--- /dev/null
+(* HCoop Domtool (http://hcoop.sourceforge.net/)
+ * Copyright (c) 2006, Adam Chlipala
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ *)
+
+(* Administration of Courier IMAP virtual mailboxes *)
+
+structure Vmail :> VMAIL = struct
+
+fun rebuild () = Slave.shell [Config.Courier.postReload]
+
+fun add {domain, requester, user, passwd, mailbox} =
+ let
+ val udb = Posix.SysDB.getpwnam requester
+ val uid = Word.toInt (Posix.ProcEnv.uidToWord (Posix.SysDB.Passwd.uid udb))
+ val gid = Word.toInt (Posix.ProcEnv.gidToWord (Posix.SysDB.Passwd.gid udb))
+ val home = Posix.SysDB.Passwd.home udb
+ in
+ if not (Slave.shell [Config.Courier.userdb, " \"", domain, "/", user, "@", domain,
+ "\" set home=", home, " mail=", mailbox,
+ " uid=", Int.toString uid, " gid=" ^ Int.toString gid]) then
+ SOME "Error running userdb"
+ else
+ let
+ val proc = Unix.execute ("/bin/sh", ["-c",
+ String.concat [Config.Courier.userdbpw, " | ", Config.Courier.userdb,
+ " \"", domain, "/", user, "@", domain, "\" set systempw"]])
+ val outf = Unix.textOutstreamOf proc
+ in
+ TextIO.output (outf, String.concat [passwd, "\n", passwd, "\n"]);
+ TextIO.closeOut outf;
+ if not (OS.Process.isSuccess (Unix.reap proc)) then
+ (ignore (Slave.shell [Config.Courier.userdb, " \"", domain, "/", user, "@", domain, "\" del"]);
+ SOME "Error setting password")
+ else if not (rebuild ()) then
+ (ignore (Slave.shell [Config.Courier.userdb, " \"", domain, "/", user, "@", domain, "\" del"]);
+ SOME "Error reloading userdb")
+ else
+ NONE
+ end
+ end
+
+fun passwd {domain, user, passwd} =
+ let
+ val proc = Unix.execute ("/bin/sh", ["-c",
+ String.concat [Config.Courier.userdbpw, " | ", Config.Courier.userdb,
+ " \"", domain, "/", user, "@", domain, "\" set systempw"]])
+ val outf = Unix.textOutstreamOf proc
+ in
+ TextIO.output (outf, String.concat [passwd, "\n", passwd, "\n"]);
+ TextIO.closeOut outf;
+ if not (OS.Process.isSuccess (Unix.reap proc)) then
+ SOME "Error setting password"
+ else if not (rebuild ()) then
+ SOME "Error reloading userdb"
+ else
+ NONE
+ end
+
+fun rm {domain, user} =
+ if not (Slave.shell [Config.Courier.userdb, " \"", domain, "/", user, "@", domain, "\" del"]) then
+ SOME "Error deleting password entry"
+ else if not (rebuild ()) then
+ SOME "Error reloading userdb"
+ else
+ NONE
+
+end
OpenSSL.close bio
end
+fun requestNewMailbox p =
+ let
+ val (_, bio) = requestBio (fn () => ())
+ in
+ Msg.send (bio, MsgNewMailbox p);
+ case Msg.recv bio of
+ NONE => print "Server closed connection unexpectedly.\n"
+ | SOME m =>
+ case m of
+ MsgOk => print ("A mapping for " ^ #user p ^ "@" ^ #domain p ^ " has been created.\n")
+ | MsgError s => print ("Creation failed: " ^ s ^ "\n")
+ | _ => print "Unexpected server reply.\n";
+ OpenSSL.close bio
+ end
+
+fun requestPasswdMailbox p =
+ let
+ val (_, bio) = requestBio (fn () => ())
+ in
+ Msg.send (bio, MsgPasswdMailbox p);
+ case Msg.recv bio of
+ NONE => print "Server closed connection unexpectedly.\n"
+ | SOME m =>
+ case m of
+ MsgOk => print ("The password for " ^ #user p ^ "@" ^ #domain p ^ " has been changed.\n")
+ | MsgError s => print ("Set failed: " ^ s ^ "\n")
+ | _ => print "Unexpected server reply.\n";
+ OpenSSL.close bio
+ end
+
+fun requestRmMailbox p =
+ let
+ val (_, bio) = requestBio (fn () => ())
+ in
+ Msg.send (bio, MsgRmMailbox p);
+ case Msg.recv bio of
+ NONE => print "Server closed connection unexpectedly.\n"
+ | SOME m =>
+ case m of
+ MsgOk => print ("The mapping for mailbox " ^ #user p ^ "@" ^ #domain p ^ " has been deleted.\n")
+ | MsgError s => print ("Remove failed: " ^ s ^ "\n")
+ | _ => print "Unexpected server reply.\n";
+ OpenSSL.close bio
+ end
+
fun regenerate context =
let
val b = basis ()
val () = print ("\nConnection from " ^ user ^ "\n")
val () = Domain.setUser user
+ fun doIt f cleanup =
+ ((case f () of
+ (msgLocal, SOME msgRemote) =>
+ (print msgLocal;
+ print "\n";
+ Msg.send (bio, MsgError msgRemote))
+ | (msgLocal, NONE) =>
+ (print msgLocal;
+ print "\n";
+ Msg.send (bio, MsgOk)))
+ handle OpenSSL.OpenSSL _ =>
+ print "OpenSSL error\n"
+ | OS.SysErr (s, _) =>
+ (print "System error: ";
+ print s;
+ print "\n";
+ Msg.send (bio, MsgError ("System error: " ^ s))
+ handle OpenSSL.OpenSSL _ => ())
+ | Fail s =>
+ (print "Failure: ";
+ print s;
+ print "\n";
+ Msg.send (bio, MsgError ("Failure: " ^ s))
+ handle OpenSSL.OpenSSL _ => ())
+ | ErrorMsg.Error =>
+ (print "Compilation error\n";
+ Msg.send (bio, MsgError "Error during configuration evaluation")
+ handle OpenSSL.OpenSSL _ => ());
+ (cleanup ();
+ ignore (OpenSSL.readChar bio);
+ OpenSSL.close bio)
+ handle OpenSSL.OpenSSL _ => ();
+ loop ())
+
fun doConfig codes =
let
val _ = print "Configuration:\n"
eval' outname
end
in
- (Env.pre ();
- app doOne codes;
- Env.post ();
- Msg.send (bio, MsgOk))
- handle ErrorMsg.Error =>
- (print "Compilation error\n";
- Msg.send (bio,
- MsgError "Error during configuration evaluation"))
- | OpenSSL.OpenSSL s =>
- (print "OpenSSL error\n";
- Msg.send (bio,
- MsgError
- ("Error during configuration evaluation: "
- ^ s)));
- OS.FileSys.remove outname;
- (ignore (OpenSSL.readChar bio);
- OpenSSL.close bio)
- handle OpenSSL.OpenSSL _ => ();
- loop ()
+ doIt (fn () => (Env.pre ();
+ app doOne codes;
+ Env.post ();
+ Msg.send (bio, MsgOk);
+ ("Configuration complete.", NONE)))
+ (fn () => OS.FileSys.remove outname)
end
fun cmdLoop () =
| MsgMultiConfig codes => doConfig codes
| MsgGrant acl =>
- if Acl.query {user = user, class = "priv", value = "all"} then
- ((Acl.grant acl;
- Acl.write Config.aclFile;
- Msg.send (bio, MsgOk);
- print ("Granted permission " ^ #value acl ^ " to " ^ #user acl ^ " in " ^ #class acl ^ ".\n"))
- handle OpenSSL.OpenSSL s =>
- (print "OpenSSL error\n";
- Msg.send (bio,
- MsgError
- ("Error during granting: "
- ^ s)));
- (ignore (OpenSSL.readChar bio);
- OpenSSL.close bio)
- handle OpenSSL.OpenSSL _ => ();
- loop ())
- else
- ((Msg.send (bio, MsgError "Not authorized to grant privileges");
- print "Unauthorized user asked to grant a permission!\n";
- ignore (OpenSSL.readChar bio);
- OpenSSL.close bio)
- handle OpenSSL.OpenSSL _ => ();
- loop ())
-
+ doIt (fn () =>
+ if Acl.query {user = user, class = "priv", value = "all"} then
+ (Acl.grant acl;
+ Acl.write Config.aclFile;
+ ("Granted permission " ^ #value acl ^ " to " ^ #user acl ^ " in " ^ #class acl ^ ".",
+ NONE))
+ else
+ ("Unauthorized user asked to grant a permission!",
+ SOME "Not authorized to grant privileges"))
+ (fn () => ())
+
| MsgRevoke acl =>
- if Acl.query {user = user, class = "priv", value = "all"} then
- ((Acl.revoke acl;
- Acl.write Config.aclFile;
- Msg.send (bio, MsgOk);
- print ("Revoked permission " ^ #value acl ^ " from " ^ #user acl ^ " in " ^ #class acl ^ ".\n"))
- handle OpenSSL.OpenSSL s =>
- (print "OpenSSL error\n";
- Msg.send (bio,
- MsgError
- ("Error during revocation: "
- ^ s)));
- (ignore (OpenSSL.readChar bio);
- OpenSSL.close bio)
- handle OpenSSL.OpenSSL _ => ();
- loop ())
- else
- ((Msg.send (bio, MsgError "Not authorized to revoke privileges");
- print "Unauthorized user asked to revoke a permission!\n";
- ignore (OpenSSL.readChar bio);
- OpenSSL.close bio)
- handle OpenSSL.OpenSSL _ => ();
- loop ())
+ doIt (fn () =>
+ if Acl.query {user = user, class = "priv", value = "all"} then
+ (Acl.revoke acl;
+ Acl.write Config.aclFile;
+ ("Revoked permission " ^ #value acl ^ " from " ^ #user acl ^ " in " ^ #class acl ^ ".",
+ NONE))
+ else
+ ("Unauthorized user asked to revoke a permission!",
+ SOME "Not authorized to revoke privileges"))
+ (fn () => ())
| MsgListPerms user =>
- ((Msg.send (bio, MsgPerms (Acl.queryAll user));
- print ("Sent permission list for user " ^ user ^ ".\n"))
- handle OpenSSL.OpenSSL s =>
- (print "OpenSSL error\n";
- Msg.send (bio,
- MsgError
- ("Error during permission listing: "
- ^ s)));
- (ignore (OpenSSL.readChar bio);
- OpenSSL.close bio)
- handle OpenSSL.OpenSSL _ => ();
- loop ())
+ doIt (fn () =>
+ (Msg.send (bio, MsgPerms (Acl.queryAll user));
+ ("Sent permission list for user " ^ user ^ ".",
+ NONE)))
+ (fn () => ())
| MsgWhoHas perm =>
- ((Msg.send (bio, MsgWhoHasResponse (Acl.whoHas perm));
- print ("Sent whohas response for " ^ #class perm ^ " / " ^ #value perm ^ ".\n"))
- handle OpenSSL.OpenSSL s =>
- (print "OpenSSL error\n";
- Msg.send (bio,
- MsgError
- ("Error during whohas: "
- ^ s)));
- (ignore (OpenSSL.readChar bio);
- OpenSSL.close bio)
- handle OpenSSL.OpenSSL _ => ();
- loop ())
+ doIt (fn () =>
+ (Msg.send (bio, MsgWhoHasResponse (Acl.whoHas perm));
+ ("Sent whohas response for " ^ #class perm ^ " / " ^ #value perm ^ ".",
+ NONE)))
+ (fn () => ())
| MsgRmdom doms =>
- if Acl.query {user = user, class = "priv", value = "all"}
- orelse List.all (fn dom => Acl.query {user = user, class = "domain", value = dom}) doms then
- ((Domain.rmdom doms;
- app (fn dom =>
- Acl.revokeFromAll {class = "domain", value = dom}) doms;
- Acl.write Config.aclFile;
- Msg.send (bio, MsgOk);
- print ("Removed domains" ^ foldl (fn (d, s) => s ^ " " ^ d) "" doms ^ ".\n"))
- handle OpenSSL.OpenSSL s =>
- (print "OpenSSL error\n";
- Msg.send (bio,
- MsgError
- ("Error during revocation: "
- ^ s)));
- (ignore (OpenSSL.readChar bio);
- OpenSSL.close bio)
- handle OpenSSL.OpenSSL _ => ();
- loop ())
- else
- ((Msg.send (bio, MsgError "Not authorized to remove that domain");
- print "Unauthorized user asked to remove a domain!\n";
- ignore (OpenSSL.readChar bio);
- OpenSSL.close bio)
- handle OpenSSL.OpenSSL _ => ();
- loop ())
+ doIt (fn () =>
+ if Acl.query {user = user, class = "priv", value = "all"}
+ orelse List.all (fn dom => Acl.query {user = user, class = "domain", value = dom}) doms then
+ (Domain.rmdom doms;
+ app (fn dom =>
+ Acl.revokeFromAll {class = "domain", value = dom}) doms;
+ Acl.write Config.aclFile;
+ ("Removed domains" ^ foldl (fn (d, s) => s ^ " " ^ d) "" doms ^ ".",
+ NONE))
+ else
+ ("Unauthorized user asked to remove a domain!",
+ SOME "Not authorized to remove that domain"))
+ (fn () => ())
| MsgRegenerate =>
- if Acl.query {user = user, class = "priv", value = "regen"}
- orelse Acl.query {user = user, class = "priv", value = "all"} then
- ((regenerate context;
- Msg.send (bio, MsgOk);
- print "Regenerated all configuration.\n")
- handle OpenSSL.OpenSSL s =>
- (print "OpenSSL error\n";
- Msg.send (bio,
- MsgError
- ("Error during regeneration: "
- ^ s)));
- (ignore (OpenSSL.readChar bio);
- OpenSSL.close bio)
- handle OpenSSL.OpenSSL _ => ();
- loop ())
- else
- ((Msg.send (bio, MsgError "Not authorized to regeneration");
- print "Unauthorized user asked to regenerate!\n";
- ignore (OpenSSL.readChar bio);
- OpenSSL.close bio)
- handle OpenSSL.OpenSSL _ => ();
- loop ())
+ doIt (fn () =>
+ if Acl.query {user = user, class = "priv", value = "regen"}
+ orelse Acl.query {user = user, class = "priv", value = "all"} then
+ (regenerate context;
+ ("Regenerated all configuration.",
+ NONE))
+ else
+ ("Unauthorized user asked to regenerate!",
+ SOME "Not authorized to regenerate"))
+ (fn () => ())
| MsgRmuser user' =>
- if Acl.query {user = user, class = "priv", value = "all"} then
- ((rmuser user';
- Acl.write Config.aclFile;
- Msg.send (bio, MsgOk);
- print ("Removed user " ^ user' ^ ".\n"))
- handle OpenSSL.OpenSSL s =>
- (print "OpenSSL error\n";
- Msg.send (bio,
- MsgError
- ("Error during revocation: "
- ^ s)));
- (ignore (OpenSSL.readChar bio);
- OpenSSL.close bio)
- handle OpenSSL.OpenSSL _ => ();
- loop ())
- else
- ((Msg.send (bio, MsgError "Not authorized to remove users");
- print "Unauthorized user asked to remove a user!\n";
- ignore (OpenSSL.readChar bio);
- OpenSSL.close bio)
- handle OpenSSL.OpenSSL _ => ();
- loop ())
+ doIt (fn () =>
+ if Acl.query {user = user, class = "priv", value = "all"} then
+ (rmuser user';
+ Acl.write Config.aclFile;
+ ("Removed user " ^ user' ^ ".",
+ NONE))
+ else
+ ("Unauthorized user asked to remove a user!",
+ SOME "Not authorized to remove users"))
+ (fn () => ())
| MsgCreateDbUser {dbtype, passwd} =>
- (case Dbms.lookup dbtype of
- NONE => ((Msg.send (bio, MsgError ("Unknown database type " ^ dbtype));
- print ("Database user creation request with unknown datatype type " ^ dbtype);
- ignore (OpenSSL.readChar bio))
- handle OpenSSL.OpenSSL _ => ();
- OpenSSL.close bio
- handle OpenSSL.OpenSSL _ => ();
- loop ())
- | SOME handler =>
- case #adduser handler {user = user, passwd = passwd} of
- NONE => ((Msg.send (bio, MsgOk);
- print ("Added " ^ dbtype ^ " user " ^ user ^ ".\n"))
- handle OpenSSL.OpenSSL s =>
- (print "OpenSSL error\n";
- Msg.send (bio,
- MsgError
- ("Error during creation: "
- ^ s)));
- (ignore (OpenSSL.readChar bio);
- OpenSSL.close bio)
- handle OpenSSL.OpenSSL _ => ();
- loop ())
- | SOME msg => ((Msg.send (bio, MsgError ("Error adding user: " ^ msg));
- print ("Error adding a " ^ dbtype ^ " user " ^ user ^ ": " ^ msg ^ "\n");
- ignore (OpenSSL.readChar bio);
- OpenSSL.close bio)
- handle OpenSSL.OpenSSL _ => ();
- loop ()))
+ doIt (fn () =>
+ case Dbms.lookup dbtype of
+ NONE => ("Database user creation request with unknown datatype type " ^ dbtype,
+ SOME ("Unknown database type " ^ dbtype))
+ | SOME handler =>
+ case #adduser handler {user = user, passwd = passwd} of
+ NONE => ("Added " ^ dbtype ^ " user " ^ user ^ ".",
+ NONE)
+ | SOME msg =>
+ ("Error adding a " ^ dbtype ^ " user " ^ user ^ ": " ^ msg,
+ SOME ("Error adding user: " ^ msg)))
+ (fn () => ())
| MsgCreateDbTable {dbtype, dbname} =>
- if Dbms.validDbname dbname then
- (case Dbms.lookup dbtype of
- NONE => ((Msg.send (bio, MsgError ("Unknown database type " ^ dbtype));
- print ("Database creation request with unknown datatype type " ^ dbtype);
- ignore (OpenSSL.readChar bio))
- handle OpenSSL.OpenSSL _ => ();
- OpenSSL.close bio
- handle OpenSSL.OpenSSL _ => ();
- loop ())
- | SOME handler =>
- case #createdb handler {user = user, dbname = dbname} of
- NONE => ((Msg.send (bio, MsgOk);
- print ("Created database " ^ user ^ "_" ^ dbname ^ ".\n"))
- handle OpenSSL.OpenSSL s =>
- (print "OpenSSL error\n";
- Msg.send (bio,
- MsgError
- ("Error during creation: "
- ^ s)));
- (ignore (OpenSSL.readChar bio);
- OpenSSL.close bio)
- handle OpenSSL.OpenSSL _ => ();
- loop ())
- | SOME msg => ((Msg.send (bio, MsgError ("Error creating database: " ^ msg));
- print ("Error creating database " ^ user ^ "_" ^ dbname ^ ": " ^ msg ^ "\n");
- ignore (OpenSSL.readChar bio);
- OpenSSL.close bio)
- handle OpenSSL.OpenSSL _ => ();
- loop ()))
- else
- ((Msg.send (bio, MsgError ("Invalid database name " ^ dbname));
- print ("Invalid database name " ^ user ^ "_" ^ dbname ^ "\n");
- ignore (OpenSSL.readChar bio);
- OpenSSL.close bio)
- handle OpenSSL.OpenSSL _ => ();
- loop ())
+ doIt (fn () =>
+ if Dbms.validDbname dbname then
+ case Dbms.lookup dbtype of
+ NONE => ("Database creation request with unknown datatype type " ^ dbtype,
+ SOME ("Unknown database type " ^ dbtype))
+ | SOME handler =>
+ case #createdb handler {user = user, dbname = dbname} of
+ NONE => ("Created database " ^ user ^ "_" ^ dbname ^ ".",
+ NONE)
+ | SOME msg => ("Error creating database " ^ user ^ "_" ^ dbname ^ ": " ^ msg,
+ SOME ("Error creating database: " ^ msg))
+ else
+ ("Invalid database name " ^ user ^ "_" ^ dbname,
+ SOME ("Invalid database name " ^ dbname)))
+ (fn () => ())
+
+ | MsgNewMailbox {domain, user = emailUser, passwd, mailbox} =>
+ doIt (fn () =>
+ if not (Domain.yourDomain domain) then
+ ("User wasn't authorized to add a mailbox to " ^ domain,
+ SOME "You're not authorized to configure that domain.")
+ else if not (Domain.validUser emailUser) then
+ ("Invalid e-mail username " ^ emailUser,
+ SOME "Invalid e-mail username")
+ else if not (CharVector.all Char.isGraph passwd) then
+ ("Invalid password",
+ SOME "Invalid password; may only contain printable, non-space characters")
+ else if not (Domain.yourPath mailbox) then
+ ("User wasn't authorized to add a mailbox at " ^ mailbox,
+ SOME "You're not authorized to use that mailbox location.")
+ else
+ case Vmail.add {requester = user,
+ domain = domain, user = emailUser,
+ passwd = passwd, mailbox = mailbox} of
+ NONE => ("Added mailbox " ^ emailUser ^ "@" ^ domain ^ " at " ^ mailbox,
+ NONE)
+ | SOME msg => ("Error adding mailbox: " ^ msg,
+ SOME msg))
+ (fn () => ())
+
+ | MsgPasswdMailbox {domain, user = emailUser, passwd} =>
+ doIt (fn () =>
+ if not (Domain.yourDomain domain) then
+ ("User wasn't authorized to change password of a mailbox for " ^ domain,
+ SOME "You're not authorized to configure that domain.")
+ else if not (Domain.validUser emailUser) then
+ ("Invalid e-mail username " ^ emailUser,
+ SOME "Invalid e-mail username")
+ else if not (CharVector.all Char.isGraph passwd) then
+ ("Invalid password",
+ SOME "Invalid password; may only contain printable, non-space characters")
+ else
+ case Vmail.passwd {domain = domain, user = emailUser,
+ passwd = passwd} of
+ NONE => ("Changed password of mailbox " ^ emailUser ^ "@" ^ domain,
+ NONE)
+ | SOME msg => ("Error changing mailbox password: " ^ msg,
+ SOME msg))
+ (fn () => ())
+
+ | MsgRmMailbox {domain, user = emailUser} =>
+ doIt (fn () =>
+ if not (Domain.yourDomain domain) then
+ ("User wasn't authorized to change password of a mailbox for " ^ domain,
+ SOME "You're not authorized to configure that domain.")
+ else if not (Domain.validUser emailUser) then
+ ("Invalid e-mail username " ^ emailUser,
+ SOME "Invalid e-mail username")
+ else
+ case Vmail.rm {domain = domain, user = emailUser} of
+ NONE => ("Deleted mailbox " ^ emailUser ^ "@" ^ domain,
+ NONE)
+ | SOME msg => ("Error deleting mailbox: " ^ msg,
+ SOME msg))
+ (fn () => ())
| _ =>
- (Msg.send (bio, MsgError "Unexpected command")
- handle OpenSSL.OpenSSL _ => ();
- OpenSSL.close bio
- handle OpenSSL.OpenSSL _ => ();
- loop ())
+ doIt (fn () => ("Unexpected command",
+ SOME "Unexpected command"))
+ (fn () => ())
in
cmdLoop ()
end
HCoop / hcoop / domtool2.git / commitdiff