More security checking for client/server. Set exec_prefix and sysconfdir at install time.

1 files changed, 33 insertions, 22 deletions

diff --git a/stap-server b/stap-server
index 4f1ccf9b..64d26d13 100755
--- a/stap-server
+++ b/stap-server
@@ -21,6 +21,12 @@ trap 'terminate' SIGTERM SIGINT
 #-----------------------------------------------------------------------------
 # function: configuration
 function configuration {
+    # INSTALL-HOOK These settings work for running the client from the source tree
+    # INSTALL-HOOK using the dejagnu test harness and will be overridden at install
+    # INSTALL-HOOK time.
+    exec_prefix=
+    sysconfdir=`pwd`/net
+
     # Configuration
     tmpdir_prefix_client=stap.client
     tmpdir_prefix_server=stap.server
@@ -36,28 +42,38 @@ function initialization {
     p_phase=5
     keep_temps=0
 
-    # Where are we installed?
-    exec_prefix=`dirname $0`
-    exec_prefix=`cd $exec_prefix && pwd`
-
     # Request file name.
     zip_client=$1
+    test "X$zip_client" != "X" || \
+	fatal "Client request file not specified"
     test -f $zip_client || \
-	fatal "ERROR: Unable to find request file $zip_client"
+	fatal "Unable to find request file $zip_client"
 
     # Temp directory we will be working in
     tmpdir_server=$2
+    test "X$tmpdir_server" != "X" || \
+	fatal "Server temporary directory not specified"
     test -d $tmpdir_server || \
-	fatal "ERROR: Cannot find temporary directory $tmpdir_server"
+	fatal "Unable to find temporary directory $tmpdir_server"
     tmpdir_env=`dirname $tmpdir_server`
 
     # Signed reponse file name.
     jar_server=$3
+    test "X$jar_server" != "X" || \
+	fatal ".jar archive file not specified"
+    # Make sure the specified .jar file exists.
+    test -f $jar_server || \
+	fatal "Unable to find .jar archive file $jar_server"
 
     # Where is the ssl certificate/key database?
     ssl_db=$4
-    test "X$ssl_db" = "X" && ssl_db=/etc/systemtap/ssl/server
+    test "X$ssl_db" != "X" || \
+	fatal "SSL certificate database not specified"
+    test -d $ssl_db || \
+	fatal "Unable to find SSL certificate database $ssl_db"
     nss_pw=$ssl_db/pw
+    test -f $nss_pw || \
+	fatal "Unable to find SSL certificate database password file $nss_pw"
     nss_cert=stap-server
 }
 
@@ -70,23 +86,23 @@ function unpack_request {
 
     # Unpack the zip file.
     unzip $zip_client > /dev/null || \
-	fatal "ERROR: cannot unpack zip archive $zip_client"
+	fatal "Cannot unpack zip archive $zip_client"
 
     # Identify the client's request tree. The zip file should have expanded
     # into a single directory named to match $tmpdir_prefix_client.??????
     # which should now be the only item in the current directory.
     test "`ls | wc -l`" = 1 || \
-	fatal "ERROR: Wrong number of files after expansion of client's zip file"
+	fatal "Wrong number of files after expansion of client's zip file"
 
     tmpdir_client=`ls`
     tmpdir_client=`expr "$tmpdir_client" : "\\\($tmpdir_prefix_client\\\\.......\\\)"`
 
     test "X$tmpdir_client" != "X" || \
-	fatal "ERROR: client zip file did not expand as expected"
+	fatal "Client zip file did not expand as expected"
 
     # Move the client's temp directory to a local temp location
     local local_tmpdir_client=`mktemp -dt $tmpdir_prefix_server.client.XXXXXX` || \
-	fatal "ERROR: cannot create temporary zip file " $local_tmpdir_client
+	fatal "Cannot create temporary zip file " $local_tmpdir_client
     mv $tmpdir_client/* $local_tmpdir_client
     rm -fr $tmpdir_client
     tmpdir_client=$local_tmpdir_client
@@ -129,7 +145,7 @@ function check_compatibility {
     local sysinfo2=$2
 
     if test "$sysinfo1" != "$sysinfo2"; then
-	error "ERROR: system configuration mismatch"
+	error "System configuration mismatch"
 	error "  client: $sysinfo1"
 	fatal "  server: $sysinfo2"
     fi
@@ -141,7 +157,7 @@ function check_compatibility {
 # contents are '$1: .*'. Read and echo the data.
 function read_data_file {
     test -f $1 || \
-	fatal "ERROR: Data file $1 not found"
+	fatal "Data file $1 not found"
 
     # Open the file
     exec 3< $1
@@ -151,7 +167,7 @@ function read_data_file {
     line="$REPLY"
     data=`expr "$line" : "$1: \\\(.*\\\)"`
     if test "X$data" = "X"; then
-	fatal "ERROR: Data in file $1 is incorrect"
+	fatal "Data in file $1 is incorrect"
 	return
     fi
 
@@ -316,7 +332,7 @@ function call_stap {
 	server_p_phase=$p_phase
     fi
 
-    eval $exec_prefix/stap "$cmdline" -k -p $server_p_phase \
+    eval ${exec_prefix}stap "$cmdline" -k -p $server_p_phase \
 	>>  $tmpdir_server/stdout \
 	2>> $tmpdir_server/stderr
 
@@ -365,11 +381,6 @@ function package_response {
     # will sign the entire directory and compress it into a .jar
     # archive.
     #
-    # Make sure the specified .jar file exists.
-    test -f $jar_server || \
-	fatal "ERROR: Could not find .jar archive file $jar_server"
-    #chmod +r $jar_server
-
     # Generate the jar file
     signtool -d $ssl_db -k $nss_cert -p `cat $nss_pw` -Z $jar_server $tmpdir_server >/dev/null
 }
@@ -379,7 +390,7 @@ function package_response {
 # Fatal error
 # Prints its arguments to stderr and exits
 function fatal {
-    echo "`basename $0`:" "$@" >> $tmpdir_server/stderr
+    echo "$0`: ERROR:" "$@" >> $tmpdir_server/stderr
     cleanup
     exit 1
 }
@@ -387,7 +398,7 @@ function fatal {
 # Non fatal error
 # Prints its arguments to stderr but does not exit
 function error {
-    echo "`basename $0`:" "$@" >> $tmpdir_server/stderr
+    echo "$0`: ERROR:" "$@" >> $tmpdir_server/stderr
 }
 
 # function cleanup