vmario/fabaccess-bffh
1
0
Fork 0
mirror of https://gitlab.com/fabinfra/fabaccess/bffh.git synced 2024-11-22 14:57:56 +01:00
Code Issues Packages Projects Releases Wiki Activity

Remove old code

Browse Source
This commit is contained in:
Nadja Reitzenstein 2021-10-27 18:01:15 +02:00
parent a14d3fa072
commit 4844fcc0c9
23 changed files with 253 additions and 2451 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

245
Cargo.lock generated
View File

@ -146,6 +146,18 @@ dependencies = [
"event-listener", "event-listener",
] ]
[[package]]
name = "async-native-tls"
version = "0.3.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9e9e7a929bd34c68a82d58a4de7f86fffdaf97fb2af850162a7bb19dd7269b33"
dependencies = [
"async-std",
"native-tls",
"thiserror",
"url",
]
[[package]] [[package]]
name = "async-net" name = "async-net"
version = "1.6.1" version = "1.6.1"
@ -183,6 +195,26 @@ dependencies = [
"winapi", "winapi",
] ]
[[package]]
name = "async-std"
version = "1.10.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f8056f1455169ab86dd47b47391e4ab0cbd25410a70e9fe675544f49bafaf952"
dependencies = [
"async-channel",
"async-lock",
"crossbeam-utils",
"futures-channel",
"futures-core",
"futures-io",
"memchr",
"once_cell",
"pin-project-lite",
"pin-utils",
"slab",
"wasm-bindgen-futures",
]
[[package]] [[package]]
name = "async-task" name = "async-task"
version = "4.0.3" version = "4.0.3"
@ -323,6 +355,12 @@ dependencies = [
"once_cell", "once_cell",
] ]
[[package]]
name = "bumpalo"
version = "3.8.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8f1e260c3a9040a7c19a12468758f4c16f31a81a1fe087482be9570ec864bb6c"
[[package]] [[package]]
name = "byte-tools" name = "byte-tools"
version = "0.3.1" version = "0.3.1"
@ -487,6 +525,22 @@ version = "0.1.5"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "245097e9a4535ee1e3e3931fcfcd55a796a44c643e8596ff6566d68f09b87bbc" checksum = "245097e9a4535ee1e3e3931fcfcd55a796a44c643e8596ff6566d68f09b87bbc"
[[package]]
name = "core-foundation"
version = "0.9.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6888e10551bb93e424d8df1d07f1a8b4fceb0001a3a4b048bfc47554946f47b3"
dependencies = [
"core-foundation-sys",
"libc",
]
[[package]]
name = "core-foundation-sys"
version = "0.8.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5827cebf4670468b8772dd191856768aedcb1b0278a04f989f7766351917b9dc"
[[package]] [[package]]
name = "cpufeatures" name = "cpufeatures"
version = "0.2.1" version = "0.2.1"
@ -556,6 +610,7 @@ name = "diflouroborane"
version = "0.3.0" version = "0.3.0"
dependencies = [ dependencies = [
"async-channel", "async-channel",
"async-native-tls",
"async-oneshot", "async-oneshot",
"async-trait", "async-trait",
"bincode", "bincode",
@ -679,6 +734,21 @@ dependencies = [
"instant", "instant",
] ]
[[package]]
name = "foreign-types"
version = "0.3.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1"
dependencies = [
"foreign-types-shared",
]
[[package]]
name = "foreign-types-shared"
version = "0.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b"
[[package]] [[package]]
name = "form_urlencoded" name = "form_urlencoded"
version = "1.0.1" version = "1.0.1"
@ -1085,6 +1155,15 @@ version = "0.4.8"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b71991ff56294aa922b450139ee08b3bfc70982c6b2c7562771375cf73542dd4" checksum = "b71991ff56294aa922b450139ee08b3bfc70982c6b2c7562771375cf73542dd4"
[[package]]
name = "js-sys"
version = "0.3.55"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7cc9ffccd38c451a86bf13657df244e9c3f37493cce8e5e21e940963777acc84"
dependencies = [
"wasm-bindgen",
]
[[package]] [[package]]
name = "lazy_static" name = "lazy_static"
version = "1.4.0" version = "1.4.0"
@ -1185,6 +1264,24 @@ version = "2.4.1"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "308cc39be01b73d0d18f82a0e7b2a3df85245f84af96fdddc5d202d27e47b86a" checksum = "308cc39be01b73d0d18f82a0e7b2a3df85245f84af96fdddc5d202d27e47b86a"
[[package]]
name = "native-tls"
version = "0.2.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "48ba9f7719b5a0f42f338907614285fb5fd70e53858141f69898a1fb7203b24d"
dependencies = [
"lazy_static",
"libc",
"log",
"openssl",
"openssl-probe",
"openssl-sys",
"schannel",
"security-framework",
"security-framework-sys",
"tempfile",
]
[[package]] [[package]]
name = "nom" name = "nom"
version = "5.1.2" version = "5.1.2"
@ -1243,6 +1340,39 @@ version = "0.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5" checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5"
[[package]]
name = "openssl"
version = "0.10.36"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8d9facdb76fec0b73c406f125d44d86fdad818d66fef0531eec9233ca425ff4a"
dependencies = [
"bitflags",
"cfg-if 1.0.0",
"foreign-types",
"libc",
"once_cell",
"openssl-sys",
]
[[package]]
name = "openssl-probe"
version = "0.1.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "28988d872ab76095a6e6ac88d99b54fd267702734fd7ffe610ca27f533ddb95a"
[[package]]
name = "openssl-sys"
version = "0.9.67"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "69df2d8dfc6ce3aaf44b40dec6f487d5a886516cf6879c49e98e0710f310a058"
dependencies = [
"autocfg",
"cc",
"libc",
"pkg-config",
"vcpkg",
]
[[package]] [[package]]
name = "paho-mqtt" name = "paho-mqtt"
version = "0.8.0" version = "0.8.0"
@ -1677,12 +1807,45 @@ dependencies = [
"winapi-util", "winapi-util",
] ]
[[package]]
name = "schannel"
version = "0.1.19"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8f05ba609c234e60bee0d547fe94a4c7e9da733d1c962cf6e59efa4cd9c8bc75"
dependencies = [
"lazy_static",
"winapi",
]
[[package]] [[package]]
name = "seahash" name = "seahash"
version = "4.1.0" version = "4.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1c107b6f4780854c8b126e228ea8869f4d7b71260f962fefb57b996b8959ba6b" checksum = "1c107b6f4780854c8b126e228ea8869f4d7b71260f962fefb57b996b8959ba6b"
[[package]]
name = "security-framework"
version = "2.4.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "525bc1abfda2e1998d152c45cf13e696f76d0a4972310b22fac1658b05df7c87"
dependencies = [
"bitflags",
"core-foundation",
"core-foundation-sys",
"libc",
"security-framework-sys",
]
[[package]]
name = "security-framework-sys"
version = "2.4.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a9dd14d83160b528b7bfd66439110573efcfbe281b17fc2ca9f39f550d619c7e"
dependencies = [
"core-foundation-sys",
"libc",
]
[[package]] [[package]]
name = "serde" name = "serde"
version = "1.0.130" version = "1.0.130"
@ -2083,6 +2246,12 @@ dependencies = [
"serde", "serde",
] ]
[[package]]
name = "vcpkg"
version = "0.2.15"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426"
[[package]] [[package]]
name = "vec_map" name = "vec_map"
version = "0.8.2" version = "0.8.2"
@ -2118,6 +2287,82 @@ version = "0.10.2+wasi-snapshot-preview1"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fd6fbd9a79829dd1ad0cc20627bf1ed606756a7f77edff7b66b7064f9cb327c6" checksum = "fd6fbd9a79829dd1ad0cc20627bf1ed606756a7f77edff7b66b7064f9cb327c6"
[[package]]
name = "wasm-bindgen"
version = "0.2.78"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "632f73e236b219150ea279196e54e610f5dbafa5d61786303d4da54f84e47fce"
dependencies = [
"cfg-if 1.0.0",
"wasm-bindgen-macro",
]
[[package]]
name = "wasm-bindgen-backend"
version = "0.2.78"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a317bf8f9fba2476b4b2c85ef4c4af8ff39c3c7f0cdfeed4f82c34a880aa837b"
dependencies = [
"bumpalo",
"lazy_static",
"log",
"proc-macro2",
"quote",
"syn",
"wasm-bindgen-shared",
]
[[package]]
name = "wasm-bindgen-futures"
version = "0.4.28"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8e8d7523cb1f2a4c96c1317ca690031b714a51cc14e05f712446691f413f5d39"
dependencies = [
"cfg-if 1.0.0",
"js-sys",
"wasm-bindgen",
"web-sys",
]
[[package]]
name = "wasm-bindgen-macro"
version = "0.2.78"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d56146e7c495528bf6587663bea13a8eb588d39b36b679d83972e1a2dbbdacf9"
dependencies = [
"quote",
"wasm-bindgen-macro-support",
]
[[package]]
name = "wasm-bindgen-macro-support"
version = "0.2.78"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7803e0eea25835f8abdc585cd3021b3deb11543c6fe226dcd30b228857c5c5ab"
dependencies = [
"proc-macro2",
"quote",
"syn",
"wasm-bindgen-backend",
"wasm-bindgen-shared",
]
[[package]]
name = "wasm-bindgen-shared"
version = "0.2.78"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0237232789cf037d5480773fe568aac745bfe2afbc11a863e97901780a6b47cc"
[[package]]
name = "web-sys"
version = "0.3.55"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "38eb105f1c59d9eaa6b5cdc92b859d85b926e82cb2e0945cd0c9259faa6fe9fb"
dependencies = [
"js-sys",
"wasm-bindgen",
]
[[package]] [[package]]
name = "wepoll-ffi" name = "wepoll-ffi"
version = "0.1.2" version = "0.1.2"

1
Cargo.toml
View File

@ -22,6 +22,7 @@ libc = "0.2.101"
lazy_static = "1.4.0" lazy_static = "1.4.0"
uuid = { version = "0.8.2", features = ["serde", "v4"] } uuid = { version = "0.8.2", features = ["serde", "v4"] }
async-trait = "0.1.51" async-trait = "0.1.51"
async-native-tls = "0.3"
# Runtime # Runtime
smol = "1.2.5" smol = "1.2.5"

155
src/access/internal.rs
View File

@ -1,155 +0,0 @@
use std::collections::HashMap;
use std::path::Path;
use std::sync::Arc;
use slog::Logger;
use lmdb::{Environment, Transaction, RwTransaction, Cursor};
use crate::config::Config;
use crate::error::Result;
use crate::db::access::{Permission, Role, RoleIdentifier, RoleDB};
#[derive(Clone, Debug)]
pub struct Internal {
log: Logger,
env: Arc<Environment>,
roledb: lmdb::Database,
}
impl Internal {
pub fn new(log: Logger, env: Arc<Environment>, roledb: lmdb::Database) -> Self {
Self { log, env, roledb, }
}
/// Check if a given user has the given permission
#[allow(unused)]
pub fn _check<T: Transaction, P: AsRef<Permission>>(&self, txn: &T, user: &UserData, perm: &P)
-> Result<bool>
{
tracing::debug!("Checking user {:?} for permission {:?}", user, perm.as_ref());
// Tally all roles. Makes dependent roles easier
let mut roles = HashMap::new();
for role_id in user.roles.iter() {
tracing::debug!("Tallying role {} for its parents", role_id);
self._tally_role(txn, &mut roles, role_id)?;
}
// Iter all unique role->permissions we've found and early return on match.
// TODO: Change this for negative permissions?
for (roleid, role) in roles.iter() {
tracing::debug!(" checking role {}", roleid);
for perm_rule in role.permissions.iter() {
if perm_rule.match_perm(perm) {
tracing::debug!(" matches permission rule {}", perm_rule);
return Ok(true);
}
tracing::trace!(" rejecting permission rule {}", perm_rule);
}
}
tracing::debug!("Checked all roles, rejecting access");
return Ok(false);
}
fn _tally_role<T: Transaction>(&self, txn: &T, roles: &mut HashMap<RoleIdentifier, Role>, role_id: &RoleIdentifier) -> Result<()> {
if let Some(role) = self._get_role(txn, role_id)? {
// Only check and tally parents of a role at the role itself if it's the first time we
// see it
if !roles.contains_key(&role_id) {
for parent in role.parents.iter() {
self._tally_role(txn, roles, parent)?;
}
roles.insert(role_id.clone(), role);
}
} else {
tracing::warn!("Did not find role {} while trying to tally", role_id);
}
Ok(())
}
pub fn _get_role<'txn, T: Transaction>(&self, txn: &'txn T, role_id: &RoleIdentifier) -> Result<Option<Role>> {
tracing::debug!("Reading role '{}'", role_id.name);
match txn.get(self.roledb, &role_id.name.as_bytes()) {
Ok(bytes) => {
Ok(Some(flexbuffers::from_slice(bytes)?))
},
Err(lmdb::Error::NotFound) => { Ok(None) },
Err(e) => { Err(e.into()) }
}
}
fn put_role(&self, txn: &mut RwTransaction, role_id: &RoleIdentifier, role: Role) -> Result<()> {
let bytes = flexbuffers::to_vec(role)?;
txn.put(self.roledb, &role_id.name.as_bytes(), &bytes, lmdb::WriteFlags::empty())?;
Ok(())
}
pub fn dump_roles(&self) -> Result<Vec<(RoleIdentifier, Role)>> {
let txn = self.env.begin_ro_txn()?;
self.dump_roles_txn(&txn)
}
pub fn dump_roles_txn<T: Transaction>(&self, txn: &T) -> Result<Vec<(RoleIdentifier, Role)>> {
let mut cursor = txn.open_ro_cursor(self.roledb)?;
let mut vec = Vec::new();
for r in cursor.iter_start() {
match r {
Ok( (k,v) ) => {
let role_name_str = unsafe { std::str::from_utf8_unchecked(k) };
let role_id = RoleIdentifier::local_from_str("lmdb".to_string(), role_name_str.to_string());
match flexbuffers::from_slice(v) {
Ok(role) => vec.push((role_id, role)),
Err(e) => tracing::error!("Bad format for roleid {}: {}", role_id,
e),
}
},
Err(e) => return Err(e.into()),
}
}
Ok(vec)
}
pub fn load_roles<P: AsRef<Path>>(&self, path: P) -> Result<()> {
let mut txn = self.env.begin_rw_txn()?;
self.load_roles_txn(&mut txn, path.as_ref())?;
// In case the above didn't error, commit.
txn.commit()?;
Ok(())
}
fn load_roles_txn(&self, txn: &mut RwTransaction, path: &Path) -> Result<()> {
let roles = Role::load_file(path)?;
for (k,v) in roles.iter() {
self.put_role(txn, k, v.clone())?;
}
tracing::debug!("Loaded roles: {:?}", roles);
Ok(())
}
}
impl RoleDB for Internal {
fn get_type_name(&self) -> &'static str {
"Internal"
}
fn get_role(&self, role_id: &RoleIdentifier) -> Result<Option<Role>> {
let txn = self.env.begin_ro_txn()?;
self._get_role(&txn, role_id)
}
fn tally_role(&self, roles: &mut HashMap<RoleIdentifier, Role>, role_id: &RoleIdentifier) -> Result<()> {
let txn = self.env.begin_ro_txn()?;
self._tally_role(&txn, roles, role_id)
}
}

181
src/actor.rs
View File

@ -1,181 +0,0 @@
use std::pin::Pin;
use std::task::{Poll, Context};
use std::sync::Mutex;
use std::collections::HashMap;
use std::future::Future;
use futures::{future::BoxFuture, Stream};
use futures::channel::mpsc;
use futures_signals::signal::Signal;
use crate::db::machine::MachineState;
use crate::config::Config;
use crate::error::Result;
use paho_mqtt::AsyncClient;
use slog::Logger;
pub trait Actuator {
fn apply(&mut self, state: MachineState) -> BoxFuture<'static, ()>;
}
pub type ActorSignal = Box<dyn Signal<Item=MachineState> + Unpin + Send>;
pub struct Actor {
// FIXME: This should really be a Signal.
// But, alas, MutableSignalCloned is itself not `Clone`. For good reason as keeping track of
// the changes itself happens in a way that Clone won't work (well).
// So, you can't clone it, you can't copy it and you can't get at the variable inside outside
// of a task context. In short, using Mutable isn't possible and we would have to write our own
// implementation of MutableSignal*'s . Preferably with the correct optimizations for our case
// where there is only one consumer. So a mpsc channel that drops all but the last input.
rx: mpsc::Receiver<Option<ActorSignal>>,
inner: Option<ActorSignal>,
actuator: Box<dyn Actuator + Send + Sync>,
future: Option<BoxFuture<'static, ()>>,
}
impl Actor {
pub fn new(rx: mpsc::Receiver<Option<ActorSignal>>, actuator: Box<dyn Actuator + Send + Sync>) -> Self {
Self {
rx: rx,
inner: None,
actuator: actuator,
future: None,
}
}
pub fn wrap(actuator: Box<dyn Actuator + Send + Sync>) -> (mpsc::Sender<Option<ActorSignal>>, Self) {
let (tx, rx) = mpsc::channel(1);
(tx, Self::new(rx, actuator))
}
}
impl Future for Actor {
type Output = ();
fn poll(mut self: Pin<&mut Self>, cx: &mut Context) -> Poll<Self::Output> {
let mut this = &mut *self;
let mut done = false; // Is the channel with new state-signals exhausted?
// FIXME: This is potentially invalid, and may lead to the situation that the signal is
// replaced *twice* but the second change will not be honoured since this implementation of
// events is *EDGE*-triggered!
// Update the signal we're polling from, if there is an update that is.
match Stream::poll_next(Pin::new(&mut this.rx), cx) {
Poll::Ready(None) => done = true,
Poll::Ready(Some(new_signal)) => this.inner = new_signal,
Poll::Pending => { },
}
// Work until there is no more work to do.
loop {
// Poll the `apply` future. And ensure it's completed before the next one is started
match this.future.as_mut().map(|future| Future::poll(Pin::new(future), cx)) {
// Skip and poll for a new future to do
None => { }
// This apply future is done, get a new one
Some(Poll::Ready(_)) => this.future = None,
// This future would block so we return to continue work another time
Some(Poll::Pending) => return Poll::Pending,
}
// Poll the signal and apply any change that happen to the inner Actuator
match this.inner.as_mut().map(|inner| Signal::poll_change(Pin::new(inner), cx)) {
// No signal to poll
None => return Poll::Pending,
Some(Poll::Pending) => return Poll::Pending,
Some(Poll::Ready(None)) => {
this.inner = None;
if done {
return Poll::Ready(());
} else {
return Poll::Pending;
}
},
Some(Poll::Ready(Some(state))) => {
// This future MUST be polled before we exit from the Actor::poll because if we
// do not do that it will not register the dependency and thus NOT BE POLLED.
this.future.replace(this.actuator.apply(state));
}
}
}
}
}
pub struct Dummy {
log: Logger,
}
impl Dummy {
pub fn new(log: Logger) -> Self {
Self { log }
}
}
impl Actuator for Dummy {
fn apply(&mut self, state: MachineState) -> BoxFuture<'static, ()> {
info!(self.log, "New state for dummy actuator: {:?}", state);
Box::pin(smol::future::ready(()))
}
}
pub fn load(log: &Logger, config: &Config) -> Result<(ActorMap, Vec<Actor>)> {
let mut map = HashMap::new();
let mqtt = AsyncClient::new(config.mqtt_url.clone())?;
let tok = mqtt.connect(paho_mqtt::ConnectOptions::new());
smol::block_on(tok)?;
let actuators = config.actors.iter()
.map(|(k,v)| (k, load_single(log, k, &v.module, &v.params, mqtt.clone())))
.filter_map(|(k, n)| match n {
None => None,
Some(a) => Some((k, a))
});
let mut v = Vec::new();
for (name, actuator) in actuators {
let (tx, a) = Actor::wrap(actuator);
map.insert(name.clone(), Mutex::new(tx));
v.push(a);
}
Ok(( map, v ))
}
fn load_single(
log: &Logger,
name: &String,
module_name: &String,
params: &HashMap<String, String>,
client: AsyncClient,
) -> Option<Box<dyn Actuator + Sync + Send>>
{
use crate::modules::*;
info!(log, "Loading actor \"{}\" with module {} and params {:?}", name, module_name, params);
let log = log.new(o!("name" => name.clone()));
match module_name.as_ref() {
"Dummy" => {
Some(Box::new(Dummy::new(log)))
}
"Process" => {
Process::new(log, name.clone(), params)
.map(|a| a.into_boxed_actuator())
}
"Shelly" => {
Some(Box::new(Shelly::new(log, name.clone(), client)))
}
_ => {
error!(log, "No actor found with name \"{}\", configured as \"{}\".", module_name, name);
None
},
}
}

292
src/api/auth.rs
View File

@ -1,292 +0,0 @@
//! Authentication subsystem
//!
//! Authorization is over in `permissions`
//! Authentication using SASL
use std::sync::Arc;
use std::rc::Rc;
use std::cell::RefCell;
use std::ops::Deref;
use slog::Logger;
use rsasl::{
SASL,
RSASL,
Property,
Session as SaslSession,
ReturnCode,
Callback,
Step,
};
use serde::{Serialize, Deserialize};
use capnp::capability::{Params, Results, Promise};
use crate::api::Session;
pub use crate::schema::authenticationsystem_capnp as auth_system;
use crate::db::Databases;
use crate::db::pass::PassDB;
use crate::db::user::{Internal as UserDB, UserId, User};
use crate::db::access::AccessControl as AccessDB;
pub struct AppData {
userdb: Arc<UserDB>,
}
pub struct SessionData {
authz: Option<User>,
}
struct CB;
impl Callback<AppData, SessionData> for CB {
fn callback(sasl: &mut SASL<AppData, SessionData>,
session: &mut SaslSession<SessionData>,
prop: Property
) -> Result<(), ReturnCode>
{
let ret = match prop {
Property::GSASL_VALIDATE_SIMPLE => {
// FIXME: get_property and retrieve_mut can't be used interleaved but that's
// technically safe.
let authid: &str = session
.get_property(Property::GSASL_AUTHID)
.ok_or(ReturnCode::GSASL_NO_AUTHID)
.and_then(|a| match a.to_str() {
Ok(s) => Ok(s),
Err(_) => Err(ReturnCode::GSASL_SASLPREP_ERROR),
})?;
let pass = session.get_property(Property::GSASL_PASSWORD)
.ok_or(ReturnCode::GSASL_NO_PASSWORD)?;
if let Some(appdata) = sasl.retrieve_mut() {
if let Ok(Some(user)) = appdata.userdb.login(authid, pass.to_bytes()) {
session.retrieve_mut().unwrap().authz.replace(user);
return Ok(());
}
}
ReturnCode::GSASL_AUTHENTICATION_ERROR
}
p => {
println!("Callback called with property {:?}", p);
ReturnCode::GSASL_NO_CALLBACK
}
};
Err(ret)
}
}
pub struct Auth {
pub ctx: RSASL<AppData, SessionData>,
session: Rc<RefCell<Option<Session>>>,
access: Arc<AccessDB>,
log: Logger,
}
impl Auth {
pub fn new(log: Logger, dbs: Databases, session: Rc<RefCell<Option<Session>>>) -> Self {
let mut ctx = SASL::new().unwrap();
let appdata = Box::new(AppData { userdb: dbs.userdb.clone() });
ctx.store(appdata);
ctx.install_callback::<CB>();
Self { log, ctx, session, access: dbs.access.clone() }
}
}
use crate::schema::authenticationsystem_capnp::*;
impl authentication_system::Server for Auth {
fn mechanisms(&mut self,
_: authentication_system::MechanismsParams,
mut res: authentication_system::MechanismsResults
) -> Promise<(), capnp::Error> {
/*let mechs = match self.ctx.server_mech_list() {
Ok(m) => m,
Err(e) => {
return Promise::err(capnp::Error {
kind: capnp::ErrorKind::Failed,
description: format!("SASL Failure: {}", e),
})
},
};
let mechvec: Vec<&str> = mechs.iter().collect();
let mut res_mechs = res.get().init_mechs(mechvec.len() as u32);
for (i, m) in mechvec.into_iter().enumerate() {
res_mechs.set(i as u32, m);
}*/
// For now, only PLAIN
let mut res_mechs = res.get().init_mechs(1);
res_mechs.set(0, "PLAIN");
Promise::ok(())
}
// TODO: return Outcome instead of exceptions
fn start(&mut self,
params: authentication_system::StartParams,
mut res: authentication_system::StartResults
) -> Promise<(), capnp::Error> {
let req = pry!(pry!(params.get()).get_request());
// Extract the MECHANISM the client wants to use and start a session.
// Or fail at that and thrown an exception TODO: return Outcome
let mech = pry!(req.get_mechanism());
if pry!(req.get_mechanism()) != "PLAIN" {
return Promise::err(capnp::Error {
kind: capnp::ErrorKind::Failed,
description: format!("Invalid SASL mech"),
})
}
let mut session = match self.ctx.server_start(mech) {
Ok(s) => s,
Err(e) =>
return Promise::err(capnp::Error {
kind: capnp::ErrorKind::Failed,
description: format!("SASL error: {}", e),
}),
};
session.store(Box::new(SessionData { authz: None }));
// If the client has provided initial data go use that
use request::initial_response::Which;
let step_res = match req.get_initial_response().which() {
Err(capnp::NotInSchema(_)) =>
return Promise::err(capnp::Error {
kind: capnp::ErrorKind::Failed,
description: "Initial data is badly formatted".to_string(),
}),
Ok(Which::None(_)) => {
// FIXME: Actually this needs to indicate NO data instead of SOME data of 0 length
session.step(&[])
}
Ok(Which::Initial(data)) => {
session.step(pry!(data))
}
};
// The step may either return an error, a success or the need for more data
// TODO: Set the session user. Needs a lookup though <.>
use response::Result as Resres;
match step_res {
Ok(Step::Done(b)) => {
let user = session
.retrieve_mut()
.and_then(|data| {
data.authz.take()
})
.expect("Authentication returned OK but didn't set user id");
let perms = pry!(self.access.collect_permrules(&user.data)
.map_err(|e| capnp::Error::failed(format!("AccessDB lookup failed: {}", e))));
self.session.replace(Some(Session::new(
self.log.new(o!()),
user.id,
"".to_string(),
user.data.roles.into_boxed_slice(),
perms.into_boxed_slice()
)));
let mut outcome = pry!(res.get().get_response()).init_outcome();
outcome.reborrow().set_result(Resres::Successful);
if b.len() != 0 {
outcome.init_additional_data().set_additional(&b);
}
Promise::ok(())
},
Ok(Step::NeedsMore(b)) => {
pry!(res.get().get_response()).set_challence(&b);
Promise::ok(())
}
// TODO: This should really be an outcome because this is failed auth just as much atm.
Err(e) => {
let mut outcome = pry!(res.get().get_response()).init_outcome();
outcome.reborrow().set_result(Resres::Failed);
let text = format!("{}", e);
outcome.set_help_text(&text);
Promise::ok(())
}
}
}
}
// Use the newtype pattern here to make the type system work for us; even though AuthCId is for all
// intents and purposes just a String the compiler will still complain if you return or more
// importantly pass a String intead of a AuthCId. This prevents bugs where you get an object from
// somewhere and pass it somewhere else and in between don't check if it's the right type and
// accidentally pass the authzid where the authcid should have gone.
// What is a man?! A miserable little pile of secrets!
#[derive(Debug, Clone, PartialEq, Eq, PartialOrd, Ord, Serialize, Deserialize)]
/// Authentication/Authorization user object.
///
/// This struct describes the user as can be gathered from API authentication exchanges.
/// Specifically this is the value bffh gets after a successful authentication.
///
pub struct AuthenticationData {
/// Contains the Authentication ID used
///
/// The authentication ID is an identifier for the authentication exchange. This is
/// conceptually different than the ID of the user to be authenticated; for example when using
/// x509 the authcid is the dn of the certificate, when using GSSAPI the authcid is of form
/// `<ID>@<REALM>`
authcid: String,
/// Authorization ID
///
/// The authzid represents the identity that a client wants to act as. In our case this is
/// always an user id. If unset no preference is indicated and the server will authenticate the
/// client as whatever user — if any — they associate with the authcid. Setting the authzid is
/// useful in a number if situations:
/// If somebody wants to authenticate as somebody else, su-style.
/// If a person wants to authenticate as a higher-permissions account, e.g. foo may set authzid foo+admin
/// to split normal user and "admin" accounts.
/// If a method requires a specific authcid that is different from the identifier of the user
/// to authenticate as, e.g. GSSAPI, x509 client certificates, API TOKEN authentication.
authzid: String,
/// Contains the authentication method used
///
/// For the most part this is the SASL method
auth_method: String,
/// Method-specific key-value pairs
///
/// Each method can use their own key-value pairs.
/// E.g. EXTERNAL encodes the actual method used (x509 client certs, UID/GID for unix sockets,
/// ...)
kvs: Box<[(String, String)]>,
}
// Authentication has two parts: Granting the authentication itself and then performing the
// authentication.
// Granting the authentication checks if
// a) the given authcid fits with the given (authMethod, kvs). In general a failure here indicates
// a programming failure — the authcid come from the same source as that tuple
// b) the given authcid may authenticate as the given authzid. E.g. if a given client certificate
// has been configured for that user, if a GSSAPI user maps to a given user,
#[derive(Debug, Clone, PartialEq, Eq, PartialOrd, Ord, Serialize, Deserialize)]
pub enum AuthError {
/// Authentication ID is bad/unknown/..
BadAuthcid,
/// Authorization ID is unknown/..
BadAuthzid,
/// Authorization ID is not of form user+uid@realm
MalformedAuthzid,
/// User may not use that authorization id
NotAllowedAuthzid,
}

253
src/api/machine.rs
View File

@ -1,253 +0,0 @@
use std::sync::Arc;
use std::time::Duration;
use capnp::capability::Promise;
use capnp::Error;
use futures::FutureExt;
use crate::db::access::{PrivilegesBuf, PermRule};
use crate::db::user::UserId;
use crate::db::machine::{Status, MachineState};
use crate::machine::Machine as NwMachine;
use crate::schema::machine_capnp::machine::*;
use crate::schema::machine_capnp::machine::MachineState as APIMState;
#[derive(Clone, Copy)]
pub struct Perms {
pub disclose: bool,
pub read: bool,
pub write: bool,
pub manage: bool,
}
impl Perms {
pub fn get_for<'a, I: Iterator<Item=&'a PermRule>>(privs: &'a PrivilegesBuf, rules: I) -> Self {
let mut disclose = false;
let mut read = false;
let mut write = false;
let mut manage = false;
for rule in rules {
if rule.match_perm(&privs.disclose) {
disclose = true;
}
if rule.match_perm(&privs.read) {
read = true;
}
if rule.match_perm(&privs.write) {
write = true;
}
if rule.match_perm(&privs.manage) {
manage = true;
}
}
Self { disclose, read, write, manage }
}
}
#[derive(Clone)]
pub struct Machine {
userid: UserId,
perms: Perms,
machine: NwMachine,
}
impl Machine {
pub fn new(userid: UserId, perms: Perms, machine: NwMachine) -> Self {
Self { userid, perms, machine }
}
}
impl info::Server for Machine {
fn get_machine_info_extended(
&mut self,
_: info::GetMachineInfoExtendedParams,
_results: info::GetMachineInfoExtendedResults,
) -> Promise<(), capnp::Error> {
/*if self.perms.manage {
let mut builder = results.get();
let mut extinfo = builder.init_machine_info_extended();
let mut current = extinfo.init_current_user();
// FIXME fill user
}
Promise::ok(())*/
Promise::err(capnp::Error::unimplemented("Extended Infos are unavailable".to_string()))
}
fn get_reservation_list(
&mut self,
_: info::GetReservationListParams,
mut results: info::GetReservationListResults,
) -> Promise<(), capnp::Error> {
Promise::err(capnp::Error::unimplemented("Reservations are unavailable".to_string()))
}
fn get_property_list(
&mut self,
_: info::GetPropertyListParams,
mut results: info::GetPropertyListResults,
) -> Promise<(), capnp::Error> {
Promise::err(capnp::Error::unimplemented("Extended Properties are unavailable".to_string()))
}
}
impl use_::Server for Machine {
fn use_(
&mut self,
_: use_::UseParams,
_: use_::UseResults
) -> Promise<(), capnp::Error> {
let machine = self.machine.get_inner();
let userid = self.userid.clone();
let f = async move {
let mut guard = machine.lock().await;
let mut ok = false;
{
match { guard.read_state().lock_ref().state.clone() } {
Status::Free => {
ok = true;
},
Status::Reserved(ref whom) => {
// If it's reserved for us or we're allowed to take over
if &userid == whom {
ok = true;
}
},
_ => { }
}
}
if ok {
guard.do_state_change(MachineState::used(Some(userid)));
}
Ok(())
};
let g = smol::future::race(f, smol::Timer::after(Duration::from_secs(4))
.map(|_| Err(capnp::Error::failed("Waiting for machine lock timed out!".to_string()))));
Promise::from_future(g)
}
}
impl in_use::Server for Machine {
fn give_back(
&mut self,
_:in_use::GiveBackParams,
_:in_use::GiveBackResults
) -> Promise<(), capnp::Error> {
let machine = self.machine.get_inner();
let userid = self.userid.clone();
let f = async move {
let mut guard = machine.lock().await;
let mut ok = false;
{
match { guard.read_state().lock_ref().state.clone() } {
Status::InUse(ref whom) => {
if &Some(userid) == whom {
ok = true;
}
},
_ => { }
}
}
if ok {
guard.reset_state()
}
Ok(())
};
Promise::from_future(f)
}
}
impl transfer::Server for Machine {
}
impl check::Server for Machine {
}
impl manage::Server for Machine {
fn force_free(&mut self,
_: manage::ForceFreeParams,
_: manage::ForceFreeResults
) -> Promise<(), capnp::Error> {
let machine = self.machine.get_inner();
let f = async move {
let mut guard = machine.lock().await;
guard.do_state_change(MachineState::free());
Ok(())
};
Promise::from_future(f)
}
fn force_use(&mut self,
_: manage::ForceUseParams,
_: manage::ForceUseResults
) -> Promise<(), capnp::Error> {
let machine = self.machine.get_inner();
let f = async move {
let mut guard = machine.lock().await;
guard.do_state_change(MachineState::used(None));
Ok(())
};
Promise::from_future(f)
}
fn block(&mut self,
_:manage::BlockParams,
_:manage::BlockResults
) -> Promise<(), capnp::Error> {
let machine = self.machine.get_inner();
let uid = self.userid.clone();
let f = async move {
let mut guard = machine.lock().await;
guard.do_state_change(MachineState::blocked(uid));
Ok(())
};
Promise::from_future(f)
}
fn disabled(&mut self,
_:manage::DisabledParams,
_:manage::DisabledResults
) -> Promise<(), capnp::Error> {
let machine = self.machine.get_inner();
let f = async move {
let mut guard = machine.lock().await;
guard.do_state_change(MachineState::disabled());
Ok(())
};
Promise::from_future(f)
}
}
impl admin::Server for Machine {
fn force_set_state(&mut self,
params: admin::ForceSetStateParams,
_:admin::ForceSetStateResults
) -> Promise<(), capnp::Error> {
let uid = self.userid.clone();
let state = match pry!(pry!(params.get()).get_state()) {
APIMState::Free => MachineState::free(),
APIMState::Blocked => MachineState::blocked(uid),
APIMState::Disabled => MachineState::disabled(),
APIMState::InUse => MachineState::used(Some(uid)),
APIMState::Reserved => MachineState::reserved(uid),
APIMState::ToCheck => MachineState::check(uid),
};
let machine = self.machine.get_inner();
let f = async move {
let mut guard = machine.lock().await;
guard.do_state_change(state);
Ok(())
};
Promise::from_future(f)
}
}

194
src/api/machines.rs
View File

@ -1,194 +0,0 @@
use std::sync::Arc;
use std::cell::RefCell;
use std::rc::Rc;
use std::ops::Deref;
use capnp::capability::Promise;
use capnp::Error;
use crate::db::machine::Status;
use crate::api::machine::*;
use crate::schema::machine_capnp::machine::MachineState;
use crate::schema::machinesystem_capnp::machine_system;
use crate::schema::machinesystem_capnp::machine_system::info as machines;
use crate::network::Network;
use crate::db::user::UserId;
use crate::db::access::{PermRule, admin_perm};
use crate::connection::Session;
/// An implementation of the `Machines` API
#[derive(Clone)]
pub struct Machines {
session: Rc<RefCell<Option<Session>>>,
network: Arc<Network>,
}
impl Machines {
pub fn new(session: Rc<RefCell<Option<Session>>>, network: Arc<Network>) -> Self {
Self { session, network }
}
}
impl machine_system::Server for Machines {
// This function shouldn't exist. See fabaccess-api issue #16
fn info(&mut self,
_:machine_system::InfoParams,
mut results: machine_system::InfoResults
) -> capnp::capability::Promise<(), capnp::Error>
{
results.get().set_info(capnp_rpc::new_client(self.clone()));
Promise::ok(())
}
}
impl machines::Server for Machines {
fn get_machine_list(&mut self,
_params: machines::GetMachineListParams,
mut results: machines::GetMachineListResults)
-> Promise<(), Error>
{
let rc = Rc::clone(&self.session);
let session = self.session.borrow();
if session.deref().is_some() {
let v: Vec<(String, crate::machine::Machine)> = self.network.machines.iter()
.filter(|(_name, machine)| {
let required_disclose = &machine.desc.privs.disclose;
for perm_rule in session.as_ref().unwrap().perms.iter() {
if perm_rule.match_perm(required_disclose) {
return true;
}
}
false
})
.map(|(n,m)| (n.clone(), m.clone()))
.collect();
let f = async move {
let session = rc.borrow();
let user = &session.as_ref().unwrap().authzid;
let permissions = &session.as_ref().unwrap().perms;
let mut machines = results.get().init_machine_list(v.len() as u32);
for (i, (name, machine)) in v.into_iter().enumerate() {
let perms = Perms::get_for(&machine.desc.privs, permissions.iter());
let mut builder = machines.reborrow().get(i as u32);
builder.set_name(&name);
if let Some(ref desc) = machine.desc.description {
builder.set_description(desc);
}
let machineapi = Machine::new(user.clone(), perms, machine.clone());
let state = machine.get_status().await;
let s = match state {
Status::Free => MachineState::Free,
Status::Disabled => MachineState::Disabled,
Status::Blocked(_) => MachineState::Blocked,
Status::InUse(ref u) => {
if let Some(owner) = u.as_ref() {
if owner == user {
builder.set_inuse(capnp_rpc::new_client(machineapi.clone()));
}
}
MachineState::InUse
},
Status::Reserved(_) => MachineState::Reserved,
Status::ToCheck(_) => MachineState::ToCheck,
};
builder.set_state(s);
if perms.write && state == Status::Free {
builder.set_use(capnp_rpc::new_client(machineapi.clone()));
}
if perms.manage {
//builder.set_transfer(capnp_rpc::new_client(machineapi.clone()));
//builder.set_check(capnp_rpc::new_client(machineapi.clone()));
builder.set_manage(capnp_rpc::new_client(machineapi.clone()));
}
if permissions.iter().any(|r| r.match_perm(&admin_perm())) {
builder.set_admin(capnp_rpc::new_client(machineapi.clone()));
}
builder.set_info(capnp_rpc::new_client(machineapi));
}
Ok(())
};
Promise::from_future(f)
} else {
Promise::ok(())
}
}
fn get_machine(&mut self,
params: machines::GetMachineParams,
mut results: machines::GetMachineResults
) -> Promise<(), capnp::Error> {
let rc = Rc::clone(&self.session);
if self.session.borrow().is_some() {
let name = {
let params = pry!(params.get());
pry!(params.get_name()).to_string()
};
let network = self.network.clone();
let f = async move {
let session = rc.borrow();
let user = &session.as_ref().unwrap().authzid;
let permissions = &session.as_ref().unwrap().perms;
if let Some(machine) = network.machines.get(&name) {
let mut builder = results.get().init_machine();
let perms = Perms::get_for(&machine.desc.privs, permissions.iter());
builder.set_name(&name);
if let Some(ref desc) = machine.desc.description {
builder.set_description(desc);
}
let machineapi = Machine::new(user.clone(), perms, machine.clone());
let state = machine.get_status().await;
if perms.write && state == Status::Free {
builder.set_use(capnp_rpc::new_client(machineapi.clone()));
}
if perms.manage {
//builder.set_transfer(capnp_rpc::new_client(machineapi.clone()));
//builder.set_check(capnp_rpc::new_client(machineapi.clone()));
builder.set_manage(capnp_rpc::new_client(machineapi.clone()));
}
if permissions.iter().any(|r| r.match_perm(&admin_perm())) {
builder.set_admin(capnp_rpc::new_client(machineapi.clone()));
}
let s = match machine.get_status().await {
Status::Free => MachineState::Free,
Status::Disabled => MachineState::Disabled,
Status::Blocked(_) => MachineState::Blocked,
Status::InUse(u) => {
if let Some(owner) = u.as_ref() {
if owner == user {
builder.set_inuse(capnp_rpc::new_client(machineapi.clone()));
}
}
MachineState::InUse
},
Status::Reserved(_) => MachineState::Reserved,
Status::ToCheck(_) => MachineState::ToCheck,
};
builder.set_state(s);
builder.set_info(capnp_rpc::new_client(machineapi));
};
Ok(())
};
Promise::from_future(f)
} else {
Promise::ok(())
}
}
}

42
src/api/user.rs
View File

@ -1,42 +0,0 @@
use std::rc::Rc;
use std::cell::RefCell;
use std::ops::Deref;
use crate::connection::Session;
use crate::db::user as db;
use crate::schema::user_capnp::user::*;
#[derive(Clone)]
pub struct User {
session: Rc<RefCell<Option<Session>>>,
}
impl User {
pub fn new(session: Rc<RefCell<Option<Session>>>) -> Self {
Self { session }
}
pub fn fill_self(&self, builder: &mut Builder) {
if let Some(session) = self.session.borrow().deref() {
self.fill_userid(builder, &session.authzid);
}
}
pub fn fill_with(&self, builder: &mut Builder, user: db::User) {
self.fill_userid(builder, &user.id)
}
pub fn fill_userid(&self, builder: &mut Builder, uid: &db::UserId) {
builder.set_username(&uid.uid);
if let Some(ref realm) = &uid.realm {
let mut space = builder.reborrow().init_space();
space.set_name(&realm);
}
}
}
impl info::Server for User {
}
impl manage::Server for User {}
impl admin::Server for User {}

106
src/api/users.rs
View File

@ -1,106 +0,0 @@
use std::cell::RefCell;
use std::rc::Rc;
use std::sync::Arc;
use std::ops::Deref;
use capnp::capability::Promise;
use crate::api::user::User;
use crate::connection::Session;
use crate::db::access::{PermRule, Permission};
use crate::db::user::{UserId, Internal as UserDB};
use crate::schema::usersystem_capnp::user_system;
use crate::schema::usersystem_capnp::user_system::{info, manage};
use crate::error;
#[derive(Clone, Debug)]
pub struct Users {
session: Rc<RefCell<Option<Session>>>,
userdb: Arc<UserDB>,
}
impl Users {
pub fn new(session: Rc<RefCell<Option<Session>>>, userdb: Arc<UserDB>) -> Self {
Self { session, userdb }
}
}
impl user_system::Server for Users {
fn info(
&mut self,
_: user_system::InfoParams,
mut results: user_system::InfoResults,
) -> Promise<(), capnp::Error> {
results.get().set_info(capnp_rpc::new_client(self.clone()));
Promise::ok(())
}
fn manage(
&mut self,
_: user_system::ManageParams,
mut results: user_system::ManageResults,
) -> Promise<(), capnp::Error> {
let perm: &Permission = Permission::new("bffh.users.manage");
if let Some(session) = self.session.borrow().deref() {
if session.perms.iter().any(|rule| rule.match_perm(perm)) {
results
.get()
.set_manage(capnp_rpc::new_client(self.clone()));
}
}
Promise::ok(())
}
}
impl info::Server for Users {
fn get_user_self(
&mut self,
_: info::GetUserSelfParams,
mut results: info::GetUserSelfResults,
) -> Promise<(), capnp::Error> {
let user = User::new(Rc::clone(&self.session));
let mut builder = results.get().init_user();
user.fill_self(&mut builder);
Promise::ok(())
}
}
impl manage::Server for Users {
fn get_user_list(
&mut self,
_: manage::GetUserListParams,
mut results: manage::GetUserListResults,
) -> Promise<(), capnp::Error> {
let result: Result<(), error::Error> =
self.userdb.list_users()
.and_then(|users| {
let mut builder = results.get().init_user_list(users.len() as u32);
let u = User::new(Rc::clone(&self.session));
for (i, user) in users.into_iter().enumerate() {
let mut b = builder.reborrow().get(i as u32);
u.fill_with(&mut b, user);
}
Ok(())
});
match result {
Ok(()) => Promise::ok(()),
Err(e) => Promise::err(capnp::Error::failed("User lookup failed: {}".to_string())),
}
}
/*fn add_user(
&mut self,
params: manage::AddUserParams,
mut results: manage::AddUserResults,
) -> Promise<(), capnp::Error> {
}
fn remove_user(
&mut self,
_: manage::RemoveUserParams,
mut results: manage::RemoveUserResults,
) -> Promise<(), capnp::Error> {
}*/
}

35
src/builtin.rs
View File

@ -1,35 +0,0 @@
use lazy_static::lazy_static;
use crate::db::access::Permission;
lazy_static! {
static ref AUTH_PERM: &'static Permission = Permission::new("bffh.auth");
}
//
// lazy_static! {
// pub static ref AUTH_ROLE: RoleIdentifier = {
// RoleIdentifier::Local {
// name: "mayauth".to_string(),
// source: "builtin".to_string(),
// }
// };
// }
//
// lazy_static! {
// pub static ref DEFAULT_ROLEIDS: [RoleIdentifier; 1] = {
// [ AUTH_ROLE.clone(), ]
// };
//
// pub static ref DEFAULT_ROLES: HashMap<RoleIdentifier, Role> = {
// let mut m = HashMap::new();
// m.insert(AUTH_ROLE.clone(),
// Role {
// parents: vec![],
// permissions: vec![
// PermRule::Base(PermissionBuf::from_perm(AUTH_PERM)),
// ]
// }
// );
// m
// };
// }

89
src/connection.rs
View File

@ -1,89 +0,0 @@
use futures::FutureExt;
use std::future::Future;
use std::sync::Arc;
use slog::Logger;
use smol::lock::Mutex;
use smol::net::TcpStream;
use crate::error::Result;
use capnp_rpc::{rpc_twoparty_capnp, twoparty};
#[derive(Debug)]
/// Connection context
// TODO this should track over several connections
pub struct Session {
// Session-spezific log
pub log: Logger,
/// User this session has been authorized as.
///
/// Slightly different than the authnid which indicates as what this session has been
/// authenticated as (e.g. using EXTERNAL auth the authnid would be the CN of the client
/// certificate, but the authzid would be an user)
pub authzid: UserId,
pub authnid: String,
/// Roles this session has been assigned via group memberships, direct role assignment or
/// authentication types
pub roles: Box<[RoleIdentifier]>,
/// Permissions this session has.
///
/// This is a snapshot of the permissions the underlying user has
/// take at time of creation (i.e. session establishment)
pub perms: Box<[PermRule]>,
}
impl Session {
pub fn new(
log: Logger,
authzid: UserId,
authnid: String,
roles: Box<[RoleIdentifier]>,
perms: Box<[PermRule]>,
) -> Self {
Session {
log,
authzid,
authnid,
roles,
perms,
}
}
}
pub struct ConnectionHandler {
log: Logger,
db: Databases,
network: Arc<Network>,
}
impl ConnectionHandler {
pub fn new(log: Logger, db: Databases, network: Arc<Network>) -> Self {
Self { log, db, network }
}
pub fn handle(&mut self, stream: TcpStream) -> impl Future<Output = Result<()>> {
info!(self.log, "New connection from on {:?}", stream);
let boots = Bootstrap::new(self.log.new(o!()), self.db.clone(), self.network.clone());
unimplemented!();
/*let rpc: connection_capnp::bootstrap::Client = capnp_rpc::new_client(boots);
let network = twoparty::VatNetwork::new(
stream.clone(),
stream,
rpc_twoparty_capnp::Side::Server,
Default::default(),
);
let rpc_system = capnp_rpc::RpcSystem::new(Box::new(network), Some(rpc.client));
// Convert the error type to one of our errors
rpc_system.map(|r| r.map_err(Into::into))
*/
}
}

0
src/db/mod.rs → src/db.rs
View File

207
src/initiator.rs
View File

@ -1,207 +0,0 @@
use std::sync::Arc;
use std::pin::Pin;
use std::task::{Poll, Context};
use std::future::Future;
use std::collections::HashMap;
use smol::Timer;
use slog::Logger;
use futures::future::BoxFuture;
use futures_signals::signal::{Signal, Mutable, MutableSignalCloned};
use crate::machine::{Machine, ReturnToken};
use crate::db::machine::MachineState;
use crate::db::user::{User, UserId, UserData, Internal as UserDB};
use crate::db::access::AccessControl;
use crate::network::InitMap;
use crate::error::Result;
use crate::config::Config;
pub trait Sensor {
fn run_sensor(&mut self) -> BoxFuture<'static, (Option<UserId>, MachineState)>;
}
type BoxSensor = Box<dyn Sensor + Send>;
pub struct Initiator {
log: Logger,
signal: MutableSignalCloned<Option<Machine>>,
machine: Option<Machine>,
future: Option<BoxFuture<'static, (Option<User>, MachineState)>>,
// TODO: Prepare the init for async state change requests.
state_change_fut: Option<BoxFuture<'static, Result<ReturnToken>>>,
token: Option<ReturnToken>,
sensor: BoxSensor,
userdb: UserDB,
access: AccessControl,
}
impl Initiator {
pub fn new(log: Logger, sensor: BoxSensor, signal: MutableSignalCloned<Option<Machine>>, userdb: UserDB, access: AccessControl) -> Self {
Self {
log: log,
signal: signal,
machine: None,
future: None,
state_change_fut: None,
token: None,
sensor: sensor,
userdb,
access,
}
}
pub fn wrap(log: Logger, sensor: BoxSensor, userdb: UserDB, access: Arc<AccessControl>) -> (Mutable<Option<Machine>>, Self) {
let m = Mutable::new(None);
let s = m.signal_cloned();
(m, Self::new(log, sensor, s, userdb, access))
}
}
impl Future for Initiator {
type Output = ();
fn poll(mut self: Pin<&mut Self>, cx: &mut Context) -> Poll<Self::Output> {
let mut this = &mut *self;
// First of course, see what machine we should work with.
match Signal::poll_change(Pin::new(&mut this.signal), cx) {
Poll::Pending => { }
Poll::Ready(None) => return Poll::Ready(()),
// Keep in mind this is actually an Option<Machine>
Poll::Ready(Some(machine)) => {
match machine.as_ref().map(|m| m.try_lock()) {
None => info!(this.log, "Deinstalled machine"),
Some(None) => info!(this.log, "Installed new machine with locked mutex!"),
Some(Some(g)) => info!(this.log, "Installed new machine {}", g.id),
}
this.machine = machine;
},
}
// Do as much work as we can:
loop {
// Always poll the state change future first
if let Some(ref mut f) = this.state_change_fut {
match Future::poll(Pin::new(f), cx) {
// If there is a state change future and it would block we return early
Poll::Pending => {
debug!(this.log, "State change blocked");
return Poll::Pending;
},
Poll::Ready(Ok(tok)) => {
debug!(this.log, "State change returned ok");
// Explicity drop the future
let _ = this.state_change_fut.take();
// Store the given return token for future use
this.token.replace(tok);
}
Poll::Ready(Err(e)) => {
info!(this.log, "State change returned err: {}", e);
// Explicity drop the future
let _ = this.state_change_fut.take();
}
}
}
// If there is a future, poll it
match this.future.as_mut().map(|future| Future::poll(Pin::new(future), cx)) {
None => {
this.future = Some(this.sensor.run_sensor());
},
Some(Poll::Ready((uid, state))) => {
debug!(this.log, "Sensor returned a new state");
this.future.take();
let f = this.machine.as_mut().map(|machine| {
machine.request_state_change(state, this.access.clone(), user)
});
this.state_change_fut = f;
}
Some(Poll::Pending) => return Poll::Pending,
}
}
}
}
pub fn load(log: &Logger, config: &Config, userdb: UserDB, access: Arc<AccessControl>) -> Result<(InitMap, Vec<Initiator>)> {
let mut map = HashMap::new();
let initiators = config.initiators.iter()
.map(|(k,v)| (k, load_single(log, k, &v.module, &v.params)))
.filter_map(|(k,n)| match n {
None => None,
Some(i) => Some((k, i)),
});
let mut v = Vec::new();
for (name, initiator) in initiators {
let (m, i) = Initiator::wrap(log.new(o!("name" => name.clone())), initiator, userdb.clone(), access.clone());
map.insert(name.clone(), m);
v.push(i);
}
Ok((map, v))
}
fn load_single(
log: &Logger,
name: &String,
module_name: &String,
_params: &HashMap<String, String>
) -> Option<BoxSensor>
{
match module_name.as_ref() {
"Dummy" => {
Some(Box::new(Dummy::new(log)))
},
_ => {
error!(log, "No initiator found with name \"{}\", configured as \"{}\"",
module_name, name);
None
}
}
}
pub struct Dummy {
log: Logger,
step: bool,
}
impl Dummy {
pub fn new(log: &Logger) -> Self {
Self { log: log.new(o!("module" => "Dummy Initiator")), step: false }
}
}
impl Sensor for Dummy {
fn run_sensor(&mut self)
-> BoxFuture<'static, (Option<UserId>, MachineState)>
{
let step = self.step;
self.step = !step;
info!(self.log, "Kicking off new dummy initiator state change: {}", step);
let f = async move {
Timer::after(std::time::Duration::from_secs(1)).await;
if step {
return (None, MachineState::free());
} else {
let user = UserId::new("test".to_string(), None, None);
return (Some(user), MachineState::used(Some(user)));
}
};
Box::pin(f)
}
}

13
src/lib.rs
View File

@ -11,15 +11,14 @@
//mod server; //mod server;
//mod actor; //mod actor;
//mod initiator; //mod initiator;
mod space;
mod config;
mod db;
mod error;
mod network;
mod oid;
mod permissions;
mod resource; mod resource;
mod schema; mod schema;
mod state; mod state;
pub mod db;
mod network;
pub mod oid;
mod varint; mod varint;
pub mod error;
pub mod config;
mod permissions;

11
src/log.rs
View File

@ -1,11 +0,0 @@
use slog::{Drain, Logger};
use slog_async;
use slog_term::{TermDecorator, FullFormat};
pub fn init() -> Logger {
let decorator = TermDecorator::new().build();
let drain = FullFormat::new(decorator).build().fuse();
let drain = slog_async::Async::new(drain).build().fuse();
return slog::Logger::root(drain, o!());
}

363
src/machine.rs
View File

@ -1,363 +0,0 @@
use std::ops::Deref;
use std::iter::FromIterator;
use std::sync::Arc;
use std::path::Path;
use std::task::{Poll, Context};
use std::pin::Pin;
use std::future::Future;
use std::collections::HashMap;
use std::fs;
use serde::{Serialize, Deserialize};
use futures::Stream;
use futures::future::BoxFuture;
use futures::channel::{mpsc, oneshot};
use futures_signals::signal::Signal;
use futures_signals::signal::SignalExt;
use futures_signals::signal::{Mutable, ReadOnlyMutable};
use crate::error::{Result, Error};
use crate::db::access::{AccessControl, PrivilegesBuf, PermissionBuf};
use crate::db::machine::{MachineIdentifier, MachineState, Status};
use crate::db::user::{User, UserData, UserId};
use crate::space;
pub struct Machines {
machines: Vec<Machine>
}
#[derive(Debug, Clone)]
pub struct Index {
inner: HashMap<String, Machine>,
}
impl Index {
pub fn new() -> Self {
Self {
inner: HashMap::new(),
}
}
pub fn insert(&mut self, key: String, value: Machine) -> Option<Machine> {
self.inner.insert(key, value)
}
pub fn get(&mut self, key: &String) -> Option<Machine> {
self.inner.get(key).map(|m| m.clone())
}
}
// Access data of one machine efficiently, using getters/setters for data stored in LMDB backed
// memory
#[derive(Debug, Clone)]
pub struct Machine {
pub id: uuid::Uuid,
pub desc: MachineDescription,
inner: Arc<Mutex<Inner>>,
}
impl Machine {
pub fn new(inner: Inner, desc: MachineDescription, ) -> Self {
Self {
id: uuid::Uuid::default(),
inner: Arc::new(Mutex::new(inner)),
desc,
}
}
pub fn construct
( id: MachineIdentifier
, desc: MachineDescription
, state: MachineState
) -> Machine
{
Self::new(Inner::new(id, state), desc)
}
fn match_perm(&self, status: &Status) -> Option<&PermissionBuf> {
let p = self.desc.privs;
match status {
// If you were allowed to use it you're allowed to give it back
Status::Free
| Status::ToCheck(_)
=> None,
Status::Blocked(_)
| Status::Disabled
| Status::Reserved(_)
=> Some(&p.manage),
Status::InUse(_) => Some(&p.write),
}
}
pub fn request_state_change(&self, new_state: MachineState, access: AccessControl, user: &User)
-> BoxFuture<'static, Result<()>>
{
let this = self.clone();
let perm = self.match_perm(&new_state.state);
let grant = perm.map(|p| access.check(&user.data, p).unwrap_or(false));
let uid = user.id.clone();
// is it a return
let is_ret = new_state.state == Status::Free;
// is it a (normal) write /the user is allowed to do/?
let is_wri = new_state.state == Status::InUse(Some(uid))
&& access.check(&user.data, self.desc.privs.write).unwrap_or(false);
let f = async move {
let mut guard = this.inner.lock().await;
// either e.g. InUse(<myself>) => Free or I'm allowed to overwrite
if (is_ret && guard.is_self(uid))
|| (is_wri && guard.is_free())
|| grant.unwrap_or(false)
{
guard.do_state_change(new_state);
}
return Ok(())
};
Box::pin(f)
}
pub fn do_state_change(&self, new_state: MachineState)
-> BoxFuture<'static, Result<()>>
{
let this = self.clone();
let f = async move {
let mut guard = this.inner.lock().await;
guard.do_state_change(new_state);
return Ok(())
};
Box::pin(f)
}
pub async fn get_status(&self) -> Status {
let guard = self.inner.lock().await;
guard.state.get_cloned().state
}
pub fn signal(&self) -> impl Signal<Item=MachineState> {
let guard = self.inner.try_lock().unwrap();
guard.signal()
}
pub fn get_inner(&self) -> Arc<Mutex<Inner>> {
self.inner.clone()
}
}
impl Deref for Machine {
type Target = Mutex<Inner>;
fn deref(&self) -> &Self::Target {
&self.inner
}
}
#[derive(Debug)]
/// Internal machine representation
///
/// A machine connects an event from a sensor to an actor activating/deactivating a real-world
/// machine, checking that the user who wants the machine (de)activated has the required
/// permissions.
///
/// Machines have a rather complex state machine since they have to be eventually consistent and
/// can fail at any point in time (e.g. because power cuts out suddenly, a different task on this
/// thread panics, some loaded code produces a segfault, ...)
pub struct Inner {
/// Globally unique machine readable identifier
pub id: MachineIdentifier,
/// The state of the machine as bffh thinks the machine *should* be in.
///
/// This is a Signal generator. Subscribers to this signal will be notified of changes. In the
/// case of an actor it should then make sure that the real world matches up with the set state
state: Mutable<MachineState>,
reset: Option<MachineState>,
}
impl Inner {
pub fn new ( id: MachineIdentifier
, state: MachineState
) -> Inner
{
Inner {
id,
state: Mutable::new(state),
reset: None,
}
}
/// Generate a signal from the internal state.
///
/// A signal is a lossy stream of state changes. Lossy in that if changes happen in quick
/// succession intermediary values may be lost. But this isn't really relevant in this case
/// since the only relevant state is the latest one.
pub fn signal(&self) -> impl Signal<Item=MachineState> {
// dedupe ensures that if state is changed but only changes to the value it had beforehand
// (could for example happen if the machine changes current user but stays activated) no
// update is sent.
Box::pin(self.state.signal_cloned().dedupe_cloned())
}
pub fn do_state_change(&mut self, new_state: MachineState) {
let old_state = self.state.replace(new_state);
self.reset.replace(old_state);
}
pub fn read_state(&self) -> ReadOnlyMutable<MachineState> {
self.state.read_only()
}
pub fn get_signal(&self) -> impl Signal {
self.state.signal_cloned()
}
pub fn reset_state(&mut self) {
if let Some(state) = self.reset.take() {
self.state.replace(state);
}
}
pub fn is_self(&mut self, uid: UserId) -> bool {
match self.read_state().get_cloned().state {
Status::InUse(u) if u == uid => true,
_ => false,
}
}
pub fn is_free(&mut self) -> bool {
match self.read_state().get_cloned().state {
Status::Free => true,
_ => false,
}
}
}
//pub type ReturnToken = futures::channel::oneshot::Sender<()>;
pub struct ReturnToken {
f: Option<BoxFuture<'static, ()>>,
}
impl ReturnToken {
pub fn new(inner: Arc<Mutex<Inner>>) -> Self {
let f = async move {
let mut guard = inner.lock().await;
guard.reset_state();
};
Self { f: Some(Box::pin(f)) }
}
}
impl Future for ReturnToken {
type Output = (); // FIXME: This should probably be a Result<(), Error>
fn poll(mut self: Pin<&mut Self>, cx: &mut Context) -> Poll<Self::Output> {
let mut this = &mut *self;
match this.f.as_mut().map(|f| Future::poll(Pin::new(f), cx)) {
None => Poll::Ready(()), // TODO: Is it saner to return Pending here? This can only happen after the future completed
Some(Poll::Pending) => Poll::Pending,
Some(Poll::Ready(())) => {
let _ = this.f.take(); // Remove the future to not poll after completion
Poll::Ready(())
}
}
}
}
#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
/// A description of a machine
///
/// This is the struct that a machine is serialized to/from.
/// Combining this with the actual state of the system will return a machine
pub struct MachineDescription {
/// The name of the machine. Doesn't need to be unique but is what humans will be presented.
pub name: String,
/// An optional description of the Machine.
pub description: Option<String>,
/// The permission required
#[serde(flatten)]
pub privs: PrivilegesBuf,
}
impl MachineDescription {
pub fn load_file<P: AsRef<Path>>(path: P) -> Result<HashMap<MachineIdentifier, MachineDescription>> {
let content = fs::read(path)?;
Ok(toml::from_slice(&content[..])?)
}
}
pub fn load(config: &crate::config::Config)
-> Result<MachineMap>
{
let mut map = config.machines.clone();
let it = map.drain()
.map(|(k,v)| {
// TODO: Read state from the state db
(v.name.clone(), Machine::construct(k, v, MachineState::new()))
});
Ok(HashMap::from_iter(it))
}
#[cfg(test_DISABLED)]
mod tests {
use super::*;
use std::iter::FromIterator;
use crate::db::access::{PermissionBuf, PrivilegesBuf};
#[test]
fn load_examples_descriptions_test() {
let mut machines = MachineDescription::load_file("examples/machines.toml")
.expect("Couldn't load the example machine defs. Does `examples/machines.toml` exist?");
let expected =
vec![
(Uuid::parse_str("e5408099-d3e5-440b-a92b-3aabf7683d6b").unwrap(),
MachineDescription {
name: "Somemachine".to_string(),
description: None,
privs: PrivilegesBuf {
disclose: PermissionBuf::from_string("lab.some.disclose".to_string()),
read: PermissionBuf::from_string("lab.some.read".to_string()),
write: PermissionBuf::from_string("lab.some.write".to_string()),
manage: PermissionBuf::from_string("lab.some.admin".to_string()),
},
}),
(Uuid::parse_str("eaabebae-34d1-4a3a-912a-967b495d3d6e").unwrap(),
MachineDescription {
name: "Testmachine".to_string(),
description: Some("An optional description".to_string()),
privs: PrivilegesBuf {
disclose: PermissionBuf::from_string("lab.test.read".to_string()),
read: PermissionBuf::from_string("lab.test.read".to_string()),
write: PermissionBuf::from_string("lab.test.write".to_string()),
manage: PermissionBuf::from_string("lab.test.admin".to_string()),
},
}),
];
for (id, machine) in expected.into_iter() {
assert_eq!(machines.remove(&id).unwrap(), machine);
}
assert!(machines.is_empty());
}
}

15
src/modules.rs
View File

@ -1,15 +0,0 @@
//! Indpendent Communication modules
//!
//! This is where dynamic modules are implemented later on using libloading / abi_stable_crates et
//! al.
//! Additionally, FFI modules to other languages (Python/Lua/...) make the most sense in here as
//! well.
mod shelly;
pub use shelly::Shelly;
mod process;
pub use process::Process;
mod batch;
pub use batch::Batch;

171
src/modules/batch.rs
View File

@ -1,171 +0,0 @@
use std::io::{Read, Write};
use std::pin::Pin;
use std::cell::RefCell;
use std::collections::HashMap;
use std::process::Stdio;
use smol::process::{Command, Child};
use smol::io::{AsyncWrite, AsyncWriteExt, AsyncReadExt};
use futures::future::{Future, FutureExt};
use crate::actor::Actuator;
use crate::initiator::Sensor;
use crate::db::machine::{MachineState, Status};
use crate::db::user::{User, Internal as UserDB};
use futures::future::BoxFuture;
use slog::Logger;
use serde::{Serialize, Deserialize};
pub struct Batch {
log: Logger,
userdb: UserDB,
name: String,
cmd: String,
args: Vec<String>,
kill: bool,
child: Child,
stdout: Pin<Box<dyn AsyncWrite>>,
}
impl Batch {
pub fn new(log: Logger, name: String, params: &HashMap<String, String>, userdb: UserDB)
-> Option<Self>
{
let cmd = params.get("cmd").map(|s| s.to_string())?;
let args = params.get("args").map(|argv|
argv.split_whitespace()
.map(|s| s.to_string())
.collect())
.unwrap_or_else(Vec::new);
let kill = params
.get("kill_on_exit")
.and_then(|kill|
kill.parse()
.or_else(|_| {
warn!(log, "Can't parse `kill_on_exit` for {} set as {} as boolean. \
Must be either \"True\" or \"False\".", &name, &s);
Ok(false)
})
.ok())
.unwrap_or(false);
info!(log, "Starting {} ({})…", &name, &cmd);
let mut child = Self::start(&name, &cmd, &args)
.map_err(|err| error!(log, "Failed to spawn {} ({}): {}", &name, &cmd, err))
.ok()?;
let stdout = Self::get_stdout(&mut child);
Ok(Self { log, userdb, name, cmd, args, kill, child, stdout })
}
fn start(name: &String, cmd: &String, args: &Vec<String>) -> std::io::Result<Child> {
let mut command = Command::new(cmd);
command
.stdin(Stdio::piped())
.stdout(Stdio::null())
.stderr(Stdio::piped())
.args(args.iter())
.arg(name);
command
.spawn()
}
fn get_stdout(child: &mut Child) -> Pin<Box<dyn AsyncWrite>> {
let stdout = child.stdout.expect("Actor child has closed stdout");
stdout.boxed_writer()
}
fn maybe_restart(&mut self, f: &mut Option<BoxFuture<'static, ()>>) -> bool {
let stat = self.child.try_status();
if stat.is_err() {
error!(self.log, "Can't check process for {} ({}) [{}]: {}",
&self.name, &self.cmd, self.child.id(), stat.unwrap_err());
return false;
}
if let Some(status) = stat.unwrap() {
warn!(self.log, "Process for {} ({}) exited with code {}",
&self.name, &self.cmd, status);
let errlog = self.log.new(o!("pid" => self.child.id()));
// If we have any stderr try to log it
if let Some(stderr) = self.child.stderr.take() {
*f = Some(Box::pin(async move {
let mut out = String::new();
match stderr.read_to_string(&mut out).await {
Err(e) => warn!(errlog, "Failed to read child stderr: {}", e),
Ok(n) => if n != 0 {
let errstr = String::from_utf8_lossy(out);
for line in errstr.lines() {
warn!(errlog, "{}", line);
}
}
}
}));
}
info!(self.log, "Attempting to re-start {}", &self.name);
let mut child = Self::start(&self.name, &self.cmd, &self.args)
.map_err(|err| error!(self.log, "Failed to spawn {} ({}): {}", &self.name, &self.cmd, err))
.ok();
// Nothing else to do with the currect architecture. In reality we should fail here
// because we *didn't apply* the change.
if child.is_none() {
false
}
self.child = child.unwrap();
}
true
}
}
#[derive(Debug, Clone, Serialize, Deserialize)]
struct StateChangeObj {
name: String,
state: MachineState,
}
impl StateChangeObj {
pub fn new(name: String, state: MachineState) -> Self {
Self { name, state }
}
}
impl Actuator for Batch {
fn apply(&mut self, state: MachineState) -> BoxFuture<'static, ()> {
debug!(self.log, "Giving {} ({}) new state: {:?}", &self.name, &self.cmd, &state);
let mut f = None;
if !self.maybe_restart(&mut f) {
return Box::pin(futures::future::ready(()));
}
let mut json = String::new();
// Per default compact
let ser = serde_json::ser::Serializer::new(&mut json);
let change = StateChangeObj::new(self.name.clone(), state);
change.serialize(&mut ser);
// Verify that this "line" does not contain any whitespace.
debug_assert!(!json.chars().any(|c| c == "\n"));
let stdin = self.child.stdin.take().expect("Batch actor child has closed stdin?!");
let errlog = self.log.new(o!("pid" => self.child.id()));
let g = async move {
if let Some(f) = f {
f.await;
}
if let Err(e) = stdin.write(json).await {
error!(errlog, "Failed to send statechange to child: {}", e);
}
};
Box::pin(g);
}
}

92
src/modules/process.rs
View File

@ -1,92 +0,0 @@
use std::collections::HashMap;
use std::process::Stdio;
use smol::process::Command;
use futures::future::FutureExt;
use crate::actor::Actuator;
use crate::db::machine::{MachineState, Status};
use futures::future::BoxFuture;
use slog::Logger;
pub struct Process {
log: Logger,
name: String,
cmd: String,
args: Vec<String>,
}
impl Process {
pub fn new(log: Logger, name: String, params: &HashMap<String, String>) -> Option<Self> {
let cmd = params.get("cmd").map(|s| s.to_string())?;
let args = params.get("args").map(|argv|
argv.split_whitespace()
.map(|s| s.to_string())
.collect())
.unwrap_or_else(Vec::new);
Some(Self { log, name, cmd, args })
}
pub fn into_boxed_actuator(self) -> Box<dyn Actuator + Sync + Send> {
Box::new(self)
}
}
impl Actuator for Process {
fn apply(&mut self, state: MachineState) -> BoxFuture<'static, ()> {
debug!(self.log, "Running {} ({}) for {:?}", &self.name, &self.cmd, &state);
let mut command = Command::new(&self.cmd);
command
.stdin(Stdio::null())
.args(self.args.iter())
.arg(&self.name);
let fstate = state.state.clone();
match state.state {
Status::Free => {
command.arg("free");
}
Status::InUse(by) => {
command.arg("inuse");
by.map(|user| command.arg(format!("{}", user)));
}
Status::ToCheck(by) => {
command.arg("tocheck")
.arg(format!("{}", by));
}
Status::Blocked(by) => {
command.arg("blocked")
.arg(format!("{}", by));
}
Status::Disabled => { command.arg("disabled"); },
Status::Reserved(by) => {
command.arg("reserved")
.arg(format!("{}", by));
}
}
let flog = self.log.new(o!());
let name = self.name.clone();
Box::pin(command.output().map(move |res| match res {
Ok(retv) if retv.status.success() => {
trace!(flog, "Actor was successful");
let outstr = String::from_utf8_lossy(&retv.stdout);
for line in outstr.lines() {
debug!(flog, "{}", line);
}
}
Ok(retv) => {
warn!(flog, "Actor {} returned nonzero status {} for State={:?}", name, retv.status, fstate);
if !retv.stderr.is_empty() {
let errstr = String::from_utf8_lossy(&retv.stderr);
for line in errstr.lines() {
warn!(flog, "{}", line);
}
}
}
Err(err) => { warn!(flog, "Actor {} failed to run cmd: {}", name, err); }
}))
}
}

52
src/modules/shelly.rs
View File

@ -1,52 +0,0 @@
use slog::Logger;
use crate::db::machine::Status;
use futures::prelude::*;
use futures::future::BoxFuture;
use crate::actor::Actuator;
use crate::db::machine::MachineState;
use paho_mqtt as mqtt;
/// An actuator for a Shellie connected listening on one MQTT broker
///
/// This actuator will toggle the shellie with the given `name`.
/// If you need to toggle shellies on multiple brokers you need multiple instanced of this
/// actuator with different clients.
pub struct Shelly {
log: Logger,
name: String,
client: mqtt::AsyncClient,
}
impl Shelly {
pub fn new(log: Logger, name: String, client: mqtt::AsyncClient) -> Self {
debug!(log, "Starting shelly module for {}", &name);
Shelly { log, name, client, }
}
/// Set the name to a new one. This changes the shelly that will be activated
pub fn set_name(&mut self, new_name: String) {
let log = self.log.new(o!("shelly_name" => new_name.clone()));
self.name = new_name;
self.log = log;
}
}
impl Actuator for Shelly {
fn apply(&mut self, state: MachineState) -> BoxFuture<'static, ()> {
info!(self.log, "Machine Status changed: {:?}", state);
let topic = format!("shellies/{}/relay/0/command", self.name);
let pl = match state.state {
Status::InUse(_) => "on",
_ => "off",
};
let msg = mqtt::Message::new(topic, pl, 0);
let f = self.client.publish(msg).map(|_| ());
return Box::pin(f);
}
}

176
src/server.rs
View File

@ -1,176 +0,0 @@
use slog::Logger;
use crate::config;
use crate::config::Config;
use crate::error::Error;
use crate::connection;
use smol::net::TcpListener;
use smol::net::unix::UnixStream;
use smol::LocalExecutor;
use smol::Executor;
use futures::prelude::*;
use std::io;
use std::sync::Arc;
use std::os::unix::io::AsRawFd;
use signal_hook::low_level::pipe as sigpipe;
use crate::db::Databases;
use crate::network::Network;
/// Handle all API connections and run the RPC tasks spawned from that on the local thread.
pub fn serve_api_connections(log: Arc<Logger>, config: Config, db: Databases, nw: Network, ex: Executor)
-> Result<(), Error>
{
let signal = Box::pin(async {
let (tx, mut rx) = UnixStream::pair()?;
// Initialize signal handler.
// We currently only care about Ctrl-C so SIGINT it is.
// TODO: Make this do SIGHUP and a few others too. (By cloning the tx end of the pipe)
sigpipe::register(signal_hook::consts::SIGINT, tx.as_raw_fd())?;
// When a signal is received this future can complete and read a byte from the underlying
// socket — the actual data is discarded but the act of being able to receive data tells us
// that we received a SIGINT.
// FIXME: What errors are possible and how to handle them properly?
rx.read_exact(&mut [0u8]).await?;
io::Result::Ok(LoopResult::Stop)
});
// Bind to each address in config.listens.
// This is a Stream over Futures so it will do absolutely nothing unless polled to completion
let listeners_s: futures::stream::Collect<_, Vec<TcpListener>>
= stream::iter((&config).listens.iter())
.map(|l| {
let addr = l.address.clone();
let port = l.port.unwrap_or(config::DEFAULT_PORT);
info!(&log, "Binding to {} port {}.", l.address.as_str(), &port);
TcpListener::bind((l.address.as_str(), port))
// If the bind errors, include the address so we can log it
// Since this closure is lazy we need to have a cloned addr
.map_err(move |e| { (addr, port, e) })
})
// Filter out the sockets we couldn't open and log those
.filter_map(|f| async {
match f.await {
Ok(l) => Some(l),
Err((addr, port, e)) => {
error!(&log, "Could not setup socket on {} port {}: {}", addr, port, e);
None
}
}
}).collect();
let local_ex = LocalExecutor::new();
let network = Arc::new(nw);
let inner_log = log.clone();
let loop_log = log.clone();
let control_fut = async {
// Generate a stream of TcpStreams appearing on any of the interfaces we listen to
let listeners = listeners_s.await;
let incoming = stream::select_all(listeners.iter().map(|l| l.incoming()));
// For each incoming connection start a new task to handle it
let handle_sockets = incoming.map(|socket| {
// incoming.next() returns an error when the underlying `accept` call yielded an error
// In POSIX those are protocol errors we can't really handle, so we just log the error
// and the move on
match socket {
Ok(socket) => {
// If we have it available add the peer's address to all log messages
let log =
if let Ok(addr) = socket.peer_addr() {
inner_log.new(o!("address" => addr))
} else {
inner_log.new(o!())
};
let db = db.clone();
let network = network.clone();
let tlog = inner_log.new(o!());
std::thread::spawn(move || {
let local_ex = LocalExecutor::new();
let mut handler = connection::ConnectionHandler::new(tlog, db, network);
// We handle the error using map_err
let f = handler.handle(socket)
.map_err(move |e| {
error!(log, "Error occured during protocol handling: {}", e);
})
// Void any and all results since pool.spawn allows no return value.
.map(|_| ());
// Spawn the connection context onto the local executor since it isn't Send
// Also `detach` it so the task isn't canceled as soon as it's dropped.
// TODO: Store all those tasks to have a easier way of managing them?
smol::block_on(f);
});
},
Err(e) => {
error!(inner_log, "Socket `accept` error: {}", e);
}
}
// Unless we are overloaded we just want to keep going.
return LoopResult::Continue;
});
info!(&log, "Started");
// Check each signal as it arrives
let handle_signals = signal.map(|r| { r.unwrap() }).into_stream();
let mut combined = stream::select(handle_signals, handle_sockets);
// This is the basic main loop that drives execution
loop {
match combined.next().await {
// When the result says to continue, do exactly that
Some(LoopResult::Continue) => {}
Some(LoopResult::Overloaded) => {
// In case over server overload we should install a replacement handler that
// would instead just return `overloaded` for all connections until the
// situation is remedied.
//
// For now, just log the overload and keep going.
error!(loop_log, "Server overloaded");
}
// When the result says to stop the server, do exactly that.
// Also catches a `None` from the stream; None should never be returned because it
// would mean all sockets were closed and we can not receive any further signals.
// Still, in that case shut down cleanly anyway, the only reason this could happen
// are some heavy bugs in the runtime
Some(LoopResult::Stop) | None => {
warn!(loop_log, "Stopping server");
break;
}
}
}
};
smol::block_on(smol::future::race(control_fut, ex.run(smol::future::pending())));
// TODO: Run actual shut down code here
info!(log, "Shutting down...");
// Returning () is an implicit success so this will properly set the exit code as well
Ok(())
}
/// The result of one iteration of the core loop
pub enum LoopResult {
/// Everything was fine, keep going
Continue,
/// Something happened that means we should shut down
Stop,
/// The Server is currently overloaded
Overloaded,
}

9
src/space.rs
View File

@ -1,9 +0,0 @@
use uuid::Uuid;
#[derive(Debug, Clone)]
pub struct Space {
pub id: Uuid,
pub name: String,
pub info: String,
}

0
src/state/mod.rs → src/state.rs
View File