1 structure Sec
:> SEC
= struct
5 structure Req
= RequestH(struct
7 val adminGroup
= "server"
8 fun subject _
= "Security permissions change request"
11 fun body
{node
, mail
, data
= req
} =
12 (Mail
.mwrite (mail
, req
);
13 Mail
.mwrite (mail
, "\n"))
16 fun findSubusers uname
=
18 val uname_under
= uname ^
"_"
19 val inf
= TextIO.openIn
"/etc/passwd"
22 case TextIO.inputLine inf
of
23 NONE
=> ListMergeSort
.sort (fn (x
, y
) => String.compare (x
, y
) = GREATER
) subs
25 case String.fields (fn ch
=> ch
= #
":") line
of
27 if size uname
' >= size uname_under
28 andalso String.substring (uname
', 0, size uname_under
) = uname_under
then
35 before TextIO.closeIn inf
38 datatype socket_perms
=
44 fun socketPerms
{node
, uname
} =
46 val proc
= Unix
.execute ("/bin/sh",
48 "DOMTOOL_USER=apache2.deleuze.hcoop.net /usr/local/bin/domtool-admin sockperm "
49 ^ Init
.nodeName node ^
" " ^ uname
])
51 val inf
= Unix
.textInstreamOf proc
53 val p
= case TextIO.inputLine inf
of
55 | SOME
"Client\n" => CLIENT_ONLY
56 | SOME
"Server\n" => SERVER_ONLY
60 if OS
.Process
.isSuccess (Unix
.reap proc
) then
66 fun checkIt cmd
{node
, uname
} =
67 OS
.Process
.isSuccess (OS
.Process
.system
68 ("DOMTOOL_USER=apache2.deleuze.hcoop.net /usr/local/bin/domtool-admin "
69 ^ cmd ^
" " ^ Init
.nodeName node ^
" " ^ uname ^
" >/dev/null 2>/dev/null"))
71 val isTpe
= checkIt
"tpe"
72 val cronAllowed
= checkIt
"cron"
73 val ftpAllowed
= checkIt
"ftp"
75 fun findFirewallRules
{node
, uname
} =
77 val proc
= Unix
.execute ("/bin/sh",
79 "DOMTOOL_USER=apache2.deleuze.hcoop.net /usr/local/bin/domtool-admin firewall "
80 ^ Init
.nodeName node ^
" " ^ uname
])
82 val inf
= Unix
.textInstreamOf proc
85 case TextIO.inputLine inf
of
86 SOME line
=> readEm (String.substring (line
, 0, size line
- 1) :: lines
)
92 if OS
.Process
.isSuccess (Unix
.reap proc
) then