vmario/fabaccess-bffh
1
0
Fork 0
mirror of https://gitlab.com/fabinfra/fabaccess/bffh.git synced 2024-11-24 15:47:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

Appease the borrow checker

Browse Source
This commit is contained in:
Gregor Reitzenstein 2020-02-18 01:41:32 +01:00
parent 764b08d4fa
commit a3fa03f0ee
2 changed files with 20 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
src/auth.rs
View File

@ -12,9 +12,22 @@ use std::io::{Read, Write};
use std::ops::Deref; use std::ops::Deref;
use futures_signals::signal::Mutable; use futures_signals::signal::Mutable;
use casbin::Enforcer; use casbin::{Enforcer, Model, FileAdapter};
use slog::Logger;
use crate::error::Result; use crate::error::Result;
use crate::config::Config;
pub async fn init(log: Logger, config: Config) -> Result<AuthenticationProvider> {
let passdb = open_passdb(&config.passdb).unwrap();
let m = Model::from_file(&config.access.model).await?;
let a = FileAdapter::new(config.access.policy);
let enforcer = Enforcer::new(m, Box::new(a)).await?;
Ok(AuthenticationProvider::new(passdb, enforcer))
}
#[derive(Debug)] #[derive(Debug)]
pub enum SASLError { pub enum SASLError {
@ -50,11 +63,10 @@ pub fn open_passdb(path: &Path) -> Option<PassDB> {
} }
} }
#[derive(Clone)]
pub struct Plain { pub struct Plain {
// FIXME: I don't want to store passwords. // FIXME: I don't want to store passwords.
passdb: Mutable<PassDB>, passdb: PassDB,
enforcer: Mutable<Enforcer>, enforcer: Enforcer,
} }
impl Plain { impl Plain {
@ -63,7 +75,7 @@ impl Plain {
if let Some((authzid, authcid, passwd)) = split_nul(data) { if let Some((authzid, authcid, passwd)) = split_nul(data) {
// Check if we know about that user // Check if we know about that user
if let Some(pwd) = self.passdb.lock_ref().get(authcid) { if let Some(pwd) = self.passdb.get(authcid) {
// Check the provided password // Check the provided password
// FIXME: At least use hashes // FIXME: At least use hashes
if pwd == passwd { if pwd == passwd {
@ -73,8 +85,7 @@ impl Plain {
return Ok((true, authcid)); return Ok((true, authcid));
} }
let e = self.enforcer.lock_ref(); if let Ok(b) = self.enforcer.enforce(vec![authcid, authzid, "su"]) {
if let Ok(b) = e.enforce(vec![authcid, authzid, "su"]) {
if b { if b {
return Ok((true, authzid)); return Ok((true, authzid));
} else { } else {
@ -109,7 +120,7 @@ pub struct AuthenticationProvider {
} }
impl AuthenticationProvider { impl AuthenticationProvider {
pub fn new(passdb: Mutable<PassDB>, enforcer: Mutable<Enforcer>) -> Self { pub fn new(passdb: PassDB, enforcer: Enforcer) -> Self {
Self { Self {
plain: Plain { passdb, enforcer } plain: Plain { passdb, enforcer }
} }

2
src/main.rs
View File

@ -106,7 +106,7 @@ fn main() -> Result<(), Error> {
// filtered // filtered
let machinedb_f = machine::init(log.new(o!("system" => "machinedb")), &config); let machinedb_f = machine::init(log.new(o!("system" => "machinedb")), &config);
let permission_f = access::init(log.new(o!("system" => "permissions")), &config); let permission_f = access::init(log.new(o!("system" => "permissions")), &config);
let authentication_f = auth::init(log.new(o!("system" => "authentication")), &config); let authentication_f = auth::init(log.new(o!("system" => "authentication")), config.clone());
// Bind to each address in config.listen. // Bind to each address in config.listen.
// This is a Stream over Futures so it will do absolutely nothing unless polled to completion // This is a Stream over Futures so it will do absolutely nothing unless polled to completion