Date: Sun, 26 Aug 2007 08:09:19 GMT From: Alexey Mikhailov <karma@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 125697 for review Message-ID: <200708260809.l7Q89J3A014781@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=125697 Change 125697 by karma@karma_ez on 2007/08/26 08:09:19 - Fix serious bug with T-Tree implementation - Partly fix serious regression - Add documentation - More debug output Affected files ... .. //depot/projects/soc2007/karma_audit/dlog/daemon/client.c#8 edit .. //depot/projects/soc2007/karma_audit/dlog/daemon/config.c#8 edit .. //depot/projects/soc2007/karma_audit/dlog/daemon/server.c#7 edit .. //depot/projects/soc2007/karma_audit/dlog/daemon/ttree.c#3 edit .. //depot/projects/soc2007/karma_audit/dlog/daemon/util.h#5 edit .. //depot/projects/soc2007/karma_audit/dlog/daemon/worker.c#4 edit .. //depot/projects/soc2007/karma_audit/dlog/doc/overview.tex#1 add .. //depot/projects/soc2007/karma_audit/dlog/lib/libdlogd.c#6 edit Differences ... ==== //depot/projects/soc2007/karma_audit/dlog/daemon/client.c#8 (text+ko) ==== @@ -44,6 +44,8 @@ pjob j; cl_kw_hosts *hl; + DPRINT("CLIENT: Serving connection"); + cm = &c.cm; msg.msg_control = c.control; @@ -63,7 +65,7 @@ msg.msg_iovlen = 1; nr = recvmsg (cs, &msg, 0); - + /* TODO: could go bad here.. fix later.. */ if ((sscanf(buf, "%s\n%s", pathname, keyword)) < 2) { @@ -80,9 +82,11 @@ #ifdef DEBUG printf("UID %d, GID %d\n", cr.uc.sc_uid, cr.uc.sc_gid); #endif + DPRINT("CLIENT: Checking permission"); if ((verify_client_access(keyword, cr.uc.sc_uid, cr.uc.sc_gid)) == 0) { /* umask! */ - snprintf(pathbuf, PATH_MAX, "%s", SPOOL_DIR); + DPRINT("CLIENT: Permissions are OK"); + snprintf(pathbuf, PATH_MAX, "%s/%s", SPOOL_DIR, keyword); if (mkdir(pathbuf, 0700) == -1 && errno != EEXIST) { err_fatal("client: can't create spool dir for keyword"); } @@ -101,7 +105,7 @@ /* populate .hds file */ snprintf(jobbuf, PATH_MAX, "%s/.%ld.%s.hds", pathbuf,ts,basename(pathname)); - fd = open(jobbuf, O_CREAT | O_TRUNC, S_IRUSR | S_IRGRP); + fd = open(jobbuf, O_CREAT | O_TRUNC | O_WRONLY, S_IRUSR | S_IRGRP); hl = client_get_hosts(keyword); while (hl != NULL) { bzero(&j, sizeof(j)); @@ -112,6 +116,7 @@ } close(fd); /* we re done */ + DPRINT("CLIENT: success!\n"); ans = 0; write(cs, &ans, sizeof(ans)); } @@ -119,6 +124,7 @@ else { /* Permission denied */ + DPRINT("CLIENT: Permission denied"); ans = 1; write(cs, &ans, sizeof(ans)); return ; @@ -137,11 +143,15 @@ int s, cs, opt = 1; struct sockaddr_un n; + DPRINT("CLIENT: Thread started"); + s = socket(PF_LOCAL, SOCK_STREAM, 0); if (s < 0) { err_fatal("client: can't create PF_LOCAL socket"); } + + DPRINT("CLIENT: Socket created"); unlink(DL_SOCKET); @@ -156,12 +166,17 @@ if ((bind(s, (struct sockaddr *) &n, SUN_LEN (&n))) < 0) { err_fatal("client: can't bind PF_LOCAL socket. Another instance is running?"); } + + DPRINT("CLIENT: Socket binded"); if (listen(s, QLEN) < 0) { err_fatal("client: cat't listen() on PF_LOCAL socket."); } + + DPRINT("CLIENT: Listen to socket"); while ((cs = accept(s, (struct sockaddr *) NULL, NULL)) >= 0) { + DPRINT("CLIENT: Got connection"); client_serve(cs); close(cs); } ==== //depot/projects/soc2007/karma_audit/dlog/daemon/config.c#8 (text+ko) ==== @@ -112,7 +112,7 @@ cd = xmalloc(sizeof(cl_kw_data)); cd -> access = cka; cd -> hosts = ckh; - + insert_tree (&client_kw_tree, keyword, (void *) cd); cka = NULL; pcka = NULL; @@ -371,11 +371,12 @@ if (ck == NULL) { + DPRINT("CLIENT: Bad keyword"); return (-1); /* bad keyword */ } ca = ck -> access; - + while (ca != NULL) { if (ca -> id == 1) @@ -392,6 +393,7 @@ return 0; } } + ca = ca -> next; } /* TODO: check for supplementary groups for UID as well */ ==== //depot/projects/soc2007/karma_audit/dlog/daemon/server.c#7 (text+ko) ==== @@ -12,6 +12,11 @@ #include <unistd.h> #include <fcntl.h> #include <netinet/in.h> + +#include <openssl/rsa.h> +#include <openssl/crypto.h> +#include <openssl/x509.h> +#include <openssl/pem.h> #include <openssl/ssl.h> #include <openssl/err.h> @@ -82,8 +87,8 @@ struct sockaddr_in sockaddr, sockaddr_cli; /* SSL initialization */ + SSLeay_add_ssl_algorithms(); SSL_load_error_strings(); - SSLeay_add_ssl_algorithms(); sslContext = SSL_CTX_new(SSLv23_method()); if (sslContext == NULL) { @@ -96,7 +101,6 @@ exit(1); } -#ifdef KEY if (!SSL_CTX_use_PrivateKey_file(sslContext, SERVER_KEY, SSL_FILETYPE_PEM)) { fprintf(stderr, "SSL: error reading key from file %s: %s\n", SERVER_KEY, ERR_error_string(ERR_get_error(), NULL)); exit(1); @@ -106,7 +110,6 @@ fprintf(stderr,"SSL: private key does not match the certificate public key\n"); exit(1); } -#endif SSL_CTX_set_client_CA_list(sslContext, SSL_load_client_CA_file(SERVER_CERT)); @@ -155,13 +158,17 @@ char spoolfile[PATH_MAX]; if (myssl_accept(clifd, ssl) != 0) { - fprintf(stderr, "Failed SSL negotitation\n"); + fprintf(stderr, "SERVER: Failed SSL negotitation\n"); return; } +#ifdef DEBUG + fprintf(stderr, "SERVER: SSL connection using %s\n", SSL_get_cipher(ssl)); +#endif + /* Great, we're here already :) SSL handshake done */ printf("%d\n", sizeof(buf)); - e = SSL_read(ssl, buf, sizeof(buf) - 1); + e = SSL_read(ssl, buf, sizeof(buf)-1); buf[e] = '\0'; if (search_bad_chars(buf) != 0) @@ -249,18 +256,18 @@ myssl_accept (int clifd, SSL *ssl) { if ((ssl = SSL_new(sslContext)) == NULL) { - fprintf(stderr, "server: SSL_new(): %s\n", ERR_error_string(ERR_get_error(), NULL)); + fprintf(stderr, "SERVER: SSL_new(): %s\n", ERR_error_string(ERR_get_error(), NULL)); return -1; } SSL_set_fd(ssl, clifd); if (SSL_accept(ssl) <= 0) { - fprintf(stderr, "server: SSL_accept(): %s\n", ERR_error_string(ERR_get_error(), NULL)); + fprintf(stderr, "SERVER: SSL_accept(): %s\n", ERR_error_string(ERR_get_error(), NULL)); return -1; } #ifdef DEBUG - fprintf(stderr, "server: SSL_get_cipher(): %s\n", SSL_get_cipher(ssl)); + fprintf(stderr, "SERVER: SSL_get_cipher(): %s\n", SSL_get_cipher(ssl)); #endif return 0; } ==== //depot/projects/soc2007/karma_audit/dlog/daemon/ttree.c#3 (text+ko) ==== @@ -211,6 +211,7 @@ d -> l = d -> r = allocate_tdata(); d -> l -> key = xmalloc(strlen(key)+1); strcpy(d -> l -> key, key); + d -> l -> content = content; d -> count = 1; d -> balance = 0; @@ -347,9 +348,10 @@ search_tree (TTree * d, const char * key) { TData *tn; - - if (d -> l == NULL) + + if (d -> l == NULL) { return NULL; + } if (LT(key, d -> l -> key)) { ==== //depot/projects/soc2007/karma_audit/dlog/daemon/util.h#5 (text+ko) ==== @@ -9,4 +9,10 @@ int search_bad_chars (const char * msg); long get_timestamp(); +#ifdef DEBUG +#define DPRINT(msg) fprintf(stderr,"%s\n", msg); +#else +#define DPRINT(msg) +#endif + #endif ==== //depot/projects/soc2007/karma_audit/dlog/daemon/worker.c#4 (text+ko) ==== @@ -13,34 +13,52 @@ #include <sys/stat.h> #include <sys/mman.h> #include <pthread.h> +#include <arpa/inet.h> +#include <netinet/in.h> #include <openssl/x509.h> #include <openssl/err.h> #include <openssl/ssl.h> static sigset_t mask; -static SSL_CTX *sslContext=NULL; +SSL_CTX *sslContext=NULL; static int ssl_sendfile (const char *, const char *, struct sockaddr *); +static void go_kdir (const char * dirname); + +static int +check_kdir (struct dirent *d) +{ + uint8_t type; + char *name; + + type = d -> d_type; + name = d -> d_name; + + if (type != 4) + return 0; + if (client_get_hosts(name) == NULL) + return 0; + + return 1; +} + static int check_job (struct dirent * d) { - char *name, pathbuf[PATH_MAX]; - int r; + char *name; + uint8_t type; name = d -> d_name; + type = d -> d_type; + + if (d -> d_type != 8) + return 0; if (name[0] == '.') return 0; - snprintf(pathbuf, PATH_MAX, "%s/.%s.hds",SPOOL_DIR, name); - if ((r = open(pathbuf, O_RDONLY)) < 0) { - fprintf(stderr, "worker: weird spool entry %s\n", pathbuf); - return 0; - } else { - close(r); - return 1; - } + return 1; } /* Go through spool and perform pending tasks */ @@ -48,32 +66,54 @@ go_queue() { struct dirent **namelist; - int n, i, j,isdone; + int n, i; + + n = scandir(SPOOL_DIR, &namelist, check_kdir, alphasort); + + for (i = 0; i < n; i++) + { +#ifdef DEBUG + fprintf(stderr, "WORKER: got keyword to observe: %s\n", namelist[i] -> d_name); +#endif + go_kdir(namelist[i] -> d_name); + } +} + +static +void go_kdir(const char * keyword) +{ + int n, i, j, isdone; + struct dirent **namelist; + pjob *win; + int jfd,njobs,r; char file[PATH_MAX]; char jobfile[PATH_MAX]; + char dir[PATH_MAX]; + off_t filesize; struct stat st; - int ffd, jfd,njobs,r; - off_t filesize; - pjob *win; - char keyword[KEYWORD_MAX]; - n = scandir(SPOOL_DIR, &namelist, check_job, alphasort); - - for (i = 0; i < n; i++) - { + snprintf(dir, PATH_MAX, "%s/%s", SPOOL_DIR, keyword); + n = scandir(dir, &namelist, check_job, alphasort); + fprintf(stderr, "%d\n", n); + for (i = 0; i < n; i++) { isdone = 1; - snprintf(file, PATH_MAX, "%s/%s",SPOOL_DIR, namelist[i] -> d_name); - snprintf(jobfile, PATH_MAX, "%s/.%s.hds",SPOOL_DIR, namelist[i] -> d_name); + snprintf(file, PATH_MAX, "%s/%s/%s",SPOOL_DIR, keyword, namelist[i] -> d_name); + snprintf(jobfile, PATH_MAX, "%s/%s/.%s.hds",SPOOL_DIR, keyword, namelist[i] -> d_name); +#ifdef DEBUG + fprintf(stderr, "WORKER: Pending job (%s,%s)\n", file, jobfile); +#endif jfd = open(jobfile, O_RDWR); - stat(file, &st); + stat(jobfile, &st); filesize = st.st_size; - win = mmap(NULL, filesize, PROT_READ | PROT_WRITE, MAP_FILE | MAP_SHARED, ffd, 0); + win = mmap(NULL, filesize, PROT_READ | PROT_WRITE, MAP_FILE | MAP_SHARED, jfd, 0); if (win == MAP_FAILED) { err_fatal("worker: mmap()"); } njobs = filesize / sizeof(pjob); + for (j = 0; j < njobs; j++) { + win[j].done = 0; /* REMOVE! */ if (win[j].done == 0) { r = ssl_sendfile(file, keyword, &(win[j].sa)); if (r == 0) @@ -85,47 +125,68 @@ close(jfd); if (isdone == 1) { /* we're done with this entry */ +#if 0 unlink(file); unlink(jobfile); +#endif } } } - /* Perform sending log file out */ static int ssl_sendfile (const char * pathname, const char * keyword, struct sockaddr * to) { int sock, r, ans, fd; + struct sockaddr_in * sa; SSL* ssl; X509* cert; + uint32_t ad; char sndbuf[BUFSIZ]; char buf[FILENAME_MAX + KEYWORD_MAX + 2]; + char tmpbuf[256]; +#ifdef DEBUG + fprintf(stderr, "WORKER: trying to send file %s with keyword %s\n", pathname, keyword); +#endif sock = socket (AF_INET, SOCK_STREAM, 0); + /* ipv6 */ + sa = to; + sa -> sin_port = htons(SERVER_PORT); +#ifdef DEBUG + ad = sa -> sin_addr.s_addr; + inet_ntop(AF_INET, &ad, tmpbuf, 256); + fprintf(stderr, "WORKER: sending to %s\n", tmpbuf); +#endif + if (sock < 0) - err_fatal("worker: socket()"); + err_fatal("WORKER: socket()\n"); r = connect(sock, to, sizeof(*to)); if (r < 0) { - fprintf(stderr,"worker: connect()"); + fprintf(stderr,"WORKER: connect()\n"); return 1; } /* SSL handshake */ ssl = SSL_new(sslContext); + if (ssl == NULL) { + fprintf(stderr, "WORKER: SSL_new() failed\n"); + return 1; + } + SSL_set_fd (ssl, sock); - + SSL_connect(ssl); #ifdef DEBUG - fprintf(stderr, "worker: cipher %s", SSL_get_cipher(ssl)); + fprintf(stderr, "WORKER: cipher %s\n", SSL_get_cipher(ssl)); #endif - /* Catch server's certificate */ + /* Catch server certificate */ cert = SSL_get_peer_certificate (ssl); if (cert == NULL) { - fprintf(stderr, "worker: can't get server's certificate"); + fprintf(stderr, "WORKER: can't get server certificate\n"); SSL_shutdown(ssl); close(sock); return 1; @@ -189,19 +250,25 @@ int signo; sigset_t oldmask; + DPRINT("WORKER: Thread started"); + SSL_load_error_strings(); SSLeay_add_ssl_algorithms(); sslContext = SSL_CTX_new(SSLv23_client_method()); + if (sslContext == NULL) + err_fatal("WORKER: SSL_CTX_new failed"); + + DPRINT("WORKER: SSL initialized"); + sigemptyset(&mask); sigaddset(&mask, SIGALRM); if (pthread_sigmask(SIG_BLOCK, &mask, &oldmask) < 0) err_fatal("pthread_sigmask()"); - alarm(WORKER_PERIOD); for (;;) { - sigwait(&mask, &signo); go_queue(); alarm(WORKER_PERIOD); + sigwait(&mask, &signo); } } ==== //depot/projects/soc2007/karma_audit/dlog/lib/libdlogd.c#6 (text+ko) ==== @@ -31,7 +31,7 @@ const char * dlog_strerror (int code) { - if (code >= 0 && code <= 7) { + if (code <= 0 && code >= -7) { return dlog_errlist[-code]; } return "Unknown error"; @@ -98,7 +98,7 @@ return (-5); /* can't sendmsg */ } - if ((read (fd, an, sizeof(int))) < 0) + if ((read (fd, &an, sizeof(int))) < 0) { close(fd); return (-6); /* can't read */
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200708260809.l7Q89J3A014781>