mirror of
https://gitlab.com/fabinfra/fabaccess/bffh.git
synced 2024-11-24 15:47:57 +01:00
Appease the borrow checker
This commit is contained in:
parent
764b08d4fa
commit
a3fa03f0ee
27
src/auth.rs
27
src/auth.rs
@ -12,9 +12,22 @@ use std::io::{Read, Write};
|
|||||||
use std::ops::Deref;
|
use std::ops::Deref;
|
||||||
|
|
||||||
use futures_signals::signal::Mutable;
|
use futures_signals::signal::Mutable;
|
||||||
use casbin::Enforcer;
|
use casbin::{Enforcer, Model, FileAdapter};
|
||||||
|
|
||||||
|
use slog::Logger;
|
||||||
|
|
||||||
use crate::error::Result;
|
use crate::error::Result;
|
||||||
|
use crate::config::Config;
|
||||||
|
|
||||||
|
pub async fn init(log: Logger, config: Config) -> Result<AuthenticationProvider> {
|
||||||
|
let passdb = open_passdb(&config.passdb).unwrap();
|
||||||
|
|
||||||
|
let m = Model::from_file(&config.access.model).await?;
|
||||||
|
let a = FileAdapter::new(config.access.policy);
|
||||||
|
let enforcer = Enforcer::new(m, Box::new(a)).await?;
|
||||||
|
|
||||||
|
Ok(AuthenticationProvider::new(passdb, enforcer))
|
||||||
|
}
|
||||||
|
|
||||||
#[derive(Debug)]
|
#[derive(Debug)]
|
||||||
pub enum SASLError {
|
pub enum SASLError {
|
||||||
@ -50,11 +63,10 @@ pub fn open_passdb(path: &Path) -> Option<PassDB> {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#[derive(Clone)]
|
|
||||||
pub struct Plain {
|
pub struct Plain {
|
||||||
// FIXME: I don't want to store passwords.
|
// FIXME: I don't want to store passwords.
|
||||||
passdb: Mutable<PassDB>,
|
passdb: PassDB,
|
||||||
enforcer: Mutable<Enforcer>,
|
enforcer: Enforcer,
|
||||||
}
|
}
|
||||||
|
|
||||||
impl Plain {
|
impl Plain {
|
||||||
@ -63,7 +75,7 @@ impl Plain {
|
|||||||
if let Some((authzid, authcid, passwd)) = split_nul(data) {
|
if let Some((authzid, authcid, passwd)) = split_nul(data) {
|
||||||
|
|
||||||
// Check if we know about that user
|
// Check if we know about that user
|
||||||
if let Some(pwd) = self.passdb.lock_ref().get(authcid) {
|
if let Some(pwd) = self.passdb.get(authcid) {
|
||||||
// Check the provided password
|
// Check the provided password
|
||||||
// FIXME: At least use hashes
|
// FIXME: At least use hashes
|
||||||
if pwd == passwd {
|
if pwd == passwd {
|
||||||
@ -73,8 +85,7 @@ impl Plain {
|
|||||||
return Ok((true, authcid));
|
return Ok((true, authcid));
|
||||||
}
|
}
|
||||||
|
|
||||||
let e = self.enforcer.lock_ref();
|
if let Ok(b) = self.enforcer.enforce(vec![authcid, authzid, "su"]) {
|
||||||
if let Ok(b) = e.enforce(vec![authcid, authzid, "su"]) {
|
|
||||||
if b {
|
if b {
|
||||||
return Ok((true, authzid));
|
return Ok((true, authzid));
|
||||||
} else {
|
} else {
|
||||||
@ -109,7 +120,7 @@ pub struct AuthenticationProvider {
|
|||||||
}
|
}
|
||||||
|
|
||||||
impl AuthenticationProvider {
|
impl AuthenticationProvider {
|
||||||
pub fn new(passdb: Mutable<PassDB>, enforcer: Mutable<Enforcer>) -> Self {
|
pub fn new(passdb: PassDB, enforcer: Enforcer) -> Self {
|
||||||
Self {
|
Self {
|
||||||
plain: Plain { passdb, enforcer }
|
plain: Plain { passdb, enforcer }
|
||||||
}
|
}
|
||||||
|
@ -106,7 +106,7 @@ fn main() -> Result<(), Error> {
|
|||||||
// filtered
|
// filtered
|
||||||
let machinedb_f = machine::init(log.new(o!("system" => "machinedb")), &config);
|
let machinedb_f = machine::init(log.new(o!("system" => "machinedb")), &config);
|
||||||
let permission_f = access::init(log.new(o!("system" => "permissions")), &config);
|
let permission_f = access::init(log.new(o!("system" => "permissions")), &config);
|
||||||
let authentication_f = auth::init(log.new(o!("system" => "authentication")), &config);
|
let authentication_f = auth::init(log.new(o!("system" => "authentication")), config.clone());
|
||||||
|
|
||||||
// Bind to each address in config.listen.
|
// Bind to each address in config.listen.
|
||||||
// This is a Stream over Futures so it will do absolutely nothing unless polled to completion
|
// This is a Stream over Futures so it will do absolutely nothing unless polled to completion
|
||||||
|
Loading…
Reference in New Issue
Block a user