Ejemplo n.º 1
0
Archivo: admin.go Proyecto: postfix/arx
func revokeKey(req *messages.Request, adm *messages.AdminRequest) ([]byte, error) {
	tx, err := db.Begin()
	if err != nil {
		return messages.NewServerResponse(false, "Database failure.", nil)
	}

	if !db.HaveAdmin(tx) {
		db.Finalise(tx, nil)
		return messages.NewServerResponse(false, "Not initialised.", nil)
	}

	// Check key against revocation list.
	revoked, err := db.IsKeyRevoked(tx, req.Public)
	if err != nil {
		log.Printf("failed to check revocation list (%v)", err)
		db.Finalise(tx, err)
		return messages.NewServerResponse(false, "Not authorised.", nil)
	} else if revoked {
		log.Println("attempt to revoke key using revoked key")
		db.Finalise(tx, err)
		return messages.NewServerResponse(false, "Not authorised.", nil)
	}

	// Retrieve the admin key, and ensure that the request was
	// properly signed by this key. Also, check that the key being
	// revoked is not the administrative signature key.
	adminSigner, err := db.GetRoleSigner(tx, "admin")
	if err != nil {
		log.Println("failed to load admin signer")
		db.Finalise(tx, err)
		return messages.NewServerResponse(false, "Not authorised.", nil)
	} else if bytes.Equal(adminSigner, adm.Public) {
		log.Println("attempt to revoke current admin signer")
		db.Finalise(tx, err)
		return messages.NewServerResponse(false, "Cannot revoke current admin signer.", nil)
	}

	err = db.RevokeKey(tx, adm.Public, req.Public, "", "")
	if err != nil {
		db.Finalise(tx, err)
		log.Printf("failed to revoke key (%v)", err)
		return messages.NewServerResponse(false, "Failed to revoke key.", nil)
	}
	db.Finalise(tx, err)
	log.Println("revoked key")
	return messages.NewServerResponse(true, "Key revoked.", nil)
}
Ejemplo n.º 2
0
Archivo: admin.go Proyecto: postfix/arx
func alterRole(role string, req *messages.Request, adm *messages.AdminRequest) ([]byte, error) {
	tx, err := db.Begin()
	if err != nil {
		log.Println("database failure on request")
		return messages.NewServerResponse(false, "Database failure.", nil)
	}

	var out []byte
	if !db.HaveAdmin(tx) {
		if role == "admin" {
			out, err = initAdmin(tx, req)
		} else {
			out, err = messages.NewServerResponse(false, "Admin role not initialised.", nil)
		}
	} else {
		out, err = updateRole(tx, req, adm, role)
	}

	db.Finalise(tx, err)
	return out, err
}