structure Main :> MAIN = struct
-open Ast Print
+open Ast MsgTypes Print
structure SM = StringMap
-val dmy = ErrorMsg.dummyLoc
-
-fun init () = (F_OpenSSL_SML_add_all_algorithms.f' ();
- F_OpenSSL_SML_load_error_strings.f' ();
- F_OpenSSL_SML_load_BIO_strings.f' ())
-
-val () = init ()
-
-val defaultT : record ref = ref SM.empty
-val defaultV : (unit -> exp) SM.map ref = ref SM.empty
-
-fun registerDefault (name, t, v) =
- case SM.find (!defaultT, name) of
- NONE => (defaultT := SM.insert (!defaultT, name, t);
- defaultV := SM.insert (!defaultV, name, v))
- | SOME _ => raise Fail "Duplicate default environment variable"
-
-fun tInit () = (TAction ((CRoot, dmy),
- !defaultT,
- StringMap.empty),
- dmy)
-
-
+fun init () = Acl.read Config.aclFile
fun check' G fname =
let
- (*val _ = print ("Check " ^ fname ^ "\n")*)
val prog = Parse.parse fname
in
if !ErrorMsg.anyErrors then
G
else
- Tycheck.checkFile G (tInit ()) prog
+ Tycheck.checkFile G (Defaults.tInit ()) prog
end
fun basis () =
loop files
val files = loop []
- val files = Order.order files
+ val (_, files) = Order.order NONE files
in
if !ErrorMsg.anyErrors then
Env.empty
else
- foldl (fn (fname, G) => check' G fname) Env.empty files
+ (Tycheck.allowExterns ();
+ foldl (fn (fname, G) => check' G fname) Env.empty files
+ before Tycheck.disallowExterns ())
end
fun check fname =
val b = basis ()
in
if !ErrorMsg.anyErrors then
- (b, NONE)
+ raise ErrorMsg.Error
else
let
+ val _ = Tycheck.disallowExterns ()
val _ = ErrorMsg.reset ()
val prog = Parse.parse fname
in
if !ErrorMsg.anyErrors then
- (Env.empty, NONE)
+ raise ErrorMsg.Error
else
let
- val G' = Tycheck.checkFile b (tInit ()) prog
+ val G' = Tycheck.checkFile b (Defaults.tInit ()) prog
in
- (G', #3 prog)
+ if !ErrorMsg.anyErrors then
+ raise ErrorMsg.Error
+ else
+ (G', #3 prog)
end
end
end
+val notTmp = CharVector.all (fn ch => Char.isAlphaNum ch orelse ch = #"." orelse ch = #"_" orelse ch = #"-")
+
+fun checkDir dname =
+ let
+ val b = basis ()
+
+ val dir = Posix.FileSys.opendir dname
+
+ fun loop files =
+ case Posix.FileSys.readdir dir of
+ NONE => (Posix.FileSys.closedir dir;
+ files)
+ | SOME fname =>
+ if notTmp fname then
+ loop (OS.Path.joinDirFile {dir = dname,
+ file = fname}
+ :: files)
+ else
+ loop files
+
+ val files = loop []
+ val (_, files) = Order.order (SOME b) files
+ in
+ if !ErrorMsg.anyErrors then
+ raise ErrorMsg.Error
+ else
+ (foldl (fn (fname, G) => check' G fname) b files;
+ if !ErrorMsg.anyErrors then
+ raise ErrorMsg.Error
+ else
+ ())
+ end
+
fun reduce fname =
let
val (G, body) = check fname
fun eval fname =
case reduce fname of
(SOME body') =>
+ if !ErrorMsg.anyErrors then
+ raise ErrorMsg.Error
+ else
+ Eval.exec (Defaults.eInit ()) body'
+ | NONE => raise ErrorMsg.Error
+
+fun eval' fname =
+ case reduce fname of
+ (SOME body') =>
+ if !ErrorMsg.anyErrors then
+ raise ErrorMsg.Error
+ else
+ ignore (Eval.exec' (Defaults.eInit ()) body')
+ | NONE => raise ErrorMsg.Error
+
+val dispatcher =
+ Config.dispatcher ^ ":" ^ Int.toString Config.dispatcherPort
+
+fun requestContext f =
+ let
+ val uid = Posix.ProcEnv.getuid ()
+ val user = Posix.SysDB.Passwd.name (Posix.SysDB.getpwuid uid)
+
+ val () = Acl.read Config.aclFile
+ val () = Domain.setUser user
+
+ val () = f ()
+
+ val context = OpenSSL.context (Config.certDir ^ "/" ^ user ^ ".pem",
+ Config.keyDir ^ "/" ^ user ^ "/key.pem",
+ Config.trustStore)
+ in
+ (user, context)
+ end
+
+fun requestBio f =
+ let
+ val (user, context) = requestContext f
+ in
+ (user, OpenSSL.connect (context, dispatcher))
+ end
+
+fun request fname =
+ let
+ val (user, bio) = requestBio (fn () => ignore (check fname))
+
+ val inf = TextIO.openIn fname
+
+ fun loop lines =
+ case TextIO.inputLine inf of
+ NONE => String.concat (List.rev lines)
+ | SOME line => loop (line :: lines)
+
+ val code = loop []
+ in
+ TextIO.closeIn inf;
+ Msg.send (bio, MsgConfig code);
+ case Msg.recv bio of
+ NONE => print "Server closed connection unexpectedly.\n"
+ | SOME m =>
+ case m of
+ MsgOk => print "Configuration succeeded.\n"
+ | MsgError s => print ("Configuration failed: " ^ s ^ "\n")
+ | _ => print "Unexpected server reply.\n";
+ OpenSSL.close bio
+ end
+ handle ErrorMsg.Error => ()
+
+fun requestDir dname =
+ let
+ val _ = ErrorMsg.reset ()
+
+ val (user, bio) = requestBio (fn () => checkDir dname)
+
+ val b = basis ()
+
+ val dir = Posix.FileSys.opendir dname
+
+ fun loop files =
+ case Posix.FileSys.readdir dir of
+ NONE => (Posix.FileSys.closedir dir;
+ files)
+ | SOME fname =>
+ if notTmp fname then
+ loop (OS.Path.joinDirFile {dir = dname,
+ file = fname}
+ :: files)
+ else
+ loop files
+
+ val files = loop []
+ val (_, files) = Order.order (SOME b) files
+
+ val _ = if !ErrorMsg.anyErrors then
+ raise ErrorMsg.Error
+ else
+ ()
+
+ val codes = map (fn fname =>
+ let
+ val inf = TextIO.openIn fname
+
+ fun loop lines =
+ case TextIO.inputLine inf of
+ NONE => String.concat (rev lines)
+ | SOME line => loop (line :: lines)
+ in
+ loop []
+ before TextIO.closeIn inf
+ end) files
+ in
if !ErrorMsg.anyErrors then
()
else
- Eval.exec (SM.map (fn f => f ()) (!defaultV)) body'
- | NONE => ()
+ (Msg.send (bio, MsgMultiConfig codes);
+ case Msg.recv bio of
+ NONE => print "Server closed connection unexpectedly.\n"
+ | SOME m =>
+ case m of
+ MsgOk => print "Configuration succeeded.\n"
+ | MsgError s => print ("Configuration failed: " ^ s ^ "\n")
+ | _ => print "Unexpected server reply.\n";
+ OpenSSL.close bio)
+ end
+ handle ErrorMsg.Error => ()
+
+fun requestGrant acl =
+ let
+ val (user, bio) = requestBio (fn () => ())
+ in
+ Msg.send (bio, MsgGrant acl);
+ case Msg.recv bio of
+ NONE => print "Server closed connection unexpectedly.\n"
+ | SOME m =>
+ case m of
+ MsgOk => print "Grant succeeded.\n"
+ | MsgError s => print ("Grant failed: " ^ s ^ "\n")
+ | _ => print "Unexpected server reply.\n";
+ OpenSSL.close bio
+ end
+
+fun requestRevoke acl =
+ let
+ val (user, bio) = requestBio (fn () => ())
+ in
+ Msg.send (bio, MsgRevoke acl);
+ case Msg.recv bio of
+ NONE => print "Server closed connection unexpectedly.\n"
+ | SOME m =>
+ case m of
+ MsgOk => print "Revoke succeeded.\n"
+ | MsgError s => print ("Revoke failed: " ^ s ^ "\n")
+ | _ => print "Unexpected server reply.\n";
+ OpenSSL.close bio
+ end
+
+fun requestListPerms user =
+ let
+ val (_, bio) = requestBio (fn () => ())
+ in
+ Msg.send (bio, MsgListPerms user);
+ (case Msg.recv bio of
+ NONE => (print "Server closed connection unexpectedly.\n";
+ NONE)
+ | SOME m =>
+ case m of
+ MsgPerms perms => SOME perms
+ | MsgError s => (print ("Listing failed: " ^ s ^ "\n");
+ NONE)
+ | _ => (print "Unexpected server reply.\n";
+ NONE))
+ before OpenSSL.close bio
+ end
-val dispatcher : C.rw ZString.zstring' = ZString.dupML' Config.dispatcher
+fun requestWhoHas perm =
+ let
+ val (_, bio) = requestBio (fn () => ())
+ in
+ Msg.send (bio, MsgWhoHas perm);
+ (case Msg.recv bio of
+ NONE => (print "Server closed connection unexpectedly.\n";
+ NONE)
+ | SOME m =>
+ case m of
+ MsgWhoHasResponse users => SOME users
+ | MsgError s => (print ("whohas failed: " ^ s ^ "\n");
+ NONE)
+ | _ => (print "Unexpected server reply.\n";
+ NONE))
+ before OpenSSL.close bio
+ end
-fun ssl_err s =
+fun requestRegen () =
let
- val err = F_OpenSSL_SML_get_error.f ()
+ val (_, bio) = requestBio (fn () => ())
in
- print s;
- print "\nReason: ";
- print (ZString.toML (F_OpenSSL_SML_lib_error_string.f err));
- print ":";
- print (ZString.toML (F_OpenSSL_SML_func_error_string.f err));
- print ":";
- print (ZString.toML (F_OpenSSL_SML_reason_error_string.f err));
- print "\n"
+ Msg.send (bio, MsgRegenerate);
+ case Msg.recv bio of
+ NONE => print "Server closed connection unexpectedly.\n"
+ | SOME m =>
+ case m of
+ MsgOk => print "Regeneration succeeded.\n"
+ | MsgError s => print ("Regeneration failed: " ^ s ^ "\n")
+ | _ => print "Unexpected server reply.\n";
+ OpenSSL.close bio
end
-exception OpenSSL of string
+fun requestRmdom dom =
+ let
+ val (_, bio) = requestBio (fn () => ())
+ in
+ Msg.send (bio, MsgRmdom dom);
+ case Msg.recv bio of
+ NONE => print "Server closed connection unexpectedly.\n"
+ | SOME m =>
+ case m of
+ MsgOk => print "Removal succeeded.\n"
+ | MsgError s => print ("Removal failed: " ^ s ^ "\n")
+ | _ => print "Unexpected server reply.\n";
+ OpenSSL.close bio
+ end
-fun writeAll (bio, s) =
+fun regenerate context =
let
- val buf = ZString.dupML' s
+ val b = basis ()
+ val () = Tycheck.disallowExterns ()
- fun loop (buf, len) =
+ val () = Domain.resetGlobal ()
+
+ fun contactNode (node, ip) =
+ if node = Config.defaultNode then
+ Domain.resetLocal ()
+ else let
+ val bio = OpenSSL.connect (context,
+ ip
+ ^ ":"
+ ^ Int.toString Config.slavePort)
+ in
+ Msg.send (bio, MsgRegenerate);
+ case Msg.recv bio of
+ NONE => print "Slave closed connection unexpectedly\n"
+ | SOME m =>
+ case m of
+ MsgOk => print ("Slave " ^ node ^ " pre-regeneration finished\n")
+ | MsgError s => print ("Slave " ^ node
+ ^ " returned error: " ^
+ s ^ "\n")
+ | _ => print ("Slave " ^ node
+ ^ " returned unexpected command\n");
+ OpenSSL.close bio
+ end
+
+ fun doUser user =
let
- val r = F_OpenSSL_SML_write.f' (bio, C.Ptr.inject' buf, len)
+ val _ = Domain.setUser user
+ val _ = ErrorMsg.reset ()
+
+ val dname = Config.domtoolDir user
+
+ val dir = Posix.FileSys.opendir dname
+
+ fun loop files =
+ case Posix.FileSys.readdir dir of
+ NONE => (Posix.FileSys.closedir dir;
+ files)
+ | SOME fname =>
+ if notTmp fname then
+ loop (OS.Path.joinDirFile {dir = dname,
+ file = fname}
+ :: files)
+ else
+ loop files
+
+ val files = loop []
+ val (_, files) = Order.order (SOME b) files
in
- if r = len then
- ()
- else if r <= 0 then
- (C.free' buf;
- raise OpenSSL "BIO_write failed")
+ if !ErrorMsg.anyErrors then
+ print ("User " ^ user ^ "'s configuration has errors!\n")
else
- loop (C.Ptr.|+! C.S.uchar (buf, Int32.toInt r), Int32.- (len, r))
+ app eval' files
end
+ handle IO.Io _ => ()
+ | OS.SysErr (s, _) => print ("System error processing user " ^ user ^ ": " ^ s ^ "\n")
in
- loop (buf, Int32.fromInt (size s));
- C.free' buf
+ app contactNode Config.nodeIps;
+ Env.pre ();
+ app doUser (Acl.users ());
+ Env.post ()
end
-fun request fname =
+fun service () =
let
- val bio = F_OpenSSL_SML_new_connect.f' dispatcher
- in
- if C.Ptr.isNull' bio then
- (ssl_err ("Error initializating connection to dispatcher at " ^ Config.dispatcher);
- F_OpenSSL_SML_free_all.f' bio)
- else if F_OpenSSL_SML_do_connect.f' bio <= 0 then
- (ssl_err ("Error connecting to dispatcher at " ^ Config.dispatcher);
- F_OpenSSL_SML_free_all.f' bio)
- else let
- val inf = TextIO.openIn fname
-
- fun loop () =
- case TextIO.inputLine inf of
- NONE => ()
- | SOME line => (writeAll (bio, line);
- loop ())
- in
- loop ();
- TextIO.closeIn inf;
- F_OpenSSL_SML_free_all.f' bio
- end
+ val () = Acl.read Config.aclFile
+
+ val context = OpenSSL.context (Config.serverCert,
+ Config.serverKey,
+ Config.trustStore)
+ val _ = Domain.set_context context
+
+ val sock = OpenSSL.listen (context, Config.dispatcherPort)
+
+ fun loop () =
+ case OpenSSL.accept sock of
+ NONE => ()
+ | SOME bio =>
+ let
+ val user = OpenSSL.peerCN bio
+ val () = print ("\nConnection from " ^ user ^ "\n")
+ val () = Domain.setUser user
+
+ fun doConfig codes =
+ let
+ val _ = print "Configuration:\n"
+ val _ = app (fn s => (print s; print "\n")) codes
+ val _ = print "\n"
+
+ val outname = OS.FileSys.tmpName ()
+
+ fun doOne code =
+ let
+ val outf = TextIO.openOut outname
+ in
+ TextIO.output (outf, code);
+ TextIO.closeOut outf;
+ eval' outname
+ end
+ in
+ (Env.pre ();
+ app doOne codes;
+ Env.post ();
+ Msg.send (bio, MsgOk))
+ handle ErrorMsg.Error =>
+ (print "Compilation error\n";
+ Msg.send (bio,
+ MsgError "Error during configuration evaluation"))
+ | OpenSSL.OpenSSL s =>
+ (print "OpenSSL error\n";
+ Msg.send (bio,
+ MsgError
+ ("Error during configuration evaluation: "
+ ^ s)));
+ OS.FileSys.remove outname;
+ (ignore (OpenSSL.readChar bio);
+ OpenSSL.close bio)
+ handle OpenSSL.OpenSSL _ => ();
+ loop ()
+ end
+
+ fun cmdLoop () =
+ case Msg.recv bio of
+ NONE => (OpenSSL.close bio
+ handle OpenSSL.OpenSSL _ => ();
+ loop ())
+ | SOME m =>
+ case m of
+ MsgConfig code => doConfig [code]
+ | MsgMultiConfig codes => doConfig codes
+
+ | MsgGrant acl =>
+ if Acl.query {user = user, class = "priv", value = "all"} then
+ ((Acl.grant acl;
+ Acl.write Config.aclFile;
+ Msg.send (bio, MsgOk);
+ print ("Granted permission " ^ #value acl ^ " to " ^ #user acl ^ " in " ^ #class acl ^ ".\n"))
+ handle OpenSSL.OpenSSL s =>
+ (print "OpenSSL error\n";
+ Msg.send (bio,
+ MsgError
+ ("Error during granting: "
+ ^ s)));
+ (ignore (OpenSSL.readChar bio);
+ OpenSSL.close bio)
+ handle OpenSSL.OpenSSL _ => ();
+ loop ())
+ else
+ ((Msg.send (bio, MsgError "Not authorized to grant privileges");
+ print "Unauthorized user asked to grant a permission!\n";
+ ignore (OpenSSL.readChar bio);
+ OpenSSL.close bio)
+ handle OpenSSL.OpenSSL _ => ();
+ loop ())
+
+ | MsgRevoke acl =>
+ if Acl.query {user = user, class = "priv", value = "all"} then
+ ((Acl.revoke acl;
+ Acl.write Config.aclFile;
+ Msg.send (bio, MsgOk);
+ print ("Revoked permission " ^ #value acl ^ " from " ^ #user acl ^ " in " ^ #class acl ^ ".\n"))
+ handle OpenSSL.OpenSSL s =>
+ (print "OpenSSL error\n";
+ Msg.send (bio,
+ MsgError
+ ("Error during revocation: "
+ ^ s)));
+ (ignore (OpenSSL.readChar bio);
+ OpenSSL.close bio)
+ handle OpenSSL.OpenSSL _ => ();
+ loop ())
+ else
+ ((Msg.send (bio, MsgError "Not authorized to revoke privileges");
+ print "Unauthorized user asked to revoke a permission!\n";
+ ignore (OpenSSL.readChar bio);
+ OpenSSL.close bio)
+ handle OpenSSL.OpenSSL _ => ();
+ loop ())
+
+ | MsgListPerms user =>
+ ((Msg.send (bio, MsgPerms (Acl.queryAll user));
+ print ("Sent permission list for user " ^ user ^ ".\n"))
+ handle OpenSSL.OpenSSL s =>
+ (print "OpenSSL error\n";
+ Msg.send (bio,
+ MsgError
+ ("Error during permission listing: "
+ ^ s)));
+ (ignore (OpenSSL.readChar bio);
+ OpenSSL.close bio)
+ handle OpenSSL.OpenSSL _ => ();
+ loop ())
+
+ | MsgWhoHas perm =>
+ ((Msg.send (bio, MsgWhoHasResponse (Acl.whoHas perm));
+ print ("Sent whohas response for " ^ #class perm ^ " / " ^ #value perm ^ ".\n"))
+ handle OpenSSL.OpenSSL s =>
+ (print "OpenSSL error\n";
+ Msg.send (bio,
+ MsgError
+ ("Error during whohas: "
+ ^ s)));
+ (ignore (OpenSSL.readChar bio);
+ OpenSSL.close bio)
+ handle OpenSSL.OpenSSL _ => ();
+ loop ())
+
+ | MsgRmdom dom =>
+ if Acl.query {user = user, class = "priv", value = "all"}
+ orelse Acl.query {user = user, class = "domain", value = dom} then
+ ((Domain.rmdom dom;
+ Msg.send (bio, MsgOk);
+ print ("Removed domain " ^ dom ^ ".\n"))
+ handle OpenSSL.OpenSSL s =>
+ (print "OpenSSL error\n";
+ Msg.send (bio,
+ MsgError
+ ("Error during revocation: "
+ ^ s)));
+ (ignore (OpenSSL.readChar bio);
+ OpenSSL.close bio)
+ handle OpenSSL.OpenSSL _ => ();
+ loop ())
+ else
+ ((Msg.send (bio, MsgError "Not authorized to remove that domain");
+ print "Unauthorized user asked to remove a domain!\n";
+ ignore (OpenSSL.readChar bio);
+ OpenSSL.close bio)
+ handle OpenSSL.OpenSSL _ => ();
+ loop ())
+
+ | MsgRegenerate =>
+ if Acl.query {user = user, class = "priv", value = "regen"}
+ orelse Acl.query {user = user, class = "priv", value = "all"} then
+ ((regenerate context;
+ Msg.send (bio, MsgOk);
+ print "Regenerated all configuration.\n")
+ handle OpenSSL.OpenSSL s =>
+ (print "OpenSSL error\n";
+ Msg.send (bio,
+ MsgError
+ ("Error during regeneration: "
+ ^ s)));
+ (ignore (OpenSSL.readChar bio);
+ OpenSSL.close bio)
+ handle OpenSSL.OpenSSL _ => ();
+ loop ())
+ else
+ ((Msg.send (bio, MsgError "Not authorized to regeneration");
+ print "Unauthorized user asked to regenerate!\n";
+ ignore (OpenSSL.readChar bio);
+ OpenSSL.close bio)
+ handle OpenSSL.OpenSSL _ => ();
+ loop ())
+
+ | _ =>
+ (Msg.send (bio, MsgError "Unexpected command")
+ handle OpenSSL.OpenSSL _ => ();
+ OpenSSL.close bio
+ handle OpenSSL.OpenSSL _ => ();
+ loop ())
+ in
+ cmdLoop ()
+ end
+ handle OpenSSL.OpenSSL s =>
+ (print ("OpenSSL error: " ^ s ^ "\n");
+ OpenSSL.close bio
+ handle OpenSSL.OpenSSL _ => ();
+ loop ())
+ | OS.SysErr (s, _) =>
+ (print ("System error: " ^ s ^ "\n");
+ OpenSSL.close bio
+ handle OpenSSL.OpenSSL _ => ();
+ loop ())
+ in
+ print "Listening for connections....\n";
+ loop ();
+ OpenSSL.shutdown sock
+ end
+
+fun slave () =
+ let
+ val host = Slave.hostname ()
+
+ val context = OpenSSL.context (Config.certDir ^ "/" ^ host ^ ".pem",
+ Config.keyDir ^ "/" ^ host ^ "/key.pem",
+ Config.trustStore)
+
+ val sock = OpenSSL.listen (context, Config.slavePort)
+
+ fun loop () =
+ case OpenSSL.accept sock of
+ NONE => ()
+ | SOME bio =>
+ let
+ val peer = OpenSSL.peerCN bio
+ val () = print ("\nConnection from " ^ peer ^ "\n")
+ in
+ if peer <> Config.dispatcherName then
+ (print "Not authorized!\n";
+ OpenSSL.close bio;
+ loop ())
+ else let
+ fun loop' files =
+ case Msg.recv bio of
+ NONE => print "Dispatcher closed connection unexpectedly\n"
+ | SOME m =>
+ case m of
+ MsgFile file => loop' (file :: files)
+ | MsgDoFiles => (Slave.handleChanges files;
+ Msg.send (bio, MsgOk))
+ | MsgRegenerate => (Domain.resetLocal ();
+ Msg.send (bio, MsgOk))
+ | _ => (print "Dispatcher sent unexpected command\n";
+ Msg.send (bio, MsgError "Unexpected command"))
+ in
+ loop' [];
+ ignore (OpenSSL.readChar bio);
+ OpenSSL.close bio;
+ loop ()
+ end
+ end handle OpenSSL.OpenSSL s =>
+ (print ("OpenSSL error: "^ s ^ "\n");
+ OpenSSL.close bio
+ handle OpenSSL.OpenSSL _ => ();
+ loop ())
+ | OS.SysErr (s, _) =>
+ (print ("System error: "^ s ^ "\n");
+ OpenSSL.close bio
+ handle OpenSSL.OpenSSL _ => ();
+ loop ())
+ in
+ loop ();
+ OpenSSL.shutdown sock
+ end
+
+fun autodocBasis outdir =
+ let
+ val dir = Posix.FileSys.opendir Config.libRoot
+
+ fun loop files =
+ case Posix.FileSys.readdir dir of
+ NONE => (Posix.FileSys.closedir dir;
+ files)
+ | SOME fname =>
+ if String.isSuffix ".dtl" fname then
+ loop (OS.Path.joinDirFile {dir = Config.libRoot,
+ file = fname}
+ :: files)
+ else
+ loop files
+
+ val files = loop []
+ in
+ Autodoc.autodoc {outdir = outdir, infiles = files}
end
end