Permission revocation
[hcoop/domtool2.git] / src / main.sml
index e0e85ba..9204159 100644 (file)
@@ -190,6 +190,21 @@ fun requestGrant acl =
        OpenSSL.close bio
     end
 
        OpenSSL.close bio
     end
 
+fun requestRevoke acl =
+    let
+       val (user, bio) = requestBio (fn () => ())
+    in
+       Msg.send (bio, MsgRevoke acl);
+       case Msg.recv bio of
+           NONE => print "Server closed connection unexpectedly.\n"
+         | SOME m =>
+           case m of
+               MsgOk => print "Revoke succeeded.\n"
+             | MsgError s => print ("Revoke failed: " ^ s ^ "\n")
+             | _ => print "Unexpected server reply.\n";
+       OpenSSL.close bio
+    end
+
 fun service () =
     let
        val () = Acl.read Config.aclFile
 fun service () =
     let
        val () = Acl.read Config.aclFile
@@ -251,7 +266,8 @@ fun service () =
                                if Acl.query {user = user, class = "group", value = "root"} then
                                    ((Acl.grant acl;
                                      Acl.write Config.aclFile;
                                if Acl.query {user = user, class = "group", value = "root"} then
                                    ((Acl.grant acl;
                                      Acl.write Config.aclFile;
-                                     Msg.send (bio, MsgOk))
+                                     Msg.send (bio, MsgOk);
+                                     print ("Granted permission " ^ #value acl ^ " to " ^ #user acl ^ " in " ^ #class acl ^ ".\n"))
                                     handle OpenSSL.OpenSSL s =>
                                            (print "OpenSSL error\n";
                                             Msg.send (bio,
                                     handle OpenSSL.OpenSSL s =>
                                            (print "OpenSSL error\n";
                                             Msg.send (bio,
@@ -264,6 +280,31 @@ fun service () =
                                    loop ())
                                else
                                    ((Msg.send (bio, MsgError "Not authorized to grant privileges");
                                    loop ())
                                else
                                    ((Msg.send (bio, MsgError "Not authorized to grant privileges");
+                                     print "Unauthorized user asked to grant a permission!\n";
+                                     ignore (OpenSSL.readChar bio);
+                                     OpenSSL.close bio)
+                                    handle OpenSSL.OpenSSL _ => ();
+                                    loop ())
+
+                             | MsgRevoke acl =>
+                               if Acl.query {user = user, class = "group", value = "root"} then
+                                   ((Acl.revoke acl;
+                                     Acl.write Config.aclFile;
+                                     Msg.send (bio, MsgOk);
+                                     print ("Revoked permission " ^ #value acl ^ " from " ^ #user acl ^ " in " ^ #class acl ^ ".\n"))
+                                    handle OpenSSL.OpenSSL s =>
+                                           (print "OpenSSL error\n";
+                                            Msg.send (bio,
+                                                      MsgError
+                                                          ("Error during revocation: "
+                                                           ^ s)));
+                                   (ignore (OpenSSL.readChar bio);
+                                    OpenSSL.close bio)
+                                   handle OpenSSL.OpenSSL _ => ();
+                                   loop ())
+                               else
+                                   ((Msg.send (bio, MsgError "Not authorized to revoke privileges");
+                                     print "Unauthorized user asked to revoke a permission!\n";
                                      ignore (OpenSSL.readChar bio);
                                      OpenSSL.close bio)
                                     handle OpenSSL.OpenSSL _ => ();
                                      ignore (OpenSSL.readChar bio);
                                      OpenSSL.close bio)
                                     handle OpenSSL.OpenSSL _ => ();