...
 
Commits (249)
......@@ -9,9 +9,10 @@
magic_quotes_gpc = Off
;
; Our scripts depend on this!
; Our scripts depend on this being on!
; Not any more!
;
register_globals = On
register_globals = Off
;
; Turn off the feature of php that kills programs after a set execution time
......
......@@ -714,6 +714,7 @@ ScriptAlias /cvsweb/ "/usr/testbed/www/cvsweb/"
Alias /jabber/ "/usr/testbed/www/jabber/"
ScriptAlias /spewrpmtar /usr/testbed/cgi-bin/spewrpmtar_cgi
ScriptAlias /d77e8041d1ad /usr/testbed/cgi-bin/shellinabox.pl
<Directory "/usr/testbed/cgi-bin">
Options FollowSymLinks
......
......@@ -1487,6 +1487,175 @@ ScriptAlias /protogeni/xmlrpc @prefix@/protogeni/xmlrpc/protogeni-wrapper.pl
SetEnv USER "nobody"
</Directory>
</VirtualHost>
# Another virtual host, for unprotected GENI XMLRPC calls (without client auth)
Listen @GENI_PUBRPCPORT@
<VirtualHost @PROTOGENI_RPCNAME@:@GENI_PUBRPCPORT@>
# General setup for the virtual host, inherited from global configuration
DocumentRoot "@prefix@/www"
ServerName @PROTOGENI_RPCNAME@
ServerAdmin @TBOPSEMAIL_NOSLASH@
LogLevel warn
ErrorLog @prefix@/log/apache_ssl_error_log
TransferLog @prefix@/log/apache_ssl_access_log
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# SSL Protocol support:
# List the enable protocol levels with which clients will be able to
# connect. Disable SSLv2 access by default:
SSLProtocol all -SSLv2
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. A new
# certificate can be generated using the genkey(1) command.
SSLCertificateFile @prefix@/etc/genirpc.pem
# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile @prefix@/etc/genirpc.pem
# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convinience.
#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
# Certificate Authority (CA):
# Set the CA certificate verification path where to find CA
# certificates for client authentication or alternatively one
# huge file containing all of them (file must be PEM encoded)
#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
# Client Authentication (Type):
# Client certificate verification type and depth. Types are
# none, optional, require and optional_no_ca. Depth is a
# number which specifies how deeply to verify the certificate
# issuer chain before deciding the certificate is not valid.
SSLVerifyClient none
# Access Control:
# With SSLRequire you can do per-directory access control based
# on arbitrary complex boolean expressions containing server
# variable checks and other lookup directives. The syntax is a
# mixture between C and Perl. See the mod_ssl documentation
# for more details.
#<Location />
#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
#</Location>
# SSL Engine Options:
# Set various options for the SSL engine.
# o FakeBasicAuth:
# Translate the client X.509 into a Basic Authorisation. This means that
# the standard Auth/DBMAuth methods can be used for access control. The
# user name is the `one line' version of the client's X.509 certificate.
# Note that no password is obtained from the user. Every entry in the user
# file needs this password: `xxj31ZMTZzkVA'.
# o ExportCertData:
# This exports two additional environment variables: SSL_CLIENT_CERT and
# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
# server (always existing) and the client (only existing when client
# authentication is used). This can be used to import the certificates
# into CGI scripts.
# o StdEnvVars:
# This exports the standard SSL/TLS related `SSL_*' environment variables.
# Per default this exportation is switched off for performance reasons,
# because the extraction step is an expensive operation and is usually
# useless for serving static content. So one usually enables the
# exportation for CGI and SSI requests only.
# o StrictRequire:
# This denies access when "SSLRequireSSL" or "SSLRequire" applied even
# under a "Satisfy any" situation, i.e. when it applies access is denied
# and no other module can change it.
# o OptRenegotiate:
# This enables optimized SSL connection renegotiation handling when SSL
# directives are used in per-directory context.
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
# SSL Protocol Adjustments:
# The safe and default but still SSL/TLS standard compliant shutdown
# approach is that mod_ssl sends the close notify alert but doesn't wait for
# the close notify alert from client. When you need a different shutdown
# approach you can use one of the following variables:
# o ssl-unclean-shutdown:
# This forces an unclean shutdown when the connection is closed, i.e. no
# SSL close notify alert is send or allowed to received. This violates
# the SSL/TLS standard but is needed for some brain-dead browsers. Use
# this when you receive I/O errors because of the standard approach where
# mod_ssl sends the close notify alert.
# o ssl-accurate-shutdown:
# This forces an accurate shutdown when the connection is closed, i.e. a
# SSL close notify alert is send and mod_ssl waits for the close notify
# alert of the client. This is 100% SSL/TLS standard compliant, but in
# practice often causes hanging connections with brain-dead browsers. Use
# this only for browsers where you know that their SSL implementation
# works correctly.
# Notice: Most problems of broken clients are also related to the HTTP
# keep-alive facility, so you usually additionally want to disable
# keep-alive for those clients, too. Use variable "nokeepalive" for this.
# Similarly, one has to force some clients to use HTTP/1.0 to workaround
# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
# "force-response-1.0" for this.
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# Per-Server Logging:
# The home of a custom SSL log file. Use this when you want a
# compact non-error SSL logfile on a virtual host basis.
CustomLog @prefix@/log/apache_ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
# A bundle of trusted protogeni sites.
SSLCACertificateFile @prefix@/etc/genica.bundle
# Another bundle of CRLs.
SSLCARevocationFile @prefix@/etc/genicrl.bundle
ScriptAlias /protogeni/pubxmlrpc @prefix@/protogeni/pubxmlrpc/pubgeni-wrapper.pl
ScriptAlias /protogeni/stoller/pubxmlrpc @prefix@/devel/stoller/protogeni/pubxmlrpc/pubgeni-wrapper.pl
ScriptAlias /protogeni/gtw/pubxmlrpc @prefix@/devel/gtw/protogeni/pubxmlrpc/pubgeni-wrapper.pl
<Directory "@prefix@/protogeni/pubxmlrpc/">
SSLRequireSSL
Order deny,allow
allow from all
SSLOptions +StdEnvVars
Options +ExecCGI +FollowSymLinks
SetHandler cgi-script
SetEnv USER "nobody"
</Directory>
</VirtualHost>
</IfDefine>
#
......
......@@ -1578,6 +1578,204 @@ ScriptAlias /protogeni/gtw/xmlrpc @prefix@/devel/gtw/protogeni/xmlrpc/protogeni-
SetEnv USER "nobody"
</Directory>
</VirtualHost>
# Another virtual host, for unprotected GENI XMLRPC calls (without client auth)
Listen @GENI_PUBRPCPORT@
<VirtualHost @PROTOGENI_RPCNAME@:@GENI_PUBRPCPORT@>
# General setup for the virtual host, inherited from global configuration
DocumentRoot "@prefix@/www"
ServerName @PROTOGENI_RPCNAME@
ServerAdmin @TBOPSEMAIL_NOSLASH@
LogLevel warn
ErrorLog @prefix@/log/apache_ssl_error_log
TransferLog @prefix@/log/apache_ssl_access_log
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# SSL Protocol support:
# List the enable protocol levels with which clients will be able to
# connect. Disable SSLv2 access by default:
SSLProtocol all -SSLv2
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. A new
# certificate can be generated using the genkey(1) command.
SSLCertificateFile @prefix@/etc/genirpc.pem
# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile @prefix@/etc/genirpc.pem
# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convinience.
#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
# Certificate Authority (CA):
# Set the CA certificate verification path where to find CA
# certificates for client authentication or alternatively one
# huge file containing all of them (file must be PEM encoded)
#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
# Client Authentication (Type):
# Client certificate verification type and depth. Types are
# none, optional, require and optional_no_ca. Depth is a
# number which specifies how deeply to verify the certificate
# issuer chain before deciding the certificate is not valid.
SSLVerifyClient none
# Access Control:
# With SSLRequire you can do per-directory access control based
# on arbitrary complex boolean expressions containing server
# variable checks and other lookup directives. The syntax is a
# mixture between C and Perl. See the mod_ssl documentation
# for more details.
#<Location />
#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
#</Location>
# SSL Engine Options:
# Set various options for the SSL engine.
# o FakeBasicAuth:
# Translate the client X.509 into a Basic Authorisation. This means that
# the standard Auth/DBMAuth methods can be used for access control. The
# user name is the `one line' version of the client's X.509 certificate.
# Note that no password is obtained from the user. Every entry in the user
# file needs this password: `xxj31ZMTZzkVA'.
# o ExportCertData:
# This exports two additional environment variables: SSL_CLIENT_CERT and
# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
# server (always existing) and the client (only existing when client
# authentication is used). This can be used to import the certificates
# into CGI scripts.
# o StdEnvVars:
# This exports the standard SSL/TLS related `SSL_*' environment variables.
# Per default this exportation is switched off for performance reasons,
# because the extraction step is an expensive operation and is usually
# useless for serving static content. So one usually enables the
# exportation for CGI and SSI requests only.
# o StrictRequire:
# This denies access when "SSLRequireSSL" or "SSLRequire" applied even
# under a "Satisfy any" situation, i.e. when it applies access is denied
# and no other module can change it.
# o OptRenegotiate:
# This enables optimized SSL connection renegotiation handling when SSL
# directives are used in per-directory context.
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
# SSL Protocol Adjustments:
# The safe and default but still SSL/TLS standard compliant shutdown
# approach is that mod_ssl sends the close notify alert but doesn't wait for
# the close notify alert from client. When you need a different shutdown
# approach you can use one of the following variables:
# o ssl-unclean-shutdown:
# This forces an unclean shutdown when the connection is closed, i.e. no
# SSL close notify alert is send or allowed to received. This violates
# the SSL/TLS standard but is needed for some brain-dead browsers. Use
# this when you receive I/O errors because of the standard approach where
# mod_ssl sends the close notify alert.
# o ssl-accurate-shutdown:
# This forces an accurate shutdown when the connection is closed, i.e. a
# SSL close notify alert is send and mod_ssl waits for the close notify
# alert of the client. This is 100% SSL/TLS standard compliant, but in
# practice often causes hanging connections with brain-dead browsers. Use
# this only for browsers where you know that their SSL implementation
# works correctly.
# Notice: Most problems of broken clients are also related to the HTTP
# keep-alive facility, so you usually additionally want to disable
# keep-alive for those clients, too. Use variable "nokeepalive" for this.
# Similarly, one has to force some clients to use HTTP/1.0 to workaround
# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
# "force-response-1.0" for this.
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# Per-Server Logging:
# The home of a custom SSL log file. Use this when you want a
# compact non-error SSL logfile on a virtual host basis.
CustomLog @prefix@/log/apache_ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
# A bundle of trusted protogeni sites.
SSLCACertificateFile @prefix@/etc/genica.bundle
# Another bundle of CRLs.
SSLCARevocationFile @prefix@/etc/genicrl.bundle
ScriptAlias /protogeni/pubxmlrpc @prefix@/protogeni/pubxmlrpc/protogeni-wrapper.pl
ScriptAlias /protogeni/stoller/pubxmlrpc @prefix@/devel/stoller/protogeni/pubxmlrpc/protogeni-wrapper.pl
ScriptAlias /protogeni/gtw/pubxmlrpc @prefix@/devel/gtw/protogeni/pubxmlrpc/protogeni-wrapper.pl
<Directory "@prefix@/protogeni/pubxmlrpc/">
SSLRequireSSL
Order deny,allow
allow from all
SSLOptions +StdEnvVars
Options +ExecCGI +FollowSymLinks
SetHandler cgi-script
SetEnv USER "nobody"
</Directory>
<Directory "@prefix@/devel/stoller/protogeni/pubxmlrpc/">
SSLRequireSSL
Order deny,allow
deny from all
allow from 155.98.60.
allow from 155.98.32.
allow from 155.98.33.74
# Leigh
allow from 155.98.39.70
allow from 69.59.214.104
# Jon
allow from 166.70.15.64
SSLOptions +StdEnvVars
Options +ExecCGI +FollowSymLinks
SetHandler cgi-script
SetEnv USER "nobody"
</Directory>
<Directory "@prefix@/devel/gtw/protogeni/pubxmlrpc/">
SSLRequireSSL
Order deny,allow
deny from all
allow from 155.98.60.
allow from 155.98.32.
allow from 155.98.33.74
SSLOptions +StdEnvVars
Options +ExecCGI +FollowSymLinks
SetHandler cgi-script
SetEnv USER "nobody"
</Directory>
</VirtualHost>
</IfDefine>
#
......
/*
* Copyright (c) 2000-2012 University of Utah and the Flux Group.
* Copyright (c) 2000-2013 University of Utah and the Flux Group.
*
* {{{EMULAB-LICENSE
*
......@@ -144,6 +144,7 @@ char *Devname;
char *Machine;
int logfd = -1, runfd, devfd = -1, ptyfd = -1;
int hwflow = 0, speed = B9600, debug = 0, runfile = 0, standalone = 0;
int nologfile = 0;
int stampinterval = -1;
int stamplast = 0;
sigset_t actionsigmask;
......@@ -173,6 +174,12 @@ gid_t tipgid;
uid_t tipuid;
char *uploadCommand;
int docircbuf = 0;
void initcircbuf();
void clearcircbuf();
void addtocircbuf(const char *bp, int cc);
void dumpcircbuf();
int Devproto;
#define PROTO_RAW 1
#define PROTO_TELNET 2
......@@ -357,7 +364,7 @@ main(int argc, char **argv)
else
Progname = *argv;
while ((op = getopt(argc, argv, "rds:Hb:ip:c:T:aou:v:PmL")) != EOF)
while ((op = getopt(argc, argv, "rds:Hb:ip:c:T:aonu:v:PmLC")) != EOF)
switch (op) {
#ifdef USESOCKETS
#ifdef WITHSSL
......@@ -365,6 +372,9 @@ main(int argc, char **argv)
certfile = optarg;
break;
#endif /* WITHSSL */
case 'C':
docircbuf = 1;
break;
case 'b':
Bossnode = optarg;
break;
......@@ -398,6 +408,9 @@ main(int argc, char **argv)
(speed = val2speed(i)) == 0)
usage();
break;
case 'n':
nologfile = 1;
break;
case 'L':
stamplast = 1;
break;
......@@ -555,6 +568,10 @@ main(int argc, char **argv)
if (gethostname(ourhostname, sizeof(ourhostname)) < 0)
die("gethostname(): %s", geterr(errno));
if (docircbuf) {
initcircbuf();
}
createkey();
dolog(LOG_NOTICE, "Ready! Listening on TCP port %d", portnum);
......@@ -621,7 +638,7 @@ main(int argc, char **argv)
die("%s: open: %s", Ptyname, geterr(errno));
#endif
if (!relay_snd) {
if (!(relay_snd || nologfile)) {
if ((logfd = open(Logname,O_WRONLY|O_CREAT|O_APPEND,0640)) < 0)
die("%s: open: %s", Logname, geterr(errno));
if (chmod(Logname, 0640) < 0)
......@@ -679,8 +696,10 @@ in(void)
}
sigprocmask(SIG_BLOCK, &actionsigmask, &omask);
if (write(logfd, buf, cc) < 0)
die("%s: write: %s", Logname, geterr(errno));
if (logfd >= 0) {
if (write(logfd, buf, cc) < 0)
die("%s: write: %s", Logname, geterr(errno));
}
if (runfile) {
if (write(runfd, buf, cc) < 0)
......@@ -858,7 +877,9 @@ send_to_logfile(const char *buf, int cc)
snprintf(stampbuf, sizeof stampbuf,
"\nSTAMP{%s}\n",
cts);
write(logfd, stampbuf, strlen(stampbuf));
if (logfd >= 0) {
(void) write(logfd, stampbuf, strlen(stampbuf));
}
}
laststamp = now;
}
......@@ -1044,11 +1065,15 @@ capture(void)
/* got EOF from client */
if (!tipactive) {
send_to_logfile(buf, cc);
addtocircbuf(buf, cc);
sigprocmask(SIG_SETMASK,
&omask, NULL);
goto disconnected;
}
}
else {
addtocircbuf(buf, cc);
}
send_to_logfile(buf, cc);
}
#else
......@@ -1165,13 +1190,16 @@ reinit(int sig)
* We know that the any pending write to the log file completed
* because we blocked SIGHUP during the write.
*/
close(logfd);
if ((logfd = open(Logname, O_WRONLY|O_CREAT|O_APPEND, 0640)) < 0)
die("%s: open: %s", Logname, geterr(errno));
if (chmod(Logname, 0640) < 0)
die("%s: chmod: %s", Logname, geterr(errno));
if (logfd >= 0) {
close(logfd);
}
if (!nologfile) {
if ((logfd = open(Logname,
O_WRONLY|O_CREAT|O_APPEND, 0640)) < 0)
die("%s: open: %s", Logname, geterr(errno));
if (chmod(Logname, 0640) < 0)
die("%s: chmod: %s", Logname, geterr(errno));
}
dolog(LOG_NOTICE, "new log started");
if (runfile)
......@@ -1197,6 +1225,8 @@ newrun(int sig)
die("%s: open: %s", Runname, geterr(errno));
#ifdef USESOCKETS
if (docircbuf)
clearcircbuf();
/*
* Set owner/group of the new run file. Avoid race in which a
* user can get the new file before the chmod, by creating 0600
......@@ -1236,6 +1266,9 @@ terminate(int sig)
if (runfile)
newrun(sig);
if (docircbuf)
clearcircbuf();
/* Must be done *after* all the above stuff is done! */
createkey();
#else
......@@ -1350,6 +1383,9 @@ cleanup(void)
(void) kill(pid, SIGTERM);
#endif
(void) unlink(Pidname);
#ifdef USESOCKETS
(void) unlink(Aclname);
#endif
}
char *
......@@ -1899,11 +1935,13 @@ clientconnect(void)
dolog(LOG_NOTICE, "got key" );
}
else if (!tipactive) {
else
#endif /* WITHSSL */
if (!tipactive) {
tipclient = sin;
ptyfd = newfd;
}
#endif /* WITHSSL */
}
/*
* Is there a better way to do this? I suppose we
* could shut the main socket down, and recreate
......@@ -1991,6 +2029,9 @@ clientconnect(void)
fdcount++;
}
tipactive = 1;
if (docircbuf) {
dumpcircbuf();
}
dolog(LOG_INFO, "%s connecting", inet_ntoa(tipclient.sin_addr));
return 0;
......@@ -2023,11 +2064,11 @@ handleupload(void)
drop = 1;
close(devfd);
/* XXX run uisp */
system(buffer);
(void) system(buffer);
rawmode(Devname, speed);
}
else {
write(upfilefd, buffer, rc);
(void) write(upfilefd, buffer, rc);
upfilesize += rc;
}
......@@ -2056,6 +2097,7 @@ createkey(void)
{
int cc, i, fd;
unsigned char buf[BUFSIZ];
char tmpname[BUFSIZE];
FILE *fp;
if (relay_snd)
......@@ -2109,8 +2151,14 @@ createkey(void)
* Sure, could change the umask, but I hate that function.
*/
(void) unlink(Aclname);
if ((fd = open(Aclname, O_WRONLY|O_CREAT|O_TRUNC, 0600)) < 0)
die("%s: open: %s", Aclname, geterr(errno));
/*
* Avoid race; open as different name and rename when done.
*/
(void) snprintf(tmpname, sizeof(tmpname), "%s.tmp", Aclname);
if ((fd = open(tmpname, O_WRONLY|O_CREAT|O_TRUNC, 0600)) < 0)
die("%s: open: %s", tmpname, geterr(errno));
/*
* Set owner/group of the new run file. Avoid race in which a
......@@ -2123,7 +2171,7 @@ createkey(void)
die("%s: fchmod: %s", Runname, geterr(errno));
if ((fp = fdopen(fd, "w")) == NULL)
die("fdopen(%s)", Aclname, geterr(errno));
die("fdopen(%s)", tmpname, geterr(errno));
fprintf(fp, "host: %s\n", ourhostname);
fprintf(fp, "port: %d\n", portnum);
......@@ -2134,6 +2182,9 @@ createkey(void)
fprintf(fp, "keylen: %d\n", secretkey.keylen);
fprintf(fp, "key: %s\n", secretkey.key);
fclose(fp);
if (rename(tmpname, Aclname)) {
die("%s: rename: %s", Aclname, geterr(errno));
}
/*
* Send the info over.
......@@ -2272,7 +2323,6 @@ handshake(void)
signal(SIGALRM, SIG_DFL);
return err;
}
#endif
#ifdef WITH_TELNET
#include <libtelnet.h>
......@@ -2363,3 +2413,71 @@ proto_telnet_init(void)
}
#endif
/*
* Store last output in a circular buffer so we can return it
* at connect. Nice to provide some context. But we simplify this
* by not storing any data when there is a connection, only when
* no one is listening. Then on connection, dump the contents of
* the buffer and reset back to the beginning.
*/
#define CIRCBUFSIZE (8 * 1024)
char *circp; // Next place to write.
int circcount; // How much in the buffer.
char *circbuf;
void
initcircbuf()
{
circbuf = calloc(1, CIRCBUFSIZE);
if (! circbuf) {
die("Could not allocate circbuf");
}
circp = circbuf;
}
void
clearcircbuf()
{
circp = circbuf;
circcount = 0;
}
void
addtocircbuf(const char *bp, int cc)
{
char *ep = circbuf + CIRCBUFSIZE;
if (!docircbuf)
return;
while (cc) {
*circp++ = *bp++;
if (circp == ep) {
circp = circbuf;
}
if (circcount < CIRCBUFSIZE) {
circcount++;
}
cc--;
}
}
void
dumpcircbuf()
{
if (! (circcount && docircbuf))
return;
if (circcount < CIRCBUFSIZE) {
send_to_client(circbuf, circcount);
}
else {
int cc = CIRCBUFSIZE - (circp - circbuf);
send_to_client(circp, cc);
send_to_client(circbuf, circcount - cc);
}
// Reset to empty for next time we disconnect.
clearcircbuf();
}
#endif /* USESOCKBUF */
#!/usr/bin/perl -w
#
# Copyright (c) 2006 University of Utah and the Flux Group.
# Copyright (c) 2006, 2013 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
......@@ -34,4 +34,13 @@ foreach my $p (@INC) {
exit(0);
}
}
#
# Around mid-2013 FreeBSD started installing into X.X rather than X.X.X
#
foreach my $p (@INC) {
if ($p =~ /perl5\/(\d+\.\d+)\//) {
print "$1";
exit(0);
}
}
exit(1);
......@@ -116,7 +116,11 @@ SERVEROBJS = server.o $(SHAREDOBJS)
# Default master server config
MSERVERFLAGS = -DUSE_NULL_CONFIG $(CFLAGS) -I$(OBJDIR)
MSERVEROBJS = mserver.o $(SHAREDOBJS) config.o config_null.o
ifeq ($(SYSTEM),Linux)
MSERVERLIBS = -lrt
else
MSERVERLIBS =
endif
# Master server based image uploader client
UPLOADFLAGS = $(CFLAGS)
......@@ -200,10 +204,11 @@ endif
#CFLAGS += -DNEVENTS=500000
# Turn on client event handling
#CFLAGS += -DDOEVENTS
#CLIENTOBJS += event.o $(OBJDIR)/event/lib/event.o $(OBJDIR)/event/lib/util.o
#CLIENTLIBS += `elvin-config --libs vin4c`
#EVENTFLAGS = $(CFLAGS) `elvin-config --cflags vin4c` -I$(TESTBED_SRCDIR)
# XXX renaming of PacketSend is to avoid a namespace collision with pubsub
#CFLAGS += -DDOEVENTS -DPacketSend=_frisPacketSend
#CLIENTOBJS += event.o $(OBJDIR)/lib/event/event.o $(OBJDIR)/lib/event/util.o
#CLIENTLIBS += -lpubsub
#EVENTFLAGS = $(CFLAGS) -I/usr/local/include/pubsub -I$(TESTBED_SRCDIR)
frisbee-debug: $(CLIENTOBJS)
$(CC) $(LDFLAGS) $(CLIENTFLAGS) $(CLIENTOBJS) $(CLIENTLIBS) $(IUZLIBS) -o $@
......
......@@ -581,17 +581,17 @@ main(int argc, char **argv)
event.data.start.chunkbufs <= MAXCHUNKBUFS)
maxchunkbufs = event.data.start.chunkbufs;
else
maxchunkbufs = MAXCHUNKBUFS;
maxchunkbufs = DEFCHUNKBUFS;
if (event.data.start.writebufmem >= 0 &&
event.data.start.writebufmem < MAXWRITEBUFMEM)
maxwritebufmem = event.data.start.writebufmem;
else
maxwritebufmem = MAXWRITEBUFMEM;
maxwritebufmem = DEFWRITEBUFMEM;
if (event.data.start.maxmem >= 0 &&
event.data.start.maxmem < MAXMEMUSE)
maxmem = event.data.start.maxmem;
else
maxmem = MAXMEMUSE;
maxmem = 0;
if (event.data.start.readahead >= 0 &&
event.data.start.readahead <= maxchunkbufs)
maxreadahead = event.data.start.readahead;
......
/*
* Copyright (c) 2002, 2003 University of Utah and the Flux Group.
* Copyright (c) 2002-2013 University of Utah and the Flux Group.
*
* {{{EMULAB-LICENSE
*
......@@ -28,6 +28,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <netdb.h>
#include <unistd.h>
#include <sys/types.h>
......@@ -37,7 +38,7 @@
#include <sys/time.h>
#include "lib/libtb/tbdefs.h"
#include "event/lib/event.h"
#include "lib/event/event.h"
#include "decls.h"
#include "log.h"
......@@ -330,7 +331,7 @@ EventInit(char *server)
tuple->site = ADDRESSTUPLE_ANY;
tuple->group = ADDRESSTUPLE_ANY;
tuple->expt = ADDRESSTUPLE_ANY;
tuple->objtype = TBDB_OBJECTTYPE_FRISBEE;
tuple->objtype = TBDB_OBJECTTYPE_CUSTOM;
tuple->objname = ADDRESSTUPLE_ANY;
tuple->eventtype = ADDRESSTUPLE_ANY;
......
......@@ -192,6 +192,7 @@ recv_file()
setitimer(ITIMER_REAL, &it, NULL);
}
gettimeofday(&st, NULL); /* XXX for early errors */
wbuf = malloc(bufsize);
if (wbuf == NULL) {
error("Could not allocate %d byte buffer, try using -b",
......
......@@ -47,6 +47,9 @@
#include <sys/wait.h>
#include <errno.h>
#include <assert.h>
#ifdef WITH_IGMP
#include <sys/time.h>
#endif
#include "decls.h"
#include "utils.h"
#include "configdefs.h"
......
......@@ -359,6 +359,19 @@ ServerNetInit(void)
CommonInit(1);
isclient = 0;
#ifdef linux
/*
* Enabled extended error reporting so that we get back ENOBUFS
* when we overrun the sent socket or NIC send buffers.
* For now we just do this on the client.
*/
{
int i = 1;
if (setsockopt(sock, SOL_IP, IP_RECVERR, &i, sizeof(i)) < 0)
pwarning("Could not enable extended errors");
}
#endif
return 1;
}
......@@ -485,6 +498,10 @@ PacketReceive(Packet_t *p)
return 0;
}
#ifndef MSG_DONTWAIT
#define MSG_DONTWAIT 0
#endif
/*
* We use blocking sends since there is no point in giving up. All packets
* go to the same place, whether client or server.
......@@ -496,7 +513,7 @@ void
PacketSend(Packet_t *p, int *resends)
{
struct sockaddr_in to;
int len, delays;
int len, delays, rc;
len = sizeof(p->hdr) + p->hdr.datalen;
p->hdr.srcip = myipaddr.s_addr;
......@@ -506,14 +523,22 @@ PacketSend(Packet_t *p, int *resends)
to.sin_addr.s_addr = mcastaddr.s_addr;
delays = 0;
while (sendto(sock, (void *)p, len, 0,
(struct sockaddr *)&to, sizeof(to)) < 0) {
if (errno != ENOBUFS)
while ((rc = sendto(sock, (void *)p, len, MSG_DONTWAIT,
(struct sockaddr *)&to, sizeof(to))) <= 0) {
if (rc < 0 && !(errno == ENOBUFS || errno == EAGAIN))
pfatal("PacketSend(sendto)");
/*
* ENOBUFS means we ran out of mbufs. Okay to sleep a bit
* to let things drain.
* ENOBUFS (BSD) or EAGAIN (Linux, because we set DONTWAIT)
* means there was not enough socket space for the packet.
* Okay to sleep a bit to let things drain.
*
* Note that on BSD, ENOBUFS is also returned when the NIC
* send buffers are full, so we should never lose a packet
* on the send path.
*
* On Linux, we get this behavior as well by turning on
* the extended error message passing (IP_RECVERR).
*/
delays++;
fsleep(nobufdelay);
......
......@@ -47,6 +47,17 @@ def usage():
print " -n, --no-cache disable reading cached results"
print " -p, --port specify server port"
print " -v, --version display server version"
print ""
print "Try \"" + sys.argv[ 0 ] + " commands\" for a list of supported commands."
def dump( sock ):
while True:
buf = sock.recv( 0x10000 )
if not buf:
break
sys.stdout.write( buf )
sock.close()
try:
opts, args = getopt.getopt( sys.argv[ 1: ], "achnp:v", [ "all", "client-version", "help", "no-cache", "port=", "version" ] )
......@@ -62,7 +73,7 @@ for opt, param in opts:
if opt in ( "-a", "--all" ):
command = "all"
elif opt in ( "-c", "--client-version" ):
print "1"
print "1.1"
sys.exit( 0 )
elif opt in ( "-h", "--help" ):
usage()
......@@ -99,10 +110,32 @@ sock = socket.socket( socket.AF_INET, socket.SOCK_STREAM )
sock.connect( (server, port) )
sock.send( "geni_" + command )
while True:
buf = sock.recv( 0x10000 )
if not buf:
break
print buf,
firstchar = sock.recv( 1 )
if not firstchar:
print >> sys.stderr, sys.argv[ 0 ] + ": unexpected EOF from server"
sys.exit( 1 )
if firstchar != "\x00":
# old protocol -- just dump everything
sys.stdout.write( firstchar )
dump( sock )
sys.exit( 0 )
nextchar = sock.recv( 1 )
if not nextchar:
print >> sys.stderr, sys.argv[ 0 ] + ": unexpected EOF from server"
sys.exit( 1 )
if nextchar == "\x00":
# error from server
sys.stderr.write( sys.argv[ 0 ] + ": " + command + ": " )
while True:
buf = sock.recv( 0x10000 )
if not buf:
sock.close()
sys.exit( 1 )
sys.stderr.write( buf )
sock.close()
# new protocol, success
sys.stdout.write( nextchar )
dump( sock )
......@@ -120,11 +120,11 @@ postprocessing()
# end XXX
# have needed dirs ?
[[ ! -d ${projdir}/$host ]] && ( mkdir -p ${projdir}/$host ; chmod g+x ${projdir}/$host )
[[ ! -d ${projdir}/$host/.tbdb ]] && ( mkdir -p ${projdir}/$host/.tbdb ; chmod g+x ${projdir}/$host/.tbdb )
[[ ! -d ${projdir}/$host/.full ]] && ( mkdir -p ${projdir}/$host/.full ; chmod g+x ${projdir}/$host/.full )
[[ ! -d ${projdir}/$host/.diff ]] && ( mkdir -p ${projdir}/$host/.diff ; chmod g+x ${projdir}/$host/.diff )
[[ ! -d ${projdir}/$host/.tmcc ]] && ( mkdir -p ${projdir}/$host/.tmcc ; chmod g+x ${projdir}/$host/.tmcc )
[[ ! -d ${projdir}/$host ]] && ( mkdir -p ${projdir}/$host ; chmod go+rx ${projdir}/$host )
[[ ! -d ${projdir}/$host/.tbdb ]] && ( mkdir -p ${projdir}/$host/.tbdb ; chmod go+rx ${projdir}/$host/.tbdb )
[[ ! -d ${projdir}/$host/.full ]] && ( mkdir -p ${projdir}/$host/.full ; chmod go+rx ${projdir}/$host/.full )
[[ ! -d ${projdir}/$host/.diff ]] && ( mkdir -p ${projdir}/$host/.diff ; chmod go+rx ${projdir}/$host/.diff )
[[ ! -d ${projdir}/$host/.tmcc ]] && ( mkdir -p ${projdir}/$host/.tmcc ; chmod go+rx ${projdir}/$host/.tmcc )
# copy over the files including timestamps
cp /tmp/nodecheck.log.tb.new ${projdir}/$host/.tbdb/$timestamp
......@@ -144,7 +144,7 @@ postprocessing()
cd $owd
# make sure no sudo is needed for read
chmod g+r ${projdir}/$host/.*/${timestamp}
chmod go+r ${projdir}/$host/.*/${timestamp}
fi
if (( $check_flag )) ; then
......
......@@ -41,6 +41,10 @@ fi
[[ -z "${projdir-}" ]] && declare projdir # from tmcc hwinfo
[[ -z "${errexit_val-}" ]] && declare errexit_val # holding var for set values, ie -e
[[ -z "${mfsmode-}" ]] && declare -i mfsmode=0 #are we running in a MFS?
[[ -z "${bitsize-}" ]] && declare bitsize=""
[[ -z "${native_bitsize-}" ]] && declare -i native_bitsize=0 # what is our native binary bit size
[[ -z "${USE_DD-}" ]] && declare USE_DD="tdd" # if set which dd for the tdd program to use
[[ -z "${TDD_DD-}" ]] && declare TDD_DD="dd" # if set which dd for the tdd program to use
# PathNames
[[ -z "${logfile-}" ]] && declare logfile # output log
......@@ -73,10 +77,29 @@ initialize () {
fi
fi
bitsize=$(uname -m)
case $bitsize in
i386 | x86 | i686 ) native_bitsize=32 ;;
amd64 | x86_64 ) native_bitsize=64 ;;
* ) native_bitsize=0 ;;
esac
if [ -f /etc/emulab/ismfs ] ; then
mfsmode=1
dd=$(whichdd2use)
if [ "$dd" != "${dd/tdd}" ] ; then
USE_DD=$dd
TDD_DD=$(which dd)
elif [ "$dd" != "${dd/bad}" ] ; then
USE_DD=$dd
TDD_DD=""
else
USE_DD=$(which dd)
TDD_DD=""
fi
else
mfsmode=0
# no speed test don't have to check tdd, etc.
fi
inithostname
......@@ -109,7 +132,7 @@ err_report() {
# read info from tmcc or a file. Copy into one of the three global arrays
# hwinv, hwinvcopy, tmccinfo
# hwinv, hwinvcopy or tmccinfo
# $1 is the source $2 is the output array
# error if not both set
readtmcinfo() {
......@@ -130,6 +153,7 @@ readtmcinfo() {
fi
if [ "$source" = "tmcc" ] ; then
# need temp file to hold tmcc hwinv output
rmtmp="y" # remove tmp file
source=/tmp/.$$tmcchwinv
$($BINDIR/tmcc hwinfo > $source)
......@@ -293,7 +317,7 @@ comparetmcinfo() {
for i in $arrayidx ; do
if [ "${hwinv[$i]}" != "${hwinvcopy[$i]}" ] ; then
if [ ! -f $fileout ] ; then
echo "Differences found locally compared with testbed database" > $fileout
echo "Differences found locally compared with testbed database" >> $fileout
fi
echo "$i does not match" >> $fileout
echo "local ${hwinv[$i]}" >> $fileout
......@@ -325,7 +349,7 @@ compareunits() {
local localidx="${hwinv["hwinvidx"]}"
local tbdbidx="${hwinvcopy["hwinvidx"]}"
local localunits="" tbdbunits="" devunit=""
local -i a b
local -i a b disregard_order
local x addr ckaddr
# How are things different between unit types, only NET and DISK right now
......@@ -338,6 +362,7 @@ compareunits() {
unit_post_strip="\"*"
unit_human_output="NIC"
unit_human_case="lower"
disregard_order=1
;;
DISK )
unitinfoidx_str="DISKINFO"
......@@ -347,6 +372,7 @@ compareunits() {
unit_post_strip="\"*"
unit_human_output="DISK"
unit_human_case="upper"
disregard_order=0
;;
* )
echo "Error in compareunits don't now type $unittype. Giving up."
......@@ -406,22 +432,27 @@ compareunits() {
tbdbunits=${tbdbunits,,}
fi
# remove from the lists all matching words
x=$localunits
for i in $x ; do
if [ "${tbdbunits/$i}" != "${tbdbunits}" ]; then
tbdbunits=${tbdbunits/$i}
localunits=${localunits/$i}
fi
done
# same but swap arrays
x=$tbdbunits
for i in $x ; do
if [ "${localunits/$i}" != "${localunits}" ]; then
localunits=${localunits/$i}
tbdbunits=${tbdbunits/$i}
fi
done
if (( $disregard_order )) ; then
# remove from both lists all words matched in the other list
# any thing left-over is non-matching
x=$localunits
for i in $x ; do
if [ "${tbdbunits/$i}" != "${tbdbunits}" ]; then
# same, take it out of both lists
tbdbunits=${tbdbunits/$i}
localunits=${localunits/$i}
fi
done
# same but swap arrays
x=$tbdbunits
for i in $x ; do
if [ "${localunits/$i}" != "${localunits}" ]; then
localunits=${localunits/$i}
tbdbunits=${tbdbunits/$i}
fi
done
fi
#remove extra spaces
save_e
set +e
......@@ -429,15 +460,26 @@ compareunits() {
read -rd '' localunits <<< "$localunits"
restore_e
# if the two strings are the same then zero strings
# any mismatches would be in ether localunits or tbdbunits
if [ -n "${localunits}" ]; then
printf "%s%s %s\n" "${unit_human_output}" "s:" "$localunits" >> $localonly
fi
if [ -n "${tbdbunits}" ]; then
printf "%s%s %s\n" "${unit_human_output}" "s:" "$tbdbunits" >> $tbdbonly
if (( $disregard_order )) ; then
# any strings would be mismatches in ether localunits or tbdbunits
if [ -n "${localunits}" ]; then
printf "%s%s %s\n" "${unit_human_output}" "s:" "$localunits" >> $localonly
fi
if [ -n "${tbdbunits}" ]; then
printf "%s%s %s\n" "${unit_human_output}" "s:" "$tbdbunits" >> $tbdbonly
fi
else
if [ "$tbdbunits" != "$localunits" ] ; then
# we care about order report it
[[ -z "${offline-}" ]] && declare -i offline=0 # if set from gen_sql
(( ! $offline )) && printf "ERROR %s%s OUT OF ORDER found %s from tbdb %s\n" "${unit_human_output}" "s:" "$localunits" "$tbdbunits"
(( ! $offline )) && ( printf "ERROR %s OUT OF ORDER found %s from tbdb %s\n" "${unit_human_output}" "$localunits" "$tbdbunits" >> $fileout ) || ( printf "WARNING %s%s ORDER '%s' compared to '%s'\n" "${unit_human_output}" "s:" "$localunits" "$tbdbunits" >> $fileout )
fi
fi
return 0
}
......@@ -455,19 +497,6 @@ uniqstr() {
echo $outstr
}
# no args uses the globel arrays hwinvv, tcm_in, tcm_out
#mergetmcinfo() {
# for i in ${hwinv["hwinvidx"]} ; do
# hwinv[$i]+=" ADD"
# done
#}
# arg $1 is the file to write uses the globel tcm_out array
#writetmcinfo() {
#:
#}
# print only the testbed data table
printtmcinfo() {
local -i hdunits=0 nicunits=0
......@@ -497,11 +526,11 @@ printtmcinfo() {
obj=${objval%%=*}
val=${objval##*=}
[[ -z $val ]] && continue # bad also no value (or empty string)
u=${val,,} #lower case
[[ $u == ${u/unk} ]] || continue # the value has the UNKNOWN value
[[ $u == ${u/na} ]] || continue # the value has the NA
[[ $u == ${u/not} ]] || continue # the value has the LinuxNot
[[ $u == ${u/bad} ]] || continue # the value bad_dd
u=$val # orignal value
[[ $u == ${u/UNKNOWN} ]] || continue # the value has the UNKNOWN value
[[ $u == ${u/NoInfo} ]] || continue # the value has the NA
[[ $u == ${u/LINUXNOT} ]] || continue # the value has the LinuxNot
[[ $u == ${u/bad_} ]] || continue # has on of the bad_* strings
# out put the stuff the database wants
# skip the stuff the database does not want
case $obj in
......@@ -805,8 +834,63 @@ getfromtb() {
return 0
}
whichdd2use() {
local usetdd
local canwe
local -i bad64=0
workhorsedd=$(which dd)
canwe=$(ls -l $workhorsedd | grep busybox)
[[ $canwe ]] && { echo "bad_busybox_dd"; return 0; }
# if we have a timed dd, use a timeout rather than a count
usetdd=$(which tdd)
[[ -x $usetdd ]] && { USE_DD=$usetdd; TDD_DD=$workhorsedd; usedd=$usetdd; }
# check compatabily, ok to have 32bit on 64bit machine
if [ $native_bitsize -ne 64 ] ; then
# check directory name of where the exectuable is installed
# if not 32 or not 64 then assume native binary and is ok
if [ "$workhorsedd" != "${workhorsedd/64}" ] ; then # it has 64 in path
bad64=1
fi
# and check tdd if we are using it
if [ "${USE_DD}" != "${USE_DD/tdd}" ] ; then
if [ "$USE_DD" != "${USE_DD/64}" ] ; then
bad64=1
fi
fi
if [ $bad64 -eq 1 ] ; then
echo "bad_64bit_dd_on_32bit_machine"
return 0
fi
fi
echo "$usedd"
return 0
}
# call whichdd2use() before this to use correctly
ddargs() {
local args=""
if [ "$os" == "Linux" ] ; then
#args="bs=64k iflag=direct count=8000"
#note iflag direct can't be used with /dev/zero as infile
args="bs=64k"
elif [ "$os" == "FreeBSD" ] ; then