| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* translate.cxx (c_unparser::emit_unprivileged_user_check): Generate
code to check _stp_unprivileged_user.
* testsuite/lib/systemtap.exp (setup_server): Copy stap-env to $net_path.
* runtime/transport/transport.c: Set up _stp_unprivileged_user.
* runtime/staprun/staprun_funcs.c (check_signature): Distiguish among
verification failure due to errors, tampering, untrusted signer.
(check_permissions): Likewise.
(check_groups): Set unprivileged_user.
* runtime/staprun/staprun.c (insert_stap_module): Set _stp_unprivileged_user.
* runtime/staprun/modverify.h (MODULE_OK): #define it.
(MODULE_UNTRUSTED,MODULE_CHECK_ERROR,MODULE_ALTERED): Likewise.
* runtime/staprun/modverify.c (modverify.h): #include it.
(verify_it): Distiguish among verification failure due to errors,
tampering, untrusted signer.
(verify_module): Likewise.
* runtime/staprun/common.c (unprivileged_user): Define it.
* runtime/staprun/staprun.h (unprivileged_user): Declare it.
* cache.cxx (get_from_cache): Get the module signature file.
* stap-authorize-server-cert: Source `dirname $0`/stap-env.
* stap-authorize-signing-cert: Likewise.
* stap-client: Likewise.
* stap-find-or-start-server: Likewise.
* stap-find-servers: Likewise.
* stap-gen-cert: Likewise.
* stap-server: Likewise.
* stap-serverd: Likewise.
* stap-start-server: Likewise.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* stap-serverd (initialization): Create client certificate database if it
does not exist.
* stap-server (call_stap): Don't pass --sign-module to stap.
* session.h (unprivileged): New member of systemtap_session.
* modsign.cxx (init_cert_db_path, check_cert_db_path): New functions.
(sign_module): Call check_cert_db_path.
* main.cxx (usage): Document --signing-cert and --unprivileged.
(runner): Set default signing certificate path. Initialize s.unprivileged.
(LONG_OPT_SIGN_MODULE): Renamed to LONG_OPT_SIGNING_CERT.
(LONG_OPT_UNPRIVILEGED): #define it.
(long_options): Add --signing-cert and --unprivileged.
(runner): Allow multiple --signing-cert options. Use the last specified.
Don't reset unless the new setting is valid. Handle LONG_OPT_UNPRIVILEGED.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* util.cxx (remove_file_or_dir): New function.
* util.h (remove_file_or_dir): New function.
* systemtap.spec (stap): Add stap-env, stap-gen-cert, stap-authorize-cert,
and stap-authorize-signing-cert.
(stap-client): Remove stap-find-or-start-server, stap-add-server-cert.
Add stap-authorize-server-cert.
(stap-server): Add stap-find-servers, stap-find-or-start-server,
stap-authorize-server-cert. Remove stap-gen-server-cert.
* stap-find-servers: Source stap-env. Use $stap_avahi_service_tag.
(initialization): Set timeout to 10.
(find_servers): Run avahi-browse in the background and wait for it.
Use a temp file for the output of avahi-browse. Kill avahi-browse if
the timeout expires.
(match_server): Set read timeout.
(fatal): New function.
* stap-find-or-start-server: Source stap-env. Use $stap_exec_prefix. Always
exit with 0.
* stap-start-server: Source stap-env. Check for the server PID as a running
process and for avahi-publish-service running as a child in order to
verify that the server is ready.
* stap-add-server-cert: Renamed to stap-authorize-server-cert. Source
stap-env. Call stap-authorize-cert.
* stap-client: Source stap-env. Use $stap_user_ssl_db and
$stap_root_ssl_db. Use $stap_tmpdir_prefix_client,
$stap_tmpdir_prefix_server. Use $stap_exec_prefix.
(configuration): Removed.
(staprun_running): Removed.
(interrupt): Don't kill staprun.
* stap-server: Source stap-env. Use $stap_user_ssl_db and
$stap_root_ssl_db. Use $stap_tmpdir_prefix_client,
$stap_tmpdir_prefix_server. Use $stap_exec_prefix.
(configuration): Removed.
* session.h (systemtap_session): Add cert_db_path.
* runtime/staprun/staprun_funcs.c (config.h): #include it.
(modverify.h): #include it.
(check_signature): New function.
(check_groups): New function extracted from check_permissions.
(check_permissions): Call check_groups and check_signature.
* runtime/staprun/mainloop.c (cleanup_and_exit): Pass modpath to staprun,
not modname.
* main.cxx (main): Initialize cert_db_path. Handle LONG_OPT_SIGN_MODULE.
Save the module signature if the module was signed and is being saved.
(LONG_OPT_SIGN_MODULE): #define it.
(long_options): Add --sign-module.
* cache.cxx (config.h): #include it.
(add_to_cache): Add the module signature file to the cache if the module
has been signed.
* buildrun.cxx (modsign.h): #include it.
(compile_pass): Call sign_module, if requested.
* configure.ac: Define HAVE_NSS if NSS libraries are available.
* Makefile.am (AM_CPPFLAGS): Add -DSYSCONFDIR.
(bin_SCRIPTS): Add stap-env, stap-gen-cert, stap-authorize-cert,
stap-authorize-signing-cert, stap-authorize-server-cert. Remove
stap-gen-server-cert, stap-add-server-cert.
(stap_SOURCES): Add nsscommon.c, modsign.cxx
(stap_CPPFLAGS): Add $(nss_CFLAGS), $(nspr_CFLAGS).
(stap_LDADD): Add -lnss3.
(staprun_SOURCES): Add nsscommon.c.
* modsign.cxx: New file.
* modsign.h: New file.
* nsscommon.c: New file.
* nsscommon.h: New file.
* runtime/staprun/modverify.c: New file.
* runtime/staprun/modverify.h: New file.
* stap-authorize-cert: New file.
* stap-authorize-signing-cert: New file.
* stap-env: New file.
* Makefile.in: Regenerated.
* aclocal.m4: Regenerated.
* config.in: Regenerated.
* configure: Regenerated.
* doc/Makefile.in: Regenerated.
* doc/SystemTap_Tapset_Reference/Makefile.in: Regenerated.
* testsuite/Makefile.in: Regenerated.
* testsuite/aclocal.m4: Regenerated.
|
| |
|
|
|
|
| |
platform compatibility for pahes 1-4.
|
|
|
|
| |
install time.
|
|
|
|
| |
other systemtap tools.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
not be started.
|
|
|
|
| |
Makefile.
|
|
|
|
| |
client's request tree.
|
|
|
|
| |
in EXTRA_TOOL_OPTS for 'make check' and 'make installcheck'
|
|
|
|
| |
a finale response from the server to allow for error checking.
|
| |
|
|
|