From be1bea4c0a2a4cfa0b86beccfa423366b94b84b4 Mon Sep 17 00:00:00 2001
From: Adam Chlipala <adamc@hcoop.net>
Date: Fri, 15 Dec 2006 00:47:36 +0000
Subject: [PATCH] Limited DNS nodes

---
 configDefault/domtool.cfg |  3 +++
 configDefault/domtool.cfs |  3 +++
 lib/domain.dtl            |  8 ++++++--
 src/domain.sig            |  2 +-
 src/domain.sml            | 14 ++++++++++++--
 src/main.sml              |  4 ++--
 src/plugins/apache.sml    |  2 +-
 7 files changed, 28 insertions(+), 8 deletions(-)

diff --git a/configDefault/domtool.cfg b/configDefault/domtool.cfg
index 7024510..7d05edb 100644
--- a/configDefault/domtool.cfg
+++ b/configDefault/domtool.cfg
@@ -21,6 +21,9 @@ val defaultNode = "deleuze"
 val masterNode = "deleuze"
 val slaveNodes = ["mire"]
 
+val dnsNodes_all = ["deleuze", "mire"]
+val dnsNodes_admin = []
+
 val aclFile = "/afs/hcoop.net/common/etc/domtool/acl"
 
 val testUser = "test"
diff --git a/configDefault/domtool.cfs b/configDefault/domtool.cfs
index 472fff6..a3267d5 100644
--- a/configDefault/domtool.cfs
+++ b/configDefault/domtool.cfs
@@ -54,3 +54,6 @@ val serialDir : string
 val dispatcherName : string
 
 val homeBase : string
+
+val dnsNodes_all : string list
+val dnsNodes_admin : string list
diff --git a/lib/domain.dtl b/lib/domain.dtl
index 3050fa2..5d2d057 100644
--- a/lib/domain.dtl
+++ b/lib/domain.dtl
@@ -56,16 +56,20 @@ extern val soa : domain -> serial -> int -> int -> int -> int -> soa;
 
 val defaultSoa = soa "ns.hcoop.net" serialAuto 172800 900 1209600 3600;
 
+extern type dns_node;
+{{A node offering DNS services}}
+extern val dns_node_to_node : dns_node -> node;
+
 extern type master;
 {{Information on the master DNS server for a domain}}
 extern val externalMaster : ip -> master;
 {{A server not controlled by domtool will serve as master.}}
-extern val internalMaster : node -> master;
+extern val internalMaster : dns_node -> master;
 {{A server controlled by domtool will serve as master.}}
 
 extern type dnsKind;
 {{How should DNS for this domain be handled?}}
-extern val useDns : soa -> master -> [node] -> dnsKind;
+extern val useDns : soa -> master -> [dns_node] -> dnsKind;
 {{We do want DNS services for this domain. Specify the SOA record, information
   on the server in charge of zone data, and a list of slave servers.}}
 extern val noDns : dnsKind;
diff --git a/src/domain.sig b/src/domain.sig
index a749265..041be2f 100644
--- a/src/domain.sig
+++ b/src/domain.sig
@@ -63,5 +63,5 @@ signature DOMAIN = sig
 
     val set_context : OpenSSL.context -> unit
 
-    val inGroup : string -> bool
+    val hasPriv : string -> bool
 end
diff --git a/src/domain.sml b/src/domain.sml
index 4d2f487..e09f399 100644
--- a/src/domain.sml
+++ b/src/domain.sml
@@ -153,6 +153,9 @@ val _ = Env.type_one "node"
 	Env.string
 	validNode
 
+val _ = Env.registerFunction ("web_node_to_node",
+			      fn [e] => SOME e
+			       | _ => NONE)
 open Ast
 
 val dl = ErrorMsg.dummyLoc
@@ -607,7 +610,14 @@ val () = Env.registerPost (fn () =>
 						     fn cl => "Temp file cleanup failed: " ^ cl))
 			      end)
 
-fun inGroup group = Acl.query {user = getUser (), class = "group", value = "root"}
-		    orelse Acl.query {user = getUser (), class = "group", value = group}
+fun hasPriv priv = Acl.query {user = getUser (), class = "priv", value = "all"}
+		   orelse Acl.query {user = getUser (), class = "priv", value = priv}
+
+val _ = Env.type_one "dns_node"
+	Env.string
+	(fn node =>
+	    List.exists (fn x => x = node) Config.dnsNodes_all
+	    orelse (hasPriv "dns"
+		    andalso List.exists (fn x => x = node) Config.dnsNodes_admin))
 
 end
diff --git a/src/main.sml b/src/main.sml
index 9f06c5b..0c60f08 100644
--- a/src/main.sml
+++ b/src/main.sml
@@ -299,7 +299,7 @@ fun service () =
 				end
 
 			      | MsgGrant acl =>
-				if Acl.query {user = user, class = "group", value = "root"} then
+				if Acl.query {user = user, class = "priv", value = "all"} then
 				    ((Acl.grant acl;
 				      Acl.write Config.aclFile;
 				      Msg.send (bio, MsgOk);
@@ -323,7 +323,7 @@ fun service () =
 				     loop ())
 
 			      | MsgRevoke acl =>
-				if Acl.query {user = user, class = "group", value = "root"} then
+				if Acl.query {user = user, class = "priv", value = "all"} then
 				    ((Acl.revoke acl;
 				      Acl.write Config.aclFile;
 				      Msg.send (bio, MsgOk);
diff --git a/src/plugins/apache.sml b/src/plugins/apache.sml
index 079afca..24b424e 100644
--- a/src/plugins/apache.sml
+++ b/src/plugins/apache.sml
@@ -26,7 +26,7 @@ val _ = Env.type_one "web_node"
 	Env.string
 	(fn node =>
 	    List.exists (fn x => x = node) Config.Apache.webNodes_all
-	    orelse (Domain.inGroup "www"
+	    orelse (Domain.hasPriv "www"
 		    andalso List.exists (fn x => x = node) Config.Apache.webNodes_admin))
 
 val _ = Env.type_one "proxy_port"
-- 
2.20.1