structure Main :> MAIN = struct
-open Ast Print
+open Ast MsgTypes Print
structure SM = StringMap
-val dmy = ErrorMsg.dummyLoc
-
-val defaultT : record ref = ref SM.empty
-val defaultV : (unit -> exp) SM.map ref = ref SM.empty
-
-fun registerDefault (name, t, v) =
- case SM.find (!defaultT, name) of
- NONE => (defaultT := SM.insert (!defaultT, name, t);
- defaultV := SM.insert (!defaultV, name, v))
- | SOME _ => raise Fail "Duplicate default environment variable"
-
-fun tInit () = (TAction ((CRoot, dmy),
- !defaultT,
- StringMap.empty),
- dmy)
-
-
+fun init () = Acl.read Config.aclFile
fun check' G fname =
let
- (*val _ = print ("Check " ^ fname ^ "\n")*)
val prog = Parse.parse fname
in
if !ErrorMsg.anyErrors then
G
else
- Tycheck.checkFile G (tInit ()) prog
+ Tycheck.checkFile G (Defaults.tInit ()) prog
end
fun basis () =
loop files
val files = loop []
- val files = Order.order files
+ val (_, files) = Order.order files
in
if !ErrorMsg.anyErrors then
Env.empty
else
- foldl (fn (fname, G) => check' G fname) Env.empty files
+ (Tycheck.allowExterns ();
+ foldl (fn (fname, G) => check' G fname) Env.empty files
+ before Tycheck.disallowExterns ())
end
fun check fname =
val b = basis ()
in
if !ErrorMsg.anyErrors then
- (b, NONE)
+ raise ErrorMsg.Error
else
let
+ val _ = Tycheck.disallowExterns ()
val _ = ErrorMsg.reset ()
val prog = Parse.parse fname
in
if !ErrorMsg.anyErrors then
- (Env.empty, NONE)
+ raise ErrorMsg.Error
else
let
- val G' = Tycheck.checkFile b (tInit ()) prog
+ val G' = Tycheck.checkFile b (Defaults.tInit ()) prog
in
- (G', #3 prog)
+ if !ErrorMsg.anyErrors then
+ raise ErrorMsg.Error
+ else
+ (G', #3 prog)
end
end
end
case reduce fname of
(SOME body') =>
if !ErrorMsg.anyErrors then
- ()
+ raise ErrorMsg.Error
else
- Eval.exec (SM.map (fn f => f ()) (!defaultV)) body'
- | NONE => ()
+ Eval.exec (Defaults.eInit ()) body'
+ | NONE => raise ErrorMsg.Error
+
+val dispatcher =
+ Config.dispatcher ^ ":" ^ Int.toString Config.dispatcherPort
+
+fun requestContext f =
+ let
+ val uid = Posix.ProcEnv.getuid ()
+ val user = Posix.SysDB.Passwd.name (Posix.SysDB.getpwuid uid)
+
+ val () = Acl.read Config.aclFile
+ val () = Domain.setUser user
+
+ val () = f ()
+
+ val context = OpenSSL.context (Config.certDir ^ "/" ^ user ^ ".pem",
+ Config.keyDir ^ "/" ^ user ^ "/key.pem",
+ Config.trustStore)
+ in
+ (user, context)
+ end
+
+fun requestBio f =
+ let
+ val (user, context) = requestContext f
+ in
+ (user, OpenSSL.connect (context, dispatcher))
+ end
+
+fun request fname =
+ let
+ val (user, bio) = requestBio (fn () => ignore (check fname))
+
+ val inf = TextIO.openIn fname
+
+ fun loop lines =
+ case TextIO.inputLine inf of
+ NONE => String.concat (List.rev lines)
+ | SOME line => loop (line :: lines)
+
+ val code = loop []
+ in
+ TextIO.closeIn inf;
+ Msg.send (bio, MsgConfig code);
+ case Msg.recv bio of
+ NONE => print "Server closed connection unexpectedly.\n"
+ | SOME m =>
+ case m of
+ MsgOk => print "Configuration succeeded.\n"
+ | MsgError s => print ("Configuration failed: " ^ s ^ "\n")
+ | _ => print "Unexpected server reply.\n";
+ OpenSSL.close bio
+ end
+ handle ErrorMsg.Error => ()
+
+fun requestGrant acl =
+ let
+ val (user, bio) = requestBio (fn () => ())
+ in
+ Msg.send (bio, MsgGrant acl);
+ case Msg.recv bio of
+ NONE => print "Server closed connection unexpectedly.\n"
+ | SOME m =>
+ case m of
+ MsgOk => print "Grant succeeded.\n"
+ | MsgError s => print ("Grant failed: " ^ s ^ "\n")
+ | _ => print "Unexpected server reply.\n";
+ OpenSSL.close bio
+ end
+
+fun requestRevoke acl =
+ let
+ val (user, bio) = requestBio (fn () => ())
+ in
+ Msg.send (bio, MsgRevoke acl);
+ case Msg.recv bio of
+ NONE => print "Server closed connection unexpectedly.\n"
+ | SOME m =>
+ case m of
+ MsgOk => print "Revoke succeeded.\n"
+ | MsgError s => print ("Revoke failed: " ^ s ^ "\n")
+ | _ => print "Unexpected server reply.\n";
+ OpenSSL.close bio
+ end
+
+fun requestListPerms user =
+ let
+ val (_, bio) = requestBio (fn () => ())
+ in
+ Msg.send (bio, MsgListPerms user);
+ (case Msg.recv bio of
+ NONE => (print "Server closed connection unexpectedly.\n";
+ NONE)
+ | SOME m =>
+ case m of
+ MsgPerms perms => SOME perms
+ | MsgError s => (print ("Listing failed: " ^ s ^ "\n");
+ NONE)
+ | _ => (print "Unexpected server reply.\n";
+ NONE))
+ before OpenSSL.close bio
+ end
+
+fun service () =
+ let
+ val () = Acl.read Config.aclFile
+
+ val context = OpenSSL.context (Config.serverCert,
+ Config.serverKey,
+ Config.trustStore)
+ val _ = Domain.set_context context
+
+ val sock = OpenSSL.listen (context, Config.dispatcherPort)
+
+ fun loop () =
+ case OpenSSL.accept sock of
+ NONE => ()
+ | SOME bio =>
+ let
+ val user = OpenSSL.peerCN bio
+ val () = print ("\nConnection from " ^ user ^ "\n")
+ val () = Domain.setUser user
+
+ fun cmdLoop () =
+ case Msg.recv bio of
+ NONE => (OpenSSL.close bio
+ handle OpenSSL.OpenSSL _ => ();
+ loop ())
+ | SOME m =>
+ case m of
+ MsgConfig code =>
+ let
+ val _ = print "Configuration:\n"
+ val _ = print code
+ val _ = print "\n"
+
+ val outname = OS.FileSys.tmpName ()
+ val outf = TextIO.openOut outname
+ in
+ TextIO.output (outf, code);
+ TextIO.closeOut outf;
+ (eval outname;
+ Msg.send (bio, MsgOk))
+ handle ErrorMsg.Error =>
+ (print "Compilation error\n";
+ Msg.send (bio,
+ MsgError "Error during configuration evaluation"))
+ | OpenSSL.OpenSSL s =>
+ (print "OpenSSL error\n";
+ Msg.send (bio,
+ MsgError
+ ("Error during configuration evaluation: "
+ ^ s)));
+ OS.FileSys.remove outname;
+ (ignore (OpenSSL.readChar bio);
+ OpenSSL.close bio)
+ handle OpenSSL.OpenSSL _ => ();
+ loop ()
+ end
+
+ | MsgGrant acl =>
+ if Acl.query {user = user, class = "group", value = "root"} then
+ ((Acl.grant acl;
+ Acl.write Config.aclFile;
+ Msg.send (bio, MsgOk);
+ print ("Granted permission " ^ #value acl ^ " to " ^ #user acl ^ " in " ^ #class acl ^ ".\n"))
+ handle OpenSSL.OpenSSL s =>
+ (print "OpenSSL error\n";
+ Msg.send (bio,
+ MsgError
+ ("Error during granting: "
+ ^ s)));
+ (ignore (OpenSSL.readChar bio);
+ OpenSSL.close bio)
+ handle OpenSSL.OpenSSL _ => ();
+ loop ())
+ else
+ ((Msg.send (bio, MsgError "Not authorized to grant privileges");
+ print "Unauthorized user asked to grant a permission!\n";
+ ignore (OpenSSL.readChar bio);
+ OpenSSL.close bio)
+ handle OpenSSL.OpenSSL _ => ();
+ loop ())
+
+ | MsgRevoke acl =>
+ if Acl.query {user = user, class = "group", value = "root"} then
+ ((Acl.revoke acl;
+ Acl.write Config.aclFile;
+ Msg.send (bio, MsgOk);
+ print ("Revoked permission " ^ #value acl ^ " from " ^ #user acl ^ " in " ^ #class acl ^ ".\n"))
+ handle OpenSSL.OpenSSL s =>
+ (print "OpenSSL error\n";
+ Msg.send (bio,
+ MsgError
+ ("Error during revocation: "
+ ^ s)));
+ (ignore (OpenSSL.readChar bio);
+ OpenSSL.close bio)
+ handle OpenSSL.OpenSSL _ => ();
+ loop ())
+ else
+ ((Msg.send (bio, MsgError "Not authorized to revoke privileges");
+ print "Unauthorized user asked to revoke a permission!\n";
+ ignore (OpenSSL.readChar bio);
+ OpenSSL.close bio)
+ handle OpenSSL.OpenSSL _ => ();
+ loop ())
+
+ | MsgListPerms user =>
+ ((Msg.send (bio, MsgPerms (Acl.queryAll user));
+ print ("Sent permission list for user " ^ user ^ ".\n"))
+ handle OpenSSL.OpenSSL s =>
+ (print "OpenSSL error\n";
+ Msg.send (bio,
+ MsgError
+ ("Error during permission listing: "
+ ^ s)));
+ (ignore (OpenSSL.readChar bio);
+ OpenSSL.close bio)
+ handle OpenSSL.OpenSSL _ => ();
+ loop ())
+
+ | _ =>
+ (Msg.send (bio, MsgError "Unexpected command")
+ handle OpenSSL.OpenSSL _ => ();
+ OpenSSL.close bio
+ handle OpenSSL.OpenSSL _ => ();
+ loop ())
+ in
+ cmdLoop ()
+ end
+ handle OpenSSL.OpenSSL s =>
+ (print ("OpenSSL error: " ^ s ^ "\n");
+ OpenSSL.close bio
+ handle OpenSSL.OpenSSL _ => ();
+ loop ())
+ | OS.SysErr (s, _) =>
+ (print ("System error: " ^ s ^ "\n");
+ OpenSSL.close bio
+ handle OpenSSL.OpenSSL _ => ();
+ loop ())
+ in
+ print "Listening for connections....\n";
+ loop ();
+ OpenSSL.shutdown sock
+ end
+
+fun slave () =
+ let
+ val host = Slave.hostname ()
+
+ val context = OpenSSL.context (Config.certDir ^ "/" ^ host ^ ".pem",
+ Config.keyDir ^ "/" ^ host ^ "/key.pem",
+ Config.trustStore)
+
+ val sock = OpenSSL.listen (context, Config.slavePort)
+
+ fun loop () =
+ case OpenSSL.accept sock of
+ NONE => ()
+ | SOME bio =>
+ let
+ val peer = OpenSSL.peerCN bio
+ val () = print ("\nConnection from " ^ peer ^ "\n")
+ in
+ if peer <> Config.dispatcherName then
+ (print "Not authorized!\n";
+ OpenSSL.close bio;
+ loop ())
+ else let
+ fun loop' files =
+ case Msg.recv bio of
+ NONE => print "Dispatcher closed connection unexpectedly\n"
+ | SOME m =>
+ case m of
+ MsgFile file => loop' (file :: files)
+ | MsgDoFiles => (Slave.handleChanges files;
+ Msg.send (bio, MsgOk))
+ | _ => (print "Dispatcher sent unexpected command\n";
+ Msg.send (bio, MsgError "Unexpected command"))
+ in
+ loop' [];
+ ignore (OpenSSL.readChar bio);
+ OpenSSL.close bio;
+ loop ()
+ end
+ end handle OpenSSL.OpenSSL s =>
+ (print ("OpenSSL error: "^ s ^ "\n");
+ OpenSSL.close bio
+ handle OpenSSL.OpenSSL _ => ();
+ loop ())
+ | OS.SysErr (s, _) =>
+ (print ("System error: "^ s ^ "\n");
+ OpenSSL.close bio
+ handle OpenSSL.OpenSSL _ => ();
+ loop ())
+ in
+ loop ();
+ OpenSSL.shutdown sock
+ end
+
+fun autodocBasis outdir =
+ let
+ val dir = Posix.FileSys.opendir Config.libRoot
+
+ fun loop files =
+ case Posix.FileSys.readdir dir of
+ NONE => (Posix.FileSys.closedir dir;
+ files)
+ | SOME fname =>
+ if String.isSuffix ".dtl" fname then
+ loop (OS.Path.joinDirFile {dir = Config.libRoot,
+ file = fname}
+ :: files)
+ else
+ loop files
+
+ val files = loop []
+ in
+ Autodoc.autodoc {outdir = outdir, infiles = files}
+ end
end