::Running(mut session, manager) =
std::mem::replace(&mut self.state, State::Aborted) std::mem::replace(&mut self.state, State::Aborted)

22
bffhd/capnp/connection.rs
View File

@ -1,3 +1,4 @@
use std::net::SocketAddr;
pub use api::connection_capnp::bootstrap::Client; pub use api::connection_capnp::bootstrap::Client;
use api::connection_capnp::bootstrap; use api::connection_capnp::bootstrap;
@ -10,13 +11,16 @@ use crate::session::SessionManager;
/// Cap'n Proto API Handler /// Cap'n Proto API Handler
pub struct BootCap { pub struct BootCap {
peer_addr: SocketAddr,
authentication: AuthenticationHandle, authentication: AuthenticationHandle,
sessionmanager: SessionManager, sessionmanager: SessionManager,
} }
impl BootCap { impl BootCap {
pub fn new(authentication: AuthenticationHandle, sessionmanager: SessionManager) -> Self { pub fn new(peer_addr: SocketAddr, authentication: AuthenticationHandle, sessionmanager: SessionManager) -> Self {
tracing::trace!(%peer_addr, "bootstrapping RPC");
Self { Self {
peer_addr,
authentication, authentication,
sessionmanager, sessionmanager,
} }
@ -29,6 +33,8 @@ impl bootstrap::Server for BootCap {
_: bootstrap::GetAPIVersionParams, _: bootstrap::GetAPIVersionParams,
_: bootstrap::GetAPIVersionResults, _: bootstrap::GetAPIVersionResults,
) -> Promise<(), ::capnp::Error> { ) -> Promise<(), ::capnp::Error> {
let span = tracing::trace_span!("get_api_version", peer_addr=%self.peer_addr);
let _guard = span.enter();
Promise::ok(()) Promise::ok(())
} }
@ -37,6 +43,8 @@ impl bootstrap::Server for BootCap {
_: bootstrap::GetServerReleaseParams, _: bootstrap::GetServerReleaseParams,
mut result: bootstrap::GetServerReleaseResults, mut result: bootstrap::GetServerReleaseResults,
) -> Promise<(), ::capnp::Error> { ) -> Promise<(), ::capnp::Error> {
let span = tracing::trace_span!("get_server_release", peer_addr=%self.peer_addr);
let _guard = span.enter();
let mut builder = result.get(); let mut builder = result.get();
builder.set_name("bffhd"); builder.set_name("bffhd");
builder.set_release(crate::RELEASE_STRING); builder.set_release(crate::RELEASE_STRING);
@ -45,9 +53,14 @@ impl bootstrap::Server for BootCap {
fn mechanisms( fn mechanisms(
&mut self, &mut self,
_: bootstrap::MechanismsParams, params: bootstrap::MechanismsParams,
mut result: bootstrap::MechanismsResults, mut result: bootstrap::MechanismsResults,
) -> Promise<(), ::capnp::Error> { ) -> Promise<(), ::capnp::Error> {
let span = tracing::trace_span!("mechanisms", peer_addr=%self.peer_addr);
let _guard = span.enter();
tracing::trace!("mechanisms");
let mut builder = result.get(); let mut builder = result.get();
let mechs: Vec<_> = self.authentication.list_available_mechs() let mechs: Vec<_> = self.authentication.list_available_mechs()
.into_iter() .into_iter()
@ -66,9 +79,14 @@ impl bootstrap::Server for BootCap {
params: bootstrap::CreateSessionParams, params: bootstrap::CreateSessionParams,
mut result: bootstrap::CreateSessionResults, mut result: bootstrap::CreateSessionResults,
) -> Promise<(), ::capnp::Error> { ) -> Promise<(), ::capnp::Error> {
let span = tracing::trace_span!("create_session", peer_addr=%self.peer_addr);
let _guard = span.enter();
let params = pry!(params.get()); let params = pry!(params.get());
let mechanism: &str = pry!(params.get_mechanism()); let mechanism: &str = pry!(params.get_mechanism());
tracing::trace!(mechanism);
let mechname = Mechname::new(mechanism.as_bytes()); let mechname = Mechname::new(mechanism.as_bytes());
let auth = if let Ok(mechname) = mechname { let auth = if let Ok(mechname) = mechname {
if let Ok(session) = self.authentication.start(mechname) { if let Ok(session) = self.authentication.start(mechname) {

19
bffhd/capnp/mod.rs
View File

@ -16,7 +16,9 @@ use std::fs::File;
use std::future::Future; use std::future::Future;
use std::io; use std::io;
use std::io::BufReader; use std::io::BufReader;
use std::net::SocketAddr;
use std::sync::Arc; use std::sync::Arc;
use nix::sys::socket::SockAddr;
use crate::authentication::AuthenticationHandle; use crate::authentication::AuthenticationHandle;
use crate::authorization::AuthorizationHandle; use crate::authorization::AuthorizationHandle;
@ -107,6 +109,8 @@ impl APIServer {
.collect() .collect()
.await; .await;
tracing::info!("listening on {:?}", sockets);
if sockets.is_empty() { if sockets.is_empty() {
tracing::warn!("No usable listen addresses configured for the API server!"); tracing::warn!("No usable listen addresses configured for the API server!");
} }
@ -123,16 +127,25 @@ impl APIServer {
.take_until(stop) .take_until(stop)
.for_each(|stream| async { .for_each(|stream| async {
match stream { match stream {
Ok(stream) => self.handle(self.acceptor.accept(stream)), Ok(stream) => {
if let Ok(peer_addr) = stream.peer_addr() {
self.handle(peer_addr, self.acceptor.accept(stream))
} else {
tracing::error!(?stream, "failing a TCP connection with no peer addr");
}
},
Err(e) => tracing::warn!("Failed to accept stream: {}", e), Err(e) => tracing::warn!("Failed to accept stream: {}", e),
} }
}); }).await;
tracing::info!("closing down API handler");
} }
fn handle<IO: 'static + Unpin + AsyncRead + AsyncWrite>( fn handle<IO: 'static + Unpin + AsyncRead + AsyncWrite>(
&self, &self,
peer_addr: SocketAddr,
stream: impl Future<Output = io::Result<TlsStream<IO>>>, stream: impl Future<Output = io::Result<TlsStream<IO>>>,
) { ) {
tracing::debug!("handling new API connection");
let f = async move { let f = async move {
let stream = match stream.await { let stream = match stream.await {
Ok(stream) => stream, Ok(stream) => stream,
@ -144,7 +157,7 @@ impl APIServer {
let (rx, tx) = futures_lite::io::split(stream); let (rx, tx) = futures_lite::io::split(stream);
let vat = VatNetwork::new(rx, tx, Side::Server, Default::default()); let vat = VatNetwork::new(rx, tx, Side::Server, Default::default());
let bootstrap: connection::Client = capnp_rpc::new_client(connection::BootCap::new(self.authentication.clone(), self.sessionmanager.clone())); let bootstrap: connection::Client = capnp_rpc::new_client(connection::BootCap::new(peer_addr, self.authentication.clone(), self.sessionmanager.clone()));
if let Err(e) = RpcSystem::new(Box::new(vat), Some(bootstrap.client)).await { if let Err(e) = RpcSystem::new(Box::new(vat), Some(bootstrap.client)).await {
tracing::error!("Error during RPC handling: {}", e); tracing::error!("Error during RPC handling: {}", e);

10
bffhd/db/mod.rs
View File

@ -49,10 +49,10 @@ use rkyv::Infallible;
use crate::resources::state::{State, db::StateDB}; use crate::resources::state::{State, db::StateDB};
use std::iter::FromIterator; use std::iter::FromIterator;
use std::ops::Deref; use std::ops::Deref;
use crate::authentication::db::PassDB;
use crate::resources::search::ResourcesHandle; use crate::resources::search::ResourcesHandle;
use crate::utils::oid::{ArchivedObjectIdentifier, ObjectIdentifier}; use crate::utils::oid::{ArchivedObjectIdentifier, ObjectIdentifier};
use crate::resources::state::value::SerializeValue; use crate::resources::state::value::SerializeValue;
use crate::Users;
#[derive(Debug)] #[derive(Debug)]
pub enum DBError { pub enum DBError {
@ -130,14 +130,12 @@ impl<V: Serialize<AlignedSerializer<AlignedVec>>> Adapter for AlignedAdapter<V>
#[derive(Debug, serde::Serialize)] #[derive(Debug, serde::Serialize)]
pub struct Dump { pub struct Dump {
users: HashMap<String, User>, users: HashMap<String, User>,
passwds: HashMap<String, String>,
states: HashMap<String, State>, states: HashMap<String, State>,
} }
impl Dump { impl Dump {
pub fn new(userdb: UserDB, passdb: PassDB, resources: ResourcesHandle) -> Result<Self> { pub fn new(userdb: Users, resources: ResourcesHandle) -> Result<Self> {
let users = HashMap::from_iter(userdb.get_all()?.into_iter()); let users = HashMap::from_iter(userdb.into_inner().get_all()?.into_iter());
let passwds = HashMap::from_iter(passdb.get_all()?.into_iter());
let mut states = HashMap::new(); let mut states = HashMap::new();
for resource in resources.list_all().into_iter() { for resource in resources.list_all().into_iter() {
if let Some(output) = resource.get_raw_state() { if let Some(output) = resource.get_raw_state() {
@ -147,6 +145,6 @@ impl Dump {
} }
} }
Ok(Self { users, passwds, states }) Ok(Self { users, states })
} }
} }

2
bffhd/resources/state/db.rs
View File

@ -47,7 +47,7 @@ impl StateDB {
| EnvironmentFlags::NO_SUB_DIR | EnvironmentFlags::NO_SUB_DIR
| EnvironmentFlags::NO_TLS | EnvironmentFlags::NO_TLS
| EnvironmentFlags::NO_READAHEAD) | EnvironmentFlags::NO_READAHEAD)
.set_max_dbs(2) .set_max_dbs(4)
.open(path.as_ref()) .open(path.as_ref())
.map(Arc::new) .map(Arc::new)
} }

5
bffhd/users/mod.rs
View File

@ -25,7 +25,6 @@ use std::sync::Arc;
pub mod db; pub mod db;
pub use crate::authentication::db::PassDB;
use crate::authorization::roles::Role; use crate::authorization::roles::Role;
use crate::db::LMDBorrow; use crate::db::LMDBorrow;
use crate::users::db::UserData; use crate::users::db::UserData;
@ -80,6 +79,10 @@ impl Users {
Ok(Self { userdb }) Ok(Self { userdb })
} }
pub(crate) fn into_inner(self) -> &'static UserDB {
self.userdb
}
pub fn get_user(&self, uid: &str) -> Option<db::User> { pub fn get_user(&self, uid: &str) -> Option<db::User> {
tracing::trace!(uid, "Looking up user"); tracing::trace!(uid, "Looking up user");
self.userdb self.userdb

4
bin/bffhd/main.rs
View File

@ -112,7 +112,9 @@ fn main() -> anyhow::Result<()> {
let mut config = config::read(&PathBuf::from_str(configpath).unwrap()).unwrap(); let mut config = config::read(&PathBuf::from_str(configpath).unwrap()).unwrap();
if matches.is_present("dump") { if matches.is_present("dump") {
unimplemented!() let bffh = Diflouroborane::new(config)?;
let dump = Dump::new(bffh.users, bffh.resources)?;
println!("{:?}", dump);
} else if matches.is_present("load") { } else if matches.is_present("load") {
let bffh = Diflouroborane::new(config)?; let bffh = Diflouroborane::new(config)?;
bffh.users.load_file(matches.value_of("load").unwrap()); bffh.users.load_file(matches.value_of("load").unwrap());