From b9c1510ee2ef5283d7faafad4e82a4bb933d9e29 Mon Sep 17 00:00:00 2001
From: Dave Brolley <brolley@redhat.com>
Date: Mon, 14 Sep 2009 15:06:36 -0400
Subject: 2009-09-14  Dave Brolley  <brolley@redhat.com>

        * modsign.cxx (init_cert_db_path): Use 'system' call.
        (sign_module): Renamed to 'main'. This is now an independant program.
        Check for arguments. Return 1 on error.
        * buildrun.cxx (modsign.h): Don't #include it.
        (compile_pass): Don't sign the module.
        * main.cxx (main): Don't copy the module signature.
        * cache.cxx (add_to_cache): Don't cache the module signature.
        * Makefile.am (bin_PROGRAMS): Add stap-sign-module.
        (stap_SOURCES): Remove modsign.cxx and nsscommon.c.
        (stap_sign_module_SOURCES): New variable.
        (stap_sign_module_CPPFLAGS): New variable.
        (stap_sign_module_LDFLAGS): New variable.
        (stap_sign_module_LDADD): New variable.
        * stap-server (initialization): Initialize unprivileged.
        (parse_options): Handle --unprivileged.
        (create_response): Call stap-sign-module if --unprivileged was
        specified.
        * systemtap.spec: Add stap-sign-module to stap-server.
        * Makefile.in: Regenerated.
        * doc/Makefile.in: Regenerated.
        * doc/SystemTap_Tapset_Reference/Makefile.in: Regenerated.
        * grapher/Makefile.in: Regenerated.
        * testsuite/Makefile.in: Regenerated.
        * aclocal.m4: Likewise.
        * testsuite/aclocal.m4: Likewise.
        * configure: Likewise.
        * testsuite/configure: Likewise.
---
 modsign.cxx | 48 ++++++++++++++++++++++++++++++++----------------
 1 file changed, 32 insertions(+), 16 deletions(-)

(limited to 'modsign.cxx')

diff --git a/modsign.cxx b/modsign.cxx
index cacd5699..903cc238 100644
--- a/modsign.cxx
+++ b/modsign.cxx
@@ -280,18 +280,18 @@ check_cert_db_permissions (const string &cert_db_path) {
  */
 static int
 init_cert_db_path (const string &cert_db_path) {
-  int rc;
+  int rc, rc1;
 
   // Generate the certificate and database.
   string cmd = BINDIR "/stap-gen-cert " + cert_db_path;
-  rc = stap_system (0, cmd) == 0;
+  rc = system (cmd.c_str ()) == 0;
 
   // If we are root, authorize the new certificate as a trusted
   // signer. It is not an error if this fails.
   if (geteuid () == 0)
     {
       cmd = BINDIR "/stap-authorize-signing-cert " + cert_db_path + "/stap.cert";
-      stap_system (0, cmd);
+      rc1 = system (cmd.c_str ());
     }
 
   return rc;
@@ -492,23 +492,37 @@ sign_it (const string &inputName, const string &outputName, SECKEYPrivateKey *pr
   PR_Close (local_file_fd);
 }
 
-void
-sign_module (systemtap_session& s)
+int
+main(int argc, char **argv)
 {
   const char *nickName = "stap-server";
+  string module_name;
+  string cert_db_path;
   char *password;
   CERTCertificate *cert;
   SECKEYPrivateKey *privKey;
   SECStatus secStatus;
 
-  if (! check_cert_db_path (s.cert_db_path))
-    return;
+  if (argc < 2) {
+      cerr << "Module name was not specified." << endl;
+      return 1;
+  }
+  module_name = argv[1];
+
+  if (argc < 3) {
+      cerr << "Certificate database path was not specified." << endl;
+      return 1;
+  }
+  cert_db_path = argv[2];
 
-  password = get_password (s.cert_db_path + "/pw");
+  if (! check_cert_db_path (cert_db_path))
+    return 1;
+
+  password = get_password (cert_db_path + "/pw");
   if (! password)
     {
       cerr << "Unable to obtain certificate database password." << endl;
-      return;
+      return 1;
     }
 
   /* Call the NSPR initialization routines. */
@@ -518,12 +532,12 @@ sign_module (systemtap_session& s)
   PK11_SetPasswordFunc (password_callback);
 
 	/* Initialize NSS. */
-  secStatus = NSS_Init (s.cert_db_path.c_str());
+  secStatus = NSS_Init (cert_db_path.c_str());
   if (secStatus != SECSuccess)
     {
       cerr << "Unable to initialize nss library." << endl;
       nssError ();
-      return;
+      return 1;
     }
 
   /* Get own certificate and private key. */
@@ -531,25 +545,27 @@ sign_module (systemtap_session& s)
   if (cert == NULL)
     {
       cerr << "Unable to find certificate with nickname " << nickName
-	   << " in " << s.cert_db_path << "." << endl;
+	   << " in " << cert_db_path << "." << endl;
       nssError ();
-      return;
+      return 1;
     }
 
   privKey = PK11_FindKeyByAnyCert (cert, password);
   if (privKey == NULL)
     {
       cerr << "Unable to obtain private key from the certificate with nickname " << nickName
-	   << " in " << s.cert_db_path << "." << endl;
+	   << " in " << cert_db_path << "." << endl;
       nssError ();
-      return;
+      return 1;
     }
 
   /* Sign the file. */
-  sign_it (s.tmpdir + "/" + s.module_name + ".ko", s.tmpdir + "/" + s.module_name + ".ko.sgn", privKey);
+  sign_it (module_name, module_name + ".sgn", privKey);
 
   /* Shutdown NSS and exit NSPR gracefully. */
   nssCleanup ();
+
+  return 0;
 }
 
 /* vim: set sw=2 ts=8 cino=>4,n-2,{2,^-2,t0,(0,u0,w1,M1 : */
-- 
cgit 


From 4ab2af3637026550ec28b95e287c6f2f2fc44ac7 Mon Sep 17 00:00:00 2001
From: Wenji Huang <wenji.huang@oracle.com>
Date: Tue, 15 Sep 2009 14:39:51 +0800
Subject: Remove unneeded header file

* modsign.cxx: Remove including session.h.
---
 modsign.cxx | 1 -
 1 file changed, 1 deletion(-)

(limited to 'modsign.cxx')

diff --git a/modsign.cxx b/modsign.cxx
index 903cc238..a73386e3 100644
--- a/modsign.cxx
+++ b/modsign.cxx
@@ -20,7 +20,6 @@
   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 */
 
-#include "session.h"
 #include "util.h"
 #include <iostream>
 #include <string>
-- 
cgit