apache: fix missing newline in fastScriptAlias

[hcoop/domtool2.git] / src / plugins / firewall.sml

diff --git a/src/plugins/firewall.sml b/src/plugins/firewall.sml
index a693642..92b1942 100644 (file)
--- a/src/plugins/firewall.sml
+++ b/src/plugins/firewall.sml
@@ -1,6 +1,6 @@
 (* HCoop Domtool (http://hcoop.sourceforge.net/)
  * Copyright (c) 2006-2007, Adam Chlipala
- * Copyright (c) 2011,2012,2013 Clinton Ebadi
+ * Copyright (c) 2011,2012,2013,2014 Clinton Ebadi
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -61,13 +61,22 @@ fun parseRules () =
        loop []
     end
 
-fun query uname =
+fun formatQueryRule (Client (ports, hosts)) =
+    "Client " ^ String.concatWith "," (map Int.toString ports) ^ " " ^ String.concatWith " " hosts
+  | formatQueryRule  (Server (ports, hosts)) =
+    "Server " ^ String.concatWith "," (map Int.toString ports) ^ " " ^ String.concatWith " " hosts
+  | formatQueryRule (ProxiedServer ports) =
+    "ProxiedServer " ^ String.concatWith "," (map Int.toString ports)
+  | formatQueryRule (LocalServer ports) =
+    "LocalServer " ^ String.concatWith "," (map Int.toString ports)
+
+fun query (node, uname) =
     (* completely broken *)
     let
        val rules = parseRules ()
     in
-       (* map (fn (_, FirewallNode n, r) => (n, r)) (List.filter (fn (User u, _, _) => u = uname) rules) *)
-       ["broken"]
+       map (fn (_, _, r) => formatQueryRule r)
+           (List.filter (fn (User u, FirewallNode n, _) => u = uname andalso n = node) rules)
     end
 
 fun formatPorts ports = "(" ^ String.concatWith " " (map Int.toString ports) ^ ")"
@@ -76,10 +85,12 @@ fun formatHosts hosts = "(" ^ String.concatWith " " hosts ^ ")"
 fun formatOutputRule (Client (ports, hosts)) = "dport " ^ formatPorts ports ^ (case hosts of 
                                                                                 [] => ""
                                                                               | _ => " daddr " ^ formatHosts hosts) ^ " ACCEPT;"
+  | formatOutputRule _ = ""
 
 fun formatInputRule (Server (ports, hosts)) = "dport " ^ formatPorts ports ^ (case hosts of 
                                                                                  [] => ""
                                                                                | _ => " saddr " ^ formatHosts hosts) ^ " ACCEPT;"
+  | formatInputRule _ = ""
 
 type ferm_lines = { input_rules : (string list) DataStructures.StringMap.map,
                    output_rules : (string list) DataStructures.StringMap.map } 
@@ -151,9 +162,13 @@ fun generateFirewallConfig rules =
            (* We can't match the user when listening; SELinux or
               similar would let us manage this with better
               granularity.*)
-           (TextIO.output (users_tcp_in_conf, "proto tcp {\n");
-            TextIO.output (users_tcp_in_conf, concat lines);
-            TextIO.output (users_tcp_in_conf, "\n}\n\n"))
+           let
+               val _ = SysWord.toInt (Posix.ProcEnv.uidToWord (Posix.SysDB.Passwd.uid (Posix.SysDB.getpwnam uname)))
+           in
+               TextIO.output (users_tcp_in_conf, "proto tcp {\n");
+               TextIO.output (users_tcp_in_conf, concat lines);
+               TextIO.output (users_tcp_in_conf, "\n}\n\n")
+           end handle OS.SysErr _ => print "Invalid user in firewall config, skipping.\n" (* no sense in opening ports for bad users *)                
 
        fun writeUserOutRules (uname, lines) =
            let