| author | huffman |
| Tue, 13 Jan 2009 10:18:23 -0800 | |
| changeset 29475 | c06d1b0a970f |
| parent 28268 | ac8431ecd57e |
| child 29606 | fedb8be05f24 |
| permissions | -rw-r--r-- |
| 20925 | 1 |
(* Title: Pure/General/secure.ML |
2 |
ID: $Id$ |
|
3 |
Author: Makarius |
|
4 |
||
5 |
Secure critical operations. |
|
6 |
*) |
|
7 |
||
8 |
signature SECURE = |
|
9 |
sig |
|
| 20977 | 10 |
val set_secure: unit -> unit |
| 20925 | 11 |
val is_secure: unit -> bool |
| 26080 | 12 |
val deny_secure: string -> unit |
|
28268
ac8431ecd57e
use_text/use_file now depend on explicit ML name space;
wenzelm
parents:
26883
diff
changeset
|
13 |
val use_text: ML_NameSpace.nameSpace -> int * string -> |
|
ac8431ecd57e
use_text/use_file now depend on explicit ML name space;
wenzelm
parents:
26883
diff
changeset
|
14 |
(string -> unit) * (string -> 'a) -> bool -> string -> unit |
|
ac8431ecd57e
use_text/use_file now depend on explicit ML name space;
wenzelm
parents:
26883
diff
changeset
|
15 |
val use_file: ML_NameSpace.nameSpace -> |
|
ac8431ecd57e
use_text/use_file now depend on explicit ML name space;
wenzelm
parents:
26883
diff
changeset
|
16 |
(string -> unit) * (string -> 'a) -> bool -> string -> unit |
| 20925 | 17 |
val use: string -> unit |
18 |
val commit: unit -> unit |
|
| 26220 | 19 |
val system_out: string -> string * int |
| 20992 | 20 |
val system: string -> int |
| 20925 | 21 |
end; |
22 |
||
23 |
structure Secure: SECURE = |
|
24 |
struct |
|
25 |
||
| 20992 | 26 |
(** secure flag **) |
| 20925 | 27 |
|
28 |
val secure = ref false; |
|
29 |
||
| 20977 | 30 |
fun set_secure () = secure := true; |
| 20925 | 31 |
fun is_secure () = ! secure; |
32 |
||
|
22567
1565d476a9e2
removed assert/deny (avoid clash with Alice keywords and confusion due to strict evaluation);
wenzelm
parents:
22144
diff
changeset
|
33 |
fun deny_secure msg = if is_secure () then error msg else (); |
| 20925 | 34 |
|
35 |
||
| 25753 | 36 |
|
| 20992 | 37 |
(** critical operations **) |
38 |
||
39 |
(* ML evaluation *) |
|
| 20925 | 40 |
|
41 |
fun secure_mltext () = deny_secure "Cannot evaluate ML source in secure mode"; |
|
42 |
||
|
28268
ac8431ecd57e
use_text/use_file now depend on explicit ML name space;
wenzelm
parents:
26883
diff
changeset
|
43 |
fun raw_use_text ns = use_text ML_Parse.fix_ints (Position.str_of oo Position.line_file) ns; |
|
ac8431ecd57e
use_text/use_file now depend on explicit ML name space;
wenzelm
parents:
26883
diff
changeset
|
44 |
fun raw_use_file ns = use_file ML_Parse.fix_ints (Position.str_of oo Position.line_file) ns; |
| 20925 | 45 |
|
|
28268
ac8431ecd57e
use_text/use_file now depend on explicit ML name space;
wenzelm
parents:
26883
diff
changeset
|
46 |
fun use_text ns pos pr verbose txt = |
|
ac8431ecd57e
use_text/use_file now depend on explicit ML name space;
wenzelm
parents:
26883
diff
changeset
|
47 |
(secure_mltext (); raw_use_text ns pos pr verbose txt); |
|
23922
707639e9497d
marked some CRITICAL sections (for multithreading);
wenzelm
parents:
22567
diff
changeset
|
48 |
|
|
28268
ac8431ecd57e
use_text/use_file now depend on explicit ML name space;
wenzelm
parents:
26883
diff
changeset
|
49 |
fun use_file ns pr verbose name = |
|
ac8431ecd57e
use_text/use_file now depend on explicit ML name space;
wenzelm
parents:
26883
diff
changeset
|
50 |
(secure_mltext (); raw_use_file ns pr verbose name); |
|
23922
707639e9497d
marked some CRITICAL sections (for multithreading);
wenzelm
parents:
22567
diff
changeset
|
51 |
|
|
28268
ac8431ecd57e
use_text/use_file now depend on explicit ML name space;
wenzelm
parents:
26883
diff
changeset
|
52 |
fun use name = use_file ML_NameSpace.global Output.ml_output true name; |
| 23978 | 53 |
|
| 20925 | 54 |
(*commit is dynamically bound!*) |
|
28268
ac8431ecd57e
use_text/use_file now depend on explicit ML name space;
wenzelm
parents:
26883
diff
changeset
|
55 |
fun commit () = raw_use_text ML_NameSpace.global (0, "") Output.ml_output false "commit();"; |
| 20925 | 56 |
|
| 20992 | 57 |
|
58 |
(* shell commands *) |
|
59 |
||
60 |
fun secure_shell () = deny_secure "Cannot execute shell commands in secure mode"; |
|
61 |
||
| 26220 | 62 |
val orig_system_out = system_out; |
| 20992 | 63 |
|
| 26220 | 64 |
fun system_out s = (secure_shell (); orig_system_out s); |
| 26332 | 65 |
|
66 |
fun system s = |
|
67 |
(case system_out s of |
|
68 |
("", rc) => rc
|
|
69 |
| (out, rc) => (writeln (perhaps (try (unsuffix "\n")) out); rc)); |
|
| 20992 | 70 |
|
| 20925 | 71 |
end; |
72 |
||
| 23978 | 73 |
(*override previous toplevel bindings!*) |
| 21770 | 74 |
val use_text = Secure.use_text; |
75 |
val use_file = Secure.use_file; |
|
|
24663
015a8838e656
improved error behaviour of use (bootstrap version);
wenzelm
parents:
24600
diff
changeset
|
76 |
fun use s = Secure.use s handle ERROR msg => (writeln msg; raise Fail "ML error"); |
| 26220 | 77 |
val system_out = Secure.system_out; |
| 20992 | 78 |
val system = Secure.system; |