diff options
| author | Dave Brolley <brolley@redhat.com> | 2009-05-04 16:05:22 -0400 |
|---|---|---|
| committer | Dave Brolley <brolley@redhat.com> | 2009-05-04 16:05:22 -0400 |
| commit | 2035bcd40b17832439df0a1eb28403b99a71b74f (patch) | |
| tree | 0fb027ba40f34513279f2e39e1110b50a415d2c1 /stap-serverd | |
| parent | 3ba2eb82cafa938c1c3f7ef9d2da06912a49d8e0 (diff) | |
| download | systemtap-steved-2035bcd40b17832439df0a1eb28403b99a71b74f.tar.gz systemtap-steved-2035bcd40b17832439df0a1eb28403b99a71b74f.tar.xz systemtap-steved-2035bcd40b17832439df0a1eb28403b99a71b74f.zip | |
Module signing and verification using a separate file for the module signature.
Diffstat (limited to 'stap-serverd')
| -rwxr-xr-x | stap-serverd | 54 |
1 files changed, 30 insertions, 24 deletions
diff --git a/stap-serverd b/stap-serverd index 6467ec55..4eee8c38 100755 --- a/stap-serverd +++ b/stap-serverd @@ -16,20 +16,14 @@ # Catch ctrl-c and other termination signals trap 'terminate' SIGTERM SIGINT +# Initialize the environment +. `dirname $0`/stap-env + #----------------------------------------------------------------------------- # Helper functions. #----------------------------------------------------------------------------- # function: initialization PORT function initialization { - # INSTALL-HOOK These settings work for running the server from the source tree - # INSTALL-HOOK using the dejagnu test harness and will be overridden at install - # INSTALL-HOOK time. - exec_prefix= - sysconfdir=`pwd`/net - - # Default settings. - avahi_type=_stap._tcp - # What port will we listen on? port=$1 test "X$port" = "X" && port=65000 @@ -43,19 +37,31 @@ function initialization { # Where is the ssl certificate/key database? ssl_db=$2 if test "X$ssl_db" = "X"; then + ssl_db=$stap_ssl_db/server + # Update the certificate file if it is old. + if test -f $ssl_db/$stap_old_certfile; then + if ! test -e $ssl_db/$stap_certfile; then + mv $ssl_db/$stap_old_certfile $ssl_db/$stap_certfile + else + rm -fr $ssl_db/$stap_old_certfile + fi + fi # If no certificate/key database has been specified, then find/create # a local one. - if test $EUID = 0; then - ssl_db=$sysconfdir/systemtap/ssl/server - else - ssl_db=$HOME/.systemtap/ssl/server - fi - if ! test -f $ssl_db/stap-server.cert; then - ${exec_prefix}stap-gen-server-cert `dirname $ssl_db` || exit 1 + if ! test -f $ssl_db/$stap_certfile; then + ${stap_exec_prefix}stap-gen-cert $ssl_db || exit 1 # Now add the server's certificate to the client's database, # making it a trusted peer. Do this only if the client has been installed. - if test -f `which ${exec_prefix}stap-add-server-cert` -a -x `which ${exec_prefix}stap-add-server-cert`; then - ${exec_prefix}stap-add-server-cert $ssl_db/stap-server.cert `dirname $ssl_db`/client + if test -f `which ${stap_exec_prefix}stap-client` -a \ + -x `which ${stap_exec_prefix}stap-client`; then + ${stap_exec_prefix}stap-authorize-server-cert $ssl_db/$stap_certfile + fi + elif ! test -f $stap_ssl_db/client/cert8.db; then + # If the client's database does not exist, then initialize it with our certificate. + # Do this only if the client has been installed. + if test -f `which ${stap_exec_prefix}stap-client` -a \ + -x `which ${stap_exec_prefix}stap-client`; then + ${stap_exec_prefix}stap-authorize-server-cert $ssl_db/$stap_certfile fi fi fi @@ -78,7 +84,7 @@ function advertise_presence { # Call avahi-publish-service to advertise our presence. avahi-publish-service "Systemtap Compile Server on `uname -n`" \ - $avahi_type $port "$txt" > /dev/null 2>&1 & + $stap_avahi_service_tag $port "$txt" > /dev/null 2>&1 & echo "Systemtap Compile Server on `uname -n` listening on port $port" } @@ -89,8 +95,8 @@ function advertise_presence { function listen { # The stap-server-connect program will listen forever # accepting requests. - ${exec_prefix}stap-server-connect -p $port -n $nss_cert -d $ssl_db -w $nss_pw 2>&1 & - wait '%${exec_prefix}stap-server-connect' >/dev/null 2>&1 + ${stap_exec_prefix}stap-server-connect -p $port -n $nss_cert -d $ssl_db -w $nss_pw 2>&1 & + wait '%${stap_exec_prefix}stap-server-connect' >/dev/null 2>&1 } # function: check_db DBNAME @@ -160,7 +166,7 @@ function check_db { check_db_file $dir/key3.db || rc=1 check_db_file $dir/secmod.db || rc=1 check_db_file $dir/pw || rc=1 - check_cert_file $dir/stap-server.cert || rc=1 + check_cert_file $dir/$stap_certfile || rc=1 test $rc = 1 && fatal "Unable to use certificate database '$dir' due to errors" @@ -328,8 +334,8 @@ function terminate { wait '%avahi-publish-service' >/dev/null 2>&1 # Kill any running 'stap-server-connect' job. - kill -s SIGTERM '%${exec_prefix}stap-server-connect' 2> /dev/null - wait '%${exec_prefix}stap-server-connect' >/dev/null 2>&1 + kill -s SIGTERM '%${stap_exec_prefix}stap-server-connect' 2> /dev/null + wait '%${stap_exec_prefix}stap-server-connect' >/dev/null 2>&1 exit } |