else
Domain.nodeIp node ^ ":" ^ Int.toString Config.slavePort)
- val _ = Msg.send (bio, MsgQuery (QFirewall uname))
+ val _ = Msg.send (bio, MsgQuery (QFirewall {node = node, user = uname}))
fun loop () =
case Msg.recv bio of
| QFtp user => if Ftp.allowed user then MsgYes else MsgNo
| QTrustedPath user => if TrustedPath.query user then MsgYes else MsgNo
| QSocket user => MsgSocket (SocketPerm.query user)
- | QFirewall user => MsgFirewall (Firewall.query user)
+ | QFirewall {node, user} => MsgFirewall (Firewall.query (node, user))
fun describeQuery q =
case q of
| QFtp user => "Asked about FTP permissions for user " ^ user
| QTrustedPath user => "Asked about trusted path settings for user " ^ user
| QSocket user => "Asked about socket permissions for user " ^ user
- | QFirewall user => "Asked about firewall rules for user " ^ user
+ | QFirewall {node, user} => "Asked about firewall rules on " ^ node ^ " for user " ^ user
fun doIt' loop bio f cleanup =
((case f () of
OpenSSL.writeString (bio, s))
| QSocket s => (OpenSSL.writeInt (bio, 4);
OpenSSL.writeString (bio, s))
- | QFirewall s => (OpenSSL.writeInt (bio, 5);
- OpenSSL.writeString (bio, s))
+ | QFirewall {node, user} => (OpenSSL.writeInt (bio, 5);
+ OpenSSL.writeString (bio, node);
+ OpenSSL.writeString (bio, user))
| QAptExists s => (OpenSSL.writeInt (bio, 6);
OpenSSL.writeString (bio, s))
| 2 => Option.map QFtp (OpenSSL.readString bio)
| 3 => Option.map QTrustedPath (OpenSSL.readString bio)
| 4 => Option.map QSocket (OpenSSL.readString bio)
- | 5 => Option.map QFirewall (OpenSSL.readString bio)
+ | 5 => (case ((OpenSSL.readString bio), (OpenSSL.readString bio)) of
+ (SOME node, SOME user) => SOME (QFirewall { node = node, user = user })
+ | _ => NONE)
| 6 => Option.map QAptExists (OpenSSL.readString bio)
| _ => NONE)
| NONE => NONE
(* Is this user restricted to trusted-path executables? *)
| QSocket of string
(* What socket permissions does this user have? *)
- | QFirewall of string
+ | QFirewall of {node : string, user : string}
(* What firewall rules does this user have? *)
| QAptExists of string
(* Does this apt package exist *)
type firewall_rules = (user * fwnode * fwrule) list
- val query : string -> string list
+ val query : string * string -> string list
(* List a user's local firewall rules. *)
val parseRules : unit -> firewall_rules
loop []
end
-fun query uname =
+fun formatQueryRule (Client (ports, hosts)) =
+ "Client " ^ String.concatWith "," (map Int.toString ports) ^ " " ^ String.concatWith " " hosts
+ | formatQueryRule (Server (ports, hosts)) =
+ "Server " ^ String.concatWith "," (map Int.toString ports) ^ " " ^ String.concatWith " " hosts
+ | formatQueryRule (ProxiedServer ports) =
+ "ProxiedServer " ^ String.concatWith "," (map Int.toString ports)
+ | formatQueryRule (LocalServer ports) =
+ "LocalServer " ^ String.concatWith "," (map Int.toString ports)
+
+fun query (node, uname) =
(* completely broken *)
let
val rules = parseRules ()
in
- (* map (fn (_, FirewallNode n, r) => (n, r)) (List.filter (fn (User u, _, _) => u = uname) rules) *)
- ["broken"]
+ map (fn (_, _, r) => formatQueryRule r)
+ (List.filter (fn (User u, FirewallNode n, _) => u = uname andalso n = node) rules)
end
fun formatPorts ports = "(" ^ String.concatWith " " (map Int.toString ports) ^ ")"