[hcoop/domtool2.git] / src / main.sml

(* HCoop Domtool (http://hcoop.sourceforge.net/)
 * Copyright (c) 2006, Adam Chlipala
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 *)

(* Main interface *)

structure Main :> MAIN = struct

open Ast MsgTypes Print

structure SM = StringMap

fun init () = Acl.read Config.aclFile
	    
fun check' G fname =
    let
	val prog = Parse.parse fname
    in
	if !ErrorMsg.anyErrors then
	    G
	else
	    Tycheck.checkFile G (Defaults.tInit ()) prog
    end

fun basis () =
    let
	val dir = Posix.FileSys.opendir Config.libRoot

	fun loop files =
	    case Posix.FileSys.readdir dir of
		NONE => (Posix.FileSys.closedir dir;
			 files)
	      | SOME fname =>
		if String.isSuffix ".dtl" fname then
		    loop (OS.Path.joinDirFile {dir = Config.libRoot,
					       file = fname}
			  :: files)
		else
		    loop files

	val files = loop []
	val (_, files) = Order.order files
    in
	if !ErrorMsg.anyErrors then
	    Env.empty
	else
	    (Tycheck.allowExterns ();
	     foldl (fn (fname, G) => check' G fname) Env.empty files
	     before Tycheck.disallowExterns ())
    end

fun check fname =
    let
	val _ = ErrorMsg.reset ()
	val _ = Env.preTycheck ()

	val b = basis ()
    in
	if !ErrorMsg.anyErrors then
	    raise ErrorMsg.Error
	else
	    let
		val _ = Tycheck.disallowExterns ()
		val _ = ErrorMsg.reset ()
		val prog = Parse.parse fname
	    in
		if !ErrorMsg.anyErrors then
		    raise ErrorMsg.Error
		else
		    let
			val G' = Tycheck.checkFile b (Defaults.tInit ()) prog
		    in
			if !ErrorMsg.anyErrors then
			    raise ErrorMsg.Error
			else
			    (G', #3 prog)
		    end
	    end
    end

fun reduce fname =
    let
	val (G, body) = check fname
    in
	if !ErrorMsg.anyErrors then
	    NONE
	else
	    case body of
		SOME body =>
		let
		    val body' = Reduce.reduceExp G body
		in
		    (*printd (PD.hovBox (PD.PPS.Rel 0,
					 [PD.string "Result:",
					  PD.space 1,
					  p_exp body']))*)
		    SOME body'
		end
	      | _ => NONE
    end

fun eval fname =
    case reduce fname of
	(SOME body') =>
	if !ErrorMsg.anyErrors then
	    raise ErrorMsg.Error
	else
	    Eval.exec (Defaults.eInit ()) body'
      | NONE => raise ErrorMsg.Error

val dispatcher =
    Config.dispatcher ^ ":" ^ Int.toString Config.dispatcherPort

fun requestContext f =
    let
	val uid = Posix.ProcEnv.getuid ()
	val user = Posix.SysDB.Passwd.name (Posix.SysDB.getpwuid uid)
		   
	val () = Acl.read Config.aclFile
	val () = Domain.setUser user
		 
	val () = f ()

	val context = OpenSSL.context (Config.certDir ^ "/" ^ user ^ ".pem",
				       Config.keyDir ^ "/" ^ user ^ "/key.pem",
				       Config.trustStore)
    in
	(user, context)
    end

fun requestBio f =
    let
	val (user, context) = requestContext f
    in
	(user, OpenSSL.connect (context, dispatcher))
    end

fun request fname =
    let
	val (user, bio) = requestBio (fn () => ignore (check fname))

	val inf = TextIO.openIn fname

	fun loop lines =
	    case TextIO.inputLine inf of
		NONE => String.concat (List.rev lines)
	      | SOME line => loop (line :: lines)

	val code = loop []
    in
	TextIO.closeIn inf;
	Msg.send (bio, MsgConfig code);
	case Msg.recv bio of
	    NONE => print "Server closed connection unexpectedly.\n"
	  | SOME m =>
	    case m of
		MsgOk => print "Configuration succeeded.\n"
	      | MsgError s => print ("Configuration failed: " ^ s ^ "\n")
	      | _ => print "Unexpected server reply.\n";
	OpenSSL.close bio
    end
    handle ErrorMsg.Error => ()

fun requestGrant acl =
    let
	val (user, bio) = requestBio (fn () => ())
    in
	Msg.send (bio, MsgGrant acl);
	case Msg.recv bio of
	    NONE => print "Server closed connection unexpectedly.\n"
	  | SOME m =>
	    case m of
		MsgOk => print "Grant succeeded.\n"
	      | MsgError s => print ("Grant failed: " ^ s ^ "\n")
	      | _ => print "Unexpected server reply.\n";
	OpenSSL.close bio
    end

fun requestRevoke acl =
    let
	val (user, bio) = requestBio (fn () => ())
    in
	Msg.send (bio, MsgRevoke acl);
	case Msg.recv bio of
	    NONE => print "Server closed connection unexpectedly.\n"
	  | SOME m =>
	    case m of
		MsgOk => print "Revoke succeeded.\n"
	      | MsgError s => print ("Revoke failed: " ^ s ^ "\n")
	      | _ => print "Unexpected server reply.\n";
	OpenSSL.close bio
    end

fun requestListPerms user =
    let
	val (_, bio) = requestBio (fn () => ())
    in
	Msg.send (bio, MsgListPerms user);
	(case Msg.recv bio of
	     NONE => (print "Server closed connection unexpectedly.\n";
		      NONE)
	   | SOME m =>
	     case m of
		 MsgPerms perms => SOME perms
	       | MsgError s => (print ("Listing failed: " ^ s ^ "\n");
				NONE)
	       | _ => (print "Unexpected server reply.\n";
		       NONE))
	before OpenSSL.close bio
    end

fun service () =
    let
	val () = Acl.read Config.aclFile
	
	val context = OpenSSL.context (Config.serverCert,
				       Config.serverKey,
				       Config.trustStore)
	val _ = Domain.set_context context

	val sock = OpenSSL.listen (context, Config.dispatcherPort)

	fun loop () =
	    case OpenSSL.accept sock of
		NONE => ()
	      | SOME bio =>
		let
		    val user = OpenSSL.peerCN bio
		    val () = print ("\nConnection from " ^ user ^ "\n")
		    val () = Domain.setUser user

		    fun cmdLoop () =
			case Msg.recv bio of
			    NONE => (OpenSSL.close bio
				     handle OpenSSL.OpenSSL _ => ();
				     loop ())
			  | SOME m =>
			    case m of
				MsgConfig code =>
				let
				    val _ = print "Configuration:\n"
				    val _ = print code
				    val _ = print "\n"

				    val outname = OS.FileSys.tmpName ()
				    val outf = TextIO.openOut outname
				in
				    TextIO.output (outf, code);
				    TextIO.closeOut outf;
				    (eval outname;
				     Msg.send (bio, MsgOk))
				    handle ErrorMsg.Error =>
					   (print "Compilation error\n";
					    Msg.send (bio,
						      MsgError "Error during configuration evaluation"))
					 | OpenSSL.OpenSSL s =>
					   (print "OpenSSL error\n";
					    Msg.send (bio,
						      MsgError
							  ("Error during configuration evaluation: "
							   ^ s)));
				    OS.FileSys.remove outname;
				    (ignore (OpenSSL.readChar bio);
				     OpenSSL.close bio)
				    handle OpenSSL.OpenSSL _ => ();
				    loop ()
				end

			      | MsgGrant acl =>
				if Acl.query {user = user, class = "group", value = "root"} then
				    ((Acl.grant acl;
				      Acl.write Config.aclFile;
				      Msg.send (bio, MsgOk);
				      print ("Granted permission " ^ #value acl ^ " to " ^ #user acl ^ " in " ^ #class acl ^ ".\n"))
				     handle OpenSSL.OpenSSL s =>
					    (print "OpenSSL error\n";
					     Msg.send (bio,
						       MsgError
							   ("Error during granting: "
							    ^ s)));
				    (ignore (OpenSSL.readChar bio);
				     OpenSSL.close bio)
				    handle OpenSSL.OpenSSL _ => ();
				    loop ())
				else
				    ((Msg.send (bio, MsgError "Not authorized to grant privileges");
				      print "Unauthorized user asked to grant a permission!\n";
				      ignore (OpenSSL.readChar bio);
				      OpenSSL.close bio)
				     handle OpenSSL.OpenSSL _ => ();
				     loop ())

			      | MsgRevoke acl =>
				if Acl.query {user = user, class = "group", value = "root"} then
				    ((Acl.revoke acl;
				      Acl.write Config.aclFile;
				      Msg.send (bio, MsgOk);
				      print ("Revoked permission " ^ #value acl ^ " from " ^ #user acl ^ " in " ^ #class acl ^ ".\n"))
				     handle OpenSSL.OpenSSL s =>
					    (print "OpenSSL error\n";
					     Msg.send (bio,
						       MsgError
							   ("Error during revocation: "
							    ^ s)));
				    (ignore (OpenSSL.readChar bio);
				     OpenSSL.close bio)
				    handle OpenSSL.OpenSSL _ => ();
				    loop ())
				else
				    ((Msg.send (bio, MsgError "Not authorized to revoke privileges");
				      print "Unauthorized user asked to revoke a permission!\n";
				      ignore (OpenSSL.readChar bio);
				      OpenSSL.close bio)
				     handle OpenSSL.OpenSSL _ => ();
				     loop ())

			      | MsgListPerms user =>
				((Msg.send (bio, MsgPerms (Acl.queryAll user));
				  print ("Sent permission list for user " ^ user ^ ".\n"))
				 handle OpenSSL.OpenSSL s =>
					(print "OpenSSL error\n";
					 Msg.send (bio,
						   MsgError
						       ("Error during permission listing: "
							^ s)));
				(ignore (OpenSSL.readChar bio);
				 OpenSSL.close bio)
				handle OpenSSL.OpenSSL _ => ();
				loop ())

			      | _ =>
				(Msg.send (bio, MsgError "Unexpected command")
				 handle OpenSSL.OpenSSL _ => ();
				 OpenSSL.close bio
				 handle OpenSSL.OpenSSL _ => ();
				 loop ())
		in
		    cmdLoop ()
		end
		    handle OpenSSL.OpenSSL s =>
			   (print ("OpenSSL error: " ^ s ^ "\n");
			    OpenSSL.close bio
			    handle OpenSSL.OpenSSL _ => ();
			    loop ())
			 | OS.SysErr (s, _) =>
			   (print ("System error: " ^ s ^ "\n");
			    OpenSSL.close bio
			    handle OpenSSL.OpenSSL _ => ();
			    loop ())
    in
	print "Listening for connections....\n";
	loop ();
	OpenSSL.shutdown sock
    end

fun slave () =
    let
	val host = Slave.hostname ()

	val context = OpenSSL.context (Config.certDir ^ "/" ^ host ^ ".pem",
				       Config.keyDir ^ "/" ^ host ^ "/key.pem",
				       Config.trustStore)

	val sock = OpenSSL.listen (context, Config.slavePort)

	fun loop () =
	    case OpenSSL.accept sock of
		NONE => ()
	      | SOME bio =>
		let
		    val peer = OpenSSL.peerCN bio
		    val () = print ("\nConnection from " ^ peer ^ "\n")
		in
		    if peer <> Config.dispatcherName then
			(print "Not authorized!\n";
			 OpenSSL.close bio;
			 loop ())
		    else let
			    fun loop' files =
				case Msg.recv bio of
				    NONE => print "Dispatcher closed connection unexpectedly\n"
				  | SOME m =>
				    case m of
					MsgFile file => loop' (file :: files)
				      | MsgDoFiles => (Slave.handleChanges files;
						       Msg.send (bio, MsgOk))
				      | _ => (print "Dispatcher sent unexpected command\n";
					      Msg.send (bio, MsgError "Unexpected command"))
			in
			    loop' [];
			    ignore (OpenSSL.readChar bio);
			    OpenSSL.close bio;
			    loop ()
			end
		end handle OpenSSL.OpenSSL s =>
			   (print ("OpenSSL error: "^ s ^ "\n");
			    OpenSSL.close bio
					  handle OpenSSL.OpenSSL _ => ();
			    loop ())
			 | OS.SysErr (s, _) =>
			   (print ("System error: "^ s ^ "\n");
			    OpenSSL.close bio
			    handle OpenSSL.OpenSSL _ => ();
			    loop ())
    in
	loop ();
	OpenSSL.shutdown sock
    end

fun autodocBasis outdir =
    let
	val dir = Posix.FileSys.opendir Config.libRoot

	fun loop files =
	    case Posix.FileSys.readdir dir of
		NONE => (Posix.FileSys.closedir dir;
			 files)
	      | SOME fname =>
		if String.isSuffix ".dtl" fname then
		    loop (OS.Path.joinDirFile {dir = Config.libRoot,
					       file = fname}
			  :: files)
		else
		    loop files

	val files = loop []
    in
	Autodoc.autodoc {outdir = outdir, infiles = files}
    end

end
Commit	Line	Data
234b917a AC	1	(* HCoop Domtool (http://hcoop.sourceforge.net/)
	2	* Copyright (c) 2006, Adam Chlipala
	3	*
	4	* This program is free software; you can redistribute it and/or
	5	* modify it under the terms of the GNU General Public License
	6	* as published by the Free Software Foundation; either version 2
	7	* of the License, or (at your option) any later version.
	8	*
	9	* This program is distributed in the hope that it will be useful,
	10	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	11	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	12	* GNU General Public License for more details.
	13	*
	14	* You should have received a copy of the GNU General Public License
	15	* along with this program; if not, write to the Free Software
	16	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
dac62e84	17	*)
234b917a AC	18
	19	(* Main interface *)
	20
	21	structure Main :> MAIN = struct
	22
36e42cb8	23	open Ast MsgTypes Print
234b917a	24
6ae327f8 AC	25	structure SM = StringMap
6ae327f8 AC	26
aa56e112	27	fun init () = Acl.read Config.aclFile
234b917a	28
d189ec0e	29	fun check' G fname =
a3698041 AC	30	let
	31	val prog = Parse.parse fname
	32	in
	33	if !ErrorMsg.anyErrors then
d189ec0e	34	G
a3698041	35	else
aa56e112	36	Tycheck.checkFile G (Defaults.tInit ()) prog
a3698041 AC	37	end
a3698041 AC	38
d189ec0e	39	fun basis () =
234b917a	40	let
d189ec0e AC	41	val dir = Posix.FileSys.opendir Config.libRoot
	42
	43	fun loop files =
	44	case Posix.FileSys.readdir dir of
d612d62c AC	45	NONE => (Posix.FileSys.closedir dir;
d612d62c AC	46	files)
d189ec0e AC	47	\| SOME fname =>
d189ec0e AC	48	if String.isSuffix ".dtl" fname then
d612d62c AC	49	loop (OS.Path.joinDirFile {dir = Config.libRoot,
d612d62c AC	50	file = fname}
d189ec0e AC	51	:: files)
	52	else
	53	loop files
	54
	55	val files = loop []
3196000d	56	val (_, files) = Order.order files
d189ec0e	57	in
6ae327f8 AC	58	if !ErrorMsg.anyErrors then
	59	Env.empty
	60	else
b3159a70 AC	61	(Tycheck.allowExterns ();
	62	foldl (fn (fname, G) => check' G fname) Env.empty files
	63	before Tycheck.disallowExterns ())
d189ec0e AC	64	end
	65
	66	fun check fname =
	67	let
	68	val _ = ErrorMsg.reset ()
12adf55a	69	val _ = Env.preTycheck ()
d189ec0e AC	70
d189ec0e AC	71	val b = basis ()
234b917a AC	72	in
234b917a AC	73	if !ErrorMsg.anyErrors then
36e42cb8	74	raise ErrorMsg.Error
234b917a AC	75	else
234b917a AC	76	let
b3159a70	77	val _ = Tycheck.disallowExterns ()
7f012ffd	78	val _ = ErrorMsg.reset ()
d189ec0e	79	val prog = Parse.parse fname
234b917a	80	in
492c1cff	81	if !ErrorMsg.anyErrors then
36e42cb8	82	raise ErrorMsg.Error
492c1cff	83	else
d189ec0e	84	let
aa56e112	85	val G' = Tycheck.checkFile b (Defaults.tInit ()) prog
d189ec0e	86	in
36e42cb8 AC	87	if !ErrorMsg.anyErrors then
	88	raise ErrorMsg.Error
	89	else
	90	(G', #3 prog)
d189ec0e	91	end
234b917a AC	92	end
	93	end
	94
d189ec0e	95	fun reduce fname =
a3698041	96	let
d189ec0e	97	val (G, body) = check fname
a3698041 AC	98	in
a3698041 AC	99	if !ErrorMsg.anyErrors then
d189ec0e	100	NONE
a3698041	101	else
d189ec0e AC	102	case body of
	103	SOME body =>
	104	let
	105	val body' = Reduce.reduceExp G body
	106	in
	107	(*printd (PD.hovBox (PD.PPS.Rel 0,
	108	[PD.string "Result:",
	109	PD.space 1,
	110	p_exp body']))*)
	111	SOME body'
	112	end
	113	\| _ => NONE
a3698041 AC	114	end
a3698041 AC	115
d189ec0e AC	116	fun eval fname =
	117	case reduce fname of
	118	(SOME body') =>
	119	if !ErrorMsg.anyErrors then
36e42cb8	120	raise ErrorMsg.Error
d189ec0e	121	else
aa56e112	122	Eval.exec (Defaults.eInit ()) body'
36e42cb8	123	\| NONE => raise ErrorMsg.Error
d189ec0e	124
3b267643 AC	125	val dispatcher =
3b267643 AC	126	Config.dispatcher ^ ":" ^ Int.toString Config.dispatcherPort
559e89e9	127
5ee41dd0	128	fun requestContext f =
07cc384c	129	let
a56cc2c3 AC	130	val uid = Posix.ProcEnv.getuid ()
a56cc2c3 AC	131	val user = Posix.SysDB.Passwd.name (Posix.SysDB.getpwuid uid)
5ee41dd0	132
a56cc2c3 AC	133	val () = Acl.read Config.aclFile
a56cc2c3 AC	134	val () = Domain.setUser user
5ee41dd0 AC	135
5ee41dd0 AC	136	val () = f ()
aa56e112	137
aa56e112	138	val context = OpenSSL.context (Config.certDir ^ "/" ^ user ^ ".pem",
a088cea6	139	Config.keyDir ^ "/" ^ user ^ "/key.pem",
3b267643	140	Config.trustStore)
5ee41dd0 AC	141	in
	142	(user, context)
	143	end
07cc384c	144
5ee41dd0 AC	145	fun requestBio f =
	146	let
	147	val (user, context) = requestContext f
	148	in
	149	(user, OpenSSL.connect (context, dispatcher))
	150	end
	151
	152	fun request fname =
	153	let
	154	val (user, bio) = requestBio (fn () => ignore (check fname))
559e89e9	155
3b267643 AC	156	val inf = TextIO.openIn fname
3b267643 AC	157
36e42cb8	158	fun loop lines =
3b267643	159	case TextIO.inputLine inf of
36e42cb8 AC	160	NONE => String.concat (List.rev lines)
	161	\| SOME line => loop (line :: lines)
	162
	163	val code = loop []
559e89e9	164	in
3b267643	165	TextIO.closeIn inf;
36e42cb8 AC	166	Msg.send (bio, MsgConfig code);
	167	case Msg.recv bio of
	168	NONE => print "Server closed connection unexpectedly.\n"
	169	\| SOME m =>
	170	case m of
	171	MsgOk => print "Configuration succeeded.\n"
	172	\| MsgError s => print ("Configuration failed: " ^ s ^ "\n")
	173	\| _ => print "Unexpected server reply.\n";
3b267643	174	OpenSSL.close bio
559e89e9	175	end
aa56e112	176	handle ErrorMsg.Error => ()
559e89e9	177
5ee41dd0 AC	178	fun requestGrant acl =
	179	let
	180	val (user, bio) = requestBio (fn () => ())
	181	in
	182	Msg.send (bio, MsgGrant acl);
	183	case Msg.recv bio of
	184	NONE => print "Server closed connection unexpectedly.\n"
	185	\| SOME m =>
	186	case m of
	187	MsgOk => print "Grant succeeded.\n"
	188	\| MsgError s => print ("Grant failed: " ^ s ^ "\n")
	189	\| _ => print "Unexpected server reply.\n";
	190	OpenSSL.close bio
	191	end
	192
411a85f2 AC	193	fun requestRevoke acl =
	194	let
	195	val (user, bio) = requestBio (fn () => ())
	196	in
	197	Msg.send (bio, MsgRevoke acl);
	198	case Msg.recv bio of
	199	NONE => print "Server closed connection unexpectedly.\n"
	200	\| SOME m =>
	201	case m of
	202	MsgOk => print "Revoke succeeded.\n"
	203	\| MsgError s => print ("Revoke failed: " ^ s ^ "\n")
	204	\| _ => print "Unexpected server reply.\n";
	205	OpenSSL.close bio
	206	end
	207
08a04eb4 AC	208	fun requestListPerms user =
	209	let
	210	val (_, bio) = requestBio (fn () => ())
	211	in
	212	Msg.send (bio, MsgListPerms user);
	213	(case Msg.recv bio of
	214	NONE => (print "Server closed connection unexpectedly.\n";
	215	NONE)
	216	\| SOME m =>
	217	case m of
	218	MsgPerms perms => SOME perms
	219	\| MsgError s => (print ("Listing failed: " ^ s ^ "\n");
	220	NONE)
	221	\| _ => (print "Unexpected server reply.\n";
	222	NONE))
	223	before OpenSSL.close bio
	224	end
	225
3b267643	226	fun service () =
07cc384c	227	let
aa56e112 AC	228	val () = Acl.read Config.aclFile
aa56e112 AC	229
3b267643 AC	230	val context = OpenSSL.context (Config.serverCert,
	231	Config.serverKey,
	232	Config.trustStore)
36e42cb8	233	val _ = Domain.set_context context
3b267643	234
60534712	235	val sock = OpenSSL.listen (context, Config.dispatcherPort)
3b267643 AC	236
3b267643 AC	237	fun loop () =
60534712	238	case OpenSSL.accept sock of
3b267643 AC	239	NONE => ()
	240	\| SOME bio =>
	241	let
aa56e112 AC	242	val user = OpenSSL.peerCN bio
	243	val () = print ("\nConnection from " ^ user ^ "\n")
	244	val () = Domain.setUser user
	245
36e42cb8 AC	246	fun cmdLoop () =
	247	case Msg.recv bio of
	248	NONE => (OpenSSL.close bio
	249	handle OpenSSL.OpenSSL _ => ();
	250	loop ())
	251	\| SOME m =>
	252	case m of
	253	MsgConfig code =>
	254	let
	255	val _ = print "Configuration:\n"
	256	val _ = print code
	257	val _ = print "\n"
3b267643	258
36e42cb8 AC	259	val outname = OS.FileSys.tmpName ()
	260	val outf = TextIO.openOut outname
	261	in
	262	TextIO.output (outf, code);
	263	TextIO.closeOut outf;
	264	(eval outname;
	265	Msg.send (bio, MsgOk))
97665758 AC	266	handle ErrorMsg.Error =>
	267	(print "Compilation error\n";
	268	Msg.send (bio,
	269	MsgError "Error during configuration evaluation"))
	270	\| OpenSSL.OpenSSL s =>
	271	(print "OpenSSL error\n";
	272	Msg.send (bio,
	273	MsgError
	274	("Error during configuration evaluation: "
	275	^ s)));
5ee41dd0 AC	276	OS.FileSys.remove outname;
	277	(ignore (OpenSSL.readChar bio);
	278	OpenSSL.close bio)
	279	handle OpenSSL.OpenSSL _ => ();
	280	loop ()
36e42cb8	281	end
5ee41dd0 AC	282
	283	\| MsgGrant acl =>
	284	if Acl.query {user = user, class = "group", value = "root"} then
	285	((Acl.grant acl;
	286	Acl.write Config.aclFile;
411a85f2 AC	287	Msg.send (bio, MsgOk);
411a85f2 AC	288	print ("Granted permission " ^ #value acl ^ " to " ^ #user acl ^ " in " ^ #class acl ^ ".\n"))
5ee41dd0 AC	289	handle OpenSSL.OpenSSL s =>
	290	(print "OpenSSL error\n";
	291	Msg.send (bio,
	292	MsgError
	293	("Error during granting: "
	294	^ s)));
	295	(ignore (OpenSSL.readChar bio);
	296	OpenSSL.close bio)
	297	handle OpenSSL.OpenSSL _ => ();
	298	loop ())
	299	else
	300	((Msg.send (bio, MsgError "Not authorized to grant privileges");
411a85f2 AC	301	print "Unauthorized user asked to grant a permission!\n";
	302	ignore (OpenSSL.readChar bio);
	303	OpenSSL.close bio)
	304	handle OpenSSL.OpenSSL _ => ();
	305	loop ())
	306
	307	\| MsgRevoke acl =>
	308	if Acl.query {user = user, class = "group", value = "root"} then
	309	((Acl.revoke acl;
	310	Acl.write Config.aclFile;
	311	Msg.send (bio, MsgOk);
	312	print ("Revoked permission " ^ #value acl ^ " from " ^ #user acl ^ " in " ^ #class acl ^ ".\n"))
	313	handle OpenSSL.OpenSSL s =>
	314	(print "OpenSSL error\n";
	315	Msg.send (bio,
	316	MsgError
	317	("Error during revocation: "
	318	^ s)));
	319	(ignore (OpenSSL.readChar bio);
	320	OpenSSL.close bio)
	321	handle OpenSSL.OpenSSL _ => ();
	322	loop ())
	323	else
	324	((Msg.send (bio, MsgError "Not authorized to revoke privileges");
	325	print "Unauthorized user asked to revoke a permission!\n";
5ee41dd0 AC	326	ignore (OpenSSL.readChar bio);
	327	OpenSSL.close bio)
	328	handle OpenSSL.OpenSSL _ => ();
	329	loop ())
	330
08a04eb4 AC	331	\| MsgListPerms user =>
	332	((Msg.send (bio, MsgPerms (Acl.queryAll user));
	333	print ("Sent permission list for user " ^ user ^ ".\n"))
	334	handle OpenSSL.OpenSSL s =>
	335	(print "OpenSSL error\n";
	336	Msg.send (bio,
	337	MsgError
	338	("Error during permission listing: "
	339	^ s)));
	340	(ignore (OpenSSL.readChar bio);
	341	OpenSSL.close bio)
	342	handle OpenSSL.OpenSSL _ => ();
	343	loop ())
	344
36e42cb8 AC	345	\| _ =>
	346	(Msg.send (bio, MsgError "Unexpected command")
	347	handle OpenSSL.OpenSSL _ => ();
	348	OpenSSL.close bio
	349	handle OpenSSL.OpenSSL _ => ();
	350	loop ())
	351	in
	352	cmdLoop ()
	353	end
97665758 AC	354	handle OpenSSL.OpenSSL s =>
	355	(print ("OpenSSL error: " ^ s ^ "\n");
	356	OpenSSL.close bio
	357	handle OpenSSL.OpenSSL _ => ();
	358	loop ())
	359	\| OS.SysErr (s, _) =>
	360	(print ("System error: " ^ s ^ "\n");
	361	OpenSSL.close bio
	362	handle OpenSSL.OpenSSL _ => ();
	363	loop ())
36e42cb8	364	in
361a1e7f	365	print "Listening for connections....\n";
36e42cb8 AC	366	loop ();
	367	OpenSSL.shutdown sock
	368	end
	369
	370	fun slave () =
	371	let
6e62228d	372	val host = Slave.hostname ()
36e42cb8 AC	373
36e42cb8 AC	374	val context = OpenSSL.context (Config.certDir ^ "/" ^ host ^ ".pem",
a088cea6	375	Config.keyDir ^ "/" ^ host ^ "/key.pem",
36e42cb8 AC	376	Config.trustStore)
	377
	378	val sock = OpenSSL.listen (context, Config.slavePort)
	379
	380	fun loop () =
	381	case OpenSSL.accept sock of
	382	NONE => ()
	383	\| SOME bio =>
	384	let
	385	val peer = OpenSSL.peerCN bio
	386	val () = print ("\nConnection from " ^ peer ^ "\n")
3b267643	387	in
36e42cb8 AC	388	if peer <> Config.dispatcherName then
	389	(print "Not authorized!\n";
	390	OpenSSL.close bio;
	391	loop ())
	392	else let
	393	fun loop' files =
	394	case Msg.recv bio of
	395	NONE => print "Dispatcher closed connection unexpectedly\n"
	396	\| SOME m =>
	397	case m of
	398	MsgFile file => loop' (file :: files)
	399	\| MsgDoFiles => (Slave.handleChanges files;
	400	Msg.send (bio, MsgOk))
	401	\| _ => (print "Dispatcher sent unexpected command\n";
	402	Msg.send (bio, MsgError "Unexpected command"))
	403	in
	404	loop' [];
	405	ignore (OpenSSL.readChar bio);
	406	OpenSSL.close bio;
	407	loop ()
	408	end
3196000d AC	409	end handle OpenSSL.OpenSSL s =>
	410	(print ("OpenSSL error: "^ s ^ "\n");
	411	OpenSSL.close bio
	412	handle OpenSSL.OpenSSL _ => ();
	413	loop ())
7af7d4cb AC	414	\| OS.SysErr (s, _) =>
	415	(print ("System error: "^ s ^ "\n");
	416	OpenSSL.close bio
	417	handle OpenSSL.OpenSSL _ => ();
	418	loop ())
07cc384c	419	in
3b267643 AC	420	loop ();
3b267643 AC	421	OpenSSL.shutdown sock
07cc384c AC	422	end
07cc384c AC	423
3196000d AC	424	fun autodocBasis outdir =
	425	let
	426	val dir = Posix.FileSys.opendir Config.libRoot
	427
	428	fun loop files =
	429	case Posix.FileSys.readdir dir of
	430	NONE => (Posix.FileSys.closedir dir;
	431	files)
	432	\| SOME fname =>
	433	if String.isSuffix ".dtl" fname then
	434	loop (OS.Path.joinDirFile {dir = Config.libRoot,
	435	file = fname}
	436	:: files)
	437	else
	438	loop files
	439
	440	val files = loop []
	441	in
	442	Autodoc.autodoc {outdir = outdir, infiles = files}
	443	end
	444
234b917a	445	end