From e135d7c8bd29ceeb1c3395d67b55d5685683f43f Mon Sep 17 00:00:00 2001 From: Gregor Reitzenstein Date: Mon, 17 Feb 2020 15:07:55 +0100 Subject: [PATCH] Logging --- src/access.rs | 15 ++++++++++++--- src/machine.rs | 4 ++++ src/main.rs | 6 ++++-- 3 files changed, 20 insertions(+), 5 deletions(-) diff --git a/src/access.rs b/src/access.rs index ce071a3..0d87576 100644 --- a/src/access.rs +++ b/src/access.rs @@ -1,6 +1,8 @@ //! Access control logic //! +use slog::Logger; + use casbin::prelude::*; use super::config::Config; @@ -13,19 +15,26 @@ use crate::error::Result; #[derive(Clone)] pub struct Permissions { + log: Logger, pdb: Mutable, auth: Authentication, } impl Permissions { - pub fn new(pdb: Mutable, auth: Authentication) -> Self { - Self { pdb, auth } + pub fn new(log: Logger, pdb: Mutable, auth: Authentication) -> Self { + Self { log, pdb, auth } } pub fn enforce(&self, object: &str, action: &str) -> bool { if let Some(actor) = self.auth.get_authzid() { - self.pdb.lock_ref().enforce(vec![&actor,object,action]).unwrap() + trace!(self.log, "Checking permission {} for {} on {}", action, actor, object); + let r = self.pdb.lock_ref().enforce(vec![&actor,object,action]).unwrap(); + if !r { + info!(self.log, "Failed permission {} for {} on {}", action, actor, object); + } + return r; } else { + info!(self.log, "Attempted anonymous access: {} on {}", action, object); false } } diff --git a/src/machine.rs b/src/machine.rs index 5eee400..edd6d90 100644 --- a/src/machine.rs +++ b/src/machine.rs @@ -64,11 +64,13 @@ impl api::machines::Server for Machines { let mut b = results.get(); let mngr = api::machines::manage::ToClient::new(manager).into_client::(); b.set_manage(mngr); + trace!(self.log, "Granted manage on machine {}", uuid); Promise::ok(()) } else { Promise::err(Error::failed("Permission denied".to_string())) } } else { + info!(self.log, "Attempted manage on invalid machine {}", uuid); Promise::err(Error::failed("No such machine".to_string())) } } @@ -84,8 +86,10 @@ impl api::machines::Server for Machines { let mdb = self.mdb.lock_ref(); if let Some(m) = mdb.get(&uuid) { + trace!(self.log, "Granted use on machine {}", uuid); Promise::ok(()) } else { + info!(self.log, "Attempted use on invalid machine {}", uuid); Promise::err(Error::failed("No such machine".to_string())) } } diff --git a/src/main.rs b/src/main.rs index 56b1f26..81c4246 100644 --- a/src/main.rs +++ b/src/main.rs @@ -55,6 +55,8 @@ fn main() { let addr = args[1].to_socket_addrs().unwrap().next().expect("could not parse address"); + let permlog = log.new(o!()); + let machlog = log.new(o!()); let spawner = exec.spawner(); let result: Result<(), Box> = exec.run_until(async move { @@ -64,8 +66,8 @@ fn main() { let socket = socket?; // TODO: Prettify session handling let auth = auth::Authentication::new(authp.clone()); - let perm = access::Permissions::new(enf.clone(), auth.clone()); - let mach = machine::Machines::new(m.clone(), perm.clone()); + let perm = access::Permissions::new(permlog.clone(), enf.clone(), auth.clone()); + let mach = machine::Machines::new(machlog.clone(), m.clone(), perm.clone()); let rpc_system = api::process_socket(auth, perm, mach, socket); spawner.spawn_local_obj(