From 0b7f181e1096f8833e24a60a7c0f97ecc063b9f4 Mon Sep 17 00:00:00 2001 From: Dave Brolley Date: Thu, 11 Dec 2008 12:07:02 -0500 Subject: Don't use -d on $netcat. Redirect from /dev/null instead. --- stap-serverd | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'stap-serverd') diff --git a/stap-serverd b/stap-serverd index b46a4254..d4d6a773 100755 --- a/stap-serverd +++ b/stap-serverd @@ -65,7 +65,7 @@ function listen { do for ((attempt=0; $attempt < 5; ++attempt)) do - $netcat -ld $port 2>/dev/null | process_request & + $netcat -l $port < /dev/null 2>/dev/null | process_request & wait '%$netcat -l' rc=$? if test $rc = 0 -o $rc = 127; then -- cgit From 1cecb3c506475a0e0b0ee4180a91e1a9433d346b Mon Sep 17 00:00:00 2001 From: Dave Brolley Date: Wed, 24 Dec 2008 13:18:50 -0500 Subject: Systemtap compile server phase 2 (ssl) -- first cut. --- stap-serverd | 67 +++++++++++++++--------------------------------------------- 1 file changed, 16 insertions(+), 51 deletions(-) (limited to 'stap-serverd') diff --git a/stap-serverd b/stap-serverd index d4d6a773..094f4ca4 100755 --- a/stap-serverd +++ b/stap-serverd @@ -24,20 +24,20 @@ function initialization { # Default settings. avahi_type=_stap._tcp - # We need either netcat or nc. - netcat=`which netcat 2>/dev/null` - test "X$netcat" = "X" && netcat=`which nc 2>/dev/null` - test "X$netcat" = "X" && fatal "ERROR: cannot find required program 'netcat' or 'nc' on PATH" - - # See if the given port, or the default port is busy. If so, select another. + # What port will we listen on? port=$1 test "X$port" = "X" && port=65000 - port2=$(($port + 1)) - while netstat -atn | awk '{print $4}' | cut -f2 -d: | egrep -q "^($port|$port2)\$"; do + while netstat -atn | awk '{print $4}' | cut -f2 -d: | egrep -q "^$port\$"; + do # Whoops, the port is busy; try another one. port=$((1024+($port + $RANDOM)%64000)) - port2=$(($port + 1)) done + + # Where is the ssl certificate/key database? + ssl_db=$2 + test "X$ssl_db" = "X" && ssl_db=/etc/systemtap/ssl/server + nss_pw=$ssl_db/pw + nss_cert=stap-server } # function: advertise_presence @@ -60,41 +60,10 @@ function advertise_presence { # # Listen for and handle requests to the server. function listen { - # Loop forever accepting requests - while true - do - for ((attempt=0; $attempt < 5; ++attempt)) - do - $netcat -l $port < /dev/null 2>/dev/null | process_request & - wait '%$netcat -l' - rc=$? - if test $rc = 0 -o $rc = 127; then - break; # port was read ok - fi - done - if test $attempt = 5; then - fatal "ERROR: cannot listen on port $port. rc==$rc" - fi - done -} - -# function: process_request -# -# Process an incoming request on stdin -function process_request { - read - case $REPLY in - request:) - stap-server $port2 >/dev/null 2>&1 & - wait '%stap-server' - rc=$? - test $rc = 127 && rc=0 - ;; - *) - rc=1 - esac - - exit $rc + # The stap-server-connect program will listen forever + # accepting requests. + stap-server-connect -p $port -n $nss_cert -d $ssl_db -w $nss_pw > /dev/null 2>&1 & + wait '%stap-server-connect' >/dev/null 2>&1 } # function: fatal [ MESSAGE ] @@ -117,13 +86,9 @@ function terminate { kill -s SIGTERM %avahi-publish-service 2> /dev/null wait '%avahi-publish-service' >/dev/null 2>&1 - # Kill any running 'stap-server' job. - kill -s SIGTERM "%stap-server" 2> /dev/null - wait '%stap-server' >/dev/null 2>&1 - - # Kill any running '$netcat -l' job. - kill -s SIGTERM '%$netcat -l' 2>/dev/null - wait '%$netcat -l' >/dev/null 2>&1 + # Kill any running 'stap-server-connect' job. + kill -s SIGTERM "%stap-server-connect" 2> /dev/null + wait "%stap-server-connect" >/dev/null 2>&1 exit } -- cgit From 64aa100f39dca60999028f83feb31983728ea4d4 Mon Sep 17 00:00:00 2001 From: Dave Brolley Date: Fri, 9 Jan 2009 15:11:04 -0500 Subject: New framework for creating/using certificate databases for client/server. --- stap-serverd | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) (limited to 'stap-serverd') diff --git a/stap-serverd b/stap-serverd index 094f4ca4..bd1c27db 100755 --- a/stap-serverd +++ b/stap-serverd @@ -2,7 +2,7 @@ # Compile server manager for systemtap # -# Copyright (C) 2008 Red Hat Inc. +# Copyright (C) 2008, 2009 Red Hat Inc. # # This file is part of systemtap, and is free software. You can # redistribute it and/or modify it under the terms of the GNU General @@ -30,12 +30,24 @@ function initialization { while netstat -atn | awk '{print $4}' | cut -f2 -d: | egrep -q "^$port\$"; do # Whoops, the port is busy; try another one. + echo "$0: Port $port is busy" port=$((1024+($port + $RANDOM)%64000)) done # Where is the ssl certificate/key database? ssl_db=$2 - test "X$ssl_db" = "X" && ssl_db=/etc/systemtap/ssl/server + if test "X$ssl_db" = "X"; then + # If no certificate/key database has been specified, then find/create + # a local one. + if test $EUID = 0; then + ssl_db=`dirname $0`/../etc/systemtap/ssl/server + else + ssl_db=$HOME/.systemtap/ssl/server + fi + if ! test -f $ssl_db/stap-server.cert; then + stap-gen-server-cert `dirname $ssl_db` || exit 1 + fi + fi nss_pw=$ssl_db/pw nss_cert=stap-server } @@ -62,7 +74,7 @@ function advertise_presence { function listen { # The stap-server-connect program will listen forever # accepting requests. - stap-server-connect -p $port -n $nss_cert -d $ssl_db -w $nss_pw > /dev/null 2>&1 & + stap-server-connect -p $port -n $nss_cert -d $ssl_db -w $nss_pw 2>&1 & wait '%stap-server-connect' >/dev/null 2>&1 } -- cgit From 790c4dd6eff3fbc127b67e23478d7edc6bf1cd08 Mon Sep 17 00:00:00 2001 From: Dave Brolley Date: Tue, 13 Jan 2009 13:38:41 -0500 Subject: Separate the creation of the server's certificate from its addition to the client-side database. --- stap-serverd | 3 +++ 1 file changed, 3 insertions(+) (limited to 'stap-serverd') diff --git a/stap-serverd b/stap-serverd index bd1c27db..2971c67f 100755 --- a/stap-serverd +++ b/stap-serverd @@ -46,6 +46,9 @@ function initialization { fi if ! test -f $ssl_db/stap-server.cert; then stap-gen-server-cert `dirname $ssl_db` || exit 1 + # Now add the server's certificate to the client's database, + # making it a trusted peer. + stap-add-server-cert $ssl_db/stap-server.cert `dirname $ssl_db` || exit 1 fi fi nss_pw=$ssl_db/pw -- cgit From 21325e0c78f4de1e772813c8f071d909d83e1b58 Mon Sep 17 00:00:00 2001 From: Dave Brolley Date: Tue, 13 Jan 2009 16:19:53 -0500 Subject: Ensure that the client/server scripts call the installed copies of any other systemtap tools. --- stap-serverd | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) (limited to 'stap-serverd') diff --git a/stap-serverd b/stap-serverd index 2971c67f..2c7abba1 100755 --- a/stap-serverd +++ b/stap-serverd @@ -24,6 +24,11 @@ function initialization { # Default settings. avahi_type=_stap._tcp + # Where are we installed? + exec_prefix=`dirname $0` + exec_prefix=`cd $exec_prefix && pwd` + prefix=`dirname $exec_prefix` + # What port will we listen on? port=$1 test "X$port" = "X" && port=65000 @@ -40,15 +45,15 @@ function initialization { # If no certificate/key database has been specified, then find/create # a local one. if test $EUID = 0; then - ssl_db=`dirname $0`/../etc/systemtap/ssl/server + ssl_db=$prefix/etc/systemtap/ssl/server else ssl_db=$HOME/.systemtap/ssl/server fi if ! test -f $ssl_db/stap-server.cert; then - stap-gen-server-cert `dirname $ssl_db` || exit 1 + $exec_prefix/stap-gen-server-cert `dirname $ssl_db` || exit 1 # Now add the server's certificate to the client's database, # making it a trusted peer. - stap-add-server-cert $ssl_db/stap-server.cert `dirname $ssl_db` || exit 1 + $exec_prefix/stap-add-server-cert $ssl_db/stap-server.cert `dirname $ssl_db` || exit 1 fi fi nss_pw=$ssl_db/pw @@ -77,8 +82,8 @@ function advertise_presence { function listen { # The stap-server-connect program will listen forever # accepting requests. - stap-server-connect -p $port -n $nss_cert -d $ssl_db -w $nss_pw 2>&1 & - wait '%stap-server-connect' >/dev/null 2>&1 + $exec_prefix/stap-server-connect -p $port -n $nss_cert -d $ssl_db -w $nss_pw 2>&1 & + wait '%$exec_prefix/stap-server-connect' >/dev/null 2>&1 } # function: fatal [ MESSAGE ] @@ -98,12 +103,12 @@ function terminate { echo "$0: Exiting" # Kill the running 'avahi-publish-service' job - kill -s SIGTERM %avahi-publish-service 2> /dev/null + kill -s SIGTERM '%avahi-publish-service' 2> /dev/null wait '%avahi-publish-service' >/dev/null 2>&1 # Kill any running 'stap-server-connect' job. - kill -s SIGTERM "%stap-server-connect" 2> /dev/null - wait "%stap-server-connect" >/dev/null 2>&1 + kill -s SIGTERM '%$exec_prefix/stap-server-connect' 2> /dev/null + wait '%$exec_prefix/stap-server-connect' >/dev/null 2>&1 exit } -- cgit From dece4f8f994c78aca9213cfb8f20e6d979ff738d Mon Sep 17 00:00:00 2001 From: Dave Brolley Date: Mon, 19 Jan 2009 13:29:43 -0500 Subject: Revert previous change. Only call stap-add-server-cert from stap-serverd if it has been installed. --- stap-serverd | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'stap-serverd') diff --git a/stap-serverd b/stap-serverd index 2c7abba1..1c227e6c 100755 --- a/stap-serverd +++ b/stap-serverd @@ -52,8 +52,10 @@ function initialization { if ! test -f $ssl_db/stap-server.cert; then $exec_prefix/stap-gen-server-cert `dirname $ssl_db` || exit 1 # Now add the server's certificate to the client's database, - # making it a trusted peer. - $exec_prefix/stap-add-server-cert $ssl_db/stap-server.cert `dirname $ssl_db` || exit 1 + # making it a trusted peer. Do this only if the client has been installed. + if test -f $exec_prefix/stap-add-server-cert -a -f $exec_prefix/stap-add-server-cert; then + $exec_prefix/stap-add-server-cert $ssl_db/stap-server.cert `dirname $ssl_db` + fi fi fi nss_pw=$ssl_db/pw -- cgit