apod.in 2.1 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37
#!/usr/bin/perl -wT

#
# EMULAB-COPYRIGHT
# Copyright (c) 2000-2002 University of Utah and the Flux Group.
# All rights reserved.
#

use English;
use Getopt::Std;

#
# Authenticated ICMP Ping of Death (APoD)
# A wrapper for the basic ipod program.  Queries the DB for the 32 byte,
# one-time "hash" used to identify ourselves.
#
# usage: apod node [node ...]
#        Exit value is the sum of the ipod exit codes.
#
sub usage()
{
    print STDOUT "Usage: apod node [node ...]\n";
    exit(-1);
}

#
# Configure variables
#
my $TB		= "@prefix@";

#
# Testbed Support libraries
#
use lib "@prefix@/lib";
use libdb;
use libtestbed;

38 39
my $ipod	= "$TB/sbin/ipod";
#my $ipod	= "./ipod";
40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109

# un-taint path
$ENV{'PATH'} = '/bin:/sbin:/usr/bin:/usr/local/bin';
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};

# Turn off line buffering on output
$| = 1; 

#
# We don't want to run this script unless its the real version.
#
if ($EUID != 0) {
    die("Must be root! Maybe its a development version?");
}

if (@ARGV == 0) {
    usage();
}
    
# Untaint the nodes.
foreach my $node ( @ARGV ) {
    if ($node =~ /^([-\@\w]+)$/) {
	$node = $1;
    }
    else {
	die("Bad node name: $node.");
    }
    
    push(@nodes, $node);
}

#
# Verify permission to PoD these nodes.
#
if ($UID && !TBAdmin($UID) &&
    ! TBNodeAccessCheck($UID, TB_NODEACCESS_REBOOT, @nodes)) {
    die("You do not have permission to APOD one (or more) ".
	"of the nodes!\n");
}

#
# Smack em!
#
foreach my $node (@nodes) {
    my $query_result = DBQueryFatal("select ipodhash from nodes ".
		     "where node_id='$node'");

    if ($query_result->numrows != 1) {
	print STDOUT "No ipodhash entry for node $node!?\n";
	exit(-1);
    }

    my ($hash) = $query_result->fetchrow_array();
    my $didit = 0;
    if (defined($hash)) {
	if (system("echo $hash | $ipod -i - $node") != 0) {
	    print STDOUT "Authenticated IPOD failed on node $node";
	} else {
	    $didit = 1;
	}
    } else {
	print STDOUT "No hash for node $node";
    }
    if (!$didit) {
	print STDOUT ", attempting naked IPOD...\n";
	if (system("$ipod $node") != 0) {
	    print STDOUT "IPOD failed on node $node\n";
	}
    }
}