From 0c7a9cb68b2d3dcc72d6898e14c4a84796631797 Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Sun, 26 Jul 2020 02:14:44 +0100 Subject: [PATCH] wip auth --- src/cmdlistener.rs | 36 ++++++++++++++++++++++++------------ src/imports.rs | 1 + 2 files changed, 25 insertions(+), 12 deletions(-) diff --git a/src/cmdlistener.rs b/src/cmdlistener.rs index 41560e12..f6e18a9a 100644 --- a/src/cmdlistener.rs +++ b/src/cmdlistener.rs @@ -113,8 +113,8 @@ impl From for AuthorisationError { impl CommandStream<'_> { #[throws(AuthorisationError)] - fn authorised_uid(&self, wanted: Option) - -> Authorised<(Passwd,uid_t)> { + fn authorised_uid(&self, wanted: Option, xinfo: Option<&str>) + -> Authorised<(Passwd,uid_t),> { let client_euid = *self.euid.as_ref().map_err(|e| e.clone())?; let server_euid = unsafe { libc::getuid() }; if client_euid == 0 || @@ -123,8 +123,9 @@ impl CommandStream<'_> { { return Authorised::authorise(); } - Err(anyhow!("{}: euid mismatch: client={:?} server={:?} wanted={:?}", - &self.desc, client_euid, server_euid, wanted))? + Err(anyhow!("{}: euid mismatch: client={:?} server={:?} wanted={:?}{}", + &self.desc, client_euid, server_euid, wanted, + xinfo.unwrap_or("")))? } fn map_auth_err(&self, ae: AuthorisationError) -> MgmtError { @@ -147,7 +148,7 @@ fn authorise_scope(cs: &CommandStream, wanted: &ManagementScope) let y : AS< Authorised<(Passwd,uid_t)>, > = { - let ok = cs.authorised_uid(None)?; + let ok = cs.authorised_uid(None,None)?; (ok, ManagementScope::XXX) }; @@ -170,27 +171,38 @@ fn authorise_scope(cs: &CommandStream, wanted: &ManagementScope) )) )?; - let userlist_info = (||{ >::Ok({ - let allowed = BufReader::new(File::open(USERLIST)?); + let (in_userlist, xinfo) = (||{ ),anyhow::Error>>::Ok({ + let allowed = BufReader::new(match File::open(USERLIST) { + Err(e) if e.kind() == ErrorKind::NotFound => { + return Ok(( + AuthorisedIf{ authorized_for: None }, + Some(format!(" user list {} does not exist", USERLIST)) + )) + }, + r => r, + }?); allowed .lines() .filter_map(|le| match le { Ok(l) if l.trim() == wanted => Some( - Ok(AuthorisedIf{ authorized_for: Some(pwent.uid) }) + Ok(( + AuthorisedIf{ authorized_for: Some(pwent.uid) }, + None + )) ), Ok(_) => None, Err(e) => Some(>::Err(e.into())), }) .next() .unwrap_or_else( - || Err(anyhow!("requested username {:?} not in {:?}", + || Err(anyhow!(" requested username {:?} not in {:?}", &wanted, USERLIST)) )? })})()?; - let AuthorisedIf{ authorized_for } = userlist_info; - let ok = cs.authorised_uid(authorized_for)?; - + let AuthorisedIf{ authorized_for } = in_userlist; + let info = xinfo.as_ref().map(|s| s.as_str()); + let ok = cs.authorised_uid(authorized_for, info)?; (ok, ManagementScope::Unix { user: pwent.name }) }; diff --git a/src/imports.rs b/src/imports.rs index 0229faad..f54925aa 100644 --- a/src/imports.rs +++ b/src/imports.rs @@ -1,6 +1,7 @@ pub use std::io; pub use std::io::{BufReader,Read,BufRead,BufWriter,Write}; +pub use std::io::ErrorKind; pub use std::fmt::Write as _; pub use std::fmt::Formatter; pub use std::fmt::{self,Display,Debug}; -- 2.30.2