Commit 3a67ca5f authored by Leigh Stoller's avatar Leigh Stoller

Move .acl file into tiplogs directory since nothing in /dev/tip

is actually used anymore.
Added a "generic" entry to /etc/remote so that we do not need tip
entries for each node; they all look the same anyway.
Change tip to lookup up generic /etc/remote entry, just to make
tip happy. The acl file comes from the tiplogs directory, as
set in the header file.
parent ff588b6c
......@@ -13,6 +13,13 @@
#define SERVERPORT 855
#define DEVPATH "/dev"
#define TIPPATH "/dev/tip"
#ifdef HPBSD
#define LOGPATH "/usr/adm/tiplogs"
#else
#define LOGPATH "/var/log/tiplogs"
#endif
/* Socket based tip/capture uses an ACL file to hold key below. */
#define ACLPATH LOGPATH
/*
* The key is transferred in ascii text.
......
......@@ -78,11 +78,6 @@ void usage();
/*
* Configurable things.
*/
#ifdef HPBSD
#define LOGPATH "/usr/adm/tiplogs"
#else
#define LOGPATH "/var/log/tiplogs"
#endif
#define PIDNAME "%s/%s.pid"
#define LOGNAME "%s/%s.log"
#define RUNNAME "%s/%s.run"
......@@ -1054,7 +1049,7 @@ createkey()
* This is still secure in that we rely on unix permission, which
* is how most of our security is based anyway.
*/
(void) sprintf(aclname, ACLNAME, TIPPATH, Machine);
(void) sprintf(aclname, ACLNAME, ACLPATH, Machine);
/*
* We want to control the mode bits when this file is created.
......
......@@ -67,7 +67,7 @@ foreach my $node ( keys %nodepid ) {
my $pid = $nodepid{$node};
my $filename = "${node}.run";
my $tipdevname = "$TIPDEVDIR/$node";
my $aclname = "$TIPDEVDIR/$node.acl";
my $aclname = "${node}.acl";
#
# Find out the current group setting for the file.
......@@ -132,8 +132,10 @@ foreach my $node ( keys %nodepid ) {
# inaccessible to both old and new users while we revoke access from
# any current tip user.
#
chmod(0600, $tipdevname) or
die("Could not chmod(0600) $tipdevname: $!");
if (-e $tipdevname) {
chmod(0600, $tipdevname) or
die("Could not chmod(0600) $tipdevname: $!");
}
#
# Ditto for the "acl" file, which is how socket based tip/capture enforce
......@@ -150,6 +152,9 @@ foreach my $node ( keys %nodepid ) {
#
kill('USR2', $procid) or
die("Could not signal(USR2) process $procid for log $filename");
# Give capture the chance to react.
# Don't use sleep cause 1 second too long wait when doing 25 nodes!
select(undef, undef, undef, 0.2);
#
# Set the mode and group on the tty that tip is going to use. This
......@@ -157,10 +162,12 @@ foreach my $node ( keys %nodepid ) {
# program.
#
setperms:
chown(0, $gid, $tipdevname) or
die("Could not chown(0, $gid) $tipdevname: $!");
chmod(0660, $tipdevname) or
die("Could not chmod(0660) $tipdevname: $!");
if (-e $tipdevname) {
chown(0, $gid, $tipdevname) or
die("Could not chown(0, $gid) $tipdevname: $!");
chmod(0660, $tipdevname) or
die("Could not chmod(0660) $tipdevname: $!");
}
#
# Ditto for "acl" file, which new tip needs access to.
......@@ -168,7 +175,7 @@ foreach my $node ( keys %nodepid ) {
if (-e $aclname) {
chown(0, $gid, $aclname) or
die("Could not chown(0, $gid) $aclname: $!");
chmod(0660, $aclname) or
chmod(0600, $aclname) or
die("Could not chmod(0660) $aclname: $!");
}
}
......
......@@ -67,7 +67,7 @@ foreach my $node ( keys %nodepid ) {
my $pid = $nodepid{$node};
my $filename = "${node}.run";
my $tipdevname = "$TIPDEVDIR/$node";
my $aclname = "$TIPDEVDIR/$node.acl";
my $aclname = "${node}.acl";
#
# Find out the current group setting for the file.
......@@ -132,8 +132,10 @@ foreach my $node ( keys %nodepid ) {
# inaccessible to both old and new users while we revoke access from
# any current tip user.
#
chmod(0600, $tipdevname) or
die("Could not chmod(0600) $tipdevname: $!");
if (-e $tipdevname) {
chmod(0600, $tipdevname) or
die("Could not chmod(0600) $tipdevname: $!");
}
#
# Ditto for the "acl" file, which is how socket based tip/capture enforce
......@@ -150,6 +152,9 @@ foreach my $node ( keys %nodepid ) {
#
kill('USR2', $procid) or
die("Could not signal(USR2) process $procid for log $filename");
# Give capture the chance to react.
# Don't use sleep cause 1 second too long wait when doing 25 nodes!
select(undef, undef, undef, 0.2);
#
# Set the mode and group on the tty that tip is going to use. This
......@@ -157,10 +162,12 @@ foreach my $node ( keys %nodepid ) {
# program.
#
setperms:
chown(0, $gid, $tipdevname) or
die("Could not chown(0, $gid) $tipdevname: $!");
chmod(0660, $tipdevname) or
die("Could not chmod(0660) $tipdevname: $!");
if (-e $tipdevname) {
chown(0, $gid, $tipdevname) or
die("Could not chown(0, $gid) $tipdevname: $!");
chmod(0660, $tipdevname) or
die("Could not chmod(0660) $tipdevname: $!");
}
#
# Ditto for "acl" file, which new tip needs access to.
......@@ -168,7 +175,7 @@ foreach my $node ( keys %nodepid ) {
if (-e $aclname) {
chown(0, $gid, $aclname) or
die("Could not chown(0, $gid) $aclname: $!");
chmod(0660, $aclname) or
chmod(0600, $aclname) or
die("Could not chmod(0660) $aclname: $!");
}
}
......
......@@ -36,7 +36,7 @@
static char sccsid[] = "@(#)hunt.c 8.1 (Berkeley) 6/6/93";
#endif
static const char rcsid[] =
"$Id: hunt.c,v 1.5 2001-08-09 18:40:43 stoller Exp $";
"$Id: hunt.c,v 1.6 2001-08-14 19:05:12 stoller Exp $";
#endif /* not lint */
#ifdef USESOCKETS
......@@ -46,6 +46,7 @@ static const char rcsid[] =
#include <netdb.h>
#include "capdecls.h"
int socket_hunt(char *devname);
int socket_open(char *devname);
#endif
......@@ -77,6 +78,12 @@ hunt(name)
register char *cp;
sig_t f;
int res;
#ifdef USESOCKETS
if ((res = socket_hunt(name)) >= 0) {
return 1;
}
#endif
f = signal(SIGALRM, dead);
while ((cp = getremote(name))) {
......@@ -100,15 +107,6 @@ hunt(name)
break;
if (setjmp(deadline) == 0) {
alarm(10);
#ifdef USESOCKETS
if ((FD = socket_open(name)) >= 0) {
HW = 0;
alarm(0);
signal(SIGALRM, SIG_DFL);
return ((int)cp);
}
else
#endif
if ((FD = open(cp, O_RDWR)) >= 0)
ioctl(FD, TIOCEXCL, 0);
}
......@@ -142,6 +140,45 @@ hunt(name)
}
#ifdef USESOCKETS
int
socket_hunt(name)
char *name;
{
register char *cp;
sig_t f;
int res;
/*
* There needs to be a "generic" entry in the remote file
* to keep the rest of tip happy. This could go away if
* we drop/rewrite tip.
*/
if (! (cp = getremote("generic"))) {
fprintf(stderr, "No generic entry in remote file!\n");
return -1;
}
/*
* Force HW to zero since that makes no sense in socket based tip.
*/
HW = 0;
f = signal(SIGALRM, dead);
deadfl = 0;
if (setjmp(deadline) == 0) {
alarm(10);
FD = socket_open(name);
}
alarm(0);
if (FD < 0) {
warn("%s", name);
deadfl = 1;
}
signal(SIGALRM, f);
return (deadfl ? -1 : 0);
}
/*
*
*/
......@@ -155,10 +192,10 @@ socket_open(char *tipname)
secretkey_t key;
int port;
char hostname[MAXHOSTNAMELEN];
FILE *fp;
FILE *fp;
struct hostent *he;
(void) sprintf(aclname, "%s/%s.acl", TIPPATH, tipname);
(void) sprintf(aclname, "%s/%s.acl", ACLPATH, tipname);
if ((fp = fopen(aclname, "r")) == NULL) {
return -1;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment