Permission revocation

diff --git a/src/main-admin.sml b/src/main-admin.sml
index c04a7d9..b4ba422 100644 (file)
--- a/src/main-admin.sml
+++ b/src/main-admin.sml
@@ -21,4 +21,5 @@
 val _ =
     case CommandLine.arguments () of
        ["grant", user, class, value] => Main.requestGrant {user = user, class = class, value = value}
+      | ["revoke", user, class, value] => Main.requestRevoke {user = user, class = class, value = value}
       | _ => print "Invalid command-line arguments\n"

diff --git a/src/main.sig b/src/main.sig
index ee6df59..ee5915a 100644 (file)
--- a/src/main.sig
+++ b/src/main.sig
@@ -32,6 +32,7 @@ signature MAIN = sig
 
     val request : string -> unit
     val requestGrant : Acl.acl -> unit
+    val requestRevoke : Acl.acl -> unit
 
     val service : unit -> unit
     val slave : unit -> unit

diff --git a/src/main.sml b/src/main.sml
index e0e85ba..9204159 100644 (file)
--- a/src/main.sml
+++ b/src/main.sml
@@ -190,6 +190,21 @@ fun requestGrant acl =
        OpenSSL.close bio
     end
 
+fun requestRevoke acl =
+    let
+       val (user, bio) = requestBio (fn () => ())
+    in
+       Msg.send (bio, MsgRevoke acl);
+       case Msg.recv bio of
+           NONE => print "Server closed connection unexpectedly.\n"
+         | SOME m =>
+           case m of
+               MsgOk => print "Revoke succeeded.\n"
+             | MsgError s => print ("Revoke failed: " ^ s ^ "\n")
+             | _ => print "Unexpected server reply.\n";
+       OpenSSL.close bio
+    end
+
 fun service () =
     let
        val () = Acl.read Config.aclFile
@@ -251,7 +266,8 @@ fun service () =
                                if Acl.query {user = user, class = "group", value = "root"} then
                                    ((Acl.grant acl;
                                      Acl.write Config.aclFile;
-                                     Msg.send (bio, MsgOk))
+                                     Msg.send (bio, MsgOk);
+                                     print ("Granted permission " ^ #value acl ^ " to " ^ #user acl ^ " in " ^ #class acl ^ ".\n"))
                                     handle OpenSSL.OpenSSL s =>
                                            (print "OpenSSL error\n";
                                             Msg.send (bio,
@@ -264,6 +280,31 @@ fun service () =
                                    loop ())
                                else
                                    ((Msg.send (bio, MsgError "Not authorized to grant privileges");
+                                     print "Unauthorized user asked to grant a permission!\n";
+                                     ignore (OpenSSL.readChar bio);
+                                     OpenSSL.close bio)
+                                    handle OpenSSL.OpenSSL _ => ();
+                                    loop ())
+
+                             | MsgRevoke acl =>
+                               if Acl.query {user = user, class = "group", value = "root"} then
+                                   ((Acl.revoke acl;
+                                     Acl.write Config.aclFile;
+                                     Msg.send (bio, MsgOk);
+                                     print ("Revoked permission " ^ #value acl ^ " from " ^ #user acl ^ " in " ^ #class acl ^ ".\n"))
+                                    handle OpenSSL.OpenSSL s =>
+                                           (print "OpenSSL error\n";
+                                            Msg.send (bio,
+                                                      MsgError
+                                                          ("Error during revocation: "
+                                                           ^ s)));
+                                   (ignore (OpenSSL.readChar bio);
+                                    OpenSSL.close bio)
+                                   handle OpenSSL.OpenSSL _ => ();
+                                   loop ())
+                               else
+                                   ((Msg.send (bio, MsgError "Not authorized to revoke privileges");
+                                     print "Unauthorized user asked to revoke a permission!\n";
                                      ignore (OpenSSL.readChar bio);
                                      OpenSSL.close bio)
                                     handle OpenSSL.OpenSSL _ => ();

diff --git a/src/msg.sml b/src/msg.sml
index 43b6386..5569355 100644 (file)
--- a/src/msg.sml
+++ b/src/msg.sml
@@ -57,6 +57,8 @@ fun send (bio, m) =
       | MsgDoFiles => OpenSSL.writeInt (bio, 5)
       | MsgGrant acl => (OpenSSL.writeInt (bio, 6);
                         sendAcl (bio, acl))
+      | MsgRevoke acl => (OpenSSL.writeInt (bio, 7);
+                         sendAcl (bio, acl))
 
 fun checkIt v =
     case v of
@@ -85,6 +87,9 @@ fun recv bio =
                   | 6 => (case recvAcl bio of
                               SOME acl => SOME (MsgGrant acl)
                             | _ => NONE)
+                  | 7 => (case recvAcl bio of
+                              SOME acl => SOME (MsgRevoke acl)
+                            | _ => NONE)
                   | _ => NONE)
         
 end

diff --git a/src/msgTypes.sml b/src/msgTypes.sml
index e89fc9d..a5fe2f7 100644 (file)
--- a/src/msgTypes.sml
+++ b/src/msgTypes.sml
@@ -32,6 +32,8 @@ datatype msg =
        | MsgDoFiles
        (* Perform the actions associated with the MsgFiles sent previously. *)
        | MsgGrant of Acl.acl
-       (* Grant a new permission *)
+       (* Grant a permission *)
+       | MsgRevoke of Acl.acl
+       (* Revoke a permission *)
 
 end