X-Git-Url: https://git.hcoop.net/hcoop/domtool2.git/blobdiff_plain/5ee41dd039e304ae374a5f1265e32839204f14ff..be1bea4c0a2a4cfa0b86beccfa423366b94b84b4:/src/main.sml diff --git a/src/main.sml b/src/main.sml index e0e85ba..0c60f08 100644 --- a/src/main.sml +++ b/src/main.sml @@ -190,6 +190,57 @@ fun requestGrant acl = OpenSSL.close bio end +fun requestRevoke acl = + let + val (user, bio) = requestBio (fn () => ()) + in + Msg.send (bio, MsgRevoke acl); + case Msg.recv bio of + NONE => print "Server closed connection unexpectedly.\n" + | SOME m => + case m of + MsgOk => print "Revoke succeeded.\n" + | MsgError s => print ("Revoke failed: " ^ s ^ "\n") + | _ => print "Unexpected server reply.\n"; + OpenSSL.close bio + end + +fun requestListPerms user = + let + val (_, bio) = requestBio (fn () => ()) + in + Msg.send (bio, MsgListPerms user); + (case Msg.recv bio of + NONE => (print "Server closed connection unexpectedly.\n"; + NONE) + | SOME m => + case m of + MsgPerms perms => SOME perms + | MsgError s => (print ("Listing failed: " ^ s ^ "\n"); + NONE) + | _ => (print "Unexpected server reply.\n"; + NONE)) + before OpenSSL.close bio + end + +fun requestWhoHas perm = + let + val (_, bio) = requestBio (fn () => ()) + in + Msg.send (bio, MsgWhoHas perm); + (case Msg.recv bio of + NONE => (print "Server closed connection unexpectedly.\n"; + NONE) + | SOME m => + case m of + MsgWhoHasResponse users => SOME users + | MsgError s => (print ("whohas failed: " ^ s ^ "\n"); + NONE) + | _ => (print "Unexpected server reply.\n"; + NONE)) + before OpenSSL.close bio + end + fun service () = let val () = Acl.read Config.aclFile @@ -248,10 +299,11 @@ fun service () = end | MsgGrant acl => - if Acl.query {user = user, class = "group", value = "root"} then + if Acl.query {user = user, class = "priv", value = "all"} then ((Acl.grant acl; Acl.write Config.aclFile; - Msg.send (bio, MsgOk)) + Msg.send (bio, MsgOk); + print ("Granted permission " ^ #value acl ^ " to " ^ #user acl ^ " in " ^ #class acl ^ ".\n")) handle OpenSSL.OpenSSL s => (print "OpenSSL error\n"; Msg.send (bio, @@ -264,11 +316,64 @@ fun service () = loop ()) else ((Msg.send (bio, MsgError "Not authorized to grant privileges"); + print "Unauthorized user asked to grant a permission!\n"; + ignore (OpenSSL.readChar bio); + OpenSSL.close bio) + handle OpenSSL.OpenSSL _ => (); + loop ()) + + | MsgRevoke acl => + if Acl.query {user = user, class = "priv", value = "all"} then + ((Acl.revoke acl; + Acl.write Config.aclFile; + Msg.send (bio, MsgOk); + print ("Revoked permission " ^ #value acl ^ " from " ^ #user acl ^ " in " ^ #class acl ^ ".\n")) + handle OpenSSL.OpenSSL s => + (print "OpenSSL error\n"; + Msg.send (bio, + MsgError + ("Error during revocation: " + ^ s))); + (ignore (OpenSSL.readChar bio); + OpenSSL.close bio) + handle OpenSSL.OpenSSL _ => (); + loop ()) + else + ((Msg.send (bio, MsgError "Not authorized to revoke privileges"); + print "Unauthorized user asked to revoke a permission!\n"; ignore (OpenSSL.readChar bio); OpenSSL.close bio) handle OpenSSL.OpenSSL _ => (); loop ()) + | MsgListPerms user => + ((Msg.send (bio, MsgPerms (Acl.queryAll user)); + print ("Sent permission list for user " ^ user ^ ".\n")) + handle OpenSSL.OpenSSL s => + (print "OpenSSL error\n"; + Msg.send (bio, + MsgError + ("Error during permission listing: " + ^ s))); + (ignore (OpenSSL.readChar bio); + OpenSSL.close bio) + handle OpenSSL.OpenSSL _ => (); + loop ()) + + | MsgWhoHas perm => + ((Msg.send (bio, MsgWhoHasResponse (Acl.whoHas perm)); + print ("Sent whohas response for " ^ #class perm ^ " / " ^ #value perm ^ ".\n")) + handle OpenSSL.OpenSSL s => + (print "OpenSSL error\n"; + Msg.send (bio, + MsgError + ("Error during whohas: " + ^ s))); + (ignore (OpenSSL.readChar bio); + OpenSSL.close bio) + handle OpenSSL.OpenSSL _ => (); + loop ()) + | _ => (Msg.send (bio, MsgError "Unexpected command") handle OpenSSL.OpenSSL _ => ();