Reading it before blocking waiting for a message could result in stale
permissions being used for a single request.
val _ = print ("Slave server starting at " ^ now () ^ "\n")
fun loop () =
val _ = print ("Slave server starting at " ^ now () ^ "\n")
fun loop () =
- (Acl.read Config.aclFile;
- case OpenSSL.accept sock of
+ (case OpenSSL.accept sock of
NONE => ()
| SOME bio =>
let
NONE => ()
| SOME bio =>
let
SOME "Script execution failed."))
(fn () => ()))
| MsgFirewallRegen =>
SOME "Script execution failed."))
(fn () => ()))
| MsgFirewallRegen =>
- doIt (fn () => if Acl.query {user = user, class = "priv", value = "all"} then
- if List.exists (fn x => x = host) Config.Firewall.firewallNodes then
- if (Firewall.generateFirewallConfig (Firewall.parseRules ()) andalso Firewall.publishConfig ())
- then
- ("Firewall rules regenerated.", NONE)
- else
+ doIt (fn () => (Acl.read Config.aclFile;
+ if Acl.query {user = user, class = "priv", value = "all"} then
+ if List.exists (fn x => x = host) Config.Firewall.firewallNodes then
+ if (Firewall.generateFirewallConfig (Firewall.parseRules ()) andalso Firewall.publishConfig ())
+ then
+ ("Firewall rules regenerated.", NONE)
+ else
("Rules regeneration failed!", SOME "Script execution failed.")
else ("Node not controlled by domtool firewall.", SOME (host))
("Rules regeneration failed!", SOME "Script execution failed.")
else ("Node not controlled by domtool firewall.", SOME (host))
- else
- ("Not authorized to regenerate firewall.", SOME ("Unauthorized user " ^ user ^ " attempted to regenerated firewall")))
+ else
+ ("Not authorized to regenerate firewall.", SOME ("Unauthorized user " ^ user ^ " attempted to regenerated firewall"))))
(fn () => ())
| _ => (OpenSSL.close bio;
(fn () => ())
| _ => (OpenSSL.close bio;