void
UserProc::store_core()
{
int core_size;
char *virtual_working_dir = NULL;
MyString new_name;
int free_disk;
priv_state priv;
if( !core_created ) {
dprintf( D_FAILURE|D_ALWAYS, "No core file to send - probably ran out of disk\n");
return;
}
if ( core_name == NULL ) {
EXCEPT( "UserProc::store_core() asked to store unnamed core file that we knew existed!" );
}
priv = set_root_priv();
core_size = physical_file_size( core_name );
set_priv(priv);
if( coredump_limit_exists ) {
if( core_size > coredump_limit ) {
dprintf( D_ALWAYS, "Core file size exceeds user defined limit\n" );
dprintf( D_ALWAYS, "*NOT* sending core file.\n" );
return;
}
}
if( REMOTE_CONDOR_getwd_special(virtual_working_dir) < 0 ) {
EXCEPT( "REMOTE_CONDOR_getwd_special(virtual_working_dir = %s)",
(virtual_working_dir != NULL)?virtual_working_dir:"(null)");
}
free_disk = REMOTE_CONDOR_free_fs_blocks( virtual_working_dir);
if( free_disk < 0 ) {
EXCEPT( "REMOTE_CONDOR_free_fs_blocks(virtual_working_dir = %s)",
(virtual_working_dir != NULL)?virtual_working_dir:"(null)");
}
dprintf( D_ALWAYS, "Core file size is %d kbytes\n", core_size );
dprintf( D_ALWAYS, "Free disk on submitting machine is %d kbytes\n",
free_disk );
if( free_disk > core_size ) {
new_name.formatstr( "%s/core.%d.%d", virtual_working_dir, cluster, proc);
dprintf( D_ALWAYS, "Transferring core file to \"%s\"\n", new_name.Value() );
priv = set_root_priv();
send_a_file( core_name, new_name.Value(), REGULAR_FILE_MODE );
set_priv(priv);
core_transferred = TRUE;
} else {
dprintf( D_ALWAYS, "*NOT* Transferring core file\n" );
core_transferred = FALSE;
}
free( virtual_working_dir );
}
// Return 0 for everything OK, signed and returned, -1 for error.
static int sign_client_cert(struct asfd *asfd,
const char *client, struct conf *conf)
{
int a=0;
int ret=-1;
char msg[256]="";
char csrpath[512]="";
char crtpath[512]="";
struct stat statp;
const char *args[15];
csr_done=0;
snprintf(csrpath, sizeof(csrpath), "%s/%s.csr", gca_dir, client);
snprintf(crtpath, sizeof(crtpath), "%s/%s.crt", gca_dir, client);
if(!strcmp(client, conf->ca_name))
{
char msg[512]="";
snprintf(msg, sizeof(msg), "Will not accept a client certificate request with the same name as the CA (%s)!", conf->ca_name);
log_and_send(asfd, msg);
// Do not goto end, as it will delete things;
return -1;
}
if(!lstat(crtpath, &statp))
{
char msg[512]="";
snprintf(msg, sizeof(msg), "Will not accept a client certificate request for '%s' - %s already exists!", client, crtpath);
log_and_send(asfd, msg);
// Do not goto end, as it will delete things;
return -1;
}
if(!lstat(csrpath, &statp))
{
char msg[512]="";
snprintf(msg, sizeof(msg), "Will not accept a client certificate request for '%s' - %s already exists!", client, csrpath);
log_and_send(asfd, msg);
// Do not goto end, as it will delete things;
return -1;
}
// Tell the client that we will do it, and send the server name at the
// same time.
snprintf(msg, sizeof(msg), "csr ok:%s", conf->ca_server_name);
if(asfd->write_str(asfd, CMD_GEN, msg))
{
// Do not goto end, as it will delete things;
return -1;
}
/* After this point, we might have uploaded files, so on error, go
to end and delete any new files. */
// Get the CSR from the client.
if(receive_a_file(asfd, csrpath, conf)) goto end;
// Now, sign it.
logp("Signing certificate signing request from %s\n", client);
logp("Running '%s --name %s --ca %s --sign --batch --dir %s --config %s'\n", conf->ca_burp_ca, client, conf->ca_name, gca_dir, conf->ca_conf);
a=0;
args[a++]=conf->ca_burp_ca;
args[a++]="--name";
args[a++]=client;
args[a++]="--ca";
args[a++]=conf->ca_name;
args[a++]="--sign";
args[a++]="--batch";
args[a++]="--dir";
args[a++]=gca_dir;
args[a++]="--config";
args[a++]=conf->ca_conf;
args[a++]=NULL;
if(run_script(asfd, args, NULL, conf, 1 /* wait */,
0, 0 /* do not use logp - stupid openssl prints lots of dots
one at a time with no way to turn it off */))
{
logp("Error running %s\n", conf->ca_burp_ca);
goto end;
}
// Now, we should have a signed certificate.
// Need to send it back to the client.
if(send_a_file(asfd, crtpath, conf))
goto end;
// Also need to send the CA public certificate back to the client.
if(send_a_file(asfd, conf->ssl_cert_ca, conf))
goto end;
ret=0;
csr_done++;
end:
if(ret<0)
{
unlink(crtpath);
unlink(csrpath);
}
return ret;
}
// Return -1 on error or success, 0 to continue normally.
int autoupgrade_server(long ser_ver, long cli_ver, const char *os, struct config *conf, struct cntr *p1cntr)
{
int ret=-1;
char *path=NULL;
char *base_path=NULL;
char *script_path=NULL;
char *package_path=NULL;
char *script_path_top=NULL;
char *script_path_specific=NULL;
struct stat stats;
struct stat statp;
if(!conf->autoupgrade_dir)
{
// Autoupgrades not turned on on the server.
ret=0;
async_write_str(CMD_GEN, "do not autoupgrade");
goto end;
}
if(cli_ver>=ser_ver)
{
// No need to upgrade - client is same version as server,
// or newer.
ret=0;
async_write_str(CMD_GEN, "do not autoupgrade");
goto end;
}
if(!(base_path=prepend_s(conf->autoupgrade_dir, os, strlen(os)))
|| !(path=prepend_s(base_path, VERSION, strlen(VERSION)))
|| !(script_path_top=prepend_s(base_path, "script", strlen("script")))
|| !(script_path_specific=prepend_s(path, "script", strlen("script")))
|| !(package_path=prepend_s(path, "package", strlen("package"))))
{
async_write_str(CMD_GEN, "do not autoupgrade");
goto end;
}
if(!stat(script_path_specific, &stats))
script_path=script_path_specific;
else if(!stat(script_path_top, &stats))
script_path=script_path_top;
else
{
logp("Want to autoupgrade client, but no file at:\n");
logp("%s\n", script_path_top);
logp("or:\n");
logp("%s\n", script_path_specific);
ret=0; // this is probably OK
async_write_str(CMD_GEN, "do not autoupgrade");
goto end;
}
if(stat(package_path, &statp))
{
logp("Want to autoupgrade client, but no file available at:\n");
logp("%s\n", package_path);
ret=0; // this is probably OK
async_write_str(CMD_GEN, "do not autoupgrade");
goto end;
}
if(!S_ISREG(stats.st_mode))
{
logp("%s is not a regular file\n", script_path);
async_write_str(CMD_GEN, "do not autoupgrade");
goto end;
}
if(!S_ISREG(statp.st_mode))
{
logp("%s is not a regular file\n", package_path);
async_write_str(CMD_GEN, "do not autoupgrade");
goto end;
}
if(async_write_str(CMD_GEN, "autoupgrade ok"))
goto end;
if(send_a_file(script_path, p1cntr))
{
logp("Problem sending %s\n", script_path);
goto end;
}
if(send_a_file(package_path, p1cntr))
{
logp("Problem sending %s\n", package_path);
goto end;
}
ret=0;
/* Clients currently exit after forking, so exit ourselves. */
logp("Expecting client to upgrade - now exiting\n");
async_free();
exit(0);
end:
if(path) free(path);
if(base_path) free(base_path);
if(script_path_specific) free(script_path_specific);
if(script_path_top) free(script_path_top);
if(package_path) free(package_path);
return ret;
}
/* Return 1 for everything OK, signed and returned, -1 for error, 0 for
nothing done. */
int ca_client_setup(struct config *conf, struct cntr *p1cntr)
{
char cmd;
int ret=-1;
size_t len=0;
char *buf=NULL;
char csr_path[256]="";
char ssl_cert_tmp[512]="";
char ssl_cert_ca_tmp[512]="";
struct stat statp;
// Do not continue if we have none of the following things set.
if( !conf->ca_burp_ca
|| !conf->ca_csr_dir
|| !conf->ssl_cert_ca
|| !conf->ssl_cert
|| !conf->ssl_key
// Do not try to get a new certificate if we already have a
// key.
|| !lstat(conf->ssl_key, &statp))
{
if(async_write_str(CMD_GEN, "nocsr")
|| async_read_expect(CMD_GEN, "nocsr ok"))
{
logp("problem reading from server nocsr\n");
return -1;
}
logp("nocsr ok\n");
return 0;
}
// Tell the server we want to do a signing request.
if(async_write_str(CMD_GEN, "csr"))
return -1;
if(async_rw_ensure_read(&cmd, &buf, &len, '\0', NULL, 0))
{
logp("problem reading from server csr\n");
goto end;
}
if(cmd!=CMD_GEN || strncmp(buf, "csr ok:", strlen("csr ok:")))
{
logp("unexpected command from server: %c:%s\n", cmd, buf);
goto end;
}
// The server appends its name after 'csr ok:'
if(conf->ssl_peer_cn) free(conf->ssl_peer_cn);
if(!(conf->ssl_peer_cn=strdup(buf+strlen("csr ok:"))))
{
logp("out of memory\n");
goto end;
}
logp("Server will sign a certificate request\n");
// First need to generate a client key and a certificate signing
// request.
snprintf(csr_path, sizeof(csr_path), "%s/%s.csr",
conf->ca_csr_dir, conf->cname);
if(generate_key_and_csr(conf, csr_path)) goto end;
// Then copy the csr to the server.
if(send_a_file(csr_path, p1cntr)) goto end;
snprintf(ssl_cert_tmp, sizeof(ssl_cert_tmp), "%s.%d",
conf->ssl_cert, getpid());
snprintf(ssl_cert_ca_tmp, sizeof(ssl_cert_ca_tmp), "%s.%d",
conf->ssl_cert_ca, getpid());
// The server will then sign it, and give it back.
if(receive_a_file(ssl_cert_tmp, p1cntr)) goto end;
// The server will also send the CA certificate.
if(receive_a_file(ssl_cert_ca_tmp, p1cntr)) goto end;
if(do_rename(ssl_cert_tmp, conf->ssl_cert)
|| do_rename(ssl_cert_ca_tmp, conf->ssl_cert_ca))
goto end;
// Need to rewrite our configuration file to contain the server
// name (ssl_peer_cn)
if(rewrite_client_conf(conf)) goto end;
// My goodness, everything seems to have gone OK. Stand back!
ret=1;
end:
if(buf) free(buf);
if(ret<0)
{
// On error, remove any possibly newly created files, so that
// this function might run again on another go.
unlink(csr_path);
unlink(conf->ssl_key);
unlink(conf->ssl_cert);
unlink(conf->ssl_cert_ca);
unlink(ssl_cert_tmp);
unlink(ssl_cert_ca_tmp);
}
return ret;
}
/* This function reads the manifest to determine whether it may be more
efficient to just copy the data files across and unpack them on the other
side. If it thinks it is, it will then do it.
Return -1 on error, 1 if it copied the data across, 0 if it did not. */
static int maybe_copy_data_files_across(struct asfd *asfd,
const char *manifest,
const char *datadir, int srestore, regex_t *regex, struct conf *conf,
struct slist *slist,
enum action act, enum cstat_status status)
{
int ars;
int ret=-1;
struct sbuf *sb=NULL;
struct blk *blk=NULL;
struct manio *manio=NULL;
uint64_t blkcount=0;
uint64_t datcount=0;
struct hash_weak *tmpw;
struct hash_weak *hash_weak;
uint64_t estimate_blks;
uint64_t estimate_dats;
uint64_t estimate_one_dat;
int need_data=0;
int last_ent_was_dir=0;
char sig[128]="";
// If the client has no restore_spool directory, we have to fall back
// to the stream style restore.
if(!conf->restore_spool) return 0;
if(!(manio=manio_alloc())
|| manio_init_read(manio, manifest)
|| !(sb=sbuf_alloc(conf))
|| !(blk=blk_alloc()))
goto end;
while(1)
{
if((ars=manio_sbuf_fill(manio, asfd, sb, blk, NULL, conf))<0)
{
logp("Error from manio_sbuf_fill() in %s\n",
__func__);
goto end; // Error;
}
else if(ars>0)
break; // Finished OK.
if(!blk->got_save_path)
{
sbuf_free_content(sb);
continue;
}
if((!srestore || check_srestore(conf, sb->path.buf))
&& check_regex(regex, sb->path.buf))
{
blkcount++;
if(!hash_weak_find((uint64_t)blk->savepath))
{
if(!hash_weak_add((uint64_t)blk->savepath))
goto end;
datcount++;
}
}
sbuf_free_content(sb);
}
estimate_blks=blkcount*RABIN_AVG;
estimate_one_dat=DATA_FILE_SIG_MAX*RABIN_AVG;
estimate_dats=datcount*estimate_one_dat;
printf("%lu blocks = %lu bytes in stream approx\n",
blkcount, estimate_blks);
printf("%lu data files = %lu bytes approx\n",
datcount, estimate_dats);
if(estimate_blks < estimate_one_dat)
{
printf("Stream is less than the size of a data file.\n");
printf("Use restore stream\n");
return 0;
}
else if(estimate_dats >= 90*(estimate_blks/100))
{
printf("Stream is more than 90%% size of data files.\n");
printf("Use restore stream\n");
return 0;
}
else
{
printf("Data files are less than 90%% size of stream.\n");
printf("Use data files\n");
}
printf("Client is using restore_spool: %s\n", conf->restore_spool);
if(asfd->write_str(asfd, CMD_GEN, "restore_spool")
|| asfd->read_expect(asfd, CMD_GEN, "restore_spool_ok"))
goto end;
// Send each of the data files that we found to the client.
HASH_ITER(hh, hash_table, hash_weak, tmpw)
{
char msg[32];
char path[32];
char *fdatpath=NULL;
snprintf(path, sizeof(path), "%014lX", hash_weak->weak);
path[4]='/';
path[9]='/';
snprintf(msg, sizeof(msg), "dat=%s", path);
printf("got: %s\n", msg);
if(asfd->write_str(asfd, CMD_GEN, msg)) goto end;
if(!(fdatpath=prepend_s(datadir, path)))
goto end;
if(send_a_file(asfd, fdatpath, conf))
{
free(fdatpath);
goto end;
}
free(fdatpath);
}
/* This function reads the manifest to determine whether it may be more
efficient to just copy the data files across and unpack them on the other
side. If it thinks it is, it will then do it.
Return -1 on error, 1 if it copied the data across, 0 if it did not. */
int maybe_restore_spool(struct asfd *asfd, const char *manifest,
struct sdirs *sdirs, struct bu *bu, int srestore, regex_t *regex,
struct conf **confs, struct slist *slist,
enum action act, enum cntr_status cntr_status)
{
int ars;
int ret=-1;
struct sbuf *sb=NULL;
struct blk *blk=NULL;
struct manio *manio=NULL;
uint64_t blkcount=0;
uint64_t datcount=0;
struct hash_weak *tmpw;
struct hash_weak *hash_weak;
uint64_t estimate_blks;
uint64_t estimate_dats;
uint64_t estimate_one_dat;
struct sbuf *need_data=NULL;
int last_ent_was_dir=0;
char sig[128]="";
const char *restore_spool=get_string(confs[OPT_RESTORE_SPOOL]);
// If the client has no restore_spool directory, we have to fall back
// to the stream style restore.
if(!restore_spool) return 0;
if(!(manio=manio_alloc())
|| manio_init_read(manio, manifest)
|| !(need_data=sbuf_alloc(confs))
|| !(sb=sbuf_alloc(confs))
|| !(blk=blk_alloc()))
goto end;
while(1)
{
if((ars=manio_sbuf_fill(manio, asfd, sb, blk, NULL, confs))<0)
{
logp("Error from manio_sbuf_fill() in %s\n",
__func__);
goto end; // Error;
}
else if(ars>0)
break; // Finished OK.
if(!blk->got_save_path)
{
sbuf_free_content(sb);
continue;
}
if(want_to_restore(srestore, sb, regex, confs))
{
blkcount++;
if(!hash_weak_find((uint64_t)blk->savepath))
{
if(!hash_weak_add((uint64_t)blk->savepath))
goto end;
datcount++;
}
}
sbuf_free_content(sb);
}
// FIX THIS: should read rabin_avg of a struct rconf.
estimate_blks=blkcount*RABIN_AVG;
estimate_one_dat=DATA_FILE_SIG_MAX*RABIN_AVG;
estimate_dats=datcount*estimate_one_dat;
printf("%"PRIu64 " blocks = %"PRIu64 " bytes in stream approx\n",
blkcount, estimate_blks);
printf("%"PRIu64 " data files = %"PRIu64 " bytes approx\n",
datcount, estimate_dats);
if(estimate_blks < estimate_one_dat)
{
printf("Stream is less than the size of a data file.\n");
printf("Use restore stream\n");
return 0;
}
else if(estimate_dats >= 90*(estimate_blks/100))
{
printf("Stream is more than 90%% size of data files.\n");
printf("Use restore stream\n");
return 0;
}
else
{
printf("Data files are less than 90%% size of stream.\n");
printf("Use data files\n");
}
printf("Client is using restore_spool: %s\n", restore_spool);
if(asfd->write_str(asfd, CMD_GEN, "restore_spool")
|| asfd->read_expect(asfd, CMD_GEN, "restore_spool_ok"))
goto end;
// Send each of the data files that we found to the client.
HASH_ITER(hh, hash_table, hash_weak, tmpw)
{
char msg[32];
char path[32];
char *fdatpath=NULL;
snprintf(path, sizeof(path), "%014"PRIX64, hash_weak->weak);
path[4]='/';
path[9]='/';
snprintf(msg, sizeof(msg), "dat=%s", path);
printf("got: %s\n", msg);
if(asfd->write_str(asfd, CMD_GEN, msg)) goto end;
if(!(fdatpath=prepend_s(sdirs->data, path)))
goto end;
if(send_a_file(asfd, fdatpath, confs))
{
free(fdatpath);
goto end;
}
free(fdatpath);
}
