diff options
author | Dave Brolley <brolley@redhat.com> | 2009-01-30 15:43:34 -0500 |
---|---|---|
committer | Dave Brolley <brolley@redhat.com> | 2009-01-30 15:43:34 -0500 |
commit | 552276c8666dec5373d8312bc3498b1887ddb0a8 (patch) | |
tree | 55744f20b131641d506d0faf5462120deee2dc50 | |
parent | df79aa4b87b39a64867c343f1bcd22c7e675aa43 (diff) | |
download | systemtap-steved-552276c8666dec5373d8312bc3498b1887ddb0a8.tar.gz systemtap-steved-552276c8666dec5373d8312bc3498b1887ddb0a8.tar.xz systemtap-steved-552276c8666dec5373d8312bc3498b1887ddb0a8.zip |
More security checking for client/server. Set exec_prefix and sysconfdir at install time.
-rw-r--r-- | ChangeLog | 29 | ||||
-rw-r--r-- | Makefile.am | 11 | ||||
-rw-r--r-- | Makefile.in | 30 | ||||
-rw-r--r-- | aclocal.m4 | 60 | ||||
-rw-r--r-- | doc/ChangeLog | 5 | ||||
-rw-r--r-- | doc/Makefile.in | 2 | ||||
-rw-r--r-- | doc/SystemTap_Tapset_Reference/Makefile.in | 2 | ||||
-rwxr-xr-x | stap-client | 127 | ||||
-rwxr-xr-x | stap-find-or-start-server | 11 | ||||
-rwxr-xr-x | stap-server | 55 | ||||
-rwxr-xr-x | stap-serverd | 50 | ||||
-rwxr-xr-x | stap-start-server | 15 | ||||
-rw-r--r-- | testsuite/ChangeLog | 6 | ||||
-rw-r--r-- | testsuite/lib/systemtap.exp | 8 |
14 files changed, 265 insertions, 146 deletions
@@ -1,3 +1,32 @@ +2009-01-30 Dave Brolley <brolley@redhat.com> + + * Makefile.am (install-scripts): New target. Set exec_prefix and + sysconfdir properly in installed scripts. + * stap-find-or-start-server: Set exec_prefix and sysconfdir for use + from the source tree by dejagnu. Leave a hook to modify them when + installed. + * stap-start-server: Likewise. + * stap-client (configuration): Likewise. Check for the existence of the + default certificate databases before checking their security. + (parse_options): Issue fatal error if no usable certificate databases + found or specified. + (check_db,check_db_file): Check that the database and files are owned + by the user running the client. + (fatal): Print "ERROR:" tag here. Adjust all callers. + * stap-server (initialization): Set exec_prefix and sysconfdir for use + from the source tree by dejagnu. Leave a hook to modify them when + installed. Check that all specified files and directories exist. + (fatal): Print "ERROR:" tag here. Adjust all callers. + (error): Likewise. + * stap-serverd (initialization): Set exec_prefix and sysconfdir for use + from the source tree by dejagnu. Leave a hook to modify them when + installed. + (check_db,check_db_file,check_db_cert): Check that the database and + files are owned by the user running the server. + (fatal): Print "ERROR:" tag here. Adjust all callers. + * Makefile.in: Regenerated. + * aclocal.m4: Regenerated. + 2009-01-30 Frank Ch. Eigler <fche@elastic.org> * git_version.sh: Don't print GIT_BRANCH into GIT_MESSAGE, as it diff --git a/Makefile.am b/Makefile.am index 90c90550..945afdab 100644 --- a/Makefile.am +++ b/Makefile.am @@ -114,6 +114,16 @@ install-elfutils: install-exec-local: install-elfutils endif +if BUILD_SERVER +install-exec-local: install-scripts + +PHONIES += install-scripts +install-scripts: + for f in $(bin_SCRIPTS); do \ + sed -i -e "/INSTALL-HOOK/d;s,exec_prefix=,exec_prefix=$(exec_prefix)/bin/,;s,sysconfdir=.*,sysconfdir=$(sysconfdir)," $(DESTDIR)$(bindir)/$$f; \ + done +endif + staprun_SOURCES = runtime/staprun/staprun.c runtime/staprun/staprun_funcs.c\ runtime/staprun/ctl.c runtime/staprun/common.c @@ -204,6 +214,7 @@ install-data-local: i_cmd="$(INSTALL_PROGRAM)"; else \ i_cmd="$(INSTALL_DATA)"; fi; \ $$i_cmd -D $$f $(DESTDIR)$(docdir)/examples/$$f; done) + test -e $(DESTDIR)$(sysconfdir)/systemtap || mkdir -p $(DESTDIR)$(sysconfdir)/systemtap TEST_COV_DIR = coverage diff --git a/Makefile.in b/Makefile.in index b768c3cb..f92bd73e 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,8 +1,8 @@ -# Makefile.in generated by automake 1.10.1 from Makefile.am. +# Makefile.in generated by automake 1.10 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -50,6 +50,7 @@ bin_PROGRAMS = stap$(EXEEXT) staprun$(EXEEXT) $(am__EXEEXT_1) @BUILD_ELFUTILS_TRUE@am__append_7 = stamp-elfutils @BUILD_ELFUTILS_TRUE@am__append_8 = lib-elfutils/libdw.so @BUILD_ELFUTILS_TRUE@am__append_9 = install-elfutils +@BUILD_SERVER_TRUE@am__append_10 = install-scripts pkglibexec_PROGRAMS = stapio$(EXEEXT) noinst_PROGRAMS = loc2c-test$(EXEEXT) subdir = . @@ -301,7 +302,6 @@ staplog_CPPFLAGS = @staplog_CPPFLAGS@ subdirs = @subdirs@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ -top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ AUTOMAKE_OPTIONS = no-dist @@ -343,7 +343,7 @@ stap_CPPFLAGS = $(AM_CPPFLAGS) $(am__append_4) stap_LDFLAGS = $(AM_LDFLAGS) @PIELDFLAGS@ $(am__append_5) @BUILD_SERVER_TRUE@stap_client_connect_LDFLAGS = $(AM_LDFLAGS) @BUILD_SERVER_TRUE@stap_server_connect_LDFLAGS = $(AM_LDFLAGS) -PHONIES = $(am__append_9) dist-gzip +PHONIES = $(am__append_9) $(am__append_10) dist-gzip @BUILD_ELFUTILS_TRUE@pkglib_LIBRARIES = libsduprobes.a @BUILD_ELFUTILS_TRUE@libsduprobes_a_SOURCES = runtime/sduprobes.c staprun_SOURCES = runtime/staprun/staprun.c runtime/staprun/staprun_funcs.c\ @@ -1300,8 +1300,8 @@ ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ + $(AWK) ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ mkid -fID $$unique tags: TAGS @@ -1326,8 +1326,8 @@ TAGS: tags-recursive $(HEADERS) $(SOURCES) config.in $(TAGS_DEPENDENCIES) \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ + $(AWK) ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ @@ -1337,12 +1337,13 @@ ctags: CTAGS CTAGS: ctags-recursive $(HEADERS) $(SOURCES) config.in $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) tags=; \ + here=`pwd`; \ list='$(SOURCES) $(HEADERS) config.in $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ + $(AWK) ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ test -z "$(CTAGS_ARGS)$$tags$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$tags $$unique @@ -1389,7 +1390,7 @@ maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES) -@BUILD_CRASHMOD_FALSE@@BUILD_ELFUTILS_FALSE@install-exec-local: +@BUILD_CRASHMOD_FALSE@@BUILD_ELFUTILS_FALSE@@BUILD_SERVER_FALSE@install-exec-local: clean: clean-recursive clean-am: clean-binPROGRAMS clean-generic clean-local \ @@ -1529,6 +1530,12 @@ cscope: @BUILD_ELFUTILS_TRUE@ done @BUILD_ELFUTILS_TRUE@install-exec-local: install-elfutils +@BUILD_SERVER_TRUE@install-exec-local: install-scripts +@BUILD_SERVER_TRUE@install-scripts: +@BUILD_SERVER_TRUE@ for f in $(bin_SCRIPTS); do \ +@BUILD_SERVER_TRUE@ sed -i -e "/INSTALL-HOOK/d;s,exec_prefix=,exec_prefix=$(exec_prefix)/bin/,;s,sysconfdir=.*,sysconfdir=$(sysconfdir)," $(DESTDIR)$(bindir)/$$f; \ +@BUILD_SERVER_TRUE@ done + install-exec-hook: if [ `id -u` -eq 0 ]; then chmod 04111 "$(DESTDIR)$(bindir)/staprun"; fi @@ -1567,6 +1574,7 @@ install-data-local: i_cmd="$(INSTALL_PROGRAM)"; else \ i_cmd="$(INSTALL_DATA)"; fi; \ $$i_cmd -D $$f $(DESTDIR)$(docdir)/examples/$$f; done) + test -e $(DESTDIR)$(sysconfdir)/systemtap || mkdir -p $(DESTDIR)$(sysconfdir)/systemtap gcov: @-$(MAKE) clean CXXFLAGS="-g -fprofile-arcs -ftest-coverage" all check @@ -1,7 +1,7 @@ -# generated automatically by aclocal 1.10.1 -*- Autoconf -*- +# generated automatically by aclocal 1.10 -*- Autoconf -*- # Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, -# 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2005, 2006 Free Software Foundation, Inc. # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -11,13 +11,10 @@ # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. -m4_ifndef([AC_AUTOCONF_VERSION], - [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl -m4_if(AC_AUTOCONF_VERSION, [2.63],, -[m4_warning([this file was generated for autoconf 2.63. -You have another version of autoconf. It may work, but is not guaranteed to. -If you have problems, you may need to regenerate the build system entirely. -To do so, use the procedure documented by the package, typically `autoreconf'.])]) +m4_if(m4_PACKAGE_VERSION, [2.61],, +[m4_fatal([this file was generated for autoconf 2.61. +You have another version of autoconf. If you want to use that, +you should regenerate the build system entirely.], [63])]) # pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*- # @@ -87,14 +84,16 @@ fi]) # _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES]) # --------------------------------------------- m4_define([_PKG_CONFIG], -[if test -n "$$1"; then - pkg_cv_[]$1="$$1" - elif test -n "$PKG_CONFIG"; then - PKG_CHECK_EXISTS([$3], - [pkg_cv_[]$1=`$PKG_CONFIG --[]$2 "$3" 2>/dev/null`], - [pkg_failed=yes]) - else - pkg_failed=untried +[if test -n "$PKG_CONFIG"; then + if test -n "$$1"; then + pkg_cv_[]$1="$$1" + else + PKG_CHECK_EXISTS([$3], + [pkg_cv_[]$1=`$PKG_CONFIG --[]$2 "$3" 2>/dev/null`], + [pkg_failed=yes]) + fi +else + pkg_failed=untried fi[]dnl ])# _PKG_CONFIG @@ -138,9 +137,9 @@ See the pkg-config man page for more details.]) if test $pkg_failed = yes; then _PKG_SHORT_ERRORS_SUPPORTED if test $_pkg_short_errors_supported = yes; then - $1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors "$2" 2>&1` + $1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "$2"` else - $1[]_PKG_ERRORS=`$PKG_CONFIG --print-errors "$2" 2>&1` + $1[]_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "$2"` fi # Put the nasty error message in config.log where it belongs echo "$$1[]_PKG_ERRORS" >&AS_MESSAGE_LOG_FD @@ -175,7 +174,7 @@ else fi[]dnl ])# PKG_CHECK_MODULES -# Copyright (C) 2002, 2003, 2005, 2006, 2007 Free Software Foundation, Inc. +# Copyright (C) 2002, 2003, 2005, 2006 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -190,7 +189,7 @@ AC_DEFUN([AM_AUTOMAKE_VERSION], [am__api_version='1.10' dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to dnl require some minimum version. Point them to the right macro. -m4_if([$1], [1.10.1], [], +m4_if([$1], [1.10], [], [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl ]) @@ -206,10 +205,8 @@ m4_define([_AM_AUTOCONF_VERSION], []) # Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced. # This function is AC_REQUIREd by AC_INIT_AUTOMAKE. AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION], -[AM_AUTOMAKE_VERSION([1.10.1])dnl -m4_ifndef([AC_AUTOCONF_VERSION], - [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl -_AM_AUTOCONF_VERSION(AC_AUTOCONF_VERSION)]) +[AM_AUTOMAKE_VERSION([1.10])dnl +_AM_AUTOCONF_VERSION(m4_PACKAGE_VERSION)]) # AM_AUX_DIR_EXPAND -*- Autoconf -*- @@ -504,7 +501,7 @@ AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS], # each Makefile.in and add a new line on top of each file to say so. # Grep'ing the whole file is not good either: AIX grep has a line # limit of 2048, but all sed's we know have understand at least 4000. - if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then + if sed 10q "$mf" | grep '^#.*generated by automake' > /dev/null 2>&1; then dirpart=`AS_DIRNAME("$mf")` else continue @@ -552,13 +549,13 @@ AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS], # Do all the work for Automake. -*- Autoconf -*- # Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, -# 2005, 2006, 2008 Free Software Foundation, Inc. +# 2005, 2006 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. -# serial 13 +# serial 12 # This macro actually does too much. Some checks are only needed if # your package does certain things. But this isn't really a big deal. @@ -663,17 +660,16 @@ AC_PROVIDE_IFELSE([AC_PROG_OBJC], # our stamp files there. AC_DEFUN([_AC_AM_CONFIG_HEADER_HOOK], [# Compute $1's index in $config_headers. -_am_arg=$1 _am_stamp_count=1 for _am_header in $config_headers :; do case $_am_header in - $_am_arg | $_am_arg:* ) + $1 | $1:* ) break ;; * ) _am_stamp_count=`expr $_am_stamp_count + 1` ;; esac done -echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count]) +echo "timestamp for $1" >`AS_DIRNAME([$1])`/stamp-h[]$_am_stamp_count]) # Copyright (C) 2001, 2003, 2005 Free Software Foundation, Inc. # @@ -1034,7 +1030,7 @@ AC_SUBST([INSTALL_STRIP_PROGRAM])]) # _AM_SUBST_NOTMAKE(VARIABLE) # --------------------------- -# Prevent Automake from outputting VARIABLE = @VARIABLE@ in Makefile.in. +# Prevent Automake from outputing VARIABLE = @VARIABLE@ in Makefile.in. # This macro is traced by Automake. AC_DEFUN([_AM_SUBST_NOTMAKE]) diff --git a/doc/ChangeLog b/doc/ChangeLog index b3fd1d78..34f5dbe0 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,3 +1,8 @@ +2009-01-30 Dave Brolley <brolley@redhat.com> + + * Makefile.in: Regenerated. + * SystemTap_Tapset_Reference/Makefile.in: Regenerated. + 2009-01-21 William Cohen <wcohen@redhat.com> * S_T_R/tapsets.tmpl: Use context-symbols.stp and context-unwind.stp. diff --git a/doc/Makefile.in b/doc/Makefile.in index 776381d8..a256be42 100644 --- a/doc/Makefile.in +++ b/doc/Makefile.in @@ -101,6 +101,8 @@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ +PIECFLAGS = @PIECFLAGS@ +PIECXXFLAGS = @PIECXXFLAGS@ PIELDFLAGS = @PIELDFLAGS@ PKG_CONFIG = @PKG_CONFIG@ PROCFLAGS = @PROCFLAGS@ diff --git a/doc/SystemTap_Tapset_Reference/Makefile.in b/doc/SystemTap_Tapset_Reference/Makefile.in index f840d8c5..ac14ca5d 100644 --- a/doc/SystemTap_Tapset_Reference/Makefile.in +++ b/doc/SystemTap_Tapset_Reference/Makefile.in @@ -104,6 +104,8 @@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ +PIECFLAGS = @PIECFLAGS@ +PIECXXFLAGS = @PIECXXFLAGS@ PIELDFLAGS = @PIELDFLAGS@ PKG_CONFIG = @PKG_CONFIG@ PROCFLAGS = @PROCFLAGS@ diff --git a/stap-client b/stap-client index d69b6474..98fd47d0 100755 --- a/stap-client +++ b/stap-client @@ -26,6 +26,13 @@ trap 'ignore_signal' SIGHUP SIGPIPE #----------------------------------------------------------------------------- # function: configuration function configuration { + # INSTALL-HOOK These settings work for running the client from the source tree + # INSTALL-HOOK using the dejagnu test harness and will be overridden at install + # INSTALL-HOOK time. + exec_prefix= + sysconfdir=`pwd`/net + + # General configuration tmpdir_prefix_client=stap.client tmpdir_prefix_server=stap.server avahi_service_tag=_stap._tcp @@ -41,31 +48,23 @@ function initialization { umask 0 staprun_running=0 - # Where are we installed? - if test "`basename $0`" = "stap" -a "$0" = `which stap`; then - # The dejagnu test harness may invoke us as 'stap' relying on $PATH to - # find us. If so, then use the $PATH to find the rest of the systemtap - # tools. - exec_prefix="" - # Also, set the prefix to point to where we were found. - prefix=`which stap` - prefix=`dirname $prefix` - else - # Assume we were installed normally - exec_prefix=`dirname $0` - exec_prefix=`cd $exec_prefix && pwd`/ - prefix=`dirname $exec_prefix` - fi - # Default location for server certificates if we're not root + # Must be owned by us. + local uid uname if test $EUID != 0; then - if check_db $HOME/.systemtap/ssl/client 2>/dev/null; then - local_ssl_dbs=$HOME/.systemtap/ssl/client + if test -e $HOME/.systemtap/ssl/client; then + if check_db $HOME/.systemtap/ssl/client $EUID $USER; then + local_ssl_dbs=$HOME/.systemtap/ssl/client + fi fi fi - # Additional location for all users. - if check_db $prefix/etc/systemtap/ssl/client 2>/dev/null; then - public_ssl_dbs=$prefix/etc/systemtap/ssl/client + # Additional location for all users. Must be owned by root. + if test "X$sysconfdir" != "X"; then + if test -e $sysconfdir/systemtap/ssl/client; then + if check_db $sysconfdir/systemtap/ssl/client 0 root; then + public_ssl_dbs=$sysconfdir/systemtap/ssl/client + fi + fi fi # Default options settings @@ -81,7 +80,7 @@ function initialization { # Do this before parsing the command line so that there is a place # to put -I and -R directories. tmpdir_client=`mktemp -dt $tmpdir_prefix_client.XXXXXX` || \ - fatal "ERROR: cannot create temporary directory " $tmpdir_client + fatal "Cannot create temporary directory " $tmpdir_client tmpdir_env=`dirname $tmpdir_client` } @@ -262,6 +261,10 @@ function parse_options { # Complete the list of local certificate databases local_ssl_dbs="$additional_local_ssl_dbs $local_ssl_dbs" + # We must have at least one usable certificate database. + test "X$local_ssl_dbs" != "X " -o "X$public_ssl_dbs" != "X" || \ + fatal "No usable certificate databases found" + # We can use any server if the phase is less than 5 if test $p_phase -lt 5; then find_all="--all" @@ -391,9 +394,9 @@ function include_file_or_directory { # Add a symbolic link of the named file or directory to our temporary directory local local_name=`generate_client_temp_name $2` mkdir -p $tmpdir_client/$1/`dirname $local_name` || \ - fatal "ERROR: could not create $tmpdir_client/$1/`dirname $local_name`" + fatal "Could not create $tmpdir_client/$1/`dirname $local_name`" ln -s /$local_name $tmpdir_client/$1/$local_name || \ - fatal "ERROR: could not link $tmpdir_client/$1/$local_name to /$local_name" + fatal "Could not link $tmpdir_client/$1/$local_name to /$local_name" echo "$local_name" } @@ -422,7 +425,7 @@ function create_request { if test "X$script_file" != "X"; then if test "$script_file" = "-"; then mkdir -p $tmpdir_client/script || \ - fatal "ERROR: cannot create temporary directory " $tmpdir_client/script + fatal "Cannot create temporary directory " $tmpdir_client/script cat > $tmpdir_client/script/$script_file else include_file_or_directory script $script_file > /dev/null @@ -455,10 +458,10 @@ function package_request { local tmpdir_client_base=`basename $tmpdir_client` zip_client=$tmpdir_env/`mktemp $tmpdir_client_base.zip.XXXXXX` || \ - fatal "ERROR: cannot create temporary file " $zip_client + fatal "Cannot create temporary file " $zip_client (rm $zip_client && zip -r $zip_client $tmpdir_client_base > /dev/null) || \ - fatal "ERROR: zip of request tree, $tmpdir_client, failed" + fatal "zip of request tree, $tmpdir_client, failed" } # function: unpack_response @@ -467,18 +470,18 @@ function package_request { # for printing the results and/or running 'staprun'. function unpack_response { tmpdir_server=`mktemp -dt $tmpdir_prefix_client.server.XXXXXX` || \ - fatal "ERROR: cannot create temporary file " $tmpdir_server + fatal "Cannot create temporary file " $tmpdir_server # Unpack and verify the digitally signed server output directory if ! signtool -d $ssl_db -v $jar_server > /dev/null 2>&1; then # Run the verification again to get the reason - fatal "ERROR: Verification of server response, $jar_server, failed. + fatal "Verification of server response, $jar_server, failed. "`signtool -d $ssl_db -v $jar_server | grep "reported reason"` fi # Unpack the server output directory unzip -d $tmpdir_server $jar_server > /dev/null || \ - fatal "ERROR: Cannot unpack server response, $jar_server" + fatal "Cannot unpack server response, $jar_server" # Check the contents of the expanded directory. It should contain: # 1) a file called stdout @@ -488,28 +491,28 @@ function unpack_response { # 5) optionally a directory named to match stap?????? local num_files=`ls $tmpdir_server | wc -l` test $num_files = 5 -o $num_files = 4 || \ - fatal "ERROR: Wrong number of files in server's temp directory" + fatal "Wrong number of files in server's temp directory" test -f $tmpdir_server/stdout || \ - fatal "ERROR: `pwd`/$tmpdir_server/stdout does not exist or is not a regular file" + fatal "`pwd`/$tmpdir_server/stdout does not exist or is not a regular file" test -f $tmpdir_server/stderr || \ - fatal "ERROR: `pwd`/$tmpdir_server/stderr does not exist or is not a regular file" + fatal "`pwd`/$tmpdir_server/stderr does not exist or is not a regular file" test -f $tmpdir_server/rc || \ - fatal "ERROR: `pwd`/$tmpdir_server/rc does not exist or is not a regular file" + fatal "`pwd`/$tmpdir_server/rc does not exist or is not a regular file" test -d $tmpdir_server/META-INF || \ - fatal "ERROR: `pwd`/$tmpdir_server/META-INF does not exist or is not a directory" + fatal "`pwd`/$tmpdir_server/META-INF does not exist or is not a directory" # See if there is a systemtap temp directory tmpdir_stap=`ls $tmpdir_server | grep stap` tmpdir_stap=`expr "$tmpdir_stap" : "\\\(stap......\\\)"` if test "X$tmpdir_stap" != "X"; then test -d $tmpdir_server/$tmpdir_stap || \ - fatal "ERROR: `pwd`/$tmpdir_server/$tmpdir_stap is not a directory" + fatal "`pwd`/$tmpdir_server/$tmpdir_stap is not a directory" # Move the systemtap temp directory to a local temp location, if -k # was specified. if test $keep_temps = 1; then local local_tmpdir_stap=`mktemp -dt stapXXXXXX` || \ - fatal "ERROR: cannot create temporary directory " $local_tmpdir_stap + fatal "Cannot create temporary directory " $local_tmpdir_stap mv $tmpdir_server/$tmpdir_stap/* $local_tmpdir_stap 2>/dev/null rm -fr $tmpdir_server/$tmpdir_stap @@ -531,7 +534,7 @@ function find_and_connect_to_server { # Make a place to receive the response file. jar_server=`mktemp -t $tmpdir_prefix_client.server.jar.XXXXXX` || \ - fatal "ERROR: cannot create temporary file " $jar_server + fatal "Cannot create temporary file " $jar_server # Make a place to record connection errors touch $tmpdir_client/connect @@ -612,11 +615,11 @@ function find_and_connect_to_server { fi if test $num_servers = 0; then - fatal "ERROR: unable to find a server" + fatal "Unable to find a server" fi cat $tmpdir_client/connect >&2 - fatal "ERROR: unable to connect to a server" + fatal "Unable to connect to a server" } # function: choose_server @@ -631,15 +634,15 @@ function choose_server { while read name ip port remain do if test "X$name" = "X"; then - fatal "ERROR: server name not provided by avahi" + fatal "Server name not provided by avahi" fi # if test "X$ip" = "X"; then -# fatal "ERROR: server ip address not provided by avahi" +# fatal "Server ip address not provided by avahi" # fi if test "X$port" = "X"; then - fatal "ERROR: server port not provided by avahi" + fatal "Server port not provided by avahi" fi ssl_db=`send_receive $name $port` @@ -743,7 +746,7 @@ function maybe_call_staprun { if test "X$tmpdir_stap" = "X"; then # OK if no script specified if test "X$e_script" != "X" -o "X$script_file" != "X"; then - fatal "ERROR: systemtap temporary directory is missing in server response" + fatal "systemtap temporary directory is missing in server response" fi return fi @@ -751,7 +754,7 @@ function maybe_call_staprun { # There should be a module. local mod_name=`ls $tmpdir_stap | grep '.ko$'` if test "X$mod_name" = "X"; then - fatal "ERROR: no module was found in $tmpdir_stap" + fatal "No module was found in $tmpdir_stap" fi if test $p_phase = 5; then @@ -825,11 +828,13 @@ function staprun_PATH { echo "PATH=$PATH staprun" | sed "s,$PATH_component,,g" } -# function: check_db DBNAME +# function: check_db DBNAME [ EUID USER ] # # Check the security of the given database directory. function check_db { local dir=$1 + local euid=$2 + local user=$3 local rc=0 # Check that we have been given a directory @@ -842,6 +847,16 @@ function check_db { return 1 fi + # If euid has been specified, then this directory must be owned by that + # user. + if test "X$euid" != "X"; then + local ownerid=`stat -c "%u" $dir` + if test "X$ownerid" != "X$euid"; then + warning "Certificate database '$dir' must be owned by $user" + rc=1 + fi + fi + # Check that we can read the directory if ! test -r $dir; then warning "Certificate database '$dir' is not readble" @@ -881,16 +896,16 @@ function check_db { fi # Now check the permissions of the critical files. - check_db_file $dir/cert8.db || rc=1 - check_db_file $dir/key3.db || rc=1 - check_db_file $dir/secmod.db || rc=1 + check_db_file $dir/cert8.db $euid $user || rc=1 + check_db_file $dir/key3.db $euid $user || rc=1 + check_db_file $dir/secmod.db $euid $user || rc=1 test $rc = 1 && warning "Unable to use certificate database '$dir' due to errors" return $rc } -# function: check_db_file FILENAME +# function: check_db_file FILENAME [ EUID USER ] # # Check the security of the given database file. function check_db_file { @@ -907,6 +922,16 @@ function check_db_file { return 1 fi + # If euid has been specified, then this directory must be owned by that + # user. + if test "X$euid" != "X"; then + local ownerid=`stat -c "%u" $file` + if test "X$ownerid" != "X$euid"; then + warning "Certificate database file '$file' must be owned by $user" + rc=1 + fi + fi + # Check that we can read the file if ! test -r $file; then warning "Certificate database file '$file' is not readble" @@ -964,7 +989,7 @@ function warning { # Fatal error # Prints its arguments to stderr and exits function fatal { - echo "$0:" "$@" >&2 + echo "$0: ERROR:" "$@" >&2 cleanup exit 1 } diff --git a/stap-find-or-start-server b/stap-find-or-start-server index efe23558..97e7caca 100755 --- a/stap-find-or-start-server +++ b/stap-find-or-start-server @@ -17,15 +17,16 @@ # # Otherwise, it echoes -1 and exits with 1 -# Where are we installed? -exec_prefix=`dirname $0` -exec_prefix=`cd $exec_prefix && pwd` +# INSTALL-HOOK These settings work for running the client from the source tree +# INSTALL-HOOK using the dejagnu test harness and will be overridden at install +# INSTALL-HOOK time. +exec_prefix= # Is there a server available? -$exec_prefix/stap-find-servers >/dev/null 2>&1 && echo 0 && exit 0 +${exec_prefix}stap-find-servers >/dev/null 2>&1 && echo 0 && exit 0 # No server available, try to start one. -pid=`$exec_prefix/stap-start-server "$@"` +pid=`${exec_prefix}stap-start-server "$@"` if test $? = 0; then echo $pid exit 0 diff --git a/stap-server b/stap-server index 4f1ccf9b..64d26d13 100755 --- a/stap-server +++ b/stap-server @@ -21,6 +21,12 @@ trap 'terminate' SIGTERM SIGINT #----------------------------------------------------------------------------- # function: configuration function configuration { + # INSTALL-HOOK These settings work for running the client from the source tree + # INSTALL-HOOK using the dejagnu test harness and will be overridden at install + # INSTALL-HOOK time. + exec_prefix= + sysconfdir=`pwd`/net + # Configuration tmpdir_prefix_client=stap.client tmpdir_prefix_server=stap.server @@ -36,28 +42,38 @@ function initialization { p_phase=5 keep_temps=0 - # Where are we installed? - exec_prefix=`dirname $0` - exec_prefix=`cd $exec_prefix && pwd` - # Request file name. zip_client=$1 + test "X$zip_client" != "X" || \ + fatal "Client request file not specified" test -f $zip_client || \ - fatal "ERROR: Unable to find request file $zip_client" + fatal "Unable to find request file $zip_client" # Temp directory we will be working in tmpdir_server=$2 + test "X$tmpdir_server" != "X" || \ + fatal "Server temporary directory not specified" test -d $tmpdir_server || \ - fatal "ERROR: Cannot find temporary directory $tmpdir_server" + fatal "Unable to find temporary directory $tmpdir_server" tmpdir_env=`dirname $tmpdir_server` # Signed reponse file name. jar_server=$3 + test "X$jar_server" != "X" || \ + fatal ".jar archive file not specified" + # Make sure the specified .jar file exists. + test -f $jar_server || \ + fatal "Unable to find .jar archive file $jar_server" # Where is the ssl certificate/key database? ssl_db=$4 - test "X$ssl_db" = "X" && ssl_db=/etc/systemtap/ssl/server + test "X$ssl_db" != "X" || \ + fatal "SSL certificate database not specified" + test -d $ssl_db || \ + fatal "Unable to find SSL certificate database $ssl_db" nss_pw=$ssl_db/pw + test -f $nss_pw || \ + fatal "Unable to find SSL certificate database password file $nss_pw" nss_cert=stap-server } @@ -70,23 +86,23 @@ function unpack_request { # Unpack the zip file. unzip $zip_client > /dev/null || \ - fatal "ERROR: cannot unpack zip archive $zip_client" + fatal "Cannot unpack zip archive $zip_client" # Identify the client's request tree. The zip file should have expanded # into a single directory named to match $tmpdir_prefix_client.?????? # which should now be the only item in the current directory. test "`ls | wc -l`" = 1 || \ - fatal "ERROR: Wrong number of files after expansion of client's zip file" + fatal "Wrong number of files after expansion of client's zip file" tmpdir_client=`ls` tmpdir_client=`expr "$tmpdir_client" : "\\\($tmpdir_prefix_client\\\\.......\\\)"` test "X$tmpdir_client" != "X" || \ - fatal "ERROR: client zip file did not expand as expected" + fatal "Client zip file did not expand as expected" # Move the client's temp directory to a local temp location local local_tmpdir_client=`mktemp -dt $tmpdir_prefix_server.client.XXXXXX` || \ - fatal "ERROR: cannot create temporary zip file " $local_tmpdir_client + fatal "Cannot create temporary zip file " $local_tmpdir_client mv $tmpdir_client/* $local_tmpdir_client rm -fr $tmpdir_client tmpdir_client=$local_tmpdir_client @@ -129,7 +145,7 @@ function check_compatibility { local sysinfo2=$2 if test "$sysinfo1" != "$sysinfo2"; then - error "ERROR: system configuration mismatch" + error "System configuration mismatch" error " client: $sysinfo1" fatal " server: $sysinfo2" fi @@ -141,7 +157,7 @@ function check_compatibility { # contents are '$1: .*'. Read and echo the data. function read_data_file { test -f $1 || \ - fatal "ERROR: Data file $1 not found" + fatal "Data file $1 not found" # Open the file exec 3< $1 @@ -151,7 +167,7 @@ function read_data_file { line="$REPLY" data=`expr "$line" : "$1: \\\(.*\\\)"` if test "X$data" = "X"; then - fatal "ERROR: Data in file $1 is incorrect" + fatal "Data in file $1 is incorrect" return fi @@ -316,7 +332,7 @@ function call_stap { server_p_phase=$p_phase fi - eval $exec_prefix/stap "$cmdline" -k -p $server_p_phase \ + eval ${exec_prefix}stap "$cmdline" -k -p $server_p_phase \ >> $tmpdir_server/stdout \ 2>> $tmpdir_server/stderr @@ -365,11 +381,6 @@ function package_response { # will sign the entire directory and compress it into a .jar # archive. # - # Make sure the specified .jar file exists. - test -f $jar_server || \ - fatal "ERROR: Could not find .jar archive file $jar_server" - #chmod +r $jar_server - # Generate the jar file signtool -d $ssl_db -k $nss_cert -p `cat $nss_pw` -Z $jar_server $tmpdir_server >/dev/null } @@ -379,7 +390,7 @@ function package_response { # Fatal error # Prints its arguments to stderr and exits function fatal { - echo "`basename $0`:" "$@" >> $tmpdir_server/stderr + echo "$0`: ERROR:" "$@" >> $tmpdir_server/stderr cleanup exit 1 } @@ -387,7 +398,7 @@ function fatal { # Non fatal error # Prints its arguments to stderr but does not exit function error { - echo "`basename $0`:" "$@" >> $tmpdir_server/stderr + echo "$0`: ERROR:" "$@" >> $tmpdir_server/stderr } # function cleanup diff --git a/stap-serverd b/stap-serverd index 818e3ec3..d51866aa 100755 --- a/stap-serverd +++ b/stap-serverd @@ -21,14 +21,15 @@ trap 'terminate' SIGTERM SIGINT #----------------------------------------------------------------------------- # function: initialization PORT function initialization { + # INSTALL-HOOK These settings work for running the server from the source tree + # INSTALL-HOOK using the dejagnu test harness and will be overridden at install + # INSTALL-HOOK time. + exec_prefix= + sysconfdir=`pwd`/net + # Default settings. avahi_type=_stap._tcp - # Where are we installed? - exec_prefix=`dirname $0` - exec_prefix=`cd $exec_prefix && pwd` - prefix=`dirname $exec_prefix` - # What port will we listen on? port=$1 test "X$port" = "X" && port=65000 @@ -45,16 +46,16 @@ function initialization { # If no certificate/key database has been specified, then find/create # a local one. if test $EUID = 0; then - ssl_db=$prefix/etc/systemtap/ssl/server + ssl_db=$sysconfdir/systemtap/ssl/server else ssl_db=$HOME/.systemtap/ssl/server fi if ! test -f $ssl_db/stap-server.cert; then - $exec_prefix/stap-gen-server-cert `dirname $ssl_db` || exit 1 + ${exec_prefix}stap-gen-server-cert `dirname $ssl_db` || exit 1 # Now add the server's certificate to the client's database, # making it a trusted peer. Do this only if the client has been installed. - if test -f $exec_prefix/stap-add-server-cert -a -f $exec_prefix/stap-add-server-cert; then - $exec_prefix/stap-add-server-cert $ssl_db/stap-server.cert `dirname $ssl_db` + if test -f `which ${exec_prefix}stap-add-server-cert` -a -x `which ${exec_prefix}stap-add-server-cert`; then + ${exec_prefix}stap-add-server-cert $ssl_db/stap-server.cert `dirname $ssl_db` fi fi fi @@ -88,8 +89,8 @@ function advertise_presence { function listen { # The stap-server-connect program will listen forever # accepting requests. - $exec_prefix/stap-server-connect -p $port -n $nss_cert -d $ssl_db -w $nss_pw 2>&1 & - wait '%$exec_prefix/stap-server-connect' >/dev/null 2>&1 + ${exec_prefix}stap-server-connect -p $port -n $nss_cert -d $ssl_db -w $nss_pw 2>&1 & + wait '%${exec_prefix}stap-server-connect' >/dev/null 2>&1 } # function: check_db DBNAME @@ -115,6 +116,13 @@ function check_db { rc=1 fi + # We must be the owner of the database. + local ownerid=`stat -c "%u" $dir` + if test "X$ownerid" != "X$EUID"; then + warning "Certificate database '$dir' must be owned by $USER" + rc=1 + fi + # Check the access permissions of the directory local perm=0`stat -c "%a" $dir` if test $((($perm & 0400) == 0400)) = 0; then @@ -176,6 +184,13 @@ function check_db_file { return 1 fi + # We must be the owner of the file. + local ownerid=`stat -c "%u" $file` + if test "X$ownerid" != "X$EUID"; then + warning "Certificate database file '$file' must be owned by $USER" + rc=1 + fi + # Check that we can read the file if ! test -r $file; then warning "Certificate database file '$file' is not readble" @@ -239,6 +254,13 @@ function check_cert_file { return 1 fi + # We must be the owner of the file. + local ownerid=`stat -c "%u" $file` + if test "X$ownerid" != "X$EUID"; then + warning "Certificate file '$file' must be owned by $USER" + rc=1 + fi + # Check the access permissions of the file local perm=0`stat -c "%a" $file` if test $((($perm & 0400) == 0400)) = 0; then @@ -290,7 +312,7 @@ function warning { # Fatal error # Prints its arguments to stderr and exits function fatal { - echo "$0: FATAL:" "$@" >&2 + echo "$0: ERROR:" "$@" >&2 terminate exit 1 } @@ -306,8 +328,8 @@ function terminate { wait '%avahi-publish-service' >/dev/null 2>&1 # Kill any running 'stap-server-connect' job. - kill -s SIGTERM '%$exec_prefix/stap-server-connect' 2> /dev/null - wait '%$exec_prefix/stap-server-connect' >/dev/null 2>&1 + kill -s SIGTERM '%${exec_prefix}stap-server-connect' 2> /dev/null + wait '%${exec_prefix}stap-server-connect' >/dev/null 2>&1 exit } diff --git a/stap-start-server b/stap-start-server index c8ea8178..f1f02d2f 100755 --- a/stap-start-server +++ b/stap-start-server @@ -12,20 +12,21 @@ # This script attempts to start a systemtap server and echoes the # process id, if successful. -# Where are we installed? -exec_prefix=`dirname $0` -exec_prefix=`cd $exec_prefix && pwd` -prefix=`dirname $exec_prefix` +# INSTALL-HOOK These settings work for running the client from the source tree +# INSTALL-HOOK using the dejagnu test harness and will be overridden at install +# INSTALL-HOOK time. +exec_prefix= +sysconfdir=`pwd`/net # start the server -$exec_prefix/stap-serverd "$@" </dev/null >/dev/null 2>&1 & +${exec_prefix}stap-serverd "$@" </dev/null >/dev/null 2>&1 & server_pid=$! # Make sure the server is started -for ((attempt=0; $attempt < 5; ++attempt)) +for ((attempt=0; $attempt < 10; ++attempt)) do if test $EUID = 0; then - if ! test -f $prefix/etc/systemtap/ssl/server/stap-server.cert; then + if ! test -f $sysconfdir/systemtap/ssl/server/stap-server.cert; then sleep 1 continue; fi diff --git a/testsuite/ChangeLog b/testsuite/ChangeLog index 58fa46bd..e374565d 100644 --- a/testsuite/ChangeLog +++ b/testsuite/ChangeLog @@ -1,3 +1,9 @@ +2009-01-30 Dave Brolley <brolley@redhat.com> + + * lib/systemtap.exp (setup_systemtap_environment): Make sure that + the build directory is on the path if using a server for 'make check'. + Use a string to check $server_pid. + 2009-01-23 Will Cohen <wcohen@redhat.com> * systemtap.samples/scf.stp: diff --git a/testsuite/lib/systemtap.exp b/testsuite/lib/systemtap.exp index f399073e..5bf125b9 100644 --- a/testsuite/lib/systemtap.exp +++ b/testsuite/lib/systemtap.exp @@ -62,17 +62,17 @@ proc setup_systemtap_environment {} { # Server management scripts and data are installed if this is an # install test, otherwise there is some setup to do. if {! [installtest_p]} then { - # Make sure the server management scripts are on the $PATH. - set env(PATH) "$srcdir/..:$env(PATH)" + # Make sure the server management scripts and tools are on the $PATH. + set env(PATH) "$srcdir/..:[exec pwd]/..:$env(PATH)" } # Try to find or start the server. set server_pid [exec stap-find-or-start-server] - if { $server_pid == -1 } then { + if { "$server_pid" == "-1" } then { print "Cannot find or start a systemtap server" set server_pid 0 # TODO: How do we abort here? - } elseif { $server_pid == 0 } then { + } elseif { "$server_pid" == "0" } then { print "A compatible systemtap server is already available" } else { print "Started a systemtap server as PID==$server_pid" |