From 62260c5f8627aa2abfd27f7c2e653eb3d900d793 Mon Sep 17 00:00:00 2001
From: Adam Chlipala <adamc@hcoop.net>
Date: Mon, 12 Feb 2007 00:45:34 +0000
Subject: [PATCH] /etc/init.d script for domtool-server

---
 Makefile                      |  2 ++
 scripts/domtool-admin-sudo    |  3 ++
 scripts/domtool-server        | 56 +++++++++++++++++++++++++++++++++++
 scripts/domtool-server-logged |  1 +
 src/main-admin.sml            |  1 +
 src/main.sig                  |  1 +
 src/main.sml                  | 17 +++++++++--
 7 files changed, 78 insertions(+), 3 deletions(-)
 create mode 100755 scripts/domtool-admin-sudo
 create mode 100755 scripts/domtool-server
 create mode 100755 scripts/domtool-server-logged

diff --git a/Makefile b/Makefile
index 15a2272..4fb0853 100644
--- a/Makefile
+++ b/Makefile
@@ -136,6 +136,8 @@ install:
 	cp scripts/domtool-addcert /usr/local/bin/
 	cp scripts/domtool-addacl /usr/local/bin/
 	cp scripts/domtool-rmuser /usr/local/bin/
+	cp scripts/domtool-admin-sudo /usr/local/bin/
+	cp scripts/domtool-server-logged /usr/local/bin/
 	cp openssl/openssl_sml.so /usr/local/lib/
 	-cp bin/domtool-server /usr/local/sbin/
 	-cp bin/domtool-slave /usr/local/sbin/
diff --git a/scripts/domtool-admin-sudo b/scripts/domtool-admin-sudo
new file mode 100755
index 0000000..19076c7
--- /dev/null
+++ b/scripts/domtool-admin-sudo
@@ -0,0 +1,3 @@
+kinit -k -t /etc/keytabs/domtool.keytab domtool/deleuze.hcoop.net
+aklog
+domtool-admin $* >/dev/null 2>/dev/null
diff --git a/scripts/domtool-server b/scripts/domtool-server
new file mode 100755
index 0000000..6d45215
--- /dev/null
+++ b/scripts/domtool-server
@@ -0,0 +1,56 @@
+#!/usr/bin/pagsh.openafs
+
+# This script should go in /etc/init.d/ on Debian Linux systems running Domtool dispatchers.
+
+SELF=$(cd $(dirname $0); pwd -P)/$(basename $0)
+PIDFILE="/var/run/k5start-domtool-server.pid"
+
+set -e
+
+case $1 in
+  start)
+	# Start daemon
+	echo -n "Starting Domtool dispatcher: domtool-server"
+	if sudo -u domtool domtool-admin-sudo ping; then
+		echo "...already running."
+	else
+		start-stop-daemon --start --pidfile $PIDFILE \
+			-c domtool:domtool \
+			--exec /usr/bin/k5start -- -b -f /etc/keytabs/domtool.keytab \
+			-K 300 -t -p $PIDFILE \
+			domtool/deleuze.hcoop.net \
+			domtool-server-logged
+		echo "."
+	fi
+	;;
+
+  stop)
+	echo -n "Stopping Domtool dispatcher: domtool-server"
+	if sudo -u domtool domtool-admin-sudo shutdown; then
+		echo "."
+	else
+		start-stop-daemon --stop --pidfile $PIDFILE
+		echo "."
+        fi
+	rm -f $PIDFILE
+	;;
+
+  restart|reload|force-reload)
+	$SELF stop
+	$SELF start
+	;;
+
+  status)
+	if sudo -u domtool domtool-admin-sudo ping; then
+		echo "Domtool dispatcher is running."
+	else
+		echo "Domtool dispatcher is stopped."
+		exit 3
+	fi
+  	;;
+
+  *)
+	echo "Usage: $SELF start|stop|restart|reload|force-reload|status"
+	exit 1
+	;;
+esac
diff --git a/scripts/domtool-server-logged b/scripts/domtool-server-logged
new file mode 100755
index 0000000..9f8f285
--- /dev/null
+++ b/scripts/domtool-server-logged
@@ -0,0 +1 @@
+domtool-server >>/var/log/domtool.log 2>>/var/log/domtool.log
diff --git a/src/main-admin.sml b/src/main-admin.sml
index 1eda532..ef59a22 100644
--- a/src/main-admin.sml
+++ b/src/main-admin.sml
@@ -45,4 +45,5 @@ val _ =
       | "rmdom" :: doms => Main.requestRmdom doms
       | ["regen"] => Main.requestRegen ()
       | ["rmuser", user] => Main.requestRmuser user
+      | ["ping"] => OS.Process.exit (Main.requestPing ())
       | _ => print "Invalid command-line arguments\n"
diff --git a/src/main.sig b/src/main.sig
index 87f3028..63f24e5 100644
--- a/src/main.sig
+++ b/src/main.sig
@@ -34,6 +34,7 @@ signature MAIN = sig
     val request : string -> unit
     val requestDir : string -> unit
 
+    val requestPing : unit -> OS.Process.status
     val requestShutdown : unit -> unit
     val requestGrant : Acl.acl -> unit
     val requestRevoke : Acl.acl -> unit
diff --git a/src/main.sml b/src/main.sml
index 8bb2d4e..cb39416 100644
--- a/src/main.sml
+++ b/src/main.sml
@@ -275,6 +275,15 @@ fun requestDir dname =
     end
     handle ErrorMsg.Error => ()
 
+fun requestPing () =
+    let
+	val (_, bio) = requestBio (fn () => ())
+    in
+	OpenSSL.close bio;
+	OS.Process.success
+    end
+    handle _ => OS.Process.failure
+
 fun requestShutdown () =
     let
 	val (_, bio) = requestBio (fn () => ())
@@ -745,10 +754,12 @@ fun service () =
 			      | MsgMultiConfig codes => doConfig codes
 
 			      | MsgShutdown =>
-				if Acl.query {user = user, class = "priv", value = "shutdown"} then
-				    print ("Domtool dispatcher shutting down at " ^ Date.toString (Date.fromTimeUniv (Time.now ())) ^ "\n")
+				if Acl.query {user = user, class = "priv", value = "all"}
+				   orelse Acl.query {user = user, class = "priv", value = "shutdown"} then
+				    print ("Domtool dispatcher shutting down at " ^ Date.toString (Date.fromTimeUniv (Time.now ())) ^ "\n\n")
 				else
-				    (OpenSSL.close bio
+				    (print "Unauthorized shutdown command!\n";
+				     OpenSSL.close bio
 				     handle OpenSSL.OpenSSL _ => ();
 				     loop ())
 
-- 
2.20.1