diff options
| author | Dave Brolley <brolley@redhat.com> | 2009-04-14 12:33:28 -0400 |
|---|---|---|
| committer | Dave Brolley <brolley@redhat.com> | 2009-04-14 12:33:28 -0400 |
| commit | a2422e707214a425e4e10ac5b7c39fc5ae4dea56 (patch) | |
| tree | 01bb7e3524498acb351dd5d95cb15a2ace605da7 /cache.cxx | |
| parent | 2f7ba4b8416eae26971da68fdc14aa8560a7939c (diff) | |
| download | systemtap-steved-a2422e707214a425e4e10ac5b7c39fc5ae4dea56.tar.gz systemtap-steved-a2422e707214a425e4e10ac5b7c39fc5ae4dea56.tar.xz systemtap-steved-a2422e707214a425e4e10ac5b7c39fc5ae4dea56.zip | |
2009-04-14 Dave Brolley <brolley@redhat.com>
* translate.cxx (c_unparser::emit_unprivileged_user_check): Generate
code to check _stp_unprivileged_user.
* testsuite/lib/systemtap.exp (setup_server): Copy stap-env to $net_path.
* runtime/transport/transport.c: Set up _stp_unprivileged_user.
* runtime/staprun/staprun_funcs.c (check_signature): Distiguish among
verification failure due to errors, tampering, untrusted signer.
(check_permissions): Likewise.
(check_groups): Set unprivileged_user.
* runtime/staprun/staprun.c (insert_stap_module): Set _stp_unprivileged_user.
* runtime/staprun/modverify.h (MODULE_OK): #define it.
(MODULE_UNTRUSTED,MODULE_CHECK_ERROR,MODULE_ALTERED): Likewise.
* runtime/staprun/modverify.c (modverify.h): #include it.
(verify_it): Distiguish among verification failure due to errors,
tampering, untrusted signer.
(verify_module): Likewise.
* runtime/staprun/common.c (unprivileged_user): Define it.
* runtime/staprun/staprun.h (unprivileged_user): Declare it.
* cache.cxx (get_from_cache): Get the module signature file.
* stap-authorize-server-cert: Source `dirname $0`/stap-env.
* stap-authorize-signing-cert: Likewise.
* stap-client: Likewise.
* stap-find-or-start-server: Likewise.
* stap-find-servers: Likewise.
* stap-gen-cert: Likewise.
* stap-server: Likewise.
* stap-serverd: Likewise.
* stap-start-server: Likewise.
Diffstat (limited to 'cache.cxx')
| -rw-r--r-- | cache.cxx | 24 |
1 files changed, 23 insertions, 1 deletions
@@ -69,7 +69,7 @@ add_to_cache(systemtap_session& s) } #if HAVE_NSS - // This is the name of the cached module signatire. + // This is the name of the cached module signature. string module_signature_dest_path = s.hash_path; module_signature_dest_path += ".sgn"; @@ -133,6 +133,10 @@ get_from_cache(systemtap_session& s) string module_dest_path = s.tmpdir + "/" + s.module_name + ".ko"; string c_src_path = s.hash_path; int fd_stapconf, fd_module, fd_c; +#if HAVE_NSS + string hash_signature_path = s.hash_path + ".sgn"; + int fd_signature; +#endif if (c_src_path.rfind(".ko") == (c_src_path.size() - 3)) c_src_path.resize(c_src_path.size() - 3); @@ -202,6 +206,24 @@ get_from_cache(systemtap_session& s) close(fd_c); return false; } +#if HAVE_NSS + // See if module signature exists. It's not an error if it doesn't. It just + // means that the module is unsigned. + fd_signature = open(hash_signature_path.c_str(), O_RDONLY); + if (fd_signature != -1) { + string signature_dest_path = module_dest_path + ".sgn"; + close(fd_signature); + if (copy_file(hash_signature_path.c_str(), signature_dest_path.c_str()) != 0) + { + cerr << "Copy failed (\"" << hash_signature_path << "\" to \"" + << signature_dest_path << "\"): " << strerror(errno) << endl; + unlink(c_src_path.c_str()); + close(fd_module); + close(fd_c); + return false; + } + } +#endif } // We're done with these file handles. |