More security checking for client/server. Set exec_prefix and sysconfdir at install time.

1 files changed, 76 insertions, 51 deletions

diff --git a/stap-client b/stap-client
index d69b6474..98fd47d0 100755
--- a/stap-client
+++ b/stap-client
@@ -26,6 +26,13 @@ trap 'ignore_signal' SIGHUP SIGPIPE
 #-----------------------------------------------------------------------------
 # function: configuration
 function configuration {
+    # INSTALL-HOOK These settings work for running the client from the source tree
+    # INSTALL-HOOK using the dejagnu test harness and will be overridden at install
+    # INSTALL-HOOK time.
+    exec_prefix=
+    sysconfdir=`pwd`/net
+
+    # General configuration
     tmpdir_prefix_client=stap.client
     tmpdir_prefix_server=stap.server
     avahi_service_tag=_stap._tcp
@@ -41,31 +48,23 @@ function initialization {
     umask 0
     staprun_running=0
 
-    # Where are we installed?
-    if test "`basename $0`" = "stap" -a "$0" = `which stap`; then
-        # The dejagnu test harness may invoke us as 'stap' relying on $PATH to
-        # find us. If so, then use the $PATH to find the rest of the systemtap
-        # tools.
-	exec_prefix=""
-	# Also, set the prefix to point to where we were found.
-	prefix=`which stap`
-	prefix=`dirname $prefix`
-    else
-        # Assume we were installed normally
-	exec_prefix=`dirname $0`
-	exec_prefix=`cd $exec_prefix && pwd`/
-	prefix=`dirname $exec_prefix`
-    fi
-
     # Default location for server certificates if we're not root
+    # Must be owned by us.
+    local uid uname
     if test $EUID != 0; then
-	if check_db $HOME/.systemtap/ssl/client 2>/dev/null; then
-	    local_ssl_dbs=$HOME/.systemtap/ssl/client
+	if test -e $HOME/.systemtap/ssl/client; then
+	    if check_db $HOME/.systemtap/ssl/client $EUID $USER; then
+		local_ssl_dbs=$HOME/.systemtap/ssl/client
+	    fi
 	fi
     fi
-    # Additional location for all users.
-    if check_db $prefix/etc/systemtap/ssl/client 2>/dev/null; then
-	public_ssl_dbs=$prefix/etc/systemtap/ssl/client
+    # Additional location for all users. Must be owned by root.
+    if test "X$sysconfdir" != "X"; then
+	if test -e $sysconfdir/systemtap/ssl/client; then
+	    if check_db $sysconfdir/systemtap/ssl/client 0 root; then
+		public_ssl_dbs=$sysconfdir/systemtap/ssl/client
+	    fi
+	fi
     fi
 
     # Default options settings
@@ -81,7 +80,7 @@ function initialization {
     # Do this before parsing the command line so that there is a place
     # to put -I and -R directories.
     tmpdir_client=`mktemp -dt $tmpdir_prefix_client.XXXXXX` || \
-	fatal "ERROR: cannot create temporary directory " $tmpdir_client
+	fatal "Cannot create temporary directory " $tmpdir_client
     tmpdir_env=`dirname $tmpdir_client`
 }
 
@@ -262,6 +261,10 @@ function parse_options {
     # Complete the list of local certificate databases
     local_ssl_dbs="$additional_local_ssl_dbs $local_ssl_dbs"
 
+    # We must have at least one usable certificate database.
+    test "X$local_ssl_dbs" != "X " -o "X$public_ssl_dbs" != "X" || \
+	fatal "No usable certificate databases found"
+
     # We can use any server if the phase is less than 5
     if test $p_phase -lt 5; then
 	find_all="--all"
@@ -391,9 +394,9 @@ function include_file_or_directory {
     # Add a symbolic link of the named file or directory to our temporary directory
     local local_name=`generate_client_temp_name $2`
     mkdir -p $tmpdir_client/$1/`dirname $local_name` || \
-	fatal "ERROR: could not create $tmpdir_client/$1/`dirname $local_name`"
+	fatal "Could not create $tmpdir_client/$1/`dirname $local_name`"
     ln -s /$local_name $tmpdir_client/$1/$local_name || \
-	fatal "ERROR: could not link $tmpdir_client/$1/$local_name to /$local_name"
+	fatal "Could not link $tmpdir_client/$1/$local_name to /$local_name"
     echo "$local_name"
 }
 
@@ -422,7 +425,7 @@ function create_request {
     if test "X$script_file" != "X"; then
 	if test "$script_file" = "-"; then
 	    mkdir -p $tmpdir_client/script || \
-		fatal "ERROR: cannot create temporary directory " $tmpdir_client/script
+		fatal "Cannot create temporary directory " $tmpdir_client/script
 	    cat > $tmpdir_client/script/$script_file
 	else
 	    include_file_or_directory script $script_file > /dev/null
@@ -455,10 +458,10 @@ function package_request {
 
     local tmpdir_client_base=`basename $tmpdir_client`
     zip_client=$tmpdir_env/`mktemp $tmpdir_client_base.zip.XXXXXX` || \
-	fatal "ERROR: cannot create temporary file " $zip_client
+	fatal "Cannot create temporary file " $zip_client
 
     (rm $zip_client && zip -r $zip_client $tmpdir_client_base > /dev/null) || \
-	fatal "ERROR: zip of request tree, $tmpdir_client, failed"
+	fatal "zip of request tree, $tmpdir_client, failed"
 }
 
 # function: unpack_response
@@ -467,18 +470,18 @@ function package_request {
 # for printing the results and/or running 'staprun'.
 function unpack_response {
     tmpdir_server=`mktemp -dt $tmpdir_prefix_client.server.XXXXXX` || \
-	fatal "ERROR: cannot create temporary file " $tmpdir_server
+	fatal "Cannot create temporary file " $tmpdir_server
 
     # Unpack and verify the digitally signed server output directory
     if ! signtool -d $ssl_db -v $jar_server > /dev/null 2>&1; then
 	# Run the verification again to get the reason
-	fatal "ERROR: Verification of server response, $jar_server, failed.
+	fatal "Verification of server response, $jar_server, failed.
 "`signtool -d $ssl_db -v $jar_server | grep "reported reason"`
     fi
 
     # Unpack the server output directory
     unzip -d $tmpdir_server $jar_server > /dev/null || \
-	fatal "ERROR: Cannot unpack server response, $jar_server"
+	fatal "Cannot unpack server response, $jar_server"
 
     # Check the contents of the expanded directory. It should contain:
     # 1) a file called stdout
@@ -488,28 +491,28 @@ function unpack_response {
     # 5) optionally a directory named to match stap??????
     local num_files=`ls $tmpdir_server | wc -l`
     test $num_files = 5 -o $num_files = 4 || \
-	fatal "ERROR: Wrong number of files in server's temp directory"
+	fatal "Wrong number of files in server's temp directory"
     test -f $tmpdir_server/stdout || \
-	fatal "ERROR: `pwd`/$tmpdir_server/stdout does not exist or is not a regular file"
+	fatal "`pwd`/$tmpdir_server/stdout does not exist or is not a regular file"
     test -f $tmpdir_server/stderr || \
-	fatal "ERROR: `pwd`/$tmpdir_server/stderr does not exist or is not a regular file"
+	fatal "`pwd`/$tmpdir_server/stderr does not exist or is not a regular file"
     test -f $tmpdir_server/rc || \
-	fatal "ERROR: `pwd`/$tmpdir_server/rc does not exist or is not a regular file"
+	fatal "`pwd`/$tmpdir_server/rc does not exist or is not a regular file"
     test -d $tmpdir_server/META-INF || \
-	fatal "ERROR: `pwd`/$tmpdir_server/META-INF does not exist or is not a directory"
+	fatal "`pwd`/$tmpdir_server/META-INF does not exist or is not a directory"
 
     # See if there is a systemtap temp directory
     tmpdir_stap=`ls $tmpdir_server | grep stap`
     tmpdir_stap=`expr "$tmpdir_stap" : "\\\(stap......\\\)"`
     if test "X$tmpdir_stap" != "X"; then
 	test -d $tmpdir_server/$tmpdir_stap || \
-	    fatal "ERROR: `pwd`/$tmpdir_server/$tmpdir_stap is not a directory"
+	    fatal "`pwd`/$tmpdir_server/$tmpdir_stap is not a directory"
 
         # Move the systemtap temp directory to a local temp location, if -k
         # was specified.
 	if test $keep_temps = 1; then
 	    local local_tmpdir_stap=`mktemp -dt stapXXXXXX` || \
-		fatal "ERROR: cannot create temporary directory " $local_tmpdir_stap
+		fatal "Cannot create temporary directory " $local_tmpdir_stap
 	    mv $tmpdir_server/$tmpdir_stap/* $local_tmpdir_stap 2>/dev/null
 	    rm -fr $tmpdir_server/$tmpdir_stap
 
@@ -531,7 +534,7 @@ function find_and_connect_to_server {
 
     # Make a place to receive the response file.
     jar_server=`mktemp -t $tmpdir_prefix_client.server.jar.XXXXXX` || \
-	fatal "ERROR: cannot create temporary file " $jar_server
+	fatal "Cannot create temporary file " $jar_server
 
     # Make a place to record connection errors
     touch $tmpdir_client/connect
@@ -612,11 +615,11 @@ function find_and_connect_to_server {
     fi
 
     if test $num_servers = 0; then
-	fatal "ERROR: unable to find a server"
+	fatal "Unable to find a server"
     fi
 
     cat $tmpdir_client/connect >&2
-    fatal "ERROR: unable to connect to a server"
+    fatal "Unable to connect to a server"
 }
 
 # function: choose_server
@@ -631,15 +634,15 @@ function choose_server {
     while read name ip port remain
     do
 	if test "X$name" = "X"; then
-	    fatal "ERROR: server name not provided by avahi"
+	    fatal "Server name not provided by avahi"
 	fi
 
 #	if test "X$ip" = "X"; then
-#	    fatal "ERROR: server ip address not provided by avahi"
+#	    fatal "Server ip address not provided by avahi"
 #	fi
 
 	if test "X$port" = "X"; then
-	    fatal "ERROR: server port not provided by avahi"
+	    fatal "Server port not provided by avahi"
 	fi
 
 	ssl_db=`send_receive $name $port`
@@ -743,7 +746,7 @@ function maybe_call_staprun {
 	if test "X$tmpdir_stap" = "X"; then
 	    # OK if no script specified
 	    if test "X$e_script" != "X" -o "X$script_file" != "X"; then
-		fatal "ERROR: systemtap temporary directory is missing in server response"
+		fatal "systemtap temporary directory is missing in server response"
 	    fi
 	    return
 	fi
@@ -751,7 +754,7 @@ function maybe_call_staprun {
         # There should be a module.
 	local mod_name=`ls $tmpdir_stap | grep '.ko$'`
 	if test "X$mod_name" = "X"; then
-	    fatal "ERROR: no module was found in $tmpdir_stap"
+	    fatal "No module was found in $tmpdir_stap"
 	fi
 
 	if test $p_phase = 5; then
@@ -825,11 +828,13 @@ function staprun_PATH {
     echo "PATH=$PATH staprun" | sed "s,$PATH_component,,g"
 }
 
-# function: check_db DBNAME
+# function: check_db DBNAME [ EUID USER ]
 #
 # Check the security of the given database directory.
 function check_db {
     local dir=$1
+    local euid=$2
+    local user=$3
     local rc=0
 
     # Check that we have been given a directory
@@ -842,6 +847,16 @@ function check_db {
 	return 1
     fi
 
+    # If euid has been specified, then this directory must be owned by that
+    #  user.
+    if test "X$euid" != "X"; then
+	local ownerid=`stat -c "%u" $dir`
+	if test "X$ownerid" != "X$euid"; then
+	    warning "Certificate database '$dir' must be owned by $user"
+	    rc=1
+	fi
+    fi
+
     # Check that we can read the directory
     if ! test -r $dir; then
 	warning "Certificate database '$dir' is not readble"
@@ -881,16 +896,16 @@ function check_db {
     fi
 
     # Now check the permissions of the critical files.
-    check_db_file $dir/cert8.db || rc=1
-    check_db_file $dir/key3.db || rc=1
-    check_db_file $dir/secmod.db || rc=1
+    check_db_file $dir/cert8.db  $euid $user || rc=1
+    check_db_file $dir/key3.db   $euid $user || rc=1
+    check_db_file $dir/secmod.db $euid $user || rc=1
 
     test $rc = 1 && warning "Unable to use certificate database '$dir' due to errors"
 
     return $rc
 }
 
-# function: check_db_file FILENAME
+# function: check_db_file FILENAME [ EUID USER ]
 #
 # Check the security of the given database file.
 function check_db_file {
@@ -907,6 +922,16 @@ function check_db_file {
 	return 1
     fi
 
+    # If euid has been specified, then this directory must be owned by that
+    #  user.
+    if test "X$euid" != "X"; then
+	local ownerid=`stat -c "%u" $file`
+	if test "X$ownerid" != "X$euid"; then
+	    warning "Certificate database file '$file' must be owned by $user"
+	    rc=1
+	fi
+    fi
+
     # Check that we can read the file
     if ! test -r $file; then
 	warning "Certificate database file '$file' is not readble"
@@ -964,7 +989,7 @@ function warning {
 # Fatal error
 # Prints its arguments to stderr and exits
 function fatal {
-    echo "$0:" "$@" >&2
+    echo "$0: ERROR:" "$@" >&2
     cleanup
     exit 1
 }