From 4dc7fa5272eeb7cf70540c158f8bfb9f4bd2e46b Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Sun, 26 Jul 2020 01:51:40 +0100 Subject: [PATCH] wip auth --- src/cmdlistener.rs | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/src/cmdlistener.rs b/src/cmdlistener.rs index 8448b204..41560e12 100644 --- a/src/cmdlistener.rs +++ b/src/cmdlistener.rs @@ -154,10 +154,11 @@ fn authorise_scope(cs: &CommandStream, wanted: &ManagementScope) return y.into() }, ManagementScope::Unix { user: wanted } => { - let y : AS<( - Authorised<(Passwd,uid_t)>, // caller_has - Authorised, // in_userlist: - )> = { + let y : AS< + Authorised<(Passwd,uid_t)>, + > = { + struct AuthorisedIf { authorized_for : Option }; + let pwent = Passwd::from_name(&wanted) .map_err( |e| anyhow!("looking up requested username {:?}: {:?}", @@ -168,13 +169,15 @@ fn authorise_scope(cs: &CommandStream, wanted: &ManagementScope) "requested username {:?} not found", &wanted )) )?; - let caller_has = cs.authorised_uid(Some(pwent.uid))?; - let in_userlist = (||{ >::Ok({ + + let userlist_info = (||{ >::Ok({ let allowed = BufReader::new(File::open(USERLIST)?); allowed .lines() .filter_map(|le| match le { - Ok(l) if l.trim() == wanted => Some(Ok(Authorised::authorise())), + Ok(l) if l.trim() == wanted => Some( + Ok(AuthorisedIf{ authorized_for: Some(pwent.uid) }) + ), Ok(_) => None, Err(e) => Some(>::Err(e.into())), }) @@ -184,8 +187,11 @@ fn authorise_scope(cs: &CommandStream, wanted: &ManagementScope) &wanted, USERLIST)) )? })})()?; - ((caller_has, - in_userlist), + + let AuthorisedIf{ authorized_for } = userlist_info; + let ok = cs.authorised_uid(authorized_for)?; + + (ok, ManagementScope::Unix { user: pwent.name }) }; y.into() -- 2.30.2