|
 |
f43afa |
From 94b9fcc03560b36932405727759a5621966cd212 Mon Sep 17 00:00:00 2001
|
|
|
f43afa |
From: Jonathan Lebon <jlebon@redhat.com>
|
|
|
f43afa |
Date: Fri, 13 Dec 2013 16:37:57 -0500
|
|
|
f43afa |
Subject: BZ1044429: fix client.exp and improve client/server
|
|
|
f43afa |
|
|
|
f43afa |
---
|
|
|
f43afa |
csclient.cxx | 342 ++++++++++++----------
|
|
|
f43afa |
csclient.h | 4 +-
|
|
|
f43afa |
nsscommon.cxx | 11 +-
|
|
|
f43afa |
testsuite/lib/systemtap.exp | 1 +
|
|
|
f43afa |
testsuite/systemtap.server/client.exp | 333 ++++++++++-----------
|
|
|
f43afa |
testsuite/systemtap.server/server_args.exp | 17 +-
|
|
|
f43afa |
testsuite/systemtap.server/server_concurrency.exp | 4 +-
|
|
|
f43afa |
7 files changed, 373 insertions(+), 339 deletions(-)
|
|
|
f43afa |
|
|
|
f43afa |
diff --git a/csclient.cxx b/csclient.cxx
|
|
|
f43afa |
index cce5428..568cc8f 100644
|
|
|
f43afa |
--- a/csclient.cxx
|
|
|
f43afa |
+++ b/csclient.cxx
|
|
|
f43afa |
@@ -1,6 +1,6 @@
|
|
|
f43afa |
/*
|
|
|
f43afa |
Compile server client functions
|
|
|
f43afa |
- Copyright (C) 2010-2013 Red Hat Inc.
|
|
|
f43afa |
+ Copyright (C) 2010-2014 Red Hat Inc.
|
|
|
f43afa |
|
|
|
f43afa |
This file is part of systemtap, and is free software. You can
|
|
|
f43afa |
redistribute it and/or modify it under the terms of the GNU General
|
|
|
f43afa |
@@ -88,66 +88,71 @@ nsscommon_error (const char *msg, int logit __attribute ((unused)))
|
|
|
f43afa |
// Information about compile servers.
|
|
|
f43afa |
struct compile_server_info
|
|
|
f43afa |
{
|
|
|
f43afa |
- compile_server_info ()
|
|
|
f43afa |
+ compile_server_info () : port(0), fully_specified(false)
|
|
|
f43afa |
{
|
|
|
f43afa |
memset (& address, 0, sizeof (address));
|
|
|
f43afa |
}
|
|
|
f43afa |
|
|
|
f43afa |
string host_name;
|
|
|
f43afa |
PRNetAddr address;
|
|
|
f43afa |
+ unsigned short port;
|
|
|
f43afa |
+ bool fully_specified;
|
|
|
f43afa |
string version;
|
|
|
f43afa |
string sysinfo;
|
|
|
f43afa |
string certinfo;
|
|
|
f43afa |
|
|
|
f43afa |
bool empty () const
|
|
|
f43afa |
{
|
|
|
f43afa |
- return this->host_name.empty () && ! this->hasAddress ();
|
|
|
f43afa |
+ return this->host_name.empty () && ! this->hasAddress () && certinfo.empty ();
|
|
|
f43afa |
}
|
|
|
f43afa |
bool hasAddress () const
|
|
|
f43afa |
{
|
|
|
f43afa |
return this->address.raw.family != 0;
|
|
|
f43afa |
}
|
|
|
f43afa |
- unsigned short port () const
|
|
|
f43afa |
- {
|
|
|
f43afa |
- if (this->address.raw.family == PR_AF_INET)
|
|
|
f43afa |
- return ntohs (this->address.inet.port);
|
|
|
f43afa |
- if (this->address.raw.family == PR_AF_INET6)
|
|
|
f43afa |
- return ntohs (this->address.ipv6.port);
|
|
|
f43afa |
- return 0;
|
|
|
f43afa |
- }
|
|
|
f43afa |
- unsigned short setPort (unsigned short port)
|
|
|
f43afa |
+ unsigned short setAddressPort (unsigned short port)
|
|
|
f43afa |
{
|
|
|
f43afa |
if (this->address.raw.family == PR_AF_INET)
|
|
|
f43afa |
return this->address.inet.port = htons (port);
|
|
|
f43afa |
if (this->address.raw.family == PR_AF_INET6)
|
|
|
f43afa |
return this->address.ipv6.port = htons (port);
|
|
|
f43afa |
+ assert (0);
|
|
|
f43afa |
return 0;
|
|
|
f43afa |
}
|
|
|
f43afa |
+ bool isComplete () const
|
|
|
f43afa |
+ {
|
|
|
f43afa |
+ return this->hasAddress () && port != 0;
|
|
|
f43afa |
+ }
|
|
|
f43afa |
|
|
|
f43afa |
bool operator== (const compile_server_info &that) const
|
|
|
f43afa |
{
|
|
|
f43afa |
- // If both ip addressed are not set, then the host names must match, otherwise
|
|
|
f43afa |
- // the addresses must match.
|
|
|
f43afa |
- if (! this->hasAddress() || ! that.hasAddress())
|
|
|
f43afa |
+ // If one item or the other has only a name, and possibly a port specified,
|
|
|
f43afa |
+ // then allow a match by name and port only. This is so that the user can specify
|
|
|
f43afa |
+ // names which are returned by avahi, but are not dns resolvable.
|
|
|
f43afa |
+ // Otherwise, we will ignore the host_name.
|
|
|
f43afa |
+ if ((! this->hasAddress() && this->version.empty () &&
|
|
|
f43afa |
+ this->sysinfo.empty () && this->certinfo.empty ()) ||
|
|
|
f43afa |
+ (! that.hasAddress() && that.version.empty () &&
|
|
|
f43afa |
+ that.sysinfo.empty () && that.certinfo.empty ()))
|
|
|
f43afa |
{
|
|
|
f43afa |
if (this->host_name != that.host_name)
|
|
|
f43afa |
return false;
|
|
|
f43afa |
}
|
|
|
f43afa |
- else if (this->address != that.address)
|
|
|
f43afa |
- return false;
|
|
|
f43afa |
|
|
|
f43afa |
// Compare the other fields only if they have both been set.
|
|
|
f43afa |
- if (this->port() != 0 && that.port() != 0 &&
|
|
|
f43afa |
- this->port() != that.port())
|
|
|
f43afa |
+ if (this->hasAddress() && that.hasAddress() &&
|
|
|
f43afa |
+ this->address != that.address)
|
|
|
f43afa |
+ return false;
|
|
|
f43afa |
+ if (this->port != 0 && that.port != 0 &&
|
|
|
f43afa |
+ this->port != that.port)
|
|
|
f43afa |
return false;
|
|
|
f43afa |
if (! this->version.empty () && ! that.version.empty () &&
|
|
|
f43afa |
- this->version != that.version)
|
|
|
f43afa |
+ this->version != that.version)
|
|
|
f43afa |
return false;
|
|
|
f43afa |
if (! this->sysinfo.empty () && ! that.sysinfo.empty () &&
|
|
|
f43afa |
- this->sysinfo != that.sysinfo)
|
|
|
f43afa |
+ this->sysinfo != that.sysinfo)
|
|
|
f43afa |
return false;
|
|
|
f43afa |
if (! this->certinfo.empty () && ! that.certinfo.empty () &&
|
|
|
f43afa |
- this->certinfo != that.certinfo)
|
|
|
f43afa |
+ this->certinfo != that.certinfo)
|
|
|
f43afa |
return false;
|
|
|
f43afa |
|
|
|
f43afa |
return true; // They are equal
|
|
|
f43afa |
@@ -179,6 +184,14 @@ preferred_order (vector<compile_server_info> &servers)
|
|
|
f43afa |
sort (servers.begin (), servers.end ());
|
|
|
f43afa |
}
|
|
|
f43afa |
|
|
|
f43afa |
+struct resolved_host
|
|
|
f43afa |
+{
|
|
|
f43afa |
+ string host_name;
|
|
|
f43afa |
+ PRNetAddr address;
|
|
|
f43afa |
+ resolved_host(string chost_name, PRNetAddr caddress):
|
|
|
f43afa |
+ host_name(chost_name), address(caddress) {}
|
|
|
f43afa |
+};
|
|
|
f43afa |
+
|
|
|
f43afa |
struct compile_server_cache
|
|
|
f43afa |
{
|
|
|
f43afa |
vector<compile_server_info> default_servers;
|
|
|
f43afa |
@@ -187,7 +200,7 @@ struct compile_server_cache
|
|
|
f43afa |
vector<compile_server_info> signing_servers;
|
|
|
f43afa |
vector<compile_server_info> online_servers;
|
|
|
f43afa |
vector<compile_server_info> all_servers;
|
|
|
f43afa |
- map<string,vector<compile_server_info> > resolved_servers;
|
|
|
f43afa |
+ map<string,vector<resolved_host> > resolved_hosts;
|
|
|
f43afa |
};
|
|
|
f43afa |
|
|
|
f43afa |
// For filtering queries.
|
|
|
f43afa |
@@ -234,7 +247,7 @@ static void resolve_host (systemtap_session& s, compile_server_info &server, vec
|
|
|
f43afa |
// -----------------------------------------------------
|
|
|
f43afa |
// NSS related code used by the compile server client
|
|
|
f43afa |
// -----------------------------------------------------
|
|
|
f43afa |
-static void add_server_trust (systemtap_session &s, const string &cert_db_path, const vector<compile_server_info> &server_list);
|
|
|
f43afa |
+static void add_server_trust (systemtap_session &s, const string &cert_db_path, vector<compile_server_info> &server_list);
|
|
|
f43afa |
static void revoke_server_trust (systemtap_session &s, const string &cert_db_path, const vector<compile_server_info> &server_list);
|
|
|
f43afa |
static void get_server_info_from_db (systemtap_session &s, vector<compile_server_info> &servers, const string &cert_db_path);
|
|
|
f43afa |
|
|
|
f43afa |
@@ -1132,10 +1145,10 @@ compile_server_client::find_and_connect_to_server ()
|
|
|
f43afa |
i != specified_servers.end ();
|
|
|
f43afa |
++i)
|
|
|
f43afa |
{
|
|
|
f43afa |
- // If we have an ip address and port number, then just use the one we've
|
|
|
f43afa |
- // been given. Otherwise, check for matching online servers and try their
|
|
|
f43afa |
+ // If we have an ip address and were given a port number, then just use the one we've
|
|
|
f43afa |
+ // been given. Otherwise, check for matching compatible online servers and try their
|
|
|
f43afa |
// ip addresses and ports.
|
|
|
f43afa |
- if (i->hasAddress() && i->port() != 0)
|
|
|
f43afa |
+ if (i->hasAddress() && i->fully_specified)
|
|
|
f43afa |
add_server_info (*i, server_list);
|
|
|
f43afa |
else
|
|
|
f43afa |
{
|
|
|
f43afa |
@@ -1145,8 +1158,8 @@ compile_server_client::find_and_connect_to_server ()
|
|
|
f43afa |
|
|
|
f43afa |
// If no specific server (port) has been specified,
|
|
|
f43afa |
// then we'll need the servers to be
|
|
|
f43afa |
- // compatible and possible trusted as signers as well.
|
|
|
f43afa |
- if (i->port() == 0)
|
|
|
f43afa |
+ // compatible and possibly trusted as signers as well.
|
|
|
f43afa |
+ if (! i->fully_specified)
|
|
|
f43afa |
{
|
|
|
f43afa |
get_or_keep_compatible_server_info (s, online_servers, true/*keep*/);
|
|
|
f43afa |
if (! pr_contains (s.privilege, pr_stapdev))
|
|
|
f43afa |
@@ -1227,7 +1240,7 @@ compile_server_client::find_and_connect_to_server ()
|
|
|
f43afa |
|
|
|
f43afa |
int
|
|
|
f43afa |
compile_server_client::compile_using_server (
|
|
|
f43afa |
- const vector<compile_server_info> &servers
|
|
|
f43afa |
+ vector<compile_server_info> &servers
|
|
|
f43afa |
)
|
|
|
f43afa |
{
|
|
|
f43afa |
// Make sure NSPR is initialized. Must be done before NSS is initialized
|
|
|
f43afa |
@@ -1275,14 +1288,16 @@ compile_server_client::compile_using_server (
|
|
|
f43afa |
server_zipfile = s.tmpdir + "/server.zip";
|
|
|
f43afa |
|
|
|
f43afa |
// Try each server in turn.
|
|
|
f43afa |
- for (vector<compile_server_info>::const_iterator j = servers.begin ();
|
|
|
f43afa |
+ for (vector<compile_server_info>::iterator j = servers.begin ();
|
|
|
f43afa |
j != servers.end ();
|
|
|
f43afa |
++j)
|
|
|
f43afa |
{
|
|
|
f43afa |
// At a minimum we need an ip_address along with a port
|
|
|
f43afa |
// number in order to contact the server.
|
|
|
f43afa |
- if (! j->hasAddress() || j->port() == 0)
|
|
|
f43afa |
+ if (! j->hasAddress() || j->port == 0)
|
|
|
f43afa |
continue;
|
|
|
f43afa |
+ // Set the port within the address.
|
|
|
f43afa |
+ j->setAddressPort (j->port);
|
|
|
f43afa |
|
|
|
f43afa |
if (s.verbose >= 2)
|
|
|
f43afa |
clog << _F("Attempting SSL connection with %s\n"
|
|
|
f43afa |
@@ -1673,7 +1688,7 @@ static void
|
|
|
f43afa |
add_server_trust (
|
|
|
f43afa |
systemtap_session &s,
|
|
|
f43afa |
const string &cert_db_path,
|
|
|
f43afa |
- const vector<compile_server_info> &server_list
|
|
|
f43afa |
+ vector<compile_server_info> &server_list
|
|
|
f43afa |
)
|
|
|
f43afa |
{
|
|
|
f43afa |
// Get a list of servers already trusted. This opens the database, so do it
|
|
|
f43afa |
@@ -1716,7 +1731,7 @@ add_server_trust (
|
|
|
f43afa |
// Iterate over the servers to become trusted. Contact each one and
|
|
|
f43afa |
// add it to the list of trusted servers if it is not already trusted.
|
|
|
f43afa |
// client_connect will issue any error messages.
|
|
|
f43afa |
- for (vector<compile_server_info>::const_iterator server = server_list.begin();
|
|
|
f43afa |
+ for (vector<compile_server_info>::iterator server = server_list.begin();
|
|
|
f43afa |
server != server_list.end ();
|
|
|
f43afa |
++server)
|
|
|
f43afa |
{
|
|
|
f43afa |
@@ -1735,10 +1750,14 @@ add_server_trust (
|
|
|
f43afa |
trust_already_in_place (*server, server_list, cert_db_path, false/*revoking*/);
|
|
|
f43afa |
continue;
|
|
|
f43afa |
}
|
|
|
f43afa |
+
|
|
|
f43afa |
// At a minimum we need an ip_address along with a port
|
|
|
f43afa |
// number in order to contact the server.
|
|
|
f43afa |
- if (! server->hasAddress() || server->port() == 0)
|
|
|
f43afa |
+ if (! server->hasAddress() || server->port == 0)
|
|
|
f43afa |
continue;
|
|
|
f43afa |
+ // Set the port within the address.
|
|
|
f43afa |
+ server->setAddressPort (server->port);
|
|
|
f43afa |
+
|
|
|
f43afa |
int rc = client_connect (*server, NULL, NULL, "permanent");
|
|
|
f43afa |
if (rc != SUCCESS)
|
|
|
f43afa |
{
|
|
|
f43afa |
@@ -2076,8 +2095,8 @@ ostream &operator<< (ostream &s, const compile_server_info &i)
|
|
|
f43afa |
else
|
|
|
f43afa |
s << "offline";
|
|
|
f43afa |
s << " port=";
|
|
|
f43afa |
- if (i.port() != 0)
|
|
|
f43afa |
- s << i.port();
|
|
|
f43afa |
+ if (i.port != 0)
|
|
|
f43afa |
+ s << i.port;
|
|
|
f43afa |
else
|
|
|
f43afa |
s << "unknown";
|
|
|
f43afa |
s << " sysinfo=\"";
|
|
|
f43afa |
@@ -2586,7 +2605,8 @@ isPort (const char *pstr, compile_server_info &server_info)
|
|
|
f43afa |
clog << _F("Invalid port number specified: %s", pstr) << endl;
|
|
|
f43afa |
return false;
|
|
|
f43afa |
}
|
|
|
f43afa |
- server_info.setPort (p);
|
|
|
f43afa |
+ server_info.port = p;
|
|
|
f43afa |
+ server_info.fully_specified = true;
|
|
|
f43afa |
return true;
|
|
|
f43afa |
}
|
|
|
f43afa |
|
|
|
f43afa |
@@ -2665,8 +2685,10 @@ isIPv6 (const string &server, compile_server_info &server_info)
|
|
|
f43afa |
if (! empty && components.size() != 8)
|
|
|
f43afa |
return false; // Not a valid IPv6 address
|
|
|
f43afa |
|
|
|
f43afa |
- // Calls to setPort and isPort need to know that this is an IPv6 address.
|
|
|
f43afa |
- server_info.address.raw.family = PR_AF_INET6;
|
|
|
f43afa |
+ // Try to convert the string to an address.
|
|
|
f43afa |
+ PRStatus prStatus = PR_StringToNetAddr (ip.c_str(), & server_info.address);
|
|
|
f43afa |
+ if (prStatus != PR_SUCCESS)
|
|
|
f43afa |
+ return false;
|
|
|
f43afa |
|
|
|
f43afa |
// Examine the optional port
|
|
|
f43afa |
if (portIx != string::npos)
|
|
|
f43afa |
@@ -2683,10 +2705,8 @@ isIPv6 (const string &server, compile_server_info &server_info)
|
|
|
f43afa |
}
|
|
|
f43afa |
}
|
|
|
f43afa |
else
|
|
|
f43afa |
- server_info.setPort (0);
|
|
|
f43afa |
+ server_info.port = 0;
|
|
|
f43afa |
|
|
|
f43afa |
- // Treat the ip address string like a host name.
|
|
|
f43afa |
- server_info.host_name = ip;
|
|
|
f43afa |
return true; // valid IPv6 address.
|
|
|
f43afa |
}
|
|
|
f43afa |
|
|
|
f43afa |
@@ -2703,20 +2723,20 @@ isIPv4 (const string &server, compile_server_info &server_info)
|
|
|
f43afa |
if (components.size() > 2)
|
|
|
f43afa |
return false; // Not a valid IPv4 address
|
|
|
f43afa |
|
|
|
f43afa |
- // Separate the host from the port (if any).
|
|
|
f43afa |
- string host;
|
|
|
f43afa |
+ // Separate the address from the port (if any).
|
|
|
f43afa |
+ string addr;
|
|
|
f43afa |
string port;
|
|
|
f43afa |
if (components.size() <= 1)
|
|
|
f43afa |
- host = server;
|
|
|
f43afa |
+ addr = server;
|
|
|
f43afa |
else {
|
|
|
f43afa |
- host = components[0];
|
|
|
f43afa |
+ addr = components[0];
|
|
|
f43afa |
port = components[1];
|
|
|
f43afa |
}
|
|
|
f43afa |
|
|
|
f43afa |
- // Separate the host components.
|
|
|
f43afa |
+ // Separate the address components.
|
|
|
f43afa |
// There must be exactly 4 components.
|
|
|
f43afa |
components.clear ();
|
|
|
f43afa |
- tokenize (server, components, ".");
|
|
|
f43afa |
+ tokenize (addr, components, ".");
|
|
|
f43afa |
if (components.size() != 4)
|
|
|
f43afa |
return false; // Not a valid IPv4 address
|
|
|
f43afa |
|
|
|
f43afa |
@@ -2732,8 +2752,10 @@ isIPv4 (const string &server, compile_server_info &server_info)
|
|
|
f43afa |
return false; // Not a valid IPv4 address
|
|
|
f43afa |
}
|
|
|
f43afa |
|
|
|
f43afa |
- // Calls to setPort and isPort need to know that this is an IPv4 address.
|
|
|
f43afa |
- server_info.address.raw.family = PR_AF_INET;
|
|
|
f43afa |
+ // Try to convert the string to an address.
|
|
|
f43afa |
+ PRStatus prStatus = PR_StringToNetAddr (addr.c_str(), & server_info.address);
|
|
|
f43afa |
+ if (prStatus != PR_SUCCESS)
|
|
|
f43afa |
+ return false;
|
|
|
f43afa |
|
|
|
f43afa |
// Examine the optional port
|
|
|
f43afa |
if (! port.empty ()) {
|
|
|
f43afa |
@@ -2741,10 +2763,8 @@ isIPv4 (const string &server, compile_server_info &server_info)
|
|
|
f43afa |
return false; // not a valid port
|
|
|
f43afa |
}
|
|
|
f43afa |
else
|
|
|
f43afa |
- server_info.setPort (0);
|
|
|
f43afa |
+ server_info.port = 0;
|
|
|
f43afa |
|
|
|
f43afa |
- // Treat the ip address string like a host name.
|
|
|
f43afa |
- server_info.host_name = host;
|
|
|
f43afa |
return true; // valid IPv4 address.
|
|
|
f43afa |
}
|
|
|
f43afa |
|
|
|
f43afa |
@@ -2754,8 +2774,6 @@ isCertSerialNumber (const string &server, compile_server_info &server_info)
|
|
|
f43afa |
// This function assumes that we have already ruled out the server spec being an IPv6 address.
|
|
|
f43afa |
// Certificate serial numbers are 5 fields separated by colons plus an optional 6th decimal
|
|
|
f43afa |
// field specifying a port.
|
|
|
f43afa |
- // Assume IPv4 (for now) when storing the port.
|
|
|
f43afa |
- server_info.address.raw.family = PR_AF_INET;
|
|
|
f43afa |
assert (! server.empty());
|
|
|
f43afa |
string host = server;
|
|
|
f43afa |
vector<string> components;
|
|
|
f43afa |
@@ -2782,8 +2800,6 @@ isDomain (const string &server, compile_server_info &server_info)
|
|
|
f43afa |
{
|
|
|
f43afa |
// Accept one or two components separated by a colon. The first will be the domain name and
|
|
|
f43afa |
// the second must a port number.
|
|
|
f43afa |
- // Assume IPv4 (for now) when storing the port.
|
|
|
f43afa |
- server_info.address.raw.family = PR_AF_INET;
|
|
|
f43afa |
assert (! server.empty());
|
|
|
f43afa |
string host = server;
|
|
|
f43afa |
vector<string> components;
|
|
|
f43afa |
@@ -2858,50 +2874,69 @@ get_specified_server_info (
|
|
|
f43afa |
// Check for IPv6 addresses first. It reduces the amount of checking necessary for
|
|
|
f43afa |
// certificate serial numbers.
|
|
|
f43afa |
compile_server_info server_info;
|
|
|
f43afa |
- vector<compile_server_info> known_servers;
|
|
|
f43afa |
+ vector<compile_server_info> resolved_servers;
|
|
|
f43afa |
if (isIPv6 (server, server_info) || isIPv4 (server, server_info) ||
|
|
|
f43afa |
- isDomain (server, server_info))
|
|
|
f43afa |
+ isCertSerialNumber (server, server_info))
|
|
|
f43afa |
{
|
|
|
f43afa |
- // Resolve this host and add any information that is discovered.
|
|
|
f43afa |
- // Try to augment the resolved servers with information about known servers.
|
|
|
f43afa |
- // There may be no intersection.
|
|
|
f43afa |
- get_all_server_info (s, known_servers);
|
|
|
f43afa |
-
|
|
|
f43afa |
- vector<compile_server_info> resolved_servers;
|
|
|
f43afa |
+ // An address or cert serial number has been specified.
|
|
|
f43afa |
+ // No resolution is needed.
|
|
|
f43afa |
+ resolved_servers.push_back (server_info);
|
|
|
f43afa |
+ }
|
|
|
f43afa |
+ else if (isDomain (server, server_info))
|
|
|
f43afa |
+ {
|
|
|
f43afa |
+ // Try to resolve the given name.
|
|
|
f43afa |
resolve_host (s, server_info, resolved_servers);
|
|
|
f43afa |
-
|
|
|
f43afa |
- vector<compile_server_info> common_servers = resolved_servers;
|
|
|
f43afa |
- keep_common_server_info (known_servers, common_servers);
|
|
|
f43afa |
- if (! common_servers.empty ())
|
|
|
f43afa |
- add_server_info (common_servers, resolved_servers);
|
|
|
f43afa |
-
|
|
|
f43afa |
- if (s.verbose >= 3)
|
|
|
f43afa |
- {
|
|
|
f43afa |
- clog << _F("Servers matching %s: ", server.c_str()) << endl;
|
|
|
f43afa |
- clog << resolved_servers;
|
|
|
f43afa |
- }
|
|
|
f43afa |
- add_server_info (resolved_servers, specified_servers);
|
|
|
f43afa |
- }
|
|
|
f43afa |
- else if (isCertSerialNumber (server, server_info))
|
|
|
f43afa |
- {
|
|
|
f43afa |
- // The host could not be resolved. Try resolving it as a certificate serial
|
|
|
f43afa |
- // number. Look for all known servers with this serial number and (optional)
|
|
|
f43afa |
- // port number.
|
|
|
f43afa |
- get_all_server_info (s, known_servers);
|
|
|
f43afa |
- keep_server_info_with_cert_and_port (s, server_info, known_servers);
|
|
|
f43afa |
- if (s.verbose >= 3)
|
|
|
f43afa |
- {
|
|
|
f43afa |
- clog << _F("Servers matching %s: ", server.c_str()) << endl;
|
|
|
f43afa |
- clog << known_servers;
|
|
|
f43afa |
- }
|
|
|
f43afa |
-
|
|
|
f43afa |
- add_server_info (known_servers, specified_servers);
|
|
|
f43afa |
}
|
|
|
f43afa |
else
|
|
|
f43afa |
{
|
|
|
f43afa |
clog << _F("Invalid server specification for --use-server: %s", server.c_str())
|
|
|
f43afa |
<< endl;
|
|
|
f43afa |
+ continue;
|
|
|
f43afa |
}
|
|
|
f43afa |
+
|
|
|
f43afa |
+ // Now examine the server(s) identified and add them to the list of specified
|
|
|
f43afa |
+ // servers.
|
|
|
f43afa |
+ vector<compile_server_info> known_servers;
|
|
|
f43afa |
+ vector<compile_server_info> new_servers;
|
|
|
f43afa |
+ for (vector<compile_server_info>::iterator i = resolved_servers.begin();
|
|
|
f43afa |
+ i != resolved_servers.end();
|
|
|
f43afa |
+ ++i)
|
|
|
f43afa |
+ {
|
|
|
f43afa |
+ // If this item was fully specified, then just add it.
|
|
|
f43afa |
+ if (i->fully_specified)
|
|
|
f43afa |
+ add_server_info (*i, new_servers);
|
|
|
f43afa |
+ else {
|
|
|
f43afa |
+ // It was not fully specified, so we need additional info. Try
|
|
|
f43afa |
+ // to get it by matching what we have against other known servers.
|
|
|
f43afa |
+ if (known_servers.empty ())
|
|
|
f43afa |
+ get_all_server_info (s, known_servers);
|
|
|
f43afa |
+
|
|
|
f43afa |
+ // See if this server spec matches that of a known server
|
|
|
f43afa |
+ vector<compile_server_info> matched_servers = known_servers;
|
|
|
f43afa |
+ keep_common_server_info (*i, matched_servers);
|
|
|
f43afa |
+
|
|
|
f43afa |
+ // If this server spec matches one or more known servers, then add the
|
|
|
f43afa |
+ // augmented info to the specified_servers. Otherwise, if this server
|
|
|
f43afa |
+ // spec is complete, then add it directly. Otherwise this server spec
|
|
|
f43afa |
+ // is incomplete.
|
|
|
f43afa |
+ if (! matched_servers.empty())
|
|
|
f43afa |
+ add_server_info (matched_servers, new_servers);
|
|
|
f43afa |
+ else if (i->isComplete ())
|
|
|
f43afa |
+ add_server_info (*i, new_servers);
|
|
|
f43afa |
+ else if (s.verbose >= 3)
|
|
|
f43afa |
+ clog << _("Incomplete server spec: ") << *i << endl;
|
|
|
f43afa |
+ }
|
|
|
f43afa |
+ }
|
|
|
f43afa |
+
|
|
|
f43afa |
+ if (s.verbose >= 3)
|
|
|
f43afa |
+ {
|
|
|
f43afa |
+ clog << _F("Servers matching %s: ", server.c_str()) << endl;
|
|
|
f43afa |
+ clog << new_servers;
|
|
|
f43afa |
+ }
|
|
|
f43afa |
+
|
|
|
f43afa |
+ // Add the newly identified servers to the list.
|
|
|
f43afa |
+ if (! new_servers.empty())
|
|
|
f43afa |
+ add_server_info (new_servers, specified_servers);
|
|
|
f43afa |
} // Loop over --use-server options
|
|
|
f43afa |
} // -- use-server specified
|
|
|
f43afa |
|
|
|
f43afa |
@@ -3087,13 +3122,16 @@ keep_server_info_with_cert_and_port (
|
|
|
f43afa |
continue;
|
|
|
f43afa |
}
|
|
|
f43afa |
if (servers[i].certinfo == server.certinfo &&
|
|
|
f43afa |
- (servers[i].port() == 0 || server.port() == 0 ||
|
|
|
f43afa |
- servers[i].port() == server.port()))
|
|
|
f43afa |
+ (servers[i].port == 0 || server.port == 0 ||
|
|
|
f43afa |
+ servers[i].port == server.port))
|
|
|
f43afa |
{
|
|
|
f43afa |
// If the server is not online, then use the specified
|
|
|
f43afa |
// port, if any.
|
|
|
f43afa |
- if (servers[i].port() == 0)
|
|
|
f43afa |
- servers[i].setPort (server.port());
|
|
|
f43afa |
+ if (servers[i].port == 0)
|
|
|
f43afa |
+ {
|
|
|
f43afa |
+ servers[i].port = server.port;
|
|
|
f43afa |
+ servers[i].fully_specified = server.fully_specified;
|
|
|
f43afa |
+ }
|
|
|
f43afa |
++i;
|
|
|
f43afa |
continue;
|
|
|
f43afa |
}
|
|
|
f43afa |
@@ -3110,8 +3148,8 @@ resolve_host (
|
|
|
f43afa |
vector<compile_server_info> &resolved_servers
|
|
|
f43afa |
)
|
|
|
f43afa |
{
|
|
|
f43afa |
- vector<compile_server_info>& cached_servers = cscache(s)->resolved_servers[server.host_name];
|
|
|
f43afa |
- if (cached_servers.empty ())
|
|
|
f43afa |
+ vector<resolved_host>& cached_hosts = cscache(s)->resolved_hosts[server.host_name];
|
|
|
f43afa |
+ if (cached_hosts.empty ())
|
|
|
f43afa |
{
|
|
|
f43afa |
// The server's host_name member is a string containing either a host name or an ip address.
|
|
|
f43afa |
// Either is acceptable for lookup.
|
|
|
f43afa |
@@ -3128,10 +3166,8 @@ resolve_host (
|
|
|
f43afa |
// Failure to resolve will result in an appropriate message later, if other methods fail.
|
|
|
f43afa |
if (rc != 0)
|
|
|
f43afa |
{
|
|
|
f43afa |
- // At a minimum, return the information we were given.
|
|
|
f43afa |
if (s.verbose >= 6)
|
|
|
f43afa |
clog << _F("%s not found: %s", lookup_name, gai_strerror (rc)) << endl;
|
|
|
f43afa |
- add_server_info (server, cached_servers);
|
|
|
f43afa |
}
|
|
|
f43afa |
else
|
|
|
f43afa |
{
|
|
|
f43afa |
@@ -3139,28 +3175,23 @@ resolve_host (
|
|
|
f43afa |
assert (addr_info);
|
|
|
f43afa |
for (const struct addrinfo *ai = addr_info; ai != NULL; ai = ai->ai_next)
|
|
|
f43afa |
{
|
|
|
f43afa |
- // Start with the info we were given.
|
|
|
f43afa |
- compile_server_info new_server = server;
|
|
|
f43afa |
+ PRNetAddr new_address;
|
|
|
f43afa |
|
|
|
f43afa |
// We support IPv4 and IPv6, Ignore other protocols,
|
|
|
f43afa |
if (ai->ai_family == AF_INET)
|
|
|
f43afa |
{
|
|
|
f43afa |
// IPv4 Address
|
|
|
f43afa |
struct sockaddr_in *ip = (struct sockaddr_in *)ai->ai_addr;
|
|
|
f43afa |
- new_server.address.inet.family = PR_AF_INET;
|
|
|
f43afa |
- if (ip->sin_port != 0)
|
|
|
f43afa |
- new_server.address.inet.port = ip->sin_port;
|
|
|
f43afa |
- new_server.address.inet.ip = ip->sin_addr.s_addr;
|
|
|
f43afa |
+ new_address.inet.family = PR_AF_INET;
|
|
|
f43afa |
+ new_address.inet.ip = ip->sin_addr.s_addr;
|
|
|
f43afa |
}
|
|
|
f43afa |
else if (ai->ai_family == AF_INET6)
|
|
|
f43afa |
{
|
|
|
f43afa |
// IPv6 Address
|
|
|
f43afa |
struct sockaddr_in6 *ip = (struct sockaddr_in6 *)ai->ai_addr;
|
|
|
f43afa |
- new_server.address.ipv6.family = PR_AF_INET6;
|
|
|
f43afa |
- if (ip->sin6_port != 0)
|
|
|
f43afa |
- new_server.address.ipv6.port = ip->sin6_port;
|
|
|
f43afa |
- new_server.address.ipv6.scope_id = ip->sin6_scope_id;
|
|
|
f43afa |
- copyAddress (new_server.address.ipv6.ip, ip->sin6_addr);
|
|
|
f43afa |
+ new_address.ipv6.family = PR_AF_INET6;
|
|
|
f43afa |
+ new_address.ipv6.scope_id = ip->sin6_scope_id;
|
|
|
f43afa |
+ copyAddress (new_address.ipv6.ip, ip->sin6_addr);
|
|
|
f43afa |
}
|
|
|
f43afa |
else
|
|
|
f43afa |
continue;
|
|
|
f43afa |
@@ -3169,25 +3200,54 @@ resolve_host (
|
|
|
f43afa |
char hbuf[NI_MAXHOST];
|
|
|
f43afa |
int status = getnameinfo (ai->ai_addr, ai->ai_addrlen, hbuf, sizeof (hbuf), NULL, 0,
|
|
|
f43afa |
NI_NAMEREQD | NI_IDN);
|
|
|
f43afa |
- if (status == 0)
|
|
|
f43afa |
- new_server.host_name = hbuf;
|
|
|
f43afa |
+ if (status != 0)
|
|
|
f43afa |
+ hbuf[0] = '\0';
|
|
|
f43afa |
|
|
|
f43afa |
- // Add the new resolved server to the list.
|
|
|
f43afa |
- add_server_info (new_server, cached_servers);
|
|
|
f43afa |
+ resolved_host *new_host = new resolved_host(hbuf, new_address);
|
|
|
f43afa |
+ cached_hosts.push_back(*new_host);
|
|
|
f43afa |
}
|
|
|
f43afa |
}
|
|
|
f43afa |
if (addr_info)
|
|
|
f43afa |
freeaddrinfo (addr_info); // free the linked list
|
|
|
f43afa |
-
|
|
|
f43afa |
- if (s.verbose >= 6)
|
|
|
f43afa |
- {
|
|
|
f43afa |
- clog << _F("%s resolves to:", lookup_name) << endl;
|
|
|
f43afa |
- clog << cached_servers;
|
|
|
f43afa |
- }
|
|
|
f43afa |
}
|
|
|
f43afa |
|
|
|
f43afa |
- // Add the information, but not duplicates.
|
|
|
f43afa |
- add_server_info (cached_servers, resolved_servers);
|
|
|
f43afa |
+ // If no addresses were resolved, then return the info we were given.
|
|
|
f43afa |
+ if (cached_hosts.empty())
|
|
|
f43afa |
+ add_server_info (server, resolved_servers);
|
|
|
f43afa |
+ else {
|
|
|
f43afa |
+ // We will add a new server for each address resolved
|
|
|
f43afa |
+ vector<compile_server_info> new_servers;
|
|
|
f43afa |
+ for (vector<resolved_host>::const_iterator it = cached_hosts.begin();
|
|
|
f43afa |
+ it != cached_hosts.end(); ++it)
|
|
|
f43afa |
+ {
|
|
|
f43afa |
+ // Start with the info we were given
|
|
|
f43afa |
+ compile_server_info new_server = server;
|
|
|
f43afa |
+
|
|
|
f43afa |
+ // NB: do not overwrite port info
|
|
|
f43afa |
+ if (it->address.raw.family == AF_INET)
|
|
|
f43afa |
+ {
|
|
|
f43afa |
+ new_server.address.inet.family = PR_AF_INET;
|
|
|
f43afa |
+ new_server.address.inet.ip = it->address.inet.ip;
|
|
|
f43afa |
+ }
|
|
|
f43afa |
+ else // AF_INET6
|
|
|
f43afa |
+ {
|
|
|
f43afa |
+ new_server.address.ipv6.family = PR_AF_INET6;
|
|
|
f43afa |
+ new_server.address.ipv6.scope_id = it->address.ipv6.scope_id;
|
|
|
f43afa |
+ new_server.address.ipv6.ip = it->address.ipv6.ip;
|
|
|
f43afa |
+ }
|
|
|
f43afa |
+ if (!it->host_name.empty())
|
|
|
f43afa |
+ new_server.host_name = it->host_name;
|
|
|
f43afa |
+ add_server_info (new_server, new_servers);
|
|
|
f43afa |
+ }
|
|
|
f43afa |
+
|
|
|
f43afa |
+ if (s.verbose >= 6)
|
|
|
f43afa |
+ {
|
|
|
f43afa |
+ clog << _F("%s resolves to:", server.host_name.c_str()) << endl;
|
|
|
f43afa |
+ clog << new_servers;
|
|
|
f43afa |
+ }
|
|
|
f43afa |
+
|
|
|
f43afa |
+ add_server_info (new_servers, resolved_servers);
|
|
|
f43afa |
+ }
|
|
|
f43afa |
}
|
|
|
f43afa |
|
|
|
f43afa |
#if HAVE_AVAHI
|
|
|
f43afa |
@@ -3268,12 +3328,12 @@ void resolve_callback(
|
|
|
f43afa |
// We support both IPv4 and IPv6. Ignore other protocols.
|
|
|
f43afa |
if (protocol == AVAHI_PROTO_INET6) {
|
|
|
f43afa |
info.address.ipv6.family = PR_AF_INET6;
|
|
|
f43afa |
- info.address.ipv6.port = htons (port);
|
|
|
f43afa |
info.address.ipv6.scope_id = interface;
|
|
|
f43afa |
+ info.port = port;
|
|
|
f43afa |
}
|
|
|
f43afa |
else if (protocol == AVAHI_PROTO_INET) {
|
|
|
f43afa |
info.address.inet.family = PR_AF_INET;
|
|
|
f43afa |
- info.address.inet.port = htons (port);
|
|
|
f43afa |
+ info.port = port;
|
|
|
f43afa |
}
|
|
|
f43afa |
else
|
|
|
f43afa |
break;
|
|
|
f43afa |
@@ -3388,7 +3448,6 @@ get_or_keep_online_server_info (
|
|
|
f43afa |
online_servers.push_back (compile_server_info ());
|
|
|
f43afa |
#if HAVE_AVAHI
|
|
|
f43afa |
// Must predeclare these due to jumping on error to fail:
|
|
|
f43afa |
- unsigned limit;
|
|
|
f43afa |
vector<compile_server_info> avahi_servers;
|
|
|
f43afa |
|
|
|
f43afa |
// Initialize.
|
|
|
f43afa |
@@ -3449,25 +3508,6 @@ get_or_keep_online_server_info (
|
|
|
f43afa |
clog << avahi_servers;
|
|
|
f43afa |
}
|
|
|
f43afa |
|
|
|
f43afa |
- // Resolve each server discovered, in case there are alternate ways to reach them
|
|
|
f43afa |
- // (e.g. localhost).
|
|
|
f43afa |
- limit = avahi_servers.size ();
|
|
|
f43afa |
- for (unsigned i = 0; i < limit; ++i)
|
|
|
f43afa |
- {
|
|
|
f43afa |
- compile_server_info &avahi_server = avahi_servers[i];
|
|
|
f43afa |
-
|
|
|
f43afa |
- // Delete the domain, if it is '.local'
|
|
|
f43afa |
- string &host_name = avahi_server.host_name;
|
|
|
f43afa |
- string::size_type dot_index = host_name.find ('.');
|
|
|
f43afa |
- assert (dot_index != 0);
|
|
|
f43afa |
- string domain = host_name.substr (dot_index + 1);
|
|
|
f43afa |
- if (domain == "local")
|
|
|
f43afa |
- host_name = host_name.substr (0, dot_index);
|
|
|
f43afa |
-
|
|
|
f43afa |
- // Add it to the list of servers, unless it is duplicate.
|
|
|
f43afa |
- resolve_host (s, avahi_server, online_servers);
|
|
|
f43afa |
- }
|
|
|
f43afa |
-
|
|
|
f43afa |
// Merge with the list of servers, as obtained by avahi.
|
|
|
f43afa |
add_server_info (avahi_servers, online_servers);
|
|
|
f43afa |
|
|
|
f43afa |
@@ -3619,15 +3659,19 @@ merge_server_info (
|
|
|
f43afa |
compile_server_info &target
|
|
|
f43afa |
)
|
|
|
f43afa |
{
|
|
|
f43afa |
- if (target.host_name.empty ())
|
|
|
f43afa |
+ // Copy the host name if the source has one.
|
|
|
f43afa |
+ if (! source.host_name.empty())
|
|
|
f43afa |
target.host_name = source.host_name;
|
|
|
f43afa |
// Copy the address unconditionally, if the source has an address, even if they are already
|
|
|
f43afa |
// equal. The source address may be an IPv6 address with a scope_id that the target is missing.
|
|
|
f43afa |
assert (! target.hasAddress () || ! source.hasAddress () || source.address == target.address);
|
|
|
f43afa |
if (source.hasAddress ())
|
|
|
f43afa |
copyNetAddr (target.address, source.address);
|
|
|
f43afa |
- if (target.port() == 0)
|
|
|
f43afa |
- target.setPort (source.port());
|
|
|
f43afa |
+ if (target.port == 0)
|
|
|
f43afa |
+ {
|
|
|
f43afa |
+ target.port = source.port;
|
|
|
f43afa |
+ target.fully_specified = source.fully_specified;
|
|
|
f43afa |
+ }
|
|
|
f43afa |
if (target.sysinfo.empty ())
|
|
|
f43afa |
target.sysinfo = source.sysinfo;
|
|
|
f43afa |
if (target.version.empty ())
|
|
|
f43afa |
diff --git a/csclient.h b/csclient.h
|
|
|
f43afa |
index b7eeda4..e4508ea 100644
|
|
|
f43afa |
--- a/csclient.h
|
|
|
f43afa |
+++ b/csclient.h
|
|
|
f43afa |
@@ -1,5 +1,5 @@
|
|
|
f43afa |
// -*- C++ -*-
|
|
|
f43afa |
-// Copyright (C) 2010-2011 Red Hat Inc.
|
|
|
f43afa |
+// Copyright (C) 2010-2014 Red Hat Inc.
|
|
|
f43afa |
//
|
|
|
f43afa |
// This file is part of systemtap, and is free software. You can
|
|
|
f43afa |
// redistribute it and/or modify it under the terms of the GNU General
|
|
|
f43afa |
@@ -35,7 +35,7 @@ private:
|
|
|
f43afa |
);
|
|
|
f43afa |
int add_package_args ();
|
|
|
f43afa |
int add_package_arg (const std::string &arg;;
|
|
|
f43afa |
- int compile_using_server (const std::vector<compile_server_info> &servers);
|
|
|
f43afa |
+ int compile_using_server (std::vector<compile_server_info> &servers);
|
|
|
f43afa |
int add_localization_variables();
|
|
|
f43afa |
|
|
|
f43afa |
int read_from_file (const std::string &fname, int &data);
|
|
|
f43afa |
diff --git a/nsscommon.cxx b/nsscommon.cxx
|
|
|
f43afa |
index 70aac54..78e38b0 100644
|
|
|
f43afa |
--- a/nsscommon.cxx
|
|
|
f43afa |
+++ b/nsscommon.cxx
|
|
|
f43afa |
@@ -1,7 +1,7 @@
|
|
|
f43afa |
/*
|
|
|
f43afa |
Common functions used by the NSS-aware code in systemtap.
|
|
|
f43afa |
|
|
|
f43afa |
- Copyright (C) 2009-2013 Red Hat Inc.
|
|
|
f43afa |
+ Copyright (C) 2009-2014 Red Hat Inc.
|
|
|
f43afa |
|
|
|
f43afa |
This file is part of systemtap, and is free software. You can
|
|
|
f43afa |
redistribute it and/or modify it under the terms of the GNU General Public
|
|
|
f43afa |
@@ -998,12 +998,19 @@ gen_cert_db (const string &db_path, const string &extraDnsNames, bool use_passwo
|
|
|
f43afa |
goto error;
|
|
|
f43afa |
}
|
|
|
f43afa |
|
|
|
f43afa |
- // Now, generate the cert. We need our host name and the supplied additional dns names (if any).
|
|
|
f43afa |
+ // For the cert, we need our host name.
|
|
|
f43afa |
struct utsname utsname;
|
|
|
f43afa |
uname (& utsname);
|
|
|
f43afa |
dnsNames = utsname.nodename;
|
|
|
f43afa |
+
|
|
|
f43afa |
+ // Because avahi identifies hosts using a ".local" domain, add one to the list of names.
|
|
|
f43afa |
+ dnsNames += string(",") + dnsNames + ".local";
|
|
|
f43afa |
+
|
|
|
f43afa |
+ // Add any extra names that were supplied.
|
|
|
f43afa |
if (! extraDnsNames.empty ())
|
|
|
f43afa |
dnsNames += "," + extraDnsNames;
|
|
|
f43afa |
+
|
|
|
f43afa |
+ // Now, generate the cert.
|
|
|
f43afa |
cert = create_cert (cr, dnsNames);
|
|
|
f43afa |
CERT_DestroyCertificateRequest (cr);
|
|
|
f43afa |
if (! cert)
|
|
|
f43afa |
diff --git a/testsuite/lib/systemtap.exp b/testsuite/lib/systemtap.exp
|
|
|
f43afa |
index d4e4d85..64bbed1 100644
|
|
|
f43afa |
--- a/testsuite/lib/systemtap.exp
|
|
|
f43afa |
+++ b/testsuite/lib/systemtap.exp
|
|
|
f43afa |
@@ -244,6 +244,7 @@ proc setup_server { args } {
|
|
|
f43afa |
}
|
|
|
f43afa |
|
|
|
f43afa |
# Make sure that stap can find the server.
|
|
|
f43afa |
+ exec sleep 1
|
|
|
f43afa |
set use_server --use-server
|
|
|
f43afa |
set res [catch { exec stap --list-servers=online,trusted,compatible >& stap-list-servers.out } looksee]
|
|
|
f43afa |
verbose -log "stap --list-servers returned: res==$res"
|
|
|
f43afa |
diff --git a/testsuite/systemtap.server/client.exp b/testsuite/systemtap.server/client.exp
|
|
|
f43afa |
index f0d0728..41a06cc 100644
|
|
|
f43afa |
--- a/testsuite/systemtap.server/client.exp
|
|
|
f43afa |
+++ b/testsuite/systemtap.server/client.exp
|
|
|
f43afa |
@@ -1,3 +1,6 @@
|
|
|
f43afa |
+# In this test, we are using arrays as sets. The key itself does not matter,
|
|
|
f43afa |
+# only the value
|
|
|
f43afa |
+
|
|
|
f43afa |
# many of these tests use as_root
|
|
|
f43afa |
if {! [installtest_p]} { return }
|
|
|
f43afa |
if {! [nss_p]} { return }
|
|
|
f43afa |
@@ -5,37 +8,111 @@ if {! [nss_p]} { return }
|
|
|
f43afa |
# Let's start with a clean slate in terms of trust.
|
|
|
f43afa |
exec rm -fr $env(SYSTEMTAP_DIR)/ssl
|
|
|
f43afa |
|
|
|
f43afa |
-# Compare two arrays. If equal, return 1, otherwise 0.
|
|
|
f43afa |
-# (Borrowed from http://wiki.tcl.tk/1032.)
|
|
|
f43afa |
-proc array_compare {array1 array2} {
|
|
|
f43afa |
- upvar 1 $array1 foo $array2 bar
|
|
|
f43afa |
+# arr given as list (e.g. [array_has [array get myarr] elem])
|
|
|
f43afa |
+proc array_has {arr elem} {
|
|
|
f43afa |
|
|
|
f43afa |
- if {![array exists foo]} {
|
|
|
f43afa |
- return -code error "$array1 is not an array"
|
|
|
f43afa |
- }
|
|
|
f43afa |
- if {![array exists bar]} {
|
|
|
f43afa |
- return -code error "$array2 is not an array"
|
|
|
f43afa |
- }
|
|
|
f43afa |
- if {[array size foo] != [array size bar]} {
|
|
|
f43afa |
- return 0
|
|
|
f43afa |
- }
|
|
|
f43afa |
+ array set foo $arr
|
|
|
f43afa |
if {[array size foo] == 0} {
|
|
|
f43afa |
+ return 0
|
|
|
f43afa |
+ }
|
|
|
f43afa |
+
|
|
|
f43afa |
+ foreach {key val} [array get foo] {
|
|
|
f43afa |
+ if {[string equal $val $elem]} {
|
|
|
f43afa |
+ return 1
|
|
|
f43afa |
+ }
|
|
|
f43afa |
+ }
|
|
|
f43afa |
+
|
|
|
f43afa |
+ return 0
|
|
|
f43afa |
+}
|
|
|
f43afa |
+
|
|
|
f43afa |
+# Check if array1 is a subset of array2. Returns 1 if yes, otherwise 0.
|
|
|
f43afa |
+# (Modified from http://wiki.tcl.tk/1032.)
|
|
|
f43afa |
+proc array_in {array1 array2} {
|
|
|
f43afa |
+ upvar 1 $array1 sub $array2 super
|
|
|
f43afa |
+
|
|
|
f43afa |
+ if {![array exists sub]} {
|
|
|
f43afa |
+ return -code error "$array1 is not an array"
|
|
|
f43afa |
+ }
|
|
|
f43afa |
+ if {![array exists super]} {
|
|
|
f43afa |
+ return -code error "$array2 is not an array"
|
|
|
f43afa |
+ }
|
|
|
f43afa |
+ if {[array size sub] > [array size super]} {
|
|
|
f43afa |
+ return 0
|
|
|
f43afa |
+ }
|
|
|
f43afa |
+ if {[array size sub] == 0} {
|
|
|
f43afa |
return 1
|
|
|
f43afa |
}
|
|
|
f43afa |
|
|
|
f43afa |
- set keys [lsort -unique [concat [array names foo] [array names bar]]]
|
|
|
f43afa |
- if {[llength $keys] != [array size foo]} {
|
|
|
f43afa |
- return 0
|
|
|
f43afa |
- }
|
|
|
f43afa |
-
|
|
|
f43afa |
- foreach key $keys {
|
|
|
f43afa |
- if {$foo($key) ne $bar($key)} {
|
|
|
f43afa |
+ foreach key [array names sub] {
|
|
|
f43afa |
+ if {![array_has [array get super] $sub($key)]} {
|
|
|
f43afa |
return 0
|
|
|
f43afa |
}
|
|
|
f43afa |
}
|
|
|
f43afa |
return 1
|
|
|
f43afa |
}
|
|
|
f43afa |
|
|
|
f43afa |
+# Check if array1 and array2 have all the same elements
|
|
|
f43afa |
+proc array_equal {array1 array2} {
|
|
|
f43afa |
+ upvar 1 $array1 foo $array2 bar
|
|
|
f43afa |
+ return [array_in foo bar] \
|
|
|
f43afa |
+ && [array_in bar foo]
|
|
|
f43afa |
+}
|
|
|
f43afa |
+
|
|
|
f43afa |
+# Returns the union of the three arrays
|
|
|
f43afa |
+proc array_union {array1 array2 array3} {
|
|
|
f43afa |
+ upvar 1 $array1 foo $array2 bar $array3 baz
|
|
|
f43afa |
+ array unset ::union
|
|
|
f43afa |
+
|
|
|
f43afa |
+ if {![array exists foo]} {
|
|
|
f43afa |
+ return -code error "$array1 is not an array"
|
|
|
f43afa |
+ }
|
|
|
f43afa |
+ if {![array exists bar]} {
|
|
|
f43afa |
+ return -code error "$array2 is not an array"
|
|
|
f43afa |
+ }
|
|
|
f43afa |
+ if {![array exists baz]} {
|
|
|
f43afa |
+ return -code error "$array3 is not an array"
|
|
|
f43afa |
+ }
|
|
|
f43afa |
+
|
|
|
f43afa |
+ set n 0
|
|
|
f43afa |
+ foreach key [array names foo] {
|
|
|
f43afa |
+ set ::union($n) $foo($key)
|
|
|
f43afa |
+ incr n
|
|
|
f43afa |
+ }
|
|
|
f43afa |
+ foreach key [array names bar] {
|
|
|
f43afa |
+ if {![array_has [array get ::union] $bar($key)]} {
|
|
|
f43afa |
+ set ::union($n) $bar($key)
|
|
|
f43afa |
+ incr n
|
|
|
f43afa |
+ }
|
|
|
f43afa |
+ }
|
|
|
f43afa |
+ foreach key [array names baz] {
|
|
|
f43afa |
+ if {![array_has [array get ::union] $baz($key)]} {
|
|
|
f43afa |
+ set ::union($n) $baz($key)
|
|
|
f43afa |
+ incr n
|
|
|
f43afa |
+ }
|
|
|
f43afa |
+ }
|
|
|
f43afa |
+}
|
|
|
f43afa |
+
|
|
|
f43afa |
+# Returns all the elements in array_new not in array_old
|
|
|
f43afa |
+proc array_diff {array_new array_old} {
|
|
|
f43afa |
+ upvar 1 $array_new anew $array_old aold
|
|
|
f43afa |
+ array unset ::diff
|
|
|
f43afa |
+
|
|
|
f43afa |
+ if {![array exists anew]} {
|
|
|
f43afa |
+ return -code error "$array_new is not an array"
|
|
|
f43afa |
+ }
|
|
|
f43afa |
+ if {![array exists aold]} {
|
|
|
f43afa |
+ return -code error "$array_old is not an array"
|
|
|
f43afa |
+ }
|
|
|
f43afa |
+
|
|
|
f43afa |
+ set n 0
|
|
|
f43afa |
+ foreach key [array names anew] {
|
|
|
f43afa |
+ if {![array_has [array get aold] $anew($key)]} {
|
|
|
f43afa |
+ set ::diff($n) $anew($key)
|
|
|
f43afa |
+ incr n
|
|
|
f43afa |
+ }
|
|
|
f43afa |
+ }
|
|
|
f43afa |
+}
|
|
|
f43afa |
+
|
|
|
f43afa |
# Test the --list-servers option and return an array of the servers found.
|
|
|
f43afa |
proc list_servers { TEST_NAME SERVER_SPEC args } {
|
|
|
f43afa |
set failed 0
|
|
|
f43afa |
@@ -82,7 +159,6 @@ proc list_servers { TEST_NAME SERVER_SPEC args } {
|
|
|
f43afa |
# Sometimes, we'll see a server running from the last test, if it
|
|
|
f43afa |
# hasn't quite died yet. So, make sure we get the same result twice.
|
|
|
f43afa |
list_servers "List existing online servers" online
|
|
|
f43afa |
-array unset eos1
|
|
|
f43afa |
array set existing_online_servers [array get servers]
|
|
|
f43afa |
set i 0
|
|
|
f43afa |
while {1} {
|
|
|
f43afa |
@@ -94,9 +170,9 @@ while {1} {
|
|
|
f43afa |
fail "List existing online servers: never got stable"
|
|
|
f43afa |
return
|
|
|
f43afa |
}
|
|
|
f43afa |
-
|
|
|
f43afa |
+
|
|
|
f43afa |
verbose -log "verify existing online servers - attempt $i: [array size existing_online_servers] [array size eos2]"
|
|
|
f43afa |
- if {[array_compare existing_online_servers eos2]} {
|
|
|
f43afa |
+ if {[array_equal existing_online_servers eos2]} {
|
|
|
f43afa |
# Arrays are equal, we're done
|
|
|
f43afa |
break
|
|
|
f43afa |
}
|
|
|
f43afa |
@@ -120,37 +196,23 @@ list_servers "List all existing servers" all
|
|
|
f43afa |
array unset all_existing_servers
|
|
|
f43afa |
array set all_existing_servers [array get servers]
|
|
|
f43afa |
|
|
|
f43afa |
-set test "Verify existing online server list"
|
|
|
f43afa |
-if {[array_compare existing_online_servers all_existing_servers]} {
|
|
|
f43afa |
- pass "$test"
|
|
|
f43afa |
-} else {
|
|
|
f43afa |
- fail "$test"
|
|
|
f43afa |
-}
|
|
|
f43afa |
+# First we create a union
|
|
|
f43afa |
+array_union existing_online_servers \
|
|
|
f43afa |
+ existing_trusted_servers \
|
|
|
f43afa |
+ existing_signing_servers
|
|
|
f43afa |
+array set existing_unioned_servers [array get union]
|
|
|
f43afa |
|
|
|
f43afa |
-set test "Verify existing trusted server list"
|
|
|
f43afa |
-if {[array_compare existing_trusted_servers all_existing_servers]} {
|
|
|
f43afa |
- pass "$test"
|
|
|
f43afa |
-} else {
|
|
|
f43afa |
- fail "$test"
|
|
|
f43afa |
-}
|
|
|
f43afa |
-
|
|
|
f43afa |
-set test "Verify existing signing server list"
|
|
|
f43afa |
-if {[array_compare existing_signing_servers all_existing_servers]} {
|
|
|
f43afa |
- pass "$test"
|
|
|
f43afa |
-} else {
|
|
|
f43afa |
- fail "$test"
|
|
|
f43afa |
-}
|
|
|
f43afa |
-
|
|
|
f43afa |
-set test "Verify all existing server list"
|
|
|
f43afa |
-if {[array_compare existing_online_servers all_existing_servers]} {
|
|
|
f43afa |
+# Now we can compare
|
|
|
f43afa |
+set test "Verify existing server list"
|
|
|
f43afa |
+if {[array_equal existing_unioned_servers all_existing_servers]} {
|
|
|
f43afa |
pass "$test"
|
|
|
f43afa |
} else {
|
|
|
f43afa |
fail "$test"
|
|
|
f43afa |
}
|
|
|
f43afa |
|
|
|
f43afa |
list_servers "List existing online servers (before start)" online
|
|
|
f43afa |
-array unset existing_online_servers1
|
|
|
f43afa |
-array set existing_online_servers1 [array get servers]
|
|
|
f43afa |
+array unset existing_online_servers
|
|
|
f43afa |
+array set existing_online_servers [array get servers]
|
|
|
f43afa |
|
|
|
f43afa |
# Now start our own server and make sure we can work with it.
|
|
|
f43afa |
if {! [setup_server] || $avahi_ok_p != 1} {
|
|
|
f43afa |
@@ -159,31 +221,22 @@ if {! [setup_server] || $avahi_ok_p != 1} {
|
|
|
f43afa |
}
|
|
|
f43afa |
|
|
|
f43afa |
# Our server should now appear online, separate from the previously discovered
|
|
|
f43afa |
-# online servers. Note that our server could generate serveral listings
|
|
|
f43afa |
-# because it could appear at more than one ip address,
|
|
|
f43afa |
+# online servers. Note that our server could generate serveral listings because
|
|
|
f43afa |
+# it could appear at more than one ip address,
|
|
|
f43afa |
list_servers "List current online servers" online
|
|
|
f43afa |
array unset current_online_servers
|
|
|
f43afa |
array set current_online_servers [array get servers]
|
|
|
f43afa |
|
|
|
f43afa |
+# array_diff will give us all the servers in current not in existing
|
|
|
f43afa |
+array_diff current_online_servers existing_online_servers
|
|
|
f43afa |
+array unset new_online_servers
|
|
|
f43afa |
+array set new_online_servers [array get diff]
|
|
|
f43afa |
+
|
|
|
f43afa |
set test "New online servers"
|
|
|
f43afa |
-set n 0
|
|
|
f43afa |
-foreach idx1 [array names current_online_servers] {
|
|
|
f43afa |
- set found 0
|
|
|
f43afa |
- foreach idx2 [array names existing_online_servers] {
|
|
|
f43afa |
- if {"$existing_online_servers($idx2)" == "$current_online_servers($idx1)"} {
|
|
|
f43afa |
- set found 1
|
|
|
f43afa |
- break
|
|
|
f43afa |
- }
|
|
|
f43afa |
- }
|
|
|
f43afa |
- if {$found == 0} {
|
|
|
f43afa |
- set new_online_servers($n) "$current_online_servers($idx1)"
|
|
|
f43afa |
- incr n
|
|
|
f43afa |
- }
|
|
|
f43afa |
-}
|
|
|
f43afa |
-if {$n == 0} {
|
|
|
f43afa |
- fail "$test"
|
|
|
f43afa |
-} else {
|
|
|
f43afa |
+if {[array size new_online_servers] > 0} {
|
|
|
f43afa |
pass "$test"
|
|
|
f43afa |
+} else {
|
|
|
f43afa |
+ fail "$test"
|
|
|
f43afa |
}
|
|
|
f43afa |
|
|
|
f43afa |
# Our server should now be trusted, separate from the previously discovered
|
|
|
f43afa |
@@ -192,48 +245,27 @@ list_servers "List current trusted servers" online,trusted
|
|
|
f43afa |
array unset current_trusted_servers
|
|
|
f43afa |
array set current_trusted_servers [array get servers]
|
|
|
f43afa |
|
|
|
f43afa |
+# array_diff will give us all the servers in current not in existing
|
|
|
f43afa |
+array_diff current_trusted_servers existing_trusted_servers
|
|
|
f43afa |
+array unset new_trusted_servers
|
|
|
f43afa |
+array set new_trusted_servers [array get diff]
|
|
|
f43afa |
+
|
|
|
f43afa |
set test "New trusted servers"
|
|
|
f43afa |
-set n 0
|
|
|
f43afa |
-foreach idx1 [array names current_trusted_servers] {
|
|
|
f43afa |
- set found 0
|
|
|
f43afa |
- foreach idx2 [array names existing_trusted_servers] {
|
|
|
f43afa |
- if {"$existing_trusted_servers($idx2)" == "$current_trusted_servers($idx1)"} {
|
|
|
f43afa |
- set found 1
|
|
|
f43afa |
- break
|
|
|
f43afa |
- }
|
|
|
f43afa |
- }
|
|
|
f43afa |
- if {$found == 0} {
|
|
|
f43afa |
- set new_trusted_servers($n) "$current_trusted_servers($idx1)"
|
|
|
f43afa |
- incr n
|
|
|
f43afa |
- }
|
|
|
f43afa |
-}
|
|
|
f43afa |
-if {$n == 0} {
|
|
|
f43afa |
- fail "$test"
|
|
|
f43afa |
-} else {
|
|
|
f43afa |
+if {[array size new_trusted_servers] > 0} {
|
|
|
f43afa |
pass "$test"
|
|
|
f43afa |
+} else {
|
|
|
f43afa |
+ fail "$test"
|
|
|
f43afa |
}
|
|
|
f43afa |
|
|
|
f43afa |
# The new servers should automatically be trusted, so the new_trusted_servers
|
|
|
f43afa |
-# array should be a subset of the new_online_servers
|
|
|
f43afa |
-# array, but not necessarilty vice-versa, since new servers may have come
|
|
|
f43afa |
-# online independently of our testing.
|
|
|
f43afa |
+# array should be a subset of the new_online_servers array, but not necessarily
|
|
|
f43afa |
+# vice-versa, since new servers may have come online independently of our
|
|
|
f43afa |
+# testing.
|
|
|
f43afa |
set test "Verify new trusted server list"
|
|
|
f43afa |
-set failed 0
|
|
|
f43afa |
-foreach idx1 [array names new_trusted_servers] {
|
|
|
f43afa |
- set found 0
|
|
|
f43afa |
- foreach idx2 [array names new_online_servers] {
|
|
|
f43afa |
- if {"$new_trusted_servers($idx1)" == "$new_online_servers($idx2)"} {
|
|
|
f43afa |
- set found 1
|
|
|
f43afa |
- break
|
|
|
f43afa |
- }
|
|
|
f43afa |
- }
|
|
|
f43afa |
- if {$found == 0} {
|
|
|
f43afa |
- set failed 1
|
|
|
f43afa |
- fail "$test $idx1"
|
|
|
f43afa |
- }
|
|
|
f43afa |
-}
|
|
|
f43afa |
-if {$failed == 0} {
|
|
|
f43afa |
+if {[array_in new_trusted_servers new_online_servers]} {
|
|
|
f43afa |
pass "$test"
|
|
|
f43afa |
+} else {
|
|
|
f43afa |
+ fail "$test"
|
|
|
f43afa |
}
|
|
|
f43afa |
|
|
|
f43afa |
# The newly trusted servers represent the server we just started.
|
|
|
f43afa |
@@ -247,7 +279,7 @@ array unset current_signing_servers
|
|
|
f43afa |
array set current_signing_servers [array get servers]
|
|
|
f43afa |
|
|
|
f43afa |
set test "No new signing servers"
|
|
|
f43afa |
-if {[array_compare current_signing_servers existing_signing_servers]} {
|
|
|
f43afa |
+if {[array_equal current_signing_servers existing_signing_servers]} {
|
|
|
f43afa |
pass "$test"
|
|
|
f43afa |
} else {
|
|
|
f43afa |
fail "$test"
|
|
|
f43afa |
@@ -287,7 +319,7 @@ array unset current_trusted_servers
|
|
|
f43afa |
array set current_trusted_servers [array get servers]
|
|
|
f43afa |
|
|
|
f43afa |
set test "No longer trusted after revokation by host name"
|
|
|
f43afa |
-if {[array_compare current_trusted_servers existing_trusted_servers]} {
|
|
|
f43afa |
+if {[array_equal current_trusted_servers existing_trusted_servers]} {
|
|
|
f43afa |
pass "$test"
|
|
|
f43afa |
} else {
|
|
|
f43afa |
fail "$test"
|
|
|
f43afa |
@@ -320,54 +352,24 @@ list_servers "List current trusted servers after reinstatement by ip address" on
|
|
|
f43afa |
array unset current_trusted_servers
|
|
|
f43afa |
array set current_trusted_servers [array get servers]
|
|
|
f43afa |
|
|
|
f43afa |
+array_diff current_trusted_servers existing_trusted_servers
|
|
|
f43afa |
+array unset new_trusted_servers
|
|
|
f43afa |
+array set new_trusted_servers [array get diff]
|
|
|
f43afa |
+
|
|
|
f43afa |
set test "New trusted servers after reinstatement by ip address"
|
|
|
f43afa |
-array unset new_trusted_servers
|
|
|
f43afa |
-set n 0
|
|
|
f43afa |
-foreach idx1 [array names current_trusted_servers] {
|
|
|
f43afa |
- set found 0
|
|
|
f43afa |
- foreach idx2 [array names existing_trusted_servers] {
|
|
|
f43afa |
- if {"$existing_trusted_servers($idx2)" == "$current_trusted_servers($idx1)"} {
|
|
|
f43afa |
- set found 1
|
|
|
f43afa |
- break
|
|
|
f43afa |
- }
|
|
|
f43afa |
- }
|
|
|
f43afa |
- if {$found == 0} {
|
|
|
f43afa |
- set new_trusted_servers($n) "$current_trusted_servers($idx1)"
|
|
|
f43afa |
- incr n
|
|
|
f43afa |
- }
|
|
|
f43afa |
-}
|
|
|
f43afa |
-if {$n == 0} {
|
|
|
f43afa |
- fail "$test"
|
|
|
f43afa |
-} else {
|
|
|
f43afa |
+if {[array size new_trusted_servers] > 0} {
|
|
|
f43afa |
pass "$test"
|
|
|
f43afa |
+} else {
|
|
|
f43afa |
+ fail "$test"
|
|
|
f43afa |
}
|
|
|
f43afa |
|
|
|
f43afa |
# The new_trusted_servers array should now match the our_servers array, since
|
|
|
f43afa |
# the our_servers array is a copy of the original new_trusted_servers array.
|
|
|
f43afa |
-set test "Number of new trusted servers matches after reinstatement by ip address"
|
|
|
f43afa |
-if {[array size new_trusted_servers] == [array size our_servers]} {
|
|
|
f43afa |
- pass "$test"
|
|
|
f43afa |
-} else {
|
|
|
f43afa |
- fail "$test"
|
|
|
f43afa |
-}
|
|
|
f43afa |
set test "New trusted servers matches after reinstatement by ip address"
|
|
|
f43afa |
-set n 0
|
|
|
f43afa |
-foreach idx1 [array names new_trusted_servers] {
|
|
|
f43afa |
- set found 0
|
|
|
f43afa |
- foreach idx2 [array names our_servers] {
|
|
|
f43afa |
- if {"$our_servers($idx2)" == "$new_trusted_servers($idx1)"} {
|
|
|
f43afa |
- set found 1
|
|
|
f43afa |
- break
|
|
|
f43afa |
- }
|
|
|
f43afa |
- }
|
|
|
f43afa |
- if {$found == 1} {
|
|
|
f43afa |
- incr n
|
|
|
f43afa |
- }
|
|
|
f43afa |
-}
|
|
|
f43afa |
-if {$n != [array size new_trusted_servers]} {
|
|
|
f43afa |
- fail "$test"
|
|
|
f43afa |
-} else {
|
|
|
f43afa |
+if {[array_equal new_trusted_servers our_servers]} {
|
|
|
f43afa |
pass "$test"
|
|
|
f43afa |
+} else {
|
|
|
f43afa |
+ fail "$test"
|
|
|
f43afa |
}
|
|
|
f43afa |
|
|
|
f43afa |
# Trust our server as a module signer. This must be done as root. Specify
|
|
|
f43afa |
@@ -394,28 +396,18 @@ list_servers "List current online signing servers" online,signer
|
|
|
f43afa |
array unset current_signing_servers
|
|
|
f43afa |
array set current_signing_servers [array get servers]
|
|
|
f43afa |
|
|
|
f43afa |
+array_diff current_signing_servers existing_signing_servers
|
|
|
f43afa |
+array unset new_signing_servers
|
|
|
f43afa |
+array set new_signing_servers [array get diff]
|
|
|
f43afa |
+
|
|
|
f43afa |
set test "New signing servers"
|
|
|
f43afa |
-set n 0
|
|
|
f43afa |
-foreach idx1 [array names current_signing_servers] {
|
|
|
f43afa |
- set found 0
|
|
|
f43afa |
- foreach idx2 [array names existing_signing_servers] {
|
|
|
f43afa |
- if {"$existing_signing_servers($idx2)" == "$current_signing_servers($idx1)"} {
|
|
|
f43afa |
- set found 1
|
|
|
f43afa |
- break
|
|
|
f43afa |
- }
|
|
|
f43afa |
- }
|
|
|
f43afa |
- if {$found == 0} {
|
|
|
f43afa |
- set new_signing_servers($n) "$current_signing_servers($idx1)"
|
|
|
f43afa |
- incr n
|
|
|
f43afa |
- }
|
|
|
f43afa |
-}
|
|
|
f43afa |
if {$effective_pid == 0} {
|
|
|
f43afa |
setup_xfail *-*-*
|
|
|
f43afa |
}
|
|
|
f43afa |
-if {$n == 0} {
|
|
|
f43afa |
- fail "$test"
|
|
|
f43afa |
-} else {
|
|
|
f43afa |
+if {[array size new_signing_servers] > 0} {
|
|
|
f43afa |
pass "$test"
|
|
|
f43afa |
+} else {
|
|
|
f43afa |
+ fail "$test"
|
|
|
f43afa |
}
|
|
|
f43afa |
|
|
|
f43afa |
# The new_signing_servers array should now match the our_servers array, since
|
|
|
f43afa |
@@ -428,26 +420,13 @@ if {$effective_pid == 0} {
|
|
|
f43afa |
if {[array size new_signing_servers] == [array size our_servers]} {
|
|
|
f43afa |
pass "$test"
|
|
|
f43afa |
set test "New signing servers matches"
|
|
|
f43afa |
- set n 0
|
|
|
f43afa |
- foreach idx1 [array names new_signing_servers] {
|
|
|
f43afa |
- set found 0
|
|
|
f43afa |
- foreach idx2 [array names our_servers] {
|
|
|
f43afa |
- if {"$our_servers($idx2)" == "$new_signing_servers($idx1)"} {
|
|
|
f43afa |
- set found 1
|
|
|
f43afa |
- break
|
|
|
f43afa |
- }
|
|
|
f43afa |
- }
|
|
|
f43afa |
- if {$found == 1} {
|
|
|
f43afa |
- incr n
|
|
|
f43afa |
- }
|
|
|
f43afa |
- }
|
|
|
f43afa |
if {$effective_pid == 0} {
|
|
|
f43afa |
setup_xfail *-*-*
|
|
|
f43afa |
}
|
|
|
f43afa |
- if {$n != [array size new_signing_servers]} {
|
|
|
f43afa |
- fail "$test"
|
|
|
f43afa |
- } else {
|
|
|
f43afa |
+ if {[array_equal new_signing_servers our_servers]} {
|
|
|
f43afa |
pass "$test"
|
|
|
f43afa |
+ } else {
|
|
|
f43afa |
+ fail "$test"
|
|
|
f43afa |
}
|
|
|
f43afa |
} else {
|
|
|
f43afa |
fail "$test"
|
|
|
f43afa |
@@ -594,7 +573,7 @@ array unset current_signing_servers
|
|
|
f43afa |
array set current_signing_servers [array get servers]
|
|
|
f43afa |
|
|
|
f43afa |
set test "No longer trusted as a signer after revokation"
|
|
|
f43afa |
-if {[array_compare current_signing_servers existing_signing_servers]} {
|
|
|
f43afa |
+if {[array_in current_signing_servers existing_signing_servers]} {
|
|
|
f43afa |
pass "$test"
|
|
|
f43afa |
} else {
|
|
|
f43afa |
fail "$test"
|
|
|
f43afa |
diff --git a/testsuite/systemtap.server/server_args.exp b/testsuite/systemtap.server/server_args.exp
|
|
|
f43afa |
index 2f5deed..91536a5 100644
|
|
|
f43afa |
--- a/testsuite/systemtap.server/server_args.exp
|
|
|
f43afa |
+++ b/testsuite/systemtap.server/server_args.exp
|
|
|
f43afa |
@@ -66,20 +66,23 @@ proc stap_direct_and_with_client {stap options} {
|
|
|
f43afa |
verbose -log $res_stap_client
|
|
|
f43afa |
|
|
|
f43afa |
# Now check the output
|
|
|
f43afa |
- set skip 0
|
|
|
f43afa |
+ set skip_hostname_mode 0
|
|
|
f43afa |
set n 0
|
|
|
f43afa |
set expected [split $res_stap "\n"]
|
|
|
f43afa |
set received [split $res_stap_client "\n"]
|
|
|
f43afa |
foreach line $received {
|
|
|
f43afa |
- # Instructed to skip a line?
|
|
|
f43afa |
- if {$skip} {
|
|
|
f43afa |
- set skip [expr $skip - 1]
|
|
|
f43afa |
- verbose -log "skipping: $line"
|
|
|
f43afa |
- continue
|
|
|
f43afa |
+ # Instructed to skip hostnames?
|
|
|
f43afa |
+ if {$skip_hostname_mode} {
|
|
|
f43afa |
+ if {[regexp {^ \S+$} $line]} {
|
|
|
f43afa |
+ verbose -log "skipping: $line"
|
|
|
f43afa |
+ continue
|
|
|
f43afa |
+ } else {
|
|
|
f43afa |
+ set skip_hostname_mode 0
|
|
|
f43afa |
+ }
|
|
|
f43afa |
}
|
|
|
f43afa |
# Ignore warnings about the domain name on the certificate not matching
|
|
|
f43afa |
if {[regexp {^WARNING: The domain name, [^,]*, does not match the DNS name\(s\) on the server certificate:} $line]} {
|
|
|
f43afa |
- set skip 1
|
|
|
f43afa |
+ set skip_hostname_mode 1
|
|
|
f43afa |
verbose -log "skipping: $line"
|
|
|
f43afa |
continue
|
|
|
f43afa |
}
|
|
|
f43afa |
diff --git a/testsuite/systemtap.server/server_concurrency.exp b/testsuite/systemtap.server/server_concurrency.exp
|
|
|
f43afa |
index dbacb51..a31415b 100644
|
|
|
f43afa |
--- a/testsuite/systemtap.server/server_concurrency.exp
|
|
|
f43afa |
+++ b/testsuite/systemtap.server/server_concurrency.exp
|
|
|
f43afa |
@@ -26,7 +26,7 @@ if {! [setup_server --max-threads 6]} {
|
|
|
f43afa |
set server_port 0
|
|
|
f43afa |
set f [open $logfile]
|
|
|
f43afa |
set matched 0
|
|
|
f43afa |
-verbose -log "Server ouput: "
|
|
|
f43afa |
+verbose -log "Server output: "
|
|
|
f43afa |
while {1} {
|
|
|
f43afa |
set line [gets $f]
|
|
|
f43afa |
if {[eof $f]} {
|
|
|
f43afa |
@@ -34,7 +34,7 @@ while {1} {
|
|
|
f43afa |
break
|
|
|
f43afa |
}
|
|
|
f43afa |
verbose -log "$line"
|
|
|
f43afa |
- if { [regexp {^.*Using network port (\d*)$} $line matched server_port ] } {
|
|
|
f43afa |
+ if { [regexp {^.*Using network address .+:(\d+)$} $line matched server_port ] } {
|
|
|
f43afa |
close $f
|
|
|
f43afa |
break
|
|
|
f43afa |
}
|
|
|
f43afa |
--
|
|
|
f43afa |
1.8.3.1
|
|
|
f43afa |
|