policy.tcl Annotations

Procedures to safe interpreter policies in Slave interpreters. In this file: * Security policy definitions per-AUTHMODE. * Policy switching. * Activation/deactivation of in-line scripting. * Wrapper procedures that enforce session policy: The security policy defines which Tcl commands are accessible from within the safe interpreter in which the command prompt string is evaluated, which includes MikroConf commands and Tcl scripts. When we change AUTHMODE (lower to higher privilege or vise versa) we delete the previous "Slave" interpreter and create a new one to evaluatate user in-line code and MikroConf commands. This means that all interpreter state is lost: Any declared user procedures that are not saved, variables, renames etc are lost after changing AUTHMODE. The same happens when deactivate and reactivate inline scripting, which translates to changing to a very very limitted AUTHMODE where only MikroConf commands are accepted. Note that deactivation of inline scripting only affects command execution and command substitution. It does not affect variable substitution which is always possible.

Procedure Detail

get_policy

proc get_policy { authmode policy }

Get the $policy policy for $authmode authmode.

Parameters:

authmode - Name of authentication mode.

policy - Name of policy.

Returns:

A list describing the policy.

Defined in:

policy.tcl, line 401

loadprocs

proc loadprocs {  }

Load all registered procedures to this session.

Defined in:

policy.tcl, line 235

policy

proc policy { authmode }

Creates a safe interpreter used to evaluate user's in-line scripting and applies a security policy to it. @assume The command "info" is available in a newly created safe interpreter.

Parameters:

authmode - The AUTHMODE of which the policy we are switching to.

Defined in:

policy.tcl, line 165

scripting

proc scripting { action }

Activates/Deactivates/Resets in-line scripting on the fly. Scripting is deactivated by recreating the Slave interpeter, having all Tcl commands, and procedures hidden, except for "unknown" and "bgerror".

Parameters:

action - "on" or "off".

Defined in:

policy.tcl, line 256

slave_all

proc slave_all { slave name args }

Wrapper for all the commands that don't have a wrapper of their own.

Parameters:

slave - The name of the interpreter from which this procedure was called

name - The name of the command executed on the Slave interpreter

args - The remaining command arguments (if any)

Defined in:

policy.tcl, line 302

slave_bgerror

proc slave_bgerror { slave msg }

Error handling procedure for slave interpreters.

Parameters:

slave - The slave interpreter that generated the error

msg - The error message to display

Defined in:

policy.tcl, line 471

slave_fconfigure

proc slave_fconfigure { slave channelId args }

Wrapper for 'fconfigure' We don't allow the user to mess up with the fconfigure settings of stdout, stderr and stdin. @assume The syntax of the command will continue have channelId as its first argument.

Parameters:

slave - The name of the interpreter from which this procedure was called

channelId - The channel to operate on

args - The remaining command arguments (if any)

Defined in:

policy.tcl, line 322

slave_fileevent

proc slave_fileevent { slave channelId args }

Wrapper for 'fileevent' We don't allow the user to mess up with the fconfigure settings of stdout, stderr and stdin. @assume The syntax of the command will continue have channelId as its first argument.

Parameters:

slave - The name of the interpreter from which this procedure was called

channelId - The channel to operate on

args - The remaining command arguments (if any)

Defined in:

policy.tcl, line 369

slave_flush

proc slave_flush { slave channelId }

Wrapper for 'flush' We don't allow the user to mess up with stdout, stderr and stdin. @assume The syntax of the command will continue have channelId as its first argument.

Parameters:

slave - The name of the interpreter from which this procedure was called

channelId - The channel to operate on

args - The remaining command arguments (if any)

Defined in:

policy.tcl, line 353

slave_gets

proc slave_gets { slave args }

Wrapper for 'gets' to use the version of the Session.

Parameters:

slave - The name of the interpreter from which this procedure was called

args - The remaining command arguments (if any)

Defined in:

policy.tcl, line 310

slave_proc

proc slave_proc { slave args }

Wrapper for 'proc' that enforce naming restrictions on user-defined procedures.

Parameters:

slave - The name of the interpreter from which this procedure was called

args - The regular Tcl proc arguments

Defined in:

policy.tcl, line 414

slave_read

proc slave_read { slave args }

Wrapper for 'read' We don't allow the user to read from stdin. @assume The syntax of the command will not change in future versions of Tcl, or we need to update this code

Parameters:

slave - The name of the interpreter from which this procedure was called

args - The standard command arguments for read (if any)

Defined in:

policy.tcl, line 337

slave_rename

proc slave_rename { slave args }

Wrapper for 'rename' that enforce naming restrictions on user-defined procedures.

Parameters:

slave - The name of the interpreter from which this procedure was called

args - The regular Tcl rename arguments

Defined in:

policy.tcl, line 381

slave_unknown

proc slave_unknown { slave args }

This is the unknown procedure on the Slave, linked here as an alias. If it is executed it means that the provided command is neither a build-in Tcl command, nor a user-defined procedure. Hence we first check to see if its a MikroConf command. If not recognized as MikroConf command, then if it is a single argument, unknown assumes that it is a hostname that we want to connect to, otherwise it displays an error.

Parameters:

slave - The name of the interpreter from which this procedure was called

args - The command name and arguments that are not known to the interpreter @error

Defined in:

policy.tcl, line 439