Commit 6d8c7463 authored by Mike Hibler's avatar Mike Hibler

Add SendApod() method to Node object, change apod command to use it.

This will enable stated to call it directly and avoid a level of fork/exec.
Also, add "-h <hash>" command line option to ipod command to avoid perl
needing to invoke a shell during system(). And clean up ipod/apod makefile,
don't need to install apod setuid since ipod is already.
parent 1233bb78
......@@ -30,13 +30,14 @@ use vars qw(@ISA @EXPORT $AUTOLOAD @EXPORT_OK);
@EXPORT = qw();
# Configure variables
use vars qw($TB $BOSSNODE $WOL $OSSELECT $ISUTAH $CONTROL_NETMASK
use vars qw($TB $BOSSNODE $WOL $OSSELECT $IPOD $ISUTAH $CONTROL_NETMASK
$TBOPS $JAILIPMASK);
$TB = "@prefix@";
$BOSSNODE = "@BOSSNODE@";
$TBOPS = "@TBOPSEMAIL@";
$WOL = "$TB/sbin/whol";
$OSSELECT = "$TB/bin/os_select";
$IPOD = "$TB/sbin/ipod";
# XXX stinky hack detection
$ISUTAH = @TBMAINSITE@;
# Need this for jail ip assignment.
......@@ -3499,5 +3500,47 @@ sub RunningOsImage($)
return ($osinfo, $image);
}
#
# Send an authenticated ipod to the node.
# Return 0 on success, non-zero otherwise.
#
sub SendApod($$)
{
my ($self,$tryipod) = @_;
return -1
if (! ref($self));
my $nodeid = $self->node_id();
my $query_result =
DBQueryFatal("select ipodhash from nodes where node_id='$nodeid'");
if ($query_result && $query_result->numrows == 1) {
my ($hash) = $query_result->fetchrow_array();
if ($hash) {
#
# It is okay to put this hash on the command line in the
# Emulab context. These are one-time passwords, and for that
# one time, if someone sees it on the command line the worst
# they can do is reboot the node. And that is what we are trying
# to do anyway!
#
# Also, note there we do not quote the hash, we don't want
# perl to invoke an extra level of shell. The hash had better
# not have any spaces or shell metachars!
#
if (system("$IPOD -h $hash $nodeid") == 0) {
return 0;
}
}
}
# no hash or authenticated version failed, try plain ole ipod
if ($tryipod && system("$IPOD $nodeid") == 0) {
return 0;
}
return -1;
}
# _Always_ make sure that this 1 is at the end of the file...
1;
#
# Copyright (c) 2000-2012 University of Utah and the Flux Group.
# Copyright (c) 2000-2013 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
......@@ -32,11 +32,6 @@ all: ipod apod
# These binaries installed setuid, with sudo.
SETUID_SBIN_PROGS = ipod
# These scripts installed setuid, with sudo.
SETUID_BIN_SCRIPTS =
SETUID_SBIN_SCRIPTS = apod
SETUID_LIBX_SCRIPTS =
include $(TESTBED_SRCDIR)/GNUmakerules
CFLAGS= -g -O2
......@@ -45,13 +40,6 @@ ipod: ipod.c
$(CC) $(CFLAGS) -o ipod $<
install: all $(INSTALL_SBINDIR)/ipod $(INSTALL_SBINDIR)/apod
echo "Don't forget to do a post-install as root"
post-install:
chown root $(INSTALL_SBINDIR)/ipod
chmod u+s $(INSTALL_SBINDIR)/ipod
chown root $(INSTALL_SBINDIR)/apod
chmod u+s $(INSTALL_SBINDIR)/apod
#
# Control node installation (okay, plastic)
......
#!/usr/bin/perl -wT
#
# Copyright (c) 2000-2002 University of Utah and the Flux Group.
# Copyright (c) 2000-2013 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
......@@ -51,6 +51,7 @@ my $TB = "@prefix@";
use lib "@prefix@/lib";
use libdb;
use libtestbed;
use Node;
my $ipod = "$TB/sbin/ipod";
#my $ipod = "./ipod";
......@@ -62,13 +63,6 @@ delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
# Turn off line buffering on output
$| = 1;
#
# We don't want to run this script unless its the real version.
#
if ($EUID != 0) {
die("Must be root! Maybe its a development version?");
}
if (@ARGV == 0) {
usage();
}
......@@ -97,30 +91,14 @@ if ($UID && !TBAdmin($UID) &&
#
# Smack em!
#
my $rv = 0;
foreach my $node (@nodes) {
my $query_result = DBQueryFatal("select ipodhash from nodes ".
"where node_id='$node'");
my $nodeobj = Node->Lookup($node);
if ($query_result->numrows != 1) {
print STDOUT "No ipodhash entry for node $node!?\n";
exit(-1);
}
my ($hash) = $query_result->fetchrow_array();
my $didit = 0;
if (defined($hash)) {
if (system("echo $hash | $ipod -i - $node") != 0) {
print STDOUT "Authenticated IPOD failed on node $node";
} else {
$didit = 1;
}
} else {
print STDOUT "No hash for node $node";
}
if (!$didit) {
print STDOUT ", attempting naked IPOD...\n";
if (system("$ipod $node") != 0) {
print STDOUT "IPOD failed on node $node\n";
}
if ($nodeobj->SendApod(1)) {
print STDERR "Authenticated IPOD failed on node $node\n";
$rv++;
}
}
exit($rv);
/*
* Copyright (c) 2000-2002 University of Utah and the Flux Group.
* Copyright (c) 2000-2013 University of Utah and the Flux Group.
*
* {{{EMULAB-LICENSE
*
......@@ -140,7 +140,8 @@ int makehosts(char **hostlist)
void usage(char *prog)
{
fprintf(stderr, "%s [ -s src ] [ -i identityfile ] target [ target ... ]\n",
fprintf(stderr,
"%s [ -s src ] [ -i hashfile ] [-h hash ] target [ target ... ]\n",
prog);
}
......@@ -268,7 +269,7 @@ main(int argc, char **argv)
querytype = IPOD_ICMPTYPE; /* the magical death packet number */
while ((ch = getopt(argc, argv, "s:i:")) != -1)
while ((ch = getopt(argc, argv, "s:i:h:")) != -1)
switch(ch)
{
case 's':
......@@ -292,6 +293,15 @@ main(int argc, char **argv)
exit(2);
}
break;
case 'h':
myidlen = strlen(optarg);
if (myidlen != IPOD_IDLEN) {
fprintf(stderr, "-h: identity hash must be %d bytes\n",
IPOD_IDLEN);
exit(2);
}
memcpy(myid, optarg, IPOD_IDLEN);
break;
default:
usage(progname);
exit(-1);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment