Ubuntu
open-isns package

Merge ~lvoytek/ubuntu/+source/open-isns:open-isns-101-update-jammy into ubuntu/+source/open-isns:ubuntu/devel

  1. Git
  2. lp:~lvoytek/ubuntu/+source/open-isns
  3. open-isns-101-update-jammy
  4. Merge into ubuntu/devel
Proposed by Lena Voytek
Status: Merged
Merged at revision: bbb99d2d67c0ea3e782c9d438810cee8dfa30e6e
Proposed branch: ~lvoytek/ubuntu/+source/open-isns:open-isns-101-update-jammy
Merge into: ubuntu/+source/open-isns:ubuntu/devel
Diff against target: 870 lines (+223/-55)
21 files modified
.gitignore (+5/-0)
ChangeLog (+25/-0)
Makefile.in (+1/-0)
TODO (+8/-0)
client.c (+13/-7)
configure (+10/-10)
configure.ac (+2/-2)
db-policy.c (+9/-3)
debian/changelog (+18/-0)
debian/open-isns-utils.install (+2/-0)
dev/null (+0/-4)
doc/isnssetup.8 (+64/-0)
getnext.c (+1/-1)
include/libisns/.gitignore (+1/-0)
include/libisns/paths.h.in (+2/-2)
include/libisns/util.h (+13/-4)
isnsadm.c (+1/-1)
isnsdd.c (+1/-1)
pki.c (+35/-11)
security.c (+8/-6)
socket.c (+4/-3)
Reviewer Review Type Date Requested Status
Christian Ehrhardt  (community) Approve
Canonical Server Pending
Canonical Server packageset reviewers Pending
Canonical Server Core Reviewers Pending
Review via email: mp+413102@code.launchpad.net

Description of the change

PPA: https://launchpad.net/~lvoytek/+archive/ubuntu/open-isns-101-update-jammy

Updating to version 0.101 through a patch file until the version bump is approved in Debian, then this will become a sync. https://salsa.debian.org/linux-blocks-team/open-isns/-/merge_requests/2

Package test result:

autopkgtest [13:31:11]: @@@@@@@@@@@@@@@@@@@@ summary
server PASS
discoveryd PASS
auth PASS

To post a comment you must log in.
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Hmm, maybe I'm just blind to see the reason for "through a patch file until the version bump is approved in Debian", but could you explain why this can't just be 0.101-0ubuntu1 with proper orig tarball based on 0.101?

In the past Debian was rather slow at acting on that package, so I'd not expect things soon.
Which would make a "0.100-but-actually-0.101-we-are-not-tellng-you" version to stay around rather long.

Did you had a chance to check if the 0.101 version could work without my debian/patches/no-werror.patch? If it does, please drop it.

Oh and if you agree, just start the CL with "Merge 0.101 from upstream, remaining changes:"

review: Needs Information
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Arr, I consumed the canonical-server slot, could you please re-add one?

Revision history for this message
Lena Voytek (lvoytek) wrote :

Ah that's fair, I can use a 0.101 tarball and update the version for this then. The new version does work without the no-werror patch. It even contains the other three patches too so they can all be removed with the version bump

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Sounds good, ping back here once that is ready for re-review then.

Revision history for this message
Lena Voytek (lvoytek) wrote :

I reuploaded using uscan and extraction of the 0.101 tar alongside adding the new version in the changelog. Confirmed dep-8 tests still work and builds succeeded in the ppa

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

This will have some bonus-fun with the coming openssl3.1 but is ok for now:

pki.c:184:9: warning: ‘EVP_PKEY_get0_DSA’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Double checked the git with upstream tar content, matches

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

One finding, "bf3ff8a Merge 0.101 from upstream" pretends to be just upstream 0.101
But I found that it also adds the same content twice via debian/patches/version-101-update.patch
Only to remove it later via "2641a04 Remove patches fixed in version 0.101"

This is some useless back and forth that for clarity should be removed from "bf3ff8a Merge 0.101 from upstream".

If it is just that I can clean it up while sponsoring, let us see if I find more ...

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Tests, Builds, Bug references, Changelog, ... all that LGTM.

I checked (a common case on new upstream versions) if we'd need to bump d/copyright.
But interestingly there was no bump in the upstream source v0.100->v0.101, so that should be fine as is.

One thing that I saw was that upstream added a man-page and that is great, but we usually want to ensure it is installed. The new file is doc/isnssetup.8.
I see the build does
  /usr/bin/install -c -m 644 ./doc/isnssetup.8 /<<PKGBUILDDIR>>/debian/tmp/usr/share/man/man8

But it isn't picked up by the packaging and not in the binary package.
But that led me to this trail - and after a check I found a few things to be missing:

1. the isnssetup helpe rscript, directly available in the source probably a good candidate for either open-isns-utils in /usr/sbin/ along the other admin tools, or at least as example in /usr/share/doc/open-isns-utils/. I guess /usr/sbin along the others is more expected.
2. along that script the man page ./doc/isnssetup.8

3. There also is isnsd.socket which could be installed along the .service
   Looking at the .service made me shiver as a lot of things might be discussed, but right now we
   only want to package 0.101 as-is.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

So to sum it up, the rebase to upload an 0.101-0ubuntu1 looks mostly good - thanks!

The following things I'd ask for:
1. do not add and later remove debian/patches/version-101-update.patch
2. please let us install the new script, man page and .socket file
3. We are not in a hurry, maybe once we have that ready and team-reviewed have a look at sending a PR of the same to Debian?

If in January Debian did reply and upload it, we can make it a sync.
If not we can upload it to Ubuntu for now.

review: Needs Fixing
Revision history for this message
Lena Voytek (lvoytek) wrote :

Removed version-101-update.patch from all commits, thanks for spotting that. Working on the script, man page and socket file now

Revision history for this message
Lena Voytek (lvoytek) wrote :

Added script, doc, and socket to install

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Checked upgrade installs (had the service, but not the socket)

root@j-proposed:~# systemctl status isnsd
● isnsd.service - iSNS server
     Loaded: loaded (/lib/systemd/system/isnsd.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2021-12-16 06:30:24 UTC; 24s ago
TriggeredBy: ○ isnsd.socket
       Docs: man:isnsd(8)
             man:isnsd.conf(5)
   Main PID: 106675 (isnsd)
      Tasks: 1 (limit: 38266)
     Memory: 1.0M
     CGroup: /system.slice/isnsd.service
             └─106675 /usr/sbin/isnsd

Dec 16 06:30:24 j-proposed systemd[1]: Starting iSNS server...
Dec 16 06:30:24 j-proposed systemd[1]: Started iSNS server.
Dec 16 06:30:24 j-proposed isnsd[106675]: SLP support disabled in this build
root@j-proposed:~# systemctl status isnsd.socket
○ isnsd.socket
     Loaded: loaded (/lib/systemd/system/isnsd.socket; enabled; vendor preset: enabled)
     Active: inactive (dead)
   Triggers: ● isnsd.service
     Listen: /run/isnsctl (Stream)
             [::]:3205 (Stream)

Service stays running (good), socket stays off (good as it would be a crash otherwise).

Also no complains on the install
Setting up open-isns-server (0.101-0ubuntu1~ppa4) ...
Created symlink /etc/systemd/system/sockets.target.wants/isnsd.socket → /lib/systemd/system/isnsd.socket.
Setting up open-isns-discoveryd (0.101-0ubuntu1~ppa4) ...

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :
Download full text (3.4 KiB)

Checked new installs of the new version:

...

Unpacking open-isns-server (0.101-0ubuntu1~ppa4) ...
Setting up open-isns-server (0.101-0ubuntu1~ppa4) ...
Generating DSA parameters; this may take a while
+++++++++++++.++.+++++++++++++++++++++.+++++.++.++++++.+.+++.+++.++++.++++++++++.++++++++++.++++.+++++++++++++++.+++.++++++.++++.+++++++++++++.+++++++++.+.++.++.++.+.++.......................
........................................../++++.+.+.+++++++++++++++.+.+++.++++++++++++.+++++++.++++++++++++.+.++.+++.++++++++++++.+++++++++++++.++++++.++.+.++.+.+++++++++++++.++++++.+++++++.+
.++.++++++++++.+.+.++++++.+.++++.+.+++.++++.+++++++.+.+++.+.++++++++++.++.++.++.+++.+++.+++++++++.+++++++++++.+++++++.+.+++++................................................................./
Stored private key in /etc/isns/auth_key
Stored private key in /etc/isns/auth_key.pub
Created symlink /etc/systemd/system/multi-user.target.wants/isnsd.service → /lib/systemd/system/isnsd.service.
Created symlink /etc/systemd/system/sockets.target.wants/isnsd.socket → /lib/systemd/system/isnsd.socket.
...

root@j-proposed:~# systemctl status isnsd.socket isnsd.service
○ isnsd.socket
     Loaded: loaded (/lib/systemd/system/isnsd.socket; enabled; vendor preset: enabled)
     Active: inactive (dead)
   Triggers: ● isnsd.service
     Listen: /run/isnsctl (Stream)
             [::]:3205 (Stream)

● isnsd.service - iSNS server
     Loaded: loaded (/lib/systemd/system/isnsd.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2021-12-16 06:31:35 UTC; 11s ago
TriggeredBy: ○ isnsd.socket
       Docs: man:isnsd(8)
             man:isnsd.conf(5)
    Process: 108263 ExecStart=/usr/sbin/isnsd (code=exited, status=0/SUCCESS)
   Main PID: 108264 (isnsd)
      Tasks: 1 (limit: 38266)
     Memory: 952.0K
     CGroup: /system.slice/isnsd.service
             └─108264 /usr/sbin/isnsd

The state I'd have expected it in after install would be more like:

root@j-proposed:~# systemctl stop isnsd.service
root@j-proposed:~# systemctl start isnsd.socket
root@j-proposed:~# systemctl status isnsd.socket isnsd.service
● isnsd.socket
     Loaded: loaded (/lib/systemd/system/isnsd.socket; enabled; vendor preset: enabled)
     Active: active (listening) since Thu 2021-12-16 06:45:07 UTC; 2s ago
   Triggers: ● isnsd.service
     Listen: /run/isnsctl (Stream)
             [::]:3205 (Stream)
     CGroup: /system.slice/isnsd.socket

Dec 16 06:45:07 j-proposed systemd[1]: Listening on isnsd.socket.

○ isnsd.service - iSNS server
     Loaded: loaded (/lib/systemd/system/isnsd.service; enabled; vendor preset: enabled)
     Active: inactive (dead) since Thu 2021-12-16 06:45:01 UTC; 8s ago
TriggeredBy: ● isnsd.socket
       Docs: man:isnsd(8)
             man:isnsd.conf(5)
    Process: 108263 ExecStart=/usr/sbin/isnsd (code=exited, status=0/SUCCESS)
   Main PID: 108264 (code=exited, status=0/SUCCESS)

Dec 16 06:31:35 j-proposed systemd[1]: Starting iSNS server...
Dec 16 06:31:35 j-proposed systemd[1]: Started iSNS server.
Dec 16 06:31:35 j-proposed isnsd[108264]: SLP support disabled in this build
Dec 16 06:45:01 j-proposed isnsd[108264]: SLP support disabled in this build
Dec 16 06:45:...

Read more...

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :
Download full text (4.3 KiB)

Hmm,
I've found that the socket integration of open-isnsd isn't perfect.
For example the following common init phase (from the man page of isnsadm) breaks it.

root@j-proposed:~# isnsd --init
root@j-proposed:~# isnsadm --local --keyfile=control.key --enroll isns.control node-type=ALL functions=ALL object-type=ALL
No key given, generating one
Stored DSA private key in control.key
socket disconnect, killing socket
Warning: Timed out while waiting for reply
Warning: Failed to register object(s): Internal error

If we now look at the service/socket we see

root@j-proposed:~# systemctl status isnsd.socket isnsd.service
× isnsd.socket
     Loaded: loaded (/lib/systemd/system/isnsd.socket; enabled; vendor preset: enabled)
     Active: failed (Result: service-start-limit-hit) since Thu 2021-12-16 06:50:15 UTC; 4s ago
   Triggers: ● isnsd.service
     Listen: /run/isnsctl (Stream)
             [::]:3205 (Stream)

Dec 16 06:45:07 j-proposed systemd[1]: Listening on isnsd.socket.
Dec 16 06:50:15 j-proposed systemd[1]: isnsd.socket: Failed with result 'service-start-limit-hit'.

× isnsd.service - iSNS server
     Loaded: loaded (/lib/systemd/system/isnsd.service; enabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Thu 2021-12-16 06:50:15 UTC; 4s ago
TriggeredBy: × isnsd.socket
       Docs: man:isnsd(8)
             man:isnsd.conf(5)
    Process: 108821 ExecStart=/usr/sbin/isnsd (code=exited, status=0/SUCCESS)
   Main PID: 108822 (code=exited, status=1/FAILURE)

Dec 16 06:50:15 j-proposed systemd[1]: Starting iSNS server...
Dec 16 06:50:15 j-proposed systemd[1]: isnsd.service: New main PID 108821 does not exist or is a zombie.
Dec 16 06:50:15 j-proposed isnsd[108822]: Unable to bind socket: Address already in use
Dec 16 06:50:15 j-proposed isnsd[108822]: Unable to create server socket
Dec 16 06:50:15 j-proposed systemd[1]: Started iSNS server.
Dec 16 06:50:15 j-proposed systemd[1]: isnsd.service: Main process exited, code=exited, status=1/FAILURE
Dec 16 06:50:15 j-proposed systemd[1]: isnsd.service: Failed with result 'exit-code'.
Dec 16 06:50:15 j-proposed systemd[1]: isnsd.service: Start request repeated too quickly.
Dec 16 06:50:15 j-proposed systemd[1]: isnsd.service: Failed with result 'exit-code'.
Dec 16 06:50:15 j-proposed systemd[1]: Failed to start iSNS server.

That means isnsadm reaches the socket in a way to start it, but then the service is blocked by the socket itself. As if there are multiple paths to start it and only one is transitioning, but the other one is blocking it.

A later start gets it running:
root@j-proposed:~# systemctl start isnsd.service
root@j-proposed:~# systemctl status isnsd.socket isnsd.service
× isnsd.socket
     Loaded: loaded (/lib/systemd/system/isnsd.socket; enabled; vendor preset: enabled)
     Active: failed (Result: service-start-limit-hit) since Thu 2021-12-16 06:50:15 UTC; 5min ago
   Triggers: ● isnsd.service
     Listen: /run/isnsctl (Stream)
             [::]:3205 (Stream)

Dec 16 06:45:07 j-proposed systemd[1]: Listening on isnsd.socket.
Dec 16 06:50:15 j-proposed systemd[1]: isnsd.socket: Failed with result 'service-start-limit-hit'.

● isnsd.service - iSNS server
     Loaded...

Read more...

review: Needs Fixing
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

BTW isnssetup works at least to the extend I understand what it is supposed to do.
It creates a working base setup AFAICS:

root@j-proposed:~# isnssetup
*** Initializing server security ***
*** Registering control node policy ***
No key given, generating one
Stored DSA private key in /etc/isns/control.key
Successfully registered object(s)
*** Registering control node ***
Successfully registered object(s)
*** Registering policy for server ***
Successfully registered object(s)

root@j-proposed:~# isnsadm --control --query dd-name=mydomain
(Object list empty)

root@j-proposed:~# isnsadm --control --register entity=client.bozo.org initiator=iqn.org.bozo.client portal=191.168.7.1:860
Successfully registered object(s)

root@j-proposed:~# isnsadm --control --query entity-id=client.bozo.org
object[0] = <Network Entity>
  0001 string : Entity identifier = "client.bozo.org"
  0002 uint32 : Entity protocol = iSCSI (2)
  0006 uint32 : Registration Period = 600
  0004 uint64 : Timestamp = Thu Dec 16 06:59:25 2021
  0007 uint32 : Entity index = 5

Revision history for this message
Lena Voytek (lvoytek) wrote :

Removed the socket file inclusion. Confirmed autopkgtest still passing and ppa builds

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Ok, IMHO it is ready to upload as-is for Ubuntu now to resolve things here.

Please - before considering all of this fully done - submit the same to Debian please (https://salsa.debian.org/linux-blocks-team/open-isns)

I guess there you need to replace your former https://salsa.debian.org/linux-blocks-team/open-isns/-/merge_requests/2
And probably to get it right adapt it to match the gbp workflow as I see upstream/master and pristine-tar there.

Would be something like:
gbp import-orig ../open-isns_0.101.orig.tar.xz --pristine-tar -u 0.101 --debian-branch debian/master --upstream-branch upstream/master
Then add your .install change and submit all three branches there (three PRs).

Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading open-isns_0.101-0ubuntu1.dsc: done.
  Uploading open-isns_0.101.orig.tar.gz: done.
  Uploading open-isns_0.101-0ubuntu1.debian.tar.xz: done.
  Uploading open-isns_0.101-0ubuntu1_source.buildinfo: done.
  Uploading open-isns_0.101-0ubuntu1_source.changes: done.
Successfully uploaded packages.

review: Approve
Revision history for this message
Lena Voytek (lvoytek) wrote :

The three merge requests are now up in Debian:
https://salsa.debian.org/linux-blocks-team/open-isns/-/merge_requests

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/.gitignore b/.gitignore
index 5da7a8b..2a0f55d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,3 +7,8 @@ isnsd
7isnsdd7isnsdd
8libisns.a8libisns.a
9libisns*.so.?9libisns*.so.?
10Makefile
11config.h
12config.log
13config.status
14autom4te.cache
diff --git a/ChangeLog b/ChangeLog
index 34c1638..c379a74 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,28 @@
1* Changes v0.100 to v0.101:
2
3Dmitry Bogdanov (1):
4 Fix parsing of GetNextRsp
5
6Lee Duncan (10):
7 Ignore common build files
8 Fix compiler issue when not in security mode
9 Do not ignore write() return value.
10 Fix 586 compile issue and remove -Werror
11 Added a TODO: 'make depend' not worrking
12 Update version string to "0.100".
13 Fix broken server authentication initialization.
14 Add man page for isnssetup.
15 Added TODO to test "isnsd --init"
16 Preparing for version 0.101
17
18Leo (1):
19 socket.c: include poll.h instead of sys/poll.h for POSIX compatibility
20
21Rosen Penev (2):
22 fix compilation without deprecated OpenSSL APIs
23 libisns: remove sighold and sigrelse
24
25
1* Changes v0.99 to v0.100:26* Changes v0.99 to v0.100:
227
3Chris Leech (1):28Chris Leech (1):
diff --git a/Makefile.in b/Makefile.in
index f76880a..f001a87 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -118,6 +118,7 @@ install:
118 $(INSTALL) -m 644 $(srcdir)/doc/isnsd.8 $(MANDIR)/man8118 $(INSTALL) -m 644 $(srcdir)/doc/isnsd.8 $(MANDIR)/man8
119 $(INSTALL) -m 644 $(srcdir)/doc/isnsdd.8 $(MANDIR)/man8119 $(INSTALL) -m 644 $(srcdir)/doc/isnsdd.8 $(MANDIR)/man8
120 $(INSTALL) -m 644 $(srcdir)/doc/isnsadm.8 $(MANDIR)/man8120 $(INSTALL) -m 644 $(srcdir)/doc/isnsadm.8 $(MANDIR)/man8
121 $(INSTALL) -m 644 $(srcdir)/doc/isnssetup.8 $(MANDIR)/man8
121 $(INSTALL) -m 644 $(srcdir)/doc/isns_config.5 $(MANDIR)/man5122 $(INSTALL) -m 644 $(srcdir)/doc/isns_config.5 $(MANDIR)/man5
122 $(INSTALL) -m 644 $(srcdir)/isnsd.service $(SYSTEMDDIR)123 $(INSTALL) -m 644 $(srcdir)/isnsd.service $(SYSTEMDDIR)
123 $(INSTALL) -m 644 $(srcdir)/isnsd.socket $(SYSTEMDDIR)124 $(INSTALL) -m 644 $(srcdir)/isnsd.socket $(SYSTEMDDIR)
diff --git a/TODO b/TODO
index 2ddf008..5e23667 100644
--- a/TODO
+++ b/TODO
@@ -7,6 +7,7 @@ isnsd:
7 - make PGs children of the iSCSI storage node they're associated7 - make PGs children of the iSCSI storage node they're associated
8 with?8 with?
9 - Implement missing functions9 - Implement missing functions
10 - Add test for "isnsd --init", to make sure it works correctly.
1011
11isnsadm:12isnsadm:
12 - support iSNS server discovery through DNS SRV13 - support iSNS server discovery through DNS SRV
@@ -27,6 +28,10 @@ isnsdd:
27 we registered for ESI are seeing the server's28 we registered for ESI are seeing the server's
28 ESI messages.29 ESI messages.
2930
31isnssetup:
32- Update to support systemd, and perhaps have
33 a few options?
34
30DevAttrReg:35DevAttrReg:
31 - Refuse registration of nodes inside the CONTROL36 - Refuse registration of nodes inside the CONTROL
32 entity, unless it's a control node.37 entity, unless it's a control node.
@@ -98,3 +103,6 @@ Renaming
98103
99Socket code:104Socket code:
100 - impose upper limit on the reassembly buffer105 - impose upper limit on the reassembly buffer
106
107Compilation:
108 - 'make depend' does not work
diff --git a/client.c b/client.c
index 8487877..fda26be 100644
--- a/client.c
+++ b/client.c
@@ -122,22 +122,17 @@ isns_client_get_local_address(const isns_client_t *clnt,
122/*122/*
123 * Create a security context123 * Create a security context
124 */124 */
125#ifdef WITH_SECURITY
125static isns_security_t *126static isns_security_t *
126__create_security_context(const char *name, const char *auth_key,127__create_security_context(const char *name, const char *auth_key,
127 const char *server_key)128 const char *server_key)
128{129{
129#ifdef WITH_SECURITY
130 isns_security_t *ctx;130 isns_security_t *ctx;
131 isns_principal_t *princ;131 isns_principal_t *princ;
132#endif /* WITH_SECURITY */
133132
134 if (!isns_config.ic_security)133 if (!isns_config.ic_security)
135 return NULL;134 return NULL;
136135
137#ifndef WITH_SECURITY
138 isns_error("Cannot create security context: security disabled at build time\n");
139 return NULL;
140#else /* WITH_SECURITY */
141 ctx = isns_create_dsa_context();136 ctx = isns_create_dsa_context();
142 if (ctx == NULL)137 if (ctx == NULL)
143 isns_fatal("Unable to create security context\n");138 isns_fatal("Unable to create security context\n");
@@ -174,8 +169,19 @@ __create_security_context(const char *name, const char *auth_key,
174 }169 }
175170
176 return ctx;171 return ctx;
177#endif /* WITH_SECURITY */
178}172}
173#else /* WITH_SECURITY */
174static isns_security_t *
175__create_security_context(__attribute__((unused))const char *name,
176 __attribute__((unused))const char *auth_key,
177 __attribute__((unused))const char *server_key)
178{
179 if (!isns_config.ic_security)
180 return NULL;
181 isns_error("Cannot create security context: security disabled at build time\n");
182 return NULL;
183}
184#endif /* WITH_SECURITY */
179185
180/*186/*
181 * Create the default security context187 * Create the default security context
diff --git a/configure b/configure
index 8579a02..1559ab6 100755
--- a/configure
+++ b/configure
@@ -1,6 +1,6 @@
1#! /bin/sh1#! /bin/sh
2# Guess values for system-dependent variables and create Makefiles.2# Guess values for system-dependent variables and create Makefiles.
3# Generated by GNU Autoconf 2.69 for open-isns 0.100.3# Generated by GNU Autoconf 2.69 for open-isns 0.101.
4#4#
5#5#
6# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.6# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
@@ -577,8 +577,8 @@ MAKEFLAGS=
577# Identity of this package.577# Identity of this package.
578PACKAGE_NAME='open-isns'578PACKAGE_NAME='open-isns'
579PACKAGE_TARNAME='open-isns'579PACKAGE_TARNAME='open-isns'
580PACKAGE_VERSION='0.100'580PACKAGE_VERSION='0.101'
581PACKAGE_STRING='open-isns 0.100'581PACKAGE_STRING='open-isns 0.101'
582PACKAGE_BUGREPORT=''582PACKAGE_BUGREPORT=''
583PACKAGE_URL=''583PACKAGE_URL=''
584584
@@ -1250,7 +1250,7 @@ if test "$ac_init_help" = "long"; then
1250 # Omit some internal or obsolete options to make the list less imposing.1250 # Omit some internal or obsolete options to make the list less imposing.
1251 # This message is too long to be a string in the A/UX 3.1 sh.1251 # This message is too long to be a string in the A/UX 3.1 sh.
1252 cat <<_ACEOF1252 cat <<_ACEOF
1253\`configure' configures open-isns 0.100 to adapt to many kinds of systems.1253\`configure' configures open-isns 0.101 to adapt to many kinds of systems.
12541254
1255Usage: $0 [OPTION]... [VAR=VALUE]...1255Usage: $0 [OPTION]... [VAR=VALUE]...
12561256
@@ -1315,7 +1315,7 @@ fi
13151315
1316if test -n "$ac_init_help"; then1316if test -n "$ac_init_help"; then
1317 case $ac_init_help in1317 case $ac_init_help in
1318 short | recursive ) echo "Configuration of open-isns 0.100:";;1318 short | recursive ) echo "Configuration of open-isns 0.101:";;
1319 esac1319 esac
1320 cat <<\_ACEOF1320 cat <<\_ACEOF
13211321
@@ -1410,7 +1410,7 @@ fi
1410test -n "$ac_init_help" && exit $ac_status1410test -n "$ac_init_help" && exit $ac_status
1411if $ac_init_version; then1411if $ac_init_version; then
1412 cat <<\_ACEOF1412 cat <<\_ACEOF
1413open-isns configure 0.1001413open-isns configure 0.101
1414generated by GNU Autoconf 2.691414generated by GNU Autoconf 2.69
14151415
1416Copyright (C) 2012 Free Software Foundation, Inc.1416Copyright (C) 2012 Free Software Foundation, Inc.
@@ -1775,7 +1775,7 @@ cat >config.log <<_ACEOF
1775This file contains any messages produced by compilers while1775This file contains any messages produced by compilers while
1776running configure, to aid debugging if configure makes a mistake.1776running configure, to aid debugging if configure makes a mistake.
17771777
1778It was created by open-isns $as_me 0.100, which was1778It was created by open-isns $as_me 0.101, which was
1779generated by GNU Autoconf 2.69. Invocation command line was1779generated by GNU Autoconf 2.69. Invocation command line was
17801780
1781 $ $0 $@1781 $ $0 $@
@@ -3996,7 +3996,7 @@ _ACEOF
3996esac3996esac
39973997
3998if test "$GCC" = "yes"; then3998if test "$GCC" = "yes"; then
3999 CFLAGS="-Wall -Werror -Wextra $CFLAGS"3999 CFLAGS="-Wall -Wextra $CFLAGS"
4000 CPPFLAGS="$CPPFLAGS -D_GNU_SOURCE"4000 CPPFLAGS="$CPPFLAGS -D_GNU_SOURCE"
4001fi4001fi
40024002
@@ -4985,7 +4985,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
4985# report actual input values of CONFIG_FILES etc. instead of their4985# report actual input values of CONFIG_FILES etc. instead of their
4986# values after options handling.4986# values after options handling.
4987ac_log="4987ac_log="
4988This file was extended by open-isns $as_me 0.100, which was4988This file was extended by open-isns $as_me 0.101, which was
4989generated by GNU Autoconf 2.69. Invocation command line was4989generated by GNU Autoconf 2.69. Invocation command line was
49904990
4991 CONFIG_FILES = $CONFIG_FILES4991 CONFIG_FILES = $CONFIG_FILES
@@ -5047,7 +5047,7 @@ _ACEOF
5047cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=15047cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
5048ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"5048ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
5049ac_cs_version="\\5049ac_cs_version="\\
5050open-isns config.status 0.1005050open-isns config.status 0.101
5051configured by $0, generated by GNU Autoconf 2.69,5051configured by $0, generated by GNU Autoconf 2.69,
5052 with options \\"\$ac_cs_config\\"5052 with options \\"\$ac_cs_config\\"
50535053
diff --git a/configure.ac b/configure.ac
index e4f3995..63ec143 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
1AC_INIT(open-isns, [0.100])1AC_INIT(open-isns, [0.101])
2AC_CONFIG_SRCDIR([isnsd.c])2AC_CONFIG_SRCDIR([isnsd.c])
3AC_CONFIG_AUX_DIR([aclocal])3AC_CONFIG_AUX_DIR([aclocal])
44
@@ -17,7 +17,7 @@ AC_PATH_PROG(SH, sh)
17dnl C Compiler features17dnl C Compiler features
18AC_C_INLINE18AC_C_INLINE
19if test "$GCC" = "yes"; then19if test "$GCC" = "yes"; then
20 CFLAGS="-Wall -Werror -Wextra $CFLAGS"20 CFLAGS="-Wall -Wextra $CFLAGS"
21 CPPFLAGS="$CPPFLAGS -D_GNU_SOURCE"21 CPPFLAGS="$CPPFLAGS -D_GNU_SOURCE"
22fi22fi
2323
diff --git a/db-policy.c b/db-policy.c
index b1c46e2..d4a0cba 100644
--- a/db-policy.c
+++ b/db-policy.c
@@ -52,11 +52,11 @@ __isns_db_keystore_lookup(isns_db_keystore_t *store,
52/*52/*
53 * Load a DSA key from the DB store53 * Load a DSA key from the DB store
54 */54 */
55#ifdef WITH_SECURITY
55static EVP_PKEY *56static EVP_PKEY *
56__isns_db_keystore_find(isns_keystore_t *store_base,57__isns_db_keystore_find(isns_keystore_t *store_base,
57 const char *name, size_t namelen)58 const char *name, size_t namelen)
58{59{
59#ifdef WITH_SECURITY
60 isns_db_keystore_t *store = (isns_db_keystore_t *) store_base;60 isns_db_keystore_t *store = (isns_db_keystore_t *) store_base;
61 isns_object_t *obj;61 isns_object_t *obj;
62 const void *key_data;62 const void *key_data;
@@ -71,10 +71,16 @@ __isns_db_keystore_find(isns_keystore_t *store_base,
71 return NULL;71 return NULL;
7272
73 return isns_dsa_decode_public(key_data, key_size);73 return isns_dsa_decode_public(key_data, key_size);
74#else74}
75#else /* WITH_SECURITY */
76static EVP_PKEY *
77__isns_db_keystore_find(__attribute__((unused))isns_keystore_t *store_base,
78 __attribute__((unused))const char *name,
79 __attribute__((unused))size_t namelen)
80{
75 return NULL;81 return NULL;
76#endif
77}82}
83#endif /* WITH_SECURITY */
7884
79/*85/*
80 * Retrieve policy from database86 * Retrieve policy from database
diff --git a/debian/changelog b/debian/changelog
index 6e00fbe..745a31f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,21 @@
1open-isns (0.101-0ubuntu1) jammy; urgency=medium
2
3 * Merge 0.101 from upstream (LP: #1946882), remaining changes
4 - d/open-isns-utils.install: Include isnssetup script in /usr/sbin along with
5 its man documentation
6 * Dropped changes:
7 - d/p/0001-Do-not-ignore-write-return-value.patch: Avoid warn_unused_result error
8 [Fixed in 0.101]
9 - d/p/0002-Fix-different-signedness-integer-expression-comparis.patch: Fix sign error
10 [Fixed in 0.101]
11 - d/p/0003-Fix-broken-server-authentication-initialization.patch: Fix broken server
12 authorization initialization
13 [Fixed in 0.101]
14 - d/p/no-werror.patch: Build without werror enabled
15 [Fixed in 0.101]
16
17 -- Lena Voytek <lena.voytek@canonical.com> Wed, 16 Dec 2021 07:15:31 -0700
18
1open-isns (0.100-3ubuntu5) jammy; urgency=medium19open-isns (0.100-3ubuntu5) jammy; urgency=medium
220
3 * No-change rebuild against openssl321 * No-change rebuild against openssl3
diff --git a/debian/open-isns-utils.install b/debian/open-isns-utils.install
index 89212a5..867a5fc 100644
--- a/debian/open-isns-utils.install
+++ b/debian/open-isns-utils.install
@@ -1,5 +1,7 @@
1debian/extra/isnsadm.conf.5 /usr/share/man/man51debian/extra/isnsadm.conf.5 /usr/share/man/man5
2etc/isns/isnsadm.conf2etc/isns/isnsadm.conf
3usr/sbin/isnsadm3usr/sbin/isnsadm
4isnssetup usr/sbin/
4usr/share/man/man5/isns_config.55usr/share/man/man5/isns_config.5
5usr/share/man/man8/isnsadm.86usr/share/man/man8/isnsadm.8
7usr/share/man/man8/isnssetup.8
diff --git a/debian/patches/0001-Do-not-ignore-write-return-value.patch b/debian/patches/0001-Do-not-ignore-write-return-value.patch
6deleted file mode 1006448deleted file mode 100644
index dcc48c2..0000000
--- a/debian/patches/0001-Do-not-ignore-write-return-value.patch
+++ /dev/null
@@ -1,87 +0,0 @@
1From: Ritesh Raj Sarraf <rrs@debian.org>
2Date: Thu, 19 Nov 2020 15:13:32 +0530
3Subject: Do not ignore write() return value
4
5Some distros set the warn_unused_result attribute for the write()
6system call, so check the return value
7
8Patch cherry-picked from upstream commit: 4c39cb09735a494099fba0474d25ff26800de952
9---
10 pki.c | 37 ++++++++++++++++++++++++++++++++-----
11 1 file changed, 32 insertions(+), 5 deletions(-)
12
13diff --git a/pki.c b/pki.c
14index 486d9bb..57ea664 100644
15--- a/pki.c
16+++ b/pki.c
17@@ -9,12 +9,13 @@
18 #include <unistd.h>
19 #include <limits.h>
20 #include "config.h"
21+#include <fcntl.h>
22+#include <assert.h>
23 #ifdef WITH_SECURITY
24 #include <openssl/pem.h>
25 #include <openssl/err.h>
26 #include <openssl/evp.h>
27 #endif
28-#include <fcntl.h>
29 #include <libisns/isns.h>
30 #include "security.h"
31 #include <libisns/util.h>
32@@ -431,17 +432,43 @@ isns_dsa_load_params(const char *filename)
33 return dsa;
34 }
35
36+/*
37+ * write one 'status' character to stdout
38+ */
39+static void
40+write_status_byte(int ch)
41+{
42+ static int stdout_fd = 1; /* fileno(stdout) */
43+ char buf[2];
44+ int res;
45+
46+ /*
47+ * We don't actually care about the return value here, since
48+ * we are just dumping a status byte to stdout, but
49+ * some linux distrubutions set the warn_unused_result attribute
50+ * for the write() API, so we might as well use the return value
51+ * to make sure the write command isn't broken.
52+ */
53+ assert(ch);
54+ buf[0] = ch;
55+ buf[1] = '\0';
56+ res = write(stdout_fd, buf, 1);
57+ assert(res == 1);
58+}
59+
60 static int
61 isns_dsa_param_gen_callback(int stage,
62 __attribute__((unused))int index,
63 __attribute__((unused))void *dummy)
64 {
65 if (stage == 0)
66- write(1, "+", 1);
67+ write_status_byte('+');
68 else if (stage == 1)
69- write(1, ".", 1);
70+ write_status_byte('.');
71 else if (stage == 2)
72- write(1, "/", 1);
73+ write_status_byte('/');
74+
75+ /* as a callback, we must return a value, so just return success */
76 return 0;
77 }
78
79@@ -478,7 +505,7 @@ isns_dsa_init_params(const char *filename)
80 dsa = DSA_generate_parameters(dsa_key_bits, NULL, 0,
81 NULL, NULL, isns_dsa_param_gen_callback, NULL);
82 #endif
83- write(1, "\n", 1);
84+ write_status_byte('\n');
85
86 if (dsa == NULL) {
87 isns_dsasig_report_errors("Error generating DSA parameters",
diff --git a/debian/patches/0002-Fix-different-signedness-integer-expression-comparis.patch b/debian/patches/0002-Fix-different-signedness-integer-expression-comparis.patch
88deleted file mode 1006440deleted file mode 100644
index 31c6cfb..0000000
--- a/debian/patches/0002-Fix-different-signedness-integer-expression-comparis.patch
+++ /dev/null
@@ -1,22 +0,0 @@
1From: Ritesh Raj Sarraf <rrs@debian.org>
2Date: Mon, 23 Nov 2020 22:35:57 +0530
3Subject: Fix different signedness integer expression comparison error
4
5Issue commonly seen on 32 bit systems
6---
7 isnsdd.c | 2 +-
8 1 file changed, 1 insertion(+), 1 deletion(-)
9
10diff --git a/isnsdd.c b/isnsdd.c
11index 58825cc..9cedb9f 100644
12--- a/isnsdd.c
13+++ b/isnsdd.c
14@@ -401,7 +401,7 @@ check_portal_registration(__attribute__((unused))void *ptr)
15 continue;
16
17 last_modified = isns_object_last_modified(obj);
18- if (last_modified + 2 * interval > now) {
19+ if ((time_t)(last_modified + 2 * interval) > now) {
20 good_portals++;
21 continue;
22 }
diff --git a/debian/patches/0003-Fix-broken-server-authentication-initialization.patch b/debian/patches/0003-Fix-broken-server-authentication-initialization.patch
23deleted file mode 1006440deleted file mode 100644
index eb6afa7..0000000
--- a/debian/patches/0003-Fix-broken-server-authentication-initialization.patch
+++ /dev/null
@@ -1,55 +0,0 @@
1From: Lee Duncan <lduncan@suse.com>
2Date: Fri, 4 Dec 2020 09:14:18 -0800
3Subject: Fix broken server authentication initialization.
4
5Commit 86bf736873ed cleaned up a bunch of compiler complaints,
6and was supposed to have no effect on functionality. But the change
7to isns_dsa_param_gen_callback() from void to returning an
8integer (zero) broke "isnsd --init", causing the error message:
9
10> Generating DSA parameters; this may take a while
11> +
12> Warning: Error generating DSA parameters - OpenSSL errors follow:
13
14This commit changes isns_dsa_param_gen_callback() back to a void
15function, and fixes the compiler problem by properly declaring
16the callback, and using the proper openssl macro to set the
17callback.
18
19Fixes: 86bf736873ed General cleanup for the compiler.
20---
21 pki.c | 7 ++-----
22 1 file changed, 2 insertions(+), 5 deletions(-)
23
24diff --git a/pki.c b/pki.c
25index 57ea664..315b56b 100644
26--- a/pki.c
27+++ b/pki.c
28@@ -456,7 +456,7 @@ write_status_byte(int ch)
29 assert(res == 1);
30 }
31
32-static int
33+static void
34 isns_dsa_param_gen_callback(int stage,
35 __attribute__((unused))int index,
36 __attribute__((unused))void *dummy)
37@@ -467,9 +467,6 @@ isns_dsa_param_gen_callback(int stage,
38 write_status_byte('.');
39 else if (stage == 2)
40 write_status_byte('/');
41-
42- /* as a callback, we must return a value, so just return success */
43- return 0;
44 }
45
46 int
47@@ -494,7 +491,7 @@ isns_dsa_init_params(const char *filename)
48 isns_notice("Generating DSA parameters; this may take a while\n");
49 #if OPENSSL_VERSION_NUMBER >= 0x10002000L
50 cb = BN_GENCB_new();
51- BN_GENCB_set(cb, (int (*)(int, int, BN_GENCB *)) isns_dsa_param_gen_callback, NULL);
52+ BN_GENCB_set_old(cb, (void (*)(int, int, void *)) isns_dsa_param_gen_callback, NULL);
53 dsa = DSA_new();
54 if (!DSA_generate_parameters_ex(dsa, dsa_key_bits, NULL, 0, NULL, NULL, cb)) {
55 DSA_free(dsa);
diff --git a/debian/patches/no-werror.patch b/debian/patches/no-werror.patch
56deleted file mode 1006440deleted file mode 100644
index 0ab8c07..0000000
--- a/debian/patches/no-werror.patch
+++ /dev/null
@@ -1,15 +0,0 @@
1Description: Build without -Werror to fix FTBFS.
2Author: Dimitri John Ledkov <xnox@ubuntu.com>
3
4
5--- open-isns-0.100.orig/configure.ac
6+++ open-isns-0.100/configure.ac
7@@ -17,7 +17,7 @@ AC_PATH_PROG(SH, sh)
8 dnl C Compiler features
9 AC_C_INLINE
10 if test "$GCC" = "yes"; then
11- CFLAGS="-Wall -Werror -Wextra $CFLAGS"
12+ CFLAGS="-Wall -Wextra $CFLAGS"
13 CPPFLAGS="$CPPFLAGS -D_GNU_SOURCE"
14 fi
15
diff --git a/debian/patches/series b/debian/patches/series
16deleted file mode 1006440deleted file mode 100644
index 27bb459..0000000
--- a/debian/patches/series
+++ /dev/null
@@ -1,4 +0,0 @@
10001-Do-not-ignore-write-return-value.patch
20002-Fix-different-signedness-integer-expression-comparis.patch
30003-Fix-broken-server-authentication-initialization.patch
4no-werror.patch
diff --git a/doc/isnssetup.8 b/doc/isnssetup.8
5new file mode 1006440new file mode 100644
index 0000000..3076af5
--- /dev/null
+++ b/doc/isnssetup.8
@@ -0,0 +1,64 @@
1'\" t
2.TH ISNSSETUP 8 "4 Dec 2020"
3.SH NAME
4isnssetup \- a simple script to bootstrap an iSNS server, including security
5.SH SYNOPSIS
6.B isnssetup
7.SH DESCRIPTION
8.B isnssetup
9is a command line utility for for bootstrapping your iSNS
10installation. It sets up the authentication credentials,
11sets up the
12.B ServerAddress
13to be
14.IR localhost ,
15and registers the appropriate values in the
16.B iSNS
17database. The
18.B isnssetup
19script does not take any options.
20.PP
21Running this script performs the following steps:
22.TP
23.B \(bu
24Set
25.B ServerAddress
26to
27.I localhost
28and
29.B Security
30to
31.I 1
32for
33.B isnsadmin.conf
34and
35.BR isnsdd.conf .
36.TP
37.B \(bu
38Initialize security files by running
39.BR "isnsd --init" ,
40copying the public key to the server key, then restarting
41the
42.B isnsd
43daemon, so that it sees the new authorization files.
44.TP
45.B \(bu
46Registering the control node policy, the control node itself, and
47lastly registering the server policy.
48.PP
49Note that this script is supplied as an example, although you should
50be able to use it directly if you wish. You have to be
51.B root
52to run this script successfully.
53.SH BUGS
54This script does not take
55.B systemd
56into account, so you may have to modify it to get it to work on
57a modern system.
58.SH SEE ALSO
59RFC 4171,
60.BR isnsadm (8),
61.BR isnsd (8),
62.BR isns_config (5).
63.SH AUTHORS
64Olaf Kirch <olaf.kirch@oracle.com>
diff --git a/getnext.c b/getnext.c
index 2b3b3fe..9e39a5d 100644
--- a/getnext.c
+++ b/getnext.c
@@ -244,7 +244,7 @@ isns_getnext_response_get_object(isns_simple_t *qry,
244{244{
245 isns_object_template_t *tmpl;245 isns_object_template_t *tmpl;
246246
247 tmpl = isns_object_template_for_key_attrs(&qry->is_operating_attrs);247 tmpl = isns_object_template_for_key_attrs(&qry->is_message_attrs);
248 if (tmpl == NULL) {248 if (tmpl == NULL) {
249 isns_error("Cannot determine object type in GetNext response\n");249 isns_error("Cannot determine object type in GetNext response\n");
250 return ISNS_ATTRIBUTE_NOT_IMPLEMENTED;250 return ISNS_ATTRIBUTE_NOT_IMPLEMENTED;
diff --git a/include/libisns/.gitignore b/include/libisns/.gitignore
251new file mode 100644251new file mode 100644
index 0000000..a3757fd
--- /dev/null
+++ b/include/libisns/.gitignore
@@ -0,0 +1 @@
1paths.h
diff --git a/include/libisns/paths.h.in b/include/libisns/paths.h.in
index 1e96e70..4d17adb 100644
--- a/include/libisns/paths.h.in
+++ b/include/libisns/paths.h.in
@@ -9,8 +9,8 @@
9#define ISNS_CONFIG_H9#define ISNS_CONFIG_H
1010
11#define __OPENISNS_MKVERSION(maj, min) (((maj) << 8) + (min))11#define __OPENISNS_MKVERSION(maj, min) (((maj) << 8) + (min))
12#define OPENISNS_VERSION __OPENISNS_MKVERSION(0, 99);12#define OPENISNS_VERSION __OPENISNS_MKVERSION(0, 101);
13#define OPENISNS_VERSION_STRING "0.99"13#define OPENISNS_VERSION_STRING "0.101"
1414
15#define ISNS_ETCDIR "/etc/isns"15#define ISNS_ETCDIR "/etc/isns"
16#define ISNS_RUNDIR "@RUNDIR@"16#define ISNS_RUNDIR "@RUNDIR@"
diff --git a/include/libisns/util.h b/include/libisns/util.h
index 4174480..f1b97f0 100644
--- a/include/libisns/util.h
+++ b/include/libisns/util.h
@@ -14,6 +14,7 @@
14#include <string.h> // for strdup14#include <string.h> // for strdup
15#include <signal.h>15#include <signal.h>
16#include <libisns/types.h>16#include <libisns/types.h>
17#include <stdlib.h>
1718
18#define array_num_elements(a) (sizeof(a) / sizeof((a)[0]))19#define array_num_elements(a) (sizeof(a) / sizeof((a)[0]))
1920
@@ -40,14 +41,22 @@ char * print_size(unsigned long);
40 */41 */
41static inline void signals_hold(void)42static inline void signals_hold(void)
42{43{
43 sighold(SIGTERM);44 sigset_t s;
44 sighold(SIGINT);45
46 sigemptyset(&s);
47 sigaddset(&s, SIGTERM);
48 sigaddset(&s, SIGINT);
49 sigprocmask(SIG_BLOCK, &s, 0);
45}50}
4651
47static inline void signals_release(void)52static inline void signals_release(void)
48{53{
49 sigrelse(SIGTERM);54 sigset_t s;
50 sigrelse(SIGINT);55
56 sigemptyset(&s);
57 sigaddset(&s, SIGTERM);
58 sigaddset(&s, SIGINT);
59 sigprocmask(SIG_UNBLOCK, &s, 0);
51}60}
5261
53/*62/*
diff --git a/isnsadm.c b/isnsadm.c
index 7a96007..94c705e 100644
--- a/isnsadm.c
+++ b/isnsadm.c
@@ -1162,7 +1162,7 @@ generate_key_callback(void)
1162}1162}
11631163
1164isns_attr_t *1164isns_attr_t *
1165load_key_callback(const char *pathname)1165load_key_callback(__attribute__((unused))const char *pathname)
1166{1166{
1167 isns_fatal("Authentication disabled in this build\n");1167 isns_fatal("Authentication disabled in this build\n");
1168 return NULL;1168 return NULL;
diff --git a/isnsdd.c b/isnsdd.c
index 58825cc..9cedb9f 100644
--- a/isnsdd.c
+++ b/isnsdd.c
@@ -401,7 +401,7 @@ check_portal_registration(__attribute__((unused))void *ptr)
401 continue;401 continue;
402402
403 last_modified = isns_object_last_modified(obj);403 last_modified = isns_object_last_modified(obj);
404 if (last_modified + 2 * interval > now) {404 if ((time_t)(last_modified + 2 * interval) > now) {
405 good_portals++;405 good_portals++;
406 continue;406 continue;
407 }407 }
diff --git a/pki.c b/pki.c
index 486d9bb..6617b8a 100644
--- a/pki.c
+++ b/pki.c
@@ -9,12 +9,15 @@
9#include <unistd.h>9#include <unistd.h>
10#include <limits.h>10#include <limits.h>
11#include "config.h"11#include "config.h"
12#include <fcntl.h>
13#include <assert.h>
12#ifdef WITH_SECURITY14#ifdef WITH_SECURITY
13#include <openssl/pem.h>15#include <openssl/pem.h>
14#include <openssl/err.h>16#include <openssl/err.h>
15#include <openssl/evp.h>17#include <openssl/evp.h>
18#include <openssl/dsa.h>
19#include <openssl/bn.h>
16#endif20#endif
17#include <fcntl.h>
18#include <libisns/isns.h>21#include <libisns/isns.h>
19#include "security.h"22#include "security.h"
20#include <libisns/util.h>23#include <libisns/util.h>
@@ -96,13 +99,11 @@ isns_create_dsa_context(void)
96 isns_security_t *ctx;99 isns_security_t *ctx;
97100
98 if (!isns_openssl_init) {101 if (!isns_openssl_init) {
99 ERR_load_crypto_strings();
100#if OPENSSL_API_COMPAT < 0x10100000L102#if OPENSSL_API_COMPAT < 0x10100000L
103 ERR_load_crypto_strings();
101 OpenSSL_add_all_algorithms();104 OpenSSL_add_all_algorithms();
102 OpenSSL_add_all_ciphers();105 OpenSSL_add_all_ciphers();
103 OpenSSL_add_all_digests();106 OpenSSL_add_all_digests();
104#else
105 OPENSSL_init_crypto();
106#endif107#endif
107 isns_openssl_init = 1;108 isns_openssl_init = 1;
108 }109 }
@@ -431,18 +432,41 @@ isns_dsa_load_params(const char *filename)
431 return dsa;432 return dsa;
432}433}
433434
434static int435/*
436 * write one 'status' character to stdout
437 */
438static void
439write_status_byte(int ch)
440{
441 static int stdout_fd = 1; /* fileno(stdout) */
442 char buf[2];
443 int res;
444
445 /*
446 * We don't actually care about the return value here, since
447 * we are just dumping a status byte to stdout, but
448 * some linux distrubutions set the warn_unused_result attribute
449 * for the write() API, so we might as well use the return value
450 * to make sure the write command isn't broken.
451 */
452 assert(ch);
453 buf[0] = ch;
454 buf[1] = '\0';
455 res = write(stdout_fd, buf, 1);
456 assert(res == 1);
457}
458
459static void
435isns_dsa_param_gen_callback(int stage,460isns_dsa_param_gen_callback(int stage,
436 __attribute__((unused))int index,461 __attribute__((unused))int index,
437 __attribute__((unused))void *dummy)462 __attribute__((unused))void *dummy)
438{463{
439 if (stage == 0)464 if (stage == 0)
440 write(1, "+", 1);465 write_status_byte('+');
441 else if (stage == 1)466 else if (stage == 1)
442 write(1, ".", 1);467 write_status_byte('.');
443 else if (stage == 2)468 else if (stage == 2)
444 write(1, "/", 1);469 write_status_byte('/');
445 return 0;
446}470}
447471
448int472int
@@ -467,7 +491,7 @@ isns_dsa_init_params(const char *filename)
467 isns_notice("Generating DSA parameters; this may take a while\n");491 isns_notice("Generating DSA parameters; this may take a while\n");
468#if OPENSSL_VERSION_NUMBER >= 0x10002000L492#if OPENSSL_VERSION_NUMBER >= 0x10002000L
469 cb = BN_GENCB_new();493 cb = BN_GENCB_new();
470 BN_GENCB_set(cb, (int (*)(int, int, BN_GENCB *)) isns_dsa_param_gen_callback, NULL);494 BN_GENCB_set_old(cb, (void (*)(int, int, void *)) isns_dsa_param_gen_callback, NULL);
471 dsa = DSA_new();495 dsa = DSA_new();
472 if (!DSA_generate_parameters_ex(dsa, dsa_key_bits, NULL, 0, NULL, NULL, cb)) {496 if (!DSA_generate_parameters_ex(dsa, dsa_key_bits, NULL, 0, NULL, NULL, cb)) {
473 DSA_free(dsa);497 DSA_free(dsa);
@@ -478,7 +502,7 @@ isns_dsa_init_params(const char *filename)
478 dsa = DSA_generate_parameters(dsa_key_bits, NULL, 0,502 dsa = DSA_generate_parameters(dsa_key_bits, NULL, 0,
479 NULL, NULL, isns_dsa_param_gen_callback, NULL);503 NULL, NULL, isns_dsa_param_gen_callback, NULL);
480#endif504#endif
481 write(1, "\n", 1);505 write_status_byte('\n');
482506
483 if (dsa == NULL) {507 if (dsa == NULL) {
484 isns_dsasig_report_errors("Error generating DSA parameters",508 isns_dsasig_report_errors("Error generating DSA parameters",
diff --git a/security.c b/security.c
index 673a26e..68eb779 100644
--- a/security.c
+++ b/security.c
@@ -408,32 +408,34 @@ isns_security_init(void)
408}408}
409409
410isns_keystore_t *410isns_keystore_t *
411isns_create_keystore(const char *spec)411isns_create_keystore(__attribute__((unused))const char *spec)
412{412{
413 isns_no_security();413 isns_no_security();
414 return NULL;414 return NULL;
415}415}
416416
417void417void
418isns_security_set_keystore(isns_security_t *ctx,418isns_security_set_keystore(__attribute__((unused))isns_security_t *ctx,
419 isns_keystore_t *ks)419 __attribute__((unused))isns_keystore_t *ks)
420{420{
421 isns_no_security();421 isns_no_security();
422}422}
423423
424void424void
425isns_principal_free(isns_principal_t *peer)425isns_principal_free(__attribute__((unused))isns_principal_t *peer)
426{426{
427}427}
428428
429isns_principal_t *429isns_principal_t *
430isns_get_principal(isns_security_t *ctx, const char *spi, size_t spi_len)430isns_get_principal(__attribute__((unused))isns_security_t *ctx,
431 __attribute__((unused))const char *spi,
432 __attribute__((unused))size_t spi_len)
431{433{
432 return NULL;434 return NULL;
433}435}
434436
435const char *437const char *
436isns_principal_name(const isns_principal_t *princ)438isns_principal_name(__attribute__((unused))const isns_principal_t *princ)
437{439{
438 return NULL;440 return NULL;
439}441}
diff --git a/socket.c b/socket.c
index da9f5dc..432a9bd 100644
--- a/socket.c
+++ b/socket.c
@@ -5,7 +5,7 @@
5 */5 */
66
7#include <sys/socket.h>7#include <sys/socket.h>
8#include <sys/poll.h>8#include <poll.h>
9#include <sys/time.h>9#include <sys/time.h>
10#include <sys/un.h>10#include <sys/un.h>
11#include <string.h>11#include <string.h>
@@ -322,8 +322,9 @@ failed:
322}322}
323#else /* WITH_SECURITY */323#else /* WITH_SECURITY */
324static int324static int
325isns_pdu_authenticate(isns_security_t *sec,325isns_pdu_authenticate(__attribute__((unused))isns_security_t *sec,
326 struct isns_partial_msg *msg, buf_t *bp)326 __attribute__((unused))struct isns_partial_msg *msg,
327 __attribute__((unused))buf_t *bp)
327{328{
328 return 0;329 return 0;
329}330}

Subscribers

People subscribed via source and target branches