fun requestApt {node, pkg} =
let
val (user, context) = requestContext (fn () => ())
- val bio = OpenSSL.connect true (context, if node = Config.masterNode then
+ val bio = OpenSSL.connect true (context, if node = Config.dispatcherName then
dispatcher
else
Domain.nodeIp node ^ ":" ^ Int.toString Config.slavePort)
before OpenSSL.close bio
end
+fun requestAptExists {node, pkg} =
+ let
+ val (user, context) = requestContext (fn () => ())
+ val bio = OpenSSL.connect true (context, if node = Config.dispatcherName then
+ dispatcher
+ else
+ Domain.nodeIp node ^ ":" ^ Int.toString Config.slavePort)
+
+ val _ = Msg.send (bio, MsgQuery (QAptExists pkg))
+
+ fun loop () =
+ case Msg.recv bio of
+ NONE => (print "Server closed connection unexpectedly.\n";
+ OS.Process.failure)
+ | SOME m =>
+ case m of
+ MsgYes => (print "Package exists.\n";
+ OS.Process.success)
+ | MsgNo => (print "Package does not exist.\n";
+ OS.Process.failure)
+ | MsgError s => (print ("APT existence query failed: " ^ s ^ "\n");
+ OS.Process.failure)
+ | _ => (print "Unexpected server reply.\n";
+ OS.Process.failure)
+ in
+ loop ()
+ before OpenSSL.close bio
+ end
+
fun requestCron {node, uname} =
let
val (user, context) = requestContext (fn () => ())
- val bio = OpenSSL.connect true (context, if node = Config.masterNode then
+ val bio = OpenSSL.connect true (context, if node = Config.dispatcherName then
dispatcher
else
Domain.nodeIp node ^ ":" ^ Int.toString Config.slavePort)
fun requestFtp {node, uname} =
let
val (user, context) = requestContext (fn () => ())
- val bio = OpenSSL.connect true (context, if node = Config.masterNode then
+ val bio = OpenSSL.connect true (context, if node = Config.dispatcherName then
dispatcher
else
Domain.nodeIp node ^ ":" ^ Int.toString Config.slavePort)
fun requestTrustedPath {node, uname} =
let
val (user, context) = requestContext (fn () => ())
- val bio = OpenSSL.connect true (context, if node = Config.masterNode then
+ val bio = OpenSSL.connect true (context, if node = Config.dispatcherName then
dispatcher
else
Domain.nodeIp node ^ ":" ^ Int.toString Config.slavePort)
fun requestSocketPerm {node, uname} =
let
val (user, context) = requestContext (fn () => ())
- val bio = OpenSSL.connect true (context, if node = Config.masterNode then
+ val bio = OpenSSL.connect true (context, if node = Config.dispatcherName then
dispatcher
else
Domain.nodeIp node ^ ":" ^ Int.toString Config.slavePort)
fun requestFirewall {node, uname} =
let
val (user, context) = requestContext (fn () => ())
- val bio = OpenSSL.connect true (context, if node = Config.masterNode then
+ val bio = OpenSSL.connect true (context, if node = Config.dispatcherName then
dispatcher
else
Domain.nodeIp node ^ ":" ^ Int.toString Config.slavePort)
OpenSSL.close bio
end
+fun requestFirewallRegen node =
+ let
+ val (user, context) = requestContext (fn () => ())
+ val bio = OpenSSL.connect true (context, Domain.nodeIp node ^ ":" ^ Int.toString Config.slavePort)
+ (* Only supporting on slave nodes *)
+
+ val _ = Msg.send (bio, MsgFirewallRegen)
+
+ fun handleResult () =
+ case Msg.recv bio of
+ NONE => (print "Server closed connection unexpectedly.\n";
+ OS.Process.failure)
+ | SOME m =>
+ case m of
+ MsgOk => (print "Firewall regenerated.\n";
+ OS.Process.success)
+ | MsgError s => (print ("Firewall regeneration failed: " ^ s ^ "\n");
+ OS.Process.failure)
+ | _ => (print "Unexpected server reply.\n";
+ OS.Process.failure)
+ in
+ handleResult()
+ before OpenSSL.close bio
+ end
+
structure SS = StringSet
fun domainList dname =
fun answerQuery q =
case q of
QApt pkg => if Apt.installed pkg then MsgYes else MsgNo
+ | QAptExists pkg => if Apt.exists pkg then MsgYes else MsgNo
| QCron user => if Cron.allowed user then MsgYes else MsgNo
| QFtp user => if Ftp.allowed user then MsgYes else MsgNo
| QTrustedPath user => if TrustedPath.query user then MsgYes else MsgNo
fun describeQuery q =
case q of
QApt pkg => "Requested installation status of package " ^ pkg
+ | QAptExists pkg => "Requested if package " ^ pkg ^ " exists"
| QCron user => "Asked about cron permissions for user " ^ user
| QFtp user => "Asked about FTP permissions for user " ^ user
| QTrustedPath user => "Asked about trusted path settings for user " ^ user
val _ = print ("Slave server starting at " ^ now () ^ "\n")
fun loop () =
- (case OpenSSL.accept sock of
+ (Acl.read Config.aclFile;
+ case OpenSSL.accept sock of
NONE => ()
| SOME bio =>
let
("Requested mysql-fixperms, but execution failed!",
SOME "Script execution failed."))
(fn () => ()))
+ | MsgFirewallRegen =>
+ doIt (fn () => if Acl.query {user = user, class = "priv", value = "all"} then
+ if List.exists (fn x => x = host) Config.Firewall.firewallNodes then
+ if (Firewall.generateFirewallConfig (Firewall.parseRules ()) andalso Firewall.publishConfig ())
+ then
+ ("Firewall rules regenerated.", NONE)
+ else
+ ("Rules regeneration failed!", SOME "Script execution failed.")
+ else ("Node not controlled by domtool firewall.", SOME (host))
+ else
+ ("Not authorized to regenerate firewall.", SOME ("Unauthorized user " ^ user ^ " attempted to regenerated firewall")))
+ (fn () => ())
| _ => (OpenSSL.close bio;
loop ())