vmario/fabaccess-bffh
1
0
Fork 0
mirror of https://gitlab.com/fabinfra/fabaccess/bffh.git synced 2024-11-22 14:57:56 +01:00
Code Issues Packages Projects Releases Wiki Activity

make compile

Browse Source
This commit is contained in:
Gregor Reitzenstein 2021-09-09 21:50:11 +02:00 committed by Nadja Reitzenstein
parent 05cbfc7199
commit d0b73c9b49
11 changed files with 117 additions and 173 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Cargo.lock generated
View File

@ -1538,9 +1538,9 @@ checksum = "f497285884f3fcff424ffc933e56d7cbca511def0c9831a7f9b5f6153e3cc89b"
[[package]] [[package]]
name = "rsasl" name = "rsasl"
version = "1.0.1" version = "1.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8461935926602b09123ddb976f0fa4d54df63b23adff4da0a0e71b96d635fcb0" checksum = "165e25c96193ef9f5eeb7e68e868c5543b30d6a68bef5470be45ae2416466817"
dependencies = [ dependencies = [
"discard", "discard",
"gsasl-sys", "gsasl-sys",

2
Cargo.toml
View File

@ -43,7 +43,7 @@ uuid = { version = "0.8.2", features = ["serde", "v4"] }
clap = "2.33.3" clap = "2.33.3"
# TODO update this if bindgen breaks (again) # TODO update this if bindgen breaks (again)
rsasl = "1.0.1" rsasl = "1.4.0"
#rsasl = { path = "../../rsasl" } #rsasl = { path = "../../rsasl" }
# rumqtt needs tokio which I'm trying to get away from # rumqtt needs tokio which I'm trying to get away from

22
src/api.rs
View File

@ -31,33 +31,33 @@ impl Bootstrap {
use connection_capnp::bootstrap::*; use connection_capnp::bootstrap::*;
impl connection_capnp::bootstrap::Server for Bootstrap { impl connection_capnp::bootstrap::Server for Bootstrap {
fn auth(&mut self, fn authentication_system(&mut self,
_: Params<auth_params::Owned>, _: AuthenticationSystemParams,
mut res: Results<auth_results::Owned> mut res: AuthenticationSystemResults
) -> Promise<(), capnp::Error> { ) -> Promise<(), capnp::Error> {
// TODO: Forbid mutltiple authentication for now // TODO: Forbid mutltiple authentication for now
// TODO: When should we allow multiple auth and how do me make sure that does not leak // TODO: When should we allow multiple auth and how do me make sure that does not leak
// priviledges (e.g. due to previously issues caps)? // priviledges (e.g. due to previously issues caps)?
res.get().set_auth(capnp_rpc::new_client(auth::Auth::new(self.db.clone(), self.session.clone()))); res.get().set_authentication_system(capnp_rpc::new_client(auth::Auth::new(self.db.clone(), self.session.clone())));
Promise::ok(()) Promise::ok(())
} }
fn permissions(&mut self, fn permission_system(&mut self,
_: Params<permissions_params::Owned>, _: PermissionSystemParams,
_: Results<permissions_results::Owned> _: PermissionSystemResults
) -> Promise<(), capnp::Error> { ) -> Promise<(), capnp::Error> {
Promise::ok(()) Promise::ok(())
} }
fn machines(&mut self, fn machine_system(&mut self,
_: Params<machines_params::Owned>, _: MachineSystemParams,
mut res: Results<machines_results::Owned> mut res: MachineSystemResults
) -> Promise<(), capnp::Error> { ) -> Promise<(), capnp::Error> {
// TODO actual permission check and stuff // TODO actual permission check and stuff
let c = capnp_rpc::new_client(Machines::new(self.session.clone(), self.db.clone(), self.nw.clone())); let c = capnp_rpc::new_client(Machines::new(self.session.clone(), self.db.clone(), self.nw.clone()));
res.get().set_machines(c); res.get().set_machine_system(c);
Promise::ok(()) Promise::ok(())
} }

59
src/api/auth.rs
View File

@ -7,11 +7,11 @@ use std::sync::Arc;
use rsasl::{ use rsasl::{
SASL, SASL,
RSASL,
Property, Property,
Session as SaslSession, Session as SaslSession,
ReturnCode, ReturnCode,
Callback, Callback,
SaslCtx,
Step, Step,
}; };
@ -21,7 +21,7 @@ use capnp::capability::{Params, Results, Promise};
use crate::api::Session; use crate::api::Session;
pub use crate::schema::auth_capnp; pub use crate::schema::authenticationsystem_capnp as auth_system;
use crate::db::Databases; use crate::db::Databases;
use crate::db::pass::PassDB; use crate::db::pass::PassDB;
use crate::db::user::{Internal as UserDB}; use crate::db::user::{Internal as UserDB};
@ -34,31 +34,29 @@ pub struct SessionData {
session: Arc<Session>, session: Arc<Session>,
} }
struct CB; struct CB;
impl Callback<AppData, SessionData> for CB { impl Callback<AppData, SessionData> for CB {
fn callback(mut sasl: SaslCtx<AppData, SessionData>, mut session: SaslSession<SessionData>, prop: Property) -> libc::c_int { fn callback(sasl: &mut SASL<AppData, SessionData>,
session: &mut SaslSession<SessionData>,
prop: Property
) -> Result<(), ReturnCode>
{
let ret = match prop { let ret = match prop {
Property::GSASL_VALIDATE_SIMPLE => { Property::GSASL_VALIDATE_SIMPLE => {
// FIXME: get_property and retrive_mut can't be used interleaved but that's // FIXME: get_property and retrieve_mut can't be used interleaved but that's
// technically safe. // technically safe.
let cap_session = session.retrieve_mut().map(|sd| sd.session.clone()); let cap_session = session.retrieve_mut().map(|sd| sd.session.clone());
let authid = match session.get_property(Property::GSASL_AUTHID) { let authid: &str = session
None => return ReturnCode::GSASL_NO_AUTHID as libc::c_int, .get_property(Property::GSASL_AUTHID)
Some(a) => { .ok_or(ReturnCode::GSASL_NO_AUTHID)
match a.to_str() { .and_then(|a| match a.to_str() {
Ok(s) => s, Ok(s) => Ok(s),
Err(_) => return ReturnCode::GSASL_SASLPREP_ERROR as libc::c_int, Err(_) => Err(ReturnCode::GSASL_SASLPREP_ERROR),
} })?;
},
};
let pass = session.get_property(Property::GSASL_PASSWORD); let pass = session.get_property(Property::GSASL_PASSWORD)
if pass.is_none() { .ok_or(ReturnCode::GSASL_NO_PASSWORD)?;
return ReturnCode::GSASL_NO_PASSWORD as libc::c_int;
}
let pass = pass.unwrap();
if let Some(appdata) = sasl.retrieve_mut() { if let Some(appdata) = sasl.retrieve_mut() {
@ -70,7 +68,8 @@ impl Callback<AppData, SessionData> for CB {
} }
} }
ReturnCode::GSASL_OK // Early return, implicitly returns GSASL_OK
return Ok(());
} else { } else {
ReturnCode::GSASL_AUTHENTICATION_ERROR ReturnCode::GSASL_AUTHENTICATION_ERROR
} }
@ -86,12 +85,12 @@ impl Callback<AppData, SessionData> for CB {
ReturnCode::GSASL_NO_CALLBACK ReturnCode::GSASL_NO_CALLBACK
} }
}; };
ret as libc::c_int Err(ret)
} }
} }
pub struct Auth { pub struct Auth {
pub ctx: SASL<AppData, SessionData>, pub ctx: RSASL<AppData, SessionData>,
session: Arc<Session>, session: Arc<Session>,
} }
@ -111,11 +110,11 @@ impl Auth {
} }
} }
use auth_capnp::authentication::*; use crate::schema::authenticationsystem_capnp::*;
impl auth_capnp::authentication::Server for Auth { impl authentication_system::Server for Auth {
fn mechanisms(&mut self, fn mechanisms(&mut self,
_: Params<mechanisms_params::Owned>, _: authentication_system::MechanismsParams,
mut res: Results<mechanisms_results::Owned> mut res: authentication_system::MechanismsResults
) -> Promise<(), capnp::Error> { ) -> Promise<(), capnp::Error> {
let mechs = match self.ctx.server_mech_list() { let mechs = match self.ctx.server_mech_list() {
Ok(m) => m, Ok(m) => m,
@ -139,8 +138,8 @@ impl auth_capnp::authentication::Server for Auth {
// TODO: return Outcome instead of exceptions // TODO: return Outcome instead of exceptions
fn start(&mut self, fn start(&mut self,
params: Params<start_params::Owned>, params: authentication_system::StartParams,
mut res: Results<start_results::Owned> mut res: authentication_system::StartResults
) -> Promise<(), capnp::Error> { ) -> Promise<(), capnp::Error> {
let req = pry!(pry!(params.get()).get_request()); let req = pry!(pry!(params.get()).get_request());
@ -159,7 +158,7 @@ impl auth_capnp::authentication::Server for Auth {
session.store(Box::new(SessionData { session: self.session.clone() })); session.store(Box::new(SessionData { session: self.session.clone() }));
// If the client has provided initial data go use that // If the client has provided initial data go use that
use auth_capnp::request::initial_response::Which; use request::initial_response::Which;
let step_res = match req.get_initial_response().which() { let step_res = match req.get_initial_response().which() {
Err(capnp::NotInSchema(_)) => Err(capnp::NotInSchema(_)) =>
return Promise::err(capnp::Error { return Promise::err(capnp::Error {
@ -180,7 +179,7 @@ impl auth_capnp::authentication::Server for Auth {
// TODO: Set the session user. Needs a lookup though <.> // TODO: Set the session user. Needs a lookup though <.>
match step_res { match step_res {
Ok(Step::Done(b)) => { Ok(Step::Done(b)) => {
use auth_capnp::response::Result; use response::Result;
let mut outcome = pry!(res.get().get_response()).init_outcome(); let mut outcome = pry!(res.get().get_response()).init_outcome();
outcome.reborrow().set_result(Result::Successful); outcome.reborrow().set_result(Result::Successful);

103
src/api/machine.rs
View File

@ -6,8 +6,7 @@ use capnp::Error;
use futures::FutureExt; use futures::FutureExt;
use crate::schema::api_capnp::State; use crate::schema::machine_capnp::machine::*;
use crate::schema::api_capnp::machine::*;
use crate::connection::Session; use crate::connection::Session;
use crate::db::Databases; use crate::db::Databases;
use crate::db::machine::{Status, MachineState}; use crate::db::machine::{Status, MachineState};
@ -26,42 +25,9 @@ impl Machine {
} }
pub fn fill(self: Arc<Self>, builder: &mut Builder) { pub fn fill(self: Arc<Self>, builder: &mut Builder) {
builder.set_read(capnp_rpc::new_client(Read(self.clone())));
builder.set_write(capnp_rpc::new_client(Write(self.clone())));
builder.set_manage(capnp_rpc::new_client(Manage(self.clone()))); builder.set_manage(capnp_rpc::new_client(Manage(self.clone())));
builder.set_admin(capnp_rpc::new_client(Admin(self.clone()))); builder.set_admin(capnp_rpc::new_client(Admin(self.clone())));
} }
pub async fn fill_info(&self, builder: &mut m_info::Builder<'_>) {
let guard = self.machine.lock().await;
builder.set_name(guard.desc.name.as_ref());
if let Some(desc) = guard.desc.description.as_ref() {
builder.set_description(desc);
}
match guard.read_state().lock_ref().deref().state {
Status::Free => {
builder.set_state(State::Free);
}
Status::Disabled => {
builder.set_state(State::Disabled);
}
Status::Blocked(_) => {
builder.set_state(State::Blocked);
}
Status::InUse(_) => {
builder.set_state(State::InUse);
}
Status::ToCheck(_) => {
builder.set_state(State::ToCheck);
}
Status::Reserved(_) => {
builder.set_state(State::Reserved);
}
}
}
} }
#[derive(Clone)] #[derive(Clone)]
@ -73,31 +39,15 @@ impl Read {
} }
} }
impl read::Server for Read { impl info::Server for Read {
fn info(&mut self,
_params: read::InfoParams,
mut results: read::InfoResults)
-> Promise<(), Error>
{
let this = self.clone();
let f = async move {
let mut b = results.get().init_minfo();
this.0.fill_info(&mut b).await;
Ok(())
};
Promise::from_future(f)
}
} }
struct Write(Arc<Machine>); struct Write(Arc<Machine>);
impl write::Server for Write { impl use_::Server for Write {
fn use_(&mut self, fn use_(&mut self,
_params: write::UseParams, _params: use_::UseParams,
mut results: write::UseResults) mut results: use_::UseResults)
-> Promise<(), Error> -> Promise<(), Error>
{ {
let uid = self.0.session.user.try_lock().unwrap().as_ref().map(|u| u.id.clone()); let uid = self.0.session.user.try_lock().unwrap().as_ref().map(|u| u.id.clone());
@ -112,9 +62,6 @@ impl write::Server for Write {
match res_token { match res_token {
// TODO: Do something with the token we get returned // TODO: Do something with the token we get returned
Ok(tok) => { Ok(tok) => {
let gb = GiveBack(Some(tok));
results.get().set_ret(capnp_rpc::new_client(gb));
return Ok(()); return Ok(());
}, },
Err(e) => Err(capnp::Error::failed(format!("State change request returned {}", e))), Err(e) => Err(capnp::Error::failed(format!("State change request returned {}", e))),
@ -125,16 +72,19 @@ impl write::Server for Write {
} }
fn reserve(&mut self, fn reserve(&mut self,
_params: write::ReserveParams, _params: use_::ReserveParams,
_results: write::ReserveResults) _results: use_::ReserveResults)
-> Promise<(), Error> -> Promise<(), Error>
{ {
unimplemented!() unimplemented!()
} }
fn get_give_back(&mut self, }
_params: write::GetGiveBackParams,
mut results: write::GetGiveBackResults) impl in_use::Server for Write {
fn give_back(&mut self,
_params: in_use::GiveBackParams,
mut results: in_use::GiveBackResults)
-> Promise<(), Error> -> Promise<(), Error>
{ {
let this = self.0.clone(); let this = self.0.clone();
@ -148,9 +98,6 @@ impl write::Server for Write {
let user = sess.user.lock().await; let user = sess.user.lock().await;
if let Some(u) = user.as_ref() { if let Some(u) = user.as_ref() {
if u.id == uid { if u.id == uid {
let token = this.machine.create_token();
let gb = GiveBack(Some(token));
results.get().set_ret(capnp_rpc::new_client(gb));
} }
} }
}, },
@ -164,33 +111,9 @@ impl write::Server for Write {
} }
} }
struct GiveBack(Option<ReturnToken>);
impl write::give_back::Server for GiveBack {
fn ret(&mut self,
_params: write::give_back::RetParams,
_results: write::give_back::RetResults)
-> Promise<(), Error>
{
if let Some(rt) = self.0.take() {
// Err here just means machine was taken from us
Promise::from_future(rt.map(|()| Ok(())))
} else {
Promise::ok(())
}
}
}
struct Manage(Arc<Machine>); struct Manage(Arc<Machine>);
impl manage::Server for Manage { impl manage::Server for Manage {
fn ok(&mut self,
_params: manage::OkParams,
_results: manage::OkResults)
-> Promise<(), Error>
{
unimplemented!()
}
} }
struct Admin(Arc<Machine>); struct Admin(Arc<Machine>);

33
src/api/machines.rs
View File

@ -3,7 +3,8 @@ use std::sync::Arc;
use capnp::capability::Promise; use capnp::capability::Promise;
use capnp::Error; use capnp::Error;
use crate::schema::api_capnp::machines; use crate::schema::machinesystem_capnp::machine_system;
use crate::schema::machinesystem_capnp::machine_system::info as machines;
use crate::connection::Session; use crate::connection::Session;
use crate::db::Databases; use crate::db::Databases;
@ -29,40 +30,28 @@ impl Machines {
} }
} }
impl machine_system::Server for Machines {
}
impl machines::Server for Machines { impl machines::Server for Machines {
fn list_machines(&mut self, fn get_machine_list(&mut self,
_params: machines::ListMachinesParams, _params: machines::GetMachineListParams,
mut results: machines::ListMachinesResults) mut results: machines::GetMachineListResults)
-> Promise<(), Error> -> Promise<(), Error>
{ {
let v: Vec<(String, crate::machine::Machine)> = self.network.machines.iter() let v: Vec<(String, crate::machine::Machine)> = self.network.machines.iter()
.map(|(n, m)| (n.clone(), m.clone())) .map(|(n, m)| (n.clone(), m.clone()))
.collect(); .collect();
let mut machines = results.get().init_machines(v.len() as u32); /*let mut machines = results.get().init_machines(v.len() as u32);
for (i, (name, machine)) in v.into_iter().enumerate() { for (i, (name, machine)) in v.into_iter().enumerate() {
trace!(self.session.log, "Adding machine #{} {}: {:?}", i, name, machine); trace!(self.session.log, "Adding machine #{} {}: {:?}", i, name, machine);
let machine = Arc::new(Machine::new(self.session.clone(), machine, self.db.clone())); let machine = Arc::new(Machine::new(self.session.clone(), machine, self.db.clone()));
let mut builder = machines.reborrow().get(i as u32); let mut builder = machines.reborrow().get(i as u32);
machine.fill(&mut builder); machine.fill(&mut builder);
} }*/
Promise::ok(())
}
fn get_machine(&mut self,
params: machines::GetMachineParams,
mut results: machines::GetMachineResults)
-> Promise<(), Error>
{
if let Ok(uid) = params.get().and_then(|x| x.get_uid()) {
if let Some(machine_inner) = self.network.machines.get(uid) {
let machine = Arc::new(Machine::new(self.session.clone(), machine_inner.clone(), self.db.clone()));
let mut builder = results.get().init_machine();
Machine::fill(machine, &mut builder);
}
}
Promise::ok(()) Promise::ok(())
} }

15
src/db/machine.rs
View File

@ -7,8 +7,6 @@ use std::sync::Arc;
use crate::error::Result; use crate::error::Result;
use crate::config::Config; use crate::config::Config;
use uuid::Uuid;
use crate::db::user::UserId; use crate::db::user::UserId;
pub mod internal; pub mod internal;
@ -34,19 +32,6 @@ pub enum Status {
Reserved(UserId), Reserved(UserId),
} }
pub fn uuid_from_api(uuid: crate::schema::api_capnp::u_u_i_d::Reader) -> Uuid {
let uuid0 = uuid.get_uuid0() as u128;
let uuid1 = uuid.get_uuid1() as u128;
let num: u128 = (uuid1 << 64) + uuid0;
Uuid::from_u128(num)
}
pub fn api_from_uuid(uuid: Uuid, mut wr: crate::schema::api_capnp::u_u_i_d::Builder) {
let num = uuid.as_u128();
let uuid0 = num as u64;
let uuid1 = (num >> 64) as u64;
wr.set_uuid0(uuid0);
wr.set_uuid1(uuid1);
}
#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)] #[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
/// The status of the machine /// The status of the machine

37
src/machine.rs
View File

@ -27,6 +27,29 @@ use crate::db::machine::{MachineIdentifier, MachineState, Status};
use crate::db::user::{User, UserData}; use crate::db::user::{User, UserData};
use crate::network::MachineMap; use crate::network::MachineMap;
use crate::space;
// Registry of all machines configured.
// TODO:
// - Serialize machines into config
// - Deserialize machines from config
// - Index machines on deserialization to we can look them up efficiently
// - Maybe store that index too
// - Iterate over all or a subset of machines efficiently
pub struct Machines {
machines: Vec<Machine>
}
impl Machines {
/// Load machines from the config, looking up and linking the database entries as necessary
pub fn load() -> Self {
unimplemented!()
}
pub fn lookup(id: String) -> Option<Machine> {
unimplemented!()
}
}
#[derive(Debug, Clone)] #[derive(Debug, Clone)]
pub struct Index { pub struct Index {
@ -49,15 +72,27 @@ impl Index {
} }
} }
// Access data of one machine efficiently, using getters/setters for data stored in LMDB backed
// memory
#[derive(Debug, Clone)] #[derive(Debug, Clone)]
pub struct Machine { pub struct Machine {
pub id: uuid::Uuid,
pub name: String,
pub description: String,
inner: Arc<Mutex<Inner>>, inner: Arc<Mutex<Inner>>,
access: Arc<access::AccessControl>, access: Arc<access::AccessControl>,
} }
impl Machine { impl Machine {
pub fn new(inner: Inner, access: Arc<access::AccessControl>) -> Self { pub fn new(inner: Inner, access: Arc<access::AccessControl>) -> Self {
Self { inner: Arc::new(Mutex::new(inner)), access: access } Self {
id: uuid::Uuid::default(),
name: "".to_string(),
description: "".to_string(),
inner: Arc::new(Mutex::new(inner)),
access: access,
}
} }
pub fn construct pub fn construct

1
src/main.rs
View File

@ -23,6 +23,7 @@ mod server;
mod network; mod network;
mod actor; mod actor;
mod initiator; mod initiator;
mod space;
use clap::{App, Arg}; use clap::{App, Arg};

5
src/server.rs
View File

@ -15,6 +15,9 @@ use std::io;
use std::sync::Arc; use std::sync::Arc;
use std::os::unix::io::AsRawFd;
use signal_hook::low_level::pipe as sigpipe;
use crate::db::Databases; use crate::db::Databases;
use crate::network::Network; use crate::network::Network;
@ -27,7 +30,7 @@ pub fn serve_api_connections(log: Arc<Logger>, config: Config, db: Databases, nw
// Initialize signal handler. // Initialize signal handler.
// We currently only care about Ctrl-C so SIGINT it is. // We currently only care about Ctrl-C so SIGINT it is.
// TODO: Make this do SIGHUP and a few others too. (By cloning the tx end of the pipe) // TODO: Make this do SIGHUP and a few others too. (By cloning the tx end of the pipe)
signal_hook::pipe::register(signal_hook::SIGINT, tx)?; sigpipe::register(signal_hook::consts::SIGINT, tx.as_raw_fd())?;
// When a signal is received this future can complete and read a byte from the underlying // When a signal is received this future can complete and read a byte from the underlying
// socket — the actual data is discarded but the act of being able to receive data tells us // socket — the actual data is discarded but the act of being able to receive data tells us
// that we received a SIGINT. // that we received a SIGINT.

9
src/space.rs Normal file
View File

@ -0,0 +1,9 @@
use uuid::Uuid;
#[derive(Debug, Clone)]
pub struct Space {
pub id: Uuid,
pub name: String,
pub info: String,
}