loop files
val files = loop []
- val (_, files) = Order.order files
+ val (_, files) = Order.order NONE files
in
if !ErrorMsg.anyErrors then
Env.empty
else
- foldl (fn (fname, G) => check' G fname) Env.empty files
+ (Tycheck.allowExterns ();
+ foldl (fn (fname, G) => check' G fname) Env.empty files
+ before Tycheck.disallowExterns ())
end
fun check fname =
raise ErrorMsg.Error
else
let
+ val _ = Tycheck.disallowExterns ()
val _ = ErrorMsg.reset ()
val prog = Parse.parse fname
in
end
end
+val notTmp = CharVector.all (fn ch => Char.isAlphaNum ch orelse ch = #"." orelse ch = #"_" orelse ch = #"-")
+
+fun checkDir dname =
+ let
+ val b = basis ()
+
+ val dir = Posix.FileSys.opendir dname
+
+ fun loop files =
+ case Posix.FileSys.readdir dir of
+ NONE => (Posix.FileSys.closedir dir;
+ files)
+ | SOME fname =>
+ if notTmp fname then
+ loop (OS.Path.joinDirFile {dir = dname,
+ file = fname}
+ :: files)
+ else
+ loop files
+
+ val files = loop []
+ val (_, files) = Order.order (SOME b) files
+ in
+ if !ErrorMsg.anyErrors then
+ false
+ else
+ (foldl (fn (fname, G) => check' G fname) b files;
+ !ErrorMsg.anyErrors)
+ end
+
fun reduce fname =
let
val (G, body) = check fname
val dispatcher =
Config.dispatcher ^ ":" ^ Int.toString Config.dispatcherPort
-fun hostname () =
- let
- val inf = TextIO.openIn "/etc/hostname"
- in
- case TextIO.inputLine inf of
- NONE => (TextIO.closeIn inf; raise Fail "No line in /etc/hostname")
- | SOME line => (TextIO.closeIn inf; String.substring (line, 0, size line - 1))
- end
-
-fun request fname =
+fun requestContext f =
let
val uid = Posix.ProcEnv.getuid ()
val user = Posix.SysDB.Passwd.name (Posix.SysDB.getpwuid uid)
-
+
val () = Acl.read Config.aclFile
val () = Domain.setUser user
-
- val _ = check fname
-
- val uid = Posix.ProcEnv.getuid ()
- val user = Posix.SysDB.Passwd.name (Posix.SysDB.getpwuid uid)
+
+ val () = f ()
val context = OpenSSL.context (Config.certDir ^ "/" ^ user ^ ".pem",
Config.keyDir ^ "/" ^ user ^ "/key.pem",
Config.trustStore)
+ in
+ (user, context)
+ end
+
+fun requestBio f =
+ let
+ val (user, context) = requestContext f
+ in
+ (user, OpenSSL.connect (context, dispatcher))
+ end
- val bio = OpenSSL.connect (context, dispatcher)
+fun request fname =
+ let
+ val (user, bio) = requestBio (fn () => ignore (check fname))
val inf = TextIO.openIn fname
end
handle ErrorMsg.Error => ()
+fun requestDir dname =
+ let
+ val (user, bio) = requestBio (fn () => ignore (checkDir dname))
+
+ val b = basis ()
+
+ val dir = Posix.FileSys.opendir dname
+
+ fun loop files =
+ case Posix.FileSys.readdir dir of
+ NONE => (Posix.FileSys.closedir dir;
+ files)
+ | SOME fname =>
+ if notTmp fname then
+ loop (OS.Path.joinDirFile {dir = dname,
+ file = fname}
+ :: files)
+ else
+ loop files
+
+ val files = loop []
+ val (_, files) = Order.order (SOME b) files
+
+ val _ = if !ErrorMsg.anyErrors then
+ raise ErrorMsg.Error
+ else
+ ()
+
+ val codes = map (fn fname =>
+ let
+ val inf = TextIO.openIn fname
+
+ fun loop lines =
+ case TextIO.inputLine inf of
+ NONE => String.concat (rev lines)
+ | SOME line => loop (line :: lines)
+ in
+ loop []
+ before TextIO.closeIn inf
+ end) files
+ in
+ Msg.send (bio, MsgMultiConfig codes);
+ case Msg.recv bio of
+ NONE => print "Server closed connection unexpectedly.\n"
+ | SOME m =>
+ case m of
+ MsgOk => print "Configuration succeeded.\n"
+ | MsgError s => print ("Configuration failed: " ^ s ^ "\n")
+ | _ => print "Unexpected server reply.\n";
+ OpenSSL.close bio
+ end
+ handle ErrorMsg.Error => ()
+
+fun requestGrant acl =
+ let
+ val (user, bio) = requestBio (fn () => ())
+ in
+ Msg.send (bio, MsgGrant acl);
+ case Msg.recv bio of
+ NONE => print "Server closed connection unexpectedly.\n"
+ | SOME m =>
+ case m of
+ MsgOk => print "Grant succeeded.\n"
+ | MsgError s => print ("Grant failed: " ^ s ^ "\n")
+ | _ => print "Unexpected server reply.\n";
+ OpenSSL.close bio
+ end
+
+fun requestRevoke acl =
+ let
+ val (user, bio) = requestBio (fn () => ())
+ in
+ Msg.send (bio, MsgRevoke acl);
+ case Msg.recv bio of
+ NONE => print "Server closed connection unexpectedly.\n"
+ | SOME m =>
+ case m of
+ MsgOk => print "Revoke succeeded.\n"
+ | MsgError s => print ("Revoke failed: " ^ s ^ "\n")
+ | _ => print "Unexpected server reply.\n";
+ OpenSSL.close bio
+ end
+
+fun requestListPerms user =
+ let
+ val (_, bio) = requestBio (fn () => ())
+ in
+ Msg.send (bio, MsgListPerms user);
+ (case Msg.recv bio of
+ NONE => (print "Server closed connection unexpectedly.\n";
+ NONE)
+ | SOME m =>
+ case m of
+ MsgPerms perms => SOME perms
+ | MsgError s => (print ("Listing failed: " ^ s ^ "\n");
+ NONE)
+ | _ => (print "Unexpected server reply.\n";
+ NONE))
+ before OpenSSL.close bio
+ end
+
+fun requestWhoHas perm =
+ let
+ val (_, bio) = requestBio (fn () => ())
+ in
+ Msg.send (bio, MsgWhoHas perm);
+ (case Msg.recv bio of
+ NONE => (print "Server closed connection unexpectedly.\n";
+ NONE)
+ | SOME m =>
+ case m of
+ MsgWhoHasResponse users => SOME users
+ | MsgError s => (print ("whohas failed: " ^ s ^ "\n");
+ NONE)
+ | _ => (print "Unexpected server reply.\n";
+ NONE))
+ before OpenSSL.close bio
+ end
+
fun service () =
let
val () = Acl.read Config.aclFile
val () = print ("\nConnection from " ^ user ^ "\n")
val () = Domain.setUser user
+ fun doConfig codes =
+ let
+ val _ = print "Configuration:\n"
+ val _ = app (fn s => (print s; print "\n")) codes
+ val _ = print "\n"
+
+ val outname = OS.FileSys.tmpName ()
+
+ fun doOne code =
+ let
+ val outf = TextIO.openOut outname
+ in
+ TextIO.output (outf, code);
+ TextIO.closeOut outf;
+ eval outname
+ end
+ in
+ (app doOne codes;
+ Msg.send (bio, MsgOk))
+ handle ErrorMsg.Error =>
+ (print "Compilation error\n";
+ Msg.send (bio,
+ MsgError "Error during configuration evaluation"))
+ | OpenSSL.OpenSSL s =>
+ (print "OpenSSL error\n";
+ Msg.send (bio,
+ MsgError
+ ("Error during configuration evaluation: "
+ ^ s)));
+ OS.FileSys.remove outname;
+ (ignore (OpenSSL.readChar bio);
+ OpenSSL.close bio)
+ handle OpenSSL.OpenSSL _ => ();
+ loop ()
+ end
+
fun cmdLoop () =
case Msg.recv bio of
NONE => (OpenSSL.close bio
loop ())
| SOME m =>
case m of
- MsgConfig code =>
- let
- val _ = print "Configuration:\n"
- val _ = print code
- val _ = print "\n"
+ MsgConfig code => doConfig [code]
+ | MsgMultiConfig codes => doConfig codes
+
+ | MsgGrant acl =>
+ if Acl.query {user = user, class = "priv", value = "all"} then
+ ((Acl.grant acl;
+ Acl.write Config.aclFile;
+ Msg.send (bio, MsgOk);
+ print ("Granted permission " ^ #value acl ^ " to " ^ #user acl ^ " in " ^ #class acl ^ ".\n"))
+ handle OpenSSL.OpenSSL s =>
+ (print "OpenSSL error\n";
+ Msg.send (bio,
+ MsgError
+ ("Error during granting: "
+ ^ s)));
+ (ignore (OpenSSL.readChar bio);
+ OpenSSL.close bio)
+ handle OpenSSL.OpenSSL _ => ();
+ loop ())
+ else
+ ((Msg.send (bio, MsgError "Not authorized to grant privileges");
+ print "Unauthorized user asked to grant a permission!\n";
+ ignore (OpenSSL.readChar bio);
+ OpenSSL.close bio)
+ handle OpenSSL.OpenSSL _ => ();
+ loop ())
+
+ | MsgRevoke acl =>
+ if Acl.query {user = user, class = "priv", value = "all"} then
+ ((Acl.revoke acl;
+ Acl.write Config.aclFile;
+ Msg.send (bio, MsgOk);
+ print ("Revoked permission " ^ #value acl ^ " from " ^ #user acl ^ " in " ^ #class acl ^ ".\n"))
+ handle OpenSSL.OpenSSL s =>
+ (print "OpenSSL error\n";
+ Msg.send (bio,
+ MsgError
+ ("Error during revocation: "
+ ^ s)));
+ (ignore (OpenSSL.readChar bio);
+ OpenSSL.close bio)
+ handle OpenSSL.OpenSSL _ => ();
+ loop ())
+ else
+ ((Msg.send (bio, MsgError "Not authorized to revoke privileges");
+ print "Unauthorized user asked to revoke a permission!\n";
+ ignore (OpenSSL.readChar bio);
+ OpenSSL.close bio)
+ handle OpenSSL.OpenSSL _ => ();
+ loop ())
+
+ | MsgListPerms user =>
+ ((Msg.send (bio, MsgPerms (Acl.queryAll user));
+ print ("Sent permission list for user " ^ user ^ ".\n"))
+ handle OpenSSL.OpenSSL s =>
+ (print "OpenSSL error\n";
+ Msg.send (bio,
+ MsgError
+ ("Error during permission listing: "
+ ^ s)));
+ (ignore (OpenSSL.readChar bio);
+ OpenSSL.close bio)
+ handle OpenSSL.OpenSSL _ => ();
+ loop ())
+
+ | MsgWhoHas perm =>
+ ((Msg.send (bio, MsgWhoHasResponse (Acl.whoHas perm));
+ print ("Sent whohas response for " ^ #class perm ^ " / " ^ #value perm ^ ".\n"))
+ handle OpenSSL.OpenSSL s =>
+ (print "OpenSSL error\n";
+ Msg.send (bio,
+ MsgError
+ ("Error during whohas: "
+ ^ s)));
+ (ignore (OpenSSL.readChar bio);
+ OpenSSL.close bio)
+ handle OpenSSL.OpenSSL _ => ();
+ loop ())
- val outname = OS.FileSys.tmpName ()
- val outf = TextIO.openOut outname
- in
- TextIO.output (outf, code);
- TextIO.closeOut outf;
- (eval outname;
- Msg.send (bio, MsgOk))
- handle ErrorMsg.Error =>
- (print "Compilation error\n";
- Msg.send (bio,
- MsgError "Error during configuration evaluation"))
- | OpenSSL.OpenSSL s =>
- (print "OpenSSL error\n";
- Msg.send (bio,
- MsgError
- ("Error during configuration evaluation: "
- ^ s)));
- OS.FileSys.remove outname;
- (ignore (OpenSSL.readChar bio);
- OpenSSL.close bio)
- handle OpenSSL.OpenSSL _ => ();
- loop ()
- end
| _ =>
(Msg.send (bio, MsgError "Unexpected command")
handle OpenSSL.OpenSSL _ => ();
fun slave () =
let
- val host = hostname ()
+ val host = Slave.hostname ()
val context = OpenSSL.context (Config.certDir ^ "/" ^ host ^ ".pem",
Config.keyDir ^ "/" ^ host ^ "/key.pem",