1 (* HCoop
Domtool (http
://hcoop
.sourceforge
.net
/)
2 * Copyright (c
) 2006-2009, Adam Chlipala
3 * Copyright (c
) 2012,2013,2014 Clinton Ebadi
<clinton@unknownlamer
.org
>
5 * This program is free software
; you can redistribute it
and/or
6 * modify it under the terms
of the GNU General Public License
7 * as published by the Free Software Foundation
; either version
2
8 * of the License
, or (at your option
) any later version
.
10 * This program is distributed
in the hope that it will be useful
,
11 * but WITHOUT ANY WARRANTY
; without even the implied warranty
of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE
. See the
13 * GNU General Public License for more details
.
15 * You should have received a copy
of the GNU General Public License
16 * along
with this program
; if not
, write to the Free Software
17 * Foundation
, Inc
., 51 Franklin Street
, Fifth Floor
, Boston
, MA
02110-1301, USA
.
22 structure Main
:> MAIN
= struct
24 open Ast MsgTypes Print
26 structure SM
= StringMap
28 fun init () = Acl
.read Config
.aclFile
30 fun isLib fname
= OS
.Path
.file fname
= "lib.dtl"
32 fun wrapFile (fname
, file
) =
33 case (isLib fname
, file
) of
34 (true, (comment
, ds
, SOME e
)) =>
38 (comment
, ds
, SOME (ELocal (e
, (ESkip
, loc
)), loc
))
44 val prog
= Parse
.parse fname
45 val prog
= wrapFile (fname
, prog
)
47 if !ErrorMsg
.anyErrors
then
53 Option
.app (Unused
.check G
) (#
3 prog
);
54 Tycheck
.checkFile G prog
)
59 val _
= ErrorMsg
.reset ()
60 val dir
= Posix
.FileSys
.opendir Config
.libRoot
63 case Posix
.FileSys
.readdir dir
of
64 NONE
=> (Posix
.FileSys
.closedir dir
;
67 if String.isSuffix
".dtl" fname
then
68 loop (OS
.Path
.joinDirFile
{dir
= Config
.libRoot
,
75 val (_
, files
) = Order
.order NONE files
77 if !ErrorMsg
.anyErrors
then
80 (Tycheck
.allowExterns ();
81 foldl (fn (fname
, G
) => check
' G fname
) Env
.empty files
82 before Tycheck
.disallowExterns ())
85 (* val b
= basis () *)
89 val _
= ErrorMsg
.reset ()
90 val _
= Env
.preTycheck ()
92 if !ErrorMsg
.anyErrors
then
96 val _
= Tycheck
.disallowExterns ()
97 val _
= ErrorMsg
.reset ()
98 val prog
= Parse
.parse fname
99 val prog
= wrapFile (fname
, prog
)
101 if !ErrorMsg
.anyErrors
then
105 val G
' = Tycheck
.checkFile G prog
107 if !ErrorMsg
.anyErrors
then
113 Option
.app (Unused
.check G
) (#
3 prog
);
120 String.sub (s
, 0) <> #
"."
121 andalso CharVector
.all (fn ch
=> Char.isAlphaNum ch
orelse ch
= #
"." orelse ch
= #
"_" orelse ch
= #
"-") s
126 case Posix
.ProcEnv
.getenv
"DOMTOOL_USER" of
129 val uid
= Posix
.ProcEnv
.getuid ()
131 Posix
.SysDB
.Passwd
.name (Posix
.SysDB
.getpwuid uid
)
135 Acl
.read Config
.aclFile
;
140 fun checkDir
' dname
=
144 val dir
= Posix
.FileSys
.opendir dname
147 case Posix
.FileSys
.readdir dir
of
148 NONE
=> (Posix
.FileSys
.closedir dir
;
152 loop (OS
.Path
.joinDirFile
{dir
= dname
,
159 val (_
, files
) = Order
.order (SOME b
) files
161 if !ErrorMsg
.anyErrors
then
164 (foldl (fn (fname
, G
) => check
' G fname
) b files
;
165 if !ErrorMsg
.anyErrors
then
177 val (G
, body
) = check G fname
179 if !ErrorMsg
.anyErrors
then
185 val body
' = Reduce
.reduceExp G body
187 (*printd (PD
.hovBox (PD
.PPS
.Rel
0,
188 [PD
.string "Result:",
196 (*(Defaults
.eInit ())*)
198 val toplevel
= Env
.initialDynEnvVals Reduce
.reduceExp
200 fun eval G evs fname
=
201 case reduce G fname
of
203 if !ErrorMsg
.anyErrors
then
207 val evs
' = Eval
.exec
' (toplevel G
, evs
) body
'
211 |
(G
, NONE
) => (G
, evs
)
214 Domain
.nodeIp Config
.dispatcherName ^
":" ^
Int.toString Config
.dispatcherPort
217 "localhost:" ^
Int.toString Config
.slavePort
220 (OpenSSL
.context
false x
)
221 handle e
as OpenSSL
.OpenSSL s
=>
222 (print
"Couldn't find your certificate.\nYou probably haven't been given any Domtool privileges.\n";
223 print ("I looked in: " ^ #
1 x ^
"\n");
224 print ("Additional information: " ^ s ^
"\n");
227 fun requestContext f
=
229 val user
= setupUser ()
233 val context
= context (Config
.certDir ^
"/" ^ user ^
".pem",
234 Config
.keyDir ^
"/" ^ user ^
"/key.pem",
240 fun requestBio
' printErr f
=
242 val (user
, context
) = requestContext f
244 (user
, OpenSSL
.connect
printErr (context
, dispatcher
))
247 val requestBio
= requestBio
' true
249 fun requestSlaveBio
' printErr
=
251 val (user
, context
) = requestContext (fn () => ())
253 (user
, OpenSSL
.connect
printErr (context
, self
))
256 fun requestSlaveBio () = requestSlaveBio
' true
258 fun request (fname
, libOpt
) =
260 val (user
, bio
) = requestBio (fn () =>
263 val env
= case libOpt
of
265 | SOME lib
=> #
1 (check env lib
)
267 ignore (check env fname
)
272 val inf
= TextIO.openIn fname
275 case TextIO.inputLine inf
of
276 NONE
=> String.concat (rev lines
)
277 | SOME line
=> loop (line
:: lines
)
280 before TextIO.closeIn inf
283 val code
= readFile fname
284 val msg
= case libOpt
of
285 NONE
=> MsgConfig code
286 | SOME fname
' => MsgMultiConfig
[readFile fname
', code
]
290 NONE
=> print
"Server closed connection unexpectedly.\n"
293 MsgOk
=> print
"Configuration succeeded.\n"
294 | MsgError s
=> print ("Configuration failed: " ^ s ^
"\n")
295 | _
=> print
"Unexpected server reply.\n";
298 handle ErrorMsg
.Error
=> ()
300 fun requestDir dname
=
302 val _
= if Posix
.FileSys
.access (dname
, []) then
305 (print ("Can't access " ^ dname ^
".\n");
306 print
"Did you mean to run domtool on a specific file, instead of asking for all\n";
307 print
"files in your ~/.domtool directory?\n";
308 OS
.Process
.exit OS
.Process
.failure
)
310 val _
= ErrorMsg
.reset ()
312 val (user
, bio
) = requestBio (fn () => checkDir
' dname
)
316 val dir
= Posix
.FileSys
.opendir dname
319 case Posix
.FileSys
.readdir dir
of
320 NONE
=> (Posix
.FileSys
.closedir dir
;
324 loop (OS
.Path
.joinDirFile
{dir
= dname
,
331 val (_
, files
) = Order
.order (SOME b
) files
333 val _
= if !ErrorMsg
.anyErrors
then
338 val codes
= map (fn fname
=>
340 val inf
= TextIO.openIn fname
343 case TextIO.inputLine inf
of
344 NONE
=> String.concat (rev lines
)
345 | SOME line
=> loop (line
:: lines
)
348 before TextIO.closeIn inf
351 if !ErrorMsg
.anyErrors
then
354 (Msg
.send (bio
, MsgMultiConfig codes
);
356 NONE
=> print
"Server closed connection unexpectedly.\n"
359 MsgOk
=> print
"Configuration succeeded.\n"
360 | MsgError s
=> print ("Configuration failed: " ^ s ^
"\n")
361 | _
=> print
"Unexpected server reply.\n";
364 handle ErrorMsg
.Error
=> ()
368 val (_
, bio
) = requestBio
' false (fn () => ())
373 handle _
=> OS
.Process
.failure
375 fun requestShutdown () =
377 val (_
, bio
) = requestBio (fn () => ())
379 Msg
.send (bio
, MsgShutdown
);
384 MsgOk
=> print
"Shutdown begun.\n"
385 | MsgError s
=> print ("Shutdown failed: " ^ s ^
"\n")
386 | _
=> print
"Unexpected server reply.\n";
390 fun requestSlavePing () =
392 val (_
, bio
) = requestSlaveBio
' false
397 handle _
=> OS
.Process
.failure
399 fun requestSlaveShutdown () =
401 val (_
, bio
) = requestSlaveBio ()
403 Msg
.send (bio
, MsgShutdown
);
408 MsgOk
=> print
"Shutdown begun.\n"
409 | MsgError s
=> print ("Shutdown failed: " ^ s ^
"\n")
410 | _
=> print
"Unexpected server reply.\n";
414 fun requestGrant acl
=
416 val (user
, bio
) = requestBio (fn () => ())
418 Msg
.send (bio
, MsgGrant acl
);
420 NONE
=> print
"Server closed connection unexpectedly.\n"
423 MsgOk
=> print
"Grant succeeded.\n"
424 | MsgError s
=> print ("Grant failed: " ^ s ^
"\n")
425 | _
=> print
"Unexpected server reply.\n";
429 fun requestRevoke acl
=
431 val (user
, bio
) = requestBio (fn () => ())
433 Msg
.send (bio
, MsgRevoke acl
);
435 NONE
=> print
"Server closed connection unexpectedly.\n"
438 MsgOk
=> print
"Revoke succeeded.\n"
439 | MsgError s
=> print ("Revoke failed: " ^ s ^
"\n")
440 | _
=> print
"Unexpected server reply.\n";
444 fun requestListPerms user
=
446 val (_
, bio
) = requestBio (fn () => ())
448 Msg
.send (bio
, MsgListPerms user
);
449 (case Msg
.recv bio
of
450 NONE
=> (print
"Server closed connection unexpectedly.\n";
454 MsgPerms perms
=> SOME perms
455 | MsgError s
=> (print ("Listing failed: " ^ s ^
"\n");
457 | _
=> (print
"Unexpected server reply.\n";
459 before OpenSSL
.close bio
462 fun requestWhoHas perm
=
464 val (_
, bio
) = requestBio (fn () => ())
466 Msg
.send (bio
, MsgWhoHas perm
);
467 (case Msg
.recv bio
of
468 NONE
=> (print
"Server closed connection unexpectedly.\n";
472 MsgWhoHasResponse users
=> SOME users
473 | MsgError s
=> (print ("whohas failed: " ^ s ^
"\n");
475 | _
=> (print
"Unexpected server reply.\n";
477 before OpenSSL
.close bio
480 fun requestRegen () =
482 val (_
, bio
) = requestBio (fn () => ())
484 Msg
.send (bio
, MsgRegenerate
);
486 NONE
=> print
"Server closed connection unexpectedly.\n"
489 MsgOk
=> print
"Regeneration succeeded.\n"
490 | MsgError s
=> print ("Regeneration failed: " ^ s ^
"\n")
491 | _
=> print
"Unexpected server reply.\n";
495 fun requestRegenTc () =
497 val (_
, bio
) = requestBio (fn () => ())
499 Msg
.send (bio
, MsgRegenerateTc
);
501 NONE
=> print
"Server closed connection unexpectedly.\n"
504 MsgOk
=> print
"All configuration validated.\n"
505 | MsgError s
=> print ("Configuration validation failed: " ^ s ^
"\n")
506 | _
=> print
"Unexpected server reply.\n";
510 fun requestRmdom dom
=
512 val (_
, bio
) = requestBio (fn () => ())
514 Msg
.send (bio
, MsgRmdom dom
);
516 NONE
=> print
"Server closed connection unexpectedly.\n"
519 MsgOk
=> print
"Removal succeeded.\n"
520 | MsgError s
=> print ("Removal failed: " ^ s ^
"\n")
521 | _
=> print
"Unexpected server reply.\n";
525 fun requestRmuser user
=
527 val (_
, bio
) = requestBio (fn () => ())
529 Msg
.send (bio
, MsgRmuser user
);
531 NONE
=> print
"Server closed connection unexpectedly.\n"
534 MsgOk
=> print
"Removal succeeded.\n"
535 | MsgError s
=> print ("Removal failed: " ^ s ^
"\n")
536 | _
=> print
"Unexpected server reply.\n";
540 fun requestDbUser dbtype
=
542 val (_
, context
) = requestContext (fn () => ())
543 val bio
= OpenSSL
.connect
true (context
,
544 Config
.Dbms
.dbmsNode ^
":" ^
Int.toString Config
.slavePort
)
546 Msg
.send (bio
, MsgCreateDbUser dbtype
);
548 NONE
=> print
"Server closed connection unexpectedly.\n"
551 MsgOk
=> print
"Your user has been created.\n"
552 | MsgError s
=> print ("Creation failed: " ^ s ^
"\n")
553 | _
=> print
"Unexpected server reply.\n";
557 fun requestDbPasswd rc
=
559 val (_
, context
) = requestContext (fn () => ())
560 val bio
= OpenSSL
.connect
true (context
,
561 Config
.Dbms
.dbmsNode ^
":" ^
Int.toString Config
.slavePort
)
563 Msg
.send (bio
, MsgDbPasswd rc
);
565 NONE
=> print
"Server closed connection unexpectedly.\n"
568 MsgOk
=> print
"Your password has been changed.\n"
569 | MsgError s
=> print ("Password set failed: " ^ s ^
"\n")
570 | _
=> print
"Unexpected server reply.\n";
574 fun requestDbTable p
=
576 val (user
, context
) = requestContext (fn () => ())
577 val bio
= OpenSSL
.connect
true (context
,
578 Config
.Dbms
.dbmsNode ^
":" ^
Int.toString Config
.slavePort
)
580 Msg
.send (bio
, MsgCreateDb p
);
582 NONE
=> print
"Server closed connection unexpectedly.\n"
585 MsgOk
=> print ("Your database " ^ user ^
"_" ^ #dbname p ^
" has been created.\n")
586 | MsgError s
=> print ("Creation failed: " ^ s ^
"\n")
587 | _
=> print
"Unexpected server reply.\n";
591 fun requestDbDrop p
=
593 val (user
, context
) = requestContext (fn () => ())
594 val bio
= OpenSSL
.connect
true (context
,
595 Config
.Dbms
.dbmsNode ^
":" ^
Int.toString Config
.slavePort
)
597 Msg
.send (bio
, MsgDropDb p
);
599 NONE
=> print
"Server closed connection unexpectedly.\n"
602 MsgOk
=> print ("Your database " ^ user ^
"_" ^ #dbname p ^
" has been dropped.\n")
603 | MsgError s
=> print ("Drop failed: " ^ s ^
"\n")
604 | _
=> print
"Unexpected server reply.\n";
608 fun requestDbGrant p
=
610 val (user
, context
) = requestContext (fn () => ())
611 val bio
= OpenSSL
.connect
true (context
,
612 Config
.Dbms
.dbmsNode ^
":" ^
Int.toString Config
.slavePort
)
614 Msg
.send (bio
, MsgGrantDb p
);
616 NONE
=> print
"Server closed connection unexpectedly.\n"
619 MsgOk
=> print ("You've been granted all allowed privileges to database " ^ user ^
"_" ^ #dbname p ^
".\n")
620 | MsgError s
=> print ("Grant failed: " ^ s ^
"\n")
621 | _
=> print
"Unexpected server reply.\n";
625 fun requestListMailboxes domain
=
627 val (_
, bio
) = requestBio (fn () => ())
629 Msg
.send (bio
, MsgListMailboxes domain
);
630 (case Msg
.recv bio
of
631 NONE
=> Vmail
.Error
"Server closed connection unexpectedly."
634 MsgMailboxes users
=> (Msg
.send (bio
, MsgOk
);
636 | MsgError s
=> Vmail
.Error ("Listing failed: " ^ s
)
637 | _
=> Vmail
.Error
"Unexpected server reply.")
638 before OpenSSL
.close bio
641 fun requestNewMailbox p
=
643 val (_
, bio
) = requestBio (fn () => ())
645 Msg
.send (bio
, MsgNewMailbox p
);
647 NONE
=> print
"Server closed connection unexpectedly.\n"
650 MsgOk
=> print ("A mapping for " ^ #user p ^
"@" ^ #domain p ^
" has been created.\n")
651 | MsgError s
=> print ("Creation failed: " ^ s ^
"\n")
652 | _
=> print
"Unexpected server reply.\n";
656 fun requestPasswdMailbox p
=
658 val (_
, bio
) = requestBio (fn () => ())
660 Msg
.send (bio
, MsgPasswdMailbox p
);
662 NONE
=> print
"Server closed connection unexpectedly.\n"
665 MsgOk
=> print ("The password for " ^ #user p ^
"@" ^ #domain p ^
" has been changed.\n")
666 | MsgError s
=> print ("Set failed: " ^ s ^
"\n")
667 | _
=> print
"Unexpected server reply.\n";
671 fun requestPortalPasswdMailbox p
=
673 val (_
, bio
) = requestBio (fn () => ())
675 Msg
.send (bio
, MsgPortalPasswdMailbox p
);
677 NONE
=> print
"Server closed connection unexpectedly.\n"
680 MsgOk
=> print ("The password for " ^ #user p ^
"@" ^ #domain p ^
" has been changed.\n")
681 | MsgError s
=> print ("Set failed: " ^ s ^
"\n")
682 | _
=> print
"Unexpected server reply.\n";
686 fun requestRmMailbox p
=
688 val (_
, bio
) = requestBio (fn () => ())
690 Msg
.send (bio
, MsgRmMailbox p
);
692 NONE
=> print
"Server closed connection unexpectedly.\n"
695 MsgOk
=> print ("The mapping for mailbox " ^ #user p ^
"@" ^ #domain p ^
" has been deleted.\n")
696 | MsgError s
=> print ("Remove failed: " ^ s ^
"\n")
697 | _
=> print
"Unexpected server reply.\n";
701 fun requestSaQuery addr
=
703 val (_
, bio
) = requestBio (fn () => ())
705 Msg
.send (bio
, MsgSaQuery addr
);
706 (case Msg
.recv bio
of
707 NONE
=> print
"Server closed connection unexpectedly.\n"
710 MsgSaStatus b
=> (print ("SpamAssassin filtering for " ^ addr ^
" is "
711 ^
(if b
then "ON" else "OFF") ^
".\n");
712 Msg
.send (bio
, MsgOk
))
713 | MsgError s
=> print ("Query failed: " ^ s ^
"\n")
714 | _
=> print
"Unexpected server reply.\n")
715 before OpenSSL
.close bio
720 val (_
, bio
) = requestBio (fn () => ())
722 Msg
.send (bio
, MsgSaSet p
);
724 NONE
=> print
"Server closed connection unexpectedly.\n"
727 MsgOk
=> print ("SpamAssassin filtering for " ^ #
1 p ^
" is now "
728 ^
(if #
2 p
then "ON" else "OFF") ^
".\n")
729 | MsgError s
=> print ("Set failed: " ^ s ^
"\n")
730 | _
=> print
"Unexpected server reply.\n";
734 fun requestSmtpLog domain
=
736 val (_
, bio
) = requestBio (fn () => ())
738 val _
= Msg
.send (bio
, MsgSmtpLogReq domain
)
742 NONE
=> print
"Server closed connection unexpectedly.\n"
746 | MsgSmtpLogRes line
=> (print line
;
748 | MsgError s
=> print ("Log search failed: " ^ s ^
"\n")
749 | _
=> print
"Unexpected server reply.\n"
755 fun requestMysqlFixperms () =
757 val (_
, context
) = requestContext (fn () => ())
758 val bio
= OpenSSL
.connect
true (context
,
759 Config
.Dbms
.dbmsNode ^
":" ^
Int.toString Config
.slavePort
)
761 Msg
.send (bio
, MsgMysqlFixperms
);
763 NONE
=> print
"Server closed connection unexpectedly.\n"
766 MsgOk
=> print
"Permissions granted.\n"
767 | MsgError s
=> print ("Failed: " ^ s ^
"\n")
768 | _
=> print
"Unexpected server reply.\n";
772 fun requestApt
{node
, pkg
} =
774 val (user
, context
) = requestContext (fn () => ())
775 val bio
= OpenSSL
.connect
true (context
, if node
= Config
.dispatcherName
then
778 Domain
.nodeIp node ^
":" ^
Int.toString Config
.slavePort
)
780 val _
= Msg
.send (bio
, MsgQuery (QApt pkg
))
784 NONE
=> (print
"Server closed connection unexpectedly.\n";
788 MsgYes
=> (print
"Package is installed.\n";
790 | MsgNo
=> (print
"Package is not installed.\n";
792 | MsgError s
=> (print ("APT query failed: " ^ s ^
"\n");
794 | _
=> (print
"Unexpected server reply.\n";
798 before OpenSSL
.close bio
801 fun requestAptExists
{node
, pkg
} =
803 val (user
, context
) = requestContext (fn () => ())
804 val bio
= OpenSSL
.connect
true (context
, if node
= Config
.dispatcherName
then
807 Domain
.nodeIp node ^
":" ^
Int.toString Config
.slavePort
)
809 val _
= Msg
.send (bio
, MsgQuery (QAptExists pkg
))
813 NONE
=> (print
"Server closed connection unexpectedly.\n";
817 MsgAptQuery
{section
,description
} => (print
"Package exists.\n";
818 print ("Section: " ^ section ^
"\n");
819 print ("Description: " ^ description ^
"\n");
821 | MsgNo
=> (print
"Package does not exist.\n";
823 (* It might be the Wrong
Thing (tm
) to use MsgNo like this
*))
824 | MsgError s
=> (print ("APT existence query failed: " ^ s ^
"\n");
826 | _
=> (print
"Unexpected server reply.\n";
830 before OpenSSL
.close bio
833 fun requestCron
{node
, uname
} =
835 val (user
, context
) = requestContext (fn () => ())
836 val bio
= OpenSSL
.connect
true (context
, if node
= Config
.dispatcherName
then
839 Domain
.nodeIp node ^
":" ^
Int.toString Config
.slavePort
)
841 val _
= Msg
.send (bio
, MsgQuery (QCron uname
))
845 NONE
=> (print
"Server closed connection unexpectedly.\n";
849 MsgYes
=> (print
"User has cron permissions.\n";
851 | MsgNo
=> (print
"User does not have cron permissions.\n";
853 | MsgError s
=> (print ("Cron query failed: " ^ s ^
"\n");
855 | _
=> (print
"Unexpected server reply.\n";
859 before OpenSSL
.close bio
862 fun requestFtp
{node
, uname
} =
864 val (user
, context
) = requestContext (fn () => ())
865 val bio
= OpenSSL
.connect
true (context
, if node
= Config
.dispatcherName
then
868 Domain
.nodeIp node ^
":" ^
Int.toString Config
.slavePort
)
870 val _
= Msg
.send (bio
, MsgQuery (QFtp uname
))
874 NONE
=> (print
"Server closed connection unexpectedly.\n";
878 MsgYes
=> (print
"User has FTP permissions.\n";
880 | MsgNo
=> (print
"User does not have FTP permissions.\n";
882 | MsgError s
=> (print ("FTP query failed: " ^ s ^
"\n");
884 | _
=> (print
"Unexpected server reply.\n";
888 before OpenSSL
.close bio
891 fun requestTrustedPath
{node
, uname
} =
893 val (user
, context
) = requestContext (fn () => ())
894 val bio
= OpenSSL
.connect
true (context
, if node
= Config
.dispatcherName
then
897 Domain
.nodeIp node ^
":" ^
Int.toString Config
.slavePort
)
899 val _
= Msg
.send (bio
, MsgQuery (QTrustedPath uname
))
903 NONE
=> (print
"Server closed connection unexpectedly.\n";
907 MsgYes
=> (print
"User has trusted path restriction.\n";
909 | MsgNo
=> (print
"User does not have trusted path restriction.\n";
911 | MsgError s
=> (print ("Trusted path query failed: " ^ s ^
"\n");
913 | _
=> (print
"Unexpected server reply.\n";
917 before OpenSSL
.close bio
920 fun requestSocketPerm
{node
, uname
} =
922 val (user
, context
) = requestContext (fn () => ())
923 val bio
= OpenSSL
.connect
true (context
, if node
= Config
.dispatcherName
then
926 Domain
.nodeIp node ^
":" ^
Int.toString Config
.slavePort
)
928 val _
= Msg
.send (bio
, MsgQuery (QSocket uname
))
932 NONE
=> (print
"Server closed connection unexpectedly.\n";
936 MsgSocket p
=> (case p
of
938 | Client
=> print
"Client\n"
939 | Server
=> print
"Server\n"
940 | Nada
=> print
"Nada\n";
942 | MsgError s
=> (print ("Socket permission query failed: " ^ s ^
"\n");
944 | _
=> (print
"Unexpected server reply.\n";
948 before OpenSSL
.close bio
951 fun requestFirewall
{node
, uname
} =
953 val (user
, context
) = requestContext (fn () => ())
954 val bio
= OpenSSL
.connect
true (context
, if node
= Config
.dispatcherName
then
957 Domain
.nodeIp node ^
":" ^
Int.toString Config
.slavePort
)
959 val _
= Msg
.send (bio
, MsgQuery (QFirewall
{node
= node
, user
= uname
}))
963 NONE
=> (print
"Server closed connection unexpectedly.\n";
967 MsgFirewall ls
=> (app (fn s
=> (print s
; print
"\n")) ls
;
969 | MsgError s
=> (print ("Firewall query failed: " ^ s ^
"\n");
971 | _
=> (print
"Unexpected server reply.\n";
975 before OpenSSL
.close bio
978 fun requestDescribe dom
=
980 val (_
, bio
) = requestBio (fn () => ())
982 Msg
.send (bio
, MsgDescribe dom
);
984 NONE
=> print
"Server closed connection unexpectedly.\n"
987 MsgDescription s
=> print s
988 | MsgError s
=> print ("Description failed: " ^ s ^
"\n")
989 | _
=> print
"Unexpected server reply.\n";
993 fun requestReUsers () =
995 val (_
, bio
) = requestBio (fn () => ())
997 Msg
.send (bio
, MsgReUsers
);
999 NONE
=> print
"Server closed connection unexpectedly.\n"
1002 MsgOk
=> print
"Callbacks run.\n"
1003 | MsgError s
=> print ("Failed: " ^ s ^
"\n")
1004 | _
=> print
"Unexpected server reply.\n";
1008 fun requestFirewallRegen node
=
1010 val (user
, context
) = requestContext (fn () => ())
1011 val bio
= OpenSSL
.connect
true (context
, Domain
.nodeIp node ^
":" ^
Int.toString Config
.slavePort
)
1012 (* Only supporting on slave nodes
*)
1014 val _
= Msg
.send (bio
, MsgFirewallRegen
)
1016 fun handleResult () =
1017 case Msg
.recv bio
of
1018 NONE
=> (print
"Server closed connection unexpectedly.\n";
1022 MsgOk
=> (print
"Firewall regenerated.\n";
1024 | MsgError s
=> (print ("Firewall regeneration failed: " ^ s ^
"\n");
1026 | _
=> (print
"Unexpected server reply.\n";
1030 before OpenSSL
.close bio
1033 structure SS
= StringSet
1035 fun domainList dname
=
1037 val dir
= Posix
.FileSys
.opendir dname
1039 fun visitNode dset
=
1040 case Posix
.FileSys
.readdir dir
of
1044 val path
= OS
.Path
.joinDirFile
{dir
= dname
,
1047 fun visitDomains (path
, bfor
, dset
) =
1049 val dir
= Posix
.FileSys
.opendir path
1052 case Posix
.FileSys
.readdir dir
of
1056 val path
= OS
.Path
.joinDirFile
{dir
= path
,
1059 if Posix
.FileSys
.ST
.isDir (Posix
.FileSys
.stat path
) then
1061 val bfor
= dname
:: bfor
1063 loop (visitDomains (path
, bfor
,
1065 String.concatWith
"." bfor
)))
1072 before Posix
.FileSys
.closedir dir
1075 visitNode (visitDomains (path
, [], dset
))
1079 before Posix
.FileSys
.closedir dir
1082 fun regenerateEither tc checker context
=
1084 val () = print
"Starting regeneration....\n"
1090 domainList Config
.resultRoot
1098 val _
= ErrorMsg
.reset ()
1101 val () = Tycheck
.disallowExterns ()
1103 val () = ifReal (fn () =>
1104 (ignore (OS
.Process
.system ("rm -rf " ^ Config
.oldResultRoot ^
"/*"));
1105 ignore (OS
.Process
.system ("cp -r " ^ Config
.resultRoot
1106 ^
"/* " ^ Config
.oldResultRoot ^
"/"));
1107 Domain
.resetGlobal ()))
1111 fun contactNode (node
, ip
) =
1112 if node
= Config
.dispatcherName
then
1113 Domain
.resetLocal ()
1115 val bio
= OpenSSL
.connect
true (context
,
1118 ^
Int.toString Config
.slavePort
)
1120 Msg
.send (bio
, MsgRegenerate
);
1121 case Msg
.recv bio
of
1122 NONE
=> print
"Slave closed connection unexpectedly\n"
1125 MsgOk
=> print ("Slave " ^ node ^
" pre-regeneration finished\n")
1126 | MsgError s
=> print ("Slave " ^ node
1127 ^
" returned error: " ^
1129 | _
=> print ("Slave " ^ node
1130 ^
" returned unexpected command\n");
1133 handle OpenSSL
.OpenSSL s
=> print ("OpenSSL error: " ^ s ^
"\n")
1137 val _
= Domain
.setUser user
1138 val _
= ErrorMsg
.reset ()
1140 val dname
= Config
.domtoolDir user
1142 if Posix
.FileSys
.access (dname
, []) then
1144 val dir
= Posix
.FileSys
.opendir dname
1147 case Posix
.FileSys
.readdir dir
of
1148 NONE
=> (Posix
.FileSys
.closedir dir
;
1151 if notTmp fname
then
1152 loop (OS
.Path
.joinDirFile
{dir
= dname
,
1159 val (_
, files
) = Order
.order (SOME b
) files
1161 fun checker
' (file
, (G
, evs
)) =
1164 if !ErrorMsg
.anyErrors
then
1166 print ("User " ^ user ^
"'s configuration has errors!\n");
1170 let val basis
' = basis () in
1171 ignore (foldl checker
' (basis
', SM
.empty
) files
)
1174 else if String.isSuffix
"_admin" user
then
1177 (print ("Couldn't access " ^ user ^
"'s ~/.domtool directory.\n");
1180 handle IO
.Io
{name
, function
, ...} =>
1181 (print ("IO error processing user " ^ user ^
": " ^ function ^
": " ^ name ^
"\n");
1183 | exn
as OS
.SysErr (s
, _
) => (print ("System error processing user " ^ user ^
": " ^ s ^
"\n");
1185 | ErrorMsg
.Error
=> (ErrorMsg
.reset ();
1186 print ("User " ^ user ^
" had a compilation error.\n");
1188 | _
=> (print
"Unknown exception during regeneration!\n";
1191 ifReal (fn () => (app contactNode Config
.nodeIps
;
1193 app
doUser (Acl
.users ());
1196 val domainsAfter
= domainList Config
.resultRoot
1197 val domainsGone
= SS
.difference (domainsBefore
, domainsAfter
)
1199 if SS
.isEmpty domainsGone
then
1202 (print
"Domains to kill:";
1203 SS
.app (fn s
=> (print
" "; print s
)) domainsGone
;
1206 Domain
.rmdom
' Config
.oldResultRoot (SS
.listItems domainsGone
));
1213 val regenerate
= regenerateEither
false eval
1214 val regenerateTc
= regenerateEither
true
1215 (fn G
=> fn evs
=> fn file
=>
1216 (#
1 (check G file
), evs
))
1218 fun usersChanged () =
1219 (Domain
.onUsersChange ();
1220 ignore (OS
.Process
.system Config
.publish_reusers
))
1224 val doms
= Acl
.class
{user
= user
, class
= "domain"}
1225 val doms
= List.filter (fn dom
=>
1226 case Acl
.whoHas
{class
= "domain", value
= dom
} of
1228 | _
=> false) (StringSet
.listItems doms
)
1235 fun now () = Date
.toString (Date
.fromTimeUniv (Time
.now ()))
1239 QApt pkg
=> if Apt
.installed pkg
then MsgYes
else MsgNo
1240 | QAptExists pkg
=> (case Apt
.info pkg
of
1241 SOME
{section
, description
} => MsgAptQuery
{section
= section
, description
= description
}
1243 | QCron user
=> if Cron
.allowed user
then MsgYes
else MsgNo
1244 | QFtp user
=> if Ftp
.allowed user
then MsgYes
else MsgNo
1245 | QTrustedPath user
=> if TrustedPath
.query user
then MsgYes
else MsgNo
1246 | QSocket user
=> MsgSocket (SocketPerm
.query user
)
1247 | QFirewall
{node
, user
} => MsgFirewall (Firewall
.query (node
, user
))
1249 fun describeQuery q
=
1251 QApt pkg
=> "Requested installation status of package " ^ pkg
1252 | QAptExists pkg
=> "Requested if package " ^ pkg ^
" exists"
1253 | QCron user
=> "Asked about cron permissions for user " ^ user
1254 | QFtp user
=> "Asked about FTP permissions for user " ^ user
1255 | QTrustedPath user
=> "Asked about trusted path settings for user " ^ user
1256 | QSocket user
=> "Asked about socket permissions for user " ^ user
1257 | QFirewall
{node
, user
} => "Asked about firewall rules on " ^ node ^
" for user " ^ user
1259 fun doIt
' loop bio f cleanup
=
1261 (msgLocal
, SOME msgRemote
) =>
1264 Msg
.send (bio
, MsgError msgRemote
))
1265 |
(msgLocal
, NONE
) =>
1268 Msg
.send (bio
, MsgOk
)))
1269 handle e
as (OpenSSL
.OpenSSL s
) =>
1270 (print ("OpenSSL error: " ^ s ^
"\n");
1271 app (fn x
=> print (x ^
"\n")) (SMLofNJ
.exnHistory e
);
1272 Msg
.send (bio
, MsgError ("OpenSSL error: " ^ s
))
1273 handle OpenSSL
.OpenSSL _
=> ())
1274 | OS
.SysErr (s
, _
) =>
1275 (print
"System error: ";
1278 Msg
.send (bio
, MsgError ("System error: " ^ s
))
1279 handle OpenSSL
.OpenSSL _
=> ())
1284 Msg
.send (bio
, MsgError ("Failure: " ^ s
))
1285 handle OpenSSL
.OpenSSL _
=> ())
1287 (print
"Compilation error\n";
1288 Msg
.send (bio
, MsgError
"Error during configuration evaluation")
1289 handle OpenSSL
.OpenSSL _
=> ());
1291 ignore (OpenSSL
.readChar bio
);
1293 handle OpenSSL
.OpenSSL _
=> ();
1298 val host
= Slave
.hostname ()
1300 val () = Acl
.read Config
.aclFile
1302 val context
= context (Config
.certDir ^
"/" ^ host ^
".pem",
1303 Config
.keyDir ^
"/" ^ host ^
"/key.pem",
1305 val _
= Domain
.set_context context
1307 val sock
= OpenSSL
.listen (context
, Config
.dispatcherPort
)
1310 (case OpenSSL
.accept sock
of
1314 val user
= OpenSSL
.peerCN bio
1315 val () = print ("\nConnection from " ^ user ^
" at " ^
now () ^
"\n")
1316 val () = Domain
.setUser user
1317 val doIt
= doIt
' loop bio
1319 fun doConfig codes
=
1321 val _
= print
"Configuration:\n"
1322 val _
= app (fn s
=> (print s
; print
"\n")) codes
1325 val outname
= OS
.FileSys
.tmpName ()
1327 fun doOne (code
, (G
, evs
)) =
1329 val outf
= TextIO.openOut outname
1331 TextIO.output (outf
, code
);
1332 TextIO.closeOut outf
;
1336 doIt (fn () => (Env
.pre ();
1337 let val basis
' = basis () in
1338 ignore (foldl
doOne (basis
', SM
.empty
) codes
)
1341 Msg
.send (bio
, MsgOk
);
1342 ("Configuration complete.", NONE
)))
1343 (fn () => OS
.FileSys
.remove outname
)
1347 case String.fields (fn ch
=> ch
= #
"@") s
of
1349 if user
= user
' then
1353 |
[user
', domain
] =>
1354 if Domain
.validEmailUser user
' andalso Domain
.yourDomain domain
then
1355 SOME (SetSA
.Email s
)
1361 case Msg
.recv bio
of
1362 NONE
=> (OpenSSL
.close bio
1363 handle OpenSSL
.OpenSSL _
=> ();
1367 MsgConfig code
=> doConfig
[code
]
1368 | MsgMultiConfig codes
=> doConfig codes
1371 if Acl
.query
{user
= user
, class
= "priv", value
= "all"}
1372 orelse Acl
.query
{user
= user
, class
= "priv", value
= "shutdown"} then
1373 print ("Domtool dispatcher shutting down at " ^
now () ^
"\n\n")
1375 (print
"Unauthorized shutdown command!\n";
1377 handle OpenSSL
.OpenSSL _
=> ();
1382 if Acl
.query
{user
= user
, class
= "priv", value
= "all"} then
1384 Acl
.write Config
.aclFile
;
1385 if #class acl
= "user" then
1389 ("Granted permission " ^ #value acl ^
" to " ^ #user acl ^
" in " ^ #class acl ^
".",
1392 ("Unauthorized user asked to grant a permission!",
1393 SOME
"Not authorized to grant privileges"))
1398 if Acl
.query
{user
= user
, class
= "priv", value
= "all"} then
1400 Acl
.write Config
.aclFile
;
1401 ("Revoked permission " ^ #value acl ^
" from " ^ #user acl ^
" in " ^ #class acl ^
".",
1404 ("Unauthorized user asked to revoke a permission!",
1405 SOME
"Not authorized to revoke privileges"))
1408 | MsgListPerms user
=>
1410 (Msg
.send (bio
, MsgPerms (Acl
.queryAll user
));
1411 ("Sent permission list for user " ^ user ^
".",
1417 (Msg
.send (bio
, MsgWhoHasResponse (Acl
.whoHas perm
));
1418 ("Sent whohas response for " ^ #class perm ^
" / " ^ #value perm ^
".",
1424 if Acl
.query
{user
= user
, class
= "priv", value
= "all"}
1425 orelse List.all (fn dom
=> Domain
.validDomain dom
1426 andalso Acl
.queryDomain
{user
= user
, domain
= dom
}) doms
then
1429 Acl
.revokeFromAll
{class
= "domain", value
= dom
}) doms
;
1430 Acl
.write Config
.aclFile
;*)
1431 ("Removed domains" ^
foldl (fn (d
, s
) => s ^
" " ^ d
) "" doms ^
".",
1434 ("Unauthorized user asked to remove a domain!",
1435 SOME
"Not authorized to remove that domain"))
1440 if Acl
.query
{user
= user
, class
= "priv", value
= "regen"}
1441 orelse Acl
.query
{user
= user
, class
= "priv", value
= "all"} then
1442 (if regenerate context
then
1443 ("Regenerated all configuration.",
1446 ("Error regenerating configuration!",
1447 SOME
"Error regenerating configuration! Consult /var/log/domtool.log."))
1449 ("Unauthorized user asked to regenerate!",
1450 SOME
"Not authorized to regenerate"))
1453 | MsgRegenerateTc
=>
1455 if Acl
.query
{user
= user
, class
= "priv", value
= "regen"}
1456 orelse Acl
.query
{user
= user
, class
= "priv", value
= "all"} then
1457 (if regenerateTc context
then
1458 ("Checked all configuration.",
1461 ("Found a compilation error!",
1462 SOME
"Found a compilation error! Consult /var/log/domtool.log."))
1464 ("Unauthorized user asked to regenerate -tc!",
1465 SOME
"Not authorized to regenerate -tc"))
1468 | MsgRmuser user
' =>
1470 if Acl
.query
{user
= user
, class
= "priv", value
= "all"} then
1472 Acl
.write Config
.aclFile
;
1473 ("Removed user " ^ user
' ^
".",
1476 ("Unauthorized user asked to remove a user!",
1477 SOME
"Not authorized to remove users"))
1480 | MsgListMailboxes domain
=>
1482 if not (Domain
.yourDomain domain
) then
1483 ("User wasn't authorized to list mailboxes for " ^ domain
,
1484 SOME
"You're not authorized to configure that domain.")
1486 case Vmail
.list domain
of
1487 Vmail
.Listing users
=> (Msg
.send (bio
, MsgMailboxes users
);
1488 ("Sent mailbox list for " ^ domain
,
1490 | Vmail
.Error msg
=> ("Error listing mailboxes for " ^ domain ^
": " ^ msg
,
1494 | MsgNewMailbox
{domain
, user
= emailUser
, passwd
, mailbox
} =>
1496 if not (Domain
.yourDomain domain
) then
1497 ("User wasn't authorized to add a mailbox to " ^ domain
,
1498 SOME
"You're not authorized to configure that domain.")
1499 else if not (Domain
.validEmailUser emailUser
) then
1500 ("Invalid e-mail username " ^ emailUser
,
1501 SOME
"Invalid e-mail username")
1502 else if not (CharVector
.all
Char.isGraph passwd
) then
1503 ("Invalid password",
1504 SOME
"Invalid password; may only contain printable, non-space characters")
1505 else if not (Domain
.yourPath mailbox
) then
1506 ("User wasn't authorized to add a mailbox at " ^ mailbox
,
1507 SOME ("You're not authorized to use that mailbox location. ("
1510 case Vmail
.add
{requester
= user
,
1511 domain
= domain
, user
= emailUser
,
1512 passwd
= passwd
, mailbox
= mailbox
} of
1513 NONE
=> ("Added mailbox " ^ emailUser ^
"@" ^ domain ^
" at " ^ mailbox
,
1515 | SOME msg
=> ("Error adding mailbox " ^ emailUser ^
"@" ^ domain ^
": " ^ msg
,
1519 | MsgPasswdMailbox
{domain
, user
= emailUser
, passwd
} =>
1521 if not (Domain
.yourDomain domain
) then
1522 ("User wasn't authorized to change password of a mailbox for " ^ domain
,
1523 SOME
"You're not authorized to configure that domain.")
1524 else if not (Domain
.validEmailUser emailUser
) then
1525 ("Invalid e-mail username " ^ emailUser
,
1526 SOME
"Invalid e-mail username")
1527 else if not (CharVector
.all
Char.isGraph passwd
) then
1528 ("Invalid password",
1529 SOME
"Invalid password; may only contain printable, non-space characters")
1531 case Vmail
.passwd
{domain
= domain
, user
= emailUser
,
1533 NONE
=> ("Changed password of mailbox " ^ emailUser ^
"@" ^ domain
,
1535 | SOME msg
=> ("Error changing mailbox password for " ^ emailUser ^
"@" ^ domain ^
": " ^ msg
,
1539 | MsgPortalPasswdMailbox
{domain
, user
= emailUser
, oldpasswd
, newpasswd
} =>
1541 if not (Acl
.query
{user
= user
, class
= "priv", value
= "vmail"}) then
1542 ("User is not authorized to run portal vmail password",
1543 SOME
"You're not authorized to use the portal password command")
1544 else if not (Domain
.validEmailUser emailUser
) then
1545 ("Invalid e-mail username " ^ emailUser
,
1546 SOME
"Invalid e-mail username")
1547 else if not (CharVector
.all
Char.isGraph oldpasswd
1548 andalso CharVector
.all
Char.isGraph newpasswd
) then
1549 ("Invalid password",
1550 SOME
"Invalid password; may only contain printable, non-space characters")
1552 case Vmail
.portalpasswd
{domain
= domain
, user
= emailUser
,
1553 oldpasswd
= oldpasswd
, newpasswd
= newpasswd
} of
1554 NONE
=> ("Changed password of mailbox " ^ emailUser ^
"@" ^ domain
,
1556 | SOME msg
=> ("Error changing mailbox password for " ^ emailUser ^
"@" ^ domain ^
": " ^ msg
,
1560 | MsgRmMailbox
{domain
, user
= emailUser
} =>
1562 if not (Domain
.yourDomain domain
) then
1563 ("User wasn't authorized to change password of a mailbox for " ^ domain
,
1564 SOME
"You're not authorized to configure that domain.")
1565 else if not (Domain
.validEmailUser emailUser
) then
1566 ("Invalid e-mail username " ^ emailUser
,
1567 SOME
"Invalid e-mail username")
1569 case Vmail
.rm
{domain
= domain
, user
= emailUser
} of
1570 NONE
=> ("Deleted mailbox " ^ emailUser ^
"@" ^ domain
,
1572 | SOME msg
=> ("Error deleting mailbox " ^ emailUser ^
"@" ^ domain ^
": " ^ msg
,
1576 | MsgSaQuery addr
=>
1578 case checkAddr addr
of
1579 NONE
=> ("User tried to query SA filtering for " ^ addr
,
1580 SOME
"You aren't allowed to configure SA filtering for that recipient.")
1581 | SOME addr
' => (Msg
.send (bio
, MsgSaStatus (SetSA
.query addr
'));
1582 ("Queried SA filtering status for " ^ addr
,
1586 |
MsgSaSet (addr
, b
) =>
1588 case checkAddr addr
of
1589 NONE
=> ("User tried to set SA filtering for " ^ addr
,
1590 SOME
"You aren't allowed to configure SA filtering for that recipient.")
1591 | SOME addr
' => (SetSA
.set (addr
', b
);
1593 Msg
.send (bio
, MsgOk
);
1594 ("Set SA filtering status for " ^ addr ^
" to "
1595 ^
(if b
then "ON" else "OFF"),
1599 | MsgSmtpLogReq domain
=>
1601 if not (Domain
.yourDomain domain
) then
1602 ("Unauthorized user tried to request SMTP logs for " ^ domain
,
1603 SOME
"You aren't authorized to configure that domain.")
1605 (SmtpLog
.search (fn line
=> Msg
.send (bio
, MsgSmtpLogRes line
))
1607 ("Requested SMTP logs for " ^ domain
,
1612 doIt (fn () => (Msg
.send (bio
, answerQuery q
);
1616 | MsgDescribe dom
=>
1617 doIt (fn () => if not (Domain
.validDomain dom
) then
1618 ("Requested description of invalid domain " ^ dom
,
1619 SOME
"Invalid domain name")
1620 else if not (Domain
.yourDomain dom
1621 orelse Acl
.query
{user
= user
, class
= "priv", value
= "all"}) then
1622 ("Requested description of " ^ dom ^
", but not allowed access",
1623 SOME
"Access denied")
1625 (Msg
.send (bio
, MsgDescription (Domain
.describe dom
));
1626 ("Sent description of domain " ^ dom
,
1631 doIt (fn () => if Acl
.query
{user
= user
, class
= "priv", value
= "regen"}
1632 orelse Acl
.query
{user
= user
, class
= "priv", value
= "all"} then
1634 ("Users change callbacks run", NONE
))
1636 ("Unauthorized user asked to reusers!",
1637 SOME
"You aren't authorized to regenerate files."))
1641 doIt (fn () => ("Unexpected command",
1642 SOME
"Unexpected command"))
1647 handle e
as (OpenSSL
.OpenSSL s
) =>
1648 (print ("OpenSSL error: " ^ s ^
"\n");
1649 app (fn x
=> print (x ^
"\n")) (SMLofNJ
.exnHistory e
);
1651 handle OpenSSL
.OpenSSL _
=> ();
1653 | OS
.SysErr (s
, _
) =>
1654 (print ("System error: " ^ s ^
"\n");
1656 handle OpenSSL
.OpenSSL _
=> ();
1658 | IO
.Io
{name
, function
, cause
} =>
1659 (print ("IO error: " ^ function ^
" for " ^ name ^
"\n");
1660 app (fn x
=> print (x ^
"\n")) (SMLofNJ
.exnHistory cause
);
1662 handle OpenSSL
.OpenSSL _
=> ();
1664 | OS
.Path
.InvalidArc
=>
1665 (print
"Invalid arc\n";
1667 handle OpenSSL
.OpenSSL _
=> ();
1670 (print
"Unknown exception in main loop!\n";
1671 app (fn x
=> print (x ^
"\n")) (SMLofNJ
.exnHistory e
);
1673 handle OpenSSL
.OpenSSL _
=> ();
1675 handle e
as (OpenSSL
.OpenSSL s
) =>
1676 (print ("OpenSSL error: " ^ s ^
"\n");
1677 app (fn x
=> print (x ^
"\n")) (SMLofNJ
.exnHistory e
);
1679 | OS
.SysErr (s
, _
) =>
1680 (print ("System error: " ^ s ^
"\n");
1682 | IO
.Io
{name
, function
, cause
} =>
1683 (print ("IO error: " ^ function ^
" for " ^ name ^
"\n");
1684 app (fn x
=> print (x ^
"\n")) (SMLofNJ
.exnHistory cause
);
1687 (print
"Unknown exception in main loop!\n";
1688 app (fn x
=> print (x ^
"\n")) (SMLofNJ
.exnHistory e
);
1691 print ("Domtool dispatcher starting up at " ^
now () ^
"\n");
1692 print
"Listening for connections....\n";
1694 OpenSSL
.shutdown sock
1699 val host
= Slave
.hostname ()
1701 val context
= context (Config
.certDir ^
"/" ^ host ^
".pem",
1702 Config
.keyDir ^
"/" ^ host ^
"/key.pem",
1705 val sock
= OpenSSL
.listen (context
, Config
.slavePort
)
1707 val _
= print ("Slave server starting at " ^
now () ^
"\n")
1710 (case OpenSSL
.accept sock
of
1714 val peer
= OpenSSL
.peerCN bio
1715 val () = print ("\nConnection from " ^ peer ^
" at " ^
now () ^
"\n")
1717 if peer
= Config
.dispatcherName
then let
1719 case Msg
.recv bio
of
1720 NONE
=> print
"Dispatcher closed connection unexpectedly\n"
1723 MsgFile file
=> loop
' (file
:: files
)
1724 | MsgDoFiles
=> (Slave
.handleChanges files
;
1725 Msg
.send (bio
, MsgOk
))
1726 | MsgRegenerate
=> (Domain
.resetLocal ();
1727 Msg
.send (bio
, MsgOk
))
1728 | MsgVmailChanged
=> (if Vmail
.doChanged () then
1729 Msg
.send (bio
, MsgOk
)
1731 Msg
.send (bio
, MsgError
"userdb update failed"))
1732 | MsgSaChanged
=> (if Slave
.shell
[Config
.SpamAssassin
.postReload
] then
1733 Msg
.send (bio
, MsgOk
)
1735 Msg
.send (bio
, MsgError
"Error reloading SpamAssassin addresses"))
1736 | _
=> (print
"Dispatcher sent unexpected command\n";
1737 Msg
.send (bio
, MsgError
"Unexpected command"))
1740 ignore (OpenSSL
.readChar bio
);
1744 else if peer
= "domtool" then
1745 case Msg
.recv bio
of
1746 SOME MsgShutdown
=> (OpenSSL
.close bio
;
1747 print ("Shutting down at " ^
now () ^
"\n\n"))
1748 | _
=> (OpenSSL
.close bio
;
1752 val doIt
= doIt
' loop bio
1755 case Msg
.recv bio
of
1756 NONE
=> (OpenSSL
.close bio
1757 handle OpenSSL
.OpenSSL _
=> ();
1761 (MsgQuery q
) => (print (describeQuery q ^
"\n");
1762 Msg
.send (bio
, answerQuery q
);
1763 ignore (OpenSSL
.readChar bio
);
1766 | MsgCreateDbUser
{dbtype
, passwd
} =>
1768 case Dbms
.lookup dbtype
of
1769 NONE
=> ("Database user creation request with unknown datatype type " ^ dbtype
,
1770 SOME ("Unknown database type " ^ dbtype
))
1772 case #adduser handler
{user
= user
, passwd
= passwd
} of
1773 NONE
=> ("Added " ^ dbtype ^
" user " ^ user ^
".",
1776 ("Error adding a " ^ dbtype ^
" user " ^ user ^
": " ^ msg
,
1777 SOME ("Error adding user: " ^ msg
)))
1780 | MsgDbPasswd
{dbtype
, passwd
} =>
1782 case Dbms
.lookup dbtype
of
1783 NONE
=> ("Database passwd request with unknown datatype type " ^ dbtype
,
1784 SOME ("Unknown database type " ^ dbtype
))
1786 case #passwd handler
{user
= user
, passwd
= passwd
} of
1787 NONE
=> ("Changed " ^ dbtype ^
" password of user " ^ user ^
".",
1790 ("Error setting " ^ dbtype ^
" password of user " ^ user ^
": " ^ msg
,
1791 SOME ("Error adding user: " ^ msg
)))
1794 | MsgCreateDb
{dbtype
, dbname
, encoding
} =>
1796 if Dbms
.validDbname dbname
then
1797 case Dbms
.lookup dbtype
of
1798 NONE
=> ("Database creation request with unknown datatype type " ^ dbtype
,
1799 SOME ("Unknown database type " ^ dbtype
))
1801 if not (Dbms
.validEncoding encoding
) then
1802 ("Invalid encoding " ^ valOf encoding ^
" requested for database creation.",
1803 SOME
"Invalid encoding")
1805 case #createdb handler
{user
= user
, dbname
= dbname
, encoding
= encoding
} of
1806 NONE
=> ("Created database " ^ user ^
"_" ^ dbname ^
".",
1808 | SOME msg
=> ("Error creating database " ^ user ^
"_" ^ dbname ^
": " ^ msg
,
1809 SOME ("Error creating database: " ^ msg
))
1811 ("Invalid database name " ^ user ^
"_" ^ dbname
,
1812 SOME ("Invalid database name " ^ dbname
)))
1815 | MsgDropDb
{dbtype
, dbname
} =>
1817 if Dbms
.validDbname dbname
then
1818 case Dbms
.lookup dbtype
of
1819 NONE
=> ("Database drop request with unknown datatype type " ^ dbtype
,
1820 SOME ("Unknown database type " ^ dbtype
))
1822 case #dropdb handler
{user
= user
, dbname
= dbname
} of
1823 NONE
=> ("Drop database " ^ user ^
"_" ^ dbname ^
".",
1825 | SOME msg
=> ("Error dropping database " ^ user ^
"_" ^ dbname ^
": " ^ msg
,
1826 SOME ("Error dropping database: " ^ msg
))
1828 ("Invalid database name " ^ user ^
"_" ^ dbname
,
1829 SOME ("Invalid database name " ^ dbname
)))
1832 | MsgGrantDb
{dbtype
, dbname
} =>
1834 if Dbms
.validDbname dbname
then
1835 case Dbms
.lookup dbtype
of
1836 NONE
=> ("Database drop request with unknown datatype type " ^ dbtype
,
1837 SOME ("Unknown database type " ^ dbtype
))
1839 case #grant handler
{user
= user
, dbname
= dbname
} of
1840 NONE
=> ("Grant permissions to database " ^ user ^
"_" ^ dbname ^
".",
1842 | SOME msg
=> ("Error granting permissions to database " ^ user ^
"_" ^ dbname ^
": " ^ msg
,
1843 SOME ("Error granting permissions to database: " ^ msg
))
1845 ("Invalid database name " ^ user ^
"_" ^ dbname
,
1846 SOME ("Invalid database name " ^ dbname
)))
1848 | MsgMysqlFixperms
=>
1849 (print
"Starting mysql-fixperms\n";
1850 doIt (fn () => if OS
.Process
.isSuccess
1851 (OS
.Process
.system
"/usr/bin/sudo -H /afs/hcoop.net/common/etc/scripts/mysql-grant-table-drop") then
1852 ("Requested mysql-fixperms",
1855 ("Requested mysql-fixperms, but execution failed!",
1856 SOME
"Script execution failed."))
1858 | MsgFirewallRegen
=>
1859 doIt (fn () => (Acl
.read Config
.aclFile
;
1860 if Acl
.query
{user
= user
, class
= "priv", value
= "all"} then
1861 if List.exists (fn x
=> x
= host
) Config
.Firewall
.firewallNodes
then
1862 if (Firewall
.generateFirewallConfig (Firewall
.parseRules ()) andalso Firewall
.publishConfig ())
1864 ("Firewall rules regenerated.", NONE
)
1866 ("Rules regeneration failed!", SOME
"Script execution failed.")
1867 else ("Node not controlled by domtool firewall.", SOME (host
))
1869 ("Not authorized to regenerate firewall.", SOME ("Unauthorized user " ^ user ^
" attempted to regenerated firewall"))))
1872 | _
=> (OpenSSL
.close bio
;
1875 end handle OpenSSL
.OpenSSL s
=>
1876 (print ("OpenSSL error: " ^ s ^
"\n");
1878 handle OpenSSL
.OpenSSL _
=> ();
1880 | e
as OS
.SysErr (s
, _
) =>
1881 (app (fn s
=> print (s ^
"\n")) (SMLofNJ
.exnHistory e
);
1882 print ("System error: "^ s ^
"\n");
1884 handle OpenSSL
.OpenSSL _
=> ();
1886 | IO
.Io
{function
, name
, ...} =>
1887 (print ("IO error: " ^ function ^
": " ^ name ^
"\n");
1889 handle OpenSSL
.OpenSSL _
=> ();
1892 (app (fn s
=> print (s ^
"\n")) (SMLofNJ
.exnHistory e
);
1893 print
"Uncaught exception!\n";
1895 handle OpenSSL
.OpenSSL _
=> ();
1897 handle OpenSSL
.OpenSSL s
=>
1898 (print ("OpenSSL error: " ^ s ^
"\n");
1901 (app (fn s
=> print (s ^
"\n")) (SMLofNJ
.exnHistory e
);
1902 print
"Uncaught exception!\n";
1906 OpenSSL
.shutdown sock
1911 val dir
= Posix
.FileSys
.opendir Config
.libRoot
1914 case Posix
.FileSys
.readdir dir
of
1915 NONE
=> (Posix
.FileSys
.closedir dir
;
1918 if String.isSuffix
".dtl" fname
then
1919 loop (OS
.Path
.joinDirFile
{dir
= Config
.libRoot
,
1928 fun autodocBasis outdir
=
1929 Autodoc
.autodoc
{outdir
= outdir
, infiles
= listBasis ()}