wip auth

diff --git a/src/cmdlistener.rs b/src/cmdlistener.rs
index 41560e12d6b5f9bbb7c5b814828dc07f899c1e59..f6e18a9a457d1022f7969cf7347149f223b3dc60 100644 (file)
--- a/src/cmdlistener.rs
+++ b/src/cmdlistener.rs
@@ -113,8 +113,8 @@ impl From<ConnectionEuidDiscoverEerror> for AuthorisationError {
 
 impl CommandStream<'_> {
   #[throws(AuthorisationError)]
-  fn authorised_uid(&self, wanted: Option<uid_t>)
-                    -> Authorised<(Passwd,uid_t)> {
+  fn authorised_uid(&self, wanted: Option<uid_t>, xinfo: Option<&str>)
+                    -> Authorised<(Passwd,uid_t),> {
     let client_euid = *self.euid.as_ref().map_err(|e| e.clone())?;
     let server_euid = unsafe { libc::getuid() };
     if client_euid == 0 ||
@@ -123,8 +123,9 @@ impl CommandStream<'_> {
     {
       return Authorised::authorise();
     }
-    Err(anyhow!("{}: euid mismatch: client={:?} server={:?} wanted={:?}",
-                &self.desc, client_euid, server_euid, wanted))?
+    Err(anyhow!("{}: euid mismatch: client={:?} server={:?} wanted={:?}{}",
+                &self.desc, client_euid, server_euid, wanted,
+                xinfo.unwrap_or("")))?
   }
 
   fn map_auth_err(&self, ae: AuthorisationError) -> MgmtError {
@@ -147,7 +148,7 @@ fn authorise_scope(cs: &CommandStream, wanted: &ManagementScope)
       let y : AS<
         Authorised<(Passwd,uid_t)>,
       > = {
-        let ok = cs.authorised_uid(None)?;
+        let ok = cs.authorised_uid(None,None)?;
         (ok,
          ManagementScope::XXX)
       };
@@ -170,27 +171,38 @@ fn authorise_scope(cs: &CommandStream, wanted: &ManagementScope)
             ))
           )?;
 
-        let userlist_info = (||{ <Result<_,anyhow::Error>>::Ok({
-          let allowed = BufReader::new(File::open(USERLIST)?);
+        let (in_userlist, xinfo) = (||{ <Result<(_,Option<String>),anyhow::Error>>::Ok({
+          let allowed = BufReader::new(match File::open(USERLIST) {
+            Err(e) if e.kind() == ErrorKind::NotFound => {
+              return Ok((
+                AuthorisedIf{ authorized_for: None },
+                Some(format!(" user list {} does not exist", USERLIST))
+              ))
+            },
+            r => r,            
+          }?);
           allowed
             .lines()
             .filter_map(|le| match le {
               Ok(l) if l.trim() == wanted => Some(
-                Ok(AuthorisedIf{ authorized_for: Some(pwent.uid) })
+                Ok((
+                  AuthorisedIf{ authorized_for: Some(pwent.uid) },
+                  None
+                ))
               ),
               Ok(_) => None,
               Err(e) => Some(<Result<_,anyhow::Error>>::Err(e.into())),
             })
             .next()
             .unwrap_or_else(
-              || Err(anyhow!("requested username {:?} not in {:?}",
+              || Err(anyhow!(" requested username {:?} not in {:?}",
                              &wanted, USERLIST))
             )?
         })})()?;
 
-        let AuthorisedIf{ authorized_for } = userlist_info;
-        let ok = cs.authorised_uid(authorized_for)?;
-
+        let AuthorisedIf{ authorized_for } = in_userlist;
+        let info = xinfo.as_ref().map(|s| s.as_str());
+        let ok = cs.authorised_uid(authorized_for, info)?;
         (ok,
          ManagementScope::Unix { user: pwent.name })
       };

diff --git a/src/imports.rs b/src/imports.rs
index 0229faad63be860ab95bf43aedf6355994c5c1a5..f54925aa6a3dd9b96afd3268805dddbdd50ff813 100644 (file)
--- a/src/imports.rs
+++ b/src/imports.rs
@@ -1,6 +1,7 @@
 
 pub use std::io;
 pub use std::io::{BufReader,Read,BufRead,BufWriter,Write};
+pub use std::io::ErrorKind;
 pub use std::fmt::Write as _;
 pub use std::fmt::Formatter;
 pub use std::fmt::{self,Display,Debug};