A bit more cleanup. Installed and running on minibed with SSL enabled.

247fd7a1 · Leigh B. Stoller · 4f9b11e8 · 247fd7a1 · 247fd7a1 · 247fd7a1
Commit 247fd7a1 authored Apr 10, 2002 by Leigh B. Stoller
Hide whitespace changes
Inline Side-by-side

Showing with 45 additions and 30 deletions

tmcd/GNUmakefile.in tmcd/GNUmakefile.in +3 -3

tmcd/ssl.c tmcd/ssl.c +17 -8

tmcd/tmcd.c tmcd/tmcd.c +25 -19

No files found.
--- a/tmcd/GNUmakefile.in
+++ b/tmcd/GNUmakefile.in
@@ -20,9 +20,9 @@ TMLIBS	 = ${OBJDIR}/lib/libtb/libtb.a
 #
 # For SSL enabled tmcd/tmcc
 #
-#CFLAGS	+= -DWITHSSL -DETCDIR='"$(INSTALL_ETCDIR)"'
-#TMLIBS	+= -lssl -lcrypto
-#SSLOBJ   = ssl.o
+CFLAGS	+= -DWITHSSL -DETCDIR='"$(INSTALL_ETCDIR)"'
+TMLIBS	+= -lssl -lcrypto
+SSLOBJ   = ssl.o

 ifeq ($(EVENTSYS),1)
 	TMCDCFLAGS = `elvin-config --cflags vin4c` \

--- a/tmcd/ssl.c
+++ b/tmcd/ssl.c
@@ -34,6 +34,10 @@
 #define SERVER_CERTFILE		"server.pem"
 #define CLIENT_CERTFILE		"client.pem"

+#ifdef linux
+#define EAUTH	EPERM
+#endif
+
 /*
 * This is used by tmcd to determine if the connection is ssl or not.
 */
@@ -120,7 +124,7 @@ int
 tmcd_client_sslinit(void)
 {
 	char	buf[BUFSIZ], **cp;
-	
+
 	client = 1;
 	SSL_library_init();
 	SSL_load_error_strings();
@@ -249,7 +253,7 @@ tmcd_sslconnect(int sock, const struct sockaddr *name, socklen_t namelen)
 	X509		*peer;
 	char		cname[256];
 	struct hostent	*he;
-	struct in_addr  ipaddr;
+	struct in_addr  ipaddr, cnameip;
 	
 	if (connect(sock, name, namelen) < 0)
 		return -1;
@@ -306,14 +310,19 @@ tmcd_sslconnect(int sock, const struct sockaddr *name, socklen_t namelen)
 	 */
 	ipaddr = ((struct sockaddr_in *)name)->sin_addr;
 	
-	if (!(he = gethostbyaddr((char *) &ipaddr, sizeof(ipaddr), AF_INET))) {
-		error("Could not reverse map %s: %s\n",
-		      inet_ntoa(ipaddr), hstrerror(h_errno));
+	if (!(he = gethostbyname(cname))) {
+		error("Could not map %s: %s\n", cname, hstrerror(h_errno));
 		goto badauth;
 	}
-	if (strcmp(he->h_name, cname)) {
-		error("Certificate commonname mismatch: %s!=%s\n",
-		      he->h_name, cname);
+	memcpy((char *)&cnameip, he->h_addr, he->h_length);
+
+	if (ipaddr.s_addr != cnameip.s_addr) {
+		char buf[BUFSIZ];
+		
+		strcpy(buf, inet_ntoa(ipaddr));
+		
+		error("Certificate mismatch: %s mapped to %s instead of %s\n",
+		      cname, buf, inet_ntoa(cnameip));
 		goto badauth;
 	}
 	

--- a/tmcd/tmcd.c
+++ b/tmcd/tmcd.c
@@ -438,7 +438,7 @@ handle_request(int sock, struct sockaddr_in *client, char *rdata, int istcp)
 {
 	struct sockaddr_in redirect_client;
 	int		   redirect = 0;
-	char		   buf[BUFSIZ], *bp;
+	char		   buf[BUFSIZ], *bp, *cp;
 	char		   nodeid[TBDB_FLEN_NODEID];
 	char		   class[TBDB_FLEN_NODECLASS];
 	char		   type[TBDB_FLEN_NODETYPE];
@@ -567,15 +567,20 @@ handle_request(int sock, struct sockaddr_in *client, char *rdata, int istcp)
 	 */
 	bp += strlen(command_array[i].cmdname);

+#ifdef	WITHSSL
+	cp = isssl ? "ssl:yes" : "ssl:no";
+#else
+	cp = "";
+#endif
 	/*
 	 * XXX hack, don't log "log" contents,
 	 * both for privacy and to keep our syslog smaller.
 	 */
 	if (command_array[i].func == dolog)
-		info("%s: log %d chars\n", nodeid, strlen(bp));
+		info("%s: %s log %d chars\n", nodeid, cp, strlen(bp));
 	else
-		info("%s: vers:%d %s\n", nodeid,
-		     version, command_array[i].cmdname);
+		info("%s: vers:%d %s %s\n", nodeid,
+		     version, cp, command_array[i].cmdname);

 	err = command_array[i].func(sock, nodeid, bp, istcp, version);

@@ -807,7 +812,7 @@ COMMAND_PROTOTYPE(doifconfig)

 			strcat(buf, "\n");
 			client_writeback(sock, buf, strlen(buf), tcp);
-			info("IFCONFIG: %s\n", buf);
+			info("IFCONFIG: %s", buf);
 		}
 	skipit:
 		nrows--;
@@ -887,7 +892,7 @@ COMMAND_PROTOTYPE(doaccounts)
 		gidint = atoi(row[1]);
 		sprintf(buf, "ADDGROUP NAME=%s GID=%d\n", row[0], gidint);
 		client_writeback(sock, buf, strlen(buf), tcp);
-		info("ACCOUNTS: %s\n", buf);
+		info("ACCOUNTS: %s", buf);

 		nrows--;
 	}
@@ -1182,7 +1187,7 @@ COMMAND_PROTOTYPE(dodelay)
 			
 		client_writeback(sock, buf, strlen(buf), tcp);
 		nrows--;
-		info("DELAY: %s\n", buf);
+		info("DELAY: %s", buf);
 	}
 	mysql_free_result(res);

@@ -1407,7 +1412,7 @@ COMMAND_PROTOTYPE(dohosts)
 				 host->vname : " ");
 		}
 		client_writeback(sock, buf, strlen(buf), tcp);
-		info("HOSTNAMES: %s\n", buf);
+		info("HOSTNAMES: %s", buf);

 		host = host->next;
 	}
@@ -1471,7 +1476,7 @@ COMMAND_PROTOTYPE(dorpms)

 		sprintf(buf, "RPM=%s\n", bp);
 		client_writeback(sock, buf, strlen(buf), tcp);
-		info("RPM: %s\n", buf);
+		info("RPM: %s", buf);
 		
 	} while ((bp = sp));
 	
@@ -1532,7 +1537,7 @@ COMMAND_PROTOTYPE(dotarballs)

 		sprintf(buf, "DIR=%s TARBALL=%s\n", bp, tp);
 		client_writeback(sock, buf, strlen(buf), tcp);
-		info("TARBALLS: %s\n", buf);
+		info("TARBALLS: %s", buf);
 		
 	} while ((bp = sp));
 	
@@ -1590,7 +1595,7 @@ COMMAND_PROTOTYPE(dodeltas)

 		sprintf(buf, "DELTA=%s\n", bp);
 		client_writeback(sock, buf, strlen(buf), tcp);
-		info("DELTAS: %s\n", buf);
+		info("DELTAS: %s", buf);
 		
 	} while ((bp = sp));
 	
@@ -1668,7 +1673,7 @@ COMMAND_PROTOTYPE(dostartcmd)
 	mysql_free_result(res);
 	
 	client_writeback(sock, buf, strlen(buf), tcp);
-	info("STARTUPCMD: %s\n", buf);
+	info("STARTUPCMD: %s", buf);
 	
 	return 0;
 }
@@ -1804,7 +1809,7 @@ COMMAND_PROTOTYPE(doreadycount)
 	sprintf(buf, "READY=%d TOTAL=%d\n", ready, total);
 	client_writeback(sock, buf, strlen(buf), tcp);
 		
-	info("READYCOUNT: %s: %s\n", nodeid, buf);
+	info("READYCOUNT: %s: %s", nodeid, buf);

 	return 0;
 }
@@ -1955,7 +1960,7 @@ COMMAND_PROTOTYPE(domounts)
 		client_writeback(sock, buf, strlen(buf), tcp);
 		
 		nrows--;
-		info("MOUNTS: %s\n", buf);
+		info("MOUNTS: %s", buf);
 	}
 	mysql_free_result(res);

@@ -2012,7 +2017,7 @@ COMMAND_PROTOTYPE(dorouting)
 	mysql_free_result(res);

 	client_writeback(sock, buf, strlen(buf), tcp);
-	info("ROUTES: %s\n", buf);
+	info("ROUTES: %s", buf);

 	return 0;
 }
@@ -2058,7 +2063,7 @@ COMMAND_PROTOTYPE(doloadinfo)
 	mysql_free_result(res);

 	client_writeback(sock, buf, strlen(buf), tcp);
-	info("doloadinfo: %s\n", buf);
+	info("doloadinfo: %s", buf);
 	
 	return 0;
 }
@@ -2191,7 +2196,7 @@ COMMAND_PROTOTYPE(dotrafgens)
 		client_writeback(sock, buf, strlen(buf), tcp);
 		
 		nrows--;
-		info("TRAFGENS: %s\n", buf);
+		info("TRAFGENS: %s", buf);
 	}
 	mysql_free_result(res);
 	return 0;
@@ -2300,7 +2305,8 @@ COMMAND_PROTOTYPE(dostate)

 	address_tuple_free(tuple);
 #endif /* EVENTSYS */
-
+	
+	info("STATE: %s\n", newstate);
 	return 0;

 }
@@ -2344,7 +2350,7 @@ COMMAND_PROTOTYPE(docreator)
 	mysql_free_result(res);

 	client_writeback(sock, buf, strlen(buf), tcp);
-	info("CREATOR: %s\n", buf);
+	info("CREATOR: %s", buf);

 	return 0;
 }