fun requestContext f =
let
- val uid = Posix.ProcEnv.getuid ()
- val user = Posix.SysDB.Passwd.name (Posix.SysDB.getpwuid uid)
+ val user =
+ case Posix.ProcEnv.getenv "DOMTOOL_USER" of
+ NONE =>
+ let
+ val uid = Posix.ProcEnv.getuid ()
+ in
+ Posix.SysDB.Passwd.name (Posix.SysDB.getpwuid uid)
+ end
+ | SOME user => user
val () = Acl.read Config.aclFile
val () = Domain.setUser user
before OpenSSL.close bio
end
+fun requestFirewall {node, uname} =
+ let
+ val (user, context) = requestContext (fn () => ())
+ val bio = OpenSSL.connect (context, if node = Config.masterNode then
+ dispatcher
+ else
+ Domain.nodeIp node ^ ":" ^ Int.toString Config.slavePort)
+
+ val _ = Msg.send (bio, MsgQuery (QFirewall uname))
+
+ fun loop () =
+ case Msg.recv bio of
+ NONE => (print "Server closed connection unexpectedly.\n";
+ OS.Process.failure)
+ | SOME m =>
+ case m of
+ MsgFirewall ls => (app (fn s => (print s; print "\n")) ls;
+ OS.Process.success)
+ | MsgError s => (print ("Firewall query failed: " ^ s ^ "\n");
+ OS.Process.failure)
+ | _ => (print "Unexpected server reply.\n";
+ OS.Process.failure)
+ in
+ loop ()
+ before OpenSSL.close bio
+ end
+
fun regenerate context =
let
val b = basis ()
| QFtp user => if Ftp.allowed user then MsgYes else MsgNo
| QTrustedPath user => if TrustedPath.query user then MsgYes else MsgNo
| QSocket user => MsgSocket (SocketPerm.query user)
+ | QFirewall user => MsgFirewall (Firewall.query user)
fun describeQuery q =
case q of
| QFtp user => "Asked about FTP permissions for user " ^ user
| QTrustedPath user => "Asked about trusted path settings for user " ^ user
| QSocket user => "Asked about socket permissions for user " ^ user
+ | QFirewall user => "Asked about firewall rules for user " ^ user
fun service () =
let