From 4f3ef3c5a314eee12b38efa938afcbb2a27c54d6 Mon Sep 17 00:00:00 2001 From: Clinton Ebadi Date: Sun, 6 Jan 2013 03:33:08 -0500 Subject: [PATCH 1/1] Move Acl.read from start of slave loop to firewall handling case Reading it before blocking waiting for a message could result in stale permissions being used for a single request. --- src/main.sml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/src/main.sml b/src/main.sml index 6df1525..4b8123d 100644 --- a/src/main.sml +++ b/src/main.sml @@ -1657,8 +1657,7 @@ fun slave () = val _ = print ("Slave server starting at " ^ now () ^ "\n") fun loop () = - (Acl.read Config.aclFile; - case OpenSSL.accept sock of + (case OpenSSL.accept sock of NONE => () | SOME bio => let @@ -1803,16 +1802,17 @@ fun slave () = SOME "Script execution failed.")) (fn () => ())) | MsgFirewallRegen => - doIt (fn () => if Acl.query {user = user, class = "priv", value = "all"} then - if List.exists (fn x => x = host) Config.Firewall.firewallNodes then - if (Firewall.generateFirewallConfig (Firewall.parseRules ()) andalso Firewall.publishConfig ()) - then - ("Firewall rules regenerated.", NONE) - else + doIt (fn () => (Acl.read Config.aclFile; + if Acl.query {user = user, class = "priv", value = "all"} then + if List.exists (fn x => x = host) Config.Firewall.firewallNodes then + if (Firewall.generateFirewallConfig (Firewall.parseRules ()) andalso Firewall.publishConfig ()) + then + ("Firewall rules regenerated.", NONE) + else ("Rules regeneration failed!", SOME "Script execution failed.") else ("Node not controlled by domtool firewall.", SOME (host)) - else - ("Not authorized to regenerate firewall.", SOME ("Unauthorized user " ^ user ^ " attempted to regenerated firewall"))) + else + ("Not authorized to regenerate firewall.", SOME ("Unauthorized user " ^ user ^ " attempted to regenerated firewall")))) (fn () => ()) | _ => (OpenSSL.close bio; -- 2.20.1