]>
Commit | Line | Data |
---|---|---|
2dce8c42 DB |
1 | /* |
2 | Compile server client functions | |
840e5073 | 3 | Copyright (C) 2010-2011 Red Hat Inc. |
2dce8c42 DB |
4 | |
5 | This file is part of systemtap, and is free software. You can | |
6 | redistribute it and/or modify it under the terms of the GNU General | |
7 | Public License (GPL); either version 2, or (at your option) any | |
8 | later version. | |
9 | */ | |
10 | #include "config.h" | |
11 | #include "session.h" | |
005df4e5 | 12 | #include "cscommon.h" |
aa4d21c0 | 13 | #include "csclient.h" |
2fad97fd | 14 | #include "util.h" |
0f5d597d | 15 | #include "stap-probe.h" |
2dce8c42 | 16 | |
aa4d21c0 | 17 | #include <sys/times.h> |
2dce8c42 | 18 | #include <vector> |
2fad97fd | 19 | #include <fstream> |
cc7c72cd | 20 | #include <sstream> |
79efe7f8 | 21 | #include <cassert> |
b0e5fa85 DB |
22 | #include <cstdlib> |
23 | #include <cstdio> | |
b0e5fa85 | 24 | #include <algorithm> |
79efe7f8 FCE |
25 | |
26 | extern "C" { | |
004a4482 | 27 | #include <linux/limits.h> |
3eee0879 | 28 | #include <sys/time.h> |
79efe7f8 | 29 | #include <glob.h> |
1f9938b9 | 30 | #include <limits.h> |
f88498d9 | 31 | #include <sys/socket.h> |
1a7f7b3f | 32 | #include <sys/stat.h> |
f88498d9 DS |
33 | #include <netdb.h> |
34 | #include <arpa/inet.h> | |
0d1534e8 | 35 | #include <pwd.h> |
79efe7f8 | 36 | } |
2dce8c42 DB |
37 | |
38 | #if HAVE_AVAHI | |
39 | extern "C" { | |
2dce8c42 DB |
40 | #include <avahi-client/client.h> |
41 | #include <avahi-client/lookup.h> | |
42 | ||
43 | #include <avahi-common/simple-watch.h> | |
44 | #include <avahi-common/malloc.h> | |
45 | #include <avahi-common/error.h> | |
46 | #include <avahi-common/timeval.h> | |
3eee0879 | 47 | } |
b0e5fa85 | 48 | #endif // HAVE_AVAHI |
2fad97fd DB |
49 | |
50 | #if HAVE_NSS | |
3eee0879 | 51 | extern "C" { |
2fad97fd DB |
52 | #include <ssl.h> |
53 | #include <nspr.h> | |
54 | #include <nss.h> | |
c77af0d0 | 55 | #include <certdb.h> |
2fad97fd DB |
56 | #include <pk11pub.h> |
57 | #include <prerror.h> | |
58 | #include <secerr.h> | |
59 | #include <sslerr.h> | |
aeb9cc10 | 60 | } |
2fad97fd DB |
61 | |
62 | #include "nsscommon.h" | |
c77af0d0 | 63 | #endif // HAVE_NSS |
2dce8c42 | 64 | |
aeb9cc10 DB |
65 | using namespace std; |
66 | ||
c8f70b21 | 67 | #define STAP_CSC_01 _("WARNING: The domain name, %s, does not match the DNS name(s) on the server certificate:\n") |
58a834b1 LB |
68 | #define STAP_CSC_02 _("could not find input file %s\n") |
69 | #define STAP_CSC_03 _("could not open input file %s\n") | |
70 | #define STAP_CSC_04 _("Unable to open output file %s\n") | |
71 | #define STAP_CSC_05 _("could not write to %s\n") | |
72 | ||
aeb9cc10 DB |
73 | extern "C" |
74 | void | |
75 | nsscommon_error (const char *msg, int logit __attribute ((unused))) | |
76 | { | |
77 | clog << msg << endl << flush; | |
78 | } | |
2dce8c42 | 79 | |
b0e5fa85 DB |
80 | // Information about compile servers. |
81 | struct compile_server_info | |
82 | { | |
83 | compile_server_info () : port (0) {} | |
84 | ||
85717fe6 DB |
85 | string host_name; |
86 | string ip_address; | |
b0e5fa85 | 87 | unsigned short port; |
85717fe6 DB |
88 | string version; |
89 | string sysinfo; | |
90 | string certinfo; | |
b0e5fa85 | 91 | |
7543625d DB |
92 | bool empty () const |
93 | { | |
94 | return host_name.empty () && ip_address.empty (); | |
95 | } | |
96 | ||
b0e5fa85 DB |
97 | bool operator== (const compile_server_info &that) const |
98 | { | |
7543625d DB |
99 | // If the ip address is not set, then the host names must match, otherwise |
100 | // the ip addresses must match. | |
101 | if (this->ip_address.empty () || that.ip_address.empty ()) | |
102 | { | |
103 | if (this->host_name != that.host_name) | |
104 | return false; | |
105 | } | |
106 | else if (this->ip_address != that.ip_address) | |
b0e5fa85 | 107 | return false; |
7543625d | 108 | |
b0e5fa85 DB |
109 | // Compare the other fields only if they have both been set. |
110 | if (this->port != 0 && that.port != 0 && this->port != that.port) | |
111 | return false; | |
85717fe6 DB |
112 | if (! this->version.empty () && ! that.version.empty () && |
113 | this->version != that.version) | |
114 | return false; | |
b0e5fa85 DB |
115 | if (! this->sysinfo.empty () && ! that.sysinfo.empty () && |
116 | this->sysinfo != that.sysinfo) | |
117 | return false; | |
118 | if (! this->certinfo.empty () && ! that.certinfo.empty () && | |
119 | this->certinfo != that.certinfo) | |
120 | return false; | |
121 | return true; | |
122 | } | |
1d1e2086 DB |
123 | |
124 | // Used to sort servers by preference for order of contact. The preferred server is | |
125 | // "less" than the other one. | |
126 | bool operator< (const compile_server_info &that) const | |
127 | { | |
128 | // Prefer servers with a later (higher) version number. | |
129 | cs_protocol_version this_version (this->version.c_str ()); | |
130 | cs_protocol_version that_version (that.version.c_str ()); | |
131 | return that_version < this_version; | |
132 | } | |
b0e5fa85 DB |
133 | }; |
134 | ||
3d9dfde6 DB |
135 | ostream &operator<< (ostream &s, const compile_server_info &i); |
136 | ||
005df4e5 DB |
137 | static void |
138 | preferred_order (vector<compile_server_info> &servers) | |
139 | { | |
140 | // Sort the given list of servers into the preferred order for contacting. | |
141 | // Don't bother if there are less than 2 servers in the list. | |
142 | if (servers.size () < 2) | |
143 | return; | |
144 | ||
145 | // Sort the list using compile_server_info::operator< | |
146 | sort (servers.begin (), servers.end ()); | |
147 | } | |
148 | ||
eff14db3 JS |
149 | struct compile_server_cache |
150 | { | |
151 | vector<compile_server_info> default_servers; | |
152 | vector<compile_server_info> specified_servers; | |
153 | vector<compile_server_info> trusted_servers; | |
154 | vector<compile_server_info> signing_servers; | |
155 | vector<compile_server_info> online_servers; | |
156 | }; | |
157 | ||
b0e5fa85 DB |
158 | // For filtering queries. |
159 | enum compile_server_properties { | |
160 | compile_server_all = 0x1, | |
161 | compile_server_trusted = 0x2, | |
162 | compile_server_online = 0x4, | |
163 | compile_server_compatible = 0x8, | |
164 | compile_server_signer = 0x10, | |
165 | compile_server_specified = 0x20 | |
166 | }; | |
167 | ||
168 | // Static functions. | |
eff14db3 | 169 | static compile_server_cache* cscache(systemtap_session& s); |
b0e5fa85 | 170 | static void query_server_status (systemtap_session &s, const string &status_string); |
b0e5fa85 DB |
171 | |
172 | static void get_server_info (systemtap_session &s, int pmask, vector<compile_server_info> &servers); | |
173 | static void get_all_server_info (systemtap_session &s, vector<compile_server_info> &servers); | |
174 | static void get_default_server_info (systemtap_session &s, vector<compile_server_info> &servers); | |
1a7f7b3f | 175 | static void get_specified_server_info (systemtap_session &s, vector<compile_server_info> &servers, bool no_default = false); |
7543625d DB |
176 | static void get_or_keep_online_server_info (systemtap_session &s, vector<compile_server_info> &servers, bool keep); |
177 | static void get_or_keep_trusted_server_info (systemtap_session &s, vector<compile_server_info> &servers, bool keep); | |
178 | static void get_or_keep_signing_server_info (systemtap_session &s, vector<compile_server_info> &servers, bool keep); | |
179 | static void get_or_keep_compatible_server_info (systemtap_session &s, vector<compile_server_info> &servers, bool keep); | |
180 | static void keep_common_server_info (const compile_server_info &info_to_keep, vector<compile_server_info> &filtered_info); | |
b0e5fa85 | 181 | static void keep_common_server_info (const vector<compile_server_info> &info_to_keep, vector<compile_server_info> &filtered_info); |
7543625d DB |
182 | static void keep_server_info_with_cert_and_port (systemtap_session &s, const compile_server_info &server, vector<compile_server_info> &servers); |
183 | ||
b0e5fa85 | 184 | static void add_server_info (const compile_server_info &info, vector<compile_server_info>& list); |
7543625d | 185 | static void add_server_info (const vector<compile_server_info> &source, vector<compile_server_info> &target); |
b0e5fa85 | 186 | static void merge_server_info (const compile_server_info &source, compile_server_info &target); |
7543625d DB |
187 | #if 0 // not used right now |
188 | static void merge_server_info (const compile_server_info &source, vector<compile_server_info> &target); | |
189 | static void merge_server_info (const vector<compile_server_info> &source, vector <compile_server_info> &target); | |
190 | #endif | |
191 | static void resolve_host (systemtap_session& s, compile_server_info &server, vector<compile_server_info> &servers); | |
b0e5fa85 | 192 | |
fd14bd8f DB |
193 | /* Exit error codes */ |
194 | #define SUCCESS 0 | |
195 | #define GENERAL_ERROR 1 | |
196 | #define CA_CERT_INVALID_ERROR 2 | |
197 | #define SERVER_CERT_EXPIRED_ERROR 3 | |
198 | ||
48e74294 DB |
199 | // Convert the given string to an ip address in host byte order. |
200 | static unsigned | |
201 | stringToIpAddress (const string &s) | |
202 | { | |
203 | if (s.empty ()) | |
204 | return 0; // unknown | |
205 | ||
206 | vector<string>components; | |
207 | tokenize (s, components, "."); | |
208 | assert (components.size () >= 1); | |
209 | ||
210 | unsigned ip = 0; | |
211 | unsigned i; | |
212 | for (i = 0; i < components.size (); ++i) | |
213 | { | |
214 | const char *ipstr = components[i].c_str (); | |
215 | char *estr; | |
216 | errno = 0; | |
217 | unsigned a = strtoul (ipstr, & estr, 10); | |
218 | if (errno == 0 && *estr == '\0' && a <= UCHAR_MAX) | |
219 | ip = (ip << 8) + a; | |
220 | else | |
221 | return 0; | |
222 | } | |
223 | ||
224 | return ip; | |
225 | } | |
226 | ||
c77af0d0 | 227 | #if HAVE_NSS |
840e5073 DB |
228 | // ----------------------------------------------------- |
229 | // NSS related code used by the compile server client | |
230 | // ----------------------------------------------------- | |
3d9dfde6 DB |
231 | static void add_server_trust (systemtap_session &s, const string &cert_db_path, const vector<compile_server_info> &server_list); |
232 | static void revoke_server_trust (systemtap_session &s, const string &cert_db_path, const vector<compile_server_info> &server_list); | |
233 | static void get_server_info_from_db (systemtap_session &s, vector<compile_server_info> &servers, const string &cert_db_path); | |
234 | ||
3dc20443 DB |
235 | static string global_client_cert_db_path () { |
236 | return SYSCONFDIR "/systemtap/ssl/client"; | |
237 | } | |
238 | ||
c77af0d0 | 239 | static string |
aeb9cc10 | 240 | private_ssl_cert_db_path () |
c77af0d0 | 241 | { |
aeb9cc10 | 242 | return local_client_cert_db_path (); |
c77af0d0 DB |
243 | } |
244 | ||
245 | static string | |
246 | global_ssl_cert_db_path () | |
247 | { | |
aeb9cc10 | 248 | return global_client_cert_db_path (); |
c77af0d0 DB |
249 | } |
250 | ||
251 | static string | |
252 | signing_cert_db_path () | |
253 | { | |
254 | return SYSCONFDIR "/systemtap/staprun"; | |
255 | } | |
840e5073 | 256 | |
840e5073 DB |
257 | /* Connection state. */ |
258 | typedef struct connectionState_t | |
259 | { | |
260 | const char *hostName; | |
261 | PRNetAddr addr; | |
262 | PRUint16 port; | |
263 | const char *infileName; | |
264 | const char *outfileName; | |
265 | const char *trustNewServerMode; | |
266 | } connectionState_t; | |
267 | ||
268 | #if 0 /* No client authorization */ | |
269 | static char * | |
270 | myPasswd(PK11SlotInfo *info, PRBool retry, void *arg) | |
271 | { | |
272 | char * passwd = NULL; | |
273 | ||
274 | if ( (!retry) && arg ) | |
275 | passwd = PORT_Strdup((char *)arg); | |
276 | ||
277 | return passwd; | |
278 | } | |
279 | #endif | |
280 | ||
281 | /* Add the server's certificate to our database of trusted servers. */ | |
282 | static SECStatus | |
283 | trustNewServer (CERTCertificate *serverCert) | |
284 | { | |
285 | SECStatus secStatus; | |
286 | CERTCertTrust *trust = NULL; | |
aeb9cc10 | 287 | PK11SlotInfo *slot = NULL; |
840e5073 DB |
288 | |
289 | /* Import the certificate. */ | |
aeb9cc10 DB |
290 | slot = PK11_GetInternalKeySlot(); |
291 | const char *nickname = server_cert_nickname (); | |
292 | secStatus = PK11_ImportCert(slot, serverCert, CK_INVALID_HANDLE, nickname, PR_FALSE); | |
840e5073 DB |
293 | if (secStatus != SECSuccess) |
294 | goto done; | |
295 | ||
296 | /* Make it a trusted peer. */ | |
297 | trust = (CERTCertTrust *)PORT_ZAlloc(sizeof(CERTCertTrust)); | |
298 | if (! trust) | |
299 | { | |
300 | secStatus = SECFailure; | |
301 | goto done; | |
302 | } | |
303 | ||
304 | secStatus = CERT_DecodeTrustString(trust, "P,P,P"); | |
305 | if (secStatus != SECSuccess) | |
306 | goto done; | |
307 | ||
308 | secStatus = CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), serverCert, trust); | |
840e5073 DB |
309 | |
310 | done: | |
aeb9cc10 DB |
311 | if (slot) |
312 | PK11_FreeSlot (slot); | |
840e5073 DB |
313 | if (trust) |
314 | PORT_Free(trust); | |
315 | return secStatus; | |
316 | } | |
317 | ||
318 | /* Called when the server certificate verification fails. This gives us | |
319 | the chance to trust the server anyway and add the certificate to the | |
320 | local database. */ | |
321 | static SECStatus | |
322 | badCertHandler(void *arg, PRFileDesc *sslSocket) | |
323 | { | |
324 | SECStatus secStatus; | |
325 | PRErrorCode errorNumber; | |
c619c688 | 326 | CERTCertificate *serverCert = NULL; |
840e5073 DB |
327 | SECItem subAltName; |
328 | PRArenaPool *tmpArena = NULL; | |
329 | CERTGeneralName *nameList, *current; | |
330 | char *expected = NULL; | |
331 | const connectionState_t *connectionState = (connectionState_t *)arg; | |
332 | ||
333 | errorNumber = PR_GetError (); | |
334 | switch (errorNumber) | |
335 | { | |
336 | case SSL_ERROR_BAD_CERT_DOMAIN: | |
337 | /* Since we administer our own client-side databases of trustworthy | |
338 | certificates, we don't need the domain name(s) on the certificate to | |
339 | match. If the cert is in our database, then we can trust it. | |
340 | Issue a warning and accept the certificate. */ | |
341 | expected = SSL_RevealURL (sslSocket); | |
58a834b1 | 342 | fprintf (stderr, STAP_CSC_01, expected); |
840e5073 DB |
343 | |
344 | /* List the DNS names from the server cert as part of the warning. | |
345 | First, find the alt-name extension on the certificate. */ | |
346 | subAltName.data = NULL; | |
347 | serverCert = SSL_PeerCertificate (sslSocket); | |
348 | secStatus = CERT_FindCertExtension (serverCert, | |
349 | SEC_OID_X509_SUBJECT_ALT_NAME, | |
350 | & subAltName); | |
351 | if (secStatus != SECSuccess || ! subAltName.data) | |
352 | { | |
58a834b1 | 353 | fprintf (stderr, _("Unable to find alt name extension on the server certificate\n")); |
840e5073 DB |
354 | secStatus = SECSuccess; /* Not a fatal error */ |
355 | break; | |
356 | } | |
357 | ||
358 | // Now, decode the extension. | |
359 | tmpArena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); | |
360 | if (! tmpArena) | |
361 | { | |
58a834b1 | 362 | fprintf (stderr, _("Out of memory\n")); |
840e5073 DB |
363 | secStatus = SECSuccess; /* Not a fatal error here */ |
364 | break; | |
365 | } | |
366 | nameList = CERT_DecodeAltNameExtension (tmpArena, & subAltName); | |
367 | SECITEM_FreeItem(& subAltName, PR_FALSE); | |
368 | if (! nameList) | |
369 | { | |
58a834b1 | 370 | fprintf (stderr, _("Unable to decode alt name extension on server certificate\n")); |
840e5073 DB |
371 | secStatus = SECSuccess; /* Not a fatal error */ |
372 | break; | |
373 | } | |
374 | ||
375 | /* List the DNS names from the server cert as part of the warning. | |
376 | The names are in a circular list. */ | |
377 | current = nameList; | |
378 | do | |
379 | { | |
380 | /* Make sure this is a DNS name. */ | |
381 | if (current->type == certDNSName) | |
382 | { | |
383 | fprintf (stderr, " %.*s\n", | |
384 | (int)current->name.other.len, current->name.other.data); | |
385 | } | |
386 | current = CERT_GetNextGeneralName (current); | |
387 | } | |
388 | while (current != nameList); | |
389 | ||
390 | /* Accept the certificate */ | |
391 | secStatus = SECSuccess; | |
392 | break; | |
393 | ||
394 | case SEC_ERROR_CA_CERT_INVALID: | |
395 | /* The server's certificate is not trusted. Should we trust it? */ | |
396 | secStatus = SECFailure; /* Do not trust by default. */ | |
397 | if (! connectionState->trustNewServerMode) | |
398 | break; | |
399 | ||
400 | /* Trust it for this session only? */ | |
401 | if (strcmp (connectionState->trustNewServerMode, "session") == 0) | |
402 | { | |
403 | secStatus = SECSuccess; | |
404 | break; | |
405 | } | |
406 | ||
407 | /* Trust it permanently? */ | |
408 | if (strcmp (connectionState->trustNewServerMode, "permanent") == 0) | |
409 | { | |
410 | /* The user wants to trust this server. Get the server's certificate so | |
411 | and add it to our database. */ | |
412 | serverCert = SSL_PeerCertificate (sslSocket); | |
413 | if (serverCert != NULL) | |
aeb9cc10 DB |
414 | { |
415 | secStatus = trustNewServer (serverCert); | |
aeb9cc10 | 416 | } |
840e5073 DB |
417 | } |
418 | break; | |
419 | default: | |
420 | secStatus = SECFailure; /* Do not trust this server */ | |
421 | break; | |
422 | } | |
423 | ||
424 | if (expected) | |
425 | PORT_Free (expected); | |
426 | if (tmpArena) | |
427 | PORT_FreeArena (tmpArena, PR_FALSE); | |
428 | ||
c619c688 CM |
429 | if (serverCert != NULL) |
430 | { | |
431 | CERT_DestroyCertificate (serverCert); | |
432 | } | |
433 | ||
840e5073 DB |
434 | return secStatus; |
435 | } | |
436 | ||
437 | static PRFileDesc * | |
438 | setupSSLSocket (connectionState_t *connectionState) | |
439 | { | |
440 | PRFileDesc *tcpSocket; | |
441 | PRFileDesc *sslSocket; | |
442 | PRSocketOptionData socketOption; | |
443 | PRStatus prStatus; | |
444 | SECStatus secStatus; | |
445 | ||
446 | tcpSocket = PR_NewTCPSocket(); | |
447 | if (tcpSocket == NULL) | |
448 | goto loser; | |
449 | ||
450 | /* Make the socket blocking. */ | |
451 | socketOption.option = PR_SockOpt_Nonblocking; | |
452 | socketOption.value.non_blocking = PR_FALSE; | |
453 | ||
454 | prStatus = PR_SetSocketOption(tcpSocket, &socketOption); | |
455 | if (prStatus != PR_SUCCESS) | |
456 | goto loser; | |
457 | ||
458 | /* Import the socket into the SSL layer. */ | |
459 | sslSocket = SSL_ImportFD(NULL, tcpSocket); | |
460 | if (!sslSocket) | |
461 | goto loser; | |
462 | ||
463 | /* Set configuration options. */ | |
464 | secStatus = SSL_OptionSet(sslSocket, SSL_SECURITY, PR_TRUE); | |
465 | if (secStatus != SECSuccess) | |
466 | goto loser; | |
467 | ||
468 | secStatus = SSL_OptionSet(sslSocket, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE); | |
469 | if (secStatus != SECSuccess) | |
470 | goto loser; | |
471 | ||
472 | /* Set SSL callback routines. */ | |
473 | #if 0 /* no client authentication */ | |
474 | secStatus = SSL_GetClientAuthDataHook(sslSocket, | |
475 | (SSLGetClientAuthData)myGetClientAuthData, | |
476 | (void *)certNickname); | |
477 | if (secStatus != SECSuccess) | |
478 | goto loser; | |
479 | #endif | |
480 | #if 0 /* Use the default */ | |
481 | secStatus = SSL_AuthCertificateHook(sslSocket, | |
482 | (SSLAuthCertificate)myAuthCertificate, | |
483 | (void *)CERT_GetDefaultCertDB()); | |
484 | if (secStatus != SECSuccess) | |
485 | goto loser; | |
486 | #endif | |
487 | ||
488 | secStatus = SSL_BadCertHook(sslSocket, (SSLBadCertHandler)badCertHandler, | |
489 | connectionState); | |
490 | if (secStatus != SECSuccess) | |
491 | goto loser; | |
492 | ||
493 | #if 0 /* No handshake callback */ | |
494 | secStatus = SSL_HandshakeCallback(sslSocket, myHandshakeCallback, NULL); | |
495 | if (secStatus != SECSuccess) | |
496 | goto loser; | |
497 | #endif | |
498 | ||
499 | return sslSocket; | |
500 | ||
501 | loser: | |
502 | if (tcpSocket) | |
503 | PR_Close(tcpSocket); | |
504 | return NULL; | |
505 | } | |
506 | ||
507 | ||
508 | static SECStatus | |
509 | handle_connection (PRFileDesc *sslSocket, connectionState_t *connectionState) | |
510 | { | |
511 | PRInt32 numBytes; | |
512 | char *readBuffer; | |
513 | PRFileInfo info; | |
514 | PRFileDesc *local_file_fd; | |
515 | PRStatus prStatus; | |
516 | SECStatus secStatus = SECSuccess; | |
517 | ||
518 | #define READ_BUFFER_SIZE (60 * 1024) | |
519 | ||
aeb9cc10 DB |
520 | /* If we don't have both the input and output file names, then we're |
521 | contacting this server only in order to establish trust. In this case send | |
522 | 0 as the file size and exit. */ | |
523 | if (! connectionState->infileName || ! connectionState->outfileName) | |
524 | { | |
525 | numBytes = htonl ((PRInt32)0); | |
526 | numBytes = PR_Write (sslSocket, & numBytes, sizeof (numBytes)); | |
527 | if (numBytes < 0) | |
528 | return SECFailure; | |
529 | return SECSuccess; | |
530 | } | |
531 | ||
840e5073 DB |
532 | /* read and send the data. */ |
533 | /* Try to open the local file named. | |
534 | * If successful, then write it to the server | |
535 | */ | |
536 | prStatus = PR_GetFileInfo(connectionState->infileName, &info); | |
537 | if (prStatus != PR_SUCCESS || | |
538 | info.type != PR_FILE_FILE || | |
539 | info.size < 0) | |
540 | { | |
58a834b1 | 541 | fprintf (stderr, STAP_CSC_02, |
840e5073 DB |
542 | connectionState->infileName); |
543 | return SECFailure; | |
544 | } | |
545 | ||
546 | local_file_fd = PR_Open(connectionState->infileName, PR_RDONLY, 0); | |
547 | if (local_file_fd == NULL) | |
548 | { | |
58a834b1 | 549 | fprintf (stderr, STAP_CSC_03, connectionState->infileName); |
840e5073 DB |
550 | return SECFailure; |
551 | } | |
552 | ||
553 | /* Send the file size first, so the server knows when it has the entire file. */ | |
554 | numBytes = htonl ((PRInt32)info.size); | |
555 | numBytes = PR_Write(sslSocket, & numBytes, sizeof (numBytes)); | |
556 | if (numBytes < 0) | |
557 | { | |
558 | PR_Close(local_file_fd); | |
559 | return SECFailure; | |
560 | } | |
561 | ||
562 | /* Transmit the local file across the socket. */ | |
563 | numBytes = PR_TransmitFile(sslSocket, local_file_fd, | |
564 | NULL, 0, | |
565 | PR_TRANSMITFILE_KEEP_OPEN, | |
566 | PR_INTERVAL_NO_TIMEOUT); | |
567 | if (numBytes < 0) | |
568 | { | |
569 | PR_Close(local_file_fd); | |
570 | return SECFailure; | |
571 | } | |
572 | ||
573 | PR_Close(local_file_fd); | |
574 | ||
575 | /* read until EOF */ | |
576 | readBuffer = (char *)PORT_Alloc(READ_BUFFER_SIZE); | |
577 | if (! readBuffer) { | |
58a834b1 | 578 | fprintf (stderr, _("Out of memory\n")); |
840e5073 DB |
579 | return SECFailure; |
580 | } | |
581 | ||
582 | local_file_fd = PR_Open(connectionState->outfileName, PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE, | |
583 | PR_IRUSR | PR_IWUSR | PR_IRGRP | PR_IWGRP | PR_IROTH); | |
584 | if (local_file_fd == NULL) | |
585 | { | |
58a834b1 | 586 | fprintf (stderr, STAP_CSC_04, connectionState->outfileName); |
840e5073 DB |
587 | return SECFailure; |
588 | } | |
589 | while (PR_TRUE) | |
590 | { | |
591 | numBytes = PR_Read(sslSocket, readBuffer, READ_BUFFER_SIZE); | |
592 | if (numBytes == 0) | |
593 | break; /* EOF */ | |
594 | ||
595 | if (numBytes < 0) | |
596 | { | |
597 | secStatus = SECFailure; | |
598 | break; | |
599 | } | |
600 | ||
601 | /* Write to output file */ | |
602 | numBytes = PR_Write(local_file_fd, readBuffer, numBytes); | |
603 | if (numBytes < 0) | |
604 | { | |
58a834b1 | 605 | fprintf (stderr, STAP_CSC_05, connectionState->outfileName); |
840e5073 DB |
606 | secStatus = SECFailure; |
607 | break; | |
608 | } | |
609 | } | |
610 | ||
611 | PR_Free(readBuffer); | |
612 | PR_Close(local_file_fd); | |
613 | ||
614 | /* Caller closes the socket. */ | |
615 | return secStatus; | |
616 | } | |
617 | ||
618 | /* make the connection. | |
619 | */ | |
620 | static SECStatus | |
621 | do_connect (connectionState_t *connectionState) | |
622 | { | |
623 | PRFileDesc *sslSocket; | |
624 | PRStatus prStatus; | |
625 | SECStatus secStatus; | |
626 | ||
627 | secStatus = SECSuccess; | |
628 | ||
629 | /* Set up SSL secure socket. */ | |
630 | sslSocket = setupSSLSocket (connectionState); | |
631 | if (sslSocket == NULL) | |
632 | return SECFailure; | |
633 | ||
634 | #if 0 /* no client authentication */ | |
635 | secStatus = SSL_SetPKCS11PinArg(sslSocket, password); | |
636 | if (secStatus != SECSuccess) | |
637 | goto done; | |
638 | #endif | |
639 | ||
640 | secStatus = SSL_SetURL(sslSocket, connectionState->hostName); | |
641 | if (secStatus != SECSuccess) | |
642 | goto done; | |
643 | ||
644 | prStatus = PR_Connect(sslSocket, & connectionState->addr, PR_INTERVAL_NO_TIMEOUT); | |
645 | if (prStatus != PR_SUCCESS) | |
646 | { | |
647 | secStatus = SECFailure; | |
648 | goto done; | |
649 | } | |
650 | ||
651 | /* Established SSL connection, ready to send data. */ | |
652 | secStatus = SSL_ResetHandshake(sslSocket, /* asServer */ PR_FALSE); | |
653 | if (secStatus != SECSuccess) | |
654 | goto done; | |
655 | ||
656 | /* This is normally done automatically on the first I/O operation, | |
657 | but doing it here catches any authentication problems early. */ | |
658 | secStatus = SSL_ForceHandshake(sslSocket); | |
659 | if (secStatus != SECSuccess) | |
660 | goto done; | |
661 | ||
aeb9cc10 DB |
662 | // Connect to the server and make the request. |
663 | secStatus = handle_connection(sslSocket, connectionState); | |
840e5073 DB |
664 | |
665 | done: | |
666 | prStatus = PR_Close(sslSocket); | |
667 | return secStatus; | |
668 | } | |
669 | ||
840e5073 DB |
670 | int |
671 | client_connect (const char *hostName, PRUint32 ip, | |
672 | PRUint16 port, | |
673 | const char* infileName, const char* outfileName, | |
674 | const char* trustNewServer) | |
675 | { | |
676 | SECStatus secStatus; | |
677 | PRStatus prStatus; | |
678 | PRInt32 rv; | |
679 | PRHostEnt hostEntry; | |
680 | PRErrorCode errorNumber; | |
681 | char buffer[PR_NETDB_BUF_SIZE]; | |
682 | int attempt; | |
683 | int errCode = GENERAL_ERROR; | |
684 | struct connectionState_t connectionState; | |
685 | ||
686 | connectionState.hostName = hostName; | |
687 | connectionState.port = port; | |
688 | connectionState.infileName = infileName; | |
689 | connectionState.outfileName = outfileName; | |
690 | connectionState.trustNewServerMode = trustNewServer; | |
691 | ||
692 | /* Setup network connection. If we have an ip address, then | |
693 | simply use it, otherwise we need to resolve the host name. */ | |
694 | if (ip) | |
695 | { | |
696 | connectionState.addr.inet.family = PR_AF_INET; | |
697 | connectionState.addr.inet.port = htons (port); | |
698 | connectionState.addr.inet.ip = htonl (ip); | |
699 | } | |
700 | else | |
701 | { | |
702 | prStatus = PR_GetHostByName(hostName, buffer, sizeof (buffer), &hostEntry); | |
703 | if (prStatus != PR_SUCCESS) { | |
58a834b1 | 704 | fprintf (stderr, _("Unable to resolve server host name")); |
840e5073 DB |
705 | return errCode; |
706 | } | |
707 | ||
708 | rv = PR_EnumerateHostEnt(0, &hostEntry, port, &connectionState.addr); | |
709 | if (rv < 0) { | |
58a834b1 | 710 | fprintf (stderr, _("Unable to resolve server host address")); |
840e5073 DB |
711 | return errCode; |
712 | } | |
713 | } | |
714 | ||
715 | /* Some errors (see below) represent a situation in which trying again | |
716 | should succeed. However, don't try forever. */ | |
717 | for (attempt = 0; attempt < 5; ++attempt) | |
718 | { | |
719 | secStatus = do_connect (& connectionState); | |
720 | if (secStatus == SECSuccess) | |
721 | return SUCCESS; | |
722 | ||
723 | errorNumber = PR_GetError (); | |
724 | switch (errorNumber) | |
725 | { | |
726 | case PR_CONNECT_RESET_ERROR: | |
727 | /* Server was not ready. */ | |
728 | sleep (1); | |
729 | break; /* Try again */ | |
730 | case SEC_ERROR_EXPIRED_CERTIFICATE: | |
731 | /* The server's certificate has expired. It should | |
aeb9cc10 DB |
732 | generate a new certificate. Return now and we'll try again. */ |
733 | errCode = SERVER_CERT_EXPIRED_ERROR; | |
734 | return errCode; | |
840e5073 DB |
735 | case SEC_ERROR_CA_CERT_INVALID: |
736 | /* The server's certificate is not trusted. The exit code must | |
737 | reflect this. */ | |
738 | errCode = CA_CERT_INVALID_ERROR; | |
739 | return errCode; | |
740 | default: | |
741 | /* This error is fatal. */ | |
742 | return errCode; | |
743 | } | |
744 | } | |
745 | ||
746 | return errCode; | |
747 | } | |
eff14db3 | 748 | |
aa4d21c0 DB |
749 | int |
750 | compile_server_client::passes_0_4 () | |
751 | { | |
0f5d597d | 752 | PROBE1(stap, client__start, &s); |
2fad97fd | 753 | |
aa4d21c0 DB |
754 | // arguments parsed; get down to business |
755 | if (s.verbose > 1) | |
a46f9abe | 756 | clog << _("Using a compile server.") << endl; |
aa4d21c0 | 757 | |
aa4d21c0 DB |
758 | struct tms tms_before; |
759 | times (& tms_before); | |
760 | struct timeval tv_before; | |
761 | gettimeofday (&tv_before, NULL); | |
762 | ||
2fad97fd DB |
763 | // Create the request package. |
764 | int rc = initialize (); | |
85007c04 | 765 | if (rc != 0 || pending_interrupts) goto done; |
2fad97fd | 766 | rc = create_request (); |
85007c04 | 767 | if (rc != 0 || pending_interrupts) goto done; |
2fad97fd | 768 | rc = package_request (); |
85007c04 | 769 | if (rc != 0 || pending_interrupts) goto done; |
2fad97fd DB |
770 | |
771 | // Submit it to the server. | |
772 | rc = find_and_connect_to_server (); | |
85007c04 | 773 | if (rc != 0 || pending_interrupts) goto done; |
2fad97fd DB |
774 | |
775 | // Unpack and process the response. | |
776 | rc = unpack_response (); | |
85007c04 | 777 | if (rc != 0 || pending_interrupts) goto done; |
2fad97fd DB |
778 | rc = process_response (); |
779 | ||
f3fbabf2 DB |
780 | if (rc == 0 && s.last_pass == 4) |
781 | { | |
782 | cout << s.module_name + ".ko"; | |
783 | cout << endl; | |
784 | } | |
785 | ||
2fad97fd | 786 | done: |
aa4d21c0 DB |
787 | struct tms tms_after; |
788 | times (& tms_after); | |
789 | unsigned _sc_clk_tck = sysconf (_SC_CLK_TCK); | |
790 | struct timeval tv_after; | |
791 | gettimeofday (&tv_after, NULL); | |
792 | ||
793 | #define TIMESPRINT "in " << \ | |
794 | (tms_after.tms_cutime + tms_after.tms_utime \ | |
795 | - tms_before.tms_cutime - tms_before.tms_utime) * 1000 / (_sc_clk_tck) << "usr/" \ | |
796 | << (tms_after.tms_cstime + tms_after.tms_stime \ | |
797 | - tms_before.tms_cstime - tms_before.tms_stime) * 1000 / (_sc_clk_tck) << "sys/" \ | |
798 | << ((tv_after.tv_sec - tv_before.tv_sec) * 1000 + \ | |
799 | ((long)tv_after.tv_usec - (long)tv_before.tv_usec) / 1000) << "real ms." | |
800 | ||
801 | // syntax errors, if any, are already printed | |
802 | if (s.verbose) | |
803 | { | |
a46f9abe FCE |
804 | string ws = s.winning_server; |
805 | if (ws == "") ws = "?"; | |
806 | clog << _("Passes: via server ") << ws << " " | |
85007c04 | 807 | << getmemusage() |
aa4d21c0 DB |
808 | << TIMESPRINT |
809 | << endl; | |
810 | } | |
a46f9abe FCE |
811 | if (rc) |
812 | { | |
813 | clog << _("Passes: via server failed. Try again with another '-v' option.") << endl; | |
814 | } | |
aa4d21c0 | 815 | |
85007c04 | 816 | if (rc == 0) |
f3fbabf2 | 817 | { |
85007c04 DB |
818 | // Save the module, if necessary. |
819 | if (s.last_pass == 4) | |
820 | s.save_module = true; | |
821 | ||
822 | // Copy module to the current directory. | |
823 | if (s.save_module && ! pending_interrupts) | |
824 | { | |
825 | string module_src_path = s.tmpdir + "/" + s.module_name + ".ko"; | |
826 | string module_dest_path = s.module_name + ".ko"; | |
827 | copy_file (module_src_path, module_dest_path, s.verbose > 1); | |
334df419 DB |
828 | // Also copy the module signature, it it exists. |
829 | module_src_path += ".sgn"; | |
830 | if (file_exists (module_src_path)) | |
831 | { | |
832 | module_dest_path += ".sgn"; | |
833 | copy_file(module_src_path, module_dest_path, s.verbose > 1); | |
834 | } | |
85007c04 | 835 | } |
f3fbabf2 DB |
836 | } |
837 | ||
0f5d597d | 838 | PROBE1(stap, client__end, &s); |
aa4d21c0 DB |
839 | |
840 | return rc; | |
841 | } | |
842 | ||
2fad97fd DB |
843 | // Initialize a client/server session. |
844 | int | |
845 | compile_server_client::initialize () | |
846 | { | |
847 | int rc = 0; | |
848 | ||
849 | // Initialize session state | |
850 | argc = 0; | |
851 | ||
c77af0d0 | 852 | // Private location for server certificates. |
aeb9cc10 | 853 | private_ssl_dbs.push_back (private_ssl_cert_db_path ()); |
2fad97fd | 854 | |
c77af0d0 DB |
855 | // Additional public location. |
856 | public_ssl_dbs.push_back (global_ssl_cert_db_path ()); | |
2fad97fd DB |
857 | |
858 | // Create a temporary directory to package things in. | |
859 | client_tmpdir = s.tmpdir + "/client"; | |
860 | rc = create_dir (client_tmpdir.c_str ()); | |
861 | if (rc != 0) | |
862 | { | |
863 | const char* e = strerror (errno); | |
aeb9cc10 | 864 | clog << _("ERROR: cannot create temporary directory (\"") |
2fad97fd DB |
865 | << client_tmpdir << "\"): " << e |
866 | << endl; | |
867 | } | |
868 | ||
869 | return rc; | |
870 | } | |
871 | ||
872 | // Create the request package. | |
873 | int | |
874 | compile_server_client::create_request () | |
875 | { | |
cc7c72cd | 876 | // Add the current protocol version. |
c89fe89c | 877 | int rc = write_to_file (client_tmpdir + "/version", CURRENT_CS_PROTOCOL_VERSION); |
cc7c72cd DB |
878 | if (rc != 0) |
879 | return rc; | |
2fad97fd DB |
880 | |
881 | // Add the script file or script option | |
882 | if (s.script_file != "") | |
883 | { | |
884 | if (s.script_file == "-") | |
885 | { | |
886 | // Copy the script from stdin | |
887 | string packaged_script_dir = client_tmpdir + "/script"; | |
888 | rc = create_dir (packaged_script_dir.c_str ()); | |
889 | if (rc != 0) | |
890 | { | |
891 | const char* e = strerror (errno); | |
aeb9cc10 | 892 | clog << _("ERROR: cannot create temporary directory ") |
2fad97fd DB |
893 | << packaged_script_dir << ": " << e |
894 | << endl; | |
895 | return rc; | |
896 | } | |
897 | rc = ! copy_file("/dev/stdin", packaged_script_dir + "/-"); | |
f3fbabf2 DB |
898 | if (rc != 0) |
899 | return rc; | |
2fad97fd DB |
900 | |
901 | // Name the script in the packaged arguments. | |
f3fbabf2 DB |
902 | rc = add_package_arg ("script/-"); |
903 | if (rc != 0) | |
904 | return rc; | |
2fad97fd DB |
905 | } |
906 | else | |
907 | { | |
908 | // Add the script to our package. This will also name the script | |
909 | // in the packaged arguments. | |
910 | rc = include_file_or_directory ("script", s.script_file); | |
f3fbabf2 DB |
911 | if (rc != 0) |
912 | return rc; | |
2fad97fd DB |
913 | } |
914 | } | |
915 | ||
916 | // Add -I paths. Skip the default directory. | |
917 | if (s.include_arg_start != -1) | |
918 | { | |
919 | unsigned limit = s.include_path.size (); | |
920 | for (unsigned i = s.include_arg_start; i < limit; ++i) | |
921 | { | |
f3fbabf2 DB |
922 | rc = add_package_arg ("-I"); |
923 | if (rc != 0) | |
924 | return rc; | |
925 | rc = include_file_or_directory ("tapset", s.include_path[i]); | |
926 | if (rc != 0) | |
927 | return rc; | |
2fad97fd DB |
928 | } |
929 | } | |
930 | ||
931 | // Add other options. | |
f3fbabf2 DB |
932 | rc = add_package_args (); |
933 | if (rc != 0) | |
934 | return rc; | |
2fad97fd DB |
935 | |
936 | // Add the sysinfo file | |
937 | string sysinfo = "sysinfo: " + s.kernel_release + " " + s.architecture; | |
f3fbabf2 | 938 | rc = write_to_file (client_tmpdir + "/sysinfo", sysinfo); |
e4e3d6b7 CM |
939 | if (rc != 0) |
940 | return rc; | |
941 | ||
942 | // Add localization data | |
943 | rc = add_localization_variables(); | |
2fad97fd DB |
944 | |
945 | return rc; | |
946 | } | |
947 | ||
948 | // Add the arguments specified on the command line to the server request | |
949 | // package, as appropriate. | |
f3fbabf2 | 950 | int |
2fad97fd DB |
951 | compile_server_client::add_package_args () |
952 | { | |
fd20a70c | 953 | // stap arguments to be passed to the server. |
f3fbabf2 | 954 | int rc = 0; |
2fad97fd DB |
955 | unsigned limit = s.server_args.size(); |
956 | for (unsigned i = 0; i < limit; ++i) | |
f3fbabf2 DB |
957 | { |
958 | rc = add_package_arg (s.server_args[i]); | |
959 | if (rc != 0) | |
960 | return rc; | |
961 | } | |
fd20a70c DB |
962 | |
963 | // Script arguments. | |
964 | limit = s.args.size(); | |
965 | if (limit > 0) { | |
966 | rc = add_package_arg ("--"); | |
967 | if (rc != 0) | |
968 | return rc; | |
969 | for (unsigned i = 0; i < limit; ++i) | |
970 | { | |
971 | rc = add_package_arg (s.args[i]); | |
972 | if (rc != 0) | |
973 | return rc; | |
974 | } | |
975 | } | |
f3fbabf2 | 976 | return rc; |
2fad97fd DB |
977 | } |
978 | ||
131f914e DB |
979 | int |
980 | compile_server_client::add_package_arg (const string &arg) | |
981 | { | |
982 | int rc = 0; | |
983 | ostringstream fname; | |
984 | fname << client_tmpdir << "/argv" << ++argc; | |
985 | write_to_file (fname.str (), arg); // NB: No terminating newline | |
986 | return rc; | |
987 | } | |
988 | ||
2fad97fd DB |
989 | // Symbolically link the given file or directory into the client's temp |
990 | // directory under the given subdirectory. | |
991 | int | |
992 | compile_server_client::include_file_or_directory ( | |
5b314cd0 | 993 | const string &subdir, const string &path |
2fad97fd DB |
994 | ) |
995 | { | |
62f9d949 DB |
996 | // Must predeclare these because we do use 'goto done' to |
997 | // exit from error situations. | |
2fad97fd | 998 | vector<string> components; |
62f9d949 DB |
999 | string name; |
1000 | int rc; | |
2fad97fd | 1001 | |
62f9d949 DB |
1002 | // Canonicalize the given path and remove the leading /. |
1003 | string rpath; | |
1004 | char *cpath = canonicalize_file_name (path.c_str ()); | |
2fad97fd DB |
1005 | if (! cpath) |
1006 | { | |
62f9d949 DB |
1007 | // It can not be canonicalized. Use the name relative to |
1008 | // the current working directory and let the server deal with it. | |
1009 | char cwd[PATH_MAX]; | |
1010 | if (getcwd (cwd, sizeof (cwd)) == NULL) | |
1011 | { | |
1012 | rpath = path; | |
1013 | rc = 1; | |
1014 | goto done; | |
1015 | } | |
1016 | rpath = string (cwd) + "/" + path; | |
2fad97fd | 1017 | } |
62f9d949 | 1018 | else |
2fad97fd | 1019 | { |
62f9d949 DB |
1020 | // It can be canonicalized. Use the canonicalized name and add this |
1021 | // file or directory to the request package. | |
1022 | rpath = cpath; | |
1023 | free (cpath); | |
1024 | ||
5b314cd0 DB |
1025 | // Including / would require special handling in the code below and |
1026 | // is a bad idea anyway. Let's not allow it. | |
1027 | if (rpath == "/") | |
1028 | { | |
1029 | if (rpath != path) | |
1030 | clog << _F("%s resolves to %s\n", path.c_str (), rpath.c_str ()); | |
1031 | clog << _F("Unable to send %s to the server\n", path.c_str ()); | |
1032 | return 1; | |
1033 | } | |
1034 | ||
62f9d949 DB |
1035 | // First create the requested subdirectory. |
1036 | name = client_tmpdir + "/" + subdir; | |
2fad97fd DB |
1037 | rc = create_dir (name.c_str ()); |
1038 | if (rc) goto done; | |
2fad97fd | 1039 | |
62f9d949 DB |
1040 | // Now create each component of the path within the sub directory. |
1041 | assert (rpath[0] == '/'); | |
1042 | tokenize (rpath.substr (1), components, "/"); | |
1043 | assert (components.size () >= 1); | |
1044 | unsigned i; | |
1045 | for (i = 0; i < components.size() - 1; ++i) | |
1046 | { | |
1047 | if (components[i].empty ()) | |
1048 | continue; // embedded '//' | |
1049 | name += "/" + components[i]; | |
1050 | rc = create_dir (name.c_str ()); | |
1051 | if (rc) goto done; | |
1052 | } | |
1053 | ||
1054 | // Now make a symbolic link to the actual file or directory. | |
1055 | assert (i == components.size () - 1); | |
1056 | name += "/" + components[i]; | |
1057 | rc = symlink (rpath.c_str (), name.c_str ()); | |
1058 | if (rc) goto done; | |
1059 | } | |
2fad97fd | 1060 | |
5b314cd0 | 1061 | // Name this file or directory in the packaged arguments. |
62f9d949 | 1062 | rc = add_package_arg (subdir + "/" + rpath.substr (1)); |
2fad97fd DB |
1063 | |
1064 | done: | |
2fad97fd DB |
1065 | if (rc != 0) |
1066 | { | |
1067 | const char* e = strerror (errno); | |
aeb9cc10 | 1068 | clog << "ERROR: unable to add " |
62f9d949 DB |
1069 | << rpath |
1070 | << " to temp directory as " | |
2fad97fd DB |
1071 | << name << ": " << e |
1072 | << endl; | |
1073 | } | |
2fad97fd DB |
1074 | return rc; |
1075 | } | |
1076 | ||
e4e3d6b7 CM |
1077 | // Add the localization variables to the server request |
1078 | // package. | |
1079 | int | |
1080 | compile_server_client::add_localization_variables() | |
1081 | { | |
1082 | int rc; | |
1083 | string envVar; | |
1084 | string fname; | |
1085 | ||
1086 | const set<string> &locVars = localization_variables(); | |
1087 | set<string>::iterator it; | |
1088 | ||
1089 | /* Note: We don't have to check for the contents of the environment | |
1090 | * variables here, since they will be checked extensively on the | |
1091 | * server. | |
1092 | */ | |
1093 | for (it = locVars.begin(); it != locVars.end(); it++) | |
1094 | { | |
1095 | char* var = getenv((*it).c_str()); | |
1096 | if (var) | |
1097 | envVar += *it + "=" + (string)var + "\n"; | |
1098 | } | |
1099 | fname = client_tmpdir + "/locale"; | |
1100 | rc = write_to_file(fname, envVar); | |
1101 | return rc; | |
1102 | } | |
1103 | ||
2fad97fd DB |
1104 | // Package the client's temp directory into a form suitable for sending to the |
1105 | // server. | |
1106 | int | |
1107 | compile_server_client::package_request () | |
1108 | { | |
1109 | // Package up the temporary directory into a zip file. | |
1110 | client_zipfile = client_tmpdir + ".zip"; | |
ff520ff4 JS |
1111 | string cmd = "cd " + cmdstr_quoted(client_tmpdir) + " && zip -qr " |
1112 | + cmdstr_quoted(client_zipfile) + " *"; | |
1113 | vector<string> sh_cmd; | |
1114 | sh_cmd.push_back("sh"); | |
1115 | sh_cmd.push_back("-c"); | |
1116 | sh_cmd.push_back(cmd); | |
1117 | int rc = stap_system (s.verbose, sh_cmd); | |
2fad97fd DB |
1118 | return rc; |
1119 | } | |
1120 | ||
1121 | int | |
1122 | compile_server_client::find_and_connect_to_server () | |
1123 | { | |
2e15a955 | 1124 | // Accumulate info on the specified servers. |
7543625d DB |
1125 | vector<compile_server_info> specified_servers; |
1126 | get_specified_server_info (s, specified_servers); | |
1127 | ||
1128 | // Examine the specified servers to make sure that each has been resolved | |
1129 | // with a host name, ip address and port. If not, try to obtain this | |
1130 | // information by examining online servers. | |
f85ea10a | 1131 | vector<compile_server_info> server_list = specified_servers; |
7543625d DB |
1132 | for (vector<compile_server_info>::const_iterator i = specified_servers.begin (); |
1133 | i != specified_servers.end (); | |
1134 | ++i) | |
1135 | { | |
1136 | // If we have an ip address and port number, then just use the one we've | |
1137 | // been given. Otherwise, check for matching online servers and try their | |
1138 | // ip addresses and ports. | |
1139 | if (! i->host_name.empty () && ! i->ip_address.empty () && i->port != 0) | |
1140 | add_server_info (*i, server_list); | |
1141 | else | |
1142 | { | |
1143 | // Obtain a list of online servers. | |
1144 | vector<compile_server_info> online_servers; | |
1145 | get_or_keep_online_server_info (s, online_servers, false/*keep*/); | |
1146 | ||
1147 | // If no specific server (port) has been specified, | |
1148 | // then we'll need the servers to be | |
1149 | // compatible and possible trusted as signers as well. | |
1150 | if (i->port == 0) | |
1151 | { | |
1152 | get_or_keep_compatible_server_info (s, online_servers, true/*keep*/); | |
1153 | if (s.unprivileged) | |
1154 | get_or_keep_signing_server_info (s, online_servers, true/*keep*/); | |
1155 | } | |
1156 | ||
1157 | // Keep the ones (if any) which match our server. | |
1158 | keep_common_server_info (*i, online_servers); | |
2fad97fd | 1159 | |
7543625d DB |
1160 | // Add these servers (if any) to the server list. |
1161 | add_server_info (online_servers, server_list); | |
1162 | } | |
1163 | } | |
c77af0d0 | 1164 | |
2e15a955 DB |
1165 | // Did we identify any potential servers? |
1166 | unsigned limit = server_list.size (); | |
1167 | if (limit == 0) | |
2fad97fd | 1168 | { |
a46f9abe | 1169 | clog << _("Unable to find a compile server.") << endl; |
2e15a955 DB |
1170 | return 1; |
1171 | } | |
1f9938b9 | 1172 | |
1d1e2086 DB |
1173 | // Sort the list of servers into a preferred order. |
1174 | preferred_order (server_list); | |
1175 | ||
2e15a955 | 1176 | // Now try each of the identified servers in turn. |
7543625d | 1177 | int rc = compile_using_server (server_list); |
aeb9cc10 | 1178 | if (rc == SUCCESS) |
7543625d | 1179 | return 0; // success! |
2fad97fd | 1180 | |
aeb9cc10 DB |
1181 | // If the error was that a server's cert was expired, try again. This is because the server |
1182 | // should generate a new cert which may be automatically trusted by us if it is our server. | |
1183 | // Give the server a chance to do this before retrying. | |
1184 | if (rc == SERVER_CERT_EXPIRED_ERROR) | |
1185 | { | |
1186 | if (s.verbose > 1) | |
1187 | clog << _("A server's certificate was expired. Trying again") << endl << flush; | |
1188 | sleep (2); | |
1189 | rc = compile_using_server (server_list); | |
1190 | if (rc == SUCCESS) | |
1191 | return 0; // success! | |
1192 | } | |
1193 | ||
1194 | // We were unable to use any available server | |
a46f9abe | 1195 | clog << _("Unable to connect to a server.") << endl; |
aeb9cc10 | 1196 | return 1; // Failure |
2fad97fd | 1197 | } |
7543625d | 1198 | |
2fad97fd | 1199 | int |
7543625d DB |
1200 | compile_server_client::compile_using_server ( |
1201 | const vector<compile_server_info> &servers | |
1202 | ) | |
2fad97fd | 1203 | { |
d389518f | 1204 | // Make sure NSPR is initialized. Must be done before NSS is initialized |
b0e5fa85 DB |
1205 | s.NSPR_init (); |
1206 | ||
1f9938b9 | 1207 | // Attempt connection using each of the available client certificate |
ed1719be DB |
1208 | // databases. Assume the server certificate is invalid until proven otherwise. |
1209 | PR_SetError (SEC_ERROR_CA_CERT_INVALID, 0); | |
2fad97fd DB |
1210 | vector<string> dbs = private_ssl_dbs; |
1211 | vector<string>::iterator i = dbs.end(); | |
1212 | dbs.insert (i, public_ssl_dbs.begin (), public_ssl_dbs.end ()); | |
aeb9cc10 DB |
1213 | int rc = GENERAL_ERROR; // assume failure |
1214 | bool serverCertExpired = false; | |
2fad97fd DB |
1215 | for (i = dbs.begin (); i != dbs.end (); ++i) |
1216 | { | |
ed1719be DB |
1217 | // Make sure the database directory exists. It is not an error if it |
1218 | // doesn't. | |
1219 | if (! file_exists (*i)) | |
1220 | continue; | |
2fad97fd | 1221 | |
f3fbabf2 DB |
1222 | #if 0 // no client authentication for now. |
1223 | // Set our password function callback. | |
2fad97fd DB |
1224 | PK11_SetPasswordFunc (myPasswd); |
1225 | #endif | |
1226 | ||
f3fbabf2 | 1227 | // Initialize the NSS libraries. |
7543625d | 1228 | const char *cert_dir = i->c_str (); |
aeb9cc10 | 1229 | SECStatus secStatus = nssInit (cert_dir); |
2fad97fd DB |
1230 | if (secStatus != SECSuccess) |
1231 | { | |
aeb9cc10 DB |
1232 | // Message already issued. |
1233 | continue; // try next database | |
2fad97fd DB |
1234 | } |
1235 | ||
aeb9cc10 DB |
1236 | // Enable cipher suites which are allowed by U.S. export regulations. |
1237 | // SSL_ClearSessionCache is required for the new settings to take effect. | |
1238 | secStatus = NSS_SetExportPolicy (); | |
1239 | SSL_ClearSessionCache (); | |
1240 | if (secStatus != SECSuccess) | |
1241 | { | |
1242 | clog << _("Unable to set NSS export policy"); | |
1243 | nssError (); | |
1244 | nssCleanup (cert_dir); | |
1245 | continue; // try next database | |
1246 | } | |
1247 | ||
2fad97fd | 1248 | server_zipfile = s.tmpdir + "/server.zip"; |
7543625d DB |
1249 | |
1250 | // Try each server in turn. | |
1251 | for (vector<compile_server_info>::const_iterator j = servers.begin (); | |
1252 | j != servers.end (); | |
1253 | ++j) | |
1254 | { | |
1255 | if (s.verbose > 1) | |
58a834b1 LB |
1256 | clog << _F("Attempting SSL connection with %s\n" |
1257 | " using certificates from the database in %s\n", | |
1258 | lex_cast(*j).c_str(), cert_dir); | |
7543625d | 1259 | |
f85ea10a DB |
1260 | // The host name defaults to the ip address, if not specified. |
1261 | string hostName; | |
1262 | if (j->host_name.empty ()) | |
1263 | { | |
1264 | assert (! j->ip_address.empty ()); | |
1265 | hostName = j->ip_address; | |
1266 | } | |
1267 | else | |
1268 | hostName = j->host_name; | |
1269 | ||
840e5073 | 1270 | rc = client_connect (hostName.c_str (), |
aeb9cc10 DB |
1271 | stringToIpAddress (j->ip_address), |
1272 | j->port, | |
1273 | client_zipfile.c_str(), server_zipfile.c_str (), | |
1274 | NULL/*trustNewServer_p*/); | |
1275 | if (rc == SUCCESS) | |
7543625d DB |
1276 | { |
1277 | s.winning_server = | |
f85ea10a | 1278 | hostName + string(" [") + |
7543625d DB |
1279 | j->ip_address + string(":") + |
1280 | lex_cast(j->port) + string("]"); | |
1281 | break; // Success! | |
1282 | } | |
d7cec9ad | 1283 | |
aeb9cc10 DB |
1284 | // Server cert has expired. Try other servers and/or databases, but take note because |
1285 | // server should generate a new certificate. If no other servers succeed, we'll try again | |
1286 | // in case the new cert works. | |
1287 | if (rc == SERVER_CERT_EXPIRED_ERROR) | |
1288 | { | |
1289 | serverCertExpired = true; | |
1290 | continue; | |
1291 | } | |
1292 | ||
d7cec9ad DB |
1293 | if (s.verbose > 1) |
1294 | { | |
58a834b1 | 1295 | clog << _(" Unable to connect: "); |
d7cec9ad DB |
1296 | nssError (); |
1297 | } | |
7543625d | 1298 | } |
2e46c01a | 1299 | |
aeb9cc10 DB |
1300 | // SSL_ClearSessionCache is required before shutdown for client applications. |
1301 | SSL_ClearSessionCache (); | |
1302 | nssCleanup (cert_dir); | |
2fad97fd | 1303 | |
ed1719be | 1304 | if (rc == SECSuccess) |
b0e5fa85 | 1305 | break; // Success! |
2fad97fd DB |
1306 | } |
1307 | ||
aeb9cc10 DB |
1308 | // Indicate whether a server cert was expired, so we can try again, if desired. |
1309 | if (rc != SUCCESS) | |
1310 | { | |
1311 | if (serverCertExpired) | |
1312 | rc = SERVER_CERT_EXPIRED_ERROR; | |
1313 | } | |
ed1719be | 1314 | |
b0e5fa85 | 1315 | return rc; |
2fad97fd DB |
1316 | } |
1317 | ||
1318 | int | |
1319 | compile_server_client::unpack_response () | |
1320 | { | |
f3fbabf2 | 1321 | // Unzip the response package. |
2fad97fd | 1322 | server_tmpdir = s.tmpdir + "/server"; |
18babaa9 JS |
1323 | vector<string> cmd; |
1324 | cmd.push_back("unzip"); | |
1325 | cmd.push_back("-qd"); | |
1326 | cmd.push_back(server_tmpdir); | |
1327 | cmd.push_back(server_zipfile); | |
2fad97fd | 1328 | int rc = stap_system (s.verbose, cmd); |
f3fbabf2 DB |
1329 | if (rc != 0) |
1330 | { | |
aeb9cc10 | 1331 | clog << _F("Unable to unzip the server response '%s'\n", server_zipfile.c_str()); |
cc7c72cd | 1332 | return rc; |
f3fbabf2 | 1333 | } |
2fad97fd | 1334 | |
cc7c72cd | 1335 | // Determine the server protocol version. |
cc7c72cd DB |
1336 | string filename = server_tmpdir + "/version"; |
1337 | if (file_exists (filename)) | |
c89fe89c | 1338 | ::read_from_file (filename, server_version); |
cc7c72cd | 1339 | |
c89fe89c | 1340 | // Warn about the shortcomings of this server, if it is down level. |
71a522b5 | 1341 | show_server_compatibility (); |
cc7c72cd | 1342 | |
2fad97fd DB |
1343 | // If the server's response contains a systemtap temp directory, move |
1344 | // its contents to our temp directory. | |
1345 | glob_t globbuf; | |
1346 | string filespec = server_tmpdir + "/stap??????"; | |
1f9938b9 | 1347 | if (s.verbose > 2) |
58a834b1 | 1348 | clog << _F("Searching \"%s\"\n", filespec.c_str()); |
2fad97fd DB |
1349 | int r = glob(filespec.c_str (), 0, NULL, & globbuf); |
1350 | if (r != GLOB_NOSPACE && r != GLOB_ABORTED && r != GLOB_NOMATCH) | |
1351 | { | |
1352 | if (globbuf.gl_pathc > 1) | |
1353 | { | |
aeb9cc10 | 1354 | clog << _("Incorrect number of files in server response") << endl; |
cc7c72cd DB |
1355 | rc = 1; |
1356 | goto done; | |
2fad97fd DB |
1357 | } |
1358 | ||
1359 | assert (globbuf.gl_pathc == 1); | |
1360 | string dirname = globbuf.gl_pathv[0]; | |
1f9938b9 | 1361 | if (s.verbose > 2) |
58a834b1 | 1362 | clog << _(" found ") << dirname << endl; |
2fad97fd DB |
1363 | |
1364 | filespec = dirname + "/*"; | |
1f9938b9 | 1365 | if (s.verbose > 2) |
58a834b1 | 1366 | clog << _F("Searching \"%s\"\n", filespec.c_str()); |
2fad97fd DB |
1367 | int r = glob(filespec.c_str (), GLOB_PERIOD, NULL, & globbuf); |
1368 | if (r != GLOB_NOSPACE && r != GLOB_ABORTED && r != GLOB_NOMATCH) | |
1369 | { | |
2fad97fd DB |
1370 | unsigned prefix_len = dirname.size () + 1; |
1371 | for (unsigned i = 0; i < globbuf.gl_pathc; ++i) | |
1372 | { | |
1373 | string oldname = globbuf.gl_pathv[i]; | |
1374 | if (oldname.substr (oldname.size () - 2) == "/." || | |
1375 | oldname.substr (oldname.size () - 3) == "/..") | |
1376 | continue; | |
1377 | string newname = s.tmpdir + "/" + oldname.substr (prefix_len); | |
1f9938b9 | 1378 | if (s.verbose > 2) |
58a834b1 | 1379 | clog << _F(" found %s -- linking from %s", oldname.c_str(), newname.c_str()); |
f3fbabf2 DB |
1380 | rc = symlink (oldname.c_str (), newname.c_str ()); |
1381 | if (rc != 0) | |
1382 | { | |
aeb9cc10 | 1383 | clog << _F("Unable to link '%s' to '%s':%s\n", |
cc7c72cd | 1384 | oldname.c_str(), newname.c_str(), strerror(errno)); |
f3fbabf2 DB |
1385 | goto done; |
1386 | } | |
2fad97fd DB |
1387 | } |
1388 | } | |
1389 | } | |
1390 | ||
c89fe89c | 1391 | // If the server version is less that 1.6, remove the output line due to the synthetic |
cc7c72cd DB |
1392 | // server-side -k. Look for a message containing the name of the temporary directory. |
1393 | // We can look for the English message since server versions before 1.1 do not support | |
1394 | // localization. | |
c89fe89c | 1395 | if (server_version < "1.6") |
cc7c72cd DB |
1396 | { |
1397 | cmd.clear(); | |
1398 | cmd.push_back("sed"); | |
1399 | cmd.push_back("-i"); | |
1400 | cmd.push_back("/^Keeping temporary directory.*/ d"); | |
1401 | cmd.push_back(server_tmpdir + "/stderr"); | |
1402 | stap_system (s.verbose, cmd); | |
1403 | } | |
1404 | ||
1405 | // Remove the output line due to the synthetic server-side -p4 | |
18babaa9 JS |
1406 | cmd.clear(); |
1407 | cmd.push_back("sed"); | |
1408 | cmd.push_back("-i"); | |
18babaa9 JS |
1409 | cmd.push_back("/^.*\\.ko$/ d"); |
1410 | cmd.push_back(server_tmpdir + "/stdout"); | |
f3fbabf2 | 1411 | stap_system (s.verbose, cmd); |
2fad97fd | 1412 | |
2fad97fd DB |
1413 | done: |
1414 | globfree (& globbuf); | |
1415 | return rc; | |
1416 | } | |
1417 | ||
1418 | int | |
1419 | compile_server_client::process_response () | |
1420 | { | |
1421 | // Pick up the results of running stap on the server. | |
2fad97fd | 1422 | string filename = server_tmpdir + "/rc"; |
f3fbabf2 DB |
1423 | int stap_rc; |
1424 | int rc = read_from_file (filename, stap_rc); | |
1425 | if (rc != 0) | |
1426 | return rc; | |
85007c04 | 1427 | rc = stap_rc; |
2fad97fd | 1428 | |
2fad97fd DB |
1429 | if (s.last_pass >= 4) |
1430 | { | |
1431 | // The server should have returned a module. | |
1432 | string filespec = s.tmpdir + "/*.ko"; | |
1f9938b9 | 1433 | if (s.verbose > 2) |
58a834b1 | 1434 | clog << _F("Searching \"%s\"\n", filespec.c_str()); |
f3fbabf2 DB |
1435 | |
1436 | glob_t globbuf; | |
2fad97fd DB |
1437 | int r = glob(filespec.c_str (), 0, NULL, & globbuf); |
1438 | if (r != GLOB_NOSPACE && r != GLOB_ABORTED && r != GLOB_NOMATCH) | |
1439 | { | |
1440 | if (globbuf.gl_pathc > 1) | |
aeb9cc10 | 1441 | clog << _("Incorrect number of modules in server response") << endl; |
f3fbabf2 | 1442 | else |
2fad97fd | 1443 | { |
f3fbabf2 DB |
1444 | assert (globbuf.gl_pathc == 1); |
1445 | string modname = globbuf.gl_pathv[0]; | |
1f9938b9 | 1446 | if (s.verbose > 2) |
58a834b1 | 1447 | clog << _(" found ") << modname << endl; |
f3fbabf2 DB |
1448 | |
1449 | // If a module name was not specified by the user, then set it to | |
1450 | // be the one generated by the server. | |
1451 | if (! s.save_module) | |
1452 | { | |
1453 | vector<string> components; | |
1454 | tokenize (modname, components, "/"); | |
1455 | s.module_name = components.back (); | |
1456 | s.module_name.erase(s.module_name.size() - 3); | |
1457 | } | |
474d17ad DB |
1458 | |
1459 | // If a uprobes.ko module was returned, then make note of it. | |
71a522b5 DB |
1460 | string uprobes_ko; |
1461 | if (server_version < "1.6") | |
1462 | uprobes_ko = s.tmpdir + "/server/uprobes.ko"; | |
1463 | else | |
1464 | uprobes_ko = s.tmpdir + "/uprobes/uprobes.ko"; | |
1465 | ||
1466 | if (file_exists (uprobes_ko)) | |
474d17ad DB |
1467 | { |
1468 | s.need_uprobes = true; | |
71a522b5 | 1469 | s.uprobes_path = uprobes_ko; |
474d17ad | 1470 | } |
2fad97fd DB |
1471 | } |
1472 | } | |
1473 | else if (s.have_script) | |
1474 | { | |
85007c04 | 1475 | if (rc == 0) |
2fad97fd | 1476 | { |
a46f9abe | 1477 | clog << _("No module was returned by the server.") << endl; |
85007c04 | 1478 | rc = 1; |
2fad97fd DB |
1479 | } |
1480 | } | |
f3fbabf2 | 1481 | globfree (& globbuf); |
2fad97fd DB |
1482 | } |
1483 | ||
f3fbabf2 | 1484 | // Output stdout and stderr. |
2fad97fd | 1485 | filename = server_tmpdir + "/stderr"; |
aeb9cc10 | 1486 | flush_to_stream (filename, clog); |
2fad97fd DB |
1487 | |
1488 | filename = server_tmpdir + "/stdout"; | |
f3fbabf2 DB |
1489 | flush_to_stream (filename, cout); |
1490 | ||
1491 | return rc; | |
1492 | } | |
1493 | ||
1494 | int | |
1495 | compile_server_client::read_from_file (const string &fname, int &data) | |
1496 | { | |
131f914e DB |
1497 | // C++ streams may not set errno in the even of a failure. However if we |
1498 | // set it to 0 before each operation and it gets set during the operation, | |
1499 | // then we can use its value in order to determine what happened. | |
1500 | errno = 0; | |
1501 | ifstream f (fname.c_str ()); | |
1502 | if (! f.good ()) | |
f3fbabf2 | 1503 | { |
aeb9cc10 | 1504 | clog << _F("Unable to open file '%s' for reading: ", fname.c_str()); |
131f914e | 1505 | goto error; |
f3fbabf2 DB |
1506 | } |
1507 | ||
131f914e DB |
1508 | // Read the data; |
1509 | errno = 0; | |
1510 | f >> data; | |
1511 | if (f.fail ()) | |
f3fbabf2 | 1512 | { |
aeb9cc10 | 1513 | clog << _F("Unable to read from file '%s': ", fname.c_str()); |
131f914e | 1514 | goto error; |
f3fbabf2 DB |
1515 | } |
1516 | ||
920be590 | 1517 | // NB: not necessary to f.close (); |
131f914e DB |
1518 | return 0; // Success |
1519 | ||
1520 | error: | |
1521 | if (errno) | |
aeb9cc10 | 1522 | clog << strerror (errno) << endl; |
131f914e | 1523 | else |
aeb9cc10 | 1524 | clog << _("unknown error") << endl; |
131f914e | 1525 | return 1; // Failure |
f3fbabf2 DB |
1526 | } |
1527 | ||
cc7c72cd | 1528 | template <class T> |
f3fbabf2 | 1529 | int |
cc7c72cd | 1530 | compile_server_client::write_to_file (const string &fname, const T &data) |
f3fbabf2 | 1531 | { |
131f914e DB |
1532 | // C++ streams may not set errno in the even of a failure. However if we |
1533 | // set it to 0 before each operation and it gets set during the operation, | |
1534 | // then we can use its value in order to determine what happened. | |
1535 | errno = 0; | |
1536 | ofstream f (fname.c_str ()); | |
1537 | if (! f.good ()) | |
f3fbabf2 | 1538 | { |
aeb9cc10 | 1539 | clog << _F("Unable to open file '%s' for writing: ", fname.c_str()); |
131f914e | 1540 | goto error; |
f3fbabf2 DB |
1541 | } |
1542 | ||
131f914e DB |
1543 | // Write the data; |
1544 | f << data; | |
1545 | errno = 0; | |
1546 | if (f.fail ()) | |
f3fbabf2 | 1547 | { |
aeb9cc10 | 1548 | clog << _F("Unable to write to file '%s': ", fname.c_str()); |
131f914e | 1549 | goto error; |
f3fbabf2 DB |
1550 | } |
1551 | ||
920be590 | 1552 | // NB: not necessary to f.close (); |
131f914e DB |
1553 | return 0; // Success |
1554 | ||
1555 | error: | |
1556 | if (errno) | |
aeb9cc10 | 1557 | clog << strerror (errno) << endl; |
131f914e | 1558 | else |
aeb9cc10 | 1559 | clog << _("unknown error") << endl; |
131f914e | 1560 | return 1; // Failure |
f3fbabf2 DB |
1561 | } |
1562 | ||
1563 | int | |
1564 | compile_server_client::flush_to_stream (const string &fname, ostream &o) | |
1565 | { | |
131f914e DB |
1566 | // C++ streams may not set errno in the even of a failure. However if we |
1567 | // set it to 0 before each operation and it gets set during the operation, | |
1568 | // then we can use its value in order to determine what happened. | |
1569 | errno = 0; | |
1570 | ifstream f (fname.c_str ()); | |
1571 | if (! f.good ()) | |
f3fbabf2 | 1572 | { |
aeb9cc10 | 1573 | clog << _F("Unable to open file '%s' for reading: ", fname.c_str()); |
131f914e | 1574 | goto error; |
f3fbabf2 DB |
1575 | } |
1576 | ||
131f914e | 1577 | // Stream the data |
920be590 FCE |
1578 | |
1579 | // NB: o << f.rdbuf() misbehaves for some reason, appearing to close o, | |
aeb9cc10 | 1580 | // which is unfortunate if o == clog or cout. |
920be590 | 1581 | while (1) |
f3fbabf2 | 1582 | { |
920be590 FCE |
1583 | errno = 0; |
1584 | int c = f.get(); | |
1585 | if (f.eof ()) return 0; // normal exit | |
1586 | if (! f.good()) break; | |
1587 | o.put(c); | |
1588 | if (! o.good()) break; | |
f3fbabf2 | 1589 | } |
2fad97fd | 1590 | |
920be590 | 1591 | // NB: not necessary to f.close (); |
131f914e DB |
1592 | |
1593 | error: | |
1594 | if (errno) | |
aeb9cc10 | 1595 | clog << strerror (errno) << endl; |
131f914e | 1596 | else |
aeb9cc10 | 1597 | clog << _("unknown error") << endl; |
131f914e | 1598 | return 1; // Failure |
2fad97fd | 1599 | } |
cc7c72cd DB |
1600 | |
1601 | void | |
71a522b5 | 1602 | compile_server_client::show_server_compatibility () const |
cc7c72cd | 1603 | { |
c89fe89c DB |
1604 | // Locale sensitivity was added in version 1.6 |
1605 | if (server_version < "1.6") | |
cc7c72cd | 1606 | { |
c89fe89c | 1607 | clog << _F("Server protocol version is %s\n", server_version.v); |
cc7c72cd DB |
1608 | clog << _("The server does not use localization information passed by the client\n"); |
1609 | } | |
1610 | } | |
1611 | ||
48e74294 DB |
1612 | // Issue a status message for when a server's trust is already in place. |
1613 | static void | |
1614 | trust_already_in_place ( | |
1615 | const compile_server_info &server, | |
1616 | const vector<compile_server_info> &server_list, | |
1617 | const string cert_db_path, | |
1618 | bool revoking | |
1619 | ) | |
85007c04 | 1620 | { |
48e74294 DB |
1621 | // What level of trust? |
1622 | string purpose; | |
1623 | if (cert_db_path == signing_cert_db_path ()) | |
1624 | purpose = _("as a module signer for all users"); | |
0d1534e8 | 1625 | else |
48e74294 DB |
1626 | { |
1627 | purpose = _("as an SSL peer"); | |
1628 | if (cert_db_path == global_ssl_cert_db_path ()) | |
1629 | purpose += _(" for all users"); | |
1630 | else | |
1631 | purpose += _(" for the current user"); | |
1632 | } | |
85007c04 | 1633 | |
48e74294 DB |
1634 | // Issue a message for each server in the list with the same certificate. |
1635 | unsigned limit = server_list.size (); | |
85007c04 DB |
1636 | for (unsigned i = 0; i < limit; ++i) |
1637 | { | |
48e74294 | 1638 | if (server.certinfo != server_list[i].certinfo) |
0d1534e8 | 1639 | continue; |
48e74294 DB |
1640 | clog << server_list[i] << _(" is already "); |
1641 | if (revoking) | |
1642 | clog << _("untrusted ") << purpose << endl; | |
85007c04 | 1643 | else |
48e74294 | 1644 | clog << _("trusted ") << purpose << endl; |
85007c04 | 1645 | } |
2e15a955 DB |
1646 | } |
1647 | ||
48e74294 | 1648 | // Add the given servers to the given database of trusted servers. |
b0e5fa85 | 1649 | static void |
48e74294 DB |
1650 | add_server_trust ( |
1651 | systemtap_session &s, | |
1652 | const string &cert_db_path, | |
1653 | const vector<compile_server_info> &server_list | |
1654 | ) | |
2e15a955 | 1655 | { |
48e74294 DB |
1656 | // Get a list of servers already trusted. This opens the database, so do it |
1657 | // before we open it for our own purposes. | |
1658 | vector<compile_server_info> already_trusted; | |
1659 | get_server_info_from_db (s, already_trusted, cert_db_path); | |
2e15a955 | 1660 | |
48e74294 DB |
1661 | // Make sure the given path exists. |
1662 | if (create_dir (cert_db_path.c_str (), 0755) != 0) | |
1663 | { | |
1664 | clog << _F("Unable to find or create the client certificate database directory %s: ", cert_db_path.c_str()); | |
1665 | perror (""); | |
1666 | return; | |
1667 | } | |
2e15a955 | 1668 | |
48e74294 DB |
1669 | // Must predeclare this because of jumps to cleanup: below. |
1670 | vector<string> processed_certs; | |
7543625d | 1671 | |
d389518f DB |
1672 | // Make sure NSPR is initialized. Must be done before NSS is initialized |
1673 | s.NSPR_init (); | |
1674 | ||
c77af0d0 | 1675 | // Initialize the NSS libraries -- read/write |
aeb9cc10 | 1676 | SECStatus secStatus = nssInit (cert_db_path.c_str (), 1/*readwrite*/); |
c77af0d0 DB |
1677 | if (secStatus != SECSuccess) |
1678 | { | |
aeb9cc10 | 1679 | // Message already issued. |
c77af0d0 DB |
1680 | goto cleanup; |
1681 | } | |
1682 | ||
aeb9cc10 DB |
1683 | // Enable cipher suites which are allowed by U.S. export regulations. |
1684 | // SSL_ClearSessionCache is required for the new settings to take effect. | |
1685 | secStatus = NSS_SetExportPolicy (); | |
1686 | SSL_ClearSessionCache (); | |
1687 | if (secStatus != SECSuccess) | |
1688 | { | |
1689 | clog << _("Unable to set NSS export policy"); | |
1690 | nssError (); | |
1691 | goto cleanup; | |
1692 | } | |
1693 | ||
c77af0d0 DB |
1694 | // Iterate over the servers to become trusted. Contact each one and |
1695 | // add it to the list of trusted servers if it is not already trusted. | |
840e5073 | 1696 | // client_connect will issue any error messages. |
c77af0d0 DB |
1697 | for (vector<compile_server_info>::const_iterator server = server_list.begin(); |
1698 | server != server_list.end (); | |
1699 | ++server) | |
1700 | { | |
7543625d DB |
1701 | // Trust is based on certificates. We need only add trust in the |
1702 | // same certificate once. | |
1703 | if (find (processed_certs.begin (), processed_certs.end (), | |
1704 | server->certinfo) != processed_certs.end ()) | |
1705 | continue; | |
1706 | processed_certs.push_back (server->certinfo); | |
1707 | ||
1708 | // We need not contact the server if it is already trusted. | |
1709 | if (find (already_trusted.begin (), already_trusted.end (), *server) != | |
1710 | already_trusted.end ()) | |
1711 | { | |
1712 | if (s.verbose > 1) | |
1713 | trust_already_in_place (*server, server_list, cert_db_path, false/*revoking*/); | |
1714 | continue; | |
1715 | } | |
d7cec9ad DB |
1716 | // At a minimum we need a host name or ip_address along with a port |
1717 | // number in order to contact the server. | |
1718 | if (server->empty () || server->port == 0) | |
1719 | continue; | |
840e5073 | 1720 | int rc = client_connect (server->host_name.c_str (), |
aeb9cc10 DB |
1721 | stringToIpAddress (server->ip_address), |
1722 | server->port, | |
1723 | NULL, NULL, "permanent"); | |
1724 | if (rc != SUCCESS) | |
7543625d | 1725 | { |
aeb9cc10 | 1726 | clog << _F("Unable to connect to %s", lex_cast(*server).c_str()) << endl; |
7543625d DB |
1727 | nssError (); |
1728 | } | |
c77af0d0 DB |
1729 | } |
1730 | ||
1731 | cleanup: | |
1a7f7b3f | 1732 | // Shutdown NSS. |
aeb9cc10 DB |
1733 | // SSL_ClearSessionCache is required before shutdown for client applications. |
1734 | SSL_ClearSessionCache (); | |
1735 | nssCleanup (cert_db_path.c_str ()); | |
1a7f7b3f DB |
1736 | |
1737 | // Make sure the database files are readable. | |
1738 | glob_t globbuf; | |
1739 | string filespec = cert_db_path + "/*.db"; | |
1740 | if (s.verbose > 2) | |
58a834b1 | 1741 | clog << _F("Searching \"%s\"\n", filespec.c_str()); |
1a7f7b3f DB |
1742 | int r = glob (filespec.c_str (), 0, NULL, & globbuf); |
1743 | if (r != GLOB_NOSPACE && r != GLOB_ABORTED && r != GLOB_NOMATCH) | |
1744 | { | |
1745 | for (unsigned i = 0; i < globbuf.gl_pathc; ++i) | |
1746 | { | |
1747 | string filename = globbuf.gl_pathv[i]; | |
1748 | if (s.verbose > 2) | |
58a834b1 | 1749 | clog << _(" found ") << filename << endl; |
1a7f7b3f DB |
1750 | |
1751 | if (chmod (filename.c_str (), 0644) != 0) | |
1752 | { | |
aeb9cc10 | 1753 | clog << _F("Warning: Unable to change permissions on %s: ", filename.c_str()); |
1a7f7b3f DB |
1754 | perror (""); |
1755 | } | |
1756 | } | |
1757 | } | |
c77af0d0 DB |
1758 | } |
1759 | ||
1760 | // Remove the given servers from the given database of trusted servers. | |
b0e5fa85 | 1761 | static void |
c77af0d0 DB |
1762 | revoke_server_trust ( |
1763 | systemtap_session &s, | |
1764 | const string &cert_db_path, | |
1765 | const vector<compile_server_info> &server_list | |
1766 | ) | |
1767 | { | |
c77af0d0 DB |
1768 | // Make sure the given path exists. |
1769 | if (! file_exists (cert_db_path)) | |
1770 | { | |
1771 | if (s.verbose > 1) | |
aeb9cc10 | 1772 | clog << _F("Certificate database '%s' does not exist", |
58a834b1 | 1773 | cert_db_path.c_str()) << endl; |
7543625d | 1774 | if (s.verbose) |
c77af0d0 | 1775 | { |
7543625d DB |
1776 | for (vector<compile_server_info>::const_iterator server = server_list.begin(); |
1777 | server != server_list.end (); | |
1778 | ++server) | |
1779 | trust_already_in_place (*server, server_list, cert_db_path, true/*revoking*/); | |
c77af0d0 DB |
1780 | } |
1781 | return; | |
1782 | } | |
1783 | ||
1784 | // Must predeclare these because of jumps to cleanup: below. | |
c77af0d0 DB |
1785 | CERTCertDBHandle *handle; |
1786 | PRArenaPool *tmpArena = NULL; | |
1787 | CERTCertList *certs = NULL; | |
1788 | CERTCertificate *db_cert; | |
7543625d | 1789 | vector<string> processed_certs; |
aeb9cc10 | 1790 | const char *nickname; |
c77af0d0 | 1791 | |
d389518f DB |
1792 | // Make sure NSPR is initialized. Must be done before NSS is initialized |
1793 | s.NSPR_init (); | |
1794 | ||
c77af0d0 | 1795 | // Initialize the NSS libraries -- read/write |
aeb9cc10 | 1796 | SECStatus secStatus = nssInit (cert_db_path.c_str (), 1/*readwrite*/); |
c77af0d0 DB |
1797 | if (secStatus != SECSuccess) |
1798 | { | |
aeb9cc10 | 1799 | // Message already issued |
c77af0d0 DB |
1800 | goto cleanup; |
1801 | } | |
c77af0d0 DB |
1802 | handle = CERT_GetDefaultCertDB(); |
1803 | ||
1804 | // A memory pool to work in | |
1805 | tmpArena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); | |
1806 | if (! tmpArena) | |
1807 | { | |
aeb9cc10 | 1808 | clog << _("Out of memory:"); |
c77af0d0 DB |
1809 | nssError (); |
1810 | goto cleanup; | |
1811 | } | |
1812 | ||
1813 | // Iterate over the servers to become untrusted. | |
aeb9cc10 | 1814 | nickname = server_cert_nickname (); |
c77af0d0 DB |
1815 | for (vector<compile_server_info>::const_iterator server = server_list.begin(); |
1816 | server != server_list.end (); | |
1817 | ++server) | |
1818 | { | |
1819 | // If the server's certificate serial number is unknown, then we can't | |
1820 | // match it with one in the database. | |
d7cec9ad DB |
1821 | if (server->certinfo.empty ()) |
1822 | continue; | |
7543625d DB |
1823 | |
1824 | // Trust is based on certificates. We need only revoke trust in the same | |
1825 | // certificate once. | |
1826 | if (find (processed_certs.begin (), processed_certs.end (), | |
1827 | server->certinfo) != processed_certs.end ()) | |
1828 | continue; | |
1829 | processed_certs.push_back (server->certinfo); | |
c77af0d0 DB |
1830 | |
1831 | // Search the client-side database of trusted servers. | |
aeb9cc10 | 1832 | db_cert = PK11_FindCertFromNickname (nickname, NULL); |
c77af0d0 DB |
1833 | if (! db_cert) |
1834 | { | |
1835 | // No trusted servers. Not an error, but issue a status message. | |
7543625d DB |
1836 | if (s.verbose) |
1837 | trust_already_in_place (*server, server_list, cert_db_path, true/*revoking*/); | |
c77af0d0 DB |
1838 | continue; |
1839 | } | |
1840 | ||
1841 | // Here, we have one cert with the desired nickname. | |
1842 | // Now, we will attempt to get a list of ALL certs | |
1843 | // with the same subject name as the cert we have. That list | |
1844 | // should contain, at a minimum, the one cert we have already found. | |
1845 | // If the list of certs is empty (NULL), the libraries have failed. | |
1846 | certs = CERT_CreateSubjectCertList (NULL, handle, & db_cert->derSubject, | |
1847 | PR_Now (), PR_FALSE); | |
1848 | CERT_DestroyCertificate (db_cert); | |
1849 | if (! certs) | |
1850 | { | |
aeb9cc10 | 1851 | clog << _F("Unable to query certificate database %s: ", |
58a834b1 | 1852 | cert_db_path.c_str()) << endl; |
c77af0d0 DB |
1853 | PORT_SetError (SEC_ERROR_LIBRARY_FAILURE); |
1854 | nssError (); | |
1855 | goto cleanup; | |
1856 | } | |
1857 | ||
48e74294 DB |
1858 | // Find the certificate matching the one belonging to our server. |
1859 | CERTCertListNode *node; | |
1860 | for (node = CERT_LIST_HEAD (certs); | |
1861 | ! CERT_LIST_END (node, certs); | |
1862 | node = CERT_LIST_NEXT (node)) | |
1863 | { | |
1864 | // The certificate we're working with. | |
1865 | db_cert = node->cert; | |
1866 | ||
1867 | // Get the serial number. | |
1868 | string serialNumber = get_cert_serial_number (db_cert); | |
1869 | ||
1870 | // Does the serial number match that of the current server? | |
1871 | if (serialNumber != server->certinfo) | |
1872 | continue; // goto next certificate | |
1873 | ||
1874 | // All is ok! Remove the certificate from the database. | |
1875 | break; | |
1876 | } // Loop over certificates in the database | |
1877 | ||
1878 | // Was a certificate matching the server found? */ | |
1879 | if (CERT_LIST_END (node, certs)) | |
1880 | { | |
1881 | // Not found. Server is already untrusted. | |
1882 | if (s.verbose) | |
1883 | trust_already_in_place (*server, server_list, cert_db_path, true/*revoking*/); | |
1884 | } | |
1885 | else | |
1886 | { | |
1887 | secStatus = SEC_DeletePermCertificate (db_cert); | |
1888 | if (secStatus != SECSuccess) | |
1889 | { | |
1890 | clog << _F("Unable to remove certificate from %s: ", | |
1891 | cert_db_path.c_str()) << endl; | |
1892 | nssError (); | |
1893 | } | |
1894 | } | |
1895 | CERT_DestroyCertList (certs); | |
1896 | certs = NULL; | |
1897 | } // Loop over servers | |
1898 | ||
1899 | cleanup: | |
1900 | if (certs) | |
1901 | CERT_DestroyCertList (certs); | |
1902 | if (tmpArena) | |
1903 | PORT_FreeArena (tmpArena, PR_FALSE); | |
1904 | ||
1905 | nssCleanup (cert_db_path.c_str ()); | |
1906 | } | |
1907 | ||
1908 | // Obtain information about servers from the certificates in the given database. | |
1909 | static void | |
1910 | get_server_info_from_db ( | |
1911 | systemtap_session &s, | |
1912 | vector<compile_server_info> &servers, | |
1913 | const string &cert_db_path | |
1914 | ) | |
1915 | { | |
1916 | // Make sure the given path exists. | |
1917 | if (! file_exists (cert_db_path)) | |
1918 | { | |
1919 | if (s.verbose > 1) | |
1920 | clog << _F("Certificate database '%s' does not exist.", | |
1921 | cert_db_path.c_str()) << endl; | |
1922 | return; | |
1923 | } | |
1924 | ||
1925 | // Make sure NSPR is initialized. Must be done before NSS is initialized | |
1926 | s.NSPR_init (); | |
1927 | ||
1928 | // Initialize the NSS libraries -- readonly | |
1929 | SECStatus secStatus = nssInit (cert_db_path.c_str ()); | |
1930 | if (secStatus != SECSuccess) | |
1931 | { | |
1932 | // Message already issued. | |
1933 | return; | |
1934 | } | |
1935 | ||
1936 | // Must predeclare this because of jumps to cleanup: below. | |
1937 | PRArenaPool *tmpArena = NULL; | |
1938 | CERTCertList *certs = get_cert_list_from_db (server_cert_nickname ()); | |
1939 | if (! certs) | |
1940 | { | |
1941 | if (s.verbose > 1) | |
1942 | clog << _F("No certificate found in database %s", cert_db_path.c_str ()) << endl; | |
1943 | goto cleanup; | |
1944 | } | |
1945 | ||
1946 | // A memory pool to work in | |
1947 | tmpArena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); | |
1948 | if (! tmpArena) | |
1949 | { | |
1950 | clog << _("Out of memory:"); | |
1951 | nssError (); | |
1952 | goto cleanup; | |
1953 | } | |
1954 | for (CERTCertListNode *node = CERT_LIST_HEAD (certs); | |
1955 | ! CERT_LIST_END (node, certs); | |
1956 | node = CERT_LIST_NEXT (node)) | |
1957 | { | |
1958 | compile_server_info server_info; | |
1959 | ||
1960 | // The certificate we're working with. | |
1961 | CERTCertificate *db_cert = node->cert; | |
1962 | ||
1963 | // Get the host name. It is in the alt-name extension of the | |
1964 | // certificate. | |
1965 | SECItem subAltName; | |
1966 | subAltName.data = NULL; | |
1967 | secStatus = CERT_FindCertExtension (db_cert, | |
1968 | SEC_OID_X509_SUBJECT_ALT_NAME, | |
1969 | & subAltName); | |
1970 | if (secStatus != SECSuccess || ! subAltName.data) | |
1971 | { | |
1972 | clog << _("Unable to find alt name extension on server certificate: ") << endl; | |
1973 | nssError (); | |
1974 | continue; | |
1975 | } | |
1976 | ||
1977 | // Decode the extension. | |
1978 | CERTGeneralName *nameList = CERT_DecodeAltNameExtension (tmpArena, & subAltName); | |
1979 | SECITEM_FreeItem(& subAltName, PR_FALSE); | |
1980 | if (! nameList) | |
1981 | { | |
1982 | clog << _("Unable to decode alt name extension on server certificate: ") << endl; | |
1983 | nssError (); | |
1984 | continue; | |
1985 | } | |
1986 | ||
1987 | // We're interested in the first alternate name. | |
1988 | assert (nameList->type == certDNSName); | |
1989 | server_info.host_name = string ((const char *)nameList->name.other.data, | |
1990 | nameList->name.other.len); | |
1991 | // Don't free nameList. It's part of the tmpArena. | |
1992 | ||
1993 | // Get the serial number. | |
1994 | server_info.certinfo = get_cert_serial_number (db_cert); | |
1995 | ||
1996 | // Our results will at a minimum contain this server. | |
1997 | add_server_info (server_info, servers); | |
1998 | ||
1999 | // Augment the list by querying all online servers and keeping the ones | |
2000 | // with the same cert serial number. | |
2001 | vector<compile_server_info> online_servers; | |
2002 | get_or_keep_online_server_info (s, online_servers, false/*keep*/); | |
2003 | keep_server_info_with_cert_and_port (s, server_info, online_servers); | |
2004 | add_server_info (online_servers, servers); | |
2005 | } | |
2006 | ||
2007 | cleanup: | |
2008 | if (certs) | |
2009 | CERT_DestroyCertList (certs); | |
2010 | if (tmpArena) | |
2011 | PORT_FreeArena (tmpArena, PR_FALSE); | |
2012 | ||
2013 | nssCleanup (cert_db_path.c_str ()); | |
2014 | } | |
2015 | #endif // HAVE_NSS | |
2016 | ||
2017 | // Utility Functions. | |
2018 | //----------------------------------------------------------------------- | |
2019 | ostream &operator<< (ostream &s, const compile_server_info &i) | |
2020 | { | |
2021 | s << " host="; | |
2022 | if (! i.host_name.empty ()) | |
2023 | s << i.host_name; | |
2024 | else | |
2025 | s << "unknown"; | |
2026 | s << " ip="; | |
2027 | if (! i.ip_address.empty ()) | |
2028 | s << i.ip_address; | |
2029 | else | |
2030 | s << "offline"; | |
2031 | s << " port="; | |
2032 | if (i.port != 0) | |
2033 | s << i.port; | |
2034 | else | |
2035 | s << "offline"; | |
2036 | s << " sysinfo=\""; | |
2037 | if (! i.sysinfo.empty ()) | |
2038 | s << i.sysinfo << '"'; | |
2039 | else | |
2040 | s << "unknown\""; | |
2041 | s << " version="; | |
2042 | if (! i.version.empty ()) | |
2043 | s << i.version; | |
2044 | else | |
2045 | s << "unknown"; | |
2046 | s << " certinfo=\""; | |
2047 | if (! i.certinfo.empty ()) | |
2048 | s << i.certinfo << '"'; | |
2049 | else | |
2050 | s << "unknown\""; | |
2051 | return s; | |
2052 | } | |
2053 | ||
2054 | // Return the default server specification, used when none is given on the | |
2055 | // command line. | |
2056 | static string | |
2057 | default_server_spec (const systemtap_session &s) | |
2058 | { | |
2059 | // If the --use-server option has been used | |
2060 | // the default is 'specified' | |
2061 | // otherwise if the --unprivileged has been used | |
2062 | // the default is online,trusted,compatible,signer | |
2063 | // otherwise | |
2064 | // the default is online,compatible | |
2065 | // | |
2066 | // Having said that, | |
2067 | // 'online' and 'compatible' will only succeed if we have avahi | |
2068 | // 'trusted' and 'signer' will only succeed if we have NSS | |
2069 | // | |
2070 | string working_string = "online,trusted,compatible"; | |
2071 | if (s.unprivileged) | |
2072 | working_string += ",signer"; | |
2073 | return working_string; | |
2074 | } | |
2075 | ||
2076 | static int | |
2077 | server_spec_to_pmask (const string &server_spec) | |
2078 | { | |
2079 | // Construct a mask of the server properties that have been requested. | |
2080 | // The available properties are: | |
2081 | // trusted - servers which are trusted SSL peers. | |
2082 | // online - online servers. | |
2083 | // compatible - servers which compile for the current kernel release | |
2084 | // and architecture. | |
2085 | // signer - servers which are trusted module signers. | |
2086 | // specified - servers which have been specified using --use-server=XXX. | |
2087 | // If no servers have been specified, then this is | |
2088 | // equivalent to --list-servers=trusted,online,compatible. | |
2089 | // all - all trusted servers, trusted module signers, | |
2090 | // servers currently online and specified servers. | |
2091 | string working_spec = server_spec; | |
2092 | vector<string> properties; | |
2093 | tokenize (working_spec, properties, ","); | |
2094 | int pmask = 0; | |
2095 | unsigned limit = properties.size (); | |
2096 | for (unsigned i = 0; i < limit; ++i) | |
2097 | { | |
2098 | const string &property = properties[i]; | |
2099 | // Tolerate (and ignore) empty properties. | |
2100 | if (property.empty ()) | |
2101 | continue; | |
2102 | if (property == "all") | |
2103 | { | |
2104 | pmask |= compile_server_all; | |
2105 | } | |
2106 | else if (property == "specified") | |
2107 | { | |
2108 | pmask |= compile_server_specified; | |
2109 | } | |
2110 | else if (property == "trusted") | |
2111 | { | |
2112 | pmask |= compile_server_trusted; | |
2113 | } | |
2114 | else if (property == "online") | |
2115 | { | |
2116 | pmask |= compile_server_online; | |
2117 | } | |
2118 | else if (property == "compatible") | |
2119 | { | |
2120 | pmask |= compile_server_compatible; | |
2121 | } | |
2122 | else if (property == "signer") | |
2123 | { | |
2124 | pmask |= compile_server_signer; | |
2125 | } | |
2126 | else | |
2127 | { | |
2128 | clog << _F("Warning: unsupported compile server property: %s", property.c_str()) | |
2129 | << endl; | |
2130 | } | |
2131 | } | |
2132 | return pmask; | |
2133 | } | |
2134 | ||
2135 | void | |
2136 | query_server_status (systemtap_session &s) | |
2137 | { | |
2138 | unsigned limit = s.server_status_strings.size (); | |
2139 | for (unsigned i = 0; i < limit; ++i) | |
2140 | query_server_status (s, s.server_status_strings[i]); | |
2141 | } | |
2142 | ||
2143 | static void | |
2144 | query_server_status (systemtap_session &s, const string &status_string) | |
2145 | { | |
2146 | // If this string is empty, then the default is "specified" | |
2147 | string working_string = status_string; | |
2148 | if (working_string.empty ()) | |
2149 | working_string = "specified"; | |
2150 | ||
2151 | // If the query is "specified" and no servers have been specified | |
2152 | // (i.e. --use-server not used or used with no argument), then | |
2153 | // use the default query. | |
2154 | // TODO: This may not be necessary. The underlying queries should handle | |
2155 | // "specified" properly. | |
2156 | if (working_string == "specified" && | |
2157 | (s.specified_servers.empty () || | |
2158 | (s.specified_servers.size () == 1 && s.specified_servers[0].empty ()))) | |
2159 | working_string = default_server_spec (s); | |
2160 | ||
2161 | int pmask = server_spec_to_pmask (working_string); | |
2162 | ||
2163 | // Now obtain a list of the servers which match the criteria. | |
2164 | vector<compile_server_info> raw_servers; | |
2165 | get_server_info (s, pmask, raw_servers); | |
2166 | ||
2167 | // Augment the listing with as much information as possible by adding | |
2168 | // information from known servers. | |
2169 | vector<compile_server_info> servers; | |
2170 | get_all_server_info (s, servers); | |
2171 | keep_common_server_info (raw_servers, servers); | |
2172 | ||
2173 | // Sort the list of servers into a preferred order. | |
2174 | preferred_order (servers); | |
2175 | ||
2176 | // Print the server information. Skip the empty entry at the head of the list. | |
2177 | clog << _F("Systemtap Compile Server Status for '%s'", working_string.c_str()) << endl; | |
2178 | bool found = false; | |
2179 | unsigned limit = servers.size (); | |
2180 | for (unsigned i = 0; i < limit; ++i) | |
2181 | { | |
2182 | assert (! servers[i].empty ()); | |
2183 | // Don't list servers with no cert information. They may not actually | |
2184 | // exist. | |
2185 | // TODO: Could try contacting the server and obtaining its cert | |
2186 | if (servers[i].certinfo.empty ()) | |
2187 | continue; | |
2188 | clog << servers[i] << endl; | |
2189 | found = true; | |
2190 | } | |
2191 | if (! found) | |
2192 | clog << _("No servers found") << endl; | |
2193 | } | |
2194 | ||
2195 | // Add or remove trust of the servers specified on the command line. | |
2196 | void | |
2197 | manage_server_trust (systemtap_session &s) | |
2198 | { | |
2199 | // This function should do nothing if we don't have NSS. | |
2200 | #if HAVE_NSS | |
2201 | // Nothing to do if --trust-servers was not specified. | |
2202 | if (s.server_trust_spec.empty ()) | |
2203 | return; | |
2204 | ||
2205 | // Break up and analyze the trust specification. Recognized components are: | |
2206 | // ssl - trust the specified servers as ssl peers | |
2207 | // signer - trust the specified servers as module signers | |
2208 | // revoke - revoke the requested trust | |
2209 | // all-users - apply/revoke the requested trust for all users | |
2210 | // no-prompt - don't prompt the user for confirmation | |
2211 | vector<string>components; | |
2212 | tokenize (s.server_trust_spec, components, ","); | |
2213 | bool ssl = false; | |
2214 | bool signer = false; | |
2215 | bool revoke = false; | |
2216 | bool all_users = false; | |
2217 | bool no_prompt = false; | |
2218 | bool error = false; | |
2219 | for (vector<string>::const_iterator i = components.begin (); | |
2220 | i != components.end (); | |
2221 | ++i) | |
2222 | { | |
2223 | if (*i == "ssl") | |
2224 | ssl = true; | |
2225 | else if (*i == "signer") | |
2226 | { | |
2227 | if (geteuid () != 0) | |
2228 | { | |
2229 | clog << _("Only root can specify 'signer' on --trust-servers") << endl; | |
2230 | error = true; | |
2231 | } | |
2232 | else | |
2233 | signer = true; | |
2234 | } | |
2235 | else if (*i == "revoke") | |
2236 | revoke = true; | |
2237 | else if (*i == "all-users") | |
2238 | { | |
2239 | if (geteuid () != 0) | |
2240 | { | |
2241 | clog << _("Only root can specify 'all-users' on --trust-servers") << endl; | |
2242 | error = true; | |
2243 | } | |
2244 | else | |
2245 | all_users = true; | |
2246 | } | |
2247 | else if (*i == "no-prompt") | |
2248 | no_prompt = true; | |
2249 | else | |
2250 | clog << _("Warning: Unrecognized server trust specification: ") << *i | |
2251 | << endl; | |
2252 | } | |
2253 | if (error) | |
2254 | return; | |
2255 | ||
2256 | // Make sure NSPR is initialized | |
2257 | s.NSPR_init (); | |
c77af0d0 | 2258 | |
48e74294 DB |
2259 | // Now obtain the list of specified servers. |
2260 | vector<compile_server_info> server_list; | |
2261 | get_specified_server_info (s, server_list, true/*no_default*/); | |
c77af0d0 | 2262 | |
48e74294 DB |
2263 | // Did we identify any potential servers? |
2264 | unsigned limit = server_list.size (); | |
2265 | if (limit == 0) | |
2266 | { | |
2267 | clog << _("No servers identified for trust") << endl; | |
2268 | return; | |
2269 | } | |
c77af0d0 | 2270 | |
48e74294 DB |
2271 | // Create a string representing the request in English. |
2272 | // If neither 'ssl' or 'signer' was specified, the default is 'ssl'. | |
2273 | if (! ssl && ! signer) | |
2274 | ssl = true; | |
2275 | ostringstream trustString; | |
2276 | if (ssl) | |
2277 | { | |
2278 | trustString << _("as an SSL peer"); | |
2279 | if (all_users) | |
2280 | trustString << _(" for all users"); | |
2281 | else | |
2282 | trustString << _(" for the current user"); | |
2283 | } | |
2284 | if (signer) | |
2285 | { | |
2286 | if (ssl) | |
2287 | trustString << _(" and "); | |
2288 | trustString << _("as a module signer for all users"); | |
2289 | } | |
c77af0d0 | 2290 | |
48e74294 DB |
2291 | // Prompt the user to confirm what's about to happen. |
2292 | if (no_prompt) | |
2293 | { | |
2294 | if (revoke) | |
2295 | clog << _("Revoking trust "); | |
2296 | else | |
2297 | clog << _("Adding trust "); | |
2298 | } | |
2299 | else | |
2300 | { | |
2301 | if (revoke) | |
2302 | clog << _("Revoke trust "); | |
c77af0d0 | 2303 | else |
48e74294 DB |
2304 | clog << _("Add trust "); |
2305 | } | |
2306 | clog << _F("in the following servers %s", trustString.str().c_str()); | |
2307 | if (! no_prompt) | |
2308 | clog << '?'; | |
2309 | clog << endl; | |
2310 | for (unsigned i = 0; i < limit; ++i) | |
2311 | clog << " " << server_list[i] << endl; | |
2312 | if (! no_prompt) | |
2313 | { | |
2314 | clog << "[y/N] " << flush; | |
2315 | ||
2316 | // Only carry out the operation if the response is "yes" | |
2317 | string response; | |
2318 | cin >> response; | |
2319 | if (response[0] != 'y' && response [0] != 'Y') | |
c77af0d0 | 2320 | { |
48e74294 DB |
2321 | clog << _("Server trust unchanged") << endl; |
2322 | return; | |
c77af0d0 | 2323 | } |
48e74294 | 2324 | } |
c77af0d0 | 2325 | |
48e74294 DB |
2326 | // Now add/revoke the requested trust. |
2327 | string cert_db_path; | |
2328 | if (ssl) | |
2329 | { | |
2330 | if (all_users) | |
2331 | cert_db_path = global_ssl_cert_db_path (); | |
2332 | else | |
2333 | cert_db_path = private_ssl_cert_db_path (); | |
2334 | if (revoke) | |
2335 | revoke_server_trust (s, cert_db_path, server_list); | |
2336 | else | |
2337 | add_server_trust (s, cert_db_path, server_list); | |
2338 | } | |
2339 | if (signer) | |
2340 | { | |
2341 | cert_db_path = signing_cert_db_path (); | |
2342 | if (revoke) | |
2343 | revoke_server_trust (s, cert_db_path, server_list); | |
2344 | else | |
2345 | add_server_trust (s, cert_db_path, server_list); | |
2346 | } | |
2347 | #endif // HAVE_NSS | |
2348 | } | |
c77af0d0 | 2349 | |
48e74294 DB |
2350 | static compile_server_cache* |
2351 | cscache(systemtap_session& s) | |
2352 | { | |
2353 | if (!s.server_cache) | |
2354 | s.server_cache = new compile_server_cache(); | |
2355 | return s.server_cache; | |
c77af0d0 DB |
2356 | } |
2357 | ||
b0e5fa85 | 2358 | static void |
85007c04 | 2359 | get_server_info ( |
1f9938b9 | 2360 | systemtap_session &s, |
85007c04 DB |
2361 | int pmask, |
2362 | vector<compile_server_info> &servers | |
2363 | ) | |
2364 | { | |
2365 | // Get information on compile servers matching the requested criteria. | |
0d1534e8 | 2366 | // The order of queries is significant. Accumulating queries must go first |
7543625d DB |
2367 | // followed by accumulating/filtering queries. |
2368 | bool keep = false; | |
2369 | if (((pmask & compile_server_all))) | |
0d1534e8 | 2370 | { |
7543625d DB |
2371 | get_all_server_info (s, servers); |
2372 | keep = true; | |
0d1534e8 | 2373 | } |
7543625d | 2374 | // Add the specified servers, if requested |
2e15a955 DB |
2375 | if ((pmask & compile_server_specified)) |
2376 | { | |
7543625d DB |
2377 | get_specified_server_info (s, servers); |
2378 | keep = true; | |
2e15a955 | 2379 | } |
48e74294 | 2380 | // Now filter or accumulate the list depending on whether a query has |
7543625d | 2381 | // already been made. |
85007c04 DB |
2382 | if ((pmask & compile_server_online)) |
2383 | { | |
7543625d DB |
2384 | get_or_keep_online_server_info (s, servers, keep); |
2385 | keep = true; | |
0d1534e8 DB |
2386 | } |
2387 | if ((pmask & compile_server_trusted)) | |
2388 | { | |
7543625d DB |
2389 | get_or_keep_trusted_server_info (s, servers, keep); |
2390 | keep = true; | |
85007c04 | 2391 | } |
0d1534e8 DB |
2392 | if ((pmask & compile_server_signer)) |
2393 | { | |
7543625d DB |
2394 | get_or_keep_signing_server_info (s, servers, keep); |
2395 | keep = true; | |
0d1534e8 | 2396 | } |
85007c04 DB |
2397 | if ((pmask & compile_server_compatible)) |
2398 | { | |
7543625d DB |
2399 | get_or_keep_compatible_server_info (s, servers, keep); |
2400 | keep = true; | |
85007c04 | 2401 | } |
0d1534e8 DB |
2402 | } |
2403 | ||
2404 | // Get information about all online servers as well as servers trusted | |
2405 | // as SSL peers and servers trusted as signers. | |
b0e5fa85 | 2406 | static void |
0d1534e8 DB |
2407 | get_all_server_info ( |
2408 | systemtap_session &s, | |
2409 | vector<compile_server_info> &servers | |
2410 | ) | |
2411 | { | |
d7cec9ad DB |
2412 | get_or_keep_online_server_info (s, servers, false/*keep*/); |
2413 | get_or_keep_trusted_server_info (s, servers, false/*keep*/); | |
2414 | get_or_keep_signing_server_info (s, servers, false/*keep*/); | |
85007c04 DB |
2415 | } |
2416 | ||
b0e5fa85 | 2417 | static void |
2e15a955 DB |
2418 | get_default_server_info ( |
2419 | systemtap_session &s, | |
2420 | vector<compile_server_info> &servers | |
2421 | ) | |
1f9938b9 | 2422 | { |
eff14db3 JS |
2423 | // We only need to obtain this once per session. This is a good thing(tm) |
2424 | // since obtaining this information is expensive. | |
2425 | vector<compile_server_info>& default_servers = cscache(s)->default_servers; | |
2e15a955 | 2426 | if (default_servers.empty ()) |
1f9938b9 | 2427 | { |
c77af0d0 DB |
2428 | // Get the required information. |
2429 | // get_server_info will add an empty entry at the beginning to indicate | |
2430 | // that the search has been performed, in case the search comes up empty. | |
0d1534e8 DB |
2431 | int pmask = server_spec_to_pmask (default_server_spec (s)); |
2432 | get_server_info (s, pmask, default_servers); | |
2e15a955 | 2433 | } |
1f9938b9 | 2434 | |
c77af0d0 | 2435 | // Add the information, but not duplicates. |
7543625d | 2436 | add_server_info (default_servers, servers); |
2e15a955 | 2437 | } |
1f9938b9 | 2438 | |
b0e5fa85 | 2439 | static void |
2e15a955 DB |
2440 | get_specified_server_info ( |
2441 | systemtap_session &s, | |
1a7f7b3f DB |
2442 | vector<compile_server_info> &servers, |
2443 | bool no_default | |
2e15a955 DB |
2444 | ) |
2445 | { | |
eff14db3 JS |
2446 | // We only need to obtain this once per session. This is a good thing(tm) |
2447 | // since obtaining this information is expensive. | |
2448 | vector<compile_server_info>& specified_servers = cscache(s)->specified_servers; | |
2e15a955 DB |
2449 | if (specified_servers.empty ()) |
2450 | { | |
0d1534e8 DB |
2451 | // Maintain an empty entry to indicate that this search has been |
2452 | // performed, in case the search comes up empty. | |
2453 | specified_servers.push_back (compile_server_info ()); | |
2454 | ||
2e15a955 DB |
2455 | // If --use-servers was not specified at all, then return info for the |
2456 | // default server list. | |
2457 | if (s.specified_servers.empty ()) | |
2458 | { | |
1a7f7b3f DB |
2459 | if (! no_default) |
2460 | get_default_server_info (s, specified_servers); | |
2e15a955 DB |
2461 | } |
2462 | else | |
2463 | { | |
2464 | // Iterate over the specified servers. For each specification, add to | |
2465 | // the list of servers. | |
2466 | unsigned num_specified_servers = s.specified_servers.size (); | |
2467 | for (unsigned i = 0; i < num_specified_servers; ++i) | |
2468 | { | |
7543625d | 2469 | string &server = s.specified_servers[i]; |
2e15a955 DB |
2470 | if (server.empty ()) |
2471 | { | |
2472 | // No server specified. Use the default servers. | |
1a7f7b3f DB |
2473 | if (! no_default) |
2474 | get_default_server_info (s, specified_servers); | |
7543625d | 2475 | continue; |
2e15a955 | 2476 | } |
1f9938b9 | 2477 | |
7543625d DB |
2478 | // Work with the specified server |
2479 | compile_server_info server_info; | |
2480 | ||
2481 | // See if a port was specified (:n suffix) | |
2482 | vector<string> components; | |
2483 | tokenize (server, components, ":"); | |
2484 | if (components.size () > 2) | |
2485 | { | |
2486 | // Treat it as a certificate serial number. The final | |
2487 | // component may still be a port number. | |
2488 | if (components.size () > 5) | |
2e15a955 | 2489 | { |
7543625d DB |
2490 | // Obtain the port number. |
2491 | const char *pstr = components.back ().c_str (); | |
2492 | char *estr; | |
2493 | errno = 0; | |
2494 | unsigned long port = strtoul (pstr, & estr, 10); | |
2495 | if (errno == 0 && *estr == '\0' && port <= USHRT_MAX) | |
2496 | server_info.port = port; | |
2497 | else | |
2e15a955 | 2498 | { |
aeb9cc10 | 2499 | clog << _F("Invalid port number specified: %s", |
58a834b1 | 2500 | components.back().c_str()) << endl; |
7543625d | 2501 | continue; |
2e15a955 | 2502 | } |
7543625d DB |
2503 | // Remove the port number from the spec |
2504 | server_info.certinfo = server.substr (0, server.find_last_of (':')); | |
2505 | } | |
2506 | else | |
2507 | server_info.certinfo = server; | |
2508 | ||
2509 | // Look for all known servers with this serial number and | |
2510 | // (optional) port number. | |
2511 | vector<compile_server_info> known_servers; | |
2512 | get_all_server_info (s, known_servers); | |
2513 | keep_server_info_with_cert_and_port (s, server_info, known_servers); | |
2514 | // Did we find one? | |
2515 | if (known_servers.empty ()) | |
2516 | { | |
2517 | if (s.verbose) | |
aeb9cc10 | 2518 | clog << _F("No server matching %s found", server.c_str()) << endl; |
7543625d DB |
2519 | } |
2520 | else | |
2521 | add_server_info (known_servers, specified_servers); | |
2522 | } // specified by cert serial number | |
2523 | else { | |
2524 | // Not specified by serial number. Treat it as host name or | |
2525 | // ip address and optional port number. | |
2526 | if (components.size () == 2) | |
2527 | { | |
2528 | // Obtain the port number. | |
2529 | const char *pstr = components.back ().c_str (); | |
2530 | char *estr; | |
2531 | errno = 0; | |
2532 | unsigned long port = strtoul (pstr, & estr, 10); | |
2533 | if (errno == 0 && *estr == '\0' && port <= USHRT_MAX) | |
2534 | server_info.port = port; | |
334df419 DB |
2535 | else |
2536 | { | |
aeb9cc10 | 2537 | clog << _F("Invalid port number specified: %s", |
58a834b1 | 2538 | components.back().c_str()) << endl; |
7543625d DB |
2539 | continue; |
2540 | } | |
2541 | } | |
2542 | ||
2543 | // Obtain the host name or ip address. | |
2544 | if (stringToIpAddress (components.front ())) | |
2545 | server_info.ip_address = components.front (); | |
2546 | else | |
2547 | server_info.host_name = components.front (); | |
2548 | ||
2549 | // Find known servers matching the specified information. | |
2550 | vector<compile_server_info> known_servers; | |
2551 | get_all_server_info (s, known_servers); | |
2552 | keep_common_server_info (server_info, known_servers); | |
2553 | add_server_info (known_servers, specified_servers); | |
2554 | ||
2555 | // Resolve this host and add any information that is discovered. | |
2556 | resolve_host (s, server_info, specified_servers); | |
2557 | } // Not specified by cert serial number | |
2e15a955 DB |
2558 | } // Loop over --use-server options |
2559 | } // -- use-server specified | |
2e15a955 DB |
2560 | } // Server information is not cached |
2561 | ||
c77af0d0 | 2562 | // Add the information, but not duplicates. |
7543625d | 2563 | add_server_info (specified_servers, servers); |
1f9938b9 DB |
2564 | } |
2565 | ||
b0e5fa85 | 2566 | static void |
0d1534e8 | 2567 | get_or_keep_trusted_server_info ( |
1f9938b9 | 2568 | systemtap_session &s, |
7543625d DB |
2569 | vector<compile_server_info> &servers, |
2570 | bool keep | |
85007c04 DB |
2571 | ) |
2572 | { | |
7543625d DB |
2573 | // If we're filtering the list and it's already empty, then |
2574 | // there's nothing to do. | |
2575 | if (keep && servers.empty ()) | |
2576 | return; | |
2577 | ||
eff14db3 JS |
2578 | // We only need to obtain this once per session. This is a good thing(tm) |
2579 | // since obtaining this information is expensive. | |
2580 | vector<compile_server_info>& trusted_servers = cscache(s)->trusted_servers; | |
0d1534e8 | 2581 | if (trusted_servers.empty ()) |
85007c04 | 2582 | { |
0d1534e8 DB |
2583 | // Maintain an empty entry to indicate that this search has been |
2584 | // performed, in case the search comes up empty. | |
2585 | trusted_servers.push_back (compile_server_info ()); | |
2586 | ||
2587 | #if HAVE_NSS | |
c77af0d0 | 2588 | // Check the private database first. |
aeb9cc10 | 2589 | string cert_db_path = private_ssl_cert_db_path (); |
c77af0d0 | 2590 | get_server_info_from_db (s, trusted_servers, cert_db_path); |
0d1534e8 | 2591 | |
c77af0d0 DB |
2592 | // Now check the global database. |
2593 | cert_db_path = global_ssl_cert_db_path (); | |
0d1534e8 | 2594 | get_server_info_from_db (s, trusted_servers, cert_db_path); |
0d1534e8 DB |
2595 | #else // ! HAVE_NSS |
2596 | // Without NSS, we can't determine whether a server is trusted. | |
2597 | // Issue a warning. | |
2598 | if (s.verbose) | |
58a834b1 | 2599 | clog << _("Unable to determine server trust as an SSL peer") << endl; |
0d1534e8 DB |
2600 | #endif // ! HAVE_NSS |
2601 | } // Server information is not cached | |
2602 | ||
7543625d | 2603 | if (keep) |
0d1534e8 DB |
2604 | { |
2605 | // Filter the existing vector by keeping the information in common with | |
2606 | // the trusted_server vector. | |
2607 | keep_common_server_info (trusted_servers, servers); | |
2608 | } | |
2609 | else | |
2610 | { | |
c77af0d0 | 2611 | // Add the information, but not duplicates. |
7543625d | 2612 | add_server_info (trusted_servers, servers); |
0d1534e8 DB |
2613 | } |
2614 | } | |
2615 | ||
b0e5fa85 | 2616 | static void |
0d1534e8 DB |
2617 | get_or_keep_signing_server_info ( |
2618 | systemtap_session &s, | |
7543625d DB |
2619 | vector<compile_server_info> &servers, |
2620 | bool keep | |
0d1534e8 DB |
2621 | ) |
2622 | { | |
7543625d DB |
2623 | // If we're filtering the list and it's already empty, then |
2624 | // there's nothing to do. | |
2625 | if (keep && servers.empty ()) | |
2626 | return; | |
2627 | ||
eff14db3 JS |
2628 | // We only need to obtain this once per session. This is a good thing(tm) |
2629 | // since obtaining this information is expensive. | |
2630 | vector<compile_server_info>& signing_servers = cscache(s)->signing_servers; | |
0d1534e8 DB |
2631 | if (signing_servers.empty ()) |
2632 | { | |
2633 | // Maintain an empty entry to indicate that this search has been | |
2634 | // performed, in case the search comes up empty. | |
2635 | signing_servers.push_back (compile_server_info ()); | |
2636 | ||
2637 | #if HAVE_NSS | |
0d1534e8 | 2638 | // For all users, check the global database. |
c77af0d0 | 2639 | string cert_db_path = signing_cert_db_path (); |
0d1534e8 | 2640 | get_server_info_from_db (s, signing_servers, cert_db_path); |
0d1534e8 DB |
2641 | #else // ! HAVE_NSS |
2642 | // Without NSS, we can't determine whether a server is a trusted | |
2643 | // signer. Issue a warning. | |
2644 | if (s.verbose) | |
58a834b1 | 2645 | clog << _("Unable to determine server trust as a module signer") << endl; |
0d1534e8 DB |
2646 | #endif // ! HAVE_NSS |
2647 | } // Server information is not cached | |
2648 | ||
7543625d | 2649 | if (keep) |
0d1534e8 DB |
2650 | { |
2651 | // Filter the existing vector by keeping the information in common with | |
2652 | // the signing_server vector. | |
2653 | keep_common_server_info (signing_servers, servers); | |
2654 | } | |
2655 | else | |
2656 | { | |
c77af0d0 | 2657 | // Add the information, but not duplicates. |
7543625d | 2658 | add_server_info (signing_servers, servers); |
0d1534e8 DB |
2659 | } |
2660 | } | |
2661 | ||
0d1534e8 | 2662 | |
b0e5fa85 | 2663 | static void |
7543625d | 2664 | get_or_keep_compatible_server_info ( |
0d1534e8 | 2665 | systemtap_session &s, |
7543625d DB |
2666 | vector<compile_server_info> &servers, |
2667 | bool keep | |
0d1534e8 DB |
2668 | ) |
2669 | { | |
2670 | #if HAVE_AVAHI | |
7543625d DB |
2671 | // If we're filtering the list and it's already empty, then |
2672 | // there's nothing to do. | |
2673 | if (keep && servers.empty ()) | |
2674 | return; | |
2675 | ||
0d1534e8 DB |
2676 | // Remove entries for servers incompatible with the host environment |
2677 | // from the given list of servers. | |
2678 | // A compatible server compiles for the kernel release and architecture | |
2679 | // of the host environment. | |
7543625d DB |
2680 | // |
2681 | // Compatibility can only be determined for online servers. So, augment | |
2682 | // and filter the information we have with information for online servers. | |
2683 | vector<compile_server_info> online_servers; | |
2684 | get_or_keep_online_server_info (s, online_servers, false/*keep*/); | |
2685 | if (keep) | |
2686 | keep_common_server_info (online_servers, servers); | |
2687 | else | |
2688 | add_server_info (online_servers, servers); | |
2689 | ||
2690 | // Now look to see which ones are compatible. | |
2691 | // The vector can change size as we go, so be careful!! | |
0d1534e8 DB |
2692 | for (unsigned i = 0; i < servers.size (); /**/) |
2693 | { | |
c77af0d0 | 2694 | // Retain empty entries. |
7543625d DB |
2695 | assert (! servers[i].empty ()); |
2696 | ||
2697 | // Check the target of the server. | |
2698 | if (servers[i].sysinfo != s.kernel_release + " " + s.architecture) | |
85007c04 | 2699 | { |
7543625d DB |
2700 | // Target platform mismatch. |
2701 | servers.erase (servers.begin () + i); | |
2702 | continue; | |
85007c04 DB |
2703 | } |
2704 | ||
2705 | // The server is compatible. Leave it in the list. | |
2706 | ++i; | |
2707 | } | |
0d1534e8 DB |
2708 | #else // ! HAVE_AVAHI |
2709 | // Without Avahi, we can't obtain the target platform of the server. | |
2710 | // Issue a warning. | |
2711 | if (s.verbose) | |
58a834b1 | 2712 | clog << _("Unable to detect server compatibility") << endl; |
7543625d DB |
2713 | if (keep) |
2714 | servers.clear (); | |
0d1534e8 | 2715 | #endif |
85007c04 DB |
2716 | } |
2717 | ||
b0e5fa85 | 2718 | static void |
7543625d | 2719 | keep_server_info_with_cert_and_port ( |
822a6a3d | 2720 | systemtap_session &, |
7543625d DB |
2721 | const compile_server_info &server, |
2722 | vector<compile_server_info> &servers | |
2723 | ) | |
0d1534e8 | 2724 | { |
7543625d | 2725 | assert (! server.certinfo.empty ()); |
0d1534e8 | 2726 | |
7543625d DB |
2727 | // Search the list of servers for ones matching the |
2728 | // serial number specified. | |
2729 | // The vector can change size as we go, so be careful!! | |
2730 | for (unsigned i = 0; i < servers.size (); /**/) | |
0d1534e8 | 2731 | { |
7543625d DB |
2732 | // Retain empty entries. |
2733 | if (servers[i].empty ()) | |
2734 | { | |
2735 | ++i; | |
2736 | continue; | |
2737 | } | |
2738 | if (servers[i].certinfo == server.certinfo && | |
2739 | (servers[i].port == 0 || server.port == 0 || | |
2740 | servers[i].port == server.port)) | |
2741 | { | |
2742 | // If the server is not online, then use the specified | |
2743 | // port, if any. | |
2744 | if (servers[i].port == 0) | |
2745 | servers[i].port = server.port; | |
2746 | ++i; | |
2747 | continue; | |
2748 | } | |
2749 | // The item does not match. Delete it. | |
2750 | servers.erase (servers.begin () + i); | |
0d1534e8 | 2751 | } |
7543625d | 2752 | } |
0d1534e8 | 2753 | |
7543625d DB |
2754 | // Obtain missing host name or ip address, if any. |
2755 | static void | |
2756 | resolve_host ( | |
822a6a3d | 2757 | systemtap_session&, |
7543625d DB |
2758 | compile_server_info &server, |
2759 | vector<compile_server_info> &resolved_servers | |
2760 | ) | |
2761 | { | |
2762 | // Either the host name or the ip address or both are already set. | |
2763 | const char *lookup_name; | |
2764 | if (! server.host_name.empty ()) | |
0d1534e8 | 2765 | { |
7543625d DB |
2766 | // Use the host name to do the lookup. |
2767 | lookup_name = server.host_name.c_str (); | |
0d1534e8 | 2768 | } |
7543625d | 2769 | else |
0d1534e8 | 2770 | { |
7543625d DB |
2771 | // Use the ip address to do the lookup. |
2772 | // getaddrinfo works on both host names and ip addresses. | |
2773 | assert (! server.ip_address.empty ()); | |
2774 | lookup_name = server.ip_address.c_str (); | |
0d1534e8 | 2775 | } |
0d1534e8 | 2776 | |
7543625d | 2777 | // Resolve the server. |
2e15a955 DB |
2778 | struct addrinfo hints; |
2779 | memset(& hints, 0, sizeof (hints)); | |
2780 | hints.ai_family = AF_INET; // AF_UNSPEC or AF_INET6 to force version | |
7543625d DB |
2781 | struct addrinfo *addr_info = NULL; |
2782 | int status = getaddrinfo (lookup_name, NULL, & hints, & addr_info); | |
2783 | ||
2784 | // Failure to resolve will result in an appropriate error later if other | |
2785 | // methods fail. | |
2e15a955 | 2786 | if (status != 0) |
7543625d DB |
2787 | goto cleanup; |
2788 | assert (addr_info); | |
2e15a955 | 2789 | |
7543625d DB |
2790 | // Loop over the results collecting information. |
2791 | for (const struct addrinfo *ai = addr_info; ai != NULL; ai = ai->ai_next) | |
2e15a955 | 2792 | { |
7543625d | 2793 | if (ai->ai_family != AF_INET) |
2e15a955 DB |
2794 | continue; // Not an IPv4 address |
2795 | ||
7543625d DB |
2796 | // Start with the info we were given. |
2797 | compile_server_info new_server = server; | |
2798 | ||
2799 | // Obtain the ip address. | |
2800 | // Start with the pointer to the address itself, | |
2801 | struct sockaddr_in *ipv4 = (struct sockaddr_in *)ai->ai_addr; | |
2802 | void *addr = & ipv4->sin_addr; | |
2803 | ||
2804 | // convert the IP to a string. | |
2805 | char ipstr[INET_ADDRSTRLEN]; | |
2806 | inet_ntop (ai->ai_family, addr, ipstr, sizeof (ipstr)); | |
2807 | new_server.ip_address = ipstr; | |
2808 | ||
2809 | // Try to obtain a host name. | |
2e15a955 | 2810 | char hbuf[NI_MAXHOST]; |
7543625d | 2811 | status = getnameinfo (ai->ai_addr, sizeof (*ai->ai_addr), |
2e15a955 DB |
2812 | hbuf, sizeof (hbuf), NULL, 0, |
2813 | NI_NAMEREQD | NI_IDN); | |
7543625d DB |
2814 | if (status == 0) |
2815 | new_server.host_name = hbuf; | |
2e15a955 | 2816 | |
d7cec9ad DB |
2817 | // Don't resolve to localhost or localhost.localdomain, unless that's |
2818 | // what was asked for. | |
2819 | if ((new_server.host_name == "localhost" || | |
2820 | new_server.host_name == "localhost.localdomain") && | |
2821 | new_server.host_name != server.host_name) | |
2822 | continue; | |
2823 | ||
7543625d DB |
2824 | // Add the new resolved server to the list. |
2825 | add_server_info (new_server, resolved_servers); | |
2e15a955 | 2826 | } |
2e15a955 | 2827 | |
7543625d DB |
2828 | cleanup: |
2829 | if (addr_info) | |
2830 | freeaddrinfo (addr_info); // free the linked list | |
2831 | else | |
2e15a955 | 2832 | { |
7543625d DB |
2833 | // At a minimum, return the information we were given. |
2834 | add_server_info (server, resolved_servers); | |
2e15a955 | 2835 | } |
7543625d DB |
2836 | |
2837 | return; | |
2e15a955 DB |
2838 | } |
2839 | ||
85007c04 | 2840 | #if HAVE_AVAHI |
131f914e DB |
2841 | // Avahi API Callbacks. |
2842 | //----------------------------------------------------------------------- | |
85007c04 DB |
2843 | struct browsing_context { |
2844 | AvahiSimplePoll *simple_poll; | |
2845 | AvahiClient *client; | |
2846 | vector<compile_server_info> *servers; | |
2847 | }; | |
2848 | ||
0d1534e8 DB |
2849 | static string |
2850 | extract_field_from_avahi_txt (const string &label, const string &txt) | |
2851 | { | |
2852 | // Extract the requested field from the Avahi TXT. | |
2853 | string prefix = "\"" + label; | |
2854 | size_t ix = txt.find (prefix); | |
2855 | if (ix == string::npos) | |
2856 | { | |
2857 | // Label not found. | |
2858 | return ""; | |
2859 | } | |
2860 | ||
2861 | // This is the start of the field. | |
2862 | string field = txt.substr (ix + prefix.size ()); | |
2863 | ||
2864 | // Find the end of the field. | |
2865 | ix = field.find('"'); | |
2866 | if (ix != string::npos) | |
2867 | field = field.substr (0, ix); | |
2868 | ||
2869 | return field; | |
2870 | } | |
2871 | ||
85007c04 DB |
2872 | extern "C" |
2873 | void resolve_callback( | |
2874 | AvahiServiceResolver *r, | |
2875 | AVAHI_GCC_UNUSED AvahiIfIndex interface, | |
2876 | AVAHI_GCC_UNUSED AvahiProtocol protocol, | |
2877 | AvahiResolverEvent event, | |
2878 | const char *name, | |
2879 | const char *type, | |
2880 | const char *domain, | |
2881 | const char *host_name, | |
2882 | const AvahiAddress *address, | |
2883 | uint16_t port, | |
2884 | AvahiStringList *txt, | |
822a6a3d | 2885 | AvahiLookupResultFlags /*flags*/, |
85007c04 DB |
2886 | AVAHI_GCC_UNUSED void* userdata) { |
2887 | ||
2888 | assert(r); | |
2889 | const browsing_context *context = (browsing_context *)userdata; | |
2890 | vector<compile_server_info> *servers = context->servers; | |
2891 | ||
2892 | // Called whenever a service has been resolved successfully or timed out. | |
2893 | ||
2894 | switch (event) { | |
2895 | case AVAHI_RESOLVER_FAILURE: | |
aeb9cc10 | 2896 | clog << _F("Failed to resolve service '%s' of type '%s' in domain '%s': %s", |
58a834b1 LB |
2897 | name, type, domain, |
2898 | avahi_strerror(avahi_client_errno(avahi_service_resolver_get_client(r)))) << endl; | |
85007c04 DB |
2899 | break; |
2900 | ||
2901 | case AVAHI_RESOLVER_FOUND: { | |
2902 | char a[AVAHI_ADDRESS_STR_MAX], *t; | |
2903 | avahi_address_snprint(a, sizeof(a), address); | |
85007c04 | 2904 | |
2ab807f5 DB |
2905 | // Ignore entries using IPv6 addresses for now |
2906 | vector<string> parts; | |
2907 | tokenize (a, parts, "."); | |
2908 | if (parts.size () == 4) | |
2909 | { | |
2910 | // Save the information of interest. | |
2911 | compile_server_info info; | |
2912 | info.host_name = host_name; | |
2913 | info.ip_address = strdup (a); | |
2914 | info.port = port; | |
2915 | t = avahi_string_list_to_string(txt); | |
2916 | info.sysinfo = extract_field_from_avahi_txt ("sysinfo=", t); | |
2917 | info.certinfo = extract_field_from_avahi_txt ("certinfo=", t); | |
85717fe6 DB |
2918 | info.version = extract_field_from_avahi_txt ("version=", t); |
2919 | if (info.version.empty ()) | |
c89fe89c | 2920 | info.version = "1.0"; // default version is 1.0 |
2ab807f5 DB |
2921 | avahi_free(t); |
2922 | ||
2923 | // Add this server to the list of discovered servers. | |
2924 | add_server_info (info, *servers); | |
2925 | } | |
85007c04 DB |
2926 | } |
2927 | } | |
2928 | ||
2929 | avahi_service_resolver_free(r); | |
2930 | } | |
2931 | ||
2932 | extern "C" | |
2933 | void browse_callback( | |
2934 | AvahiServiceBrowser *b, | |
2935 | AvahiIfIndex interface, | |
2936 | AvahiProtocol protocol, | |
2937 | AvahiBrowserEvent event, | |
2938 | const char *name, | |
2939 | const char *type, | |
2940 | const char *domain, | |
2941 | AVAHI_GCC_UNUSED AvahiLookupResultFlags flags, | |
2942 | void* userdata) { | |
2943 | ||
2944 | browsing_context *context = (browsing_context *)userdata; | |
2945 | AvahiClient *c = context->client; | |
2946 | AvahiSimplePoll *simple_poll = context->simple_poll; | |
2947 | assert(b); | |
2948 | ||
2949 | // Called whenever a new services becomes available on the LAN or is removed from the LAN. | |
2950 | ||
2951 | switch (event) { | |
2952 | case AVAHI_BROWSER_FAILURE: | |
aeb9cc10 | 2953 | clog << _F("Avahi browse failed: %s", |
58a834b1 LB |
2954 | avahi_strerror(avahi_client_errno(avahi_service_browser_get_client(b)))) |
2955 | << endl; | |
85007c04 DB |
2956 | avahi_simple_poll_quit(simple_poll); |
2957 | break; | |
2958 | ||
2959 | case AVAHI_BROWSER_NEW: | |
2960 | // We ignore the returned resolver object. In the callback | |
2961 | // function we free it. If the server is terminated before | |
2962 | // the callback function is called the server will free | |
2963 | // the resolver for us. | |
2964 | if (!(avahi_service_resolver_new(c, interface, protocol, name, type, domain, | |
2965 | AVAHI_PROTO_UNSPEC, (AvahiLookupFlags)0, resolve_callback, context))) { | |
aeb9cc10 | 2966 | clog << _F("Failed to resolve service '%s': %s", |
58a834b1 | 2967 | name, avahi_strerror(avahi_client_errno(c))) << endl; |
85007c04 DB |
2968 | } |
2969 | break; | |
2970 | ||
2971 | case AVAHI_BROWSER_REMOVE: | |
2972 | case AVAHI_BROWSER_ALL_FOR_NOW: | |
2973 | case AVAHI_BROWSER_CACHE_EXHAUSTED: | |
2974 | break; | |
2975 | } | |
2976 | } | |
2977 | ||
2978 | extern "C" | |
2979 | void client_callback(AvahiClient *c, AvahiClientState state, AVAHI_GCC_UNUSED void * userdata) { | |
2980 | assert(c); | |
2981 | browsing_context *context = (browsing_context *)userdata; | |
2982 | AvahiSimplePoll *simple_poll = context->simple_poll; | |
2983 | ||
2984 | // Called whenever the client or server state changes. | |
2985 | ||
2986 | if (state == AVAHI_CLIENT_FAILURE) { | |
aeb9cc10 | 2987 | clog << _F("Avahi Server connection failure: %s", avahi_strerror(avahi_client_errno(c))) << endl; |
85007c04 DB |
2988 | avahi_simple_poll_quit(simple_poll); |
2989 | } | |
2990 | } | |
2991 | ||
2992 | extern "C" | |
2993 | void timeout_callback(AVAHI_GCC_UNUSED AvahiTimeout *e, AVAHI_GCC_UNUSED void *userdata) { | |
2994 | browsing_context *context = (browsing_context *)userdata; | |
2995 | AvahiSimplePoll *simple_poll = context->simple_poll; | |
2996 | avahi_simple_poll_quit(simple_poll); | |
2997 | } | |
2998 | #endif // HAVE_AVAHI | |
2999 | ||
b0e5fa85 | 3000 | static void |
7543625d DB |
3001 | get_or_keep_online_server_info ( |
3002 | systemtap_session &s, | |
3003 | vector<compile_server_info> &servers, | |
3004 | bool keep | |
3005 | ) | |
85007c04 | 3006 | { |
7543625d DB |
3007 | // If we're filtering the list and it's already empty, then |
3008 | // there's nothing to do. | |
3009 | if (keep && servers.empty ()) | |
3010 | return; | |
3011 | ||
eff14db3 JS |
3012 | // We only need to obtain this once per session. This is a good thing(tm) |
3013 | // since obtaining this information is expensive. | |
3014 | vector<compile_server_info>& online_servers = cscache(s)->online_servers; | |
2e15a955 DB |
3015 | if (online_servers.empty ()) |
3016 | { | |
0d1534e8 DB |
3017 | // Maintain an empty entry to indicate that this search has been |
3018 | // performed, in case the search comes up empty. | |
3019 | online_servers.push_back (compile_server_info ()); | |
3020 | #if HAVE_AVAHI | |
2e15a955 DB |
3021 | // Must predeclare these due to jumping on error to fail: |
3022 | unsigned limit; | |
3023 | vector<compile_server_info> raw_servers; | |
1f9938b9 | 3024 | |
2e15a955 DB |
3025 | // Initialize. |
3026 | AvahiClient *client = NULL; | |
3027 | AvahiServiceBrowser *sb = NULL; | |
85007c04 | 3028 | |
2e15a955 DB |
3029 | // Allocate main loop object. |
3030 | AvahiSimplePoll *simple_poll; | |
3031 | if (!(simple_poll = avahi_simple_poll_new())) | |
3032 | { | |
aeb9cc10 | 3033 | clog << _("Failed to create Avahi simple poll object") << endl; |
2e15a955 DB |
3034 | goto fail; |
3035 | } | |
3036 | browsing_context context; | |
3037 | context.simple_poll = simple_poll; | |
3038 | context.servers = & raw_servers; | |
3039 | ||
3040 | // Allocate a new Avahi client | |
3041 | int error; | |
3042 | client = avahi_client_new (avahi_simple_poll_get (simple_poll), | |
3043 | (AvahiClientFlags)0, | |
3044 | client_callback, & context, & error); | |
3045 | ||
3046 | // Check whether creating the client object succeeded. | |
3047 | if (! client) | |
3048 | { | |
aeb9cc10 | 3049 | clog << _F("Failed to create Avahi client: %s", |
58a834b1 | 3050 | avahi_strerror(error)) << endl; |
2e15a955 DB |
3051 | goto fail; |
3052 | } | |
3053 | context.client = client; | |
85007c04 | 3054 | |
2e15a955 DB |
3055 | // Create the service browser. |
3056 | if (!(sb = avahi_service_browser_new (client, AVAHI_IF_UNSPEC, | |
3057 | AVAHI_PROTO_UNSPEC, "_stap._tcp", | |
3058 | NULL, (AvahiLookupFlags)0, | |
3059 | browse_callback, & context))) | |
3060 | { | |
aeb9cc10 | 3061 | clog << _F("Failed to create Avahi service browser: %s", |
58a834b1 | 3062 | avahi_strerror(avahi_client_errno(client))) << endl; |
2e15a955 DB |
3063 | goto fail; |
3064 | } | |
85007c04 | 3065 | |
2e15a955 DB |
3066 | // Timeout after 2 seconds. |
3067 | struct timeval tv; | |
3068 | avahi_simple_poll_get(simple_poll)->timeout_new( | |
85007c04 | 3069 | avahi_simple_poll_get(simple_poll), |
2e15a955 DB |
3070 | avahi_elapse_time(&tv, 1000*2, 0), |
3071 | timeout_callback, | |
3072 | & context); | |
85007c04 | 3073 | |
2e15a955 DB |
3074 | // Run the main loop. |
3075 | avahi_simple_poll_loop(simple_poll); | |
1f9938b9 | 3076 | |
2e15a955 DB |
3077 | // Resolve each server discovered and eliminate duplicates. |
3078 | limit = raw_servers.size (); | |
3079 | for (unsigned i = 0; i < limit; ++i) | |
3080 | { | |
3081 | compile_server_info &raw_server = raw_servers[i]; | |
3082 | ||
3083 | // Delete the domain, if it is '.local' | |
3084 | string &host_name = raw_server.host_name; | |
3085 | string::size_type dot_index = host_name.find ('.'); | |
3086 | assert (dot_index != 0); | |
3087 | string domain = host_name.substr (dot_index + 1); | |
3088 | if (domain == "local") | |
3089 | host_name = host_name.substr (0, dot_index); | |
3090 | ||
2e15a955 | 3091 | // Add it to the list of servers, unless it is duplicate. |
d7cec9ad | 3092 | resolve_host (s, raw_server, online_servers); |
2e15a955 | 3093 | } |
1f9938b9 | 3094 | |
2e15a955 DB |
3095 | fail: |
3096 | // Cleanup. | |
3097 | if (sb) | |
85007c04 DB |
3098 | avahi_service_browser_free(sb); |
3099 | ||
2e15a955 | 3100 | if (client) |
85007c04 DB |
3101 | avahi_client_free(client); |
3102 | ||
2e15a955 | 3103 | if (simple_poll) |
85007c04 | 3104 | avahi_simple_poll_free(simple_poll); |
0d1534e8 DB |
3105 | #else // ! HAVE_AVAHI |
3106 | // Without Avahi, we can't detect online servers. Issue a warning. | |
3107 | if (s.verbose) | |
58a834b1 | 3108 | clog << _("Unable to detect online servers") << endl; |
0d1534e8 | 3109 | #endif // ! HAVE_AVAHI |
2e15a955 DB |
3110 | } // Server information is not cached. |
3111 | ||
7543625d | 3112 | if (keep) |
0d1534e8 DB |
3113 | { |
3114 | // Filter the existing vector by keeping the information in common with | |
3115 | // the online_server vector. | |
3116 | keep_common_server_info (online_servers, servers); | |
3117 | } | |
3118 | else | |
3119 | { | |
c77af0d0 | 3120 | // Add the information, but not duplicates. |
7543625d | 3121 | add_server_info (online_servers, servers); |
0d1534e8 | 3122 | } |
85007c04 | 3123 | } |
2e15a955 | 3124 | |
0d1534e8 DB |
3125 | // Add server info to a list, avoiding duplicates. Merge information from |
3126 | // two duplicate items. | |
b0e5fa85 | 3127 | static void |
2e15a955 | 3128 | add_server_info ( |
7543625d | 3129 | const compile_server_info &info, vector<compile_server_info>& target |
2e15a955 DB |
3130 | ) |
3131 | { | |
7543625d DB |
3132 | if (info.empty ()) |
3133 | return; | |
3134 | ||
3135 | bool found = false; | |
3136 | for (vector<compile_server_info>::iterator i = target.begin (); | |
3137 | i != target.end (); | |
3138 | ++i) | |
2e15a955 | 3139 | { |
7543625d DB |
3140 | if (info == *i) |
3141 | { | |
3142 | // Duplicate. Merge the two items. | |
3143 | merge_server_info (info, *i); | |
3144 | found = true; | |
3145 | } | |
3146 | } | |
3147 | if (! found) | |
3148 | target.push_back (info); | |
3149 | } | |
3150 | ||
3151 | // Add server info from one vector to another. | |
3152 | static void | |
3153 | add_server_info ( | |
3154 | const vector<compile_server_info> &source, | |
3155 | vector<compile_server_info> &target | |
3156 | ) | |
3157 | { | |
3158 | for (vector<compile_server_info>::const_iterator i = source.begin (); | |
3159 | i != source.end (); | |
3160 | ++i) | |
3161 | { | |
3162 | add_server_info (*i, target); | |
3163 | } | |
3164 | } | |
3165 | ||
3166 | // Filter the vector by keeping information in common with the item. | |
3167 | static void | |
3168 | keep_common_server_info ( | |
3169 | const compile_server_info &info_to_keep, | |
3170 | vector<compile_server_info> &filtered_info | |
3171 | ) | |
3172 | { | |
3173 | assert (! info_to_keep.empty ()); | |
3174 | ||
3175 | // The vector may change size as we go. Be careful!! | |
3176 | for (unsigned i = 0; i < filtered_info.size (); /**/) | |
3177 | { | |
3178 | // Retain empty entries. | |
3179 | if (filtered_info[i].empty ()) | |
3180 | { | |
3181 | ++i; | |
3182 | continue; | |
3183 | } | |
3184 | if (info_to_keep == filtered_info[i]) | |
3185 | { | |
3186 | merge_server_info (info_to_keep, filtered_info[i]); | |
3187 | ++i; | |
3188 | continue; | |
3189 | } | |
3190 | // The item does not match. Delete it. | |
3191 | filtered_info.erase (filtered_info.begin () + i); | |
3192 | continue; | |
2e15a955 | 3193 | } |
2e15a955 | 3194 | } |
0d1534e8 DB |
3195 | |
3196 | // Filter the second vector by keeping information in common with the first | |
3197 | // vector. | |
b0e5fa85 | 3198 | static void |
0d1534e8 DB |
3199 | keep_common_server_info ( |
3200 | const vector<compile_server_info> &info_to_keep, | |
3201 | vector<compile_server_info> &filtered_info | |
3202 | ) | |
3203 | { | |
7543625d | 3204 | // The vector may change size as we go. Be careful!! |
0d1534e8 DB |
3205 | for (unsigned i = 0; i < filtered_info.size (); /**/) |
3206 | { | |
7543625d DB |
3207 | // Retain empty entries. |
3208 | if (filtered_info[i].empty ()) | |
0d1534e8 | 3209 | { |
0d1534e8 DB |
3210 | ++i; |
3211 | continue; | |
3212 | } | |
7543625d DB |
3213 | bool found = false; |
3214 | for (unsigned j = 0; j < info_to_keep.size (); ++j) | |
3215 | { | |
3216 | if (filtered_info[i] == info_to_keep[j]) | |
3217 | { | |
3218 | merge_server_info (info_to_keep[j], filtered_info[i]); | |
3219 | found = true; | |
3220 | } | |
3221 | } | |
0d1534e8 | 3222 | |
7543625d DB |
3223 | // If the item was not found. Delete it. Otherwise, advance to the next |
3224 | // item. | |
3225 | if (found) | |
3226 | ++i; | |
3227 | else | |
3228 | filtered_info.erase (filtered_info.begin () + i); | |
0d1534e8 DB |
3229 | } |
3230 | } | |
3231 | ||
3232 | // Merge two compile server info items. | |
b0e5fa85 | 3233 | static void |
0d1534e8 DB |
3234 | merge_server_info ( |
3235 | const compile_server_info &source, | |
3236 | compile_server_info &target | |
3237 | ) | |
3238 | { | |
3239 | if (target.host_name.empty ()) | |
3240 | target.host_name = source.host_name; | |
3241 | if (target.ip_address.empty ()) | |
3242 | target.ip_address = source.ip_address; | |
3243 | if (target.port == 0) | |
3244 | target.port = source.port; | |
3245 | if (target.sysinfo.empty ()) | |
3246 | target.sysinfo = source.sysinfo; | |
85717fe6 DB |
3247 | if (target.version.empty ()) |
3248 | target.version = source.version; | |
0d1534e8 DB |
3249 | if (target.certinfo.empty ()) |
3250 | target.certinfo = source.certinfo; | |
3251 | } | |
3252 | ||
7543625d DB |
3253 | #if 0 // not used right now |
3254 | // Merge compile server info from one item into a vector. | |
b0e5fa85 | 3255 | static void |
0d1534e8 | 3256 | merge_server_info ( |
7543625d | 3257 | const compile_server_info &source, |
0d1534e8 DB |
3258 | vector<compile_server_info> &target |
3259 | ) | |
3260 | { | |
7543625d DB |
3261 | for (vector<compile_server_info>::iterator i = target.begin (); |
3262 | i != target.end (); | |
3263 | ++i) | |
3264 | { | |
3265 | if (source == *i) | |
3266 | merge_server_info (source, *i); | |
3267 | } | |
0d1534e8 DB |
3268 | } |
3269 | ||
7543625d | 3270 | // Merge compile server from one vector into another. |
b0e5fa85 | 3271 | static void |
0d1534e8 DB |
3272 | merge_server_info ( |
3273 | const vector<compile_server_info> &source, | |
7543625d | 3274 | vector <compile_server_info> &target |
0d1534e8 DB |
3275 | ) |
3276 | { | |
3277 | for (vector<compile_server_info>::const_iterator i = source.begin (); | |
7543625d DB |
3278 | i != source.end (); |
3279 | ++i) | |
3280 | merge_server_info (*i, target); | |
0d1534e8 | 3281 | } |
7543625d | 3282 | #endif |
2e46c01a JS |
3283 | |
3284 | /* vim: set sw=2 ts=8 cino=>4,n-2,{2,^-2,t0,(0,u0,w1,M1 : */ |