diff options
| author | Frank Ch. Eigler <fche@elastic.org> | 2009-09-15 18:29:45 -0400 |
|---|---|---|
| committer | Frank Ch. Eigler <fche@elastic.org> | 2009-09-15 18:29:45 -0400 |
| commit | da23eceb71cc70668ab9dfd80d318b3837703d9d (patch) | |
| tree | dcfb85f50cf035213bde1836d2167ceca00c8205 /modsign.cxx | |
| parent | 2260f4e32eb4c0b4cc95e4bef8ccdc5dc66261af (diff) | |
| parent | 24fcff20ed7a4a9f2b772c572db28ee8df49161f (diff) | |
| download | systemtap-steved-da23eceb71cc70668ab9dfd80d318b3837703d9d.tar.gz systemtap-steved-da23eceb71cc70668ab9dfd80d318b3837703d9d.tar.xz systemtap-steved-da23eceb71cc70668ab9dfd80d318b3837703d9d.zip | |
Merge branch 'master' of ssh://sources.redhat.com/git/systemtap
* 'master' of ssh://sources.redhat.com/git/systemtap: (34 commits)
Update the langref copyright notice
Fix some probe examples in the language reference
Remove automatic authorization of servers started by root as trusted signers.
docs: add abnormal termination section to PROCESSING
Remove unneeded header file
Get the module to sign from -p4's stdout
Move --unprivileged support news to the top.
Firther updates to NEWS regarding signing and unprivileged users.
Authorize new certificates created for servers started by root as authorized signers.
2009-09-14 Dave Brolley <brolley@redhat.com>
Allow remaining process.* probes for unprivileged users.
Use the sched_switch tracepoint if available.
PR10608: mark test cases untested once compilation failed
Make check.exp not sleep so much in test_installcheck.
Make tracepoints.exp test more efficient by running as one giant script.
Only test highest optimization for exelib.exp test.
Replace small exelib.exp testcases with one jumbo testcase.
Remove duplicate uprobe_derived_probe code
Add semaphores for use with the forthcoming sdt marker checks.
Add actual pc address to semantic error about inaccessible variables.
...
Conflicts:
tapsets.cxx
Diffstat (limited to 'modsign.cxx')
| -rw-r--r-- | modsign.cxx | 49 |
1 files changed, 32 insertions, 17 deletions
diff --git a/modsign.cxx b/modsign.cxx index cacd5699..a73386e3 100644 --- a/modsign.cxx +++ b/modsign.cxx @@ -20,7 +20,6 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#include "session.h" #include "util.h" #include <iostream> #include <string> @@ -280,18 +279,18 @@ check_cert_db_permissions (const string &cert_db_path) { */ static int init_cert_db_path (const string &cert_db_path) { - int rc; + int rc, rc1; // Generate the certificate and database. string cmd = BINDIR "/stap-gen-cert " + cert_db_path; - rc = stap_system (0, cmd) == 0; + rc = system (cmd.c_str ()) == 0; // If we are root, authorize the new certificate as a trusted // signer. It is not an error if this fails. if (geteuid () == 0) { cmd = BINDIR "/stap-authorize-signing-cert " + cert_db_path + "/stap.cert"; - stap_system (0, cmd); + rc1 = system (cmd.c_str ()); } return rc; @@ -492,23 +491,37 @@ sign_it (const string &inputName, const string &outputName, SECKEYPrivateKey *pr PR_Close (local_file_fd); } -void -sign_module (systemtap_session& s) +int +main(int argc, char **argv) { const char *nickName = "stap-server"; + string module_name; + string cert_db_path; char *password; CERTCertificate *cert; SECKEYPrivateKey *privKey; SECStatus secStatus; - if (! check_cert_db_path (s.cert_db_path)) - return; + if (argc < 2) { + cerr << "Module name was not specified." << endl; + return 1; + } + module_name = argv[1]; + + if (argc < 3) { + cerr << "Certificate database path was not specified." << endl; + return 1; + } + cert_db_path = argv[2]; - password = get_password (s.cert_db_path + "/pw"); + if (! check_cert_db_path (cert_db_path)) + return 1; + + password = get_password (cert_db_path + "/pw"); if (! password) { cerr << "Unable to obtain certificate database password." << endl; - return; + return 1; } /* Call the NSPR initialization routines. */ @@ -518,12 +531,12 @@ sign_module (systemtap_session& s) PK11_SetPasswordFunc (password_callback); /* Initialize NSS. */ - secStatus = NSS_Init (s.cert_db_path.c_str()); + secStatus = NSS_Init (cert_db_path.c_str()); if (secStatus != SECSuccess) { cerr << "Unable to initialize nss library." << endl; nssError (); - return; + return 1; } /* Get own certificate and private key. */ @@ -531,25 +544,27 @@ sign_module (systemtap_session& s) if (cert == NULL) { cerr << "Unable to find certificate with nickname " << nickName - << " in " << s.cert_db_path << "." << endl; + << " in " << cert_db_path << "." << endl; nssError (); - return; + return 1; } privKey = PK11_FindKeyByAnyCert (cert, password); if (privKey == NULL) { cerr << "Unable to obtain private key from the certificate with nickname " << nickName - << " in " << s.cert_db_path << "." << endl; + << " in " << cert_db_path << "." << endl; nssError (); - return; + return 1; } /* Sign the file. */ - sign_it (s.tmpdir + "/" + s.module_name + ".ko", s.tmpdir + "/" + s.module_name + ".ko.sgn", privKey); + sign_it (module_name, module_name + ".sgn", privKey); /* Shutdown NSS and exit NSPR gracefully. */ nssCleanup (); + + return 0; } /* vim: set sw=2 ts=8 cino=>4,n-2,{2,^-2,t0,(0,u0,w1,M1 : */ |