From d568d46212c4785f50606d6a0bae9794b47ed65c Mon Sep 17 00:00:00 2001 From: Gregor Reitzenstein Date: Wed, 16 Dec 2020 14:04:50 +0100 Subject: [PATCH] Load roles into the accessdb --- src/db.rs | 4 +--- src/db/access.rs | 9 ++++++-- src/db/access/internal.rs | 43 +++++++++++---------------------------- src/main.rs | 7 ++++++- 4 files changed, 26 insertions(+), 37 deletions(-) diff --git a/src/db.rs b/src/db.rs index cb65212..e3c044c 100644 --- a/src/db.rs +++ b/src/db.rs @@ -49,10 +49,8 @@ impl Databases { let env = Arc::new(env); let mdb = machine::init(log.new(o!("system" => "machines")), &config, env.clone())?; - let mut ac = access::AccessControl::new(); - let permdb = access::init(log.new(o!("system" => "permissions")), &config, env.clone())?; - ac.add_source_unchecked("Internal".to_string(), Box::new(permdb)); + let mut ac = access::AccessControl::new(permdb); let passdb = pass::PassDB::init(log.new(o!("system" => "passwords")), env.clone()).unwrap(); diff --git a/src/db/access.rs b/src/db/access.rs index 7d7b0ab..1c3a1a7 100644 --- a/src/db/access.rs +++ b/src/db/access.rs @@ -30,15 +30,17 @@ use crate::error::Result; pub mod internal; use crate::db::user::UserData; -pub use internal::init; +pub use internal::{init, Internal}; pub struct AccessControl { + pub internal: Internal, sources: HashMap>, } impl AccessControl { - pub fn new() -> Self { + pub fn new(internal: Internal) -> Self { Self { + internal: internal, sources: HashMap::new() } } @@ -55,6 +57,9 @@ impl AccessControl { return Ok(true); } } + if self.internal.check(user, perm.as_ref())? { + return Ok(true); + } return Ok(false); } diff --git a/src/db/access/internal.rs b/src/db/access/internal.rs index 08a39ac..b4bd94e 100644 --- a/src/db/access/internal.rs +++ b/src/db/access/internal.rs @@ -24,12 +24,11 @@ pub struct Internal { log: Logger, env: Arc, roledb: lmdb::Database, - userdb: lmdb::Database, } impl Internal { - pub fn new(log: Logger, env: Arc, roledb: lmdb::Database, userdb: lmdb::Database) -> Self { - Self { log, env, roledb, userdb } + pub fn new(log: Logger, env: Arc, roledb: lmdb::Database) -> Self { + Self { log, env, roledb, } } /// Check if a given user has the given permission @@ -117,34 +116,19 @@ impl Internal { unimplemented!() } - pub fn load_db(&mut self, txn: &mut RwTransaction, mut path: PathBuf) -> Result<()> { - path.push("roles"); - if !path.is_dir() { - error!(self.log, "Given load directory is malformed, no 'roles' subdir, not loading roles!"); - } else { - self.load_roles(txn, path.as_path())?; - } - - Ok(()) + pub fn load_roles>(&self, path: P) -> Result<()> { + let mut txn = self.env.begin_rw_txn()?; + self.load_roles_txn(&mut txn, path.as_ref()) } + fn load_roles_txn(&self, txn: &mut RwTransaction, path: &Path) -> Result<()> { + let roles = Role::load_file(path)?; - fn load_roles(&mut self, txn: &mut RwTransaction, path: &Path) -> Result<()> { - if path.is_file() { - let roles = Role::load_file(path)?; - - for (k,v) in roles.iter() { - self.put_role(txn, k, v.clone())?; - } - } else { - for entry in std::fs::read_dir(path)? { - let roles = Role::load_file(entry?.path())?; - - for (k,v) in roles.iter() { - self.put_role(txn, k, v.clone())?; - } - } + for (k,v) in roles.iter() { + self.put_role(txn, k, v.clone())?; } + debug!(self.log, "Loaded roles: {:?}", roles); + Ok(()) } } @@ -182,9 +166,6 @@ pub fn init(log: Logger, config: &Settings, env: Arc) debug!(&log, "Opened access database '{}' successfully.", "role"); //let permdb = env.create_db(Some("perm"), flags)?; //debug!(&log, "Opened access database '{}' successfully.", "perm"); - let userdb = env.create_db(Some("user"), flags)?; - debug!(&log, "Opened access database '{}' successfully.", "user"); - info!(&log, "Opened all access databases"); - Ok(Internal::new(log, env, roledb, userdb)) + Ok(Internal::new(log, env, roledb)) } diff --git a/src/main.rs b/src/main.rs index a15d368..58df028 100644 --- a/src/main.rs +++ b/src/main.rs @@ -132,8 +132,8 @@ fn maybe(matches: clap::ArgMatches, log: Arc) -> Result<(), Error> { Ok(()) } else if matches.is_present("load") { let db = db::Databases::new(&log, &config)?; - let mut dir = PathBuf::from(matches.value_of_os("load").unwrap()); + dir.push("users.toml"); let map = db::user::load_file(&dir)?; for (uid,user) in map.iter() { @@ -141,6 +141,11 @@ fn maybe(matches: clap::ArgMatches, log: Arc) -> Result<(), Error> { } debug!(log, "Loaded users: {:?}", map); dir.pop(); + + dir.push("roles.toml"); + db.access.internal.load_roles(&dir)?; + dir.pop(); + Ok(()) } else { let ex = Executor::new();