From 60695e9923af9e74160575b5de0d5549808294b4 Mon Sep 17 00:00:00 2001 From: Adam Chlipala Date: Fri, 15 Dec 2006 00:28:51 +0000 Subject: [PATCH] Limiting acceptable web nodes --- configDefault/apache.cfg | 5 ++++- configDefault/apache.csg | 4 +++- lib/apache.dtl | 7 ++++++- lib/easy_domain.dtl | 6 +++--- src/domain.sig | 2 ++ src/domain.sml | 3 +++ src/plugins/apache.sml | 15 +++++++++++++-- 7 files changed, 34 insertions(+), 8 deletions(-) diff --git a/configDefault/apache.cfg b/configDefault/apache.cfg index bec5354..0000104 100644 --- a/configDefault/apache.cfg +++ b/configDefault/apache.cfg @@ -4,7 +4,10 @@ val reload = "/usr/bin/sudo /usr/local/sbin/domtool-publish apache" val confDir = "/var/domtool/vhosts" -val webNodes = ["deleuze"] +val webNodes_all = ["mire"] +val webNodes_admin = ["deleuze"] + +val webNodes_default = ["mire"] val proxyTargets = ["http://hcoop.net/cgi-bin/mailman", "http://hcoop.net/pipermail"] diff --git a/configDefault/apache.csg b/configDefault/apache.csg index 89e3710..307a47a 100644 --- a/configDefault/apache.csg +++ b/configDefault/apache.csg @@ -4,7 +4,9 @@ signature APACHE_CONFIG = sig val confDir : string - val webNodes : string list + val webNodes_all : string list + val webNodes_admin : string list + val webNodes_default : string list val proxyTargets : string list diff --git a/lib/apache.dtl b/lib/apache.dtl index 9b88bd3..1e5d54e 100644 --- a/lib/apache.dtl +++ b/lib/apache.dtl @@ -1,10 +1,15 @@ {{Apache web server configuration}} +extern type web_node; +{{Nodes that accept Apache configuration from you}} + +extern val web_node_to_node : web_node -> node; + context Vhost; {{A WWW virtual host}} extern val vhost : host -> Vhost => [Domain] - {WebNodes : [node], + {WebNodes : [web_node], SSL : bool, User : your_user, Group : your_group, diff --git a/lib/easy_domain.dtl b/lib/easy_domain.dtl index 6bc7ee0..3c3d4e0 100644 --- a/lib/easy_domain.dtl +++ b/lib/easy_domain.dtl @@ -1,12 +1,12 @@ {{The most common kinds of domain configuration}} -val web_node : (node) = "mire"; +val web_node : (web_node) = "mire"; val webAt = - \ n : (node) -> + \ n : (web_node) -> \ host : (host) -> \\ config : Vhost -> - (dns (dnsA host (ip_of_node n)); + (dns (dnsA host (ip_of_node (web_node_to_node n))); vhost host where WebNodes = [n] diff --git a/src/domain.sig b/src/domain.sig index 6762fc6..a749265 100644 --- a/src/domain.sig +++ b/src/domain.sig @@ -62,4 +62,6 @@ signature DOMAIN = sig (* UNIX users, groups, and paths the user may act with *) val set_context : OpenSSL.context -> unit + + val inGroup : string -> bool end diff --git a/src/domain.sml b/src/domain.sml index 8020ee4..4d2f487 100644 --- a/src/domain.sml +++ b/src/domain.sml @@ -607,4 +607,7 @@ val () = Env.registerPost (fn () => fn cl => "Temp file cleanup failed: " ^ cl)) end) +fun inGroup group = Acl.query {user = getUser (), class = "group", value = "root"} + orelse Acl.query {user = getUser (), class = "group", value = group} + end diff --git a/src/plugins/apache.sml b/src/plugins/apache.sml index 6970a86..079afca 100644 --- a/src/plugins/apache.sml +++ b/src/plugins/apache.sml @@ -22,6 +22,13 @@ structure Apache :> APACHE = struct open Ast +val _ = Env.type_one "web_node" + Env.string + (fn node => + List.exists (fn x => x = node) Config.Apache.webNodes_all + orelse (Domain.inGroup "www" + andalso List.exists (fn x => x = node) Config.Apache.webNodes_admin)) + val _ = Env.type_one "proxy_port" Env.int (fn n => n > 1024) @@ -61,9 +68,13 @@ val _ = Env.type_one "location" val dl = ErrorMsg.dummyLoc +val _ = Env.registerFunction ("web_node_to_node", + fn [e] => SOME e + | _ => NONE) + val _ = Defaults.registerDefault ("WebNodes", - (TList (TBase "node", dl), dl), - (fn () => (EList (map (fn s => (EString s, dl)) Config.Apache.webNodes), dl))) + (TList (TBase "web_node", dl), dl), + (fn () => (EList (map (fn s => (EString s, dl)) Config.Apache.webNodes_default), dl))) val _ = Defaults.registerDefault ("SSL", (TBase "bool", dl), -- 2.20.1