Limiting acceptable web nodes

diff --git a/configDefault/apache.cfg b/configDefault/apache.cfg
index bec5354..0000104 100644 (file)
--- a/configDefault/apache.cfg
+++ b/configDefault/apache.cfg
@@ -4,7 +4,10 @@ val reload = "/usr/bin/sudo /usr/local/sbin/domtool-publish apache"
 
 val confDir = "/var/domtool/vhosts"
 
-val webNodes = ["deleuze"]
+val webNodes_all = ["mire"]
+val webNodes_admin = ["deleuze"]
+
+val webNodes_default = ["mire"]
 
 val proxyTargets = ["http://hcoop.net/cgi-bin/mailman",
                    "http://hcoop.net/pipermail"]

diff --git a/configDefault/apache.csg b/configDefault/apache.csg
index 89e3710..307a47a 100644 (file)
--- a/configDefault/apache.csg
+++ b/configDefault/apache.csg
@@ -4,7 +4,9 @@ signature APACHE_CONFIG = sig
 
     val confDir : string
 
-    val webNodes : string list
+    val        webNodes_all : string list
+    val webNodes_admin : string list
+    val webNodes_default : string list
 
     val proxyTargets : string list
 

diff --git a/lib/apache.dtl b/lib/apache.dtl
index 9b88bd3..1e5d54e 100644 (file)
--- a/lib/apache.dtl
+++ b/lib/apache.dtl
@@ -1,10 +1,15 @@
 {{Apache web server configuration}}
 
+extern type web_node;
+{{Nodes that accept Apache configuration from you}}
+
+extern val web_node_to_node : web_node -> node;
+
 context Vhost;
 {{A WWW virtual host}}
 
 extern val vhost : host -> Vhost => [Domain]
-       {WebNodes : [node],
+       {WebNodes : [web_node],
         SSL : bool,
         User : your_user,
         Group : your_group,

diff --git a/lib/easy_domain.dtl b/lib/easy_domain.dtl
index 6bc7ee0..3c3d4e0 100644 (file)
--- a/lib/easy_domain.dtl
+++ b/lib/easy_domain.dtl
@@ -1,12 +1,12 @@
 {{The most common kinds of domain configuration}}
 
-val web_node : (node) = "mire";
+val web_node : (web_node) = "mire";
 
 val webAt =
-       \ n : (node) ->
+       \ n : (web_node) ->
        \ host : (host) ->
        \\ config : Vhost ->
-               (dns (dnsA host (ip_of_node n));
+               (dns (dnsA host (ip_of_node (web_node_to_node n)));
 
                vhost host where
                        WebNodes = [n]

diff --git a/src/domain.sig b/src/domain.sig
index 6762fc6..a749265 100644 (file)
--- a/src/domain.sig
+++ b/src/domain.sig
@@ -62,4 +62,6 @@ signature DOMAIN = sig
     (* UNIX users, groups, and paths the user may act with *)
 
     val set_context : OpenSSL.context -> unit
+
+    val inGroup : string -> bool
 end

diff --git a/src/domain.sml b/src/domain.sml
index 8020ee4..4d2f487 100644 (file)
--- a/src/domain.sml
+++ b/src/domain.sml
@@ -607,4 +607,7 @@ val () = Env.registerPost (fn () =>
                                                     fn cl => "Temp file cleanup failed: " ^ cl))
                              end)
 
+fun inGroup group = Acl.query {user = getUser (), class = "group", value = "root"}
+                   orelse Acl.query {user = getUser (), class = "group", value = group}
+
 end

diff --git a/src/plugins/apache.sml b/src/plugins/apache.sml
index 6970a86..079afca 100644 (file)
--- a/src/plugins/apache.sml
+++ b/src/plugins/apache.sml
@@ -22,6 +22,13 @@ structure Apache :> APACHE = struct
 
 open Ast
 
+val _ = Env.type_one "web_node"
+       Env.string
+       (fn node =>
+           List.exists (fn x => x = node) Config.Apache.webNodes_all
+           orelse (Domain.inGroup "www"
+                   andalso List.exists (fn x => x = node) Config.Apache.webNodes_admin))
+
 val _ = Env.type_one "proxy_port"
        Env.int
        (fn n => n > 1024)
@@ -61,9 +68,13 @@ val _ = Env.type_one "location"
 
 val dl = ErrorMsg.dummyLoc
 
+val _ = Env.registerFunction ("web_node_to_node",
+                             fn [e] => SOME e
+                              | _ => NONE)
+
 val _ = Defaults.registerDefault ("WebNodes",
-                                 (TList (TBase "node", dl), dl),
-                                 (fn () => (EList (map (fn s => (EString s, dl)) Config.Apache.webNodes), dl)))
+                                 (TList (TBase "web_node", dl), dl),
+                                 (fn () => (EList (map (fn s => (EString s, dl)) Config.Apache.webNodes_default), dl)))
 
 val _ = Defaults.registerDefault ("SSL",
                                  (TBase "bool", dl),