X-Git-Url: https://git.hcoop.net/hcoop/domtool2.git/blobdiff_plain/5ee41dd039e304ae374a5f1265e32839204f14ff..411a85f26421358c20b11839310cce6caff8cf77:/src/main.sml

diff --git a/src/main.sml b/src/main.sml
index e0e85ba..9204159 100644
--- a/src/main.sml
+++ b/src/main.sml
@@ -190,6 +190,21 @@ fun requestGrant acl =
 	OpenSSL.close bio
     end
 
+fun requestRevoke acl =
+    let
+	val (user, bio) = requestBio (fn () => ())
+    in
+	Msg.send (bio, MsgRevoke acl);
+	case Msg.recv bio of
+	    NONE => print "Server closed connection unexpectedly.\n"
+	  | SOME m =>
+	    case m of
+		MsgOk => print "Revoke succeeded.\n"
+	      | MsgError s => print ("Revoke failed: " ^ s ^ "\n")
+	      | _ => print "Unexpected server reply.\n";
+	OpenSSL.close bio
+    end
+
 fun service () =
     let
 	val () = Acl.read Config.aclFile
@@ -251,7 +266,8 @@ fun service () =
 				if Acl.query {user = user, class = "group", value = "root"} then
 				    ((Acl.grant acl;
 				      Acl.write Config.aclFile;
-				      Msg.send (bio, MsgOk))
+				      Msg.send (bio, MsgOk);
+				      print ("Granted permission " ^ #value acl ^ " to " ^ #user acl ^ " in " ^ #class acl ^ ".\n"))
 				     handle OpenSSL.OpenSSL s =>
 					    (print "OpenSSL error\n";
 					     Msg.send (bio,
@@ -264,6 +280,31 @@ fun service () =
 				    loop ())
 				else
 				    ((Msg.send (bio, MsgError "Not authorized to grant privileges");
+				      print "Unauthorized user asked to grant a permission!\n";
+				      ignore (OpenSSL.readChar bio);
+				      OpenSSL.close bio)
+				     handle OpenSSL.OpenSSL _ => ();
+				     loop ())
+
+			      | MsgRevoke acl =>
+				if Acl.query {user = user, class = "group", value = "root"} then
+				    ((Acl.revoke acl;
+				      Acl.write Config.aclFile;
+				      Msg.send (bio, MsgOk);
+				      print ("Revoked permission " ^ #value acl ^ " from " ^ #user acl ^ " in " ^ #class acl ^ ".\n"))
+				     handle OpenSSL.OpenSSL s =>
+					    (print "OpenSSL error\n";
+					     Msg.send (bio,
+						       MsgError
+							   ("Error during revocation: "
+							    ^ s)));
+				    (ignore (OpenSSL.readChar bio);
+				     OpenSSL.close bio)
+				    handle OpenSSL.OpenSSL _ => ();
+				    loop ())
+				else
+				    ((Msg.send (bio, MsgError "Not authorized to revoke privileges");
+				      print "Unauthorized user asked to revoke a permission!\n";
 				      ignore (OpenSSL.readChar bio);
 				      OpenSSL.close bio)
 				     handle OpenSSL.OpenSSL _ => ();