summaryrefslogtreecommitdiffstats
path: root/stap-server
Commit message (Collapse)AuthorAgeFilesLines
* PRs 11205, 11309: Specfile problems for stap-server:Dave Brolley2010-03-081-1/+1
| | | | | | | | - Use assigned gid/uid of 155/155 for stap-server. - Create stap-server group in main systemtap rpm. - Make uprobes runtime directory read/write/search by members of stap-server group in main systemtap rpm. - Keep stap-server log in %{_localstatedir}/log/stap-server/log
* PR 10905: initscript improvements.Dave Brolley2009-12-211-445/+846
| | | | | | Make the stap-server initscript available as $bindir/stap-server Reimplement the stap-server initscript as a thin wrapper around $bindir/stap-server.
* PR 10247, 10276, 10905: Move remaining client/server tools to libexec.Dave Brolley2009-12-211-1/+1
|
* PR 10247 10276 10905: Infrastructure for moving underlying client/server ↵Dave Brolley2009-12-181-1/+1
| | | | tools to libexec.
* PR 10641: Do not allow -m when --unprivileged in the server.Dave Brolley2009-12-181-1/+5
|
* stap-server initscript fully functional.Dave Brolley2009-10-261-1/+1
|
* Fix stap-server bug. --unprivileged not processed if processed as first ↵Dave Brolley2009-10-021-1/+1
| | | | argument.
* stap-start-server(->stap-serverd) now accept -r -R -I -B and -a options for ↵Dave Brolley2009-09-181-33/+47
| | | | | | | cross compilation. Server correctly advertises itself wrt -r and -a. Fix bug in stap-server: fatal function was potentially recursive.
* Check for unprivileged options conflicts on the server side.Dave Brolley2009-09-171-29/+71
| | | | Gneral work on options in the client and server.
* Get the module to sign from -p4's stdoutJosh Stone2009-09-141-3/+3
| | | | | | | | | The saved stdout should have the exact name of the generated module, which is better than using a recursive find to locate it. Tracepoints and @cast may generate additional .ko's which we don't want to confuse with the real deal. * stap-server (create_response): grep stdout for the module name.
* Merge branch 'master' of ssh://sources.redhat.com/git/systemtapDave Brolley2009-09-141-1/+1
|\ | | | | | | | | | | | | | | | | | | Conflicts: aclocal.m4 configure doc/SystemTap_Tapset_Reference/Makefile.in testsuite/aclocal.m4 testsuite/configure
| * Allow remaining process.* probes for unprivileged users.Dave Brolley2009-09-141-1/+1
| |
* | 2009-09-14 Dave Brolley <brolley@redhat.com>Dave Brolley2009-09-141-0/+18
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * modsign.cxx (init_cert_db_path): Use 'system' call. (sign_module): Renamed to 'main'. This is now an independant program. Check for arguments. Return 1 on error. * buildrun.cxx (modsign.h): Don't #include it. (compile_pass): Don't sign the module. * main.cxx (main): Don't copy the module signature. * cache.cxx (add_to_cache): Don't cache the module signature. * Makefile.am (bin_PROGRAMS): Add stap-sign-module. (stap_SOURCES): Remove modsign.cxx and nsscommon.c. (stap_sign_module_SOURCES): New variable. (stap_sign_module_CPPFLAGS): New variable. (stap_sign_module_LDFLAGS): New variable. (stap_sign_module_LDADD): New variable. * stap-server (initialization): Initialize unprivileged. (parse_options): Handle --unprivileged. (create_response): Call stap-sign-module if --unprivileged was specified. * systemtap.spec: Add stap-sign-module to stap-server. * Makefile.in: Regenerated. * doc/Makefile.in: Regenerated. * doc/SystemTap_Tapset_Reference/Makefile.in: Regenerated. * grapher/Makefile.in: Regenerated. * testsuite/Makefile.in: Regenerated. * aclocal.m4: Likewise. * testsuite/aclocal.m4: Likewise. * configure: Likewise. * testsuite/configure: Likewise.
* 2009-04-14 Dave Brolley <brolley@redhat.com>Dave Brolley2009-04-141-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * translate.cxx (c_unparser::emit_unprivileged_user_check): Generate code to check _stp_unprivileged_user. * testsuite/lib/systemtap.exp (setup_server): Copy stap-env to $net_path. * runtime/transport/transport.c: Set up _stp_unprivileged_user. * runtime/staprun/staprun_funcs.c (check_signature): Distiguish among verification failure due to errors, tampering, untrusted signer. (check_permissions): Likewise. (check_groups): Set unprivileged_user. * runtime/staprun/staprun.c (insert_stap_module): Set _stp_unprivileged_user. * runtime/staprun/modverify.h (MODULE_OK): #define it. (MODULE_UNTRUSTED,MODULE_CHECK_ERROR,MODULE_ALTERED): Likewise. * runtime/staprun/modverify.c (modverify.h): #include it. (verify_it): Distiguish among verification failure due to errors, tampering, untrusted signer. (verify_module): Likewise. * runtime/staprun/common.c (unprivileged_user): Define it. * runtime/staprun/staprun.h (unprivileged_user): Declare it. * cache.cxx (get_from_cache): Get the module signature file. * stap-authorize-server-cert: Source `dirname $0`/stap-env. * stap-authorize-signing-cert: Likewise. * stap-client: Likewise. * stap-find-or-start-server: Likewise. * stap-find-servers: Likewise. * stap-gen-cert: Likewise. * stap-server: Likewise. * stap-serverd: Likewise. * stap-start-server: Likewise.
* 2009-04-02 Dave Brolley <brolley@redhat.com>Dave Brolley2009-04-021-1/+1
| | | | | | | | | | | | | | | | * stap-serverd (initialization): Create client certificate database if it does not exist. * stap-server (call_stap): Don't pass --sign-module to stap. * session.h (unprivileged): New member of systemtap_session. * modsign.cxx (init_cert_db_path, check_cert_db_path): New functions. (sign_module): Call check_cert_db_path. * main.cxx (usage): Document --signing-cert and --unprivileged. (runner): Set default signing certificate path. Initialize s.unprivileged. (LONG_OPT_SIGN_MODULE): Renamed to LONG_OPT_SIGNING_CERT. (LONG_OPT_UNPRIVILEGED): #define it. (long_options): Add --signing-cert and --unprivileged. (runner): Allow multiple --signing-cert options. Use the last specified. Don't reset unless the new setting is valid. Handle LONG_OPT_UNPRIVILEGED.
* 2009-03-12 Dave Brolley <brolley@redhat.com>Dave Brolley2009-03-121-18/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * util.cxx (remove_file_or_dir): New function. * util.h (remove_file_or_dir): New function. * systemtap.spec (stap): Add stap-env, stap-gen-cert, stap-authorize-cert, and stap-authorize-signing-cert. (stap-client): Remove stap-find-or-start-server, stap-add-server-cert. Add stap-authorize-server-cert. (stap-server): Add stap-find-servers, stap-find-or-start-server, stap-authorize-server-cert. Remove stap-gen-server-cert. * stap-find-servers: Source stap-env. Use $stap_avahi_service_tag. (initialization): Set timeout to 10. (find_servers): Run avahi-browse in the background and wait for it. Use a temp file for the output of avahi-browse. Kill avahi-browse if the timeout expires. (match_server): Set read timeout. (fatal): New function. * stap-find-or-start-server: Source stap-env. Use $stap_exec_prefix. Always exit with 0. * stap-start-server: Source stap-env. Check for the server PID as a running process and for avahi-publish-service running as a child in order to verify that the server is ready. * stap-add-server-cert: Renamed to stap-authorize-server-cert. Source stap-env. Call stap-authorize-cert. * stap-client: Source stap-env. Use $stap_user_ssl_db and $stap_root_ssl_db. Use $stap_tmpdir_prefix_client, $stap_tmpdir_prefix_server. Use $stap_exec_prefix. (configuration): Removed. (staprun_running): Removed. (interrupt): Don't kill staprun. * stap-server: Source stap-env. Use $stap_user_ssl_db and $stap_root_ssl_db. Use $stap_tmpdir_prefix_client, $stap_tmpdir_prefix_server. Use $stap_exec_prefix. (configuration): Removed. * session.h (systemtap_session): Add cert_db_path. * runtime/staprun/staprun_funcs.c (config.h): #include it. (modverify.h): #include it. (check_signature): New function. (check_groups): New function extracted from check_permissions. (check_permissions): Call check_groups and check_signature. * runtime/staprun/mainloop.c (cleanup_and_exit): Pass modpath to staprun, not modname. * main.cxx (main): Initialize cert_db_path. Handle LONG_OPT_SIGN_MODULE. Save the module signature if the module was signed and is being saved. (LONG_OPT_SIGN_MODULE): #define it. (long_options): Add --sign-module. * cache.cxx (config.h): #include it. (add_to_cache): Add the module signature file to the cache if the module has been signed. * buildrun.cxx (modsign.h): #include it. (compile_pass): Call sign_module, if requested. * configure.ac: Define HAVE_NSS if NSS libraries are available. * Makefile.am (AM_CPPFLAGS): Add -DSYSCONFDIR. (bin_SCRIPTS): Add stap-env, stap-gen-cert, stap-authorize-cert, stap-authorize-signing-cert, stap-authorize-server-cert. Remove stap-gen-server-cert, stap-add-server-cert. (stap_SOURCES): Add nsscommon.c, modsign.cxx (stap_CPPFLAGS): Add $(nss_CFLAGS), $(nspr_CFLAGS). (stap_LDADD): Add -lnss3. (staprun_SOURCES): Add nsscommon.c. * modsign.cxx: New file. * modsign.h: New file. * nsscommon.c: New file. * nsscommon.h: New file. * runtime/staprun/modverify.c: New file. * runtime/staprun/modverify.h: New file. * stap-authorize-cert: New file. * stap-authorize-signing-cert: New file. * stap-env: New file. * Makefile.in: Regenerated. * aclocal.m4: Regenerated. * config.in: Regenerated. * configure: Regenerated. * doc/Makefile.in: Regenerated. * doc/SystemTap_Tapset_Reference/Makefile.in: Regenerated. * testsuite/Makefile.in: Regenerated. * testsuite/aclocal.m4: Regenerated.
* Server response is no longer signed. Passed as a zip archive instead.Dave Brolley2009-02-111-12/+9
|
* Update NEWS and stap-server man page. Don't require client/serverDave Brolley2009-02-021-7/+16
| | | | platform compatibility for pahes 1-4.
* More security checking for client/server. Set exec_prefix and sysconfdir at ↵Dave Brolley2009-01-301-22/+33
| | | | install time.
* Ensure that the client/server scripts call the installed copies of anyDave Brolley2009-01-131-1/+5
| | | | other systemtap tools.
* New framework for creating/using certificate databases for client/server.Dave Brolley2009-01-091-2/+2
|
* Systemtap compile server phase 2 (ssl) -- first cut.Dave Brolley2008-12-241-80/+38
|
* Don't use -d on $netcat. Redirect from /dev/null instead.Dave Brolley2008-12-111-1/+1
|
* Use netcat or nc, whichever is available.Dave Brolley2008-12-091-6/+11
|
* Robustness improvements for the stap client/serverDave Brolley2008-08-251-22/+29
|
* stap client/server now pass 'make installcheck'Dave Brolley2008-08-201-12/+5
|
* PR 6834Dave Brolley2008-08-141-22/+13
|
* stap-serverd was incorectly determining that the server couldDave Brolley2008-08-111-5/+5
| | | | not be started.
* Start/stop the systemtap server from systemtap.exp and not in the top level ↵Dave Brolley2008-08-081-16/+49
| | | | Makefile.
* No need for random suffix file cmdline and sysinfo files in theDave Brolley2008-07-301-12/+12
| | | | client's request tree.
* Ensure that a systemtap server is available if 'server' is specifiedDave Brolley2008-07-291-6/+21
| | | | in EXTRA_TOOL_OPTS for 'make check' and 'make installcheck'
* Use `uname -rvm` for checking system compatibility. GenerateDave Brolley2008-07-081-3/+4
| | | | a finale response from the server to allow for error checking.
* client/server take 2. See bz6565.Dave Brolley2008-07-031-64/+49
|
* New systemptap compile client and server scripts.Dave Brolley2008-05-301-0/+436
generated by cgit (git 2.34.1) at 2024-05-29 03:51:22 +0000