From 411a85f26421358c20b11839310cce6caff8cf77 Mon Sep 17 00:00:00 2001 From: Adam Chlipala Date: Thu, 14 Dec 2006 22:36:49 +0000 Subject: [PATCH] Permission revocation --- src/main-admin.sml | 1 + src/main.sig | 1 + src/main.sml | 43 ++++++++++++++++++++++++++++++++++++++++++- src/msg.sml | 5 +++++ src/msgTypes.sml | 4 +++- 5 files changed, 52 insertions(+), 2 deletions(-) diff --git a/src/main-admin.sml b/src/main-admin.sml index c04a7d9..b4ba422 100644 --- a/src/main-admin.sml +++ b/src/main-admin.sml @@ -21,4 +21,5 @@ val _ = case CommandLine.arguments () of ["grant", user, class, value] => Main.requestGrant {user = user, class = class, value = value} + | ["revoke", user, class, value] => Main.requestRevoke {user = user, class = class, value = value} | _ => print "Invalid command-line arguments\n" diff --git a/src/main.sig b/src/main.sig index ee6df59..ee5915a 100644 --- a/src/main.sig +++ b/src/main.sig @@ -32,6 +32,7 @@ signature MAIN = sig val request : string -> unit val requestGrant : Acl.acl -> unit + val requestRevoke : Acl.acl -> unit val service : unit -> unit val slave : unit -> unit diff --git a/src/main.sml b/src/main.sml index e0e85ba..9204159 100644 --- a/src/main.sml +++ b/src/main.sml @@ -190,6 +190,21 @@ fun requestGrant acl = OpenSSL.close bio end +fun requestRevoke acl = + let + val (user, bio) = requestBio (fn () => ()) + in + Msg.send (bio, MsgRevoke acl); + case Msg.recv bio of + NONE => print "Server closed connection unexpectedly.\n" + | SOME m => + case m of + MsgOk => print "Revoke succeeded.\n" + | MsgError s => print ("Revoke failed: " ^ s ^ "\n") + | _ => print "Unexpected server reply.\n"; + OpenSSL.close bio + end + fun service () = let val () = Acl.read Config.aclFile @@ -251,7 +266,8 @@ fun service () = if Acl.query {user = user, class = "group", value = "root"} then ((Acl.grant acl; Acl.write Config.aclFile; - Msg.send (bio, MsgOk)) + Msg.send (bio, MsgOk); + print ("Granted permission " ^ #value acl ^ " to " ^ #user acl ^ " in " ^ #class acl ^ ".\n")) handle OpenSSL.OpenSSL s => (print "OpenSSL error\n"; Msg.send (bio, @@ -264,6 +280,31 @@ fun service () = loop ()) else ((Msg.send (bio, MsgError "Not authorized to grant privileges"); + print "Unauthorized user asked to grant a permission!\n"; + ignore (OpenSSL.readChar bio); + OpenSSL.close bio) + handle OpenSSL.OpenSSL _ => (); + loop ()) + + | MsgRevoke acl => + if Acl.query {user = user, class = "group", value = "root"} then + ((Acl.revoke acl; + Acl.write Config.aclFile; + Msg.send (bio, MsgOk); + print ("Revoked permission " ^ #value acl ^ " from " ^ #user acl ^ " in " ^ #class acl ^ ".\n")) + handle OpenSSL.OpenSSL s => + (print "OpenSSL error\n"; + Msg.send (bio, + MsgError + ("Error during revocation: " + ^ s))); + (ignore (OpenSSL.readChar bio); + OpenSSL.close bio) + handle OpenSSL.OpenSSL _ => (); + loop ()) + else + ((Msg.send (bio, MsgError "Not authorized to revoke privileges"); + print "Unauthorized user asked to revoke a permission!\n"; ignore (OpenSSL.readChar bio); OpenSSL.close bio) handle OpenSSL.OpenSSL _ => (); diff --git a/src/msg.sml b/src/msg.sml index 43b6386..5569355 100644 --- a/src/msg.sml +++ b/src/msg.sml @@ -57,6 +57,8 @@ fun send (bio, m) = | MsgDoFiles => OpenSSL.writeInt (bio, 5) | MsgGrant acl => (OpenSSL.writeInt (bio, 6); sendAcl (bio, acl)) + | MsgRevoke acl => (OpenSSL.writeInt (bio, 7); + sendAcl (bio, acl)) fun checkIt v = case v of @@ -85,6 +87,9 @@ fun recv bio = | 6 => (case recvAcl bio of SOME acl => SOME (MsgGrant acl) | _ => NONE) + | 7 => (case recvAcl bio of + SOME acl => SOME (MsgRevoke acl) + | _ => NONE) | _ => NONE) end diff --git a/src/msgTypes.sml b/src/msgTypes.sml index e89fc9d..a5fe2f7 100644 --- a/src/msgTypes.sml +++ b/src/msgTypes.sml @@ -32,6 +32,8 @@ datatype msg = | MsgDoFiles (* Perform the actions associated with the MsgFiles sent previously. *) | MsgGrant of Acl.acl - (* Grant a new permission *) + (* Grant a permission *) + | MsgRevoke of Acl.acl + (* Revoke a permission *) end -- 2.20.1