X-Git-Url: https://git.hcoop.net/clinton/domtool2.git/blobdiff_plain/73b9542320e82ad398689b66bc1938c78cc53be0..4f3ef3c5a314eee12b38efa938afcbb2a27c54d6:/src/main.sml diff --git a/src/main.sml b/src/main.sml index a673fde..4b8123d 100644 --- a/src/main.sml +++ b/src/main.sml @@ -753,7 +753,7 @@ fun requestMysqlFixperms () = fun requestApt {node, pkg} = let val (user, context) = requestContext (fn () => ()) - val bio = OpenSSL.connect true (context, if node = Config.masterNode then + val bio = OpenSSL.connect true (context, if node = Config.dispatcherName then dispatcher else Domain.nodeIp node ^ ":" ^ Int.toString Config.slavePort) @@ -779,10 +779,39 @@ fun requestApt {node, pkg} = before OpenSSL.close bio end +fun requestAptExists {node, pkg} = + let + val (user, context) = requestContext (fn () => ()) + val bio = OpenSSL.connect true (context, if node = Config.dispatcherName then + dispatcher + else + Domain.nodeIp node ^ ":" ^ Int.toString Config.slavePort) + + val _ = Msg.send (bio, MsgQuery (QAptExists pkg)) + + fun loop () = + case Msg.recv bio of + NONE => (print "Server closed connection unexpectedly.\n"; + OS.Process.failure) + | SOME m => + case m of + MsgYes => (print "Package exists.\n"; + OS.Process.success) + | MsgNo => (print "Package does not exist.\n"; + OS.Process.failure) + | MsgError s => (print ("APT existence query failed: " ^ s ^ "\n"); + OS.Process.failure) + | _ => (print "Unexpected server reply.\n"; + OS.Process.failure) + in + loop () + before OpenSSL.close bio + end + fun requestCron {node, uname} = let val (user, context) = requestContext (fn () => ()) - val bio = OpenSSL.connect true (context, if node = Config.masterNode then + val bio = OpenSSL.connect true (context, if node = Config.dispatcherName then dispatcher else Domain.nodeIp node ^ ":" ^ Int.toString Config.slavePort) @@ -811,7 +840,7 @@ fun requestCron {node, uname} = fun requestFtp {node, uname} = let val (user, context) = requestContext (fn () => ()) - val bio = OpenSSL.connect true (context, if node = Config.masterNode then + val bio = OpenSSL.connect true (context, if node = Config.dispatcherName then dispatcher else Domain.nodeIp node ^ ":" ^ Int.toString Config.slavePort) @@ -840,7 +869,7 @@ fun requestFtp {node, uname} = fun requestTrustedPath {node, uname} = let val (user, context) = requestContext (fn () => ()) - val bio = OpenSSL.connect true (context, if node = Config.masterNode then + val bio = OpenSSL.connect true (context, if node = Config.dispatcherName then dispatcher else Domain.nodeIp node ^ ":" ^ Int.toString Config.slavePort) @@ -869,7 +898,7 @@ fun requestTrustedPath {node, uname} = fun requestSocketPerm {node, uname} = let val (user, context) = requestContext (fn () => ()) - val bio = OpenSSL.connect true (context, if node = Config.masterNode then + val bio = OpenSSL.connect true (context, if node = Config.dispatcherName then dispatcher else Domain.nodeIp node ^ ":" ^ Int.toString Config.slavePort) @@ -900,7 +929,7 @@ fun requestSocketPerm {node, uname} = fun requestFirewall {node, uname} = let val (user, context) = requestContext (fn () => ()) - val bio = OpenSSL.connect true (context, if node = Config.masterNode then + val bio = OpenSSL.connect true (context, if node = Config.dispatcherName then dispatcher else Domain.nodeIp node ^ ":" ^ Int.toString Config.slavePort) @@ -954,6 +983,31 @@ fun requestReUsers () = OpenSSL.close bio end +fun requestFirewallRegen node = + let + val (user, context) = requestContext (fn () => ()) + val bio = OpenSSL.connect true (context, Domain.nodeIp node ^ ":" ^ Int.toString Config.slavePort) + (* Only supporting on slave nodes *) + + val _ = Msg.send (bio, MsgFirewallRegen) + + fun handleResult () = + case Msg.recv bio of + NONE => (print "Server closed connection unexpectedly.\n"; + OS.Process.failure) + | SOME m => + case m of + MsgOk => (print "Firewall regenerated.\n"; + OS.Process.success) + | MsgError s => (print ("Firewall regeneration failed: " ^ s ^ "\n"); + OS.Process.failure) + | _ => (print "Unexpected server reply.\n"; + OS.Process.failure) + in + handleResult() + before OpenSSL.close bio + end + structure SS = StringSet fun domainList dname = @@ -1159,6 +1213,7 @@ fun now () = Date.toString (Date.fromTimeUniv (Time.now ())) fun answerQuery q = case q of QApt pkg => if Apt.installed pkg then MsgYes else MsgNo + | QAptExists pkg => if Apt.exists pkg then MsgYes else MsgNo | QCron user => if Cron.allowed user then MsgYes else MsgNo | QFtp user => if Ftp.allowed user then MsgYes else MsgNo | QTrustedPath user => if TrustedPath.query user then MsgYes else MsgNo @@ -1168,6 +1223,7 @@ fun answerQuery q = fun describeQuery q = case q of QApt pkg => "Requested installation status of package " ^ pkg + | QAptExists pkg => "Requested if package " ^ pkg ^ " exists" | QCron user => "Asked about cron permissions for user " ^ user | QFtp user => "Asked about FTP permissions for user " ^ user | QTrustedPath user => "Asked about trusted path settings for user " ^ user @@ -1746,14 +1802,17 @@ fun slave () = SOME "Script execution failed.")) (fn () => ())) | MsgFirewallRegen => - doIt (fn () => if Acl.query {user = user, class = "priv", value = "all"} andalso List.exists (fn x => x = host) Config.Firewall.firewallNodes then - if (Firewall.generateFirewallConfig (Firewall.parseRules ()) andalso Firewall.publishConfig ()) - then - ("Firewall rules regenerated.", NONE) - else - ("Rules regeneration failed!", SOME "Script execution failed.") - else - ("Not authorized to regenerate firewall.", SOME ("Unauthorized user " ^ user ^ "attempted to regenerated firewall"))) + doIt (fn () => (Acl.read Config.aclFile; + if Acl.query {user = user, class = "priv", value = "all"} then + if List.exists (fn x => x = host) Config.Firewall.firewallNodes then + if (Firewall.generateFirewallConfig (Firewall.parseRules ()) andalso Firewall.publishConfig ()) + then + ("Firewall rules regenerated.", NONE) + else + ("Rules regeneration failed!", SOME "Script execution failed.") + else ("Node not controlled by domtool firewall.", SOME (host)) + else + ("Not authorized to regenerate firewall.", SOME ("Unauthorized user " ^ user ^ " attempted to regenerated firewall")))) (fn () => ()) | _ => (OpenSSL.close bio;