Commit | Line | Data |
---|---|---|
234b917a | 1 | (* HCoop Domtool (http://hcoop.sourceforge.net/) |
f8ef6c20 | 2 | * Copyright (c) 2006-2007, Adam Chlipala |
234b917a AC |
3 | * |
4 | * This program is free software; you can redistribute it and/or | |
5 | * modify it under the terms of the GNU General Public License | |
6 | * as published by the Free Software Foundation; either version 2 | |
7 | * of the License, or (at your option) any later version. | |
8 | * | |
9 | * This program is distributed in the hope that it will be useful, | |
10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
12 | * GNU General Public License for more details. | |
13 | * | |
14 | * You should have received a copy of the GNU General Public License | |
15 | * along with this program; if not, write to the Free Software | |
16 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |
dac62e84 | 17 | *) |
234b917a AC |
18 | |
19 | (* Main interface *) | |
20 | ||
21 | structure Main :> MAIN = struct | |
22 | ||
36e42cb8 | 23 | open Ast MsgTypes Print |
234b917a | 24 | |
6ae327f8 AC |
25 | structure SM = StringMap |
26 | ||
aa56e112 | 27 | fun init () = Acl.read Config.aclFile |
234b917a | 28 | |
d189ec0e | 29 | fun check' G fname = |
a3698041 AC |
30 | let |
31 | val prog = Parse.parse fname | |
32 | in | |
33 | if !ErrorMsg.anyErrors then | |
d189ec0e | 34 | G |
a3698041 | 35 | else |
aa56e112 | 36 | Tycheck.checkFile G (Defaults.tInit ()) prog |
a3698041 AC |
37 | end |
38 | ||
d189ec0e | 39 | fun basis () = |
234b917a | 40 | let |
d189ec0e AC |
41 | val dir = Posix.FileSys.opendir Config.libRoot |
42 | ||
43 | fun loop files = | |
44 | case Posix.FileSys.readdir dir of | |
d612d62c AC |
45 | NONE => (Posix.FileSys.closedir dir; |
46 | files) | |
d189ec0e AC |
47 | | SOME fname => |
48 | if String.isSuffix ".dtl" fname then | |
d612d62c AC |
49 | loop (OS.Path.joinDirFile {dir = Config.libRoot, |
50 | file = fname} | |
d189ec0e AC |
51 | :: files) |
52 | else | |
53 | loop files | |
54 | ||
55 | val files = loop [] | |
c53e82e4 | 56 | val (_, files) = Order.order NONE files |
d189ec0e | 57 | in |
6ae327f8 AC |
58 | if !ErrorMsg.anyErrors then |
59 | Env.empty | |
60 | else | |
b3159a70 AC |
61 | (Tycheck.allowExterns (); |
62 | foldl (fn (fname, G) => check' G fname) Env.empty files | |
63 | before Tycheck.disallowExterns ()) | |
d189ec0e AC |
64 | end |
65 | ||
66 | fun check fname = | |
67 | let | |
68 | val _ = ErrorMsg.reset () | |
12adf55a | 69 | val _ = Env.preTycheck () |
d189ec0e AC |
70 | |
71 | val b = basis () | |
234b917a AC |
72 | in |
73 | if !ErrorMsg.anyErrors then | |
36e42cb8 | 74 | raise ErrorMsg.Error |
234b917a AC |
75 | else |
76 | let | |
b3159a70 | 77 | val _ = Tycheck.disallowExterns () |
7f012ffd | 78 | val _ = ErrorMsg.reset () |
d189ec0e | 79 | val prog = Parse.parse fname |
234b917a | 80 | in |
492c1cff | 81 | if !ErrorMsg.anyErrors then |
36e42cb8 | 82 | raise ErrorMsg.Error |
492c1cff | 83 | else |
d189ec0e | 84 | let |
aa56e112 | 85 | val G' = Tycheck.checkFile b (Defaults.tInit ()) prog |
d189ec0e | 86 | in |
36e42cb8 AC |
87 | if !ErrorMsg.anyErrors then |
88 | raise ErrorMsg.Error | |
89 | else | |
90 | (G', #3 prog) | |
d189ec0e | 91 | end |
234b917a AC |
92 | end |
93 | end | |
94 | ||
0c85f25e AC |
95 | fun notTmp s = |
96 | String.sub (s, 0) <> #"." | |
97 | andalso CharVector.all (fn ch => Char.isAlphaNum ch orelse ch = #"." orelse ch = #"_" orelse ch = #"-") s | |
c53e82e4 AC |
98 | |
99 | fun checkDir dname = | |
100 | let | |
101 | val b = basis () | |
102 | ||
103 | val dir = Posix.FileSys.opendir dname | |
104 | ||
105 | fun loop files = | |
106 | case Posix.FileSys.readdir dir of | |
107 | NONE => (Posix.FileSys.closedir dir; | |
108 | files) | |
109 | | SOME fname => | |
110 | if notTmp fname then | |
111 | loop (OS.Path.joinDirFile {dir = dname, | |
112 | file = fname} | |
113 | :: files) | |
114 | else | |
115 | loop files | |
116 | ||
117 | val files = loop [] | |
118 | val (_, files) = Order.order (SOME b) files | |
119 | in | |
120 | if !ErrorMsg.anyErrors then | |
1824f573 | 121 | raise ErrorMsg.Error |
c53e82e4 AC |
122 | else |
123 | (foldl (fn (fname, G) => check' G fname) b files; | |
1824f573 AC |
124 | if !ErrorMsg.anyErrors then |
125 | raise ErrorMsg.Error | |
126 | else | |
127 | ()) | |
c53e82e4 AC |
128 | end |
129 | ||
d189ec0e | 130 | fun reduce fname = |
a3698041 | 131 | let |
d189ec0e | 132 | val (G, body) = check fname |
a3698041 AC |
133 | in |
134 | if !ErrorMsg.anyErrors then | |
d189ec0e | 135 | NONE |
a3698041 | 136 | else |
d189ec0e AC |
137 | case body of |
138 | SOME body => | |
139 | let | |
140 | val body' = Reduce.reduceExp G body | |
141 | in | |
142 | (*printd (PD.hovBox (PD.PPS.Rel 0, | |
143 | [PD.string "Result:", | |
144 | PD.space 1, | |
145 | p_exp body']))*) | |
146 | SOME body' | |
147 | end | |
148 | | _ => NONE | |
a3698041 AC |
149 | end |
150 | ||
d189ec0e AC |
151 | fun eval fname = |
152 | case reduce fname of | |
153 | (SOME body') => | |
154 | if !ErrorMsg.anyErrors then | |
36e42cb8 | 155 | raise ErrorMsg.Error |
d189ec0e | 156 | else |
aa56e112 | 157 | Eval.exec (Defaults.eInit ()) body' |
36e42cb8 | 158 | | NONE => raise ErrorMsg.Error |
d189ec0e | 159 | |
1824f573 AC |
160 | fun eval' fname = |
161 | case reduce fname of | |
162 | (SOME body') => | |
163 | if !ErrorMsg.anyErrors then | |
164 | raise ErrorMsg.Error | |
165 | else | |
166 | ignore (Eval.exec' (Defaults.eInit ()) body') | |
167 | | NONE => raise ErrorMsg.Error | |
168 | ||
3b267643 AC |
169 | val dispatcher = |
170 | Config.dispatcher ^ ":" ^ Int.toString Config.dispatcherPort | |
559e89e9 | 171 | |
c9731b9b AC |
172 | val self = |
173 | "localhost:" ^ Int.toString Config.slavePort | |
174 | ||
d22c1f00 AC |
175 | fun context x = |
176 | (OpenSSL.context false x) | |
25c93232 | 177 | handle e as OpenSSL.OpenSSL s => |
d22c1f00 | 178 | (print "Couldn't find your certificate.\nYou probably haven't been given any Domtool privileges.\n"; |
504618b9 | 179 | print ("I looked in: " ^ #1 x ^ "\n"); |
25c93232 | 180 | print ("Additional information: " ^ s ^ "\n"); |
d22c1f00 AC |
181 | raise e) |
182 | ||
e1b99e23 | 183 | fun setupUser () = |
07cc384c | 184 | let |
573a0ebc AC |
185 | val user = |
186 | case Posix.ProcEnv.getenv "DOMTOOL_USER" of | |
187 | NONE => | |
188 | let | |
189 | val uid = Posix.ProcEnv.getuid () | |
190 | in | |
191 | Posix.SysDB.Passwd.name (Posix.SysDB.getpwuid uid) | |
192 | end | |
193 | | SOME user => user | |
e1b99e23 AC |
194 | in |
195 | Acl.read Config.aclFile; | |
196 | Domain.setUser user; | |
197 | user | |
198 | end | |
199 | ||
200 | fun requestContext f = | |
201 | let | |
202 | val user = setupUser () | |
5ee41dd0 AC |
203 | |
204 | val () = f () | |
aa56e112 | 205 | |
d22c1f00 AC |
206 | val context = context (Config.certDir ^ "/" ^ user ^ ".pem", |
207 | Config.keyDir ^ "/" ^ user ^ "/key.pem", | |
208 | Config.trustStore) | |
5ee41dd0 AC |
209 | in |
210 | (user, context) | |
211 | end | |
07cc384c | 212 | |
5ee41dd0 AC |
213 | fun requestBio f = |
214 | let | |
215 | val (user, context) = requestContext f | |
216 | in | |
217 | (user, OpenSSL.connect (context, dispatcher)) | |
218 | end | |
219 | ||
c9731b9b AC |
220 | fun requestSlaveBio () = |
221 | let | |
222 | val (user, context) = requestContext (fn () => ()) | |
223 | in | |
224 | (user, OpenSSL.connect (context, self)) | |
225 | end | |
226 | ||
5ee41dd0 AC |
227 | fun request fname = |
228 | let | |
229 | val (user, bio) = requestBio (fn () => ignore (check fname)) | |
559e89e9 | 230 | |
3b267643 AC |
231 | val inf = TextIO.openIn fname |
232 | ||
36e42cb8 | 233 | fun loop lines = |
3b267643 | 234 | case TextIO.inputLine inf of |
36e42cb8 AC |
235 | NONE => String.concat (List.rev lines) |
236 | | SOME line => loop (line :: lines) | |
237 | ||
238 | val code = loop [] | |
559e89e9 | 239 | in |
3b267643 | 240 | TextIO.closeIn inf; |
36e42cb8 AC |
241 | Msg.send (bio, MsgConfig code); |
242 | case Msg.recv bio of | |
243 | NONE => print "Server closed connection unexpectedly.\n" | |
244 | | SOME m => | |
245 | case m of | |
246 | MsgOk => print "Configuration succeeded.\n" | |
247 | | MsgError s => print ("Configuration failed: " ^ s ^ "\n") | |
248 | | _ => print "Unexpected server reply.\n"; | |
3b267643 | 249 | OpenSSL.close bio |
559e89e9 | 250 | end |
aa56e112 | 251 | handle ErrorMsg.Error => () |
559e89e9 | 252 | |
c53e82e4 AC |
253 | fun requestDir dname = |
254 | let | |
5982c377 AC |
255 | val _ = if Posix.FileSys.access (dname, []) then |
256 | () | |
257 | else | |
258 | (print ("Can't access " ^ dname ^ ".\n"); | |
259 | print "Did you mean to run domtool on a specific file, instead of asking for all\n"; | |
e7905534 | 260 | print "files in your ~/.domtool directory?\n"; |
5982c377 AC |
261 | OS.Process.exit OS.Process.failure) |
262 | ||
1824f573 AC |
263 | val _ = ErrorMsg.reset () |
264 | ||
265 | val (user, bio) = requestBio (fn () => checkDir dname) | |
c53e82e4 AC |
266 | |
267 | val b = basis () | |
268 | ||
269 | val dir = Posix.FileSys.opendir dname | |
270 | ||
271 | fun loop files = | |
272 | case Posix.FileSys.readdir dir of | |
273 | NONE => (Posix.FileSys.closedir dir; | |
274 | files) | |
275 | | SOME fname => | |
276 | if notTmp fname then | |
277 | loop (OS.Path.joinDirFile {dir = dname, | |
278 | file = fname} | |
279 | :: files) | |
280 | else | |
281 | loop files | |
282 | ||
283 | val files = loop [] | |
284 | val (_, files) = Order.order (SOME b) files | |
285 | ||
286 | val _ = if !ErrorMsg.anyErrors then | |
287 | raise ErrorMsg.Error | |
288 | else | |
289 | () | |
290 | ||
291 | val codes = map (fn fname => | |
292 | let | |
293 | val inf = TextIO.openIn fname | |
294 | ||
295 | fun loop lines = | |
296 | case TextIO.inputLine inf of | |
297 | NONE => String.concat (rev lines) | |
298 | | SOME line => loop (line :: lines) | |
299 | in | |
300 | loop [] | |
301 | before TextIO.closeIn inf | |
302 | end) files | |
303 | in | |
1824f573 AC |
304 | if !ErrorMsg.anyErrors then |
305 | () | |
306 | else | |
307 | (Msg.send (bio, MsgMultiConfig codes); | |
308 | case Msg.recv bio of | |
309 | NONE => print "Server closed connection unexpectedly.\n" | |
310 | | SOME m => | |
311 | case m of | |
312 | MsgOk => print "Configuration succeeded.\n" | |
313 | | MsgError s => print ("Configuration failed: " ^ s ^ "\n") | |
314 | | _ => print "Unexpected server reply.\n"; | |
315 | OpenSSL.close bio) | |
c53e82e4 AC |
316 | end |
317 | handle ErrorMsg.Error => () | |
318 | ||
62260c5f AC |
319 | fun requestPing () = |
320 | let | |
321 | val (_, bio) = requestBio (fn () => ()) | |
322 | in | |
323 | OpenSSL.close bio; | |
324 | OS.Process.success | |
325 | end | |
326 | handle _ => OS.Process.failure | |
327 | ||
9f27d58f AC |
328 | fun requestShutdown () = |
329 | let | |
330 | val (_, bio) = requestBio (fn () => ()) | |
331 | in | |
332 | Msg.send (bio, MsgShutdown); | |
333 | case Msg.recv bio of | |
334 | NONE => print "Server closed connection unexpectedly.\n" | |
335 | | SOME m => | |
336 | case m of | |
337 | MsgOk => print "Shutdown begun.\n" | |
338 | | MsgError s => print ("Shutdown failed: " ^ s ^ "\n") | |
339 | | _ => print "Unexpected server reply.\n"; | |
340 | OpenSSL.close bio | |
341 | end | |
342 | ||
c9731b9b AC |
343 | fun requestSlavePing () = |
344 | let | |
345 | val (_, bio) = requestSlaveBio () | |
346 | in | |
347 | OpenSSL.close bio; | |
348 | OS.Process.success | |
349 | end | |
350 | handle _ => OS.Process.failure | |
351 | ||
352 | fun requestSlaveShutdown () = | |
353 | let | |
354 | val (_, bio) = requestSlaveBio () | |
355 | in | |
356 | Msg.send (bio, MsgShutdown); | |
357 | case Msg.recv bio of | |
358 | NONE => print "Server closed connection unexpectedly.\n" | |
359 | | SOME m => | |
360 | case m of | |
361 | MsgOk => print "Shutdown begun.\n" | |
362 | | MsgError s => print ("Shutdown failed: " ^ s ^ "\n") | |
363 | | _ => print "Unexpected server reply.\n"; | |
364 | OpenSSL.close bio | |
365 | end | |
366 | ||
5ee41dd0 AC |
367 | fun requestGrant acl = |
368 | let | |
369 | val (user, bio) = requestBio (fn () => ()) | |
370 | in | |
371 | Msg.send (bio, MsgGrant acl); | |
372 | case Msg.recv bio of | |
373 | NONE => print "Server closed connection unexpectedly.\n" | |
374 | | SOME m => | |
375 | case m of | |
376 | MsgOk => print "Grant succeeded.\n" | |
377 | | MsgError s => print ("Grant failed: " ^ s ^ "\n") | |
378 | | _ => print "Unexpected server reply.\n"; | |
379 | OpenSSL.close bio | |
380 | end | |
381 | ||
411a85f2 AC |
382 | fun requestRevoke acl = |
383 | let | |
384 | val (user, bio) = requestBio (fn () => ()) | |
385 | in | |
386 | Msg.send (bio, MsgRevoke acl); | |
387 | case Msg.recv bio of | |
388 | NONE => print "Server closed connection unexpectedly.\n" | |
389 | | SOME m => | |
390 | case m of | |
391 | MsgOk => print "Revoke succeeded.\n" | |
392 | | MsgError s => print ("Revoke failed: " ^ s ^ "\n") | |
393 | | _ => print "Unexpected server reply.\n"; | |
394 | OpenSSL.close bio | |
395 | end | |
396 | ||
08a04eb4 AC |
397 | fun requestListPerms user = |
398 | let | |
399 | val (_, bio) = requestBio (fn () => ()) | |
400 | in | |
401 | Msg.send (bio, MsgListPerms user); | |
402 | (case Msg.recv bio of | |
403 | NONE => (print "Server closed connection unexpectedly.\n"; | |
404 | NONE) | |
405 | | SOME m => | |
406 | case m of | |
407 | MsgPerms perms => SOME perms | |
408 | | MsgError s => (print ("Listing failed: " ^ s ^ "\n"); | |
409 | NONE) | |
410 | | _ => (print "Unexpected server reply.\n"; | |
411 | NONE)) | |
412 | before OpenSSL.close bio | |
413 | end | |
414 | ||
094877b1 AC |
415 | fun requestWhoHas perm = |
416 | let | |
417 | val (_, bio) = requestBio (fn () => ()) | |
418 | in | |
419 | Msg.send (bio, MsgWhoHas perm); | |
420 | (case Msg.recv bio of | |
421 | NONE => (print "Server closed connection unexpectedly.\n"; | |
422 | NONE) | |
423 | | SOME m => | |
424 | case m of | |
425 | MsgWhoHasResponse users => SOME users | |
426 | | MsgError s => (print ("whohas failed: " ^ s ^ "\n"); | |
427 | NONE) | |
428 | | _ => (print "Unexpected server reply.\n"; | |
429 | NONE)) | |
430 | before OpenSSL.close bio | |
431 | end | |
432 | ||
1824f573 AC |
433 | fun requestRegen () = |
434 | let | |
435 | val (_, bio) = requestBio (fn () => ()) | |
436 | in | |
437 | Msg.send (bio, MsgRegenerate); | |
438 | case Msg.recv bio of | |
439 | NONE => print "Server closed connection unexpectedly.\n" | |
440 | | SOME m => | |
441 | case m of | |
442 | MsgOk => print "Regeneration succeeded.\n" | |
443 | | MsgError s => print ("Regeneration failed: " ^ s ^ "\n") | |
444 | | _ => print "Unexpected server reply.\n"; | |
445 | OpenSSL.close bio | |
446 | end | |
447 | ||
fb6fac97 AC |
448 | fun requestRegenTc () = |
449 | let | |
450 | val (_, bio) = requestBio (fn () => ()) | |
451 | in | |
452 | Msg.send (bio, MsgRegenerateTc); | |
453 | case Msg.recv bio of | |
454 | NONE => print "Server closed connection unexpectedly.\n" | |
455 | | SOME m => | |
456 | case m of | |
457 | MsgOk => print "All configuration validated.\n" | |
458 | | MsgError s => print ("Configuration validation failed: " ^ s ^ "\n") | |
459 | | _ => print "Unexpected server reply.\n"; | |
460 | OpenSSL.close bio | |
461 | end | |
462 | ||
c189cbe9 AC |
463 | fun requestRmdom dom = |
464 | let | |
465 | val (_, bio) = requestBio (fn () => ()) | |
466 | in | |
467 | Msg.send (bio, MsgRmdom dom); | |
468 | case Msg.recv bio of | |
469 | NONE => print "Server closed connection unexpectedly.\n" | |
470 | | SOME m => | |
471 | case m of | |
472 | MsgOk => print "Removal succeeded.\n" | |
473 | | MsgError s => print ("Removal failed: " ^ s ^ "\n") | |
474 | | _ => print "Unexpected server reply.\n"; | |
475 | OpenSSL.close bio | |
476 | end | |
477 | ||
e69e60cc AC |
478 | fun requestRmuser user = |
479 | let | |
480 | val (_, bio) = requestBio (fn () => ()) | |
481 | in | |
482 | Msg.send (bio, MsgRmuser user); | |
483 | case Msg.recv bio of | |
484 | NONE => print "Server closed connection unexpectedly.\n" | |
485 | | SOME m => | |
486 | case m of | |
487 | MsgOk => print "Removal succeeded.\n" | |
488 | | MsgError s => print ("Removal failed: " ^ s ^ "\n") | |
489 | | _ => print "Unexpected server reply.\n"; | |
490 | OpenSSL.close bio | |
491 | end | |
492 | ||
d541c618 AC |
493 | fun requestDbUser dbtype = |
494 | let | |
495 | val (_, bio) = requestBio (fn () => ()) | |
496 | in | |
497 | Msg.send (bio, MsgCreateDbUser dbtype); | |
498 | case Msg.recv bio of | |
499 | NONE => print "Server closed connection unexpectedly.\n" | |
500 | | SOME m => | |
501 | case m of | |
502 | MsgOk => print "Your user has been created.\n" | |
503 | | MsgError s => print ("Creation failed: " ^ s ^ "\n") | |
504 | | _ => print "Unexpected server reply.\n"; | |
505 | OpenSSL.close bio | |
506 | end | |
507 | ||
86aa5de7 AC |
508 | fun requestDbPasswd rc = |
509 | let | |
510 | val (_, bio) = requestBio (fn () => ()) | |
511 | in | |
512 | Msg.send (bio, MsgDbPasswd rc); | |
513 | case Msg.recv bio of | |
514 | NONE => print "Server closed connection unexpectedly.\n" | |
515 | | SOME m => | |
516 | case m of | |
517 | MsgOk => print "Your password has been changed.\n" | |
518 | | MsgError s => print ("Password set failed: " ^ s ^ "\n") | |
519 | | _ => print "Unexpected server reply.\n"; | |
520 | OpenSSL.close bio | |
521 | end | |
522 | ||
90dd48df AC |
523 | fun requestDbTable p = |
524 | let | |
525 | val (user, bio) = requestBio (fn () => ()) | |
526 | in | |
527 | Msg.send (bio, MsgCreateDbTable p); | |
528 | case Msg.recv bio of | |
529 | NONE => print "Server closed connection unexpectedly.\n" | |
530 | | SOME m => | |
531 | case m of | |
532 | MsgOk => print ("Your database " ^ user ^ "_" ^ #dbname p ^ " has been created.\n") | |
533 | | MsgError s => print ("Creation failed: " ^ s ^ "\n") | |
534 | | _ => print "Unexpected server reply.\n"; | |
535 | OpenSSL.close bio | |
536 | end | |
537 | ||
35659203 AC |
538 | fun requestDbDrop p = |
539 | let | |
540 | val (user, bio) = requestBio (fn () => ()) | |
541 | in | |
542 | Msg.send (bio, MsgDropDb p); | |
543 | case Msg.recv bio of | |
544 | NONE => print "Server closed connection unexpectedly.\n" | |
545 | | SOME m => | |
546 | case m of | |
547 | MsgOk => print ("Your database " ^ user ^ "_" ^ #dbname p ^ " has been dropped.\n") | |
548 | | MsgError s => print ("Drop failed: " ^ s ^ "\n") | |
549 | | _ => print "Unexpected server reply.\n"; | |
550 | OpenSSL.close bio | |
551 | end | |
552 | ||
1d3ef80e AC |
553 | fun requestListMailboxes domain = |
554 | let | |
555 | val (_, bio) = requestBio (fn () => ()) | |
556 | in | |
557 | Msg.send (bio, MsgListMailboxes domain); | |
558 | (case Msg.recv bio of | |
2e96b9d4 | 559 | NONE => Vmail.Error "Server closed connection unexpectedly." |
1d3ef80e AC |
560 | | SOME m => |
561 | case m of | |
562 | MsgMailboxes users => (Msg.send (bio, MsgOk); | |
563 | Vmail.Listing users) | |
564 | | MsgError s => Vmail.Error ("Creation failed: " ^ s) | |
2e96b9d4 | 565 | | _ => Vmail.Error "Unexpected server reply.") |
1d3ef80e AC |
566 | before OpenSSL.close bio |
567 | end | |
568 | ||
08688401 AC |
569 | fun requestNewMailbox p = |
570 | let | |
571 | val (_, bio) = requestBio (fn () => ()) | |
572 | in | |
573 | Msg.send (bio, MsgNewMailbox p); | |
574 | case Msg.recv bio of | |
575 | NONE => print "Server closed connection unexpectedly.\n" | |
576 | | SOME m => | |
577 | case m of | |
578 | MsgOk => print ("A mapping for " ^ #user p ^ "@" ^ #domain p ^ " has been created.\n") | |
579 | | MsgError s => print ("Creation failed: " ^ s ^ "\n") | |
580 | | _ => print "Unexpected server reply.\n"; | |
581 | OpenSSL.close bio | |
582 | end | |
583 | ||
584 | fun requestPasswdMailbox p = | |
585 | let | |
586 | val (_, bio) = requestBio (fn () => ()) | |
587 | in | |
588 | Msg.send (bio, MsgPasswdMailbox p); | |
589 | case Msg.recv bio of | |
590 | NONE => print "Server closed connection unexpectedly.\n" | |
591 | | SOME m => | |
592 | case m of | |
593 | MsgOk => print ("The password for " ^ #user p ^ "@" ^ #domain p ^ " has been changed.\n") | |
594 | | MsgError s => print ("Set failed: " ^ s ^ "\n") | |
595 | | _ => print "Unexpected server reply.\n"; | |
596 | OpenSSL.close bio | |
597 | end | |
598 | ||
599 | fun requestRmMailbox p = | |
600 | let | |
601 | val (_, bio) = requestBio (fn () => ()) | |
602 | in | |
603 | Msg.send (bio, MsgRmMailbox p); | |
604 | case Msg.recv bio of | |
605 | NONE => print "Server closed connection unexpectedly.\n" | |
606 | | SOME m => | |
607 | case m of | |
608 | MsgOk => print ("The mapping for mailbox " ^ #user p ^ "@" ^ #domain p ^ " has been deleted.\n") | |
609 | | MsgError s => print ("Remove failed: " ^ s ^ "\n") | |
610 | | _ => print "Unexpected server reply.\n"; | |
611 | OpenSSL.close bio | |
612 | end | |
613 | ||
2e96b9d4 AC |
614 | fun requestSaQuery addr = |
615 | let | |
616 | val (_, bio) = requestBio (fn () => ()) | |
617 | in | |
618 | Msg.send (bio, MsgSaQuery addr); | |
619 | (case Msg.recv bio of | |
620 | NONE => print "Server closed connection unexpectedly.\n" | |
621 | | SOME m => | |
622 | case m of | |
623 | MsgSaStatus b => (print ("SpamAssassin filtering for " ^ addr ^ " is " | |
624 | ^ (if b then "ON" else "OFF") ^ ".\n"); | |
625 | Msg.send (bio, MsgOk)) | |
626 | | MsgError s => print ("Query failed: " ^ s ^ "\n") | |
627 | | _ => print "Unexpected server reply.\n") | |
628 | before OpenSSL.close bio | |
629 | end | |
630 | ||
631 | fun requestSaSet p = | |
632 | let | |
633 | val (_, bio) = requestBio (fn () => ()) | |
634 | in | |
635 | Msg.send (bio, MsgSaSet p); | |
636 | case Msg.recv bio of | |
637 | NONE => print "Server closed connection unexpectedly.\n" | |
638 | | SOME m => | |
639 | case m of | |
640 | MsgOk => print ("SpamAssassin filtering for " ^ #1 p ^ " is now " | |
641 | ^ (if #2 p then "ON" else "OFF") ^ ".\n") | |
642 | | MsgError s => print ("Set failed: " ^ s ^ "\n") | |
643 | | _ => print "Unexpected server reply.\n"; | |
644 | OpenSSL.close bio | |
645 | end | |
646 | ||
2bc5ed22 AC |
647 | fun requestSmtpLog domain = |
648 | let | |
649 | val (_, bio) = requestBio (fn () => ()) | |
650 | ||
651 | val _ = Msg.send (bio, MsgSmtpLogReq domain) | |
652 | ||
653 | fun loop () = | |
654 | case Msg.recv bio of | |
655 | NONE => print "Server closed connection unexpectedly.\n" | |
656 | | SOME m => | |
657 | case m of | |
658 | MsgOk => () | |
659 | | MsgSmtpLogRes line => (print line; | |
660 | loop ()) | |
661 | | MsgError s => print ("Log search failed: " ^ s ^ "\n") | |
662 | | _ => print "Unexpected server reply.\n" | |
663 | in | |
664 | loop (); | |
665 | OpenSSL.close bio | |
666 | end | |
667 | ||
75585a67 AC |
668 | fun requestApt {node, pkg} = |
669 | let | |
a95a0107 AC |
670 | val (user, context) = requestContext (fn () => ()) |
671 | val bio = OpenSSL.connect (context, if node = Config.masterNode then | |
672 | dispatcher | |
673 | else | |
674 | Domain.nodeIp node ^ ":" ^ Int.toString Config.slavePort) | |
75585a67 | 675 | |
a95a0107 | 676 | val _ = Msg.send (bio, MsgQuery (QApt pkg)) |
75585a67 AC |
677 | |
678 | fun loop () = | |
679 | case Msg.recv bio of | |
680 | NONE => (print "Server closed connection unexpectedly.\n"; | |
681 | OS.Process.failure) | |
682 | | SOME m => | |
683 | case m of | |
684 | MsgYes => (print "Package is installed.\n"; | |
685 | OS.Process.success) | |
686 | | MsgNo => (print "Package is not installed.\n"; | |
687 | OS.Process.failure) | |
688 | | MsgError s => (print ("APT query failed: " ^ s ^ "\n"); | |
689 | OS.Process.failure) | |
690 | | _ => (print "Unexpected server reply.\n"; | |
691 | OS.Process.failure) | |
692 | in | |
693 | loop () | |
694 | before OpenSSL.close bio | |
695 | end | |
696 | ||
d351d679 AC |
697 | fun requestCron {node, uname} = |
698 | let | |
699 | val (user, context) = requestContext (fn () => ()) | |
700 | val bio = OpenSSL.connect (context, if node = Config.masterNode then | |
701 | dispatcher | |
702 | else | |
703 | Domain.nodeIp node ^ ":" ^ Int.toString Config.slavePort) | |
704 | ||
705 | val _ = Msg.send (bio, MsgQuery (QCron uname)) | |
706 | ||
707 | fun loop () = | |
708 | case Msg.recv bio of | |
709 | NONE => (print "Server closed connection unexpectedly.\n"; | |
710 | OS.Process.failure) | |
711 | | SOME m => | |
712 | case m of | |
713 | MsgYes => (print "User has cron permissions.\n"; | |
714 | OS.Process.success) | |
715 | | MsgNo => (print "User does not have cron permissions.\n"; | |
716 | OS.Process.failure) | |
717 | | MsgError s => (print ("Cron query failed: " ^ s ^ "\n"); | |
718 | OS.Process.failure) | |
719 | | _ => (print "Unexpected server reply.\n"; | |
720 | OS.Process.failure) | |
721 | in | |
722 | loop () | |
723 | before OpenSSL.close bio | |
724 | end | |
725 | ||
726 | fun requestFtp {node, uname} = | |
727 | let | |
728 | val (user, context) = requestContext (fn () => ()) | |
729 | val bio = OpenSSL.connect (context, if node = Config.masterNode then | |
730 | dispatcher | |
731 | else | |
732 | Domain.nodeIp node ^ ":" ^ Int.toString Config.slavePort) | |
733 | ||
734 | val _ = Msg.send (bio, MsgQuery (QFtp uname)) | |
735 | ||
736 | fun loop () = | |
737 | case Msg.recv bio of | |
738 | NONE => (print "Server closed connection unexpectedly.\n"; | |
739 | OS.Process.failure) | |
740 | | SOME m => | |
741 | case m of | |
742 | MsgYes => (print "User has FTP permissions.\n"; | |
743 | OS.Process.success) | |
744 | | MsgNo => (print "User does not have FTP permissions.\n"; | |
745 | OS.Process.failure) | |
746 | | MsgError s => (print ("FTP query failed: " ^ s ^ "\n"); | |
747 | OS.Process.failure) | |
748 | | _ => (print "Unexpected server reply.\n"; | |
749 | OS.Process.failure) | |
750 | in | |
751 | loop () | |
752 | before OpenSSL.close bio | |
753 | end | |
754 | ||
4d5126e1 AC |
755 | fun requestTrustedPath {node, uname} = |
756 | let | |
757 | val (user, context) = requestContext (fn () => ()) | |
758 | val bio = OpenSSL.connect (context, if node = Config.masterNode then | |
759 | dispatcher | |
760 | else | |
761 | Domain.nodeIp node ^ ":" ^ Int.toString Config.slavePort) | |
762 | ||
763 | val _ = Msg.send (bio, MsgQuery (QTrustedPath uname)) | |
764 | ||
765 | fun loop () = | |
766 | case Msg.recv bio of | |
767 | NONE => (print "Server closed connection unexpectedly.\n"; | |
768 | OS.Process.failure) | |
769 | | SOME m => | |
770 | case m of | |
771 | MsgYes => (print "User has trusted path restriction.\n"; | |
772 | OS.Process.success) | |
773 | | MsgNo => (print "User does not have trusted path restriction.\n"; | |
774 | OS.Process.failure) | |
775 | | MsgError s => (print ("Trusted path query failed: " ^ s ^ "\n"); | |
776 | OS.Process.failure) | |
777 | | _ => (print "Unexpected server reply.\n"; | |
778 | OS.Process.failure) | |
779 | in | |
780 | loop () | |
781 | before OpenSSL.close bio | |
782 | end | |
783 | ||
737c68d4 AC |
784 | fun requestSocketPerm {node, uname} = |
785 | let | |
786 | val (user, context) = requestContext (fn () => ()) | |
787 | val bio = OpenSSL.connect (context, if node = Config.masterNode then | |
788 | dispatcher | |
789 | else | |
790 | Domain.nodeIp node ^ ":" ^ Int.toString Config.slavePort) | |
791 | ||
792 | val _ = Msg.send (bio, MsgQuery (QSocket uname)) | |
793 | ||
794 | fun loop () = | |
795 | case Msg.recv bio of | |
796 | NONE => (print "Server closed connection unexpectedly.\n"; | |
797 | OS.Process.failure) | |
798 | | SOME m => | |
799 | case m of | |
800 | MsgSocket p => (case p of | |
801 | Any => print "Any\n" | |
802 | | Client => print "Client\n" | |
803 | | Server => print "Server\n" | |
804 | | Nada => print "Nada\n"; | |
805 | OS.Process.success) | |
806 | | MsgError s => (print ("Socket permission query failed: " ^ s ^ "\n"); | |
807 | OS.Process.failure) | |
808 | | _ => (print "Unexpected server reply.\n"; | |
809 | OS.Process.failure) | |
810 | in | |
811 | loop () | |
812 | before OpenSSL.close bio | |
813 | end | |
814 | ||
f9548f16 AC |
815 | fun requestFirewall {node, uname} = |
816 | let | |
817 | val (user, context) = requestContext (fn () => ()) | |
818 | val bio = OpenSSL.connect (context, if node = Config.masterNode then | |
819 | dispatcher | |
820 | else | |
821 | Domain.nodeIp node ^ ":" ^ Int.toString Config.slavePort) | |
822 | ||
823 | val _ = Msg.send (bio, MsgQuery (QFirewall uname)) | |
824 | ||
825 | fun loop () = | |
826 | case Msg.recv bio of | |
827 | NONE => (print "Server closed connection unexpectedly.\n"; | |
828 | OS.Process.failure) | |
829 | | SOME m => | |
830 | case m of | |
831 | MsgFirewall ls => (app (fn s => (print s; print "\n")) ls; | |
832 | OS.Process.success) | |
833 | | MsgError s => (print ("Firewall query failed: " ^ s ^ "\n"); | |
834 | OS.Process.failure) | |
835 | | _ => (print "Unexpected server reply.\n"; | |
836 | OS.Process.failure) | |
837 | in | |
838 | loop () | |
839 | before OpenSSL.close bio | |
840 | end | |
841 | ||
71420f8b | 842 | fun regenerate context = |
1824f573 | 843 | let |
6f3525e4 AC |
844 | val _ = ErrorMsg.reset () |
845 | ||
1824f573 | 846 | val b = basis () |
71420f8b AC |
847 | val () = Tycheck.disallowExterns () |
848 | ||
849 | val () = Domain.resetGlobal () | |
850 | ||
fb6fac97 AC |
851 | val ok = ref true |
852 | ||
71420f8b AC |
853 | fun contactNode (node, ip) = |
854 | if node = Config.defaultNode then | |
855 | Domain.resetLocal () | |
856 | else let | |
857 | val bio = OpenSSL.connect (context, | |
858 | ip | |
859 | ^ ":" | |
860 | ^ Int.toString Config.slavePort) | |
861 | in | |
862 | Msg.send (bio, MsgRegenerate); | |
863 | case Msg.recv bio of | |
864 | NONE => print "Slave closed connection unexpectedly\n" | |
865 | | SOME m => | |
866 | case m of | |
867 | MsgOk => print ("Slave " ^ node ^ " pre-regeneration finished\n") | |
868 | | MsgError s => print ("Slave " ^ node | |
869 | ^ " returned error: " ^ | |
870 | s ^ "\n") | |
871 | | _ => print ("Slave " ^ node | |
872 | ^ " returned unexpected command\n"); | |
873 | OpenSSL.close bio | |
16465a9a AC |
874 | end |
875 | handle OpenSSL.OpenSSL s => print ("OpenSSL error: " ^ s ^ "\n") | |
1824f573 AC |
876 | |
877 | fun doUser user = | |
878 | let | |
879 | val _ = Domain.setUser user | |
880 | val _ = ErrorMsg.reset () | |
881 | ||
882 | val dname = Config.domtoolDir user | |
fb6fac97 AC |
883 | in |
884 | if Posix.FileSys.access (dname, []) then | |
885 | let | |
886 | val dir = Posix.FileSys.opendir dname | |
887 | ||
888 | fun loop files = | |
889 | case Posix.FileSys.readdir dir of | |
890 | NONE => (Posix.FileSys.closedir dir; | |
891 | files) | |
892 | | SOME fname => | |
893 | if notTmp fname then | |
894 | loop (OS.Path.joinDirFile {dir = dname, | |
895 | file = fname} | |
896 | :: files) | |
897 | else | |
898 | loop files | |
1824f573 | 899 | |
fb6fac97 AC |
900 | val files = loop [] |
901 | val (_, files) = Order.order (SOME b) files | |
902 | in | |
903 | if !ErrorMsg.anyErrors then | |
904 | (ErrorMsg.reset (); | |
905 | print ("User " ^ user ^ "'s configuration has errors!\n")) | |
1824f573 | 906 | else |
fb6fac97 AC |
907 | app eval' files |
908 | end | |
1824f573 | 909 | else |
fb6fac97 | 910 | () |
1824f573 | 911 | end |
fb6fac97 AC |
912 | handle IO.Io _ => () |
913 | | OS.SysErr (s, _) => (print ("System error processing user " ^ user ^ ": " ^ s ^ "\n"); | |
914 | ok := false) | |
915 | | ErrorMsg.Error => (ErrorMsg.reset (); | |
916 | print ("User " ^ user ^ " had a compilation error.\n"); | |
917 | ok := false) | |
918 | | _ => (print "Unknown exception during regeneration!\n"; | |
919 | ok := false) | |
1824f573 | 920 | in |
71420f8b | 921 | app contactNode Config.nodeIps; |
1824f573 AC |
922 | Env.pre (); |
923 | app doUser (Acl.users ()); | |
fb6fac97 AC |
924 | Env.post (); |
925 | !ok | |
926 | end | |
927 | ||
928 | fun regenerateTc context = | |
929 | let | |
930 | val _ = ErrorMsg.reset () | |
931 | ||
932 | val b = basis () | |
933 | val () = Tycheck.disallowExterns () | |
934 | ||
935 | val () = Domain.resetGlobal () | |
936 | ||
937 | val ok = ref true | |
938 | ||
939 | fun doUser user = | |
940 | let | |
941 | val _ = Domain.setUser user | |
942 | val _ = ErrorMsg.reset () | |
943 | ||
944 | val dname = Config.domtoolDir user | |
945 | in | |
946 | if Posix.FileSys.access (dname, []) then | |
947 | let | |
948 | val dir = Posix.FileSys.opendir dname | |
949 | ||
950 | fun loop files = | |
951 | case Posix.FileSys.readdir dir of | |
952 | NONE => (Posix.FileSys.closedir dir; | |
953 | files) | |
954 | | SOME fname => | |
955 | if notTmp fname then | |
956 | loop (OS.Path.joinDirFile {dir = dname, | |
957 | file = fname} | |
958 | :: files) | |
959 | else | |
960 | loop files | |
961 | ||
962 | val files = loop [] | |
963 | val (_, files) = Order.order (SOME b) files | |
964 | in | |
965 | if !ErrorMsg.anyErrors then | |
966 | (ErrorMsg.reset (); | |
967 | print ("User " ^ user ^ "'s configuration has errors!\n"); | |
968 | ok := false) | |
969 | else | |
970 | app (ignore o check) files | |
971 | end | |
972 | else | |
973 | () | |
974 | end | |
975 | handle IO.Io _ => () | |
976 | | OS.SysErr (s, _) => print ("System error processing user " ^ user ^ ": " ^ s ^ "\n") | |
977 | | ErrorMsg.Error => (ErrorMsg.reset (); | |
978 | print ("User " ^ user ^ " had a compilation error.\n")) | |
979 | | _ => print "Unknown exception during -tc regeneration!\n" | |
980 | in | |
981 | app doUser (Acl.users ()); | |
982 | !ok | |
1824f573 AC |
983 | end |
984 | ||
e69e60cc AC |
985 | fun rmuser user = |
986 | let | |
987 | val doms = Acl.class {user = user, class = "domain"} | |
988 | val doms = List.filter (fn dom => | |
989 | case Acl.whoHas {class = "domain", value = dom} of | |
990 | [_] => true | |
991 | | _ => false) (StringSet.listItems doms) | |
992 | in | |
993 | Acl.rmuser user; | |
994 | Domain.rmdom doms | |
995 | end | |
996 | ||
c9731b9b AC |
997 | fun now () = Date.toString (Date.fromTimeUniv (Time.now ())) |
998 | ||
a95a0107 AC |
999 | fun answerQuery q = |
1000 | case q of | |
1001 | QApt pkg => if Apt.installed pkg then MsgYes else MsgNo | |
d351d679 AC |
1002 | | QCron user => if Cron.allowed user then MsgYes else MsgNo |
1003 | | QFtp user => if Ftp.allowed user then MsgYes else MsgNo | |
4d5126e1 | 1004 | | QTrustedPath user => if TrustedPath.query user then MsgYes else MsgNo |
737c68d4 | 1005 | | QSocket user => MsgSocket (SocketPerm.query user) |
f9548f16 | 1006 | | QFirewall user => MsgFirewall (Firewall.query user) |
a95a0107 AC |
1007 | |
1008 | fun describeQuery q = | |
1009 | case q of | |
1010 | QApt pkg => "Requested installation status of package " ^ pkg | |
d351d679 AC |
1011 | | QCron user => "Asked about cron permissions for user " ^ user |
1012 | | QFtp user => "Asked about FTP permissions for user " ^ user | |
4d5126e1 | 1013 | | QTrustedPath user => "Asked about trusted path settings for user " ^ user |
737c68d4 | 1014 | | QSocket user => "Asked about socket permissions for user " ^ user |
f9548f16 | 1015 | | QFirewall user => "Asked about firewall rules for user " ^ user |
a95a0107 | 1016 | |
3b267643 | 1017 | fun service () = |
07cc384c | 1018 | let |
aa56e112 AC |
1019 | val () = Acl.read Config.aclFile |
1020 | ||
d22c1f00 AC |
1021 | val context = context (Config.serverCert, |
1022 | Config.serverKey, | |
1023 | Config.trustStore) | |
36e42cb8 | 1024 | val _ = Domain.set_context context |
3b267643 | 1025 | |
60534712 | 1026 | val sock = OpenSSL.listen (context, Config.dispatcherPort) |
3b267643 AC |
1027 | |
1028 | fun loop () = | |
2ee50226 AC |
1029 | (case OpenSSL.accept sock of |
1030 | NONE => () | |
1031 | | SOME bio => | |
1032 | let | |
1033 | val user = OpenSSL.peerCN bio | |
1034 | val () = print ("\nConnection from " ^ user ^ " at " ^ now () ^ "\n") | |
1035 | val () = Domain.setUser user | |
1036 | ||
1037 | fun doIt f cleanup = | |
1038 | ((case f () of | |
1039 | (msgLocal, SOME msgRemote) => | |
1040 | (print msgLocal; | |
1041 | print "\n"; | |
1042 | Msg.send (bio, MsgError msgRemote)) | |
1043 | | (msgLocal, NONE) => | |
1044 | (print msgLocal; | |
1045 | print "\n"; | |
1046 | Msg.send (bio, MsgOk))) | |
1047 | handle e as (OpenSSL.OpenSSL s) => | |
1048 | (print ("OpenSSL error: " ^ s ^ "\n"); | |
1049 | app (fn x => print (x ^ "\n")) (SMLofNJ.exnHistory e); | |
1050 | Msg.send (bio, MsgError ("OpenSSL error: " ^ s)) | |
1051 | handle OpenSSL.OpenSSL _ => ()) | |
1052 | | OS.SysErr (s, _) => | |
1053 | (print "System error: "; | |
1054 | print s; | |
1055 | print "\n"; | |
1056 | Msg.send (bio, MsgError ("System error: " ^ s)) | |
1057 | handle OpenSSL.OpenSSL _ => ()) | |
1058 | | Fail s => | |
1059 | (print "Failure: "; | |
1060 | print s; | |
1061 | print "\n"; | |
1062 | Msg.send (bio, MsgError ("Failure: " ^ s)) | |
1063 | handle OpenSSL.OpenSSL _ => ()) | |
1064 | | ErrorMsg.Error => | |
1065 | (print "Compilation error\n"; | |
1066 | Msg.send (bio, MsgError "Error during configuration evaluation") | |
1067 | handle OpenSSL.OpenSSL _ => ()); | |
1068 | (cleanup (); | |
1069 | ignore (OpenSSL.readChar bio); | |
1070 | OpenSSL.close bio) | |
1071 | handle OpenSSL.OpenSSL _ => (); | |
1072 | loop ()) | |
1073 | ||
1074 | fun doConfig codes = | |
1075 | let | |
1076 | val _ = print "Configuration:\n" | |
1077 | val _ = app (fn s => (print s; print "\n")) codes | |
1078 | val _ = print "\n" | |
1079 | ||
1080 | val outname = OS.FileSys.tmpName () | |
1081 | ||
1082 | fun doOne code = | |
1083 | let | |
1084 | val outf = TextIO.openOut outname | |
1085 | in | |
1086 | TextIO.output (outf, code); | |
1087 | TextIO.closeOut outf; | |
1088 | eval' outname | |
1089 | end | |
1090 | in | |
1091 | doIt (fn () => (Env.pre (); | |
1092 | app doOne codes; | |
1093 | Env.post (); | |
1094 | Msg.send (bio, MsgOk); | |
1095 | ("Configuration complete.", NONE))) | |
1096 | (fn () => OS.FileSys.remove outname) | |
1097 | end | |
1098 | ||
1099 | fun checkAddr s = | |
1100 | case String.fields (fn ch => ch = #"@") s of | |
1101 | [user'] => | |
1102 | if user = user' then | |
1103 | SOME (SetSA.User s) | |
1104 | else | |
1105 | NONE | |
1106 | | [user', domain] => | |
1107 | if Domain.validEmailUser user' andalso Domain.yourDomain domain then | |
1108 | SOME (SetSA.Email s) | |
1109 | else | |
1110 | NONE | |
1111 | | _ => NONE | |
1112 | ||
1113 | fun cmdLoop () = | |
1114 | case Msg.recv bio of | |
1115 | NONE => (OpenSSL.close bio | |
1116 | handle OpenSSL.OpenSSL _ => (); | |
1117 | loop ()) | |
1118 | | SOME m => | |
1119 | case m of | |
1120 | MsgConfig code => doConfig [code] | |
1121 | | MsgMultiConfig codes => doConfig codes | |
1122 | ||
1123 | | MsgShutdown => | |
1124 | if Acl.query {user = user, class = "priv", value = "all"} | |
1125 | orelse Acl.query {user = user, class = "priv", value = "shutdown"} then | |
1126 | print ("Domtool dispatcher shutting down at " ^ now () ^ "\n\n") | |
1127 | else | |
1128 | (print "Unauthorized shutdown command!\n"; | |
1129 | OpenSSL.close bio | |
1130 | handle OpenSSL.OpenSSL _ => (); | |
1131 | loop ()) | |
1132 | ||
1133 | | MsgGrant acl => | |
1134 | doIt (fn () => | |
1135 | if Acl.query {user = user, class = "priv", value = "all"} then | |
1136 | (Acl.grant acl; | |
1137 | Acl.write Config.aclFile; | |
1138 | ("Granted permission " ^ #value acl ^ " to " ^ #user acl ^ " in " ^ #class acl ^ ".", | |
1139 | NONE)) | |
1140 | else | |
1141 | ("Unauthorized user asked to grant a permission!", | |
1142 | SOME "Not authorized to grant privileges")) | |
1143 | (fn () => ()) | |
1144 | ||
1145 | | MsgRevoke acl => | |
1146 | doIt (fn () => | |
1147 | if Acl.query {user = user, class = "priv", value = "all"} then | |
1148 | (Acl.revoke acl; | |
1149 | Acl.write Config.aclFile; | |
1150 | ("Revoked permission " ^ #value acl ^ " from " ^ #user acl ^ " in " ^ #class acl ^ ".", | |
1151 | NONE)) | |
1152 | else | |
1153 | ("Unauthorized user asked to revoke a permission!", | |
1154 | SOME "Not authorized to revoke privileges")) | |
1155 | (fn () => ()) | |
1156 | ||
1157 | | MsgListPerms user => | |
1158 | doIt (fn () => | |
1159 | (Msg.send (bio, MsgPerms (Acl.queryAll user)); | |
1160 | ("Sent permission list for user " ^ user ^ ".", | |
1161 | NONE))) | |
1162 | (fn () => ()) | |
1163 | ||
1164 | | MsgWhoHas perm => | |
1165 | doIt (fn () => | |
1166 | (Msg.send (bio, MsgWhoHasResponse (Acl.whoHas perm)); | |
1167 | ("Sent whohas response for " ^ #class perm ^ " / " ^ #value perm ^ ".", | |
1168 | NONE))) | |
1169 | (fn () => ()) | |
1170 | ||
1171 | | MsgRmdom doms => | |
1172 | doIt (fn () => | |
1173 | if Acl.query {user = user, class = "priv", value = "all"} | |
1174 | orelse List.all (fn dom => Acl.query {user = user, class = "domain", value = dom}) doms then | |
1175 | (Domain.rmdom doms; | |
1176 | app (fn dom => | |
1177 | Acl.revokeFromAll {class = "domain", value = dom}) doms; | |
1178 | Acl.write Config.aclFile; | |
1179 | ("Removed domains" ^ foldl (fn (d, s) => s ^ " " ^ d) "" doms ^ ".", | |
1180 | NONE)) | |
1181 | else | |
1182 | ("Unauthorized user asked to remove a domain!", | |
1183 | SOME "Not authorized to remove that domain")) | |
1184 | (fn () => ()) | |
1185 | ||
1186 | | MsgRegenerate => | |
1187 | doIt (fn () => | |
1188 | if Acl.query {user = user, class = "priv", value = "regen"} | |
1189 | orelse Acl.query {user = user, class = "priv", value = "all"} then | |
1190 | (if regenerate context then | |
1191 | ("Regenerated all configuration.", | |
1192 | NONE) | |
1193 | else | |
1194 | ("Error regenerating configuration!", | |
1195 | SOME "Error regenerating configuration! Consult /var/log/domtool.log.")) | |
1196 | else | |
1197 | ("Unauthorized user asked to regenerate!", | |
1198 | SOME "Not authorized to regenerate")) | |
1199 | (fn () => ()) | |
1200 | ||
1201 | | MsgRegenerateTc => | |
1202 | doIt (fn () => | |
1203 | if Acl.query {user = user, class = "priv", value = "regen"} | |
1204 | orelse Acl.query {user = user, class = "priv", value = "all"} then | |
1205 | (if regenerateTc context then | |
1206 | ("Checked all configuration.", | |
1207 | NONE) | |
1208 | else | |
1209 | ("Found a compilation error!", | |
1210 | SOME "Found a compilation error! Consult /var/log/domtool.log.")) | |
1211 | else | |
1212 | ("Unauthorized user asked to regenerate -tc!", | |
1213 | SOME "Not authorized to regenerate -tc")) | |
1214 | (fn () => ()) | |
1215 | ||
1216 | | MsgRmuser user' => | |
1217 | doIt (fn () => | |
1218 | if Acl.query {user = user, class = "priv", value = "all"} then | |
1219 | (rmuser user'; | |
1220 | Acl.write Config.aclFile; | |
1221 | ("Removed user " ^ user' ^ ".", | |
1222 | NONE)) | |
1223 | else | |
1224 | ("Unauthorized user asked to remove a user!", | |
1225 | SOME "Not authorized to remove users")) | |
1226 | (fn () => ()) | |
1227 | ||
1228 | | MsgCreateDbUser {dbtype, passwd} => | |
1229 | doIt (fn () => | |
1230 | case Dbms.lookup dbtype of | |
1231 | NONE => ("Database user creation request with unknown datatype type " ^ dbtype, | |
1232 | SOME ("Unknown database type " ^ dbtype)) | |
1233 | | SOME handler => | |
1234 | case #adduser handler {user = user, passwd = passwd} of | |
1235 | NONE => ("Added " ^ dbtype ^ " user " ^ user ^ ".", | |
1236 | NONE) | |
1237 | | SOME msg => | |
1238 | ("Error adding a " ^ dbtype ^ " user " ^ user ^ ": " ^ msg, | |
1239 | SOME ("Error adding user: " ^ msg))) | |
1240 | (fn () => ()) | |
1241 | ||
1242 | | MsgDbPasswd {dbtype, passwd} => | |
1243 | doIt (fn () => | |
1244 | case Dbms.lookup dbtype of | |
1245 | NONE => ("Database passwd request with unknown datatype type " ^ dbtype, | |
1246 | SOME ("Unknown database type " ^ dbtype)) | |
1247 | | SOME handler => | |
1248 | case #passwd handler {user = user, passwd = passwd} of | |
1249 | NONE => ("Changed " ^ dbtype ^ " password of user " ^ user ^ ".", | |
1250 | NONE) | |
1251 | | SOME msg => | |
1252 | ("Error setting " ^ dbtype ^ " password of user " ^ user ^ ": " ^ msg, | |
1253 | SOME ("Error adding user: " ^ msg))) | |
1254 | (fn () => ()) | |
1255 | ||
1256 | | MsgCreateDbTable {dbtype, dbname} => | |
1257 | doIt (fn () => | |
1258 | if Dbms.validDbname dbname then | |
1259 | case Dbms.lookup dbtype of | |
1260 | NONE => ("Database creation request with unknown datatype type " ^ dbtype, | |
1261 | SOME ("Unknown database type " ^ dbtype)) | |
1262 | | SOME handler => | |
1263 | case #createdb handler {user = user, dbname = dbname} of | |
1264 | NONE => ("Created database " ^ user ^ "_" ^ dbname ^ ".", | |
1265 | NONE) | |
1266 | | SOME msg => ("Error creating database " ^ user ^ "_" ^ dbname ^ ": " ^ msg, | |
1267 | SOME ("Error creating database: " ^ msg)) | |
1268 | else | |
1269 | ("Invalid database name " ^ user ^ "_" ^ dbname, | |
1270 | SOME ("Invalid database name " ^ dbname))) | |
1271 | (fn () => ()) | |
1272 | ||
1273 | | MsgDropDb {dbtype, dbname} => | |
1274 | doIt (fn () => | |
1275 | if Dbms.validDbname dbname then | |
1276 | case Dbms.lookup dbtype of | |
1277 | NONE => ("Database drop request with unknown datatype type " ^ dbtype, | |
1278 | SOME ("Unknown database type " ^ dbtype)) | |
1279 | | SOME handler => | |
1280 | case #dropdb handler {user = user, dbname = dbname} of | |
1281 | NONE => ("Drop database " ^ user ^ "_" ^ dbname ^ ".", | |
1282 | NONE) | |
1283 | | SOME msg => ("Error dropping database " ^ user ^ "_" ^ dbname ^ ": " ^ msg, | |
1284 | SOME ("Error dropping database: " ^ msg)) | |
1285 | else | |
1286 | ("Invalid database name " ^ user ^ "_" ^ dbname, | |
1287 | SOME ("Invalid database name " ^ dbname))) | |
1288 | (fn () => ()) | |
1289 | ||
1290 | | MsgListMailboxes domain => | |
1291 | doIt (fn () => | |
1292 | if not (Domain.yourDomain domain) then | |
1293 | ("User wasn't authorized to list mailboxes for " ^ domain, | |
1294 | SOME "You're not authorized to configure that domain.") | |
1295 | else | |
1296 | case Vmail.list domain of | |
1297 | Vmail.Listing users => (Msg.send (bio, MsgMailboxes users); | |
1298 | ("Sent mailbox list for " ^ domain, | |
1299 | NONE)) | |
1300 | | Vmail.Error msg => ("Error listing mailboxes for " ^ domain ^ ": " ^ msg, | |
1301 | SOME msg)) | |
1302 | (fn () => ()) | |
1303 | ||
1304 | | MsgNewMailbox {domain, user = emailUser, passwd, mailbox} => | |
1305 | doIt (fn () => | |
1306 | if not (Domain.yourDomain domain) then | |
1307 | ("User wasn't authorized to add a mailbox to " ^ domain, | |
1308 | SOME "You're not authorized to configure that domain.") | |
1309 | else if not (Domain.validEmailUser emailUser) then | |
1310 | ("Invalid e-mail username " ^ emailUser, | |
1311 | SOME "Invalid e-mail username") | |
1312 | else if not (CharVector.all Char.isGraph passwd) then | |
1313 | ("Invalid password", | |
1314 | SOME "Invalid password; may only contain printable, non-space characters") | |
1315 | else if not (Domain.yourPath mailbox) then | |
1316 | ("User wasn't authorized to add a mailbox at " ^ mailbox, | |
1317 | SOME "You're not authorized to use that mailbox location.") | |
1318 | else | |
1319 | case Vmail.add {requester = user, | |
1320 | domain = domain, user = emailUser, | |
1321 | passwd = passwd, mailbox = mailbox} of | |
1322 | NONE => ("Added mailbox " ^ emailUser ^ "@" ^ domain ^ " at " ^ mailbox, | |
1323 | NONE) | |
1324 | | SOME msg => ("Error adding mailbox " ^ emailUser ^ "@" ^ domain ^ ": " ^ msg, | |
1325 | SOME msg)) | |
1326 | (fn () => ()) | |
1327 | ||
1328 | | MsgPasswdMailbox {domain, user = emailUser, passwd} => | |
1329 | doIt (fn () => | |
1330 | if not (Domain.yourDomain domain) then | |
1331 | ("User wasn't authorized to change password of a mailbox for " ^ domain, | |
1332 | SOME "You're not authorized to configure that domain.") | |
1333 | else if not (Domain.validEmailUser emailUser) then | |
1334 | ("Invalid e-mail username " ^ emailUser, | |
1335 | SOME "Invalid e-mail username") | |
1336 | else if not (CharVector.all Char.isGraph passwd) then | |
1337 | ("Invalid password", | |
1338 | SOME "Invalid password; may only contain printable, non-space characters") | |
1339 | else | |
1340 | case Vmail.passwd {domain = domain, user = emailUser, | |
1341 | passwd = passwd} of | |
1342 | NONE => ("Changed password of mailbox " ^ emailUser ^ "@" ^ domain, | |
1343 | NONE) | |
1344 | | SOME msg => ("Error changing mailbox password for " ^ emailUser ^ "@" ^ domain ^ ": " ^ msg, | |
1345 | SOME msg)) | |
1346 | (fn () => ()) | |
1347 | ||
1348 | | MsgRmMailbox {domain, user = emailUser} => | |
1349 | doIt (fn () => | |
1350 | if not (Domain.yourDomain domain) then | |
1351 | ("User wasn't authorized to change password of a mailbox for " ^ domain, | |
1352 | SOME "You're not authorized to configure that domain.") | |
1353 | else if not (Domain.validEmailUser emailUser) then | |
1354 | ("Invalid e-mail username " ^ emailUser, | |
1355 | SOME "Invalid e-mail username") | |
1356 | else | |
1357 | case Vmail.rm {domain = domain, user = emailUser} of | |
1358 | NONE => ("Deleted mailbox " ^ emailUser ^ "@" ^ domain, | |
1359 | NONE) | |
1360 | | SOME msg => ("Error deleting mailbox " ^ emailUser ^ "@" ^ domain ^ ": " ^ msg, | |
1361 | SOME msg)) | |
1362 | (fn () => ()) | |
1363 | ||
1364 | | MsgSaQuery addr => | |
1365 | doIt (fn () => | |
1366 | case checkAddr addr of | |
1367 | NONE => ("User tried to query SA filtering for " ^ addr, | |
1368 | SOME "You aren't allowed to configure SA filtering for that recipient.") | |
1369 | | SOME addr' => (Msg.send (bio, MsgSaStatus (SetSA.query addr')); | |
1370 | ("Queried SA filtering status for " ^ addr, | |
1371 | NONE))) | |
1372 | (fn () => ()) | |
1373 | ||
1374 | | MsgSaSet (addr, b) => | |
1375 | doIt (fn () => | |
1376 | case checkAddr addr of | |
1377 | NONE => ("User tried to set SA filtering for " ^ addr, | |
1378 | SOME "You aren't allowed to configure SA filtering for that recipient.") | |
1379 | | SOME addr' => (SetSA.set (addr', b); | |
1380 | Msg.send (bio, MsgOk); | |
1381 | ("Set SA filtering status for " ^ addr ^ " to " | |
1382 | ^ (if b then "ON" else "OFF"), | |
1383 | NONE))) | |
1384 | (fn () => ()) | |
1385 | ||
1386 | | MsgSmtpLogReq domain => | |
1387 | doIt (fn () => | |
1388 | if not (Domain.yourDomain domain) then | |
1389 | ("Unauthorized user tried to request SMTP logs for " ^ domain, | |
1390 | SOME "You aren't authorized to configure that domain.") | |
1391 | else | |
1392 | (SmtpLog.search (fn line => Msg.send (bio, MsgSmtpLogRes line)) | |
1393 | domain; | |
1394 | ("Requested SMTP logs for " ^ domain, | |
1395 | NONE))) | |
1396 | (fn () => ()) | |
1397 | ||
1398 | | MsgQuery q => | |
1399 | doIt (fn () => (Msg.send (bio, answerQuery q); | |
1400 | (describeQuery q, | |
1401 | NONE))) | |
1402 | (fn () => ()) | |
1403 | ||
1404 | | _ => | |
1405 | doIt (fn () => ("Unexpected command", | |
1406 | SOME "Unexpected command")) | |
1407 | (fn () => ()) | |
1408 | in | |
1409 | cmdLoop () | |
1410 | end | |
1411 | handle e as (OpenSSL.OpenSSL s) => | |
1412 | (print ("OpenSSL error: " ^ s ^ "\n"); | |
1413 | app (fn x => print (x ^ "\n")) (SMLofNJ.exnHistory e); | |
1414 | OpenSSL.close bio | |
08688401 AC |
1415 | handle OpenSSL.OpenSSL _ => (); |
1416 | loop ()) | |
2ee50226 AC |
1417 | | OS.SysErr (s, _) => |
1418 | (print ("System error: " ^ s ^ "\n"); | |
1419 | OpenSSL.close bio | |
1420 | handle OpenSSL.OpenSSL _ => (); | |
1421 | loop ()) | |
1422 | | IO.Io {name, function, cause} => | |
1423 | (print ("IO error: " ^ function ^ " for " ^ name ^ "\n"); | |
1424 | app (fn x => print (x ^ "\n")) (SMLofNJ.exnHistory cause); | |
1425 | OpenSSL.close bio | |
1426 | handle OpenSSL.OpenSSL _ => (); | |
1427 | loop ()) | |
1428 | | e => | |
1429 | (print "Unknown exception in main loop!\n"; | |
1430 | app (fn x => print (x ^ "\n")) (SMLofNJ.exnHistory e); | |
1431 | OpenSSL.close bio | |
1432 | handle OpenSSL.OpenSSL _ => (); | |
1433 | loop ())) | |
1434 | handle e as (OpenSSL.OpenSSL s) => | |
1435 | (print ("OpenSSL error: " ^ s ^ "\n"); | |
1436 | app (fn x => print (x ^ "\n")) (SMLofNJ.exnHistory e); | |
1437 | loop ()) | |
1438 | | OS.SysErr (s, _) => | |
1439 | (print ("System error: " ^ s ^ "\n"); | |
1440 | loop ()) | |
1441 | | IO.Io {name, function, cause} => | |
1442 | (print ("IO error: " ^ function ^ " for " ^ name ^ "\n"); | |
1443 | app (fn x => print (x ^ "\n")) (SMLofNJ.exnHistory cause); | |
1444 | loop ()) | |
1445 | | e => | |
1446 | (print "Unknown exception in main loop!\n"; | |
1447 | app (fn x => print (x ^ "\n")) (SMLofNJ.exnHistory e); | |
1448 | loop ()) | |
36e42cb8 | 1449 | in |
c9731b9b | 1450 | print ("Domtool dispatcher starting up at " ^ now () ^ "\n"); |
361a1e7f | 1451 | print "Listening for connections....\n"; |
36e42cb8 AC |
1452 | loop (); |
1453 | OpenSSL.shutdown sock | |
1454 | end | |
1455 | ||
1456 | fun slave () = | |
1457 | let | |
6e62228d | 1458 | val host = Slave.hostname () |
36e42cb8 | 1459 | |
d22c1f00 AC |
1460 | val context = context (Config.certDir ^ "/" ^ host ^ ".pem", |
1461 | Config.keyDir ^ "/" ^ host ^ "/key.pem", | |
1462 | Config.trustStore) | |
36e42cb8 AC |
1463 | |
1464 | val sock = OpenSSL.listen (context, Config.slavePort) | |
1465 | ||
c9731b9b AC |
1466 | val _ = print ("Slave server starting at " ^ now () ^ "\n") |
1467 | ||
36e42cb8 AC |
1468 | fun loop () = |
1469 | case OpenSSL.accept sock of | |
1470 | NONE => () | |
1471 | | SOME bio => | |
1472 | let | |
1473 | val peer = OpenSSL.peerCN bio | |
c9731b9b | 1474 | val () = print ("\nConnection from " ^ peer ^ " at " ^ now () ^ "\n") |
3b267643 | 1475 | in |
c9731b9b | 1476 | if peer = Config.dispatcherName then let |
36e42cb8 AC |
1477 | fun loop' files = |
1478 | case Msg.recv bio of | |
1479 | NONE => print "Dispatcher closed connection unexpectedly\n" | |
1480 | | SOME m => | |
1481 | case m of | |
1482 | MsgFile file => loop' (file :: files) | |
1483 | | MsgDoFiles => (Slave.handleChanges files; | |
1484 | Msg.send (bio, MsgOk)) | |
71420f8b AC |
1485 | | MsgRegenerate => (Domain.resetLocal (); |
1486 | Msg.send (bio, MsgOk)) | |
36e42cb8 AC |
1487 | | _ => (print "Dispatcher sent unexpected command\n"; |
1488 | Msg.send (bio, MsgError "Unexpected command")) | |
1489 | in | |
1490 | loop' []; | |
1491 | ignore (OpenSSL.readChar bio); | |
1492 | OpenSSL.close bio; | |
1493 | loop () | |
1494 | end | |
c9731b9b AC |
1495 | else if peer = "domtool" then |
1496 | case Msg.recv bio of | |
1497 | SOME MsgShutdown => (OpenSSL.close bio; | |
1498 | print ("Shutting down at " ^ now () ^ "\n\n")) | |
1499 | | _ => (OpenSSL.close bio; | |
1500 | loop ()) | |
1501 | else | |
a95a0107 AC |
1502 | case Msg.recv bio of |
1503 | SOME (MsgQuery q) => (print (describeQuery q ^ "\n"); | |
1504 | Msg.send (bio, answerQuery q); | |
1505 | ignore (OpenSSL.readChar bio); | |
1506 | OpenSSL.close bio; | |
1507 | loop ()) | |
1508 | | _ => (OpenSSL.close bio; | |
1509 | loop ()) | |
3196000d AC |
1510 | end handle OpenSSL.OpenSSL s => |
1511 | (print ("OpenSSL error: "^ s ^ "\n"); | |
1512 | OpenSSL.close bio | |
1513 | handle OpenSSL.OpenSSL _ => (); | |
1514 | loop ()) | |
95a9abd1 AC |
1515 | | e as OS.SysErr (s, _) => |
1516 | (app (fn s => print (s ^ "\n")) (SMLofNJ.exnHistory e); | |
1517 | print ("System error: "^ s ^ "\n"); | |
7af7d4cb AC |
1518 | OpenSSL.close bio |
1519 | handle OpenSSL.OpenSSL _ => (); | |
1520 | loop ()) | |
07cc384c | 1521 | in |
3b267643 AC |
1522 | loop (); |
1523 | OpenSSL.shutdown sock | |
07cc384c AC |
1524 | end |
1525 | ||
44a5ce2f | 1526 | fun listBasis () = |
3196000d AC |
1527 | let |
1528 | val dir = Posix.FileSys.opendir Config.libRoot | |
1529 | ||
1530 | fun loop files = | |
1531 | case Posix.FileSys.readdir dir of | |
1532 | NONE => (Posix.FileSys.closedir dir; | |
1533 | files) | |
1534 | | SOME fname => | |
1535 | if String.isSuffix ".dtl" fname then | |
1536 | loop (OS.Path.joinDirFile {dir = Config.libRoot, | |
1537 | file = fname} | |
1538 | :: files) | |
1539 | else | |
1540 | loop files | |
3196000d | 1541 | in |
44a5ce2f | 1542 | loop [] |
3196000d AC |
1543 | end |
1544 | ||
44a5ce2f AC |
1545 | fun autodocBasis outdir = |
1546 | Autodoc.autodoc {outdir = outdir, infiles = listBasis ()} | |
1547 | ||
234b917a | 1548 | end |