From 2035bcd40b17832439df0a1eb28403b99a71b74f Mon Sep 17 00:00:00 2001
From: Dave Brolley <brolley@redhat.com>
Date: Mon, 4 May 2009 16:05:22 -0400
Subject: Module signing and verification using a separate file for the module
 signature.

---
 stap-serverd | 54 ++++++++++++++++++++++++++++++------------------------
 1 file changed, 30 insertions(+), 24 deletions(-)

(limited to 'stap-serverd')

diff --git a/stap-serverd b/stap-serverd
index 6467ec55..4eee8c38 100755
--- a/stap-serverd
+++ b/stap-serverd
@@ -16,20 +16,14 @@
 # Catch ctrl-c and other termination signals
 trap 'terminate' SIGTERM SIGINT
 
+# Initialize the environment
+. `dirname $0`/stap-env
+
 #-----------------------------------------------------------------------------
 # Helper functions.
 #-----------------------------------------------------------------------------
 # function: initialization PORT
 function initialization {
-    # INSTALL-HOOK These settings work for running the server from the source tree
-    # INSTALL-HOOK using the dejagnu test harness and will be overridden at install
-    # INSTALL-HOOK time.
-    exec_prefix=
-    sysconfdir=`pwd`/net
-
-    # Default settings.
-    avahi_type=_stap._tcp
-
     # What port will we listen on?
     port=$1
     test "X$port" = "X" && port=65000
@@ -43,19 +37,31 @@ function initialization {
     # Where is the ssl certificate/key database?
     ssl_db=$2
     if test "X$ssl_db" = "X"; then
+	ssl_db=$stap_ssl_db/server
+	# Update the certificate file if it is old.
+	if test -f $ssl_db/$stap_old_certfile; then
+	    if ! test -e $ssl_db/$stap_certfile; then
+		mv $ssl_db/$stap_old_certfile $ssl_db/$stap_certfile
+	    else
+		rm -fr $ssl_db/$stap_old_certfile
+	    fi
+	fi
 	# If no certificate/key database has been specified, then find/create
 	# a local one.
-	if test $EUID = 0; then
-	    ssl_db=$sysconfdir/systemtap/ssl/server
-	else
-	    ssl_db=$HOME/.systemtap/ssl/server
-	fi
-	if ! test -f $ssl_db/stap-server.cert; then
-	    ${exec_prefix}stap-gen-server-cert `dirname $ssl_db` || exit 1
+	if ! test -f $ssl_db/$stap_certfile; then
+	    ${stap_exec_prefix}stap-gen-cert $ssl_db || exit 1
             # Now add the server's certificate to the client's database,
 	    # making it a trusted peer. Do this only if the client has been installed.
-	    if test -f `which ${exec_prefix}stap-add-server-cert` -a -x `which ${exec_prefix}stap-add-server-cert`; then
-		${exec_prefix}stap-add-server-cert $ssl_db/stap-server.cert `dirname $ssl_db`/client
+	    if test -f `which ${stap_exec_prefix}stap-client` -a \
+		    -x `which ${stap_exec_prefix}stap-client`; then
+		${stap_exec_prefix}stap-authorize-server-cert $ssl_db/$stap_certfile
+	    fi
+	elif ! test -f $stap_ssl_db/client/cert8.db; then
+	    # If the client's database does not exist, then initialize it with our certificate.
+	    # Do this only if the client has been installed.
+	    if test -f `which ${stap_exec_prefix}stap-client` -a \
+                    -x `which ${stap_exec_prefix}stap-client`; then
+		${stap_exec_prefix}stap-authorize-server-cert $ssl_db/$stap_certfile
 	    fi
 	fi
     fi
@@ -78,7 +84,7 @@ function advertise_presence {
 
     # Call avahi-publish-service to advertise our presence.
     avahi-publish-service "Systemtap Compile Server on `uname -n`" \
-	$avahi_type $port "$txt" > /dev/null 2>&1 &
+	$stap_avahi_service_tag $port "$txt" > /dev/null 2>&1 &
 
     echo "Systemtap Compile Server on `uname -n` listening on port $port"
 }
@@ -89,8 +95,8 @@ function advertise_presence {
 function listen {
     # The stap-server-connect program will listen forever
     # accepting requests.
-    ${exec_prefix}stap-server-connect -p $port -n $nss_cert -d $ssl_db -w $nss_pw 2>&1 &
-    wait '%${exec_prefix}stap-server-connect' >/dev/null 2>&1
+    ${stap_exec_prefix}stap-server-connect -p $port -n $nss_cert -d $ssl_db -w $nss_pw 2>&1 &
+    wait '%${stap_exec_prefix}stap-server-connect' >/dev/null 2>&1
 }
 
 # function: check_db DBNAME
@@ -160,7 +166,7 @@ function check_db {
     check_db_file $dir/key3.db || rc=1
     check_db_file $dir/secmod.db || rc=1
     check_db_file $dir/pw || rc=1
-    check_cert_file $dir/stap-server.cert || rc=1
+    check_cert_file $dir/$stap_certfile || rc=1
 
     test $rc = 1 && fatal "Unable to use certificate database '$dir' due to errors"
 
@@ -328,8 +334,8 @@ function terminate {
     wait '%avahi-publish-service' >/dev/null 2>&1
 
     # Kill any running 'stap-server-connect' job.
-    kill -s SIGTERM '%${exec_prefix}stap-server-connect' 2> /dev/null
-    wait '%${exec_prefix}stap-server-connect'  >/dev/null 2>&1
+    kill -s SIGTERM '%${stap_exec_prefix}stap-server-connect' 2> /dev/null
+    wait '%${stap_exec_prefix}stap-server-connect'  >/dev/null 2>&1
 
     exit
 }
-- 
cgit