diff options
author | Dave Brolley <brolley@redhat.com> | 2009-01-30 15:43:34 -0500 |
---|---|---|
committer | Dave Brolley <brolley@redhat.com> | 2009-01-30 15:43:34 -0500 |
commit | 552276c8666dec5373d8312bc3498b1887ddb0a8 (patch) | |
tree | 55744f20b131641d506d0faf5462120deee2dc50 /stap-server | |
parent | df79aa4b87b39a64867c343f1bcd22c7e675aa43 (diff) | |
download | systemtap-steved-552276c8666dec5373d8312bc3498b1887ddb0a8.tar.gz systemtap-steved-552276c8666dec5373d8312bc3498b1887ddb0a8.tar.xz systemtap-steved-552276c8666dec5373d8312bc3498b1887ddb0a8.zip |
More security checking for client/server. Set exec_prefix and sysconfdir at install time.
Diffstat (limited to 'stap-server')
-rwxr-xr-x | stap-server | 55 |
1 files changed, 33 insertions, 22 deletions
diff --git a/stap-server b/stap-server index 4f1ccf9b..64d26d13 100755 --- a/stap-server +++ b/stap-server @@ -21,6 +21,12 @@ trap 'terminate' SIGTERM SIGINT #----------------------------------------------------------------------------- # function: configuration function configuration { + # INSTALL-HOOK These settings work for running the client from the source tree + # INSTALL-HOOK using the dejagnu test harness and will be overridden at install + # INSTALL-HOOK time. + exec_prefix= + sysconfdir=`pwd`/net + # Configuration tmpdir_prefix_client=stap.client tmpdir_prefix_server=stap.server @@ -36,28 +42,38 @@ function initialization { p_phase=5 keep_temps=0 - # Where are we installed? - exec_prefix=`dirname $0` - exec_prefix=`cd $exec_prefix && pwd` - # Request file name. zip_client=$1 + test "X$zip_client" != "X" || \ + fatal "Client request file not specified" test -f $zip_client || \ - fatal "ERROR: Unable to find request file $zip_client" + fatal "Unable to find request file $zip_client" # Temp directory we will be working in tmpdir_server=$2 + test "X$tmpdir_server" != "X" || \ + fatal "Server temporary directory not specified" test -d $tmpdir_server || \ - fatal "ERROR: Cannot find temporary directory $tmpdir_server" + fatal "Unable to find temporary directory $tmpdir_server" tmpdir_env=`dirname $tmpdir_server` # Signed reponse file name. jar_server=$3 + test "X$jar_server" != "X" || \ + fatal ".jar archive file not specified" + # Make sure the specified .jar file exists. + test -f $jar_server || \ + fatal "Unable to find .jar archive file $jar_server" # Where is the ssl certificate/key database? ssl_db=$4 - test "X$ssl_db" = "X" && ssl_db=/etc/systemtap/ssl/server + test "X$ssl_db" != "X" || \ + fatal "SSL certificate database not specified" + test -d $ssl_db || \ + fatal "Unable to find SSL certificate database $ssl_db" nss_pw=$ssl_db/pw + test -f $nss_pw || \ + fatal "Unable to find SSL certificate database password file $nss_pw" nss_cert=stap-server } @@ -70,23 +86,23 @@ function unpack_request { # Unpack the zip file. unzip $zip_client > /dev/null || \ - fatal "ERROR: cannot unpack zip archive $zip_client" + fatal "Cannot unpack zip archive $zip_client" # Identify the client's request tree. The zip file should have expanded # into a single directory named to match $tmpdir_prefix_client.?????? # which should now be the only item in the current directory. test "`ls | wc -l`" = 1 || \ - fatal "ERROR: Wrong number of files after expansion of client's zip file" + fatal "Wrong number of files after expansion of client's zip file" tmpdir_client=`ls` tmpdir_client=`expr "$tmpdir_client" : "\\\($tmpdir_prefix_client\\\\.......\\\)"` test "X$tmpdir_client" != "X" || \ - fatal "ERROR: client zip file did not expand as expected" + fatal "Client zip file did not expand as expected" # Move the client's temp directory to a local temp location local local_tmpdir_client=`mktemp -dt $tmpdir_prefix_server.client.XXXXXX` || \ - fatal "ERROR: cannot create temporary zip file " $local_tmpdir_client + fatal "Cannot create temporary zip file " $local_tmpdir_client mv $tmpdir_client/* $local_tmpdir_client rm -fr $tmpdir_client tmpdir_client=$local_tmpdir_client @@ -129,7 +145,7 @@ function check_compatibility { local sysinfo2=$2 if test "$sysinfo1" != "$sysinfo2"; then - error "ERROR: system configuration mismatch" + error "System configuration mismatch" error " client: $sysinfo1" fatal " server: $sysinfo2" fi @@ -141,7 +157,7 @@ function check_compatibility { # contents are '$1: .*'. Read and echo the data. function read_data_file { test -f $1 || \ - fatal "ERROR: Data file $1 not found" + fatal "Data file $1 not found" # Open the file exec 3< $1 @@ -151,7 +167,7 @@ function read_data_file { line="$REPLY" data=`expr "$line" : "$1: \\\(.*\\\)"` if test "X$data" = "X"; then - fatal "ERROR: Data in file $1 is incorrect" + fatal "Data in file $1 is incorrect" return fi @@ -316,7 +332,7 @@ function call_stap { server_p_phase=$p_phase fi - eval $exec_prefix/stap "$cmdline" -k -p $server_p_phase \ + eval ${exec_prefix}stap "$cmdline" -k -p $server_p_phase \ >> $tmpdir_server/stdout \ 2>> $tmpdir_server/stderr @@ -365,11 +381,6 @@ function package_response { # will sign the entire directory and compress it into a .jar # archive. # - # Make sure the specified .jar file exists. - test -f $jar_server || \ - fatal "ERROR: Could not find .jar archive file $jar_server" - #chmod +r $jar_server - # Generate the jar file signtool -d $ssl_db -k $nss_cert -p `cat $nss_pw` -Z $jar_server $tmpdir_server >/dev/null } @@ -379,7 +390,7 @@ function package_response { # Fatal error # Prints its arguments to stderr and exits function fatal { - echo "`basename $0`:" "$@" >> $tmpdir_server/stderr + echo "$0`: ERROR:" "$@" >> $tmpdir_server/stderr cleanup exit 1 } @@ -387,7 +398,7 @@ function fatal { # Non fatal error # Prints its arguments to stderr but does not exit function error { - echo "`basename $0`:" "$@" >> $tmpdir_server/stderr + echo "$0`: ERROR:" "$@" >> $tmpdir_server/stderr } # function cleanup |