Load roles into the accessdb

This commit is contained in:
Gregor Reitzenstein 2020-12-16 14:04:50 +01:00
parent 8f5cea673b
commit d568d46212
4 changed files with 26 additions and 37 deletions

View File

@ -49,10 +49,8 @@ impl Databases {
let env = Arc::new(env); let env = Arc::new(env);
let mdb = machine::init(log.new(o!("system" => "machines")), &config, env.clone())?; let mdb = machine::init(log.new(o!("system" => "machines")), &config, env.clone())?;
let mut ac = access::AccessControl::new();
let permdb = access::init(log.new(o!("system" => "permissions")), &config, env.clone())?; let permdb = access::init(log.new(o!("system" => "permissions")), &config, env.clone())?;
ac.add_source_unchecked("Internal".to_string(), Box::new(permdb)); let mut ac = access::AccessControl::new(permdb);
let passdb = pass::PassDB::init(log.new(o!("system" => "passwords")), env.clone()).unwrap(); let passdb = pass::PassDB::init(log.new(o!("system" => "passwords")), env.clone()).unwrap();

View File

@ -30,15 +30,17 @@ use crate::error::Result;
pub mod internal; pub mod internal;
use crate::db::user::UserData; use crate::db::user::UserData;
pub use internal::init; pub use internal::{init, Internal};
pub struct AccessControl { pub struct AccessControl {
pub internal: Internal,
sources: HashMap<String, Box<dyn RoleDB>>, sources: HashMap<String, Box<dyn RoleDB>>,
} }
impl AccessControl { impl AccessControl {
pub fn new() -> Self { pub fn new(internal: Internal) -> Self {
Self { Self {
internal: internal,
sources: HashMap::new() sources: HashMap::new()
} }
} }
@ -55,6 +57,9 @@ impl AccessControl {
return Ok(true); return Ok(true);
} }
} }
if self.internal.check(user, perm.as_ref())? {
return Ok(true);
}
return Ok(false); return Ok(false);
} }

View File

@ -24,12 +24,11 @@ pub struct Internal {
log: Logger, log: Logger,
env: Arc<Environment>, env: Arc<Environment>,
roledb: lmdb::Database, roledb: lmdb::Database,
userdb: lmdb::Database,
} }
impl Internal { impl Internal {
pub fn new(log: Logger, env: Arc<Environment>, roledb: lmdb::Database, userdb: lmdb::Database) -> Self { pub fn new(log: Logger, env: Arc<Environment>, roledb: lmdb::Database) -> Self {
Self { log, env, roledb, userdb } Self { log, env, roledb, }
} }
/// Check if a given user has the given permission /// Check if a given user has the given permission
@ -117,34 +116,19 @@ impl Internal {
unimplemented!() unimplemented!()
} }
pub fn load_db(&mut self, txn: &mut RwTransaction, mut path: PathBuf) -> Result<()> { pub fn load_roles<P: AsRef<Path>>(&self, path: P) -> Result<()> {
path.push("roles"); let mut txn = self.env.begin_rw_txn()?;
if !path.is_dir() { self.load_roles_txn(&mut txn, path.as_ref())
error!(self.log, "Given load directory is malformed, no 'roles' subdir, not loading roles!");
} else {
self.load_roles(txn, path.as_path())?;
}
Ok(())
} }
fn load_roles_txn(&self, txn: &mut RwTransaction, path: &Path) -> Result<()> {
let roles = Role::load_file(path)?;
fn load_roles(&mut self, txn: &mut RwTransaction, path: &Path) -> Result<()> { for (k,v) in roles.iter() {
if path.is_file() { self.put_role(txn, k, v.clone())?;
let roles = Role::load_file(path)?;
for (k,v) in roles.iter() {
self.put_role(txn, k, v.clone())?;
}
} else {
for entry in std::fs::read_dir(path)? {
let roles = Role::load_file(entry?.path())?;
for (k,v) in roles.iter() {
self.put_role(txn, k, v.clone())?;
}
}
} }
debug!(self.log, "Loaded roles: {:?}", roles);
Ok(()) Ok(())
} }
} }
@ -182,9 +166,6 @@ pub fn init(log: Logger, config: &Settings, env: Arc<lmdb::Environment>)
debug!(&log, "Opened access database '{}' successfully.", "role"); debug!(&log, "Opened access database '{}' successfully.", "role");
//let permdb = env.create_db(Some("perm"), flags)?; //let permdb = env.create_db(Some("perm"), flags)?;
//debug!(&log, "Opened access database '{}' successfully.", "perm"); //debug!(&log, "Opened access database '{}' successfully.", "perm");
let userdb = env.create_db(Some("user"), flags)?;
debug!(&log, "Opened access database '{}' successfully.", "user");
info!(&log, "Opened all access databases");
Ok(Internal::new(log, env, roledb, userdb)) Ok(Internal::new(log, env, roledb))
} }

View File

@ -132,8 +132,8 @@ fn maybe(matches: clap::ArgMatches, log: Arc<Logger>) -> Result<(), Error> {
Ok(()) Ok(())
} else if matches.is_present("load") { } else if matches.is_present("load") {
let db = db::Databases::new(&log, &config)?; let db = db::Databases::new(&log, &config)?;
let mut dir = PathBuf::from(matches.value_of_os("load").unwrap()); let mut dir = PathBuf::from(matches.value_of_os("load").unwrap());
dir.push("users.toml"); dir.push("users.toml");
let map = db::user::load_file(&dir)?; let map = db::user::load_file(&dir)?;
for (uid,user) in map.iter() { for (uid,user) in map.iter() {
@ -141,6 +141,11 @@ fn maybe(matches: clap::ArgMatches, log: Arc<Logger>) -> Result<(), Error> {
} }
debug!(log, "Loaded users: {:?}", map); debug!(log, "Loaded users: {:?}", map);
dir.pop(); dir.pop();
dir.push("roles.toml");
db.access.internal.load_roles(&dir)?;
dir.pop();
Ok(()) Ok(())
} else { } else {
let ex = Executor::new(); let ex = Executor::new();