PERFORCE change 125697 for review
Alexey Mikhailov
karma at FreeBSD.org
Sun Aug 26 01:09:21 PDT 2007
http://perforce.freebsd.org/chv.cgi?CH=125697
Change 125697 by karma at karma_ez on 2007/08/26 08:09:19
- Fix serious bug with T-Tree implementation
- Partly fix serious regression
- Add documentation
- More debug output
Affected files ...
.. //depot/projects/soc2007/karma_audit/dlog/daemon/client.c#8 edit
.. //depot/projects/soc2007/karma_audit/dlog/daemon/config.c#8 edit
.. //depot/projects/soc2007/karma_audit/dlog/daemon/server.c#7 edit
.. //depot/projects/soc2007/karma_audit/dlog/daemon/ttree.c#3 edit
.. //depot/projects/soc2007/karma_audit/dlog/daemon/util.h#5 edit
.. //depot/projects/soc2007/karma_audit/dlog/daemon/worker.c#4 edit
.. //depot/projects/soc2007/karma_audit/dlog/doc/overview.tex#1 add
.. //depot/projects/soc2007/karma_audit/dlog/lib/libdlogd.c#6 edit
Differences ...
==== //depot/projects/soc2007/karma_audit/dlog/daemon/client.c#8 (text+ko) ====
@@ -44,6 +44,8 @@
pjob j;
cl_kw_hosts *hl;
+ DPRINT("CLIENT: Serving connection");
+
cm = &c.cm;
msg.msg_control = c.control;
@@ -63,7 +65,7 @@
msg.msg_iovlen = 1;
nr = recvmsg (cs, &msg, 0);
-
+
/* TODO: could go bad here.. fix later.. */
if ((sscanf(buf, "%s\n%s", pathname, keyword)) < 2) {
@@ -80,9 +82,11 @@
#ifdef DEBUG
printf("UID %d, GID %d\n", cr.uc.sc_uid, cr.uc.sc_gid);
#endif
+ DPRINT("CLIENT: Checking permission");
if ((verify_client_access(keyword, cr.uc.sc_uid, cr.uc.sc_gid)) == 0) {
/* umask! */
- snprintf(pathbuf, PATH_MAX, "%s", SPOOL_DIR);
+ DPRINT("CLIENT: Permissions are OK");
+ snprintf(pathbuf, PATH_MAX, "%s/%s", SPOOL_DIR, keyword);
if (mkdir(pathbuf, 0700) == -1 && errno != EEXIST) {
err_fatal("client: can't create spool dir for keyword");
}
@@ -101,7 +105,7 @@
/* populate .hds file */
snprintf(jobbuf, PATH_MAX, "%s/.%ld.%s.hds", pathbuf,ts,basename(pathname));
- fd = open(jobbuf, O_CREAT | O_TRUNC, S_IRUSR | S_IRGRP);
+ fd = open(jobbuf, O_CREAT | O_TRUNC | O_WRONLY, S_IRUSR | S_IRGRP);
hl = client_get_hosts(keyword);
while (hl != NULL) {
bzero(&j, sizeof(j));
@@ -112,6 +116,7 @@
}
close(fd);
/* we re done */
+ DPRINT("CLIENT: success!\n");
ans = 0;
write(cs, &ans, sizeof(ans));
}
@@ -119,6 +124,7 @@
else
{
/* Permission denied */
+ DPRINT("CLIENT: Permission denied");
ans = 1;
write(cs, &ans, sizeof(ans));
return ;
@@ -137,11 +143,15 @@
int s, cs, opt = 1;
struct sockaddr_un n;
+ DPRINT("CLIENT: Thread started");
+
s = socket(PF_LOCAL, SOCK_STREAM, 0);
if (s < 0) {
err_fatal("client: can't create PF_LOCAL socket");
}
+
+ DPRINT("CLIENT: Socket created");
unlink(DL_SOCKET);
@@ -156,12 +166,17 @@
if ((bind(s, (struct sockaddr *) &n, SUN_LEN (&n))) < 0) {
err_fatal("client: can't bind PF_LOCAL socket. Another instance is running?");
}
+
+ DPRINT("CLIENT: Socket binded");
if (listen(s, QLEN) < 0) {
err_fatal("client: cat't listen() on PF_LOCAL socket.");
}
+
+ DPRINT("CLIENT: Listen to socket");
while ((cs = accept(s, (struct sockaddr *) NULL, NULL)) >= 0) {
+ DPRINT("CLIENT: Got connection");
client_serve(cs);
close(cs);
}
==== //depot/projects/soc2007/karma_audit/dlog/daemon/config.c#8 (text+ko) ====
@@ -112,7 +112,7 @@
cd = xmalloc(sizeof(cl_kw_data));
cd -> access = cka;
cd -> hosts = ckh;
-
+
insert_tree (&client_kw_tree, keyword, (void *) cd);
cka = NULL;
pcka = NULL;
@@ -371,11 +371,12 @@
if (ck == NULL)
{
+ DPRINT("CLIENT: Bad keyword");
return (-1); /* bad keyword */
}
ca = ck -> access;
-
+
while (ca != NULL)
{
if (ca -> id == 1)
@@ -392,6 +393,7 @@
return 0;
}
}
+ ca = ca -> next;
}
/* TODO: check for supplementary groups for UID as well */
==== //depot/projects/soc2007/karma_audit/dlog/daemon/server.c#7 (text+ko) ====
@@ -12,6 +12,11 @@
#include <unistd.h>
#include <fcntl.h>
#include <netinet/in.h>
+
+#include <openssl/rsa.h>
+#include <openssl/crypto.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
@@ -82,8 +87,8 @@
struct sockaddr_in sockaddr, sockaddr_cli;
/* SSL initialization */
+ SSLeay_add_ssl_algorithms();
SSL_load_error_strings();
- SSLeay_add_ssl_algorithms();
sslContext = SSL_CTX_new(SSLv23_method());
if (sslContext == NULL) {
@@ -96,7 +101,6 @@
exit(1);
}
-#ifdef KEY
if (!SSL_CTX_use_PrivateKey_file(sslContext, SERVER_KEY, SSL_FILETYPE_PEM)) {
fprintf(stderr, "SSL: error reading key from file %s: %s\n", SERVER_KEY, ERR_error_string(ERR_get_error(), NULL));
exit(1);
@@ -106,7 +110,6 @@
fprintf(stderr,"SSL: private key does not match the certificate public key\n");
exit(1);
}
-#endif
SSL_CTX_set_client_CA_list(sslContext, SSL_load_client_CA_file(SERVER_CERT));
@@ -155,13 +158,17 @@
char spoolfile[PATH_MAX];
if (myssl_accept(clifd, ssl) != 0) {
- fprintf(stderr, "Failed SSL negotitation\n");
+ fprintf(stderr, "SERVER: Failed SSL negotitation\n");
return;
}
+#ifdef DEBUG
+ fprintf(stderr, "SERVER: SSL connection using %s\n", SSL_get_cipher(ssl));
+#endif
+
/* Great, we're here already :) SSL handshake done */
printf("%d\n", sizeof(buf));
- e = SSL_read(ssl, buf, sizeof(buf) - 1);
+ e = SSL_read(ssl, buf, sizeof(buf)-1);
buf[e] = '\0';
if (search_bad_chars(buf) != 0)
@@ -249,18 +256,18 @@
myssl_accept (int clifd, SSL *ssl)
{
if ((ssl = SSL_new(sslContext)) == NULL) {
- fprintf(stderr, "server: SSL_new(): %s\n", ERR_error_string(ERR_get_error(), NULL));
+ fprintf(stderr, "SERVER: SSL_new(): %s\n", ERR_error_string(ERR_get_error(), NULL));
return -1;
}
SSL_set_fd(ssl, clifd);
if (SSL_accept(ssl) <= 0) {
- fprintf(stderr, "server: SSL_accept(): %s\n", ERR_error_string(ERR_get_error(), NULL));
+ fprintf(stderr, "SERVER: SSL_accept(): %s\n", ERR_error_string(ERR_get_error(), NULL));
return -1;
}
#ifdef DEBUG
- fprintf(stderr, "server: SSL_get_cipher(): %s\n", SSL_get_cipher(ssl));
+ fprintf(stderr, "SERVER: SSL_get_cipher(): %s\n", SSL_get_cipher(ssl));
#endif
return 0;
}
==== //depot/projects/soc2007/karma_audit/dlog/daemon/ttree.c#3 (text+ko) ====
@@ -211,6 +211,7 @@
d -> l = d -> r = allocate_tdata();
d -> l -> key = xmalloc(strlen(key)+1);
strcpy(d -> l -> key, key);
+ d -> l -> content = content;
d -> count = 1;
d -> balance = 0;
@@ -347,9 +348,10 @@
search_tree (TTree * d, const char * key)
{
TData *tn;
-
- if (d -> l == NULL)
+
+ if (d -> l == NULL) {
return NULL;
+ }
if (LT(key, d -> l -> key))
{
==== //depot/projects/soc2007/karma_audit/dlog/daemon/util.h#5 (text+ko) ====
@@ -9,4 +9,10 @@
int search_bad_chars (const char * msg);
long get_timestamp();
+#ifdef DEBUG
+#define DPRINT(msg) fprintf(stderr,"%s\n", msg);
+#else
+#define DPRINT(msg)
+#endif
+
#endif
==== //depot/projects/soc2007/karma_audit/dlog/daemon/worker.c#4 (text+ko) ====
@@ -13,34 +13,52 @@
#include <sys/stat.h>
#include <sys/mman.h>
#include <pthread.h>
+#include <arpa/inet.h>
+#include <netinet/in.h>
#include <openssl/x509.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
static sigset_t mask;
-static SSL_CTX *sslContext=NULL;
+SSL_CTX *sslContext=NULL;
static int ssl_sendfile (const char *, const char *, struct sockaddr *);
+static void go_kdir (const char * dirname);
+
+static int
+check_kdir (struct dirent *d)
+{
+ uint8_t type;
+ char *name;
+
+ type = d -> d_type;
+ name = d -> d_name;
+
+ if (type != 4)
+ return 0;
+ if (client_get_hosts(name) == NULL)
+ return 0;
+
+ return 1;
+}
+
static int
check_job (struct dirent * d)
{
- char *name, pathbuf[PATH_MAX];
- int r;
+ char *name;
+ uint8_t type;
name = d -> d_name;
+ type = d -> d_type;
+
+ if (d -> d_type != 8)
+ return 0;
if (name[0] == '.')
return 0;
- snprintf(pathbuf, PATH_MAX, "%s/.%s.hds",SPOOL_DIR, name);
- if ((r = open(pathbuf, O_RDONLY)) < 0) {
- fprintf(stderr, "worker: weird spool entry %s\n", pathbuf);
- return 0;
- } else {
- close(r);
- return 1;
- }
+ return 1;
}
/* Go through spool and perform pending tasks */
@@ -48,32 +66,54 @@
go_queue()
{
struct dirent **namelist;
- int n, i, j,isdone;
+ int n, i;
+
+ n = scandir(SPOOL_DIR, &namelist, check_kdir, alphasort);
+
+ for (i = 0; i < n; i++)
+ {
+#ifdef DEBUG
+ fprintf(stderr, "WORKER: got keyword to observe: %s\n", namelist[i] -> d_name);
+#endif
+ go_kdir(namelist[i] -> d_name);
+ }
+}
+
+static
+void go_kdir(const char * keyword)
+{
+ int n, i, j, isdone;
+ struct dirent **namelist;
+ pjob *win;
+ int jfd,njobs,r;
char file[PATH_MAX];
char jobfile[PATH_MAX];
+ char dir[PATH_MAX];
+ off_t filesize;
struct stat st;
- int ffd, jfd,njobs,r;
- off_t filesize;
- pjob *win;
- char keyword[KEYWORD_MAX];
- n = scandir(SPOOL_DIR, &namelist, check_job, alphasort);
-
- for (i = 0; i < n; i++)
- {
+ snprintf(dir, PATH_MAX, "%s/%s", SPOOL_DIR, keyword);
+ n = scandir(dir, &namelist, check_job, alphasort);
+ fprintf(stderr, "%d\n", n);
+ for (i = 0; i < n; i++) {
isdone = 1;
- snprintf(file, PATH_MAX, "%s/%s",SPOOL_DIR, namelist[i] -> d_name);
- snprintf(jobfile, PATH_MAX, "%s/.%s.hds",SPOOL_DIR, namelist[i] -> d_name);
+ snprintf(file, PATH_MAX, "%s/%s/%s",SPOOL_DIR, keyword, namelist[i] -> d_name);
+ snprintf(jobfile, PATH_MAX, "%s/%s/.%s.hds",SPOOL_DIR, keyword, namelist[i] -> d_name);
+#ifdef DEBUG
+ fprintf(stderr, "WORKER: Pending job (%s,%s)\n", file, jobfile);
+#endif
jfd = open(jobfile, O_RDWR);
- stat(file, &st);
+ stat(jobfile, &st);
filesize = st.st_size;
- win = mmap(NULL, filesize, PROT_READ | PROT_WRITE, MAP_FILE | MAP_SHARED, ffd, 0);
+ win = mmap(NULL, filesize, PROT_READ | PROT_WRITE, MAP_FILE | MAP_SHARED, jfd, 0);
if (win == MAP_FAILED) {
err_fatal("worker: mmap()");
}
njobs = filesize / sizeof(pjob);
+
for (j = 0; j < njobs; j++)
{
+ win[j].done = 0; /* REMOVE! */
if (win[j].done == 0) {
r = ssl_sendfile(file, keyword, &(win[j].sa));
if (r == 0)
@@ -85,47 +125,68 @@
close(jfd);
if (isdone == 1) {
/* we're done with this entry */
+#if 0
unlink(file);
unlink(jobfile);
+#endif
}
}
}
-
/* Perform sending log file out */
static int
ssl_sendfile (const char * pathname, const char * keyword, struct sockaddr * to)
{
int sock, r, ans, fd;
+ struct sockaddr_in * sa;
SSL* ssl;
X509* cert;
+ uint32_t ad;
char sndbuf[BUFSIZ];
char buf[FILENAME_MAX + KEYWORD_MAX + 2];
+ char tmpbuf[256];
+#ifdef DEBUG
+ fprintf(stderr, "WORKER: trying to send file %s with keyword %s\n", pathname, keyword);
+#endif
sock = socket (AF_INET, SOCK_STREAM, 0);
+ /* ipv6 */
+ sa = to;
+ sa -> sin_port = htons(SERVER_PORT);
+#ifdef DEBUG
+ ad = sa -> sin_addr.s_addr;
+ inet_ntop(AF_INET, &ad, tmpbuf, 256);
+ fprintf(stderr, "WORKER: sending to %s\n", tmpbuf);
+#endif
+
if (sock < 0)
- err_fatal("worker: socket()");
+ err_fatal("WORKER: socket()\n");
r = connect(sock, to, sizeof(*to));
if (r < 0) {
- fprintf(stderr,"worker: connect()");
+ fprintf(stderr,"WORKER: connect()\n");
return 1;
}
/* SSL handshake */
ssl = SSL_new(sslContext);
+ if (ssl == NULL) {
+ fprintf(stderr, "WORKER: SSL_new() failed\n");
+ return 1;
+ }
+
SSL_set_fd (ssl, sock);
-
+ SSL_connect(ssl);
#ifdef DEBUG
- fprintf(stderr, "worker: cipher %s", SSL_get_cipher(ssl));
+ fprintf(stderr, "WORKER: cipher %s\n", SSL_get_cipher(ssl));
#endif
- /* Catch server's certificate */
+ /* Catch server certificate */
cert = SSL_get_peer_certificate (ssl);
if (cert == NULL) {
- fprintf(stderr, "worker: can't get server's certificate");
+ fprintf(stderr, "WORKER: can't get server certificate\n");
SSL_shutdown(ssl);
close(sock);
return 1;
@@ -189,19 +250,25 @@
int signo;
sigset_t oldmask;
+ DPRINT("WORKER: Thread started");
+
SSL_load_error_strings();
SSLeay_add_ssl_algorithms();
sslContext = SSL_CTX_new(SSLv23_client_method());
+ if (sslContext == NULL)
+ err_fatal("WORKER: SSL_CTX_new failed");
+
+ DPRINT("WORKER: SSL initialized");
+
sigemptyset(&mask);
sigaddset(&mask, SIGALRM);
if (pthread_sigmask(SIG_BLOCK, &mask, &oldmask) < 0)
err_fatal("pthread_sigmask()");
- alarm(WORKER_PERIOD);
for (;;) {
- sigwait(&mask, &signo);
go_queue();
alarm(WORKER_PERIOD);
+ sigwait(&mask, &signo);
}
}
==== //depot/projects/soc2007/karma_audit/dlog/lib/libdlogd.c#6 (text+ko) ====
@@ -31,7 +31,7 @@
const char *
dlog_strerror (int code)
{
- if (code >= 0 && code <= 7) {
+ if (code <= 0 && code >= -7) {
return dlog_errlist[-code];
}
return "Unknown error";
@@ -98,7 +98,7 @@
return (-5); /* can't sendmsg */
}
- if ((read (fd, an, sizeof(int))) < 0)
+ if ((read (fd, &an, sizeof(int))) < 0)
{
close(fd);
return (-6); /* can't read */
More information about the p4-projects
mailing list