Commit 247fd7a1 authored by Leigh B. Stoller's avatar Leigh B. Stoller

A bit more cleanup. Installed and running on minibed with SSL enabled.

parent 4f9b11e8
......@@ -20,9 +20,9 @@ TMLIBS = ${OBJDIR}/lib/libtb/libtb.a
#
# For SSL enabled tmcd/tmcc
#
#CFLAGS += -DWITHSSL -DETCDIR='"$(INSTALL_ETCDIR)"'
#TMLIBS += -lssl -lcrypto
#SSLOBJ = ssl.o
CFLAGS += -DWITHSSL -DETCDIR='"$(INSTALL_ETCDIR)"'
TMLIBS += -lssl -lcrypto
SSLOBJ = ssl.o
ifeq ($(EVENTSYS),1)
TMCDCFLAGS = `elvin-config --cflags vin4c` \
......
......@@ -34,6 +34,10 @@
#define SERVER_CERTFILE "server.pem"
#define CLIENT_CERTFILE "client.pem"
#ifdef linux
#define EAUTH EPERM
#endif
/*
* This is used by tmcd to determine if the connection is ssl or not.
*/
......@@ -120,7 +124,7 @@ int
tmcd_client_sslinit(void)
{
char buf[BUFSIZ], **cp;
client = 1;
SSL_library_init();
SSL_load_error_strings();
......@@ -249,7 +253,7 @@ tmcd_sslconnect(int sock, const struct sockaddr *name, socklen_t namelen)
X509 *peer;
char cname[256];
struct hostent *he;
struct in_addr ipaddr;
struct in_addr ipaddr, cnameip;
if (connect(sock, name, namelen) < 0)
return -1;
......@@ -306,14 +310,19 @@ tmcd_sslconnect(int sock, const struct sockaddr *name, socklen_t namelen)
*/
ipaddr = ((struct sockaddr_in *)name)->sin_addr;
if (!(he = gethostbyaddr((char *) &ipaddr, sizeof(ipaddr), AF_INET))) {
error("Could not reverse map %s: %s\n",
inet_ntoa(ipaddr), hstrerror(h_errno));
if (!(he = gethostbyname(cname))) {
error("Could not map %s: %s\n", cname, hstrerror(h_errno));
goto badauth;
}
if (strcmp(he->h_name, cname)) {
error("Certificate commonname mismatch: %s!=%s\n",
he->h_name, cname);
memcpy((char *)&cnameip, he->h_addr, he->h_length);
if (ipaddr.s_addr != cnameip.s_addr) {
char buf[BUFSIZ];
strcpy(buf, inet_ntoa(ipaddr));
error("Certificate mismatch: %s mapped to %s instead of %s\n",
cname, buf, inet_ntoa(cnameip));
goto badauth;
}
......
......@@ -438,7 +438,7 @@ handle_request(int sock, struct sockaddr_in *client, char *rdata, int istcp)
{
struct sockaddr_in redirect_client;
int redirect = 0;
char buf[BUFSIZ], *bp;
char buf[BUFSIZ], *bp, *cp;
char nodeid[TBDB_FLEN_NODEID];
char class[TBDB_FLEN_NODECLASS];
char type[TBDB_FLEN_NODETYPE];
......@@ -567,15 +567,20 @@ handle_request(int sock, struct sockaddr_in *client, char *rdata, int istcp)
*/
bp += strlen(command_array[i].cmdname);
#ifdef WITHSSL
cp = isssl ? "ssl:yes" : "ssl:no";
#else
cp = "";
#endif
/*
* XXX hack, don't log "log" contents,
* both for privacy and to keep our syslog smaller.
*/
if (command_array[i].func == dolog)
info("%s: log %d chars\n", nodeid, strlen(bp));
info("%s: %s log %d chars\n", nodeid, cp, strlen(bp));
else
info("%s: vers:%d %s\n", nodeid,
version, command_array[i].cmdname);
info("%s: vers:%d %s %s\n", nodeid,
version, cp, command_array[i].cmdname);
err = command_array[i].func(sock, nodeid, bp, istcp, version);
......@@ -807,7 +812,7 @@ COMMAND_PROTOTYPE(doifconfig)
strcat(buf, "\n");
client_writeback(sock, buf, strlen(buf), tcp);
info("IFCONFIG: %s\n", buf);
info("IFCONFIG: %s", buf);
}
skipit:
nrows--;
......@@ -887,7 +892,7 @@ COMMAND_PROTOTYPE(doaccounts)
gidint = atoi(row[1]);
sprintf(buf, "ADDGROUP NAME=%s GID=%d\n", row[0], gidint);
client_writeback(sock, buf, strlen(buf), tcp);
info("ACCOUNTS: %s\n", buf);
info("ACCOUNTS: %s", buf);
nrows--;
}
......@@ -1182,7 +1187,7 @@ COMMAND_PROTOTYPE(dodelay)
client_writeback(sock, buf, strlen(buf), tcp);
nrows--;
info("DELAY: %s\n", buf);
info("DELAY: %s", buf);
}
mysql_free_result(res);
......@@ -1407,7 +1412,7 @@ COMMAND_PROTOTYPE(dohosts)
host->vname : " ");
}
client_writeback(sock, buf, strlen(buf), tcp);
info("HOSTNAMES: %s\n", buf);
info("HOSTNAMES: %s", buf);
host = host->next;
}
......@@ -1471,7 +1476,7 @@ COMMAND_PROTOTYPE(dorpms)
sprintf(buf, "RPM=%s\n", bp);
client_writeback(sock, buf, strlen(buf), tcp);
info("RPM: %s\n", buf);
info("RPM: %s", buf);
} while ((bp = sp));
......@@ -1532,7 +1537,7 @@ COMMAND_PROTOTYPE(dotarballs)
sprintf(buf, "DIR=%s TARBALL=%s\n", bp, tp);
client_writeback(sock, buf, strlen(buf), tcp);
info("TARBALLS: %s\n", buf);
info("TARBALLS: %s", buf);
} while ((bp = sp));
......@@ -1590,7 +1595,7 @@ COMMAND_PROTOTYPE(dodeltas)
sprintf(buf, "DELTA=%s\n", bp);
client_writeback(sock, buf, strlen(buf), tcp);
info("DELTAS: %s\n", buf);
info("DELTAS: %s", buf);
} while ((bp = sp));
......@@ -1668,7 +1673,7 @@ COMMAND_PROTOTYPE(dostartcmd)
mysql_free_result(res);
client_writeback(sock, buf, strlen(buf), tcp);
info("STARTUPCMD: %s\n", buf);
info("STARTUPCMD: %s", buf);
return 0;
}
......@@ -1804,7 +1809,7 @@ COMMAND_PROTOTYPE(doreadycount)
sprintf(buf, "READY=%d TOTAL=%d\n", ready, total);
client_writeback(sock, buf, strlen(buf), tcp);
info("READYCOUNT: %s: %s\n", nodeid, buf);
info("READYCOUNT: %s: %s", nodeid, buf);
return 0;
}
......@@ -1955,7 +1960,7 @@ COMMAND_PROTOTYPE(domounts)
client_writeback(sock, buf, strlen(buf), tcp);
nrows--;
info("MOUNTS: %s\n", buf);
info("MOUNTS: %s", buf);
}
mysql_free_result(res);
......@@ -2012,7 +2017,7 @@ COMMAND_PROTOTYPE(dorouting)
mysql_free_result(res);
client_writeback(sock, buf, strlen(buf), tcp);
info("ROUTES: %s\n", buf);
info("ROUTES: %s", buf);
return 0;
}
......@@ -2058,7 +2063,7 @@ COMMAND_PROTOTYPE(doloadinfo)
mysql_free_result(res);
client_writeback(sock, buf, strlen(buf), tcp);
info("doloadinfo: %s\n", buf);
info("doloadinfo: %s", buf);
return 0;
}
......@@ -2191,7 +2196,7 @@ COMMAND_PROTOTYPE(dotrafgens)
client_writeback(sock, buf, strlen(buf), tcp);
nrows--;
info("TRAFGENS: %s\n", buf);
info("TRAFGENS: %s", buf);
}
mysql_free_result(res);
return 0;
......@@ -2300,7 +2305,8 @@ COMMAND_PROTOTYPE(dostate)
address_tuple_free(tuple);
#endif /* EVENTSYS */
info("STATE: %s\n", newstate);
return 0;
}
......@@ -2344,7 +2350,7 @@ COMMAND_PROTOTYPE(docreator)
mysql_free_result(res);
client_writeback(sock, buf, strlen(buf), tcp);
info("CREATOR: %s\n", buf);
info("CREATOR: %s", buf);
return 0;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment