diff options
| author | Dave Brolley <brolley@redhat.com> | 2008-12-24 14:20:41 -0500 |
|---|---|---|
| committer | Dave Brolley <brolley@redhat.com> | 2008-12-24 14:20:41 -0500 |
| commit | 46a8c85fde5ba9bcf4fa55e8f435959af4d32fea (patch) | |
| tree | 1f2252f4171ee615fa2e287d6d9ed4e75e03ee61 | |
| parent | 1cecb3c506475a0e0b0ee4180a91e1a9433d346b (diff) | |
| download | systemtap-steved-46a8c85fde5ba9bcf4fa55e8f435959af4d32fea.tar.gz systemtap-steved-46a8c85fde5ba9bcf4fa55e8f435959af4d32fea.tar.xz systemtap-steved-46a8c85fde5ba9bcf4fa55e8f435959af4d32fea.zip | |
Complete previous commit.
| -rw-r--r-- | Makefile.am | 4 | ||||
| -rw-r--r-- | Makefile.in | 4 | ||||
| -rwxr-xr-x | stap-add-server-cert | 38 | ||||
| -rwxr-xr-x | stap-gen-server-cert | 5 |
4 files changed, 45 insertions, 6 deletions
diff --git a/Makefile.am b/Makefile.am index 9b93d91e..9e927e56 100644 --- a/Makefile.am +++ b/Makefile.am @@ -15,7 +15,7 @@ man_MANS = stap.1 stapprobes.5 stapfuncs.5 stapvars.5 stapex.5 staprun.8 stap-s bin_PROGRAMS = stap staprun stap-client-connect stap-server-connect bin_SCRIPTS = stap-client stap-serverd stap-server stap-find-servers stap-start-server stap-find-or-start-server stap-stop-server \ - stap-gen-server-cert stap-report + stap-gen-server-cert stap-add-server-cert stap-report stap_SOURCES = main.cxx \ parse.cxx staptree.cxx elaborate.cxx translate.cxx \ tapsets.cxx buildrun.cxx loc2c.c hash.cxx mdfour.c \ @@ -202,6 +202,8 @@ install-data-local: do $(INSTALL) -m 600 -D $$f /etc/systemtap/ssl/server/$$f; done) (cd $(builddir)/ssl/server; for f in *.db; \ do $(INSTALL) -m 664 -D $$f /etc/systemtap/ssl/server/$$f; done) + (cd $(builddir)/ssl/server; for f in *.cert; \ + do $(INSTALL) -m 664 -D $$f /etc/systemtap/ssl/server/$$f; done) (cd $(builddir)/ssl/client; for f in *.db; \ do $(INSTALL) -m 664 -D $$f /etc/systemtap/ssl/client/$$f; done) diff --git a/Makefile.in b/Makefile.in index b922ff6e..27996748 100644 --- a/Makefile.in +++ b/Makefile.in @@ -294,7 +294,7 @@ AM_CFLAGS = -D_GNU_SOURCE -fexceptions -Wall -Werror -Wunused -Wformat=2 -W AM_CXXFLAGS = -Wall -Werror man_MANS = stap.1 stapprobes.5 stapfuncs.5 stapvars.5 stapex.5 staprun.8 stap-server.8 man/stapprobes.iosched.5 man/stapprobes.netdev.5 man/stapprobes.nfs.5 man/stapprobes.nfsd.5 man/stapprobes.pagefault.5 man/stapprobes.process.5 man/stapprobes.rpc.5 man/stapprobes.scsi.5 man/stapprobes.signal.5 man/stapprobes.socket.5 man/stapprobes.tcp.5 man/stapprobes.udp.5 bin_SCRIPTS = stap-client stap-serverd stap-server stap-find-servers stap-start-server stap-find-or-start-server stap-stop-server \ - stap-gen-server-cert stap-report + stap-gen-server-cert stap-add-server-cert stap-report stap_SOURCES = main.cxx \ parse.cxx staptree.cxx elaborate.cxx translate.cxx \ @@ -1534,6 +1534,8 @@ install-data-local: do $(INSTALL) -m 600 -D $$f /etc/systemtap/ssl/server/$$f; done) (cd $(builddir)/ssl/server; for f in *.db; \ do $(INSTALL) -m 664 -D $$f /etc/systemtap/ssl/server/$$f; done) + (cd $(builddir)/ssl/server; for f in *.cert; \ + do $(INSTALL) -m 664 -D $$f /etc/systemtap/ssl/server/$$f; done) (cd $(builddir)/ssl/client; for f in *.db; \ do $(INSTALL) -m 664 -D $$f /etc/systemtap/ssl/client/$$f; done) diff --git a/stap-add-server-cert b/stap-add-server-cert new file mode 100755 index 00000000..6d788160 --- /dev/null +++ b/stap-add-server-cert @@ -0,0 +1,38 @@ +#!/bin/bash + +# Add an existing server certificate to the +# database of trusted servers for the client. +# +# Copyright (C) 2008 Red Hat Inc. +# +# This file is part of systemtap, and is free software. You can +# redistribute it and/or modify it under the terms of the GNU General +# Public License (GPL); either version 2, or (at your option) any +# later version. + +# Obtain the filename of the certificate +if test "X$1" = "X"; then + echo "Certificate file must be specified" >&2 + exit 1 +fi +if ! test -f $1; then + echo "Cannot find certificate file $1" >&2 + exit 1 +fi + +# Obtain the certificate database directory name. +if test "X$2" = "X"; then + echo "Certificate database directory must be specified" >&2 + exit 1 +fi +if ! test -d $2; then + echo "Cannot find certificate database directory $2" >&2 + exit 1 +fi + +if ! certutil -A -n stap-server -d $2 -i $1 -t "P,P,P" > /dev/null; then + echo "Unable to add $1 to the client certificate database $2" >&2 + exit 1 +fi + +exit 0 diff --git a/stap-gen-server-cert b/stap-gen-server-cert index 8f9629ea..06665c48 100755 --- a/stap-gen-server-cert +++ b/stap-gen-server-cert @@ -68,7 +68,4 @@ if ! mkdir -p $clientdb; then fi # Now add the server's certificate to the client's database, making it a trusted peer. -if ! certutil -A -n stap-server -d $clientdb -i $serverdb/stap-server.cert -t "P,P,P" > /dev/null; then - echo "Unable to add $serverdb/x509.cacert to the client certificate database: $clientdb" >&2 - exit 1 -fi +`dirname $0`/stap-add-server-cert $serverdb/stap-server.cert $clientdb |