b064a5fddc0efe0ed8f011e5035b6673a61fcdf3
1 structure Sec
:> SEC
= struct
5 structure Req
= RequestH(struct
7 val adminGroup
= "server"
8 fun subject _
= "Security permissions change request"
11 fun body
{node
, mail
, data
= req
} =
12 (Mail
.mwrite (mail
, req
);
13 Mail
.mwrite (mail
, "\n"))
16 fun findSubusers uname
=
18 val uname_under
= uname ^
"_"
19 val inf
= TextIO.openIn
"/etc/passwd"
22 case TextIO.inputLine inf
of
23 NONE
=> ListMergeSort
.sort (fn (x
, y
) => String.compare (x
, y
) = GREATER
) subs
25 case String.fields (fn ch
=> ch
= #
":") line
of
27 if size uname
' >= size uname_under
28 andalso String.substring (uname
', 0, size uname_under
) = uname_under
then
35 before TextIO.closeIn inf
38 datatype socket_perms
=
44 fun socketPerms
{node
, uname
} =
46 val proc
= Unix
.execute ("/bin/sh",
48 "DOMTOOL_USER=apache2.deleuze.hcoop.net /usr/local/bin/domtool-admin sockperm "
49 ^ Init
.nodeName node ^
" " ^ uname
])
51 val inf
= Unix
.textInstreamOf proc
53 val p
= case TextIO.inputLine inf
of
55 | SOME
"Client\n" => CLIENT_ONLY
56 | SOME
"Server\n" => SERVER_ONLY
60 if OS
.Process
.isSuccess (Unix
.reap proc
) then
66 fun checkIt cmd
{node
, uname
} =
67 OS
.Process
.isSuccess (OS
.Process
.system
68 ("DOMTOOL_USER=apache2.deleuze.hcoop.net /usr/local/bin/domtool-admin "
69 ^ cmd ^
" " ^ Init
.nodeName node ^
" " ^ uname ^
" >/dev/null 2>/dev/null"))
71 val isTpe
= checkIt
"tpe"
72 val cronAllowed
= checkIt
"cron"
73 val ftpAllowed
= checkIt
"ftp"
75 fun findFirewallRules
{node
, uname
} =
77 val proc
= Unix
.execute ("/bin/sh",
79 "DOMTOOL_USER=apache2.deleuze.hcoop.net /usr/local/bin/domtool-admin firewall "
80 ^ Init
.nodeName node ^
" " ^ uname
])
82 val inf
= Unix
.textInstreamOf proc
85 case TextIO.inputLine inf
of
86 SOME line
=> readEm (String.substring (line
, 0, size line
- 1) :: lines
)
92 if OS
.Process
.isSuccess (Unix
.reap proc
) then
99 if CharVector
.all
Char.isDigit s
andalso size s
> 0 then
105 case intFromString port
of
109 fun validPortPiece pp
=
110 case String.fields (fn ch
=> ch
= #
":") pp
of
111 [port
] => validPort port
112 |
[port1
, port2
] => validPort port1
andalso validPort port2
114 fun validPorts ports
=
115 List.all
validPortPiece (String.fields (fn ch
=> ch
= #
",") ports
)
118 case map
intFromString (String.fields (fn ch
=> ch
= #
".") s
) of
119 [SOME n1
, SOME n2
, SOME n3
, SOME n4
] =>
120 n1
>= 0 andalso n1
< 256 andalso n2
>= 0 andalso n2
< 256 andalso n3
>= 0 andalso n3
< 256 andalso n4
>= 0 andalso n4
< 256
123 fun isIdent ch
= Char.isLower ch
orelse Char.isDigit ch
126 size s
> 0 andalso size s
< 20
127 andalso CharVector
.all (fn ch
=> isIdent ch
orelse ch
= #
"-") s
130 size s
> 0 andalso size s
< 100
131 andalso List.all
validHost (String.fields (fn ch
=> ch
= #
".") s
)
133 val validHosts
= List.all (fn x
=> validIp x
orelse validDomain x
)
136 case String.tokens
Char.isSpace rule
of
137 "Client" :: ports
:: hosts
=> validPorts ports
andalso validHosts hosts
138 |
"Server" :: ports
:: hosts
=> validPorts ports
andalso validHosts hosts
139 |
["LocalServer", ports
] => validPorts ports