From 247fd7a14e9ed72da069a60c7329f23e51bb9754 Mon Sep 17 00:00:00 2001
From: "Leigh B. Stoller" <stoller@flux.utah.edu>
Date: Wed, 10 Apr 2002 20:41:16 +0000
Subject: [PATCH] A bit more cleanup. Installed and running on minibed with SSL
 enabled.

---
 tmcd/GNUmakefile.in |  6 +++---
 tmcd/ssl.c          | 25 +++++++++++++++++--------
 tmcd/tmcd.c         | 44 +++++++++++++++++++++++++-------------------
 3 files changed, 45 insertions(+), 30 deletions(-)

diff --git a/tmcd/GNUmakefile.in b/tmcd/GNUmakefile.in
index 3bb107da1..43e66648e 100644
--- a/tmcd/GNUmakefile.in
+++ b/tmcd/GNUmakefile.in
@@ -20,9 +20,9 @@ TMLIBS	 = ${OBJDIR}/lib/libtb/libtb.a
 #
 # For SSL enabled tmcd/tmcc
 #
-#CFLAGS	+= -DWITHSSL -DETCDIR='"$(INSTALL_ETCDIR)"'
-#TMLIBS	+= -lssl -lcrypto
-#SSLOBJ   = ssl.o
+CFLAGS	+= -DWITHSSL -DETCDIR='"$(INSTALL_ETCDIR)"'
+TMLIBS	+= -lssl -lcrypto
+SSLOBJ   = ssl.o
 
 ifeq ($(EVENTSYS),1)
 	TMCDCFLAGS = `elvin-config --cflags vin4c` \
diff --git a/tmcd/ssl.c b/tmcd/ssl.c
index 76fac7f9a..3c72e14fa 100644
--- a/tmcd/ssl.c
+++ b/tmcd/ssl.c
@@ -34,6 +34,10 @@
 #define SERVER_CERTFILE		"server.pem"
 #define CLIENT_CERTFILE		"client.pem"
 
+#ifdef linux
+#define EAUTH	EPERM
+#endif
+
 /*
  * This is used by tmcd to determine if the connection is ssl or not.
  */
@@ -120,7 +124,7 @@ int
 tmcd_client_sslinit(void)
 {
 	char	buf[BUFSIZ], **cp;
-	
+
 	client = 1;
 	SSL_library_init();
 	SSL_load_error_strings();
@@ -249,7 +253,7 @@ tmcd_sslconnect(int sock, const struct sockaddr *name, socklen_t namelen)
 	X509		*peer;
 	char		cname[256];
 	struct hostent	*he;
-	struct in_addr  ipaddr;
+	struct in_addr  ipaddr, cnameip;
 	
 	if (connect(sock, name, namelen) < 0)
 		return -1;
@@ -306,14 +310,19 @@ tmcd_sslconnect(int sock, const struct sockaddr *name, socklen_t namelen)
 	 */
 	ipaddr = ((struct sockaddr_in *)name)->sin_addr;
 	
-	if (!(he = gethostbyaddr((char *) &ipaddr, sizeof(ipaddr), AF_INET))) {
-		error("Could not reverse map %s: %s\n",
-		      inet_ntoa(ipaddr), hstrerror(h_errno));
+	if (!(he = gethostbyname(cname))) {
+		error("Could not map %s: %s\n", cname, hstrerror(h_errno));
 		goto badauth;
 	}
-	if (strcmp(he->h_name, cname)) {
-		error("Certificate commonname mismatch: %s!=%s\n",
-		      he->h_name, cname);
+	memcpy((char *)&cnameip, he->h_addr, he->h_length);
+
+	if (ipaddr.s_addr != cnameip.s_addr) {
+		char buf[BUFSIZ];
+		
+		strcpy(buf, inet_ntoa(ipaddr));
+		
+		error("Certificate mismatch: %s mapped to %s instead of %s\n",
+		      cname, buf, inet_ntoa(cnameip));
 		goto badauth;
 	}
 	
diff --git a/tmcd/tmcd.c b/tmcd/tmcd.c
index a68a2c664..1431013ef 100644
--- a/tmcd/tmcd.c
+++ b/tmcd/tmcd.c
@@ -438,7 +438,7 @@ handle_request(int sock, struct sockaddr_in *client, char *rdata, int istcp)
 {
 	struct sockaddr_in redirect_client;
 	int		   redirect = 0;
-	char		   buf[BUFSIZ], *bp;
+	char		   buf[BUFSIZ], *bp, *cp;
 	char		   nodeid[TBDB_FLEN_NODEID];
 	char		   class[TBDB_FLEN_NODECLASS];
 	char		   type[TBDB_FLEN_NODETYPE];
@@ -567,15 +567,20 @@ handle_request(int sock, struct sockaddr_in *client, char *rdata, int istcp)
 	 */
 	bp += strlen(command_array[i].cmdname);
 
+#ifdef	WITHSSL
+	cp = isssl ? "ssl:yes" : "ssl:no";
+#else
+	cp = "";
+#endif
 	/*
 	 * XXX hack, don't log "log" contents,
 	 * both for privacy and to keep our syslog smaller.
 	 */
 	if (command_array[i].func == dolog)
-		info("%s: log %d chars\n", nodeid, strlen(bp));
+		info("%s: %s log %d chars\n", nodeid, cp, strlen(bp));
 	else
-		info("%s: vers:%d %s\n", nodeid,
-		     version, command_array[i].cmdname);
+		info("%s: vers:%d %s %s\n", nodeid,
+		     version, cp, command_array[i].cmdname);
 
 	err = command_array[i].func(sock, nodeid, bp, istcp, version);
 
@@ -807,7 +812,7 @@ COMMAND_PROTOTYPE(doifconfig)
 
 			strcat(buf, "\n");
 			client_writeback(sock, buf, strlen(buf), tcp);
-			info("IFCONFIG: %s\n", buf);
+			info("IFCONFIG: %s", buf);
 		}
 	skipit:
 		nrows--;
@@ -887,7 +892,7 @@ COMMAND_PROTOTYPE(doaccounts)
 		gidint = atoi(row[1]);
 		sprintf(buf, "ADDGROUP NAME=%s GID=%d\n", row[0], gidint);
 		client_writeback(sock, buf, strlen(buf), tcp);
-		info("ACCOUNTS: %s\n", buf);
+		info("ACCOUNTS: %s", buf);
 
 		nrows--;
 	}
@@ -1182,7 +1187,7 @@ COMMAND_PROTOTYPE(dodelay)
 			
 		client_writeback(sock, buf, strlen(buf), tcp);
 		nrows--;
-		info("DELAY: %s\n", buf);
+		info("DELAY: %s", buf);
 	}
 	mysql_free_result(res);
 
@@ -1407,7 +1412,7 @@ COMMAND_PROTOTYPE(dohosts)
 				 host->vname : " ");
 		}
 		client_writeback(sock, buf, strlen(buf), tcp);
-		info("HOSTNAMES: %s\n", buf);
+		info("HOSTNAMES: %s", buf);
 
 		host = host->next;
 	}
@@ -1471,7 +1476,7 @@ COMMAND_PROTOTYPE(dorpms)
 
 		sprintf(buf, "RPM=%s\n", bp);
 		client_writeback(sock, buf, strlen(buf), tcp);
-		info("RPM: %s\n", buf);
+		info("RPM: %s", buf);
 		
 	} while ((bp = sp));
 	
@@ -1532,7 +1537,7 @@ COMMAND_PROTOTYPE(dotarballs)
 
 		sprintf(buf, "DIR=%s TARBALL=%s\n", bp, tp);
 		client_writeback(sock, buf, strlen(buf), tcp);
-		info("TARBALLS: %s\n", buf);
+		info("TARBALLS: %s", buf);
 		
 	} while ((bp = sp));
 	
@@ -1590,7 +1595,7 @@ COMMAND_PROTOTYPE(dodeltas)
 
 		sprintf(buf, "DELTA=%s\n", bp);
 		client_writeback(sock, buf, strlen(buf), tcp);
-		info("DELTAS: %s\n", buf);
+		info("DELTAS: %s", buf);
 		
 	} while ((bp = sp));
 	
@@ -1668,7 +1673,7 @@ COMMAND_PROTOTYPE(dostartcmd)
 	mysql_free_result(res);
 	
 	client_writeback(sock, buf, strlen(buf), tcp);
-	info("STARTUPCMD: %s\n", buf);
+	info("STARTUPCMD: %s", buf);
 	
 	return 0;
 }
@@ -1804,7 +1809,7 @@ COMMAND_PROTOTYPE(doreadycount)
 	sprintf(buf, "READY=%d TOTAL=%d\n", ready, total);
 	client_writeback(sock, buf, strlen(buf), tcp);
 		
-	info("READYCOUNT: %s: %s\n", nodeid, buf);
+	info("READYCOUNT: %s: %s", nodeid, buf);
 
 	return 0;
 }
@@ -1955,7 +1960,7 @@ COMMAND_PROTOTYPE(domounts)
 		client_writeback(sock, buf, strlen(buf), tcp);
 		
 		nrows--;
-		info("MOUNTS: %s\n", buf);
+		info("MOUNTS: %s", buf);
 	}
 	mysql_free_result(res);
 
@@ -2012,7 +2017,7 @@ COMMAND_PROTOTYPE(dorouting)
 	mysql_free_result(res);
 
 	client_writeback(sock, buf, strlen(buf), tcp);
-	info("ROUTES: %s\n", buf);
+	info("ROUTES: %s", buf);
 
 	return 0;
 }
@@ -2058,7 +2063,7 @@ COMMAND_PROTOTYPE(doloadinfo)
 	mysql_free_result(res);
 
 	client_writeback(sock, buf, strlen(buf), tcp);
-	info("doloadinfo: %s\n", buf);
+	info("doloadinfo: %s", buf);
 	
 	return 0;
 }
@@ -2191,7 +2196,7 @@ COMMAND_PROTOTYPE(dotrafgens)
 		client_writeback(sock, buf, strlen(buf), tcp);
 		
 		nrows--;
-		info("TRAFGENS: %s\n", buf);
+		info("TRAFGENS: %s", buf);
 	}
 	mysql_free_result(res);
 	return 0;
@@ -2300,7 +2305,8 @@ COMMAND_PROTOTYPE(dostate)
 
 	address_tuple_free(tuple);
 #endif /* EVENTSYS */
-
+	
+	info("STATE: %s\n", newstate);
 	return 0;
 
 }
@@ -2344,7 +2350,7 @@ COMMAND_PROTOTYPE(docreator)
 	mysql_free_result(res);
 
 	client_writeback(sock, buf, strlen(buf), tcp);
-	info("CREATOR: %s\n", buf);
+	info("CREATOR: %s", buf);
 
 	return 0;
 }
-- 
GitLab