Changes committed to git://oss.sgi.com/pcp/pcp.git dev
configure | 67 ++++++++--------
configure.in | 45 +++++------
qa/546 | 108 +++++++++++++++++++++++++++
qa/546.out | 45 +++++++++++
qa/group | 1
src/dbpmda/src/pmda.c | 2
src/include/pcp/platform_header.h.in | 10 +-
src/libpcp/src/access.c | 93 +++++++++++++----------
src/libpcp_pmda/src/open.c | 8 --
src/pmcd/src/config.c | 4 -
src/pmcd/src/dopdus.c | 9 +-
src/pmdas/linux_proc/GNUmakefile | 5 -
src/pmdas/linux_proc/contexts.c | 139 +++++++++++++++++++++++++++++++++++
src/pmdas/linux_proc/contexts.h | 44 +++++++++++
src/pmdas/linux_proc/pmda.c | 42 ++++------
src/pmdas/linux_proc/proc_pid.c | 6 -
16 files changed, 483 insertions(+), 145 deletions(-)
commit a096510f0905b99b714955ce0fcc9555befd9ea2
Author: Nathan Scott <nathans@xxxxxxxxxx>
Date: Wed Jun 12 18:45:36 2013 +1000
Implement per-context connection tracking in Linux process PMDA
Introduces knowledge of each connection, and its security attrs
(particularly uid and gid), in pmdaproc. This allows a suitably
configured pmcd process (with user/group ACLs) and authenticated
client connections to be able to retrieve sensitive information
for the specific authenticated user and not others. Without ACL
specification in pmcd.conf the behaviour is unchanged from today
(i.e. pmdaproc always runs as root and can access everything).
Exercised using dbpmda only so far, further automated testing to
follow in later commits.
commit 50d42cd83bc37b4a710a1526edbe6c12f63a0ec8
Author: Nathan Scott <nathans@xxxxxxxxxx>
Date: Wed Jun 12 14:04:14 2013 +1000
Correct the logic in pmcd around enabling user/group access controls
Needed to deal differently with the case where no ACLs are present, and
the case where ACLs are present but no account information is available
on the new clients connection. Also ensure the initial (wildcard) entry
has a default-restrictive set of permissions, not default-to-open.
Test case 546 added to exercise user/group ACL extensions to the pmcd
configuration file parsing (error handling cases in particular).
Finally, update several cases of direct uid/gid comparisons; need to use
the accessor methods if this is ever to work on non-POSIX platforms.
commit 0644708899cc6643ca42a00e2a478eca086a1c60
Author: Nathan Scott <nathans@xxxxxxxxxx>
Date: Wed Jun 12 09:18:46 2013 +1000
Update the unix domain sockets configure checking
It turns out that the current mingw headers (esp from the mingw64
project) define AF_UNIX, so testing for this is problematic. The
structure sockaddr_un is not defined however, so this makes for a
more appropriate test target.
Update the code that directly reference IS_MINGW and update error
messages accordingly.
|