diff options
Diffstat (limited to 'stap-serverd')
| -rwxr-xr-x | stap-serverd | 50 |
1 files changed, 36 insertions, 14 deletions
diff --git a/stap-serverd b/stap-serverd index 818e3ec3..d51866aa 100755 --- a/stap-serverd +++ b/stap-serverd @@ -21,14 +21,15 @@ trap 'terminate' SIGTERM SIGINT #----------------------------------------------------------------------------- # function: initialization PORT function initialization { + # INSTALL-HOOK These settings work for running the server from the source tree + # INSTALL-HOOK using the dejagnu test harness and will be overridden at install + # INSTALL-HOOK time. + exec_prefix= + sysconfdir=`pwd`/net + # Default settings. avahi_type=_stap._tcp - # Where are we installed? - exec_prefix=`dirname $0` - exec_prefix=`cd $exec_prefix && pwd` - prefix=`dirname $exec_prefix` - # What port will we listen on? port=$1 test "X$port" = "X" && port=65000 @@ -45,16 +46,16 @@ function initialization { # If no certificate/key database has been specified, then find/create # a local one. if test $EUID = 0; then - ssl_db=$prefix/etc/systemtap/ssl/server + ssl_db=$sysconfdir/systemtap/ssl/server else ssl_db=$HOME/.systemtap/ssl/server fi if ! test -f $ssl_db/stap-server.cert; then - $exec_prefix/stap-gen-server-cert `dirname $ssl_db` || exit 1 + ${exec_prefix}stap-gen-server-cert `dirname $ssl_db` || exit 1 # Now add the server's certificate to the client's database, # making it a trusted peer. Do this only if the client has been installed. - if test -f $exec_prefix/stap-add-server-cert -a -f $exec_prefix/stap-add-server-cert; then - $exec_prefix/stap-add-server-cert $ssl_db/stap-server.cert `dirname $ssl_db` + if test -f `which ${exec_prefix}stap-add-server-cert` -a -x `which ${exec_prefix}stap-add-server-cert`; then + ${exec_prefix}stap-add-server-cert $ssl_db/stap-server.cert `dirname $ssl_db` fi fi fi @@ -88,8 +89,8 @@ function advertise_presence { function listen { # The stap-server-connect program will listen forever # accepting requests. - $exec_prefix/stap-server-connect -p $port -n $nss_cert -d $ssl_db -w $nss_pw 2>&1 & - wait '%$exec_prefix/stap-server-connect' >/dev/null 2>&1 + ${exec_prefix}stap-server-connect -p $port -n $nss_cert -d $ssl_db -w $nss_pw 2>&1 & + wait '%${exec_prefix}stap-server-connect' >/dev/null 2>&1 } # function: check_db DBNAME @@ -115,6 +116,13 @@ function check_db { rc=1 fi + # We must be the owner of the database. + local ownerid=`stat -c "%u" $dir` + if test "X$ownerid" != "X$EUID"; then + warning "Certificate database '$dir' must be owned by $USER" + rc=1 + fi + # Check the access permissions of the directory local perm=0`stat -c "%a" $dir` if test $((($perm & 0400) == 0400)) = 0; then @@ -176,6 +184,13 @@ function check_db_file { return 1 fi + # We must be the owner of the file. + local ownerid=`stat -c "%u" $file` + if test "X$ownerid" != "X$EUID"; then + warning "Certificate database file '$file' must be owned by $USER" + rc=1 + fi + # Check that we can read the file if ! test -r $file; then warning "Certificate database file '$file' is not readble" @@ -239,6 +254,13 @@ function check_cert_file { return 1 fi + # We must be the owner of the file. + local ownerid=`stat -c "%u" $file` + if test "X$ownerid" != "X$EUID"; then + warning "Certificate file '$file' must be owned by $USER" + rc=1 + fi + # Check the access permissions of the file local perm=0`stat -c "%a" $file` if test $((($perm & 0400) == 0400)) = 0; then @@ -290,7 +312,7 @@ function warning { # Fatal error # Prints its arguments to stderr and exits function fatal { - echo "$0: FATAL:" "$@" >&2 + echo "$0: ERROR:" "$@" >&2 terminate exit 1 } @@ -306,8 +328,8 @@ function terminate { wait '%avahi-publish-service' >/dev/null 2>&1 # Kill any running 'stap-server-connect' job. - kill -s SIGTERM '%$exec_prefix/stap-server-connect' 2> /dev/null - wait '%$exec_prefix/stap-server-connect' >/dev/null 2>&1 + kill -s SIGTERM '%${exec_prefix}stap-server-connect' 2> /dev/null + wait '%${exec_prefix}stap-server-connect' >/dev/null 2>&1 exit } |