+ fun doOne code =
+ let
+ val outf = TextIO.openOut outname
+ in
+ TextIO.output (outf, code);
+ TextIO.closeOut outf;
+ eval' outname
+ end
+ in
+ (Env.pre ();
+ app doOne codes;
+ Env.post ();
+ Msg.send (bio, MsgOk))
+ handle ErrorMsg.Error =>
+ (print "Compilation error\n";
+ Msg.send (bio,
+ MsgError "Error during configuration evaluation"))
+ | OpenSSL.OpenSSL s =>
+ (print "OpenSSL error\n";
+ Msg.send (bio,
+ MsgError
+ ("Error during configuration evaluation: "
+ ^ s)));
+ OS.FileSys.remove outname;
+ (ignore (OpenSSL.readChar bio);
+ OpenSSL.close bio)
+ handle OpenSSL.OpenSSL _ => ();
+ loop ()
+ end
+
+ fun cmdLoop () =
+ case Msg.recv bio of
+ NONE => (OpenSSL.close bio
+ handle OpenSSL.OpenSSL _ => ();
+ loop ())
+ | SOME m =>
+ case m of
+ MsgConfig code => doConfig [code]
+ | MsgMultiConfig codes => doConfig codes
+
+ | MsgGrant acl =>
+ if Acl.query {user = user, class = "priv", value = "all"} then
+ ((Acl.grant acl;
+ Acl.write Config.aclFile;
+ Msg.send (bio, MsgOk);
+ print ("Granted permission " ^ #value acl ^ " to " ^ #user acl ^ " in " ^ #class acl ^ ".\n"))
+ handle OpenSSL.OpenSSL s =>
+ (print "OpenSSL error\n";
+ Msg.send (bio,
+ MsgError
+ ("Error during granting: "
+ ^ s)));
+ (ignore (OpenSSL.readChar bio);
+ OpenSSL.close bio)
+ handle OpenSSL.OpenSSL _ => ();
+ loop ())
+ else
+ ((Msg.send (bio, MsgError "Not authorized to grant privileges");
+ print "Unauthorized user asked to grant a permission!\n";
+ ignore (OpenSSL.readChar bio);
+ OpenSSL.close bio)
+ handle OpenSSL.OpenSSL _ => ();
+ loop ())
+
+ | MsgRevoke acl =>
+ if Acl.query {user = user, class = "priv", value = "all"} then
+ ((Acl.revoke acl;
+ Acl.write Config.aclFile;
+ Msg.send (bio, MsgOk);
+ print ("Revoked permission " ^ #value acl ^ " from " ^ #user acl ^ " in " ^ #class acl ^ ".\n"))
+ handle OpenSSL.OpenSSL s =>
+ (print "OpenSSL error\n";
+ Msg.send (bio,
+ MsgError
+ ("Error during revocation: "
+ ^ s)));
+ (ignore (OpenSSL.readChar bio);
+ OpenSSL.close bio)
+ handle OpenSSL.OpenSSL _ => ();
+ loop ())
+ else
+ ((Msg.send (bio, MsgError "Not authorized to revoke privileges");
+ print "Unauthorized user asked to revoke a permission!\n";
+ ignore (OpenSSL.readChar bio);
+ OpenSSL.close bio)
+ handle OpenSSL.OpenSSL _ => ();
+ loop ())
+
+ | MsgListPerms user =>
+ ((Msg.send (bio, MsgPerms (Acl.queryAll user));
+ print ("Sent permission list for user " ^ user ^ ".\n"))
+ handle OpenSSL.OpenSSL s =>
+ (print "OpenSSL error\n";
+ Msg.send (bio,
+ MsgError
+ ("Error during permission listing: "
+ ^ s)));
+ (ignore (OpenSSL.readChar bio);
+ OpenSSL.close bio)
+ handle OpenSSL.OpenSSL _ => ();
+ loop ())
+
+ | MsgWhoHas perm =>
+ ((Msg.send (bio, MsgWhoHasResponse (Acl.whoHas perm));
+ print ("Sent whohas response for " ^ #class perm ^ " / " ^ #value perm ^ ".\n"))
+ handle OpenSSL.OpenSSL s =>
+ (print "OpenSSL error\n";
+ Msg.send (bio,
+ MsgError
+ ("Error during whohas: "
+ ^ s)));
+ (ignore (OpenSSL.readChar bio);
+ OpenSSL.close bio)
+ handle OpenSSL.OpenSSL _ => ();
+ loop ())
+
+ | MsgRmdom doms =>
+ if Acl.query {user = user, class = "priv", value = "all"}
+ orelse List.all (fn dom => Acl.query {user = user, class = "domain", value = dom}) doms then
+ ((Domain.rmdom doms;
+ app (fn dom =>
+ Acl.revokeFromAll {class = "domain", value = dom}) doms;
+ Acl.write Config.aclFile;
+ Msg.send (bio, MsgOk);
+ print ("Removed domains" ^ foldl (fn (d, s) => s ^ " " ^ d) "" doms ^ ".\n"))
+ handle OpenSSL.OpenSSL s =>
+ (print "OpenSSL error\n";
+ Msg.send (bio,
+ MsgError
+ ("Error during revocation: "
+ ^ s)));
+ (ignore (OpenSSL.readChar bio);
+ OpenSSL.close bio)
+ handle OpenSSL.OpenSSL _ => ();
+ loop ())
+ else
+ ((Msg.send (bio, MsgError "Not authorized to remove that domain");
+ print "Unauthorized user asked to remove a domain!\n";
+ ignore (OpenSSL.readChar bio);
+ OpenSSL.close bio)
+ handle OpenSSL.OpenSSL _ => ();
+ loop ())
+
+ | MsgRegenerate =>
+ if Acl.query {user = user, class = "priv", value = "regen"}
+ orelse Acl.query {user = user, class = "priv", value = "all"} then
+ ((regenerate context;
+ Msg.send (bio, MsgOk);
+ print "Regenerated all configuration.\n")
+ handle OpenSSL.OpenSSL s =>
+ (print "OpenSSL error\n";
+ Msg.send (bio,
+ MsgError
+ ("Error during regeneration: "
+ ^ s)));
+ (ignore (OpenSSL.readChar bio);
+ OpenSSL.close bio)
+ handle OpenSSL.OpenSSL _ => ();
+ loop ())
+ else
+ ((Msg.send (bio, MsgError "Not authorized to regeneration");
+ print "Unauthorized user asked to regenerate!\n";
+ ignore (OpenSSL.readChar bio);
+ OpenSSL.close bio)
+ handle OpenSSL.OpenSSL _ => ();
+ loop ())
+
+ | MsgRmuser user' =>
+ if Acl.query {user = user, class = "priv", value = "all"} then
+ ((rmuser user';
+ Acl.write Config.aclFile;
+ Msg.send (bio, MsgOk);
+ print ("Removed user " ^ user' ^ ".\n"))
+ handle OpenSSL.OpenSSL s =>
+ (print "OpenSSL error\n";
+ Msg.send (bio,
+ MsgError
+ ("Error during revocation: "
+ ^ s)));
+ (ignore (OpenSSL.readChar bio);
+ OpenSSL.close bio)
+ handle OpenSSL.OpenSSL _ => ();
+ loop ())
+ else
+ ((Msg.send (bio, MsgError "Not authorized to remove users");
+ print "Unauthorized user asked to remove a user!\n";
+ ignore (OpenSSL.readChar bio);
+ OpenSSL.close bio)
+ handle OpenSSL.OpenSSL _ => ();
+ loop ())
+
+ | MsgCreateDbUser {dbtype, passwd} =>
+ (case Dbms.lookup dbtype of
+ NONE => ((Msg.send (bio, MsgError ("Unknown database type " ^ dbtype));
+ print ("Database user creation request with unknown datatype type " ^ dbtype);
+ ignore (OpenSSL.readChar bio))
+ handle OpenSSL.OpenSSL _ => ();
+ OpenSSL.close bio
+ handle OpenSSL.OpenSSL _ => ();
+ loop ())
+ | SOME handler =>
+ case #adduser handler {user = user, passwd = passwd} of
+ NONE => ((Msg.send (bio, MsgOk);
+ print ("Added " ^ dbtype ^ " user " ^ user ^ ".\n"))
+ handle OpenSSL.OpenSSL s =>
+ (print "OpenSSL error\n";
+ Msg.send (bio,
+ MsgError
+ ("Error during creation: "
+ ^ s)));
+ (ignore (OpenSSL.readChar bio);
+ OpenSSL.close bio)
+ handle OpenSSL.OpenSSL _ => ();
+ loop ())
+ | SOME msg => ((Msg.send (bio, MsgError ("Error adding user: " ^ msg));
+ print ("Error adding a " ^ dbtype ^ " user " ^ user ^ ": " ^ msg ^ "\n");
+ ignore (OpenSSL.readChar bio);
+ OpenSSL.close bio)
+ handle OpenSSL.OpenSSL _ => ();
+ loop ()))
+
+ | MsgCreateDbTable {dbtype, dbname} =>
+ if Dbms.validDbname dbname then
+ (case Dbms.lookup dbtype of
+ NONE => ((Msg.send (bio, MsgError ("Unknown database type " ^ dbtype));
+ print ("Database creation request with unknown datatype type " ^ dbtype);
+ ignore (OpenSSL.readChar bio))
+ handle OpenSSL.OpenSSL _ => ();
+ OpenSSL.close bio
+ handle OpenSSL.OpenSSL _ => ();
+ loop ())
+ | SOME handler =>
+ case #createdb handler {user = user, dbname = dbname} of
+ NONE => ((Msg.send (bio, MsgOk);
+ print ("Created database " ^ user ^ "_" ^ dbname ^ ".\n"))
+ handle OpenSSL.OpenSSL s =>
+ (print "OpenSSL error\n";
+ Msg.send (bio,
+ MsgError
+ ("Error during creation: "
+ ^ s)));
+ (ignore (OpenSSL.readChar bio);
+ OpenSSL.close bio)
+ handle OpenSSL.OpenSSL _ => ();
+ loop ())
+ | SOME msg => ((Msg.send (bio, MsgError ("Error creating database: " ^ msg));
+ print ("Error creating database " ^ user ^ "_" ^ dbname ^ ": " ^ msg ^ "\n");
+ ignore (OpenSSL.readChar bio);
+ OpenSSL.close bio)
+ handle OpenSSL.OpenSSL _ => ();
+ loop ()))
+ else
+ ((Msg.send (bio, MsgError ("Invalid database name " ^ dbname));
+ print ("Invalid database name " ^ user ^ "_" ^ dbname ^ "\n");
+ ignore (OpenSSL.readChar bio);
+ OpenSSL.close bio)
+ handle OpenSSL.OpenSSL _ => ();
+ loop ())
+
+ | _ =>
+ (Msg.send (bio, MsgError "Unexpected command")
+ handle OpenSSL.OpenSSL _ => ();
+ OpenSSL.close bio
+ handle OpenSSL.OpenSSL _ => ();
+ loop ())