Server response is no longer signed. Passed as a zip archive instead.

4 files changed, 56 insertions, 47 deletions

diff --git a/ChangeLog b/ChangeLog
index 0dc8cdc9..6a609a62 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,14 @@
+2009-02-11  Dave Brolley  <brolley@redhat.com>
+
+	* stap-client: s/jar/zip/.
+	(unpack_response): Server response is now a .zip file. No longer
+	signed, so no longer needs verification. Move Contents of server
+	response down one directory level. META-INF no longer required to be
+	present in the server response.
+	* stap-server: s/jar/zip/.
+	(create_response): Don't sign the server response. Use zip instead.
+	* stap-server-connect.c: s/jar/zip/.
+
 2009-02-10  Josh Stone  <jistone@redhat.com>
 
 	* staptree.h (update_visitor::require): Add a clearok parameter for
diff --git a/stap-client b/stap-client
index ad3981f0..e2d95ada 100755
--- a/stap-client
+++ b/stap-client
@@ -466,31 +466,34 @@ function package_request {
 
 # function: unpack_response
 #
-# Unpack the jar file received from the server and make the contents available
+# Unpack the zip file received from the server and make the contents available
 # for printing the results and/or running 'staprun'.
 function unpack_response {
     tmpdir_server=`mktemp -dt $tmpdir_prefix_client.server.XXXXXX` || \
 	fatal "Cannot create temporary file " $tmpdir_server
 
-    # Unpack and verify the digitally signed server output directory
-    if ! signtool -d $ssl_db -v $jar_server > /dev/null 2>&1; then
-	# Run the verification again to get the reason
-	fatal "Verification of server response, $jar_server, failed.
-"`signtool -d $ssl_db -v $jar_server | grep "reported reason"`
-    fi
-
     # Unpack the server output directory
-    unzip -d $tmpdir_server $jar_server > /dev/null || \
-	fatal "Cannot unpack server response, $jar_server"
+    unzip -d $tmpdir_server $zip_server > /dev/null || \
+	fatal "Cannot unpack server response, $zip_server"
+
+    # Check the contents of the expanded directory. It should contain a
+    # single directory whose name matches stap.server.??????
+    local num_files=`ls $tmpdir_server | wc -l`
+    test $num_files = 1 || \
+	fatal "Wrong number of files in server's temp directory"
+    test -d $tmpdir_server/stap.server.?????? || \
+	fatal "`ls $tmpdir_server` does not match the expected name or is not a directory"
+    # Move the contents of the directory down one level.
+    mv $tmpdir_server/stap.server.??????/* $tmpdir_server
+    rm -fr $tmpdir_server/stap.server.??????
 
-    # Check the contents of the expanded directory. It should contain:
+    # Check the contents of the directory. It should contain:
     # 1) a file called stdout
     # 2) a file called stderr
     # 3) a file called rc
-    # 4) a directory called META-INF
-    # 5) optionally a directory named to match stap??????
-    local num_files=`ls $tmpdir_server | wc -l`
-    test $num_files = 5 -o $num_files = 4 || \
+    # 4) optionally a directory named to match stap??????
+    num_files=`ls $tmpdir_server | wc -l`
+    test $num_files = 4 -o $num_files = 3 || \
 	fatal "Wrong number of files in server's temp directory"
     test -f $tmpdir_server/stdout || \
 	fatal "`pwd`/$tmpdir_server/stdout does not exist or is not a regular file"
@@ -498,8 +501,6 @@ function unpack_response {
 	fatal "`pwd`/$tmpdir_server/stderr does not exist or is not a regular file"
     test -f $tmpdir_server/rc || \
 	fatal "`pwd`/$tmpdir_server/rc does not exist or is not a regular file"
-    test -d $tmpdir_server/META-INF || \
-	fatal "`pwd`/$tmpdir_server/META-INF does not exist or is not a directory"
 
     # See if there is a systemtap temp directory
     tmpdir_stap=`cd $tmpdir_server && ls | grep stap......\$ 2>/dev/null`
@@ -532,8 +533,8 @@ function find_and_connect_to_server {
     local num_servers=0
 
     # Make a place to receive the response file.
-    jar_server=`mktemp -t $tmpdir_prefix_client.server.jar.XXXXXX` || \
-	fatal "Cannot create temporary file " $jar_server
+    zip_server=`mktemp -t $tmpdir_prefix_client.server.zip.XXXXXX` || \
+	fatal "Cannot create temporary file " $zip_server
 
     # Make a place to record connection errors
     touch $tmpdir_client/connect
@@ -680,7 +681,7 @@ function send_receive {
     do
         # Send the request and receive the response using stap-client-connect
 	echo "Attempting connection with $server:$port using certificate database in '$db'" >> $tmpdir_client/connect
-	${exec_prefix}stap-client-connect -i $zip_client -o $jar_server -d $db -p $port -h $server >> $tmpdir_client/connect 2>&1 &
+	${exec_prefix}stap-client-connect -i $zip_client -o $zip_server -d $db -p $port -h $server >> $tmpdir_client/connect 2>&1 &
 	wait '%${exec_prefix}stap-client-connect'
 	test $? = 0 && echo $db && return
 	sleep 1
@@ -691,7 +692,7 @@ function send_receive {
     do
         # Send the request and receive the response using stap-client-connect
 	echo "Attempting connection with $server:$port using certificate database in '$db'" >> $tmpdir_client/connect
-	${exec_prefix}stap-client-connect -i $zip_client -o $jar_server -d $db -p $port -h $server >> $tmpdir_client/connect 2>&1 &
+	${exec_prefix}stap-client-connect -i $zip_client -o $zip_server -d $db -p $port -h $server >> $tmpdir_client/connect 2>&1 &
 	wait '%${exec_prefix}stap-client-connect'
 	test $? = 0 && echo $db && return
 	sleep 1
@@ -1002,7 +1003,7 @@ function cleanup {
     if test $keep_temps != 1; then
 	rm -fr $tmpdir_client
 	rm -f  $zip_client
-	rm -f  $jar_server
+	rm -f  $zip_server
 	rm -fr $tmpdir_server
     fi
 }
diff --git a/stap-server b/stap-server
index a4d0e8c7..ec827a09 100755
--- a/stap-server
+++ b/stap-server
@@ -58,12 +58,12 @@ function initialization {
     tmpdir_env=`dirname $tmpdir_server`
 
     # Signed reponse file name.
-    jar_server=$3
-    test "X$jar_server" != "X" || \
-	fatal ".jar archive file not specified"
-    # Make sure the specified .jar file exists.
-    test -f $jar_server || \
-	fatal "Unable to find .jar archive file $jar_server"
+    zip_server=$3
+    test "X$zip_server" != "X" || \
+	fatal ".zip archive file not specified"
+    # Make sure the specified .zip file exists.
+    test -f $zip_server || \
+	fatal "Unable to find .zip archive file $zip_server"
 
     # Where is the ssl certificate/key database?
     ssl_db=$4
@@ -385,12 +385,9 @@ function create_response {
 function package_response {
     cd $tmpdir_env
 
-    # We will be digitally signing the server's temporary directory. This
-    # will sign the entire directory and compress it into a .jar
-    # archive.
-    #
-    # Generate the jar file
-    signtool -d $ssl_db -k $nss_cert -p `cat $nss_pw` -Z $jar_server $tmpdir_server >/dev/null
+    # Compress the server's temporary directory into a .zip archive.
+    (rm $zip_server && zip -r $zip_server `basename $tmpdir_server` > /dev/null) || \
+	fatal "zip of request tree, $tmpdir_server, failed"
 }
 
 # function: fatal [ MESSAGE ]
diff --git a/stap-server-connect.c b/stap-server-connect.c
index 2a7827f7..8263a3d5 100644
--- a/stap-server-connect.c
+++ b/stap-server-connect.c
@@ -40,7 +40,7 @@ static SECKEYPrivateKey *privKey = NULL;
 static char             *dbdir   = NULL;
 static char requestFileName[] = "/tmp/stap.server.client.zip.XXXXXX";
 static char responseDirName[] = "/tmp/stap.server.XXXXXX";
-static char responseJarName[] = "/tmp/stap.server.XXXXXX.jar.XXXXXX";
+static char responseZipName[] = "/tmp/stap.server.XXXXXX.zip.XXXXXX";
 
 static void
 Usage(const char *progName)
@@ -325,17 +325,17 @@ writeDataToSocket(PRFileDesc *sslSocket)
   /* Try to open the local file named.	
    * If successful, then write it to the client.
    */
-  prStatus = PR_GetFileInfo(responseJarName, &info);
+  prStatus = PR_GetFileInfo(responseZipName, &info);
   if (prStatus != PR_SUCCESS || info.type != PR_FILE_FILE || info.size < 0)
     {
-      fprintf (stderr, "Input file %s not found\n", responseJarName);
+      fprintf (stderr, "Input file %s not found\n", responseZipName);
       return SECFailure;
     }
 
-  local_file_fd = PR_Open(responseJarName, PR_RDONLY, 0);
+  local_file_fd = PR_Open(responseZipName, PR_RDONLY, 0);
   if (local_file_fd == NULL)
     {
-      fprintf (stderr, "Could not open input file %s\n", responseJarName);
+      fprintf (stderr, "Could not open input file %s\n", responseZipName);
       return SECFailure;
     }
 
@@ -355,7 +355,7 @@ writeDataToSocket(PRFileDesc *sslSocket)
 #if DEBUG
   /* Transmitted bytes successfully. */
   fprintf(stderr, "PR_TransmitFile wrote %d bytes from %s\n",
-	  numBytes, responseJarName);
+	  numBytes, responseZipName);
 #endif
 
   PR_Close(local_file_fd);
@@ -428,12 +428,12 @@ handle_connection(PRFileDesc *tcpSocket)
       goto cleanup;
     }
 
-  memcpy (responseJarName, responseDirName, sizeof (responseDirName) - 1);
-  memcpy (responseJarName + sizeof (responseJarName) - 1 - 6, "XXXXXX", 6);
-  rc = mkstemp(responseJarName);
+  memcpy (responseZipName, responseDirName, sizeof (responseDirName) - 1);
+  memcpy (responseZipName + sizeof (responseZipName) - 1 - 6, "XXXXXX", 6);
+  rc = mkstemp(responseZipName);
   if (rc == -1)
     {
-      fprintf (stderr, "Could not create temporary file %s\n", responseJarName);
+      fprintf (stderr, "Could not create temporary file %s\n", responseZipName);
       perror ("");
       secStatus = SECFailure;
 
@@ -468,7 +468,7 @@ handle_connection(PRFileDesc *tcpSocket)
   cmdline = PORT_Alloc(sizeof ("stap-server") +
 		       sizeof (requestFileName) +
 		       sizeof (responseDirName) +
-		       sizeof (responseJarName) +
+		       sizeof (responseZipName) +
 		       strlen (dbdir) + 1);
   if (! cmdline) {
     errWarn ("PORT_Alloc");
@@ -477,7 +477,7 @@ handle_connection(PRFileDesc *tcpSocket)
   }
 
   sprintf (cmdline, "stap-server %s %s %s %s",
-	   requestFileName, responseDirName, responseJarName, dbdir);
+	   requestFileName, responseDirName, responseZipName, dbdir);
   rc = system (cmdline);
 
   PR_Free (cmdline);
@@ -501,7 +501,7 @@ cleanup:
       prStatus = PR_Delete (requestFileName);
       if (prStatus != PR_SUCCESS)
 	errWarn ("PR_Delete");
-      prStatus = PR_Delete (responseJarName);
+      prStatus = PR_Delete (responseZipName);
       if (prStatus != PR_SUCCESS)
 	errWarn ("PR_Delete");
     }