diff options
author | Dave Brolley <brolley@redhat.com> | 2009-01-30 15:43:34 -0500 |
---|---|---|
committer | Dave Brolley <brolley@redhat.com> | 2009-01-30 15:43:34 -0500 |
commit | 552276c8666dec5373d8312bc3498b1887ddb0a8 (patch) | |
tree | 55744f20b131641d506d0faf5462120deee2dc50 /stap-client | |
parent | df79aa4b87b39a64867c343f1bcd22c7e675aa43 (diff) | |
download | systemtap-steved-552276c8666dec5373d8312bc3498b1887ddb0a8.tar.gz systemtap-steved-552276c8666dec5373d8312bc3498b1887ddb0a8.tar.xz systemtap-steved-552276c8666dec5373d8312bc3498b1887ddb0a8.zip |
More security checking for client/server. Set exec_prefix and sysconfdir at install time.
Diffstat (limited to 'stap-client')
-rwxr-xr-x | stap-client | 127 |
1 files changed, 76 insertions, 51 deletions
diff --git a/stap-client b/stap-client index d69b6474..98fd47d0 100755 --- a/stap-client +++ b/stap-client @@ -26,6 +26,13 @@ trap 'ignore_signal' SIGHUP SIGPIPE #----------------------------------------------------------------------------- # function: configuration function configuration { + # INSTALL-HOOK These settings work for running the client from the source tree + # INSTALL-HOOK using the dejagnu test harness and will be overridden at install + # INSTALL-HOOK time. + exec_prefix= + sysconfdir=`pwd`/net + + # General configuration tmpdir_prefix_client=stap.client tmpdir_prefix_server=stap.server avahi_service_tag=_stap._tcp @@ -41,31 +48,23 @@ function initialization { umask 0 staprun_running=0 - # Where are we installed? - if test "`basename $0`" = "stap" -a "$0" = `which stap`; then - # The dejagnu test harness may invoke us as 'stap' relying on $PATH to - # find us. If so, then use the $PATH to find the rest of the systemtap - # tools. - exec_prefix="" - # Also, set the prefix to point to where we were found. - prefix=`which stap` - prefix=`dirname $prefix` - else - # Assume we were installed normally - exec_prefix=`dirname $0` - exec_prefix=`cd $exec_prefix && pwd`/ - prefix=`dirname $exec_prefix` - fi - # Default location for server certificates if we're not root + # Must be owned by us. + local uid uname if test $EUID != 0; then - if check_db $HOME/.systemtap/ssl/client 2>/dev/null; then - local_ssl_dbs=$HOME/.systemtap/ssl/client + if test -e $HOME/.systemtap/ssl/client; then + if check_db $HOME/.systemtap/ssl/client $EUID $USER; then + local_ssl_dbs=$HOME/.systemtap/ssl/client + fi fi fi - # Additional location for all users. - if check_db $prefix/etc/systemtap/ssl/client 2>/dev/null; then - public_ssl_dbs=$prefix/etc/systemtap/ssl/client + # Additional location for all users. Must be owned by root. + if test "X$sysconfdir" != "X"; then + if test -e $sysconfdir/systemtap/ssl/client; then + if check_db $sysconfdir/systemtap/ssl/client 0 root; then + public_ssl_dbs=$sysconfdir/systemtap/ssl/client + fi + fi fi # Default options settings @@ -81,7 +80,7 @@ function initialization { # Do this before parsing the command line so that there is a place # to put -I and -R directories. tmpdir_client=`mktemp -dt $tmpdir_prefix_client.XXXXXX` || \ - fatal "ERROR: cannot create temporary directory " $tmpdir_client + fatal "Cannot create temporary directory " $tmpdir_client tmpdir_env=`dirname $tmpdir_client` } @@ -262,6 +261,10 @@ function parse_options { # Complete the list of local certificate databases local_ssl_dbs="$additional_local_ssl_dbs $local_ssl_dbs" + # We must have at least one usable certificate database. + test "X$local_ssl_dbs" != "X " -o "X$public_ssl_dbs" != "X" || \ + fatal "No usable certificate databases found" + # We can use any server if the phase is less than 5 if test $p_phase -lt 5; then find_all="--all" @@ -391,9 +394,9 @@ function include_file_or_directory { # Add a symbolic link of the named file or directory to our temporary directory local local_name=`generate_client_temp_name $2` mkdir -p $tmpdir_client/$1/`dirname $local_name` || \ - fatal "ERROR: could not create $tmpdir_client/$1/`dirname $local_name`" + fatal "Could not create $tmpdir_client/$1/`dirname $local_name`" ln -s /$local_name $tmpdir_client/$1/$local_name || \ - fatal "ERROR: could not link $tmpdir_client/$1/$local_name to /$local_name" + fatal "Could not link $tmpdir_client/$1/$local_name to /$local_name" echo "$local_name" } @@ -422,7 +425,7 @@ function create_request { if test "X$script_file" != "X"; then if test "$script_file" = "-"; then mkdir -p $tmpdir_client/script || \ - fatal "ERROR: cannot create temporary directory " $tmpdir_client/script + fatal "Cannot create temporary directory " $tmpdir_client/script cat > $tmpdir_client/script/$script_file else include_file_or_directory script $script_file > /dev/null @@ -455,10 +458,10 @@ function package_request { local tmpdir_client_base=`basename $tmpdir_client` zip_client=$tmpdir_env/`mktemp $tmpdir_client_base.zip.XXXXXX` || \ - fatal "ERROR: cannot create temporary file " $zip_client + fatal "Cannot create temporary file " $zip_client (rm $zip_client && zip -r $zip_client $tmpdir_client_base > /dev/null) || \ - fatal "ERROR: zip of request tree, $tmpdir_client, failed" + fatal "zip of request tree, $tmpdir_client, failed" } # function: unpack_response @@ -467,18 +470,18 @@ function package_request { # for printing the results and/or running 'staprun'. function unpack_response { tmpdir_server=`mktemp -dt $tmpdir_prefix_client.server.XXXXXX` || \ - fatal "ERROR: cannot create temporary file " $tmpdir_server + fatal "Cannot create temporary file " $tmpdir_server # Unpack and verify the digitally signed server output directory if ! signtool -d $ssl_db -v $jar_server > /dev/null 2>&1; then # Run the verification again to get the reason - fatal "ERROR: Verification of server response, $jar_server, failed. + fatal "Verification of server response, $jar_server, failed. "`signtool -d $ssl_db -v $jar_server | grep "reported reason"` fi # Unpack the server output directory unzip -d $tmpdir_server $jar_server > /dev/null || \ - fatal "ERROR: Cannot unpack server response, $jar_server" + fatal "Cannot unpack server response, $jar_server" # Check the contents of the expanded directory. It should contain: # 1) a file called stdout @@ -488,28 +491,28 @@ function unpack_response { # 5) optionally a directory named to match stap?????? local num_files=`ls $tmpdir_server | wc -l` test $num_files = 5 -o $num_files = 4 || \ - fatal "ERROR: Wrong number of files in server's temp directory" + fatal "Wrong number of files in server's temp directory" test -f $tmpdir_server/stdout || \ - fatal "ERROR: `pwd`/$tmpdir_server/stdout does not exist or is not a regular file" + fatal "`pwd`/$tmpdir_server/stdout does not exist or is not a regular file" test -f $tmpdir_server/stderr || \ - fatal "ERROR: `pwd`/$tmpdir_server/stderr does not exist or is not a regular file" + fatal "`pwd`/$tmpdir_server/stderr does not exist or is not a regular file" test -f $tmpdir_server/rc || \ - fatal "ERROR: `pwd`/$tmpdir_server/rc does not exist or is not a regular file" + fatal "`pwd`/$tmpdir_server/rc does not exist or is not a regular file" test -d $tmpdir_server/META-INF || \ - fatal "ERROR: `pwd`/$tmpdir_server/META-INF does not exist or is not a directory" + fatal "`pwd`/$tmpdir_server/META-INF does not exist or is not a directory" # See if there is a systemtap temp directory tmpdir_stap=`ls $tmpdir_server | grep stap` tmpdir_stap=`expr "$tmpdir_stap" : "\\\(stap......\\\)"` if test "X$tmpdir_stap" != "X"; then test -d $tmpdir_server/$tmpdir_stap || \ - fatal "ERROR: `pwd`/$tmpdir_server/$tmpdir_stap is not a directory" + fatal "`pwd`/$tmpdir_server/$tmpdir_stap is not a directory" # Move the systemtap temp directory to a local temp location, if -k # was specified. if test $keep_temps = 1; then local local_tmpdir_stap=`mktemp -dt stapXXXXXX` || \ - fatal "ERROR: cannot create temporary directory " $local_tmpdir_stap + fatal "Cannot create temporary directory " $local_tmpdir_stap mv $tmpdir_server/$tmpdir_stap/* $local_tmpdir_stap 2>/dev/null rm -fr $tmpdir_server/$tmpdir_stap @@ -531,7 +534,7 @@ function find_and_connect_to_server { # Make a place to receive the response file. jar_server=`mktemp -t $tmpdir_prefix_client.server.jar.XXXXXX` || \ - fatal "ERROR: cannot create temporary file " $jar_server + fatal "Cannot create temporary file " $jar_server # Make a place to record connection errors touch $tmpdir_client/connect @@ -612,11 +615,11 @@ function find_and_connect_to_server { fi if test $num_servers = 0; then - fatal "ERROR: unable to find a server" + fatal "Unable to find a server" fi cat $tmpdir_client/connect >&2 - fatal "ERROR: unable to connect to a server" + fatal "Unable to connect to a server" } # function: choose_server @@ -631,15 +634,15 @@ function choose_server { while read name ip port remain do if test "X$name" = "X"; then - fatal "ERROR: server name not provided by avahi" + fatal "Server name not provided by avahi" fi # if test "X$ip" = "X"; then -# fatal "ERROR: server ip address not provided by avahi" +# fatal "Server ip address not provided by avahi" # fi if test "X$port" = "X"; then - fatal "ERROR: server port not provided by avahi" + fatal "Server port not provided by avahi" fi ssl_db=`send_receive $name $port` @@ -743,7 +746,7 @@ function maybe_call_staprun { if test "X$tmpdir_stap" = "X"; then # OK if no script specified if test "X$e_script" != "X" -o "X$script_file" != "X"; then - fatal "ERROR: systemtap temporary directory is missing in server response" + fatal "systemtap temporary directory is missing in server response" fi return fi @@ -751,7 +754,7 @@ function maybe_call_staprun { # There should be a module. local mod_name=`ls $tmpdir_stap | grep '.ko$'` if test "X$mod_name" = "X"; then - fatal "ERROR: no module was found in $tmpdir_stap" + fatal "No module was found in $tmpdir_stap" fi if test $p_phase = 5; then @@ -825,11 +828,13 @@ function staprun_PATH { echo "PATH=$PATH staprun" | sed "s,$PATH_component,,g" } -# function: check_db DBNAME +# function: check_db DBNAME [ EUID USER ] # # Check the security of the given database directory. function check_db { local dir=$1 + local euid=$2 + local user=$3 local rc=0 # Check that we have been given a directory @@ -842,6 +847,16 @@ function check_db { return 1 fi + # If euid has been specified, then this directory must be owned by that + # user. + if test "X$euid" != "X"; then + local ownerid=`stat -c "%u" $dir` + if test "X$ownerid" != "X$euid"; then + warning "Certificate database '$dir' must be owned by $user" + rc=1 + fi + fi + # Check that we can read the directory if ! test -r $dir; then warning "Certificate database '$dir' is not readble" @@ -881,16 +896,16 @@ function check_db { fi # Now check the permissions of the critical files. - check_db_file $dir/cert8.db || rc=1 - check_db_file $dir/key3.db || rc=1 - check_db_file $dir/secmod.db || rc=1 + check_db_file $dir/cert8.db $euid $user || rc=1 + check_db_file $dir/key3.db $euid $user || rc=1 + check_db_file $dir/secmod.db $euid $user || rc=1 test $rc = 1 && warning "Unable to use certificate database '$dir' due to errors" return $rc } -# function: check_db_file FILENAME +# function: check_db_file FILENAME [ EUID USER ] # # Check the security of the given database file. function check_db_file { @@ -907,6 +922,16 @@ function check_db_file { return 1 fi + # If euid has been specified, then this directory must be owned by that + # user. + if test "X$euid" != "X"; then + local ownerid=`stat -c "%u" $file` + if test "X$ownerid" != "X$euid"; then + warning "Certificate database file '$file' must be owned by $user" + rc=1 + fi + fi + # Check that we can read the file if ! test -r $file; then warning "Certificate database file '$file' is not readble" @@ -964,7 +989,7 @@ function warning { # Fatal error # Prints its arguments to stderr and exits function fatal { - echo "$0:" "$@" >&2 + echo "$0: ERROR:" "$@" >&2 cleanup exit 1 } |