1 (* HCoop
Domtool (http
://hcoop
.sourceforge
.net
/)
2 * Copyright (c
) 2006-2007, Adam Chlipala
4 * This program is free software
; you can redistribute it
and/or
5 * modify it under the terms
of the GNU General Public License
6 * as published by the Free Software Foundation
; either version
2
7 * of the License
, or (at your option
) any later version
.
9 * This program is distributed
in the hope that it will be useful
,
10 * but WITHOUT ANY WARRANTY
; without even the implied warranty
of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE
. See the
12 * GNU General Public License for more details
.
14 * You should have received a copy
of the GNU General Public License
15 * along
with this program
; if not
, write to the Free Software
16 * Foundation
, Inc
., 51 Franklin Street
, Fifth Floor
, Boston
, MA
02110-1301, USA
.
21 structure Main
:> MAIN
= struct
23 open Ast MsgTypes Print
25 structure SM
= StringMap
27 fun init () = Acl
.read Config
.aclFile
31 val prog
= Parse
.parse fname
33 if !ErrorMsg
.anyErrors
then
36 (Option
.app (Unused
.check G
) (#
3 prog
);
37 Tycheck
.checkFile
G (Defaults
.tInit ()) prog
)
42 val dir
= Posix
.FileSys
.opendir Config
.libRoot
45 case Posix
.FileSys
.readdir dir
of
46 NONE
=> (Posix
.FileSys
.closedir dir
;
49 if String.isSuffix
".dtl" fname
then
50 loop (OS
.Path
.joinDirFile
{dir
= Config
.libRoot
,
57 val (_
, files
) = Order
.order NONE files
59 if !ErrorMsg
.anyErrors
then
62 (Tycheck
.allowExterns ();
63 foldl (fn (fname
, G
) => check
' G fname
) Env
.empty files
64 before Tycheck
.disallowExterns ())
69 val _
= ErrorMsg
.reset ()
70 val _
= Env
.preTycheck ()
74 if !ErrorMsg
.anyErrors
then
78 val _
= Tycheck
.disallowExterns ()
79 val _
= ErrorMsg
.reset ()
80 val prog
= Parse
.parse fname
82 if !ErrorMsg
.anyErrors
then
86 val G
' = Tycheck
.checkFile
b (Defaults
.tInit ()) prog
88 if !ErrorMsg
.anyErrors
then
91 (Option
.app (Unused
.check b
) (#
3 prog
);
98 String.sub (s
, 0) <> #
"."
99 andalso CharVector
.all (fn ch
=> Char.isAlphaNum ch
orelse ch
= #
"." orelse ch
= #
"_" orelse ch
= #
"-") s
104 case Posix
.ProcEnv
.getenv
"DOMTOOL_USER" of
107 val uid
= Posix
.ProcEnv
.getuid ()
109 Posix
.SysDB
.Passwd
.name (Posix
.SysDB
.getpwuid uid
)
113 Acl
.read Config
.aclFile
;
118 fun checkDir
' dname
=
122 val dir
= Posix
.FileSys
.opendir dname
125 case Posix
.FileSys
.readdir dir
of
126 NONE
=> (Posix
.FileSys
.closedir dir
;
130 loop (OS
.Path
.joinDirFile
{dir
= dname
,
137 val (_
, files
) = Order
.order (SOME b
) files
139 if !ErrorMsg
.anyErrors
then
142 (foldl (fn (fname
, G
) => check
' G fname
) b files
;
143 if !ErrorMsg
.anyErrors
then
155 val (G
, body
) = check fname
157 if !ErrorMsg
.anyErrors
then
163 val body
' = Reduce
.reduceExp G body
165 (*printd (PD
.hovBox (PD
.PPS
.Rel
0,
166 [PD
.string "Result:",
177 if !ErrorMsg
.anyErrors
then
180 Eval
.exec (Defaults
.eInit ()) body
'
186 if !ErrorMsg
.anyErrors
then
189 ignore (Eval
.exec
' (Defaults
.eInit ()) body
')
193 Config
.dispatcher ^
":" ^
Int.toString Config
.dispatcherPort
196 "localhost:" ^
Int.toString Config
.slavePort
199 (OpenSSL
.context
false x
)
200 handle e
as OpenSSL
.OpenSSL s
=>
201 (print
"Couldn't find your certificate.\nYou probably haven't been given any Domtool privileges.\n";
202 print ("I looked in: " ^ #
1 x ^
"\n");
203 print ("Additional information: " ^ s ^
"\n");
206 fun requestContext f
=
208 val user
= setupUser ()
212 val context
= context (Config
.certDir ^
"/" ^ user ^
".pem",
213 Config
.keyDir ^
"/" ^ user ^
"/key.pem",
221 val (user
, context
) = requestContext f
223 (user
, OpenSSL
.connect (context
, dispatcher
))
226 fun requestSlaveBio () =
228 val (user
, context
) = requestContext (fn () => ())
230 (user
, OpenSSL
.connect (context
, self
))
235 val (user
, bio
) = requestBio (fn () => ignore (check fname
))
237 val inf
= TextIO.openIn fname
240 case TextIO.inputLine inf
of
241 NONE
=> String.concat (List.rev lines
)
242 | SOME line
=> loop (line
:: lines
)
247 Msg
.send (bio
, MsgConfig code
);
249 NONE
=> print
"Server closed connection unexpectedly.\n"
252 MsgOk
=> print
"Configuration succeeded.\n"
253 | MsgError s
=> print ("Configuration failed: " ^ s ^
"\n")
254 | _
=> print
"Unexpected server reply.\n";
257 handle ErrorMsg
.Error
=> ()
259 fun requestDir dname
=
261 val _
= if Posix
.FileSys
.access (dname
, []) then
264 (print ("Can't access " ^ dname ^
".\n");
265 print
"Did you mean to run domtool on a specific file, instead of asking for all\n";
266 print
"files in your ~/.domtool directory?\n";
267 OS
.Process
.exit OS
.Process
.failure
)
269 val _
= ErrorMsg
.reset ()
271 val (user
, bio
) = requestBio (fn () => checkDir
' dname
)
275 val dir
= Posix
.FileSys
.opendir dname
278 case Posix
.FileSys
.readdir dir
of
279 NONE
=> (Posix
.FileSys
.closedir dir
;
283 loop (OS
.Path
.joinDirFile
{dir
= dname
,
290 val (_
, files
) = Order
.order (SOME b
) files
292 val _
= if !ErrorMsg
.anyErrors
then
293 (print
"J\n";raise ErrorMsg
.Error
)
297 val codes
= map (fn fname
=>
299 val inf
= TextIO.openIn fname
302 case TextIO.inputLine inf
of
303 NONE
=> String.concat (rev lines
)
304 | SOME line
=> loop (line
:: lines
)
307 before TextIO.closeIn inf
310 if !ErrorMsg
.anyErrors
then
313 (Msg
.send (bio
, MsgMultiConfig codes
);
315 NONE
=> print
"Server closed connection unexpectedly.\n"
318 MsgOk
=> print
"Configuration succeeded.\n"
319 | MsgError s
=> print ("Configuration failed: " ^ s ^
"\n")
320 | _
=> print
"Unexpected server reply.\n";
323 handle ErrorMsg
.Error
=> ()
327 val (_
, bio
) = requestBio (fn () => ())
332 handle _
=> OS
.Process
.failure
334 fun requestShutdown () =
336 val (_
, bio
) = requestBio (fn () => ())
338 Msg
.send (bio
, MsgShutdown
);
340 NONE
=> print
"Server closed connection unexpectedly.\n"
343 MsgOk
=> print
"Shutdown begun.\n"
344 | MsgError s
=> print ("Shutdown failed: " ^ s ^
"\n")
345 | _
=> print
"Unexpected server reply.\n";
349 fun requestSlavePing () =
351 val (_
, bio
) = requestSlaveBio ()
356 handle _
=> OS
.Process
.failure
358 fun requestSlaveShutdown () =
360 val (_
, bio
) = requestSlaveBio ()
362 Msg
.send (bio
, MsgShutdown
);
364 NONE
=> print
"Server closed connection unexpectedly.\n"
367 MsgOk
=> print
"Shutdown begun.\n"
368 | MsgError s
=> print ("Shutdown failed: " ^ s ^
"\n")
369 | _
=> print
"Unexpected server reply.\n";
373 fun requestGrant acl
=
375 val (user
, bio
) = requestBio (fn () => ())
377 Msg
.send (bio
, MsgGrant acl
);
379 NONE
=> print
"Server closed connection unexpectedly.\n"
382 MsgOk
=> print
"Grant succeeded.\n"
383 | MsgError s
=> print ("Grant failed: " ^ s ^
"\n")
384 | _
=> print
"Unexpected server reply.\n";
388 fun requestRevoke acl
=
390 val (user
, bio
) = requestBio (fn () => ())
392 Msg
.send (bio
, MsgRevoke acl
);
394 NONE
=> print
"Server closed connection unexpectedly.\n"
397 MsgOk
=> print
"Revoke succeeded.\n"
398 | MsgError s
=> print ("Revoke failed: " ^ s ^
"\n")
399 | _
=> print
"Unexpected server reply.\n";
403 fun requestListPerms user
=
405 val (_
, bio
) = requestBio (fn () => ())
407 Msg
.send (bio
, MsgListPerms user
);
408 (case Msg
.recv bio
of
409 NONE
=> (print
"Server closed connection unexpectedly.\n";
413 MsgPerms perms
=> SOME perms
414 | MsgError s
=> (print ("Listing failed: " ^ s ^
"\n");
416 | _
=> (print
"Unexpected server reply.\n";
418 before OpenSSL
.close bio
421 fun requestWhoHas perm
=
423 val (_
, bio
) = requestBio (fn () => ())
425 Msg
.send (bio
, MsgWhoHas perm
);
426 (case Msg
.recv bio
of
427 NONE
=> (print
"Server closed connection unexpectedly.\n";
431 MsgWhoHasResponse users
=> SOME users
432 | MsgError s
=> (print ("whohas failed: " ^ s ^
"\n");
434 | _
=> (print
"Unexpected server reply.\n";
436 before OpenSSL
.close bio
439 fun requestRegen () =
441 val (_
, bio
) = requestBio (fn () => ())
443 Msg
.send (bio
, MsgRegenerate
);
445 NONE
=> print
"Server closed connection unexpectedly.\n"
448 MsgOk
=> print
"Regeneration succeeded.\n"
449 | MsgError s
=> print ("Regeneration failed: " ^ s ^
"\n")
450 | _
=> print
"Unexpected server reply.\n";
454 fun requestRegenTc () =
456 val (_
, bio
) = requestBio (fn () => ())
458 Msg
.send (bio
, MsgRegenerateTc
);
460 NONE
=> print
"Server closed connection unexpectedly.\n"
463 MsgOk
=> print
"All configuration validated.\n"
464 | MsgError s
=> print ("Configuration validation failed: " ^ s ^
"\n")
465 | _
=> print
"Unexpected server reply.\n";
469 fun requestRmdom dom
=
471 val (_
, bio
) = requestBio (fn () => ())
473 Msg
.send (bio
, MsgRmdom dom
);
475 NONE
=> print
"Server closed connection unexpectedly.\n"
478 MsgOk
=> print
"Removal succeeded.\n"
479 | MsgError s
=> print ("Removal failed: " ^ s ^
"\n")
480 | _
=> print
"Unexpected server reply.\n";
484 fun requestRmuser user
=
486 val (_
, bio
) = requestBio (fn () => ())
488 Msg
.send (bio
, MsgRmuser user
);
490 NONE
=> print
"Server closed connection unexpectedly.\n"
493 MsgOk
=> print
"Removal succeeded.\n"
494 | MsgError s
=> print ("Removal failed: " ^ s ^
"\n")
495 | _
=> print
"Unexpected server reply.\n";
499 fun requestDbUser dbtype
=
501 val (_
, bio
) = requestBio (fn () => ())
503 Msg
.send (bio
, MsgCreateDbUser dbtype
);
505 NONE
=> print
"Server closed connection unexpectedly.\n"
508 MsgOk
=> print
"Your user has been created.\n"
509 | MsgError s
=> print ("Creation failed: " ^ s ^
"\n")
510 | _
=> print
"Unexpected server reply.\n";
514 fun requestDbPasswd rc
=
516 val (_
, bio
) = requestBio (fn () => ())
518 Msg
.send (bio
, MsgDbPasswd rc
);
520 NONE
=> print
"Server closed connection unexpectedly.\n"
523 MsgOk
=> print
"Your password has been changed.\n"
524 | MsgError s
=> print ("Password set failed: " ^ s ^
"\n")
525 | _
=> print
"Unexpected server reply.\n";
529 fun requestDbTable p
=
531 val (user
, bio
) = requestBio (fn () => ())
533 Msg
.send (bio
, MsgCreateDb p
);
535 NONE
=> print
"Server closed connection unexpectedly.\n"
538 MsgOk
=> print ("Your database " ^ user ^
"_" ^ #dbname p ^
" has been created.\n")
539 | MsgError s
=> print ("Creation failed: " ^ s ^
"\n")
540 | _
=> print
"Unexpected server reply.\n";
544 fun requestDbDrop p
=
546 val (user
, bio
) = requestBio (fn () => ())
548 Msg
.send (bio
, MsgDropDb p
);
550 NONE
=> print
"Server closed connection unexpectedly.\n"
553 MsgOk
=> print ("Your database " ^ user ^
"_" ^ #dbname p ^
" has been dropped.\n")
554 | MsgError s
=> print ("Drop failed: " ^ s ^
"\n")
555 | _
=> print
"Unexpected server reply.\n";
559 fun requestDbGrant p
=
561 val (user
, bio
) = requestBio (fn () => ())
563 Msg
.send (bio
, MsgGrantDb p
);
565 NONE
=> print
"Server closed connection unexpectedly.\n"
568 MsgOk
=> print ("You've been granted all allowed privileges to database " ^ user ^
"_" ^ #dbname p ^
".\n")
569 | MsgError s
=> print ("Grant failed: " ^ s ^
"\n")
570 | _
=> print
"Unexpected server reply.\n";
574 fun requestListMailboxes domain
=
576 val (_
, bio
) = requestBio (fn () => ())
578 Msg
.send (bio
, MsgListMailboxes domain
);
579 (case Msg
.recv bio
of
580 NONE
=> Vmail
.Error
"Server closed connection unexpectedly."
583 MsgMailboxes users
=> (Msg
.send (bio
, MsgOk
);
585 | MsgError s
=> Vmail
.Error ("Listing failed: " ^ s
)
586 | _
=> Vmail
.Error
"Unexpected server reply.")
587 before OpenSSL
.close bio
590 fun requestNewMailbox p
=
592 val (_
, bio
) = requestBio (fn () => ())
594 Msg
.send (bio
, MsgNewMailbox p
);
596 NONE
=> print
"Server closed connection unexpectedly.\n"
599 MsgOk
=> print ("A mapping for " ^ #user p ^
"@" ^ #domain p ^
" has been created.\n")
600 | MsgError s
=> print ("Creation failed: " ^ s ^
"\n")
601 | _
=> print
"Unexpected server reply.\n";
605 fun requestPasswdMailbox p
=
607 val (_
, bio
) = requestBio (fn () => ())
609 Msg
.send (bio
, MsgPasswdMailbox p
);
611 NONE
=> print
"Server closed connection unexpectedly.\n"
614 MsgOk
=> print ("The password for " ^ #user p ^
"@" ^ #domain p ^
" has been changed.\n")
615 | MsgError s
=> print ("Set failed: " ^ s ^
"\n")
616 | _
=> print
"Unexpected server reply.\n";
620 fun requestRmMailbox p
=
622 val (_
, bio
) = requestBio (fn () => ())
624 Msg
.send (bio
, MsgRmMailbox p
);
626 NONE
=> print
"Server closed connection unexpectedly.\n"
629 MsgOk
=> print ("The mapping for mailbox " ^ #user p ^
"@" ^ #domain p ^
" has been deleted.\n")
630 | MsgError s
=> print ("Remove failed: " ^ s ^
"\n")
631 | _
=> print
"Unexpected server reply.\n";
635 fun requestSaQuery addr
=
637 val (_
, bio
) = requestBio (fn () => ())
639 Msg
.send (bio
, MsgSaQuery addr
);
640 (case Msg
.recv bio
of
641 NONE
=> print
"Server closed connection unexpectedly.\n"
644 MsgSaStatus b
=> (print ("SpamAssassin filtering for " ^ addr ^
" is "
645 ^
(if b
then "ON" else "OFF") ^
".\n");
646 Msg
.send (bio
, MsgOk
))
647 | MsgError s
=> print ("Query failed: " ^ s ^
"\n")
648 | _
=> print
"Unexpected server reply.\n")
649 before OpenSSL
.close bio
654 val (_
, bio
) = requestBio (fn () => ())
656 Msg
.send (bio
, MsgSaSet p
);
658 NONE
=> print
"Server closed connection unexpectedly.\n"
661 MsgOk
=> print ("SpamAssassin filtering for " ^ #
1 p ^
" is now "
662 ^
(if #
2 p
then "ON" else "OFF") ^
".\n")
663 | MsgError s
=> print ("Set failed: " ^ s ^
"\n")
664 | _
=> print
"Unexpected server reply.\n";
668 fun requestSmtpLog domain
=
670 val (_
, bio
) = requestBio (fn () => ())
672 val _
= Msg
.send (bio
, MsgSmtpLogReq domain
)
676 NONE
=> print
"Server closed connection unexpectedly.\n"
680 | MsgSmtpLogRes line
=> (print line
;
682 | MsgError s
=> print ("Log search failed: " ^ s ^
"\n")
683 | _
=> print
"Unexpected server reply.\n"
689 fun requestMysqlFixperms () =
691 val (_
, bio
) = requestBio (fn () => ())
693 Msg
.send (bio
, MsgMysqlFixperms
);
695 NONE
=> print
"Server closed connection unexpectedly.\n"
698 MsgOk
=> print
"Permissions granted.\n"
699 | MsgError s
=> print ("Failed: " ^ s ^
"\n")
700 | _
=> print
"Unexpected server reply.\n";
704 fun requestApt
{node
, pkg
} =
706 val (user
, context
) = requestContext (fn () => ())
707 val bio
= OpenSSL
.connect (context
, if node
= Config
.masterNode
then
710 Domain
.nodeIp node ^
":" ^
Int.toString Config
.slavePort
)
712 val _
= Msg
.send (bio
, MsgQuery (QApt pkg
))
716 NONE
=> (print
"Server closed connection unexpectedly.\n";
720 MsgYes
=> (print
"Package is installed.\n";
722 | MsgNo
=> (print
"Package is not installed.\n";
724 | MsgError s
=> (print ("APT query failed: " ^ s ^
"\n");
726 | _
=> (print
"Unexpected server reply.\n";
730 before OpenSSL
.close bio
733 fun requestCron
{node
, uname
} =
735 val (user
, context
) = requestContext (fn () => ())
736 val bio
= OpenSSL
.connect (context
, if node
= Config
.masterNode
then
739 Domain
.nodeIp node ^
":" ^
Int.toString Config
.slavePort
)
741 val _
= Msg
.send (bio
, MsgQuery (QCron uname
))
745 NONE
=> (print
"Server closed connection unexpectedly.\n";
749 MsgYes
=> (print
"User has cron permissions.\n";
751 | MsgNo
=> (print
"User does not have cron permissions.\n";
753 | MsgError s
=> (print ("Cron query failed: " ^ s ^
"\n");
755 | _
=> (print
"Unexpected server reply.\n";
759 before OpenSSL
.close bio
762 fun requestFtp
{node
, uname
} =
764 val (user
, context
) = requestContext (fn () => ())
765 val bio
= OpenSSL
.connect (context
, if node
= Config
.masterNode
then
768 Domain
.nodeIp node ^
":" ^
Int.toString Config
.slavePort
)
770 val _
= Msg
.send (bio
, MsgQuery (QFtp uname
))
774 NONE
=> (print
"Server closed connection unexpectedly.\n";
778 MsgYes
=> (print
"User has FTP permissions.\n";
780 | MsgNo
=> (print
"User does not have FTP permissions.\n";
782 | MsgError s
=> (print ("FTP query failed: " ^ s ^
"\n");
784 | _
=> (print
"Unexpected server reply.\n";
788 before OpenSSL
.close bio
791 fun requestTrustedPath
{node
, uname
} =
793 val (user
, context
) = requestContext (fn () => ())
794 val bio
= OpenSSL
.connect (context
, if node
= Config
.masterNode
then
797 Domain
.nodeIp node ^
":" ^
Int.toString Config
.slavePort
)
799 val _
= Msg
.send (bio
, MsgQuery (QTrustedPath uname
))
803 NONE
=> (print
"Server closed connection unexpectedly.\n";
807 MsgYes
=> (print
"User has trusted path restriction.\n";
809 | MsgNo
=> (print
"User does not have trusted path restriction.\n";
811 | MsgError s
=> (print ("Trusted path query failed: " ^ s ^
"\n");
813 | _
=> (print
"Unexpected server reply.\n";
817 before OpenSSL
.close bio
820 fun requestSocketPerm
{node
, uname
} =
822 val (user
, context
) = requestContext (fn () => ())
823 val bio
= OpenSSL
.connect (context
, if node
= Config
.masterNode
then
826 Domain
.nodeIp node ^
":" ^
Int.toString Config
.slavePort
)
828 val _
= Msg
.send (bio
, MsgQuery (QSocket uname
))
832 NONE
=> (print
"Server closed connection unexpectedly.\n";
836 MsgSocket p
=> (case p
of
838 | Client
=> print
"Client\n"
839 | Server
=> print
"Server\n"
840 | Nada
=> print
"Nada\n";
842 | MsgError s
=> (print ("Socket permission query failed: " ^ s ^
"\n");
844 | _
=> (print
"Unexpected server reply.\n";
848 before OpenSSL
.close bio
851 fun requestFirewall
{node
, uname
} =
853 val (user
, context
) = requestContext (fn () => ())
854 val bio
= OpenSSL
.connect (context
, if node
= Config
.masterNode
then
857 Domain
.nodeIp node ^
":" ^
Int.toString Config
.slavePort
)
859 val _
= Msg
.send (bio
, MsgQuery (QFirewall uname
))
863 NONE
=> (print
"Server closed connection unexpectedly.\n";
867 MsgFirewall ls
=> (app (fn s
=> (print s
; print
"\n")) ls
;
869 | MsgError s
=> (print ("Firewall query failed: " ^ s ^
"\n");
871 | _
=> (print
"Unexpected server reply.\n";
875 before OpenSSL
.close bio
878 fun requestDescribe dom
=
880 val (_
, bio
) = requestBio (fn () => ())
882 Msg
.send (bio
, MsgDescribe dom
);
884 NONE
=> print
"Server closed connection unexpectedly.\n"
887 MsgDescription s
=> print s
888 | MsgError s
=> print ("Description failed: " ^ s ^
"\n")
889 | _
=> print
"Unexpected server reply.\n";
893 structure SS
= StringSet
895 fun domainList dname
=
897 val dir
= Posix
.FileSys
.opendir dname
900 case Posix
.FileSys
.readdir dir
of
904 val path
= OS
.Path
.joinDirFile
{dir
= dname
,
907 fun visitDomains (path
, bfor
, dset
) =
909 val dir
= Posix
.FileSys
.opendir path
912 case Posix
.FileSys
.readdir dir
of
916 val path
= OS
.Path
.joinDirFile
{dir
= path
,
919 if Posix
.FileSys
.ST
.isDir (Posix
.FileSys
.stat path
) then
921 val bfor
= dname
:: bfor
923 loop (visitDomains (path
, bfor
,
925 String.concatWith
"." bfor
)))
932 before Posix
.FileSys
.closedir dir
935 visitNode (visitDomains (path
, [], dset
))
939 before Posix
.FileSys
.closedir dir
942 fun regenerateEither tc checker context
=
944 val () = print
"Starting regeneration....\n"
950 domainList Config
.resultRoot
958 val _
= ErrorMsg
.reset ()
961 val () = Tycheck
.disallowExterns ()
963 val () = ifReal (fn () =>
964 (ignore (OS
.Process
.system ("rm -rf " ^ Config
.oldResultRoot ^
"/*"));
965 ignore (OS
.Process
.system ("cp -r " ^ Config
.resultRoot
966 ^
"/* " ^ Config
.oldResultRoot ^
"/"));
967 Domain
.resetGlobal ()))
971 fun contactNode (node
, ip
) =
972 if node
= Config
.defaultNode
then
975 val bio
= OpenSSL
.connect (context
,
978 ^
Int.toString Config
.slavePort
)
980 Msg
.send (bio
, MsgRegenerate
);
982 NONE
=> print
"Slave closed connection unexpectedly\n"
985 MsgOk
=> print ("Slave " ^ node ^
" pre-regeneration finished\n")
986 | MsgError s
=> print ("Slave " ^ node
987 ^
" returned error: " ^
989 | _
=> print ("Slave " ^ node
990 ^
" returned unexpected command\n");
993 handle OpenSSL
.OpenSSL s
=> print ("OpenSSL error: " ^ s ^
"\n")
997 val _
= Domain
.setUser user
998 val _
= ErrorMsg
.reset ()
1000 val dname
= Config
.domtoolDir user
1002 if Posix
.FileSys
.access (dname
, []) then
1004 val dir
= Posix
.FileSys
.opendir dname
1007 case Posix
.FileSys
.readdir dir
of
1008 NONE
=> (Posix
.FileSys
.closedir dir
;
1011 if notTmp fname
then
1012 loop (OS
.Path
.joinDirFile
{dir
= dname
,
1019 val (_
, files
) = Order
.order (SOME b
) files
1021 if !ErrorMsg
.anyErrors
then
1023 print ("User " ^ user ^
"'s configuration has errors!\n");
1029 else if String.isSuffix
"_admin" user
then
1032 (print ("Couldn't access " ^ user ^
"'s ~/.domtool directory.\n");
1035 handle IO
.Io
{name
, function
, ...} =>
1036 (print ("IO error processing user " ^ user ^
": " ^ function ^
": " ^ name ^
"\n");
1038 | exn
as OS
.SysErr (s
, _
) => (print ("System error processing user " ^ user ^
": " ^ s ^
"\n");
1040 | ErrorMsg
.Error
=> (ErrorMsg
.reset ();
1041 print ("User " ^ user ^
" had a compilation error.\n");
1043 | _
=> (print
"Unknown exception during regeneration!\n";
1046 ifReal (fn () => (app contactNode Config
.nodeIps
;
1048 app
doUser (Acl
.users ());
1051 val domainsAfter
= domainList Config
.resultRoot
1052 val domainsGone
= SS
.difference (domainsBefore
, domainsAfter
)
1054 if SS
.isEmpty domainsGone
then
1057 (print
"Domains to kill:";
1058 SS
.app (fn s
=> (print
" "; print s
)) domainsGone
;
1061 Domain
.rmdom
' Config
.oldResultRoot (SS
.listItems domainsGone
));
1068 val regenerate
= regenerateEither
false eval
'
1069 val regenerateTc
= regenerateEither
true (ignore
o check
)
1073 val doms
= Acl
.class
{user
= user
, class
= "domain"}
1074 val doms
= List.filter (fn dom
=>
1075 case Acl
.whoHas
{class
= "domain", value
= dom
} of
1077 | _
=> false) (StringSet
.listItems doms
)
1083 fun now () = Date
.toString (Date
.fromTimeUniv (Time
.now ()))
1087 QApt pkg
=> if Apt
.installed pkg
then MsgYes
else MsgNo
1088 | QCron user
=> if Cron
.allowed user
then MsgYes
else MsgNo
1089 | QFtp user
=> if Ftp
.allowed user
then MsgYes
else MsgNo
1090 | QTrustedPath user
=> if TrustedPath
.query user
then MsgYes
else MsgNo
1091 | QSocket user
=> MsgSocket (SocketPerm
.query user
)
1092 | QFirewall user
=> MsgFirewall (Firewall
.query user
)
1094 fun describeQuery q
=
1096 QApt pkg
=> "Requested installation status of package " ^ pkg
1097 | QCron user
=> "Asked about cron permissions for user " ^ user
1098 | QFtp user
=> "Asked about FTP permissions for user " ^ user
1099 | QTrustedPath user
=> "Asked about trusted path settings for user " ^ user
1100 | QSocket user
=> "Asked about socket permissions for user " ^ user
1101 | QFirewall user
=> "Asked about firewall rules for user " ^ user
1105 val () = Acl
.read Config
.aclFile
1107 val context
= context (Config
.serverCert
,
1110 val _
= Domain
.set_context context
1112 val sock
= OpenSSL
.listen (context
, Config
.dispatcherPort
)
1115 (case OpenSSL
.accept sock
of
1119 val user
= OpenSSL
.peerCN bio
1120 val () = print ("\nConnection from " ^ user ^
" at " ^
now () ^
"\n")
1121 val () = Domain
.setUser user
1123 fun doIt f cleanup
=
1125 (msgLocal
, SOME msgRemote
) =>
1128 Msg
.send (bio
, MsgError msgRemote
))
1129 |
(msgLocal
, NONE
) =>
1132 Msg
.send (bio
, MsgOk
)))
1133 handle e
as (OpenSSL
.OpenSSL s
) =>
1134 (print ("OpenSSL error: " ^ s ^
"\n");
1135 app (fn x
=> print (x ^
"\n")) (SMLofNJ
.exnHistory e
);
1136 Msg
.send (bio
, MsgError ("OpenSSL error: " ^ s
))
1137 handle OpenSSL
.OpenSSL _
=> ())
1138 | OS
.SysErr (s
, _
) =>
1139 (print
"System error: ";
1142 Msg
.send (bio
, MsgError ("System error: " ^ s
))
1143 handle OpenSSL
.OpenSSL _
=> ())
1148 Msg
.send (bio
, MsgError ("Failure: " ^ s
))
1149 handle OpenSSL
.OpenSSL _
=> ())
1151 (print
"Compilation error\n";
1152 Msg
.send (bio
, MsgError
"Error during configuration evaluation")
1153 handle OpenSSL
.OpenSSL _
=> ());
1155 ignore (OpenSSL
.readChar bio
);
1157 handle OpenSSL
.OpenSSL _
=> ();
1160 fun doConfig codes
=
1162 val _
= print
"Configuration:\n"
1163 val _
= app (fn s
=> (print s
; print
"\n")) codes
1166 val outname
= OS
.FileSys
.tmpName ()
1170 val outf
= TextIO.openOut outname
1172 TextIO.output (outf
, code
);
1173 TextIO.closeOut outf
;
1177 doIt (fn () => (Env
.pre ();
1180 Msg
.send (bio
, MsgOk
);
1181 ("Configuration complete.", NONE
)))
1182 (fn () => OS
.FileSys
.remove outname
)
1186 case String.fields (fn ch
=> ch
= #
"@") s
of
1188 if user
= user
' then
1192 |
[user
', domain
] =>
1193 if Domain
.validEmailUser user
' andalso Domain
.yourDomain domain
then
1194 SOME (SetSA
.Email s
)
1200 case Msg
.recv bio
of
1201 NONE
=> (OpenSSL
.close bio
1202 handle OpenSSL
.OpenSSL _
=> ();
1206 MsgConfig code
=> doConfig
[code
]
1207 | MsgMultiConfig codes
=> doConfig codes
1210 if Acl
.query
{user
= user
, class
= "priv", value
= "all"}
1211 orelse Acl
.query
{user
= user
, class
= "priv", value
= "shutdown"} then
1212 print ("Domtool dispatcher shutting down at " ^
now () ^
"\n\n")
1214 (print
"Unauthorized shutdown command!\n";
1216 handle OpenSSL
.OpenSSL _
=> ();
1221 if Acl
.query
{user
= user
, class
= "priv", value
= "all"} then
1223 Acl
.write Config
.aclFile
;
1224 ("Granted permission " ^ #value acl ^
" to " ^ #user acl ^
" in " ^ #class acl ^
".",
1227 ("Unauthorized user asked to grant a permission!",
1228 SOME
"Not authorized to grant privileges"))
1233 if Acl
.query
{user
= user
, class
= "priv", value
= "all"} then
1235 Acl
.write Config
.aclFile
;
1236 ("Revoked permission " ^ #value acl ^
" from " ^ #user acl ^
" in " ^ #class acl ^
".",
1239 ("Unauthorized user asked to revoke a permission!",
1240 SOME
"Not authorized to revoke privileges"))
1243 | MsgListPerms user
=>
1245 (Msg
.send (bio
, MsgPerms (Acl
.queryAll user
));
1246 ("Sent permission list for user " ^ user ^
".",
1252 (Msg
.send (bio
, MsgWhoHasResponse (Acl
.whoHas perm
));
1253 ("Sent whohas response for " ^ #class perm ^
" / " ^ #value perm ^
".",
1259 if Acl
.query
{user
= user
, class
= "priv", value
= "all"}
1260 orelse List.all (fn dom
=> Acl
.query
{user
= user
, class
= "domain", value
= dom
}) doms
then
1263 Acl
.revokeFromAll
{class
= "domain", value
= dom
}) doms
;
1264 Acl
.write Config
.aclFile
;
1265 ("Removed domains" ^
foldl (fn (d
, s
) => s ^
" " ^ d
) "" doms ^
".",
1268 ("Unauthorized user asked to remove a domain!",
1269 SOME
"Not authorized to remove that domain"))
1274 if Acl
.query
{user
= user
, class
= "priv", value
= "regen"}
1275 orelse Acl
.query
{user
= user
, class
= "priv", value
= "all"} then
1276 (if regenerate context
then
1277 ("Regenerated all configuration.",
1280 ("Error regenerating configuration!",
1281 SOME
"Error regenerating configuration! Consult /var/log/domtool.log."))
1283 ("Unauthorized user asked to regenerate!",
1284 SOME
"Not authorized to regenerate"))
1287 | MsgRegenerateTc
=>
1289 if Acl
.query
{user
= user
, class
= "priv", value
= "regen"}
1290 orelse Acl
.query
{user
= user
, class
= "priv", value
= "all"} then
1291 (if regenerateTc context
then
1292 ("Checked all configuration.",
1295 ("Found a compilation error!",
1296 SOME
"Found a compilation error! Consult /var/log/domtool.log."))
1298 ("Unauthorized user asked to regenerate -tc!",
1299 SOME
"Not authorized to regenerate -tc"))
1302 | MsgRmuser user
' =>
1304 if Acl
.query
{user
= user
, class
= "priv", value
= "all"} then
1306 Acl
.write Config
.aclFile
;
1307 ("Removed user " ^ user
' ^
".",
1310 ("Unauthorized user asked to remove a user!",
1311 SOME
"Not authorized to remove users"))
1314 | MsgCreateDbUser
{dbtype
, passwd
} =>
1316 case Dbms
.lookup dbtype
of
1317 NONE
=> ("Database user creation request with unknown datatype type " ^ dbtype
,
1318 SOME ("Unknown database type " ^ dbtype
))
1320 case #adduser handler
{user
= user
, passwd
= passwd
} of
1321 NONE
=> ("Added " ^ dbtype ^
" user " ^ user ^
".",
1324 ("Error adding a " ^ dbtype ^
" user " ^ user ^
": " ^ msg
,
1325 SOME ("Error adding user: " ^ msg
)))
1328 | MsgDbPasswd
{dbtype
, passwd
} =>
1330 case Dbms
.lookup dbtype
of
1331 NONE
=> ("Database passwd request with unknown datatype type " ^ dbtype
,
1332 SOME ("Unknown database type " ^ dbtype
))
1334 case #passwd handler
{user
= user
, passwd
= passwd
} of
1335 NONE
=> ("Changed " ^ dbtype ^
" password of user " ^ user ^
".",
1338 ("Error setting " ^ dbtype ^
" password of user " ^ user ^
": " ^ msg
,
1339 SOME ("Error adding user: " ^ msg
)))
1342 | MsgCreateDb
{dbtype
, dbname
} =>
1344 if Dbms
.validDbname dbname
then
1345 case Dbms
.lookup dbtype
of
1346 NONE
=> ("Database creation request with unknown datatype type " ^ dbtype
,
1347 SOME ("Unknown database type " ^ dbtype
))
1349 case #createdb handler
{user
= user
, dbname
= dbname
} of
1350 NONE
=> ("Created database " ^ user ^
"_" ^ dbname ^
".",
1352 | SOME msg
=> ("Error creating database " ^ user ^
"_" ^ dbname ^
": " ^ msg
,
1353 SOME ("Error creating database: " ^ msg
))
1355 ("Invalid database name " ^ user ^
"_" ^ dbname
,
1356 SOME ("Invalid database name " ^ dbname
)))
1359 | MsgDropDb
{dbtype
, dbname
} =>
1361 if Dbms
.validDbname dbname
then
1362 case Dbms
.lookup dbtype
of
1363 NONE
=> ("Database drop request with unknown datatype type " ^ dbtype
,
1364 SOME ("Unknown database type " ^ dbtype
))
1366 case #dropdb handler
{user
= user
, dbname
= dbname
} of
1367 NONE
=> ("Drop database " ^ user ^
"_" ^ dbname ^
".",
1369 | SOME msg
=> ("Error dropping database " ^ user ^
"_" ^ dbname ^
": " ^ msg
,
1370 SOME ("Error dropping database: " ^ msg
))
1372 ("Invalid database name " ^ user ^
"_" ^ dbname
,
1373 SOME ("Invalid database name " ^ dbname
)))
1376 | MsgGrantDb
{dbtype
, dbname
} =>
1378 if Dbms
.validDbname dbname
then
1379 case Dbms
.lookup dbtype
of
1380 NONE
=> ("Database drop request with unknown datatype type " ^ dbtype
,
1381 SOME ("Unknown database type " ^ dbtype
))
1383 case #grant handler
{user
= user
, dbname
= dbname
} of
1384 NONE
=> ("Grant permissions to database " ^ user ^
"_" ^ dbname ^
".",
1386 | SOME msg
=> ("Error granting permissions to database " ^ user ^
"_" ^ dbname ^
": " ^ msg
,
1387 SOME ("Error granting permissions to database: " ^ msg
))
1389 ("Invalid database name " ^ user ^
"_" ^ dbname
,
1390 SOME ("Invalid database name " ^ dbname
)))
1393 | MsgListMailboxes domain
=>
1395 if not (Domain
.yourDomain domain
) then
1396 ("User wasn't authorized to list mailboxes for " ^ domain
,
1397 SOME
"You're not authorized to configure that domain.")
1399 case Vmail
.list domain
of
1400 Vmail
.Listing users
=> (Msg
.send (bio
, MsgMailboxes users
);
1401 ("Sent mailbox list for " ^ domain
,
1403 | Vmail
.Error msg
=> ("Error listing mailboxes for " ^ domain ^
": " ^ msg
,
1407 | MsgNewMailbox
{domain
, user
= emailUser
, passwd
, mailbox
} =>
1409 if not (Domain
.yourDomain domain
) then
1410 ("User wasn't authorized to add a mailbox to " ^ domain
,
1411 SOME
"You're not authorized to configure that domain.")
1412 else if not (Domain
.validEmailUser emailUser
) then
1413 ("Invalid e-mail username " ^ emailUser
,
1414 SOME
"Invalid e-mail username")
1415 else if not (CharVector
.all
Char.isGraph passwd
) then
1416 ("Invalid password",
1417 SOME
"Invalid password; may only contain printable, non-space characters")
1418 else if not (Domain
.yourPath mailbox
) then
1419 ("User wasn't authorized to add a mailbox at " ^ mailbox
,
1420 SOME ("You're not authorized to use that mailbox location. ("
1423 case Vmail
.add
{requester
= user
,
1424 domain
= domain
, user
= emailUser
,
1425 passwd
= passwd
, mailbox
= mailbox
} of
1426 NONE
=> ("Added mailbox " ^ emailUser ^
"@" ^ domain ^
" at " ^ mailbox
,
1428 | SOME msg
=> ("Error adding mailbox " ^ emailUser ^
"@" ^ domain ^
": " ^ msg
,
1432 | MsgPasswdMailbox
{domain
, user
= emailUser
, passwd
} =>
1434 if not (Domain
.yourDomain domain
) then
1435 ("User wasn't authorized to change password of a mailbox for " ^ domain
,
1436 SOME
"You're not authorized to configure that domain.")
1437 else if not (Domain
.validEmailUser emailUser
) then
1438 ("Invalid e-mail username " ^ emailUser
,
1439 SOME
"Invalid e-mail username")
1440 else if not (CharVector
.all
Char.isGraph passwd
) then
1441 ("Invalid password",
1442 SOME
"Invalid password; may only contain printable, non-space characters")
1444 case Vmail
.passwd
{domain
= domain
, user
= emailUser
,
1446 NONE
=> ("Changed password of mailbox " ^ emailUser ^
"@" ^ domain
,
1448 | SOME msg
=> ("Error changing mailbox password for " ^ emailUser ^
"@" ^ domain ^
": " ^ msg
,
1452 | MsgRmMailbox
{domain
, user
= emailUser
} =>
1454 if not (Domain
.yourDomain domain
) then
1455 ("User wasn't authorized to change password of a mailbox for " ^ domain
,
1456 SOME
"You're not authorized to configure that domain.")
1457 else if not (Domain
.validEmailUser emailUser
) then
1458 ("Invalid e-mail username " ^ emailUser
,
1459 SOME
"Invalid e-mail username")
1461 case Vmail
.rm
{domain
= domain
, user
= emailUser
} of
1462 NONE
=> ("Deleted mailbox " ^ emailUser ^
"@" ^ domain
,
1464 | SOME msg
=> ("Error deleting mailbox " ^ emailUser ^
"@" ^ domain ^
": " ^ msg
,
1468 | MsgSaQuery addr
=>
1470 case checkAddr addr
of
1471 NONE
=> ("User tried to query SA filtering for " ^ addr
,
1472 SOME
"You aren't allowed to configure SA filtering for that recipient.")
1473 | SOME addr
' => (Msg
.send (bio
, MsgSaStatus (SetSA
.query addr
'));
1474 ("Queried SA filtering status for " ^ addr
,
1478 |
MsgSaSet (addr
, b
) =>
1480 case checkAddr addr
of
1481 NONE
=> ("User tried to set SA filtering for " ^ addr
,
1482 SOME
"You aren't allowed to configure SA filtering for that recipient.")
1483 | SOME addr
' => (SetSA
.set (addr
', b
);
1484 Msg
.send (bio
, MsgOk
);
1485 ("Set SA filtering status for " ^ addr ^
" to "
1486 ^
(if b
then "ON" else "OFF"),
1490 | MsgSmtpLogReq domain
=>
1492 if not (Domain
.yourDomain domain
) then
1493 ("Unauthorized user tried to request SMTP logs for " ^ domain
,
1494 SOME
"You aren't authorized to configure that domain.")
1496 (SmtpLog
.search (fn line
=> Msg
.send (bio
, MsgSmtpLogRes line
))
1498 ("Requested SMTP logs for " ^ domain
,
1503 doIt (fn () => (Msg
.send (bio
, answerQuery q
);
1508 | MsgMysqlFixperms
=>
1509 doIt (fn () => if OS
.Process
.isSuccess
1510 (OS
.Process
.system
"/usr/bin/sudo -H /afs/hcoop.net/common/etc/scripts/mysql-grant-table-drop") then
1511 ("Requested mysql-fixperms",
1514 ("Requested mysql-fixperms, but execution failed!",
1515 SOME
"Script execution failed."))
1518 | MsgDescribe dom
=>
1519 doIt (fn () => if not (Domain
.validDomain dom
) then
1520 ("Requested description of invalid domain " ^ dom
,
1521 SOME
"Invalid domain name")
1522 else if not (Domain
.yourDomain dom
1523 orelse Acl
.query
{user
= user
, class
= "priv", value
= "all"}) then
1524 ("Requested description of " ^ dom ^
", but not allowed access",
1525 SOME
"Access denied")
1527 (Msg
.send (bio
, MsgDescription (Domain
.describe dom
));
1528 ("Sent description of domain " ^ dom
,
1533 doIt (fn () => ("Unexpected command",
1534 SOME
"Unexpected command"))
1539 handle e
as (OpenSSL
.OpenSSL s
) =>
1540 (print ("OpenSSL error: " ^ s ^
"\n");
1541 app (fn x
=> print (x ^
"\n")) (SMLofNJ
.exnHistory e
);
1543 handle OpenSSL
.OpenSSL _
=> ();
1545 | OS
.SysErr (s
, _
) =>
1546 (print ("System error: " ^ s ^
"\n");
1548 handle OpenSSL
.OpenSSL _
=> ();
1550 | IO
.Io
{name
, function
, cause
} =>
1551 (print ("IO error: " ^ function ^
" for " ^ name ^
"\n");
1552 app (fn x
=> print (x ^
"\n")) (SMLofNJ
.exnHistory cause
);
1554 handle OpenSSL
.OpenSSL _
=> ();
1556 | OS
.Path
.InvalidArc
=>
1557 (print
"Invalid arc\n";
1559 handle OpenSSL
.OpenSSL _
=> ();
1562 (print
"Unknown exception in main loop!\n";
1563 app (fn x
=> print (x ^
"\n")) (SMLofNJ
.exnHistory e
);
1565 handle OpenSSL
.OpenSSL _
=> ();
1567 handle e
as (OpenSSL
.OpenSSL s
) =>
1568 (print ("OpenSSL error: " ^ s ^
"\n");
1569 app (fn x
=> print (x ^
"\n")) (SMLofNJ
.exnHistory e
);
1571 | OS
.SysErr (s
, _
) =>
1572 (print ("System error: " ^ s ^
"\n");
1574 | IO
.Io
{name
, function
, cause
} =>
1575 (print ("IO error: " ^ function ^
" for " ^ name ^
"\n");
1576 app (fn x
=> print (x ^
"\n")) (SMLofNJ
.exnHistory cause
);
1579 (print
"Unknown exception in main loop!\n";
1580 app (fn x
=> print (x ^
"\n")) (SMLofNJ
.exnHistory e
);
1583 print ("Domtool dispatcher starting up at " ^
now () ^
"\n");
1584 print
"Listening for connections....\n";
1586 OpenSSL
.shutdown sock
1591 val host
= Slave
.hostname ()
1593 val context
= context (Config
.certDir ^
"/" ^ host ^
".pem",
1594 Config
.keyDir ^
"/" ^ host ^
"/key.pem",
1597 val sock
= OpenSSL
.listen (context
, Config
.slavePort
)
1599 val _
= print ("Slave server starting at " ^
now () ^
"\n")
1602 case OpenSSL
.accept sock
of
1606 val peer
= OpenSSL
.peerCN bio
1607 val () = print ("\nConnection from " ^ peer ^
" at " ^
now () ^
"\n")
1609 if peer
= Config
.dispatcherName
then let
1611 case Msg
.recv bio
of
1612 NONE
=> print
"Dispatcher closed connection unexpectedly\n"
1615 MsgFile file
=> loop
' (file
:: files
)
1616 | MsgDoFiles
=> (Slave
.handleChanges files
;
1617 Msg
.send (bio
, MsgOk
))
1618 | MsgRegenerate
=> (Domain
.resetLocal ();
1619 Msg
.send (bio
, MsgOk
))
1620 | _
=> (print
"Dispatcher sent unexpected command\n";
1621 Msg
.send (bio
, MsgError
"Unexpected command"))
1624 ignore (OpenSSL
.readChar bio
);
1628 else if peer
= "domtool" then
1629 case Msg
.recv bio
of
1630 SOME MsgShutdown
=> (OpenSSL
.close bio
;
1631 print ("Shutting down at " ^
now () ^
"\n\n"))
1632 | _
=> (OpenSSL
.close bio
;
1635 case Msg
.recv bio
of
1636 SOME (MsgQuery q
) => (print (describeQuery q ^
"\n");
1637 Msg
.send (bio
, answerQuery q
);
1638 ignore (OpenSSL
.readChar bio
);
1641 | _
=> (OpenSSL
.close bio
;
1643 end handle OpenSSL
.OpenSSL s
=>
1644 (print ("OpenSSL error: " ^ s ^
"\n");
1646 handle OpenSSL
.OpenSSL _
=> ();
1648 | e
as OS
.SysErr (s
, _
) =>
1649 (app (fn s
=> print (s ^
"\n")) (SMLofNJ
.exnHistory e
);
1650 print ("System error: "^ s ^
"\n");
1652 handle OpenSSL
.OpenSSL _
=> ();
1654 | IO
.Io
{function
, name
, ...} =>
1655 (print ("IO error: " ^ function ^
": " ^ name ^
"\n");
1657 handle OpenSSL
.OpenSSL _
=> ();
1660 (app (fn s
=> print (s ^
"\n")) (SMLofNJ
.exnHistory e
);
1661 print
"Uncaught exception!\n";
1663 handle OpenSSL
.OpenSSL _
=> ();
1667 OpenSSL
.shutdown sock
1672 val dir
= Posix
.FileSys
.opendir Config
.libRoot
1675 case Posix
.FileSys
.readdir dir
of
1676 NONE
=> (Posix
.FileSys
.closedir dir
;
1679 if String.isSuffix
".dtl" fname
then
1680 loop (OS
.Path
.joinDirFile
{dir
= Config
.libRoot
,
1689 fun autodocBasis outdir
=
1690 Autodoc
.autodoc
{outdir
= outdir
, infiles
= listBasis ()}