cp scripts/domtool-addcert /usr/local/bin/
cp scripts/domtool-addacl /usr/local/bin/
cp scripts/domtool-rmuser /usr/local/bin/
+ cp scripts/domtool-admin-sudo /usr/local/bin/
+ cp scripts/domtool-server-logged /usr/local/bin/
cp openssl/openssl_sml.so /usr/local/lib/
-cp bin/domtool-server /usr/local/sbin/
-cp bin/domtool-slave /usr/local/sbin/
--- /dev/null
+kinit -k -t /etc/keytabs/domtool.keytab domtool/deleuze.hcoop.net
+aklog
+domtool-admin $* >/dev/null 2>/dev/null
--- /dev/null
+#!/usr/bin/pagsh.openafs
+
+# This script should go in /etc/init.d/ on Debian Linux systems running Domtool dispatchers.
+
+SELF=$(cd $(dirname $0); pwd -P)/$(basename $0)
+PIDFILE="/var/run/k5start-domtool-server.pid"
+
+set -e
+
+case $1 in
+ start)
+ # Start daemon
+ echo -n "Starting Domtool dispatcher: domtool-server"
+ if sudo -u domtool domtool-admin-sudo ping; then
+ echo "...already running."
+ else
+ start-stop-daemon --start --pidfile $PIDFILE \
+ -c domtool:domtool \
+ --exec /usr/bin/k5start -- -b -f /etc/keytabs/domtool.keytab \
+ -K 300 -t -p $PIDFILE \
+ domtool/deleuze.hcoop.net \
+ domtool-server-logged
+ echo "."
+ fi
+ ;;
+
+ stop)
+ echo -n "Stopping Domtool dispatcher: domtool-server"
+ if sudo -u domtool domtool-admin-sudo shutdown; then
+ echo "."
+ else
+ start-stop-daemon --stop --pidfile $PIDFILE
+ echo "."
+ fi
+ rm -f $PIDFILE
+ ;;
+
+ restart|reload|force-reload)
+ $SELF stop
+ $SELF start
+ ;;
+
+ status)
+ if sudo -u domtool domtool-admin-sudo ping; then
+ echo "Domtool dispatcher is running."
+ else
+ echo "Domtool dispatcher is stopped."
+ exit 3
+ fi
+ ;;
+
+ *)
+ echo "Usage: $SELF start|stop|restart|reload|force-reload|status"
+ exit 1
+ ;;
+esac
--- /dev/null
+domtool-server >>/var/log/domtool.log 2>>/var/log/domtool.log
| "rmdom" :: doms => Main.requestRmdom doms
| ["regen"] => Main.requestRegen ()
| ["rmuser", user] => Main.requestRmuser user
+ | ["ping"] => OS.Process.exit (Main.requestPing ())
| _ => print "Invalid command-line arguments\n"
val request : string -> unit
val requestDir : string -> unit
+ val requestPing : unit -> OS.Process.status
val requestShutdown : unit -> unit
val requestGrant : Acl.acl -> unit
val requestRevoke : Acl.acl -> unit
end
handle ErrorMsg.Error => ()
+fun requestPing () =
+ let
+ val (_, bio) = requestBio (fn () => ())
+ in
+ OpenSSL.close bio;
+ OS.Process.success
+ end
+ handle _ => OS.Process.failure
+
fun requestShutdown () =
let
val (_, bio) = requestBio (fn () => ())
| MsgMultiConfig codes => doConfig codes
| MsgShutdown =>
- if Acl.query {user = user, class = "priv", value = "shutdown"} then
- print ("Domtool dispatcher shutting down at " ^ Date.toString (Date.fromTimeUniv (Time.now ())) ^ "\n")
+ if Acl.query {user = user, class = "priv", value = "all"}
+ orelse Acl.query {user = user, class = "priv", value = "shutdown"} then
+ print ("Domtool dispatcher shutting down at " ^ Date.toString (Date.fromTimeUniv (Time.now ())) ^ "\n\n")
else
- (OpenSSL.close bio
+ (print "Unauthorized shutdown command!\n";
+ OpenSSL.close bio
handle OpenSSL.OpenSSL _ => ();
loop ())