From: Ian Jackson Date: Sun, 26 Jul 2020 00:51:40 +0000 (+0100) Subject: wip auth X-Git-Tag: otter-0.2.0~1254 X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=commitdiff_plain;h=4dc7fa5272eeb7cf70540c158f8bfb9f4bd2e46b;p=otter.git wip auth --- diff --git a/src/cmdlistener.rs b/src/cmdlistener.rs index 8448b204..41560e12 100644 --- a/src/cmdlistener.rs +++ b/src/cmdlistener.rs @@ -154,10 +154,11 @@ fn authorise_scope(cs: &CommandStream, wanted: &ManagementScope) return y.into() }, ManagementScope::Unix { user: wanted } => { - let y : AS<( - Authorised<(Passwd,uid_t)>, // caller_has - Authorised, // in_userlist: - )> = { + let y : AS< + Authorised<(Passwd,uid_t)>, + > = { + struct AuthorisedIf { authorized_for : Option }; + let pwent = Passwd::from_name(&wanted) .map_err( |e| anyhow!("looking up requested username {:?}: {:?}", @@ -168,13 +169,15 @@ fn authorise_scope(cs: &CommandStream, wanted: &ManagementScope) "requested username {:?} not found", &wanted )) )?; - let caller_has = cs.authorised_uid(Some(pwent.uid))?; - let in_userlist = (||{ >::Ok({ + + let userlist_info = (||{ >::Ok({ let allowed = BufReader::new(File::open(USERLIST)?); allowed .lines() .filter_map(|le| match le { - Ok(l) if l.trim() == wanted => Some(Ok(Authorised::authorise())), + Ok(l) if l.trim() == wanted => Some( + Ok(AuthorisedIf{ authorized_for: Some(pwent.uid) }) + ), Ok(_) => None, Err(e) => Some(>::Err(e.into())), }) @@ -184,8 +187,11 @@ fn authorise_scope(cs: &CommandStream, wanted: &ManagementScope) &wanted, USERLIST)) )? })})()?; - ((caller_has, - in_userlist), + + let AuthorisedIf{ authorized_for } = userlist_info; + let ok = cs.authorised_uid(authorized_for)?; + + (ok, ManagementScope::Unix { user: pwent.name }) }; y.into()