From 2f54c4fe5a3aa21b4d5c38edabf83f3cdad0177d Mon Sep 17 00:00:00 2001
From: Dave Brolley <brolley@redhat.com>
Date: Thu, 2 Apr 2009 12:34:29 -0400
Subject: 2009-04-02  Dave Brolley  <brolley@redhat.com>

        * stap-serverd (initialization): Create client certificate database if it
        does not exist.
        * stap-server (call_stap): Don't pass --sign-module to stap.
        * session.h (unprivileged): New member of systemtap_session.
        * modsign.cxx (init_cert_db_path, check_cert_db_path): New functions.
        (sign_module): Call check_cert_db_path.
        * main.cxx (usage): Document --signing-cert and --unprivileged.
        (runner): Set default signing certificate path. Initialize s.unprivileged.
        (LONG_OPT_SIGN_MODULE): Renamed to LONG_OPT_SIGNING_CERT.
        (LONG_OPT_UNPRIVILEGED): #define it.
        (long_options): Add --signing-cert and --unprivileged.
        (runner): Allow multiple --signing-cert options. Use the last specified.
        Don't reset unless the new setting is valid. Handle LONG_OPT_UNPRIVILEGED.
---
 modsign.cxx | 42 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)

(limited to 'modsign.cxx')

diff --git a/modsign.cxx b/modsign.cxx
index 2154cdbb..c9307484 100644
--- a/modsign.cxx
+++ b/modsign.cxx
@@ -33,10 +33,49 @@ extern "C" {
 #include <cryptohi.h>
 
 #include <stdio.h>
+#include <stdlib.h>
 }
 
 using namespace std;
 
+/* Function: int init_cert_db_path (const string &cert_db_path);
+ * 
+ * Initialize a certificate database at the given path.
+ */
+static int
+init_cert_db_path (const string &cert_db_path) {
+  string cmd = "stap-gen-cert " + cert_db_path;
+  return system (cmd.c_str()) == 0;
+}
+
+/* Function: int check_cert_db_path (const string &cert_db_path);
+ * 
+ * Check that the given certificate directory exists and is initialized.
+ * Create and/or initialize it otherwise.
+ */
+static int
+check_cert_db_path (const string &cert_db_path) {
+  static const char* keyFiles[] = {
+    "cert8.db", "key3.db", "pw", "secmod.db", "stap-server.cert", NULL
+  };
+
+  // Does the path exist?
+  PRFileInfo fileInfo;
+  PRStatus prStatus = PR_GetFileInfo (cert_db_path.c_str(), &fileInfo);
+  if (prStatus != PR_SUCCESS || fileInfo.type != PR_FILE_DIRECTORY)
+    return init_cert_db_path (cert_db_path);
+
+  // Does it contain the key files?
+  for (int i = 0; keyFiles[i]; ++i) {
+    string fname = cert_db_path + "/" + keyFiles[i];
+    prStatus = PR_GetFileInfo (fname.c_str (), &fileInfo);
+    if (prStatus != PR_SUCCESS || fileInfo.type != PR_FILE_FILE || fileInfo.size < 0)
+      return init_cert_db_path (cert_db_path);
+  }
+
+  return 1; // ok
+}
+
 /* Function: char * password_callback()
  * 
  * Purpose: This function is our custom password handler that is called by
@@ -212,6 +251,9 @@ sign_module (systemtap_session& s)
   SECKEYPrivateKey *privKey;
   SECStatus secStatus;
 
+  if (! check_cert_db_path (s.cert_db_path))
+    return;
+
   password = get_password (s.cert_db_path + "/pw");
   if (! password)
     {
-- 
cgit