Changes committed to git://oss.sgi.com/pcp/pcp.git nssmerge
configure | 154 ++++++++++++++
configure.in | 11 +
man/man1/pmcd.1 | 10
man/man3/pmnewcontext.3 | 7
qa/src/endian.c | 8
qa/src/pducheck.c | 7
src/include/builddefs.in | 1
src/include/pcp/impl.h | 57 +++--
src/include/pcp/pmapi.h | 9
src/libpcp/src/GNUmakefile | 3
src/libpcp/src/auxconnect.c | 443 +++++++++++++++++++++++++++----------------
src/libpcp/src/check-statics | 5
src/libpcp/src/connect.c | 62 ++++--
src/libpcp/src/context.c | 166 ++++++++--------
src/libpcp/src/ipc.c | 113 ++++++----
src/pmcd/src/config.c | 21 --
src/pmcd/src/dopdus.c | 19 +
src/pmcd/src/pmcd.c | 13 -
src/pmdas/linux_proc/pmda.c | 6
src/pmproxy/pmproxy.c | 1
src/python/pmapi.c | 6
21 files changed, 748 insertions(+), 374 deletions(-)
commit fbb2751b9abf816e04f402f8f74f648eeeed99da
Author: Nathan Scott <nathans@xxxxxxxxxx>
Date: Thu Dec 13 16:29:37 2012 +1100
Initial PCP protocol changes to support secure sockets layer (SSL)
This introduces several changes that prepare for the pmcd/client
protocol exchange to be optionally augmented with an SSL handshake
after the initial PCP handshake.
Enabling this requires several steps. Firstly, the PM_CTXFLAG concept
is reintroduced (which was dropped awhile ago from lack of interest).
The shallow/exclusive flags that were there are left alone, for back-
compat, and a new SECURE flag is added for use with HOST contexts. In
addition, in the future, pmParseHostSpec is likely to be extended with
pcp://... and pcps://... prefix extraction. Current intention is to
wait on deeper understanding of user authentication before that gets
tackled, however, for a more coherent naming strategy.
When a socket is established to pmcd, the first stage of the protocol
is to send an extended error PDU back to the client. This contains a
field that was previously always zeroed - this is now reclaimed to
hold "feature" flags. If pmcd is capable of doing SSL encryption, a
bit is set here indicating the presense of the feature (at least 15
other bits are also available for later features, at which point we
could also go with a larger "pduinfo" payload, I think).
All existing client tools ignore this bit, and are oblivious to the
fact that it changed from a zero to a one for pmcd binaries built with
this feature. For new clients who choose to take pmcd up on its offer
of encrypted communication, the credentials version PDU (which the
client sends back) has also been modified, in a similar way - it has a
previously-always-zero bit now set, which is used in pmcd to identify
client willingness to partake.
Early stages of the subsequent SSL exchange are in place, but there's
plenty of work to do in completing that (around setting up certificate
databases and so forth in pmcd).
A large part of this change is around reworking __pmDataIPC & friends
to be able to hold more than just a single pointer (it now also holds
an SSL fd, in addition to the existing NSPR). This is also expected to
grow in future. If NSS (--without-secure-sockets) is disables during
configure, the ipc table is now returned to its pre-NSS size too, an
unexpected little bonus.
commit a59094c30a016fbaa0b6ad4798d42052b93a01b4
Author: Nathan Scott <nathans@xxxxxxxxxx>
Date: Thu Dec 13 15:00:49 2012 +1100
Correct the units for three Linux proc.io metrics
commit 96978ae0c7f77715ec6561f25d1561107f06fc3c
Author: Nathan Scott <nathans@xxxxxxxxxx>
Date: Thu Dec 13 15:00:17 2012 +1100
Add configure/build support for linking with libssl
commit 7b7ee3829772c14838b500bfd133a7e501bd15bf
Author: Nathan Scott <nathans@xxxxxxxxxx>
Date: Thu Dec 13 14:52:41 2012 +1100
Reference a pmda example which still exists in pmcd man page
commit 738eb7aa5ac784345239719726367090a99683e5
Author: Nathan Scott <nathans@xxxxxxxxxx>
Date: Thu Dec 13 14:51:55 2012 +1100
Use most appropriate API in pducheck.c for host+port connect
|