diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..a5a0047 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/nuxwdog-1.0.3.tar.gz diff --git a/.nuxwdog.metadata b/.nuxwdog.metadata new file mode 100644 index 0000000..00601e5 --- /dev/null +++ b/.nuxwdog.metadata @@ -0,0 +1 @@ +6e9a0dc4687fb8f3c239a4970caa8042e25b6ea1 SOURCES/nuxwdog-1.0.3.tar.gz diff --git a/README.md b/README.md deleted file mode 100644 index 0e7897f..0000000 --- a/README.md +++ /dev/null @@ -1,5 +0,0 @@ -The master branch has no content - -Look at the c7 branch if you are working with CentOS-7, or the c4/c5/c6 branch for CentOS-4, 5 or 6 - -If you find this file in a distro specific branch, it means that no content has been checked in yet diff --git a/SOURCES/nuxwdog-Allow-unlimited-conf-line-length.patch b/SOURCES/nuxwdog-Allow-unlimited-conf-line-length.patch new file mode 100644 index 0000000..513c483 --- /dev/null +++ b/SOURCES/nuxwdog-Allow-unlimited-conf-line-length.patch @@ -0,0 +1,127 @@ +From f4b47d21560fd57c7d2e326ebfae66f42b66864f Mon Sep 17 00:00:00 2001 +From: Ade Lee +Date: Mon, 30 Oct 2017 22:47:15 -0400 +Subject: [PATCH] Allow unlimited conf line length + +Errors occurred because the line length was being truncated, +especially for long lines like JVM args. Now the line length +will be allocated correctly. + +Change-Id: I77553817931883e05180a1082d45a20e3a6afe4c +--- + src/com/redhat/nuxwdog/wdconf.cpp | 45 ++++++++++++++++++++++----------------- + 1 file changed, 26 insertions(+), 19 deletions(-) + +diff --git a/src/com/redhat/nuxwdog/wdconf.cpp b/src/com/redhat/nuxwdog/wdconf.cpp +index 086bc5ae36c79ff3570ba0e39da10a42d8ab9687..95603c96dbd021289b60a001ee6fba0b15f9f540 100644 +--- a/src/com/redhat/nuxwdog/wdconf.cpp ++++ b/src/com/redhat/nuxwdog/wdconf.cpp +@@ -29,24 +29,23 @@ + #include "wdconf.h" + #include "wdlog.h" + +-#define MAX_CONF_LINE_LENGTH 1024 ++#define CHUNK 1024 + + /* Read config file line like util_getline() */ +-static int _watchdog_readconf_line(char *line, int maxlen, FILE *file) ++static char * _watchdog_readconf_line(FILE *file) + { + int len = 0; + int nlseen = 0; +- int src; +- int dst; +- char *bufp = line; ++ int src = 0; ++ int dst = 0; ++ char bufp[CHUNK]; + +- if (feof(file)) { +- return -1; +- } ++ char *line = (char *) malloc(1); ++ line[0] = '\0'; + +- while (!nlseen && (len < maxlen - 1)) { ++ while (!nlseen && !feof(file)) { + +- if (!fgets(bufp, maxlen - len, file)) ++ if (!fgets(bufp, CHUNK, file)) + break; + + /* Scan what was just read */ +@@ -68,26 +67,31 @@ static int _watchdog_readconf_line(char *line, int maxlen, FILE *file) + ++dst; + } + } ++ bufp[dst] = '\0'; + + if (dst > 0) { + /* Check for continuation */ + if (nlseen && (bufp[dst-1] == '\\')) { ++ bufp[dst-1] = '\0'; + dst -= 1; + nlseen = 0; + } + + len += dst; +- bufp += dst; ++ ++ line = (char *) realloc(line, len+1); ++ strcat(line, bufp); + } + } + + if ((len <= 0) && !nlseen) { +- return -1; ++ if (line) { ++ free(line); ++ } ++ return NULL; + } + +- line[len] = '\0'; +- +- return len; ++ return line; + } + + static int +@@ -95,8 +99,7 @@ _watchdog_parse_conffile(char *conffile, + watchdog_conf_info_t *info) + { + FILE *cfile; +- char line[MAX_CONF_LINE_LENGTH]; +- char *name, *value; ++ char *line, *name, *value; + int len; + + cfile = fopen(conffile, "r"); +@@ -110,7 +113,8 @@ _watchdog_parse_conffile(char *conffile, + return -1; + } + +- while ((len = _watchdog_readconf_line(line, MAX_CONF_LINE_LENGTH, cfile)) >= 0) { ++ while ((line = _watchdog_readconf_line(cfile)) != NULL) { ++ len = strlen(line); + name = line; + if ((*name) == '#') + continue; +@@ -154,10 +158,13 @@ _watchdog_parse_conffile(char *conffile, + if (!strcasecmp(name, "ChildSecurity")) { + info->childSecurity = atoi(value); + } ++ if (line != NULL) { ++ free(line); ++ line = NULL; ++ } + } + + fclose(cfile); +- + return 0; + } + +-- +2.9.5 + diff --git a/SOURCES/nuxwdog-set-uid.patch b/SOURCES/nuxwdog-set-uid.patch new file mode 100644 index 0000000..9f725fe --- /dev/null +++ b/SOURCES/nuxwdog-set-uid.patch @@ -0,0 +1,145 @@ +From 3d7adfbe0788f33a67c3ed65e12ba9d32074a674 Mon Sep 17 00:00:00 2001 +From: Ade Lee +Date: Mon, 15 Jan 2018 15:25:36 -0500 +Subject: [PATCH] Add parameter to set the uid of the invoked process + +--- + src/com/redhat/nuxwdog/watchdog.cpp | 36 ++++++++++++++++++++++++++++++++++-- + src/com/redhat/nuxwdog/wdconf.cpp | 7 +++++++ + src/com/redhat/nuxwdog/wdconf.h | 3 ++- + 3 files changed, 43 insertions(+), 3 deletions(-) + +diff --git a/src/com/redhat/nuxwdog/watchdog.cpp b/src/com/redhat/nuxwdog/watchdog.cpp +index a4d6a77..36b13e4 100644 +--- a/src/com/redhat/nuxwdog/watchdog.cpp ++++ b/src/com/redhat/nuxwdog/watchdog.cpp +@@ -33,6 +33,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -280,7 +281,7 @@ watchdog_exit(int status) + + int + _watchdog_exec(int server_starts, char *server_exe, char *args[], +- char * envp[], int *spid) ++ char * envp[], int *spid, int uid) + { + int server_background = 0; + char *server_out = NULL; +@@ -412,6 +413,14 @@ _watchdog_exec(int server_starts, char *server_exe, char *args[], + free(server_context); + } + ++ if (uid >= 0) { ++ rv = setuid(uid); ++ if (rv != 0) { ++ watchdog_error("unable to setuid"); ++ watchdog_exit(1); ++ } ++ } ++ + rv = execv(server_exe, args); + if (rv < 0) { + watchdog_error("could not execute server binary"); +@@ -757,10 +766,12 @@ int main(int argc, char **argv, char **envp) + int ver=0; + int server_starts; + int server_stat; ++ int uid=-1; + char *server_exe = NULL; + char *server_args = NULL; + char *conffile = NULL; + char *pch; ++ char *user = NULL; + char *args[100]; + struct stat statbuf; + UDS_NAME[0]=0; +@@ -833,6 +844,11 @@ int main(int argc, char **argv, char **envp) + watchdog_exit(1); + } + ++ /* user */ ++ if (confinfo->user) { ++ user = strdup(confinfo->user); ++ } ++ + if (detach) { + parent_watchdog_create_signal_handlers(); + +@@ -883,6 +899,22 @@ int main(int argc, char **argv, char **envp) + watchdog_exit(1); + } + ++ if (user != NULL) { ++ struct passwd *pw = getpwnam(user); ++ if (pw == NULL) { ++ sprintf(errmsgstr, "user %s does not exist", user); ++ watchdog_error(errmsgstr); ++ watchdog_exit(1); ++ } ++ ++ if (chown(UDS_NAME, pw->pw_uid, pw->pw_gid) != 0) { ++ sprintf(errmsgstr, "chown failed errno %d %s", errno, strerror(errno)); ++ watchdog_error(errmsgstr); ++ watchdog_exit(1); ++ } ++ uid = pw->pw_uid; ++ } ++ + for (server_starts = 0;; ++server_starts) { + + _watchdog_death = 0; +@@ -895,7 +927,7 @@ int main(int argc, char **argv, char **envp) + + watchdog_create_signal_handlers(); + +- rv = _watchdog_exec(server_starts, server_exe, args, envp, &server_pid); ++ rv = _watchdog_exec(server_starts, server_exe, args, envp, &server_pid, uid); + + if (server_pid < 0) { + // exec failed: kill parent if it's still waiting +diff --git a/src/com/redhat/nuxwdog/wdconf.cpp b/src/com/redhat/nuxwdog/wdconf.cpp +index 95603c9..2d50575 100644 +--- a/src/com/redhat/nuxwdog/wdconf.cpp ++++ b/src/com/redhat/nuxwdog/wdconf.cpp +@@ -158,6 +158,9 @@ _watchdog_parse_conffile(char *conffile, + if (!strcasecmp(name, "ChildSecurity")) { + info->childSecurity = atoi(value); + } ++ if (!strcasecmp(name, "User")) { ++ info->user = strdup(value); ++ } + if (line != NULL) { + free(line); + line = NULL; +@@ -227,5 +230,9 @@ watchdog_confinfo_free(watchdog_conf_info_t *info) + free(info->childPidFile); + } + ++ if (info->user) { ++ free(info->user); ++ } ++ + free(info); + } +diff --git a/src/com/redhat/nuxwdog/wdconf.h b/src/com/redhat/nuxwdog/wdconf.h +index bb2e7b1..94f02e3 100644 +--- a/src/com/redhat/nuxwdog/wdconf.h ++++ b/src/com/redhat/nuxwdog/wdconf.h +@@ -36,7 +36,8 @@ typedef struct watchdog_conf_info_t { + char *exeContext; /* selinux type context */ + char *pidFile; /* pidFile */ + char *childPidFile; /* child pid file */ +- int childSecurity; /* enforce child security */ ++ int childSecurity; /* enforce child security */ ++ char *user; /* user to execute the process as */ + } watchdog_conf_info_t; + + watchdog_conf_info_t *watchdog_parse(char *conf_file); +-- +2.14.3 + diff --git a/SPECS/nuxwdog.spec b/SPECS/nuxwdog.spec new file mode 100644 index 0000000..ce8da0e --- /dev/null +++ b/SPECS/nuxwdog.spec @@ -0,0 +1,252 @@ +Name: nuxwdog +Version: 1.0.3 +Release: 7%{?dist} +Summary: Watchdog server to start and stop processes, and prompt for passwords +# The entire source code is LGPLv2 except for the perl module, which is GPL+ or Artistic +License: LGPLv2 and (GPL+ or Artistic) +Group: System Environment/Libraries +URL: http://www.redhat.com/certificate_system +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) + +BuildRequires: ant +BuildRequires: java-devel >= 1:1.6.0 +BuildRequires: jpackage-utils +BuildRequires: nspr-devel +BuildRequires: nss-devel +BuildRequires: pkgconfig +BuildRequires: libselinux-devel +BuildRequires: perl(ExtUtils::MakeMaker) +BuildRequires: keyutils-libs-devel + +Requires: nss +Requires: keyutils-libs +Obsoletes: nuxwdog-client + +Source0: https://fedorahosted.org/released/nuxwdog/%{name}-%{version}.tar.gz +Patch0: nuxwdog-Allow-unlimited-conf-line-length.patch +Patch1: nuxwdog-set-uid.patch + +# Note: there is an rpmlint warning about Nuxwdogclient.so being a private-shared-object-provide +# This would ordinarily be fixed by calling the macro perl_default_filter, but +# this disables rpms file coloring and makes the package fail multilib tests. + +%description +The nuxwdog package supplies the nuxwdog watchdog daemon, +used to start,stop, prompt for passwords and monitor processes. +It also contains C/C++ and Perl client code to allow clients to +interact with the nuxwdog watchdog daemon. + +%package devel +Group: Development/Libraries +Summary: Development files for the Nuxwdog Watchdog +Requires: %{name} = %{version}-%{release} +Obsoletes: nuxwdog-client-devel + +%description devel +The nuxwdog-devel package contains the header files needed to build clients +that call WatchdogClient functions, so that clients can interact with the +nuxwdog watchdog server. + +%package client-java +Group: System Environment/Libraries +Summary: Nuxwdog Watchdog client JNI Package +Requires: java-headless >= 1:1.6.0 +Requires: jpackage-utils +Requires: %{name} = %{version}-%{release} + +%description client-java +The nuxwdog-client-java package contains a JNI interface to the nuxwdog +client code, so that Java clients can interact with the nuxwdog watchdog +server. + +%package client-perl +Group: System Environment/Libraries +Summary: Nuxwdog Watchdog client perl bindings +Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) +Requires: %{name} = %{version}-%{release} + +%description client-perl +The nuxwdog-client-perl package contains a perl interface to nuxwdog. + +%prep +%setup -q -n %{name}-%{version} +%patch0 -p1 +%patch1 -p1 + +%build +ant \ + -Dproduct.ui.flavor.prefix="" \ + -Dproduct.prefix="" \ + -Dproduct="nuxwdog" \ + -Dversion="%{version}" +%configure --disable-static \ +%ifarch ppc64 s390x sparc64 x86_64 + --enable-64bit \ +%endif + --libdir=%{_libdir} +make + +%install +rm -rf %{buildroot} +make install DESTDIR=%{buildroot} INSTALL="install -p" + +find %{buildroot} -name '*.la' -exec rm -f {} ';' + +mkdir -p %{buildroot}%{_docdir} +mv %{buildroot}%{_usr}/doc %{buildroot}%{_docdir}/%{name}-%{version} + +find %{buildroot}/%{perl_vendorarch} -name .packlist |xargs rm -f {} +find %{buildroot} -type f -name '*.bs' -a -size 0 -exec rm -f {} ';' +find %{buildroot} -name "perllocal.pod" |xargs rm -f {} +%{_fixperms} %{buildroot}/%{perl_vendorarch}/* + +mkdir -p %{buildroot}/%{_libdir}/nuxwdog-jni +mv %{buildroot}/%{_libdir}/libnuxwdog-jni.so %{buildroot}/%{_libdir}/nuxwdog-jni +mv %{buildroot}%{_usr}/jars/nuxwdog.jar %{buildroot}/%{_libdir}/nuxwdog-jni/nuxwdog-%{version}.jar +mkdir -p %{buildroot}%{_jnidir} +cd %{buildroot}/%{_jnidir} +ln -s %{_libdir}/nuxwdog-jni/nuxwdog-%{version}.jar nuxwdog.jar +rm -rf %{buildroot}%{_usr}/jars +rm -rf %{buildroot}%{_usr}/doc + +%post -p /sbin/ldconfig + +%postun -p /sbin/ldconfig + +%clean +rm -rf %{buildroot} + +%files +%defattr(-,root,root,-) +%doc LICENSE +%{_bindir}/* +%{_libdir}/libnuxwdog.so.* +%{_mandir}/man1/nuxwdog.1* + +%files devel +%defattr(-,root,root,-) +%doc +%{_includedir}/nuxwdog/ +%{_libdir}/libnuxwdog.so + +%files client-java +%defattr(-,root,root,-) +%doc +%{_libdir}/nuxwdog-jni/ +%{_jnidir}/* + +%files client-perl +%defattr(-,root,root,-) +%{_mandir}/man3/Nuxwdogclient.3pm* +%{perl_vendorarch}/* +%exclude %dir %{perl_vendorarch}/auto/ + +%changelog +* Wed Jan 17 2018 Ade Lee 1.0.3-7 +- Resolves: 1534030 - add option to set process uid + +* Thu Nov 2 2017 Ade Lee 1.0.3-6 +- Resolves: rhbz#1503753 - nuxwdog is cutting off long ExeArgs + +* Fri Jun 24 2016 Ade Lee 1.0.3-5 +- Resolves: rhbz#1283272 - Move perl bindings to a subpackage + +* Wed Nov 18 2015 Ade Lee 1.0.3-4 +- Resolves: rhbz#1283338 - Use java-headless instead + +* Wed Jun 17 2015 Ade Lee 1.0.3-2 +- Resolves: rhbz#1229817 - Re-enable builds for ppc64/ppc64le/s390x + +* Sun May 10 2015 Ade Lee 1.0.3-1 +- Add systemd support + +* Wed Apr 22 2015 Ade Lee 1.0.2-1 +- Allow passwords to be retrieved post-init phase +- Fix null termination issue on returned stored passwords + +* Tue Sep 30 2014 Ade Lee - 1.0.1-10 +- Resolves: rhbz#1117072 - ppc64le is missing from ExcludeArch +- reverted the previous change. ppc64le now removed from ExcludeArch + +* Wed Aug 13 2014 Ade Lee - 1.0.1-9 +- Resolves: rhbz#1117072 - ppc64le is missing from ExcludeArch + +* Fri Dec 27 2013 Daniel Mach - 1.0.1-8 +- Mass rebuild 2013-12-27 + +* Thu Feb 14 2013 Fedora Release Engineering - 1.0.1-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Wed Dec 19 2012 Stanislav Ochotnicky - 1.0.1-6 +- revbump after jnidir change + +* Wed Dec 12 2012 Stanislav Ochotnicky - 1.0.1-5 +- Rebuilt for jpackage-utils changes + +* Fri Jul 20 2012 Fedora Release Engineering - 1.0.1-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Fri Jan 13 2012 Fedora Release Engineering - 1.0.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Tue Feb 08 2011 Fedora Release Engineering - 1.0.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Fri Jan 28 2011 Ade Lee 1.0.1-1 +- Resolves: #643546 - [RFE] Add nuxwdog to RHEL. +- fix file coloring, aliasing problem + +* Tue Jan 4 2011 Ade Lee 1.0.0-16 +- Resolves: #643546 - [RFE] Add nuxwdog to RHEL. +- fix build problem + +* Tue Jan 4 2011 Ade Lee 1.0.0-15 +- Resolves: #643546 - [RFE] Add nuxwdog to RHEL. +- add needed build requires, requires + +* Thu Dec 23 2010 Ade Lee 1.0.0-14 +- Resolves: #643546 - [RFE] Add nuxwdog to RHEL. +- Remove old encryption scheme +- Store passwords in kernel keyring + +* Thu Dec 16 2010 Ade Lee 1.0.0-13 +- Resolves: #643546 - [RFE] Add nuxwdog to RHEL. + +* Wed Dec 15 2010 Ade Lee 1.0.0-12 +- Resolves: #643546 - [RFE] Add nuxwdog to RHEL. + +* Wed Dec 15 2010 Ade Lee 1.0.0-11 +- Exclude arches for which there is no java + +* Wed Dec 8 2010 Ade Lee 1.0.0-10 +- Fixed copyright notices +- Removed versioning for requires +- Fixed library reference in perl build + +* Tue Dec 7 2010 Ade Lee 1.0.0-9 +- Fixed macros and copyrights +- Copyrights fixed for perl modules + +* Fri Dec 3 2010 Ade Lee 1.0.0-8 +- Spec file modified as per fedora review +- Copyrights fixed for perl modules + +* Wed Dec 1 2010 Ade Lee 1.0.0-7 +- Added missing build dependency on MakeMaker +- Removed extra config flags + +* Tue Nov 30 2010 Ade Lee 1.0.0-6 +- Restructure rpms +- Fix rpmlint issues + +* Fri Sep 10 2010 Ade Lee 1.0.0-5 +- Bumped version to match brew builds +- Bugzilla Bug 630115 - added printMessage() method + +* Thu Feb 11 2010 Ade Lee 1.0.0-2 +- Initial version in separated repo. + +* Tue Dec 1 2009 Ade Lee 1.0.0-1 +- Initial open source version based upon Red Hat + Certificate System (RHCS) 6.1 uxwdog code. +