Systemtap compile server phase 2 (ssl) -- first cut.

1 files changed, 91 insertions, 103 deletions

diff --git a/stap-client b/stap-client
index 3f530c7e..d700a675 100755
--- a/stap-client
+++ b/stap-client
@@ -29,11 +29,6 @@ function configuration {
     tmpdir_prefix_client=stap.client
     tmpdir_prefix_server=stap.server
     avahi_service_tag=_stap._tcp
-
-    # We need either netcat or nc.
-    netcat=`which netcat 2>/dev/null`
-    test "X$netcat" = "X" && netcat=`which nc 2>/dev/null`
-    test "X$netcat" = "X" && fatal "ERROR: cannot find required program 'netcat' or 'nc' on PATH"
 }
 
 # function: initialization
@@ -44,6 +39,7 @@ function initialization {
     staprun_running=0
 
     # Default options settings
+    ssl_db=/etc/systemtap/ssl/client
     p_phase=5
     v_level=0
     keep_temps=0
@@ -86,14 +82,28 @@ function parse_options {
 	                # It's not a lone dash, so it's an option.
 			# Is it a long option (i.e. --option)?
 			second_char=`expr "$first_token" : '.\(.\).*'`
-			if test "$second_char" != "-"; then
-	                    # It's not a lone dash, or a long option, so it's a short option string.
-			    # Remove the dash.
-			    first_token=`expr "$first_token" : '-\(.*\)'`
-			    dash_seen=1
-			    first_char=`expr "$first_token" : '\(.\).*'`
-			    cmdline2="$cmdline2 -"
+			if test "X$second_char" = "X-"; then
+			    long_option=`expr "$first_token" : '--\(.*\)=.*'`
+			    test "X$long_option" != "X" || long_option=`expr "$first_token" : '--\(.*\)'`
+			    case $long_option in
+				ssl)
+				    process_ssl $first_token
+				    ;;
+				*)
+		                    # An unknown or unimportant option.
+				    # Ignore it, but pass it on to the server.
+				    cmdline2="$cmdline2 $first_token"
+				    ;;
+			    esac
+			    advance_p=$(($advance_p + 1))
+			    break
 			fi
+	                # It's not a lone dash, or a long option, so it's a short option string.
+			# Remove the dash.
+			first_token=`expr "$first_token" : '-\(.*\)'`
+			dash_seen=1
+			first_char=`expr "$first_token" : '\(.\).*'`
+			cmdline2="$cmdline2 -"
 		    fi
 		fi
 		if test $dash_seen = 0; then
@@ -236,6 +246,18 @@ function get_arg {
     advance_p=$(($advance_p + 1))
 }
 
+# function: process_ssl ARGUMENT
+#
+# Process the --ssl option.
+function process_ssl {
+    local db=`expr "$1" : '--ssl=\(.*\)'`
+
+    test "X$db" != "X" || \
+	fatal "Missing argument to --ssl"
+	
+    ssl_db=$db
+}
+
 # function: process_c ARGUMENT
 #
 # Process the -c flag.
@@ -370,86 +392,44 @@ function client_sysinfo {
 # Package the client's temp directory into a form suitable for sending to the
 # server.
 function package_request {
-    # Package up the temporary directory into a tar file
+    # Package up the temporary directory into a zip file
     cd $tmpdir_env
 
     local tmpdir_client_base=`basename $tmpdir_client`
-    tar_client=$tmpdir_env/`mktemp $tmpdir_client_base.tgz.XXXXXX` || \
-	fatal "ERROR: cannot create temporary file " $tar_client
-
-    tar -czhf $tar_client $tmpdir_client_base || \
-	fatal "ERROR: tar of request tree, $tmpdir_client, failed"
-}
-
-# function: send_request
-#
-# Notify the server and then send $tar_client to the server
-# The protocol is:
-#   client -> "request:"
-#   client -> $tar_client
-function send_request {
-    # Send the request file.
-    for ((attempt=0; $attempt < 10; ++attempt))
-    do
-	if $netcat -w10 $server $(($port+1)) < $tar_client > /dev/null 2>&1; then
-	    return;
-	fi
-	sleep 1
-    done
-    fatal "ERROR: Unable to connect to server while sending request file"
-}
-
-# function: receive_response
-#
-# Wait for a response from the server indicating the results of our request.
-function receive_response {
-    # Make a place to receive the response file.
-    tar_server=`mktemp -t $tmpdir_prefix_client.server.tgz.XXXXXX` || \
-	fatal "ERROR: cannot create temporary file " $tar_server
+    zip_client=$tmpdir_env/`mktemp $tmpdir_client_base.zip.XXXXXX` || \
+	fatal "ERROR: cannot create temporary file " $zip_client
 
-    # Retrieve the file. Wait for up to 5 minutes for a response.
-    for ((attempt=0; $attempt < 300; ++attempt))
-    do
-	if $netcat $server $(($port+1)) </dev/null > $tar_server 2>/dev/null; then
-	    return;
-	fi
-	sleep 1
-    done
-    fatal "ERROR: Unable to connect to server while receiving response file"
+    (rm $zip_client && zip -r $zip_client $tmpdir_client_base > /dev/null) || \
+	fatal "ERROR: zip of request tree, $tmpdir_client, failed"
 }
 
 # function: unpack_response
 #
-# Unpack the tar file received from the server and make the contents available
+# Unpack the jar file received from the server and make the contents available
 # for printing the results and/or running 'staprun'.
 function unpack_response {
     tmpdir_server=`mktemp -dt $tmpdir_prefix_client.server.XXXXXX` || \
 	fatal "ERROR: cannot create temporary file " $tmpdir_server
 
-    # Unpack the server output directory
-    cd $tmpdir_server
-    tar -xzf $tar_server || \
-	fatal "ERROR: Unpacking of server response, $tar_server, failed"
-
-    # Identify the server's response tree. The tar file should have expanded
-    # into a single directory named to match $tmpdir_prefix_server.??????
-    # which should now be the only item in the current directory.
-    test "`ls | wc -l`" = 1 || \
-	fatal "ERROR: Wrong number of files after expansion of server's tar file"
-
-    tmpdir_server=`ls`
-    tmpdir_server=`expr "$tmpdir_server" : "\\\($tmpdir_prefix_server\\\\.......\\\)"`
+    # Unpack and verify the digitally signed server output directory
+    if ! signtool -d $ssl_db -v $jar_server > /dev/null 2>&1; then
+	# Run the verification again to get the reason
+	fatal "ERROR: Verification of server response, $jar_server, failed.
+"`signtool -d $ssl_db -v $jar_server | grep "reported reason"`
+    fi
 
-    test "X$tmpdir_server" != "X" || \
-	fatal "ERROR: server tar file did not expand as expected"
+    # Unpack the server output directory
+    unzip -d $tmpdir_server $jar_server > /dev/null || \
+	fatal "ERROR: Cannot unpack server response, $jar_server"
 
     # Check the contents of the expanded directory. It should contain:
     # 1) a file called stdout
     # 2) a file called stderr
     # 3) a file called rc
-    # 4) optionally a directory named to match stap??????
+    # 4) a directory called META-INF
+    # 5) optionally a directory named to match stap??????
     local num_files=`ls $tmpdir_server | wc -l`
-    test $num_files = 4 -o $num_files = 3 || \
+    test $num_files = 5 -o $num_files = 4 || \
 	fatal "ERROR: Wrong number of files in server's temp directory"
     test -f $tmpdir_server/stdout || \
 	fatal "ERROR: `pwd`/$tmpdir_server/stdout does not exist or is not a regular file"
@@ -457,6 +437,8 @@ function unpack_response {
 	fatal "ERROR: `pwd`/$tmpdir_server/stderr does not exist or is not a regular file"
     test -f $tmpdir_server/rc || \
 	fatal "ERROR: `pwd`/$tmpdir_server/rc does not exist or is not a regular file"
+    test -d $tmpdir_server/META-INF || \
+	fatal "ERROR: `pwd`/$tmpdir_server/META-INF does not exist or is not a directory"
 
     # See if there is a systemtap temp directory
     tmpdir_stap=`ls $tmpdir_server | grep stap`
@@ -480,15 +462,8 @@ function unpack_response {
             # Make sure we own the systemtap temp directory if we are root.
 	    test $EUID = 0 && chown $EUID:$EUID $tmpdir_server/$tmpdir_stap
 	    # The temp directory will be moved to here below.
-	    tmpdir_stap=`pwd`/$tmpdir_stap
 	fi
     fi
-
-    # Move the contents of the server's tmpdir down one level to the
-    # current directory (our local server tmpdir)
-    mv $tmpdir_server/* . 2>/dev/null
-    rm -fr $tmpdir_server
-    tmpdir_server=`pwd`
 }
 
 # function: find_and_connect_to_server
@@ -514,6 +489,22 @@ function choose_server {
     do
 	num_servers=$(($num_servers + 1))
 
+	# The server must match the dns name on the certificate
+	# and must be 'localhost' if the server is on the local host.
+	local server_host_name=`expr "$name" : "\\\([a-zA-Z0-9-]*\\\).*"`
+        local server_domain_name=`expr "$name" : "$server_host_name\\\(.*\\\)"`
+	local our_host_name=`expr "$HOSTNAME" : "\\\([a-zA-Z0-9-]*\\\).*"`
+        local our_domain_name=`expr "$HOSTNAME" : "$our_host_name\\\(.*\\\)"`
+
+        if test "X$server_domain_name" = "X.local"; then
+	    server_domain_name=$our_domain_name
+	fi
+	if test "X$server_host_name$server_domain_name" = "X$our_host_name$our_domain_name"; then
+	    server=localhost
+	else
+	    server=$name
+	fi
+
 	if test "X$server" = "X"; then
 	    fatal "ERROR: server ip address not provided"
 	fi
@@ -522,7 +513,7 @@ function choose_server {
 	    fatal "ERROR: server port not provided"
 	fi
 
-	if connect_to_server $server $port; then
+	if send_receive; then
 	    return 0
 	fi
     done
@@ -534,26 +525,20 @@ function choose_server {
     fatal "ERROR: unable to connect to a server"
 }
 
-# function: connect_to_server IP PORT
+# function: send_receive
 #
-# Establish connection with the given server
-function connect_to_server {
-    for ((attempt=0; $attempt < 10; ++attempt))
-    do
-	if echo "request:" | $netcat -w10 $1 $2 >/dev/null 2>&1; then
-	    return 0
-	fi
-	sleep 1
-    done
+# Connect to the server, send the request and receive the response
+function send_receive {
+    # Make a place to receive the response file.
+    jar_server=`mktemp -t $tmpdir_prefix_client.server.jar.XXXXXX` || \
+	fatal "ERROR: cannot create temporary file " $jar_server
 
-    return 1
-}
+    # Send the request and receive the response using stap-client-connect
+    stap-client-connect -i $zip_client -o $jar_server -d $ssl_db -p $port -h $server &
+    wait '%stap-client-connect'
 
-# function: disconnect_from_server
-#
-# Disconnect from the server.
-function disconnect_from_server {
-    :
+    test $? = 0 && return 0
+    return 1
 }
 
 # function: process_response
@@ -561,6 +546,7 @@ function disconnect_from_server {
 # Write the stdout and stderr from the server to stdout and stderr respectively.
 function process_response {
     # Pick up the results of running stap on the server.
+    cd $tmpdir_server
     rc=`cat rc`
 
     # Copy the module to the current directory, if -m was specified
@@ -686,7 +672,6 @@ function staprun_PATH {
 # Prints its arguments to stderr and exits
 function fatal {
     echo "$0:" "$@" >&2
-    disconnect_from_server
     cleanup
     exit 1
 }
@@ -699,8 +684,8 @@ function cleanup {
     cd $tmpdir_env
     if test $keep_temps != 1; then
 	rm -fr $tmpdir_client
-	rm -f  $tar_client
-	rm -f  $tar_server
+	rm -f  $zip_client
+	rm -f  $jar_server
 	rm -fr $tmpdir_server
     fi
 }
@@ -716,6 +701,9 @@ function terminate {
     # Kill any running staprun job
     kill -s SIGTERM '%?staprun' 2>/dev/null
 
+    # Kill any stap-client-connect job
+    kill -s SIGTERM '%stap-client-connect'
+
     exit 1
 }
 
@@ -729,6 +717,9 @@ function interrupt {
 	return
     fi
 
+    # Kill any stap-client-connect job
+    kill -s SIGINT '%stap-client-connect'
+
     # If staprun was not running, then exit.
     cleanup
     exit 1
@@ -750,9 +741,6 @@ parse_options "$@"
 create_request
 package_request
 find_and_connect_to_server
-send_request
-receive_response
-disconnect_from_server
 unpack_response
 process_response
 maybe_call_staprun