1 files changed, 32 insertions, 0 deletions

diff --git a/main.cxx b/main.cxx
index ab568c23..84bbce73 100644
--- a/main.cxx
+++ b/main.cxx
@@ -130,6 +130,8 @@ usage (systemtap_session& s, int exitcode)
 #ifdef HAVE_LIBSQLITE3
     << "   -q         generate information on tapset coverage" << endl
 #endif /* HAVE_LIBSQLITE3 */
+    << "   --unprivileged" << endl
+    << "              restrict usage to features available to unprivileged users" << endl
 #if 0 /* PR6864: disable temporarily; should merge with -d somehow */
     << "   --kelf     make do with symbol table from vmlinux" << endl
     << "   --kmap[=FILE]" << endl
@@ -402,6 +404,15 @@ main (int argc, char * const argv [])
   s.ignore_dwarf = false;
   s.load_only = false;
   s.skip_badvars = false;
+  s.unprivileged = false;
+
+  // Location of our signing certificate.
+  // If we're root, use the database in SYSCONFDIR, otherwise
+  // use the one in our $HOME directory.  */
+  if (getuid() == 0)
+    s.cert_db_path = SYSCONFDIR "/systemtap/ssl/server";
+  else
+    s.cert_db_path = getenv("HOME") + string ("/.systemtap/ssl/server");
 
   const char* s_p = getenv ("SYSTEMTAP_TAPSET");
   if (s_p != NULL)
@@ -467,6 +478,7 @@ main (int argc, char * const argv [])
 #define LONG_OPT_IGNORE_DWARF 4
 #define LONG_OPT_VERBOSE_PASS 5
 #define LONG_OPT_SKIP_BADVARS 6
+#define LONG_OPT_UNPRIVILEGED 7
       // NB: also see find_hash(), usage(), switch stmt below, stap.1 man page
       static struct option long_options[] = {
         { "kelf", 0, &long_opt, LONG_OPT_KELF },
@@ -475,6 +487,7 @@ main (int argc, char * const argv [])
         { "ignore-dwarf", 0, &long_opt, LONG_OPT_IGNORE_DWARF },
 	{ "skip-badvars", 0, &long_opt, LONG_OPT_SKIP_BADVARS },
         { "vp", 1, &long_opt, LONG_OPT_VERBOSE_PASS },
+        { "unprivileged", 0, &long_opt, LONG_OPT_UNPRIVILEGED },
         { NULL, 0, NULL, 0 }
       };
       int grc = getopt_long (argc, argv, "hVMvtp:I:e:o:R:r:m:kgPc:x:D:bs:uqwl:d:L:FS:",
@@ -602,6 +615,7 @@ main (int argc, char * const argv [])
 
         case 'g':
           s.guru_mode = true;
+	  s.unprivileged = false;
           break;
 
         case 'P':
@@ -718,6 +732,10 @@ main (int argc, char * const argv [])
 	    case LONG_OPT_SKIP_BADVARS:
 	      s.skip_badvars = true;
 	      break;
+	    case LONG_OPT_UNPRIVILEGED:
+	      s.unprivileged = true;
+	      s.guru_mode = false;
+	      break;
             default:
               cerr << "Internal error parsing command arguments." << endl;
               usage(s, 1);
@@ -1134,6 +1152,20 @@ main (int argc, char * const argv [])
 	  if (copy_file(module_src_path.c_str(), module_dest_path.c_str()) != 0)
 	    cerr << "Copy failed (\"" << module_src_path << "\" to \""
 		 << module_dest_path << "\"): " << strerror(errno) << endl;
+
+#if HAVE_NSS
+	  // Save the signature as well.
+	  assert (! s.cert_db_path.empty());
+	  module_src_path += ".sgn";
+	  module_dest_path += ".sgn";
+
+	  if (s.verbose > 1)
+	    clog << "Copying " << module_src_path << " to "
+		 << module_dest_path << endl;
+	  if (copy_file(module_src_path.c_str(), module_dest_path.c_str()) != 0)
+	    cerr << "Copy failed (\"" << module_src_path << "\" to \""
+		 << module_dest_path << "\"): " << strerror(errno) << endl;
+#endif
 	}
     }