From linux@rkirkpat.net Wed Dec 1 17:56:57 2010 Received: from saratoga.rkirkpat.net (saratoga.rkirkpat.net [206.196.156.29]) by underdog.stansell.org (8.14.4/8.14.4) with ESMTP id oB1Hupkb004548 for ; Wed, 1 Dec 2010 17:56:57 GMT Received: from magellan.rkirkpat.net (magellan.rkirkpat.net [192.168.7.3]) by saratoga.rkirkpat.net (Postfix) with ESMTP id 012DF71848 for ; Wed, 1 Dec 2010 10:56:51 -0700 (MST) Received: by magellan.rkirkpat.net (Postfix, from userid 1000) id B46939D411; Wed, 1 Dec 2010 10:56:50 -0700 (MST) Received: from localhost (localhost [127.0.0.1]) by magellan.rkirkpat.net (Postfix) with ESMTP id AA98413ADF for ; Wed, 1 Dec 2010 10:56:50 -0700 (MST) Date: Wed, 1 Dec 2010 10:56:50 -0700 (MST) From: Ryan Kirkpatrick X-Sender: rkirkpat@magellan.rkirkpat.net To: users@conserver.com Subject: Slow PAM Authentication with Conserver... Message-ID: MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="-1463811321-517940517-1291226201=:19717" Content-ID: X-Spam-Score: 3.369 (***) BAYES_40,FH_DATE_PAST_20XX X-Scanned-By: MIMEDefang 2.67 on 209.182.219.30 X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.12 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Dec 2010 17:56:57 -0000 This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. Send mail to mime@docserver.cac.washington.edu for more info. ---1463811321-517940517-1291226201=:19717 Content-Type: TEXT/PLAIN; CHARSET=US-ASCII Content-ID: I have encountered a problem in using PAM authentication with Conserver. If I run the 'console' client from a (non-trusted) system, then console prompts for a password, as expected, and connects me to the console. That works, but before the password prompt there is a significant delay (2-4 seconds). And if the client is redirected to another conserver, there is another delay before the console is connected. Additionally, one gets their syslogs filled with these false positives: Nov 26 17:18:40 excelsior0 conserver: (pam_unix) authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=IHaveNoIdeaHowIGotHere user=rkirkpat After some debugging and code tracing, it looks like the client does not prompt for a password until asked for one by the server. And the server does not ask for one until it tries and fails to do PAM authentication with an empty password. Of course, when PAM auth fails, PAM causes a syslog entry and a timeout, and hence the reason for the delay described above. Seems to me that when conserver receives a connection from a non-trusted host it should simply ask for a password first before trying any PAM authentication. But I don't know what impact that would have on the rest of the authentiation logic. Therefore, my quick fix was simply to skip trying to do PAM auth with empty passwords in conserver/group.c:CheckPass(), as per the attached patch. Now connecting to a console with a password and PAM authentication is as quick as without (e.g., from a trusted host). This is probably not the best way to fix this problem, but it is a problem that should be fixed. --------------------------------------------------------------------------- | "For to me to live is Christ, and to die is gain." --- Phil. 1:21 (KJV) | --------------------------------------------------------------------------- | Ryan Kirkpatrick | Boulder, CO | rkirkpat.net | twitter.com/rkirkpatnet | --------------------------------------------------------------------------- ---1463811321-517940517-1291226201=:19717 Content-Type: TEXT/PLAIN; NAME="conserver-pam-auth.diff" Content-Transfer-Encoding: BASE64 Content-ID: Content-Description: Content-Disposition: ATTACHMENT; FILENAME="conserver-pam-auth.diff" ZGlmZiAtdU5yIGNvbnNlcnZlci04LjEuMTQvY29uc2VydmVyL2dyb3VwLmMg Y29uc2VydmVyLTguMS4xNC1ya24xL2NvbnNlcnZlci9ncm91cC5jDQotLS0g Y29uc2VydmVyLTguMS4xNC9jb25zZXJ2ZXIvZ3JvdXAuYwkyMDA2LTA0LTA3 IDA5OjQ3OjIwLjAwMDAwMDAwMCAtMDYwMA0KKysrIGNvbnNlcnZlci04LjEu MTQtcmtuMS9jb25zZXJ2ZXIvZ3JvdXAuYwkyMDEwLTExLTI2IDE3OjE2OjU3 LjAwMDAwMDAwMCAtMDcwMA0KQEAgLTc2Niw2ICs3NjYsOSBAQA0KICAgICBj b252LmNvbnYgPSAmUXVpZXRDb252Ow0KICAgICBjb252LmFwcGRhdGFfcHRy ID0gKHZvaWQgKikmYXBwZGF0YTsNCiANCisgICAgaWYgKHN0cmxlbihwY1dv cmQpID09IDApDQorICAgICAgcmV0dXJuIEFVVEhfSU5WQUxJRDsNCisgICAN CiAgICAgQ09ORERFQlVHKCgxLCAiQ2hlY2tQYXNzKCk6IHBhbV9zdGFydChj b25zZXJ2ZXIsJXMsLi4uKSIsIHBjVXNlcikpOw0KICAgICBwYW1fZXJyb3Ig PSBwYW1fc3RhcnQoImNvbnNlcnZlciIsIHBjVXNlciwgJmNvbnYsICZwYW1o KTsNCg== ---1463811321-517940517-1291226201=:19717-- From lsc@prgmr.com Thu Dec 9 07:07:07 2010 Received: from luke.xen.prgmr.com (luke.xen.prgmr.com [38.99.2.47]) by underdog.stansell.org (8.14.4/8.14.4) with ESMTP id oB97716w011511 for ; Thu, 9 Dec 2010 07:07:07 GMT Received: by luke.xen.prgmr.com (Postfix, from userid 500) id 7E546105347; Thu, 9 Dec 2010 02:07:00 -0500 (EST) To: users@conserver.com Subject: On the wisdom of using conserver in a multi-tenant environment From: Luke S Crawford Date: 09 Dec 2010 02:06:59 -0500 Message-ID: Lines: 9 User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.4 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Score: 3.555 (***) BAYES_50,FH_DATE_PAST_20XX X-Scanned-By: MIMEDefang 2.67 on 209.182.219.30 X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.12 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Dec 2010 07:07:07 -0000 Hi, I'm about to launch a standardized co-location package that includes serial console access. My current plan is to use conserver fronting cyclades TS-3000 boxes to provide access to the serial ports. The thing of it is, I'll have mutually untrusted users accessing different ports on the same conserver box (which will access different ports on the same ts-3000) Is anyone else doing this? Are there any obvious gotchas? From Andras.Horvath@cern.ch Thu Dec 9 10:22:22 2010 Received: from CERNMX30.cern.ch (cernmx30.cern.ch [137.138.144.177]) by underdog.stansell.org (8.14.4/8.14.4) with ESMTP id oB9AME68001176 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL) for ; Thu, 9 Dec 2010 10:22:21 GMT Received: from CERNFE22.cern.ch (137.138.144.151) by cernmxgwlb2.cern.ch (137.138.144.177) with Microsoft SMTP Server (TLS) id 14.1.218.12; Thu, 9 Dec 2010 11:22:09 +0100 Received: from [137.138.33.142] (137.138.33.142) by smtp.cern.ch (137.138.144.172) with Microsoft SMTP Server (TLS) id 14.1.255.0; Thu, 9 Dec 2010 11:22:09 +0100 Message-ID: <4D00ADD0.8030807@cern.ch> Date: Thu, 9 Dec 2010 11:22:08 +0100 From: Andras HORVATH User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.15) Gecko/20101027 Lightning/1.0b1 Thunderbird/3.0.10 MIME-Version: 1.0 To: Subject: Re: On the wisdom of using conserver in a multi-tenant environment References: In-Reply-To: X-Enigmail-Version: 1.0.1 Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit X-Originating-IP: [137.138.33.142] Keywords: CERN SpamKiller Note: -50 X-Spam-Score: 1.242 (*) BAYES_00,FH_DATE_PAST_20XX X-Scanned-By: MIMEDefang 2.67 on 209.182.219.30 X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.12 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Dec 2010 10:22:22 -0000 > Is anyone else doing this? Are there any obvious gotchas? I have some mutually untrusted users:) One advice: don't put passwords in conserver.cf, users can display that via 'console'. Andras -- Andras HORVATH Systems engineer, CERN CF FPP Tel: +41 22 767 4290 // Fax: +41 22 766 9154 From bryan@conserver.com Fri Dec 10 16:56:47 2010 Received: from [10.48.20.248] (166-205-136-038.mobile.mymmode.com [166.205.136.38] (may be forged)) (authenticated bits=0) by underdog.stansell.org (8.14.4/8.14.4) with ESMTP id oBAGuisW009191 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Fri, 10 Dec 2010 16:56:46 GMT References: In-Reply-To: Mime-Version: 1.0 (iPhone Mail 8C148) Content-Type: text/plain; charset=us-ascii Message-Id: X-Mailer: iPhone Mail (8C148) From: Bryan Stansell Subject: Re: On the wisdom of using conserver in a multi-tenant environment Date: Fri, 10 Dec 2010 08:56:38 -0800 To: Luke S Crawford X-Spam-Score: 2.842 (**) BAYES_00, FH_DATE_PAST_20XX, MIME_QP_LONG_LINE, RDNS_NONE X-Scanned-By: MIMEDefang 2.67 on 209.182.219.30 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by underdog.stansell.org id oBAGuisW009191 Cc: "users@conserver.com" X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.12 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Dec 2010 16:56:47 -0000 There's also a "limited" access type for restricting what users can do, which might help. It was added for a setup where a user logs into the conserver host and their shell is a script that invokes console with the appropriate console name. That could be a program that lets them chose their console too, if there are multiple. If they have a full shell on the host, then this probably doesn't matter as much. Just figured I'd highlight the option. (and sorry for the blank email luke - goofed up) Bryan On Dec 8, 2010, at 11:06 PM, Luke S Crawford wrote: > > Hi, I'm about to launch a standardized co-location package that > includes serial console access. My current plan is to use conserver > fronting cyclades TS-3000 boxes to provide access to the serial ports. > The thing of it is, I'll have mutually untrusted users accessing > different ports on the same conserver box (which will access different > ports on the same ts-3000) > > Is anyone else doing this? Are there any obvious gotchas? > _______________________________________________ > users mailing list > users@conserver.com > https://www.conserver.com/mailman/listinfo/users From lsc@prgmr.com Fri Dec 10 19:02:56 2010 Received: from luke.xen.prgmr.com (luke.xen.prgmr.com [38.99.2.47]) by underdog.stansell.org (8.14.4/8.14.4) with ESMTP id oBAJ2onB013210; Fri, 10 Dec 2010 19:02:56 GMT Received: by luke.xen.prgmr.com (Postfix, from userid 500) id 85FF1105347; Fri, 10 Dec 2010 14:02:49 -0500 (EST) To: Bryan Stansell Subject: Re: On the wisdom of using conserver in a multi-tenant environment References: From: Luke S Crawford Date: 10 Dec 2010 14:02:48 -0500 In-Reply-To: Message-ID: Lines: 39 User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.4 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Score: 1.242 (*) BAYES_00,FH_DATE_PAST_20XX X-Scanned-By: MIMEDefang 2.67 on 209.182.219.30 Cc: "users@conserver.com" X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.12 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Dec 2010 19:02:56 -0000 Bryan Stansell writes: > There's also a "limited" access type for restricting what users can do, which might help. It was added for a setup where a user logs into the conserver host and their shell is a script that invokes console with the appropriate console name. That could be a program that lets them chose their console too, if there are multiple. That sounds like part of what I need. In the past I just used a FreeBSD box with the proper 'cu' command line in the 'forced command' field of the authorized_keys file. My xen hosts do something similar only it goes to a script that allows you to reboot your xen server or see the console. The problem is that this requires (very limited) ssh access to the dom0 from the public 'net, which is something I'd rather avoid. As xen provides me with a pty for each guest, I could probably make conserver also handle my xen guests, with a central conserver connecting to slave conservers on each dom0 (or alternately having a guest running conserver on each dom0 that connects to the dom0 conserver over a private network) My worry, of course, with centralizing my console server is that I'll be creating a single server that, if compromised, will give an attacker a toehold on all my customer's boxes. One thought I had was to separate out the systems used for the serial console and for the rebooter on to different systems (authenticated with public key, of course, so the user can use the same token to authenticate both places, but also so that if the attacker compromises one system s/he can't use that as a toehold to compromise the other.) My thought is that if magicsysrq is disabled, even if someone compromises my console system, they can only break into the systems with weak passwords (or people who log in) - the idea being that if I notice the compromise quickly, I may only have a few customers compromised. If the rebooter system is compromised and not the console system, the attacker can reboot stuff or even turn everyone off, but without also having access to the console system, this wouldn't allow them to compromise data. From chris@marget.com Fri Dec 10 19:21:13 2010 Received: from mail-vw0-f50.google.com (mail-vw0-f50.google.com [209.85.212.50]) by underdog.stansell.org (8.14.4/8.14.4) with ESMTP id oBAJL7sa013517 for ; Fri, 10 Dec 2010 19:21:13 GMT Received: by vws14 with SMTP id 14so2433965vws.9 for ; Fri, 10 Dec 2010 11:21:06 -0800 (PST) MIME-Version: 1.0 Received: by 10.229.236.14 with SMTP id ki14mr1021541qcb.5.1292008866459; Fri, 10 Dec 2010 11:21:06 -0800 (PST) Received: by 10.220.180.205 with HTTP; Fri, 10 Dec 2010 11:21:06 -0800 (PST) X-Originating-IP: [68.189.248.83] In-Reply-To: References: Date: Fri, 10 Dec 2010 14:21:06 -0500 Message-ID: Subject: Re: On the wisdom of using conserver in a multi-tenant environment From: Chris Marget Cc: "users@conserver.com" Content-Type: text/plain; charset=ISO-8859-1 X-Spam-Score: 3.369 (***) BAYES_40,FH_DATE_PAST_20XX X-Scanned-By: MIMEDefang 2.67 on 209.182.219.30 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by underdog.stansell.org id oBAJL7sa013517 X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.12 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Dec 2010 19:21:13 -0000 bryan@conserver.com wrote: > There's also a "limited" access type for restricting what users can do, which might help. It was added for a setup where a user logs into the conserver host and their shell is a script that invokes console with the appropriate console name. That could be a program that lets them chose their console too, if there are multiple. Luke, thank you for starting this thread. I apologize for the hijack. Bryan, thank you for mentioning the "limited" switch. Somehow I hadn't noticed it before. I'm headed down a similar road where I'd like to deploy a solution in which users telnet to the conserver host and find themselves connected to a serial console on a terminal server somewhere. Basically, the conserver host will be nothing more than a mux for several terminal server appliances. Each physical serial port appears on a different TCP port on the conserver box. Telnet because I can give the users a telnet URL that can be reasonably expected to work, and because I'm not concerned about securing the user's session. The users won't have shell access, and I don't want to require them to have anything beyond a standard telnet client. I'd been thinking about using inetd to start 'console'. ...Probably in a chroot jail, and probably with each bunch of consoles running under different user ids. iptables will make sure that customers can only connect to tcp ports associated with their devices. Is this sane? How can I improve on the plan? Thank you! /chris From mouse@yandex-team.ru Mon Dec 13 19:31:17 2010 Received: from elephant.yandex.ru (elephant.yandex.ru [77.88.34.7]) by underdog.stansell.org (8.14.4/8.14.4) with ESMTP id oBDJV8nl024834 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Mon, 13 Dec 2010 19:31:16 GMT Received: from [95.108.170.183] (dhcp170-183-red.yandex.net [95.108.170.183]) by elephant.yandex.ru (Postfix) with ESMTP id 1EA001A8190B for ; Mon, 13 Dec 2010 22:31:07 +0300 (MSK) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex-team.ru; s=default; t=1292268667; bh=9tJqwMzGcL/iyP6vsLGWAVa7JZAIz7xbJ9C0rElFLas=; h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type; b=wUqbKCboAp7gDPMQVPlqgck8f1RHIhWJ7omafmUbr0YuOJi4fWIuHH6vicm46OwD+ XX7CV6oT3wqrNN1Ia/fXlAORcoIACAslFTbnHxQXpdWFQeAg/t3Cg8hOSHCAKk8dj3 ztK1CblLp7WyhcBrJ5Nm7roWnT+u7dG050irXTz4= Message-ID: <4D067477.3020905@yandex-team.ru> Date: Mon, 13 Dec 2010 22:31:03 +0300 From: "Anton D. Kachalov" User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.13) Gecko/20101208 Thunderbird/3.1.7 MIME-Version: 1.0 To: users@conserver.com Subject: [PATCH] FreeIPMI support, multi masters and multi-line comments Content-Type: multipart/mixed; boundary="------------070601050809060006030008" X-Spam-Score: 3.369 (***) BAYES_40,FH_DATE_PAST_20XX X-Scanned-By: MIMEDefang 2.67 on 209.182.219.30 X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.12 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Dec 2010 19:31:17 -0000 This is a multi-part message in MIME format. --------------070601050809060006030008 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Good day. I prepared a patch that introduces support for: 1. FreeIPMI with new config keywords: "username", "password", "interface" ("lanplus" value only) and "workaround" flags ("payloadsize" flag only). Currently tested with SM X8DTU-F and Asus Z8NR-D12. 2. Multi masters. To use the same configuration file across the numbers of conservers. 3. Multi-line comments in a C-way: /* ... */ 4. Basic support for `clientSSLSocket' to operate over secured channel with remote console. -- Anton D. Kachalov ITO, System Administrator --------------070601050809060006030008 Content-Type: text/x-patch; name="yaconserver-8.1.18-mouse-freeipmi-multilinecomment-multimaster.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename*0="yaconserver-8.1.18-mouse-freeipmi-multilinecomment-multimast"; filename*1="er.patch" diff --git a/autologin/Makefile b/autologin/Makefile index 9827045..b4ea74a 100644 diff --git a/compat.h b/compat.h index fe49bf0..686f5e3 100644 --- a/compat.h +++ b/compat.h @@ -331,3 +331,7 @@ typedef int socklen_t; #if HAVE_DMALLOC #include #endif + +#if HAVE_FREEIPMI +#include +#endif diff --git a/config.h.in b/config.h.in index bac39de..6c99f1f 100644 --- a/config.h.in +++ b/config.h.in @@ -33,6 +33,9 @@ /* have dmalloc support */ #undef HAVE_DMALLOC +/* have freeipmi support */ +#undef HAVE_FREEIPMI + /* Define to 1 if you have the `getaudit' function. */ #undef HAVE_GETAUDIT @@ -315,6 +318,9 @@ /* Define to the one symbol short name of this package. */ #undef PACKAGE_TARNAME +/* Define to the home page for this package. */ +#undef PACKAGE_URL + /* Define to the version of this package. */ #undef PACKAGE_VERSION diff --git a/configure b/configure index f0a003a..6a54edb 100755 diff --git a/configure.in b/configure.in index f4e667a..181cd61 100644 --- a/configure.in +++ b/configure.in @@ -15,6 +15,7 @@ dnl AH_TEMPLATE([HAVE_POSIX_REGCOMP], [have POSIX regcomp]) AH_TEMPLATE([HAVE_PAM], [have PAM support]) AH_TEMPLATE([HAVE_OPENSSL], [have openssl support]) AH_TEMPLATE([HAVE_GSSAPI], [have gss-api support]) +AH_TEMPLATE([HAVE_FREEIPMI], [have freeipmi support]) AH_TEMPLATE([STRIP_REALM], [retry username without @REALM with gss-api authentication]) AH_TEMPLATE([HAVE_DMALLOC], [have dmalloc support]) AH_TEMPLATE([HAVE_SA_LEN],[Defined if sa_len member exists in struct sockaddr]) @@ -578,6 +579,50 @@ AC_ARG_WITH(gssapi, fi] ) +cons_with_freeipmi="NO" +AC_ARG_WITH(freeipmi, + AS_HELP_STRING([--with-freeipmi@<:@=PATH@:>@], + [Compile in FreeIPMI support]), + [if test "$withval" != "no"; then + if test "$withval" != "yes"; then + FREEIPMICPPFLAGS="-I$withval/include" + if test "$use_dash_r" != "yes"; then + FREEIPMILDFLAGS="-L$withval/lib" + else + FREEIPMIDFLAGS="-L$withval/lib -R$withval/lib" + fi + else + FREEIPMICPPFLAGS="" + FREEIPMILDFLAGS="" + fi + + oCPPFLAGS="$CPPFLAGS" + oLDFLAGS="$LDFLAGS" + oLIBS="$LIBS" + have_freeipmi=no + + CPPFLAGS="$CPPFLAGS $FREEIPMICPPFLAGS" + LDFLAGS="$LDFLAGS $FREEIPMILDFLAGS" + + AC_CHECK_HEADER([ipmiconsole.h], + [LIBS="$LIBS -lipmiconsole" + AC_MSG_CHECKING(for freeipmi libraries -lipmiconsole) + AC_TRY_LINK([#include + ],[ipmiconsole_ctx_fd(0)], + [AC_MSG_RESULT(yes) + cons_with_freeipmi="YES" + AC_DEFINE(HAVE_FREEIPMI) + have_freeipmi=yes], + [AC_MSG_RESULT(no)])],) + + if test $have_freeipmi = no; then + LIBS="$oLIBS" + CPPFLAGS="$oCPPFLAGS" + LDFLAGS="$oLDFLAGS" + fi + fi] +) + cons_with_dmalloc="NO" AC_ARG_WITH(dmalloc, AS_HELP_STRING([--with-dmalloc@<:@=PATH@:>@], @@ -737,6 +782,7 @@ echo " Unix domain sockets (--with-uds) : $cons_with_uds" echo " TCP wrappers (--with-libwrap) : $cons_with_libwrap" echo " OpenSSL (--with-openssl) : $cons_with_openssl" echo " GSS-API (--with-gssapi) : $cons_with_gssapi" +echo " FreeIPMI (--with-freeipmi) : $cons_with_freeipmi" if [ $cons_with_gssapi = "YES" ]; then echo " strip @REALM (--with-striprealm): $cons_strip_realm" fi diff --git a/conserver/consent.c b/conserver/consent.c index ca3161d..65e90cf 100644 --- a/conserver/consent.c +++ b/conserver/consent.c @@ -339,6 +339,48 @@ StopInit(pCE) } } +ipmiconsole_ctx_t +#if PROTOTYPES +IpmiSOLCreate(CONSENT *pCE) +#else +IpmiSOLCreate(pCE) + CONSENT *pCE; +#endif +{ + ipmiconsole_ctx_t ctx; + struct ipmiconsole_ipmi_config ipmi; + struct ipmiconsole_protocol_config protocol; + struct ipmiconsole_engine_config engine; + + if (ipmiconsole_engine_init(1, 0) < 0) + return 0; + + ipmi.username = pCE->username; + ipmi.password = pCE->password; + ipmi.k_g = NULL; + ipmi.k_g_len = 0; + ipmi.privilege_level = -1; + ipmi.cipher_suite_id = -1; + ipmi.workaround_flags = pCE->ipmi_wrndflags; + + protocol.session_timeout_len = -1; + + protocol.retransmission_timeout_len = -1; + protocol.retransmission_backoff_count = -1; + protocol.keepalive_timeout_len = -1; + protocol.retransmission_keepalive_timeout_len = -1; + protocol.acceptable_packet_errors_count = -1; + protocol.maximum_retransmission_count = -1; + + engine.engine_flags = 0; + engine.behavior_flags = 0; + engine.debug_flags = 0; + + ctx = ipmiconsole_ctx_create(pCE->host, &ipmi, &protocol, &engine); + + return ctx; +} + /* invoke the initcmd command */ void #if PROTOTYPES @@ -1032,6 +1074,62 @@ ConsInit(pCE) TtyDev(pCE); pCE->ioState = ISNORMAL; break; + + case IPMI: + switch (pCE->intftype) { +#if HAVE_FREEIPMI + case IPMIF_LANPLUS: + if (!(pCE->ipmi_ctx = IpmiSOLCreate(pCE))) { + Error("[%s] Could not create IPMI context: forcing down", + pCE->server); + goto ipmi_sol_error; + } + + if (ipmiconsole_engine_submit_block(pCE->ipmi_ctx) < 0) { + Error("[%s] Could not connect to IPMI host `%s': forcing down", + pCE->server, pCE->host); + goto ipmi_sol_destroy; + } + + if (ipmiconsole_ctx_status(pCE->ipmi_ctx) != + IPMICONSOLE_CTX_STATUS_SOL_ESTABLISHED) { + Error("[%s] Could not establish SOL connection: forcing down", + pCE->server); + goto ipmi_sol_destroy; + } + + cofile = ipmiconsole_ctx_fd(pCE->ipmi_ctx); + if (!SetFlags(cofile, O_NONBLOCK, 0)) { + goto ipmi_sol_destroy; + } + + if ((pCE->cofile = + FileOpenFD(cofile, simpleFile)) == (CONSFILE *)0) { + Error("[%s] FileOpenFD(simpleFile) failed: forcing down", + pCE->server); + goto ipmi_sol_destroy; + } + + pCE->ioState = ISNORMAL; + pCE->stateTimer = 0; + pCE->fup = 1; + break; +ipmi_sol_destroy: + ipmiconsole_ctx_destroy(pCE->ipmi_ctx); +ipmi_sol_error: + ConsDown(pCE, FLAGTRUE, FLAGTRUE); + return; +#endif + default: + Error("[%s] unknown IPMI interface type (%d): forcing down", + pCE->server, pCE->intftype); + ConsDown(pCE, FLAGTRUE, FLAGTRUE); + return; + } + /* + ipmi_intf_session_set_sol_escape_char(pCE->intf, SOL_ESCAPE_CHARACTER_DEFAULT); + */ + break; } if (!pCE->fup) { @@ -1050,6 +1148,9 @@ ConsInit(pCE) Verbose("[%s] port %hu on %s", pCE->server, pCE->netport, pCE->host); break; + case IPMI: + Verbose("[%s] on %s", pCE->server); + break; case NOOP: Verbose("[%s] noop", pCE->server); break; diff --git a/conserver/consent.h b/conserver/consent.h index dec5f52..51e8cf6 100644 --- a/conserver/consent.h +++ b/conserver/consent.h @@ -57,9 +57,14 @@ typedef enum consType { EXEC, HOST, NOOP, - UDS + UDS, + IPMI } CONSTYPE; +typedef enum ipmiIntf { + IPMIF_LANPLUS = 0 +} IPMIF; + typedef struct names { char *name; struct names *next; @@ -92,6 +97,16 @@ typedef struct consent { /* console information */ #if defined(CRTSCTS) FLAG crtscts; /* use hardware flow control */ #endif + FLAG secured; +#if HAVE_OPENSSL + SSL_CTX *ssl_ctx; +#endif + /* type == IPMI */ + IPMIF intftype; /* IPMI interface type */ + ipmiconsole_ctx_t ipmi_ctx; /* IPMI ctx */ + int ipmi_wrndflags; /* IPMI workaround flags */ + char *username; /* Username to log as */ + char *password; /* Login Password */ /* type == HOST */ char *host; /* hostname */ unsigned short netport; /* final port | netport = portbase + */ diff --git a/conserver/cutil.c b/conserver/cutil.c index 7a51aee..676dabf 100644 --- a/conserver/cutil.c +++ b/conserver/cutil.c @@ -860,6 +860,7 @@ FileUnopen(cfp) break; #if HAVE_OPENSSL case SSLSocket: + case clientSSLSocket: retval = -1; break; #endif @@ -1000,6 +1001,7 @@ FileClose(pcfp) break; #if HAVE_OPENSSL case SSLSocket: + case clientSSLSocket: CONDDEBUG((2, "FileClose(): performing a SSL_shutdown() on fd %d", cfp->fd)); @@ -1084,6 +1086,7 @@ FileRead(cfp, buf, len) break; #if HAVE_OPENSSL case SSLSocket: + case clientSSLSocket: if (cfp->waitForWrite == FLAGTRUE) { cfp->waitForWrite = FLAGFALSE; if (cfp->wbuf->used <= 1) @@ -1283,6 +1286,7 @@ FileWrite(cfp, bufferonly, buf, len) break; #if HAVE_OPENSSL case SSLSocket: + case clientSSLSocket: if (cfp->waitForRead == FLAGTRUE) cfp->waitForRead = FLAGFALSE; while (len > 0) { @@ -1781,6 +1785,7 @@ FileStat(cfp, buf) break; #if HAVE_OPENSSL case SSLSocket: + case clientSSLSocket: retval = -1; break; #endif @@ -1823,6 +1828,7 @@ FileSeek(cfp, offset, whence) break; #if HAVE_OPENSSL case SSLSocket: + case clientSSLSocket: retval = -1; break; #endif @@ -1863,6 +1869,7 @@ FileFDNum(cfp) break; #if HAVE_OPENSSL case SSLSocket: + case clientSSLSocket: retval = cfp->fd; break; #endif @@ -1908,6 +1915,8 @@ FileGetType(cfp) #if HAVE_OPENSSL case SSLSocket: return SSLSocket; + case clientSSLSocket: + return clientSSLSocket; #endif default: return nothing; @@ -2122,6 +2131,7 @@ FileSend(cfp, msg, len, flags) break; #if HAVE_OPENSSL case SSLSocket: + case clientSSLSocket: retval = send(fdout, msg, len, flags); break; #endif @@ -2390,9 +2400,38 @@ ProbeInterfaces(bindAddr) int #if PROTOTYPES -IsMe(char *id) +IsMe(char *ids) #else -IsMe(id) +IsMe(ids) + char *ids; +#endif +{ + int rc; + char *id; + char *str; + + rc = 0; + str = strdup(ids); + for (; ; str = NULL) { + id = strtok(str, ","); + if (id == NULL) + break; + if (*id == '\0') + continue; + if (IsMeOne(id)) { + rc = 1; + break; + } + } + free(str); + return rc; +} + +int +#if PROTOTYPES +IsMeOne(char *id) +#else +IsMeOne(id) char *id; #endif { @@ -2726,7 +2765,7 @@ GetWord(fp, line, spaceok, word) if (checkInc == -2) checkInc = -1; } - if (comment) { + if (comment == 1) { if (c == '\n') comment = 0; if (checkInc >= 0) { @@ -2762,6 +2801,20 @@ GetWord(fp, line, spaceok, word) } } continue; + } else if (comment == 2) { + if (c == '*') { + comment = 3; + continue; + } + comment = 0; + BuildStringChar('/', word); + } else if (comment == 3) { + if (c == '*') + comment = 4; + continue; + } else if (comment == 4) { + comment = c == '/' ? 0 : 3; + continue; } if (backslash) { BuildStringChar(c, word); @@ -2793,6 +2846,9 @@ GetWord(fp, line, spaceok, word) comment = 1; if (checkInc == -1) checkInc = 0; + } else if (c == '/') { + comment = 2; + continue; } else if (c == '"') { quote = 1; sawQuote = 1; diff --git a/conserver/cutil.h b/conserver/cutil.h index 51a429b..8476bc9 100644 --- a/conserver/cutil.h +++ b/conserver/cutil.h @@ -37,6 +37,7 @@ enum consFileType { simplePipe, #if HAVE_OPENSSL SSLSocket, + clientSSLSocket, #endif nothing }; @@ -192,6 +193,7 @@ extern FLAG FileSawQuoteGoto PARAMS((CONSFILE *)); extern void Bye PARAMS((int)); extern void DestroyDataStructures PARAMS((void)); extern int IsMe PARAMS((char *)); +extern int IsMeOne PARAMS((char *)); extern char *PruneSpace PARAMS((char *)); extern int FileCanRead PARAMS((CONSFILE *, fd_set *, fd_set *)); extern int FileCanWrite PARAMS((CONSFILE *, fd_set *, fd_set *)); diff --git a/conserver/group.c b/conserver/group.c index e5d396f..017c78b 100644 --- a/conserver/group.c +++ b/conserver/group.c @@ -1866,6 +1866,68 @@ SendBreak(pCLServing, pCEServing, bt) #if HAVE_OPENSSL int #if PROTOTYPES +AttemptClientSSL(CONSENT *pCE) +#else +AttemptClientSSL(pCE) + CONSENT *pCE; +#endif +{ + int ret; + SSL *ssl; + + if ((ssl = FileGetSSL(pCE->cofile)) == NULL) { + pCE->ssl_ctx = SSL_CTX_new(SSLv23_client_method()); + if (pCE->ssl_ctx == (SSL_CTX *)0) { + Error + ("[%s] SSL_CTX_new() failed: forcing down", + pCE->server); + return 0; + } + SSL_CTX_set_default_verify_paths(pCE->ssl_ctx); + + /* SSL_VERIFY_NONE instructs OpenSSL not to abort SSL_connect if the + certificate is invalid. We verify the certificate separately in + ssl_check_certificate, which provides much better diagnostics + than examining the error stack after a failed SSL_connect. */ + SSL_CTX_set_verify (pCE->ssl_ctx, SSL_VERIFY_NONE, NULL); + + /* Since fd_write unconditionally assumes partial writes (and + handles them correctly), allow them in OpenSSL. */ + SSL_CTX_set_mode(pCE->ssl_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE); + + /* The OpenSSL library can handle renegotiations automatically, so + tell it to do so. */ + SSL_CTX_set_mode(pCE->ssl_ctx, SSL_MODE_AUTO_RETRY); + + ssl = SSL_new(pCE->ssl_ctx); + if (ssl == (SSL *)0) { + Error + ("[%s] SSL_new() failed: forcing down", + pCE->server); + return 0; + } + + FileSetSSL(pCE->cofile, ssl); + SSL_set_fd(ssl, FileFDNum(pCE->cofile)); + SSL_set_connect_state(ssl); + } + + if ((ret = SSL_connect(ssl)) <= 0) { + ret = SSL_get_error(ssl, ret); + if (ret != SSL_ERROR_WANT_READ && ret != SSL_ERROR_WANT_READ) { + Error + ("[%s] SSL_connect(%d): %d failed: forcing down", + pCE->server, FileFDNum(pCE->cofile), ret); + return 0; + } + return -ret; + } + + return 1; +} + +int +#if PROTOTYPES AttemptSSL(CONSCLIENT *pCL) #else AttemptSSL(pCL) @@ -2167,6 +2229,11 @@ CommandExamine(pGE, pCLServing, pCEServing, tyme, args) b = pCE->baud->acrate; p = pCE->parity->key[0]; break; + case IPMI: + d = BuildTmpStringPrint("%s", pCE->host); + b = "IPMI"; + p = ' '; + break; case HOST: d = BuildTmpStringPrint("%s/%hu", pCE->host, pCE->netport); b = "Netwk"; @@ -2357,6 +2424,11 @@ CommandInfo(pGE, pCLServing, pCEServing, tyme, args) (unsigned long)pCE->ipid, pCE->execSlave, FileFDNum(pCE->cofile)); break; + case IPMI: + FilePrint(pCLServing->fd, FLAGTRUE, "!:%s,%hu", + pCE->host, + FileFDNum(pCE->cofile)); + break; case HOST: FilePrint(pCLServing->fd, FLAGTRUE, "!:%s,%hu,%s,%d:", pCE->host, pCE->netport, @@ -2613,6 +2685,7 @@ DoConsoleRead(pCEServing) FD_CLR(cofile, &winit); return; } + /* read terminal line */ if ((nr = FileRead(pCEServing->cofile, acInOrig, sizeof(acInOrig))) < 0) { @@ -4610,6 +4683,27 @@ Kiddie(pGE, sfd) int flags = 0; int cofile = FileFDNum(pCEServing->cofile); slen = sizeof(flags); + +#if HAVE_OPENSSL + if (pCEServing->secured == FLAGTRUE) { + int r; + char buf[10]; + r = AttemptClientSSL(pCEServing); + if (r == 0) { + Error + ("[%s] AttemptClientSSL(%d) failed: forcing down", + pCEServing->server, FileFDNum(pCEServing->cofile)); + /* no ConsoleError() for same reason as above */ + SendIWaitClientsMsg(pCEServing, "down]\r\n"); + ConsDown(pCEServing, FLAGTRUE, FLAGTRUE); + break; + } else if (r == -SSL_ERROR_WANT_READ || r == -SSL_ERROR_WANT_WRITE) { + /* Data not ready yet in NON_BLOCKing mode */ + continue; + } + } +#endif + /* So, getsockopt seems to return -1 if there is * something interesting in SO_ERROR under * solaris...sheesh. So, the error message has diff --git a/conserver/group.h b/conserver/group.h index 3bda519..e23d8c3 100644 --- a/conserver/group.h +++ b/conserver/group.h @@ -85,4 +85,5 @@ extern void ClientWantsWrite PARAMS((CONSCLIENT *)); extern void SendIWaitClientsMsg PARAMS((CONSENT *, char *)); #if HAVE_OPENSSL extern int AttemptSSL PARAMS((CONSCLIENT *)); +extern int AttemptClientSSL PARAMS((CONSENT *)); #endif diff --git a/conserver/main.c b/conserver/main.c index 50cdf41..58a3134 100644 --- a/conserver/main.c +++ b/conserver/main.c @@ -945,6 +945,14 @@ DumpDataStructures() pCE->execuid, pCE->execgid)); break; + case IPMI: + CONDDEBUG((1, + "DumpDataStructures(): server=%s, type=IPMI", + EMPTYSTR(pCE->server))); + CONDDEBUG((1, + "DumpDataStructures(): host=%s", + EMPTYSTR(pCE->host))); + break; case HOST: CONDDEBUG((1, "DumpDataStructures(): server=%s, type=HOST", diff --git a/conserver/master.c b/conserver/master.c index d719346..0526279 100644 --- a/conserver/master.c +++ b/conserver/master.c @@ -239,18 +239,58 @@ FindRemoteConsole(args) char *args; #endif { - REMOTE *pRC; + REMOTE *pRC; + REMOTE *pRChead; + REMOTE **ppRCcurr; + REMOTE *pRCtemp; NAMES *name; + pRCtemp = (REMOTE *)0; + pRChead = (REMOTE *)0; + ppRCcurr = &pRCtemp; for (pRC = pRCList; (REMOTE *)0 != pRC; pRC = pRC->pRCnext) { - if (strcasecmp(args, pRC->rserver) == 0) - return pRC; + if (strcasecmp(args, pRC->rserver) == 0) { + if ((pRCtemp = (REMOTE *)malloc(sizeof(REMOTE))) + == (REMOTE *)0) + OutOfMem(); + memcpy(pRCtemp, pRC, sizeof(REMOTE)); + pRCtemp->pRCnext = (REMOTE *)0; + *ppRCcurr = pRCtemp; + if (pRChead == (REMOTE *)0) + pRChead = *ppRCcurr; + ppRCcurr = &pRCtemp->pRCnext; + } for (name = pRC->aliases; name != (NAMES *)0; name = name->next) { - if (strcasecmp(args, name->name) == 0) - return pRC; + if (strcasecmp(args, name->name) == 0) { + if ((pRCtemp = (REMOTE *)malloc(sizeof(REMOTE))) + == (REMOTE *)0) + OutOfMem(); + memcpy(pRCtemp, pRC, sizeof(REMOTE)); + pRCtemp->pRCnext = (REMOTE *)0; + *ppRCcurr = pRCtemp; + if (pRChead == (REMOTE *)0) + pRChead = *ppRCcurr; + ppRCcurr = &pRCtemp->pRCnext; + } } } - return pRC; + return pRChead; +} + +void +#if PROTOTYPES +FreeRemoteConsole(REMOTE *pRChead) +#else +FindRemoteConsole(pRChead) + REMOTE *pRChead; +#endif +{ + while (pRChead != (REMOTE *)0) { + REMOTE *pRCtmp; + pRCtmp = pRChead->pRCnext; + free(pRChead); + pRChead = pRCtmp; + } } void @@ -263,6 +303,7 @@ CommandCall(pCL, args) #endif { int found; + int found_to_free = 0; REMOTE *pRC, *pRCFound; unsigned short prnum = 0; char *ambiguous = (char *)0; @@ -290,6 +331,7 @@ CommandCall(pCL, args) ambiguous = BuildTmpString(", "); ++found; pRCFound = pRC; + found_to_free = 1; } } if (found == 0 && config->autocomplete == FLAGTRUE) { @@ -363,8 +405,14 @@ CommandCall(pCL, args) "automatic redirection disabled - console on master `%s'\r\n", pRCFound->rhost); } else { - FilePrint(pCL->fd, FLAGFALSE, "@%s\r\n", - pRCFound->rhost); + REMOTE *pRCtmp = pRCFound; + while (pRCtmp != (REMOTE *)0) { + FilePrint(pCL->fd, FLAGFALSE, + ":@%s"+(pRCtmp == pRCFound ? 1 : 0), + pRCtmp->rhost); + pRCtmp = pRCtmp->pRCnext; + } + FilePrint(pCL->fd, FLAGFALSE, "\r\n"); } } else { FilePrint(pCL->fd, FLAGFALSE, "%hu\r\n", prnum); @@ -380,6 +428,8 @@ CommandCall(pCL, args) } BuildTmpString((char *)0); /* we're done - clean up */ ambiguous = (char *)0; + if (pRCFound != (REMOTE *)0 && found_to_free) + FreeRemoteConsole(pRCFound); } void diff --git a/conserver/readcfg.c b/conserver/readcfg.c index 32a76ae..3bbd863 100644 --- a/conserver/readcfg.c +++ b/conserver/readcfg.c @@ -1254,6 +1254,33 @@ DefaultItemInitrunas(id) void #if PROTOTYPES +ProcessInterface(CONSENT *c, char *id) +#else +ProcessInterface(c, id) + CONSENT *c; + char *id; +#endif +{ + if (!strcasecmp("lanplus", id)) + c->intftype = IPMIF_LANPLUS; + else + Error("invalid interface type `%s' [%s:%d]", id, file, line); +} + +void +#if PROTOTYPES +DefaultItemInterface(char *id) +#else +DefaultItemInterface(id) + char *id; +#endif +{ + CONDDEBUG((1, "DefaultItemInterface(%s) [%s:%d]", id, file, line)); + ProcessInterface(parserDefaultTemp, id); +} + +void +#if PROTOTYPES DefaultItemExecrunas(char *id) #else DefaultItemExecrunas(id) @@ -1388,6 +1415,80 @@ DefaultItemUds(id) void #if PROTOTYPES +ProcessUsername(CONSENT *c, char *id) +#else +ProcessUsername(c, id) + CONSENT *c; + char *id; +#endif +{ + if ((id == (char *)0) || (*id == '\000')) { + c->username = (char *)0; + return; + } + c->username = strdup(id); +} + +void +#if PROTOTYPES +DefaultItemUsername(char *id) +#else +DefaultItemUsername(id) + char *id; +#endif +{ + CONDDEBUG((1, "DefaultItemUsername(%s) [%s:%d]", id, file, line)); + ProcessUsername(parserDefaultTemp, id); +} + +void +#if PROTOTYPES +ProcessWorkaround(CONSENT *c, char *id) +#else +ProcessWorkaround(c, id) + CONSENT *c; + char *id; +#endif +{ + int flag; + char *token = (char *)0; + + for (token = strtok(id, ALLWORDSEP); token != (char *)0; + token = strtok(NULL, ALLWORDSEP)) { + short not; + if (token[0] == '!') { + token++; + not = 1; + } else + not = 0; + flag = 0; + if (!strcmp(token, "payloadsize")) { + flag = IPMICONSOLE_WORKAROUND_IGNORE_SOL_PAYLOAD_SIZE; + } else { + continue; + } + if (not) { + c->ipmi_wrndflags &= ~flag; + } else { + c->ipmi_wrndflags |= flag; + } + } +} + +void +#if PROTOTYPES +DefaultItemWorkaround(char *id) +#else +DefaultItemWorkaround(id) + char *id; +#endif +{ + CONDDEBUG((1, "DefaultItemWorkaround(%s) [%s:%d]", id, file, line)); + ProcessWorkaround(parserDefaultTemp, id); +} + +void +#if PROTOTYPES ProcessInclude(CONSENT *c, char *id) #else ProcessInclude(c, id) @@ -1612,22 +1713,48 @@ DefaultItemIdlestring(id) void #if PROTOTYPES -ProcessMaster(CONSENT *c, char *id) +ProcessMaster(CONSENT *c, char *ids) #else -ProcessMaster(c, id) +ProcessMaster(c, ids) CONSENT *c; - char *id; + char *ids; #endif { + char *p; + char *d; + int len; + int is_delim; + if (c->master != (char *)0) { free(c->master); c->master = (char *)0; } - if ((id == (char *)0) || (*id == '\000')) + if ((ids == (char *)0) || (*ids == '\000')) return; - if ((c->master = StrDup(id)) + if ((c->master = StrDup(ids)) == (char *)0) OutOfMem(); + /* Normalize master's hostnames */ + d = (char *)0; + p = c->master; + len = strlen(c->master); + is_delim = 0; + while (*p != '\0') { + if (*p == ':' || *p == ',' || *p == ' ') { + if (!is_delim) { + is_delim = 1; + d = p; + *p = ','; + } + } else if (is_delim) { + memmove(d+1, p, len-(p-c->master)+1); + is_delim = 0; + len -= p-d-1; + p = d; + } + p++; + } + fprintf(stderr, "Master [%s]\n", c->master); } void @@ -1757,6 +1884,34 @@ DefaultItemParity(id) void #if PROTOTYPES +ProcessPassword(CONSENT *c, char *id) +#else +ProcessPassword(c, id) + CONSENT *c; + char *id; +#endif +{ + if ((id == (char *)0) || (*id == '\000')) { + c->password = (char *)0; + return; + } + c->password = strdup(id); +} + +void +#if PROTOTYPES +DefaultItemPassword(char *id) +#else +DefaultItemPassword(id) + char *id; +#endif +{ + CONDDEBUG((1, "DefaultItemPassword(%s) [%s:%d]", id, file, line)); + ProcessPassword(parserDefaultTemp, id); +} + +void +#if PROTOTYPES ProcessPort(CONSENT *c, char *id) #else ProcessPort(c, id) @@ -2163,6 +2318,37 @@ DefaultItemRw(id) void #if PROTOTYPES +ProcessSecured(char *id, FLAG *flag) +#else +ProcessSecured(id, flag) + char *id; + FLAG *flag; +#endif +{ + if (id == (char *)0 || id[0] == '\000') + *flag = FLAGFALSE; + else if (strcasecmp("yes", id) == 0 || strcasecmp("true", id) == 0 || + strcasecmp("on", id) == 0) + *flag = FLAGTRUE; + else if (strcasecmp("no", id) == 0 || strcasecmp("false", id) == 0 || + strcasecmp("off", id) == 0) + *flag = FLAGFALSE; +} + +void +#if PROTOTYPES +DefaultItemSecured(char *id) +#else +DefaultItemSecured(id) + char *id; +#endif +{ + CONDDEBUG((1, "DefaultItemSecured(%s) [%s:%d]", id, file, line)); + ProcessSecured(id, &(parserDefaultTemp->secured)); +} + +void +#if PROTOTYPES ProcessTimestamp(CONSENT *c, char *id) #else ProcessTimestamp(c, id) @@ -2326,6 +2512,8 @@ ProcessType(c, id) } if (strcasecmp("device", id) == 0) t = DEVICE; + else if (strcasecmp("ipmi", id) == 0) + t = IPMI; else if (strcasecmp("exec", id) == 0) t = EXEC; else if (strcasecmp("host", id) == 0) @@ -2484,6 +2672,14 @@ ConsoleEnd() } } break; + case IPMI: + if (parserConsoleTemp->host == (char *)0) { + if (isMaster) + Error("[%s] console missing 'host' attribute [%s:%d]", + parserConsoleTemp->server, file, line); + invalid = 1; + } + break; case HOST: if (parserConsoleTemp->host == (char *)0) { if (isMaster) @@ -2516,8 +2712,8 @@ ConsoleEnd() break; case UNKNOWNTYPE: if (isMaster) - Error("[%s] console type unknown [%s:%d]", - parserConsoleTemp->server, file, line); + Error("[%s] console type unknown %d [%s:%d]", + parserConsoleTemp->server, parserConsoleTemp->type, file, line); invalid = 1; break; } @@ -2635,21 +2831,28 @@ ConsoleAdd(c) /* check for remote consoles */ if (!IsMe(c->master)) { if (isMaster) { - REMOTE *pRCTemp; - if ((pRCTemp = (REMOTE *)calloc(1, sizeof(REMOTE))) - == (REMOTE *)0) - OutOfMem(); - if ((pRCTemp->rhost = StrDup(c->master)) - == (char *)0) - OutOfMem(); - if ((pRCTemp->rserver = StrDup(c->server)) - == (char *)0) - OutOfMem(); - pRCTemp->aliases = c->aliases; - c->aliases = (NAMES *)0; - *ppRC = pRCTemp; - ppRC = &pRCTemp->pRCnext; - CONDDEBUG((1, "[%s] remote on %s", c->server, c->master)); + char *host; + for (host = strtok(c->master, ","); + host != (char *)0; + host = strtok(NULL, ",")) { + REMOTE *pRCTemp; + if (IsMeOne(host)) + continue; + if ((pRCTemp = (REMOTE *)calloc(1, sizeof(REMOTE))) + == (REMOTE *)0) + OutOfMem(); + if ((pRCTemp->rhost = StrDup(host)) + == (char *)0) + OutOfMem(); + if ((pRCTemp->rserver = StrDup(c->server)) + == (char *)0) + OutOfMem(); + pRCTemp->aliases = c->aliases; + c->aliases = (NAMES *)0; + *ppRC = pRCTemp; + ppRC = &pRCTemp->pRCnext; + CONDDEBUG((1, "[%s] remote on %s", c->server, pRCTemp->rhost)); + } } return; } @@ -2859,6 +3062,7 @@ ConsoleAdd(c) if (!FileBufEmpty(pCEmatch->cofile)) FD_SET(cofile, &winit); } + if (pCEmatch->initfile != (CONSFILE *)0) { int initfile = FileFDNum(pCEmatch->initfile); FD_SET(initfile, &rinit); @@ -2987,6 +3191,30 @@ ConsoleAdd(c) } #endif break; + case IPMI: + if (pCEmatch->host != (char *)0 && c->host != (char *)0) { + if (strcasecmp(pCEmatch->host, c->host) != 0) { + SwapStr(&pCEmatch->host, &c->host); + closeMatch = 0; + } + } else if (pCEmatch->host != (char *)0 || + c->host != (char *)0) { + SwapStr(&pCEmatch->host, &c->host); + closeMatch = 0; + } else if (pCEmatch->username != (char *)0 || + c->username != (char *)0) { + SwapStr(&pCEmatch->username, &c->username); + closeMatch = 0; + } else if (pCEmatch->password != (char *)0 || + c->password != (char *)0) { + SwapStr(&pCEmatch->password, &c->password); + closeMatch = 0; + } + if (pCEmatch->intftype != c->intftype) { + pCEmatch->intftype = c->intftype; + closeMatch = 0; + } + break; case HOST: if (pCEmatch->host != (char *)0 && c->host != (char *)0) { if (strcasecmp(pCEmatch->host, c->host) != 0) { @@ -3634,6 +3862,30 @@ ConsoleItemUds(id) void #if PROTOTYPES +ConsoleItemUsername(char *id) +#else +ConsoleItemUsername(id) + char *id; +#endif +{ + CONDDEBUG((1, "ConsoleItemUsername(%s) [%s:%d]", id, file, line)); + ProcessUsername(parserConsoleTemp, id); +} + +void +#if PROTOTYPES +ConsoleItemWorkaround(char *id) +#else +ConsoleItemWorkaround(id) + char *id; +#endif +{ + CONDDEBUG((1, "ConsoleItemWorkaround(%s) [%s:%d]", id, file, line)); + ProcessWorkaround(parserConsoleTemp, id); +} + +void +#if PROTOTYPES ConsoleItemInclude(char *id) #else ConsoleItemInclude(id) @@ -3742,6 +3994,18 @@ ConsoleItemParity(id) void #if PROTOTYPES +ConsoleItemPassword(char *id) +#else +ConsoleItemPassword(id) + char *id; +#endif +{ + CONDDEBUG((1, "ConsoleItemPassword(%s) [%s:%d]", id, file, line)); + ProcessPassword(parserConsoleTemp, id); +} + +void +#if PROTOTYPES ConsoleItemPort(char *id) #else ConsoleItemPort(id) @@ -4571,6 +4835,30 @@ ProcessYesNo(id, flag) void #if PROTOTYPES +ConsoleItemSecured(char *id) +#else +ConsoleItemSecured(id) + char *id; +#endif +{ + CONDDEBUG((1, "ConsoleItemSecured(%s) [%s:%d]", id, file, line)); + ProcessSecured(id, &(parserConsoleTemp->secured)); +} + +void +#if PROTOTYPES +ConsoleItemInterface(char *id) +#else +ConsoleItemInterface(id) + char *id; +#endif +{ + CONDDEBUG((1, "ConsoleItemInterface(%s) [%s:%d]", id, file, line)); + ProcessInterface(parserConsoleTemp, id); +} + +void +#if PROTOTYPES ConfigItemAutocomplete(char *id) #else ConfigItemAutocomplete(id) @@ -4874,6 +5162,7 @@ ITEM keyDefault[] = { {"idlestring", DefaultItemIdlestring}, {"idletimeout", DefaultItemIdletimeout}, {"include", DefaultItemInclude}, + {"interface", DefaultItemInterface}, {"initcmd", DefaultItemInitcmd}, {"initrunas", DefaultItemInitrunas}, {"initspinmax", DefaultItemInitspinmax}, @@ -4885,6 +5174,7 @@ ITEM keyDefault[] = { {"motd", DefaultItemMOTD}, {"options", DefaultItemOptions}, {"parity", DefaultItemParity}, + {"password", DefaultItemPassword}, {"port", DefaultItemPort}, {"portbase", DefaultItemPortbase}, {"portinc", DefaultItemPortinc}, @@ -4892,10 +5182,13 @@ ITEM keyDefault[] = { {"replstring", DefaultItemReplstring}, {"ro", DefaultItemRo}, {"rw", DefaultItemRw}, + {"secured", DefaultItemSecured}, {"timestamp", DefaultItemTimestamp}, {"type", DefaultItemType}, {"uds", DefaultItemUds}, {"udssubst", DefaultItemUdssubst}, + {"username", DefaultItemUsername}, + {"workaround", DefaultItemWorkaround}, {(char *)0, (void *)0} }; @@ -4913,17 +5206,20 @@ ITEM keyConsole[] = { {"idlestring", ConsoleItemIdlestring}, {"idletimeout", ConsoleItemIdletimeout}, {"include", ConsoleItemInclude}, + {"interface", ConsoleItemInterface}, {"initcmd", ConsoleItemInitcmd}, {"initrunas", ConsoleItemInitrunas}, {"initspinmax", ConsoleItemInitspinmax}, {"initspintimer", ConsoleItemInitspintimer}, {"initsubst", ConsoleItemInitsubst}, + {"interface", ConsoleItemInterface}, {"logfile", ConsoleItemLogfile}, {"logfilemax", ConsoleItemLogfilemax}, {"master", ConsoleItemMaster}, {"motd", ConsoleItemMOTD}, {"options", ConsoleItemOptions}, {"parity", ConsoleItemParity}, + {"password", ConsoleItemPassword}, {"port", ConsoleItemPort}, {"portbase", ConsoleItemPortbase}, {"portinc", ConsoleItemPortinc}, @@ -4931,10 +5227,13 @@ ITEM keyConsole[] = { {"replstring", ConsoleItemReplstring}, {"ro", ConsoleItemRo}, {"rw", ConsoleItemRw}, + {"secured", ConsoleItemSecured}, {"timestamp", ConsoleItemTimestamp}, {"type", ConsoleItemType}, {"uds", ConsoleItemUds}, {"udssubst", ConsoleItemUdssubst}, + {"username", ConsoleItemUsername}, + {"workaround", ConsoleItemWorkaround}, {(char *)0, (void *)0} }; diff --git a/contrib/chat/Makefile b/contrib/chat/Makefile index 8fd93b6..7485c73 100644 diff --git a/contrib/yaconserv-8.1.18-mouse-moxa-realcom-tty.patch b/contrib/yaconserv-8.1.18-mouse-moxa-realcom-tty.patch new file mode 100644 index 0000000..e46af55 --------------070601050809060006030008-- From bruce.edge@gmail.com Mon Dec 13 19:48:09 2010 Received: from mail-vw0-f50.google.com (mail-vw0-f50.google.com [209.85.212.50]) by underdog.stansell.org (8.14.4/8.14.4) with ESMTP id oBDJm3nH025150 for ; Mon, 13 Dec 2010 19:48:08 GMT Received: by vws14 with SMTP id 14so3651496vws.9 for ; Mon, 13 Dec 2010 11:48:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=I3iXBsCrG9WUmQAl0RCH/6w/bB/QF7fAg5sYlUHbEIs=; b=iVdJ0C+lFC7pyF0DrGDIOHlvigVIjlKuFYJOf2ewVuftwVROEpByDBSSgIm3pJutAn hCxQxdZLZFqDpJeLCUUqbojPKnQ3cODvEVcPn/C4IbrQriXsNEabmygkCbs0To9WVVj/ MLLt/+FLEIJOXYWyZvLe5LdRgy/RzN6+89cW0= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=LIIyWWsJSxyhNuRwVhjWX/ZSKe2fLs4zRnURKS28IQ39MVYCWmECYv23P+FmGZ4MN2 ZWmjypp5fk0bE1hbQfcHqgtMUgo/WTJzsp0fNC6NQqzlHR17aXAn2a2k1tDcDeHn0JfZ BF4BnY/XvVsqJ6YK5lJJfKE9j5bn1GFgXZiaQ= MIME-Version: 1.0 Received: by 10.229.229.68 with SMTP id jh4mr3442340qcb.238.1292269680605; Mon, 13 Dec 2010 11:48:00 -0800 (PST) Received: by 10.220.122.132 with HTTP; Mon, 13 Dec 2010 11:48:00 -0800 (PST) In-Reply-To: <4D067477.3020905@yandex-team.ru> References: <4D067477.3020905@yandex-team.ru> Date: Mon, 13 Dec 2010 11:48:00 -0800 Message-ID: Subject: Re: [PATCH] FreeIPMI support, multi masters and multi-line comments From: Bruce Edge To: "Anton D. Kachalov" Content-Type: text/plain; charset=ISO-8859-1 X-Spam-Score: 1.242 (*) BAYES_00,FH_DATE_PAST_20XX X-Scanned-By: MIMEDefang 2.67 on 209.182.219.30 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by underdog.stansell.org id oBDJm3nH025150 Cc: users@conserver.com X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.12 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Dec 2010 19:48:09 -0000 On Mon, Dec 13, 2010 at 11:31 AM, Anton D. Kachalov wrote: > Good day. > > I prepared a patch that introduces support for: > >  1. FreeIPMI with new config keywords: "username", "password", "interface" > ("lanplus" value only) and "workaround" flags ("payloadsize" flag only). > Currently tested with SM X8DTU-F and Asus Z8NR-D12. > >  2. Multi masters. To use the same configuration file across the numbers of > conservers. > >  3. Multi-line comments in a C-way: /* ... */ > >  4. Basic support for `clientSSLSocket' to operate over secured channel with > remote console. > > -- > Anton D. Kachalov > > ITO, System Administrator > > > _______________________________________________ > users mailing list > users@conserver.com > https://www.conserver.com/mailman/listinfo/users > > Any thoughts as to whether this will work with the HP iLO v2 or v3? -Bruce From mouse@yandex-team.ru Mon Dec 13 19:58:37 2010 Received: from dinosaur.yandex.ru (dinosaur.yandex.ru [77.88.34.8]) by underdog.stansell.org (8.14.4/8.14.4) with ESMTP id oBDJwU7J025329 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Mon, 13 Dec 2010 19:58:37 GMT Received: from [95.108.170.183] (dhcp170-183-red.yandex.net [95.108.170.183]) by dinosaur.yandex.ru (Postfix) with ESMTP id DA4EA2E4FB; Mon, 13 Dec 2010 22:58:28 +0300 (MSK) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex-team.ru; s=default; t=1292270308; bh=jQDFu2+cR6aCX7i9fDw0yiawzLM0RSpzGAhC0z0PfUY=; h=Message-ID:Date:From:MIME-Version:To:CC:Subject:References: In-Reply-To:Content-Type:Content-Transfer-Encoding; b=hHOjEa9fTFjy16zrgIwdTu7H6PBL3xwHoMLlSRdzIB862/SvSoG5YHQwnWpB49co7 eDMSJN/ZHM4dg91Sk3bqw1My6d3JHzNAz4Kc/bSV20UA7wDQZ8/o57p8ad/PSjDlmX ljessScvi9mzIUxkVuKKKHxE7FzYWoSxUBNz5wm4= Message-ID: <4D067AE0.7020407@yandex-team.ru> Date: Mon, 13 Dec 2010 22:58:24 +0300 From: "Anton D. Kachalov" User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.13) Gecko/20101208 Thunderbird/3.1.7 MIME-Version: 1.0 To: Bruce Edge Subject: Re: [PATCH] FreeIPMI support, multi masters and multi-line comments References: <4D067477.3020905@yandex-team.ru> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Score: 3.369 (***) BAYES_40,FH_DATE_PAST_20XX X-Scanned-By: MIMEDefang 2.67 on 209.182.219.30 Cc: users@conserver.com X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.12 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Dec 2010 19:58:37 -0000 On 12/13/2010 10:48 PM, Bruce Edge wrote: [...] > Any thoughts as to whether this will work with the HP iLO v2 or v3? > As far as ipmiconsole from freeipmi package will work. I've tried only with one iLO-2 (ProLiant DL360 G5) but always receive "Connection refused" / "Connection timeouted" with either ipmiconsole or ipmitool: $ ipmitool -I lanplus -H xx.yy.zz.ww -U admin -P admin sol activate connect(3, {sa_family=AF_INET, sin_port=htons(623), sin_addr=inet_addr("xx.yy.zz.ww")}, 16) = 0 time(NULL) = 1292269970 send(3, "\6\0\377\7\0\0\0\0\0\0\0\0\0\t \30\310\201\0008\216\4\265", 23, 0) = 23 nanosleep({0, 100000}, NULL) = 0 select(4, [3], NULL, [3], {1, 0}) = 1 (in [3], left {0, 999346}) recv(3, 0x815ab61, 1024, 0) = -1 ECONNREFUSED (Connection refused) -- Anton D. Kachalov ITO, System Administrator Tel: +7 (495) 739-70-00 ext.7613 From Andras.Horvath@cern.ch Tue Dec 14 09:38:44 2010 Received: from CERNMX30.cern.ch (cernmx30.cern.ch [137.138.144.177]) by underdog.stansell.org (8.14.4/8.14.4) with ESMTP id oBE9cb4U002674 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL) for ; Tue, 14 Dec 2010 09:38:43 GMT Received: from CERNFE21.cern.ch (137.138.144.150) by cernmxgwlb2.cern.ch (137.138.144.177) with Microsoft SMTP Server (TLS) id 14.1.218.12; Tue, 14 Dec 2010 10:38:30 +0100 Received: from [137.138.33.142] (137.138.33.142) by smtp.cern.ch (137.138.144.172) with Microsoft SMTP Server (TLS) id 14.1.255.0; Tue, 14 Dec 2010 10:38:29 +0100 Message-ID: <4D073B14.6070104@cern.ch> Date: Tue, 14 Dec 2010 10:38:28 +0100 From: Andras HORVATH User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101208 Thunderbird/3.1.7 MIME-Version: 1.0 To: Subject: Re: [PATCH] FreeIPMI support, multi masters and multi-line comments References: <4D067477.3020905@yandex-team.ru> In-Reply-To: <4D067477.3020905@yandex-team.ru> X-Enigmail-Version: 1.1.2 Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit X-Originating-IP: [137.138.33.142] Keywords: CERN SpamKiller Note: -50 X-Spam-Score: 1.242 (*) BAYES_00,FH_DATE_PAST_20XX X-Scanned-By: MIMEDefang 2.67 on 209.182.219.30 X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.12 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Dec 2010 09:38:44 -0000 On 12/13/2010 08:31 PM, Anton D. Kachalov wrote: > Good day. > > I prepared a patch that introduces support for: > > 1. FreeIPMI with new config keywords: "username", "password", > "interface" ("lanplus" value only) and "workaround" flags ("payloadsize" Sounds great, we're using a lot of ipmi with a homegrown solution, thank you. However, how does putting passwords into the config file relate to ^Eci (basically dumping said file)? I don't want anyone to connect to BMCs directly. Andras -- Andras HORVATH Systems engineer, CERN CF FPP Tel: +41 22 767 4290 // Fax: +41 22 766 9154 From mouse@yandex-team.ru Tue Dec 14 10:30:00 2010 Received: from elephant.yandex.ru (elephant.yandex.ru [77.88.34.7]) by underdog.stansell.org (8.14.4/8.14.4) with ESMTP id oBEATqqn004260 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Tue, 14 Dec 2010 10:30:00 GMT Received: from [95.108.170.183] (dhcp170-183-red.yandex.net [95.108.170.183]) by elephant.yandex.ru (Postfix) with ESMTP id 9CC8C1A8127D for ; Tue, 14 Dec 2010 13:29:51 +0300 (MSK) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex-team.ru; s=default; t=1292322591; bh=zvjiotAIKQDDcDlJsD8F0LKyjmbKOhP6T9IyNVVos60=; h=Message-ID:Date:From:MIME-Version:To:Subject:References: In-Reply-To:Content-Type:Content-Transfer-Encoding; b=UzzNmjGx6iDgeoAdZQUAfQBDabFvHvBmrKLpK8FTmA7aeYPOzAIHNzH1wn/KAb8HR UryJZThtnVRdEDCqeZfThVXX9LWU6hNYhJuB8xUK4TgcWwZvIoutbzFerW1u7zoqLn 7pixSH1on+JZz0sE16s9ANr5tbLNX8Rifs7CV9lU= Message-ID: <4D07471F.1060001@yandex-team.ru> Date: Tue, 14 Dec 2010 13:29:51 +0300 From: "Anton D. Kachalov" User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.13) Gecko/20101208 Thunderbird/3.1.7 MIME-Version: 1.0 To: users@conserver.com Subject: Re: [PATCH] FreeIPMI support, multi masters and multi-line comments References: <4D067477.3020905@yandex-team.ru> <4D073B14.6070104@cern.ch> In-Reply-To: <4D073B14.6070104@cern.ch> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Score: 1.242 (*) BAYES_00,FH_DATE_PAST_20XX X-Scanned-By: MIMEDefang 2.67 on 209.182.219.30 X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.12 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Dec 2010 10:30:00 -0000 Hello, Andras. On 12/14/2010 12:38 PM, Andras HORVATH wrote: > > On 12/13/2010 08:31 PM, Anton D. Kachalov wrote: >> Good day. >> >> I prepared a patch that introduces support for: >> >> 1. FreeIPMI with new config keywords: "username", "password", >> "interface" ("lanplus" value only) and "workaround" flags ("payloadsize" > Sounds great, we're using a lot of ipmi with a homegrown solution, thank > you. > > However, how does putting passwords into the config file relate to ^Eci > (basically dumping said file)? I don't want anyone to connect to BMCs > directly. > It won't dump username/passwords: [Enter `^Ec?' for help] [info] ipmi:ya-mouse,2871,1:!:xx.yy.ww.zz,11w@root@localhost.localdomain@0 :up:rw:./ipmi.log,log,noact,nobrk,0,5:1:noautoup::ixon,ixoff,autoreinit,login::0:\n -- Anton D. Kachalov ITO, System Administrator From mouse@yandex-team.ru Tue Dec 14 12:14:23 2010 Received: from elephant.yandex.ru (elephant.yandex.ru [77.88.34.7]) by underdog.stansell.org (8.14.4/8.14.4) with ESMTP id oBECEFO6007207 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Tue, 14 Dec 2010 12:14:23 GMT Received: from [95.108.170.183] (dhcp170-183-red.yandex.net [95.108.170.183]) by elephant.yandex.ru (Postfix) with ESMTP id 21C851A81878 for ; Tue, 14 Dec 2010 15:14:14 +0300 (MSK) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex-team.ru; s=default; t=1292328854; bh=zPKpqyPiW7nVKE+aIZGcp5huntHCwjiXIM84p4DmksY=; h=Message-ID:Date:From:MIME-Version:To:Subject:References: In-Reply-To:Content-Type:Content-Transfer-Encoding; b=anpBuge8QH6wvc5Wl5hHeQngXhfJ2KAT9doZClWF1uXQOcU5BTKqJM/UB2F9vPxnY 5O21t30RmK5JG61BoMUqIlk6XgDw5Y+U+djSYf7F1zMeoMmX07A5wPACjoYfQNWr4g FF465jJlqc5Plp5kVVMe85thOHc1YJ6TtrHj9kyk= Message-ID: <4D075F96.8090303@yandex-team.ru> Date: Tue, 14 Dec 2010 15:14:14 +0300 From: "Anton D. Kachalov" User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.13) Gecko/20101208 Thunderbird/3.1.7 MIME-Version: 1.0 To: users@conserver.com Subject: Re: [PATCH] FreeIPMI support, multi masters and multi-line comments References: <4D067477.3020905@yandex-team.ru> In-Reply-To: <4D067477.3020905@yandex-team.ru> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Score: 2.814 (**) BAYES_20,FH_DATE_PAST_20XX X-Scanned-By: MIMEDefang 2.67 on 209.182.219.30 X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.12 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Dec 2010 12:14:23 -0000 On 12/13/2010 10:31 PM, Anton D. Kachalov wrote: > > 2. Multi masters. > It's better to say, that multi masters allows to open several connections at a time to one remote console, e.g. to Moxa's RealCOM TTY (patch for conserver on the way). -- Anton D. Kachalov ITO, System Administrator Tel: +7 (495) 739-70-00 ext.7613 From chris@marget.com Tue Dec 14 21:30:11 2010 Received: from mail-qw0-f50.google.com (mail-qw0-f50.google.com [209.85.216.50]) by underdog.stansell.org (8.14.4/8.14.4) with ESMTP id oBELU5HY022250 for ; Tue, 14 Dec 2010 21:30:11 GMT Received: by qwd6 with SMTP id 6so1196739qwd.9 for ; Tue, 14 Dec 2010 13:30:04 -0800 (PST) MIME-Version: 1.0 Received: by 10.224.3.4 with SMTP id 4mr5575372qal.127.1292362204782; Tue, 14 Dec 2010 13:30:04 -0800 (PST) Received: by 10.220.180.205 with HTTP; Tue, 14 Dec 2010 13:30:04 -0800 (PST) X-Originating-IP: [68.184.20.210] Date: Tue, 14 Dec 2010 16:30:04 -0500 Message-ID: Subject: Console taking 100% CPU From: Chris Marget To: users@conserver.com Content-Type: text/plain; charset=ISO-8859-1 X-Spam-Score: 3.369 (***) BAYES_40,FH_DATE_PAST_20XX X-Scanned-By: MIMEDefang 2.67 on 209.182.219.30 X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.12 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Dec 2010 21:30:11 -0000 Greetings! I'm having an issue where the 'console' process is taking 100% of my CPU. This happens whenever controlling terminal vanishes in an unexpected manner -- sorry for being vague, but I'm not certain exactly what's happening TTY-wise. Anyway, it's super easy to duplicate with: $ echo | console myport ...or... $ (sleep 3) | console myport When the pipeline sends EOF, console spins out of control. I'd like it to die instead :-) I noticed this because I'm trying to use xinetd to run console. If the user's telnet session is aborted I get the same result. The goal of my project is to make TCP ports on a single server act like a huge terminal server appliance. The xinetd/chroot/runuser/console/conserver mess will be a big mux, allowing me to present any console port in the environment directly on TCP ports on the server. Users won't need the 'console' binary, any telnet client will do. There's probably a better way to do this than having xinetd launch console, but I'm not sure what it is. This console CPU problem is a show-stopper. Thoughts on the CPU issue, or a better way to accomplish my goal? Thanks very much! /chris From cfowler@outpostsentinel.com Tue Dec 14 21:39:16 2010 Received: from support.opsdc.com (support.opsdc.com [65.254.219.9]) by underdog.stansell.org (8.14.4/8.14.4) with ESMTP id oBELd9n4022420 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Tue, 14 Dec 2010 21:39:15 GMT Received: from [192.168.1.115] (buford.k3dc.com [208.65.90.32] (may be forged)) by support.opsdc.com (8.13.8/8.13.8) with ESMTP id oBELd8YM000918; Tue, 14 Dec 2010 16:39:08 -0500 Subject: Re: Console taking 100% CPU From: Chris Fowler To: Chris Marget In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Date: Tue, 14 Dec 2010 16:39:07 -0500 Message-ID: <1292362747.1868.64.camel@cfowler-desktop> Mime-Version: 1.0 X-Mailer: Evolution 2.28.3 Content-Transfer-Encoding: 7bit X-Spam-Score: 1.242 (*) BAYES_00,FH_DATE_PAST_20XX X-Scanned-By: MIMEDefang 2.67 on 209.182.219.30 Cc: users@conserver.com X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.12 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Dec 2010 21:39:16 -0000 On Tue, 2010-12-14 at 16:30 -0500, Chris Marget wrote: > > The goal of my project is to make TCP ports on a single server act > like a huge terminal server appliance. The > xinetd/chroot/runuser/console/conserver mess will be a big mux, > allowing me to present any console port in the environment directly on > TCP ports on the server. Users won't need the 'console' binary, any > telnet client will do. Meh. Sounds like a big CF and security nightmare. If you're going to do that maybe you don't need conserver. I have some "reverse TCP" code I wrote some years back that will do exactly what you are looking to do. It emulates the behavior of an old school terminal server. > > There's probably a better way to do this than having xinetd launch > console, but I'm not sure what it is. This console CPU problem is a > show-stopper. Fix it. I've not looked at the new code but it seems to me that it is not catching EOF. I could be wrong. (sleep 3) | strace console myconsole 2>/tmp/strace.log What is it doing? From chris@marget.com Tue Dec 14 21:54:48 2010 Received: from mail-qy0-f178.google.com (mail-qy0-f178.google.com [209.85.216.178]) by underdog.stansell.org (8.14.4/8.14.4) with ESMTP id oBELsgLF026571 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=OK) for ; Tue, 14 Dec 2010 21:54:48 GMT Received: by qyk33 with SMTP id 33so1191876qyk.9 for ; Tue, 14 Dec 2010 13:54:41 -0800 (PST) MIME-Version: 1.0 Received: by 10.229.89.208 with SMTP id f16mr211036qcm.43.1292363681674; Tue, 14 Dec 2010 13:54:41 -0800 (PST) Received: by 10.220.180.205 with HTTP; Tue, 14 Dec 2010 13:54:41 -0800 (PST) X-Originating-IP: [68.184.20.210] In-Reply-To: <1292362747.1868.64.camel@cfowler-desktop> References: <1292362747.1868.64.camel@cfowler-desktop> Date: Tue, 14 Dec 2010 16:54:41 -0500 Message-ID: Subject: Re: Console taking 100% CPU From: Chris Marget To: Chris Fowler Content-Type: text/plain; charset=ISO-8859-1 X-Spam-Score: 3.555 (***) BAYES_50,FH_DATE_PAST_20XX X-Scanned-By: MIMEDefang 2.67 on 209.182.219.30 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by underdog.stansell.org id oBELsgLF026571 Cc: users@conserver.com X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.12 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Dec 2010 21:54:49 -0000 On Tue, Dec 14, 2010 at 4:39 PM, Chris Fowler wrote: > On Tue, 2010-12-14 at 16:30 -0500, Chris Marget wrote: >> >> The goal of my project is to make TCP ports on a single server act >> like a huge terminal server appliance.  The >> xinetd/chroot/runuser/console/conserver mess will be a big mux, >> allowing me to present any console port in the environment directly on >> TCP ports on the server.  Users won't need the 'console' binary, any >> telnet client will do. > > Meh.  Sounds like a big CF and security nightmare. Yes. Yes it is :-) Data in flight is meaningless, so the 'telnet' aspects of it are okay. This will all be front-ended by a web application that knows who's signed on to which block of ports, and creates iptables policy for each user. Then, just for good measure, every web user gets his own chroot enviroment. It's ugly, but these problems are all figured out. > If you're going to do that maybe you don't need conserver.  I have some > "reverse TCP" code I wrote some years back that will do exactly what you > are looking to do.  It emulates the behavior of an old school terminal > server. I might be interested in this! > (sleep 3) | strace console myconsole 2>/tmp/strace.log > > What is it doing? It's doing this. # (sleep 3) | strace -f console 20 execve("/usr/bin/console", ["console", "20"], [/* 32 vars */]) = 0 brk(0) = 0x8bfe000 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7802000 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) open("/etc/ld.so.cache", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=18383, ...}) = 0 mmap2(NULL, 18383, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb77fd000 close(3) = 0 open("/lib/libutil.so.1", O_RDONLY) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0 J\332\0004\0\0\0"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=14640, ...}) = 0 mmap2(0xda4000, 12420, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xda4000 mmap2(0xda6000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0xda6000 close(3) = 0 open("/lib/libcrypt.so.1", O_RDONLY) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\260\10\262\0004\0\0\0"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=40292, ...}) = 0 mmap2(0xb20000, 192860, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb20000 mmap2(0xb27000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x7) = 0xb27000 mmap2(0xb29000, 155996, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb29000 close(3) = 0 open("/lib/i686/nosegneg/libc.so.6", O_RDONLY) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\360]\223\0004\0\0\0"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=1785084, ...}) = 0 mmap2(0x91f000, 1550664, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x91f000 mmap2(0xa94000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x175) = 0xa94000 mmap2(0xa97000, 10568, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xa97000 close(3) = 0 open("/lib/libfreebl3.so", O_RDONLY) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`9\265\0004\0\0\0"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=303640, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb77fc000 mmap2(0xb52000, 318252, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb52000 mmap2(0xb9b000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x49) = 0xb9b000 mmap2(0xb9c000, 15148, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb9c000 close(3) = 0 open("/lib/libdl.so.2", O_RDONLY) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\312\251\0004\0\0\0"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=19784, ...}) = 0 mmap2(0xa9c000, 16500, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xa9c000 mmap2(0xa9f000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2) = 0xa9f000 close(3) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb77fb000 set_thread_area({entry_number:-1 -> 6, base_addr:0xb77fb6c0, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0 mprotect(0xda6000, 4096, PROT_READ) = 0 mprotect(0xb27000, 4096, PROT_READ) = 0 mprotect(0xa94000, 8192, PROT_READ) = 0 mprotect(0x91b000, 4096, PROT_READ) = 0 mprotect(0xa9f000, 4096, PROT_READ) = 0 munmap(0xb77fd000, 18383) = 0 getpid() = 8657 brk(0) = 0x8bfe000 brk(0x8c1f000) = 0x8c1f000 socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 3 ioctl(3, SIOCGIFCONF, {64, {{"lo", {AF_INET, inet_addr("127.0.0.1")}}, {"eth0", {AF_INET, inet_addr("10.122.218.33")}}}}) = 0 ioctl(3, SIOCGIFFLAGS, {ifr_name="lo", ifr_flags=IFF_UP|IFF_LOOPBACK|IFF_RUNNING}) = 0 ioctl(3, SIOCGIFFLAGS, {ifr_name="eth0", ifr_flags=IFF_UP|IFF_BROADCAST|IFF_RUNNING|IFF_MULTICAST}) = 0 close(3) = 0 open("/etc/console.cf", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=42, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7801000 read(3, "config * { master localhost; por"..., 4096) = 42 read(3, "", 4096) = 0 close(3) = 0 munmap(0xb7801000, 4096) = 0 open("/home/ec2-user/.consolerc", O_RDONLY) = -1 ENOENT (No such file or directory) rt_sigaction(SIGPIPE, {SIG_IGN, [], 0}, NULL, 8) = 0 open("/dev/tty", O_RDONLY) = 3 ioctl(3, TIOCGWINSZ, {ws_row=77, ws_col=127, ws_xpixel=762, ws_ypixel=1078}) = 0 close(3) = 0 open("/etc/resolv.conf", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=80, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7801000 read(3, "; generated by /sbin/dhclient-sc"..., 4096) = 80 read(3, "", 4096) = 0 close(3) = 0 munmap(0xb7801000, 4096) = 0 socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3 connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory) close(3) = 0 socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3 connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory) close(3) = 0 open("/etc/nsswitch.conf", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=1688, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7801000 read(3, "#\n# /etc/nsswitch.conf\n#\n# An ex"..., 4096) = 1688 read(3, "", 4096) = 0 close(3) = 0 munmap(0xb7801000, 4096) = 0 open("/etc/ld.so.cache", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=18383, ...}) = 0 mmap2(NULL, 18383, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb77fd000 close(3) = 0 open("/lib/libnss_files.so.2", O_RDONLY) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\0\32\0\0004\0\0\0"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=58532, ...}) = 0 mmap2(NULL, 53956, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x332000 mmap2(0x33e000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xb) = 0x33e000 close(3) = 0 mprotect(0x33e000, 4096, PROT_READ) = 0 munmap(0xb77fd000, 18383) = 0 open("/etc/host.conf", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=17, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7801000 read(3, "order hosts,bind\n", 4096) = 17 read(3, "", 4096) = 0 close(3) = 0 munmap(0xb7801000, 4096) = 0 open("/etc/hosts", O_RDONLY|O_CLOEXEC) = 3 fcntl64(3, F_GETFD) = 0x1 (flags FD_CLOEXEC) fstat64(3, {st_mode=S_IFREG|0644, st_size=44, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7801000 read(3, "127.0.0.1 localhost localhost."..., 4096) = 44 close(3) = 0 munmap(0xb7801000, 4096) = 0 socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 3 connect(3, {sa_family=AF_INET, sin_port=htons(2000), sin_addr=inet_addr("127.0.0.1")}, 16) = 0 read(3, "ok\r\n", 1024) = 4 write(3, "login root\r\n", 12) = 12 read(3, "ok\r\n", 1024) = 4 write(3, "call 20\r\n", 9) = 9 read(3, "45769\r\n", 1024) = 7 write(3, "exit\r\n", 6) = 6 read(3, "goodbye\r\n", 1024) = 9 read(3, "", 1024) = 0 close(3) = 0 open("/etc/hosts", O_RDONLY|O_CLOEXEC) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=44, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7801000 read(3, "127.0.0.1 localhost localhost."..., 4096) = 44 close(3) = 0 munmap(0xb7801000, 4096) = 0 socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 3 connect(3, {sa_family=AF_INET, sin_port=htons(45769), sin_addr=inet_addr("127.0.0.1")}, 16) = 0 read(3, "ok\r\n", 1024) = 4 write(3, "login root\r\n", 12) = 12 read(3, "ok\r\n", 1024) = 4 write(3, "call 20\r\n", 9) = 9 read(3, "[attached]\r\n", 1024) = 12 fcntl64(3, F_SETOWN, 8657) = 0 rt_sigaction(SIGCHLD, {0x8049220, [], 0}, NULL, 8) = 0 write(3, "\5c=", 3) = 3 read(3, "[", 1024) = 1 read(3, "up]\r\n", 1024) = 5 write(3, "\5c\326", 3) = 3 read(3, "[", 1024) = 1 read(3, "8001018]\r\n", 1024) = 10 fstat64(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 1), ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7801000 write(1, "[Enter `^Ec?' for help]\n", 24[Enter `^Ec?' for help] ) = 24 write(3, "\5cm", 3) = 3 read(3, "[", 1024) = 1 read(3, "-- MOTD --]\r\n", 1024) = 13 write(3, "\5c;", 3) = 3 read(3, "[", 1024) = 1 read(3, "connected]\r\n", 1024) = 12 ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, 0xbfd83868) = -1 EINVAL (Invalid argument) fcntl64(3, F_GETFL) = 0x2 (flags O_RDWR) fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0 select(4, [0 3], [], NULL, NULL) = 1 (in [0]) read(0, "", 8192) = 0 select(4, [0 3], [], NULL, NULL) = 1 (in [0]) read(0, "", 8192) = 0 select(4, [0 3], [], NULL, NULL) = 1 (in [0]) read(0, "", 8192) = 0 select(4, [0 3], [], NULL, NULL) = 1 (in [0]) read(0, "", 8192) = 0 select(4, [0 3], [], NULL, NULL) = 1 (in [0]) read(0, "", 8192) = 0 select(4, [0 3], [], NULL, NULL) = 1 (in [0]) read(0, "", 8192) = 0 select(4, [0 3], [], NULL, NULL) = 1 (in [0]) read(0, "", 8192) = 0 select(4, [0 3], [], NULL, NULL) = 1 (in [0]) read(0, "", 8192) = 0 select(4, [0 3], [], NULL, NULL) = 1 (in [0]) read(0, "", 8192) = 0 select(4, [0 3], [], NULL, NULL) = 1 (in [0]) read(0, "", 8192) = 0 select(4, [0 3], [], NULL, NULL) = 1 (in [0]) read(0, "", 8192) = 0 select(4, [0 3], [], NULL, NULL) = 1 (in [0]) read(0, "", 8192) = 0 select(4, [0 3], [], NULL, NULL) = 1 (in [0]) read(0, "", 8192) = 0 select(4, [0 3], [], NULL, NULL) = 1 (in [0]) read(0, "", 8192) = 0 select(4, [0 3], [], NULL, NULL) = 1 (in [0]) read(0, "", 8192) = 0 select(4, [0 3], [], NULL, NULL) = 1 (in [0]) read(0, "", 8192) = 0 select(4, [0 3], [], NULL, NULL) = 1 (in [0]) read(0, "", 8192) = 0 select(4, [0 3], [], NULL, NULL) = 1 (in [0]) read(0, "", 8192) = 0 From cfowler@outpostsentinel.com Tue Dec 14 21:59:55 2010 Received: from support.opsdc.com (support.opsdc.com [65.254.219.9]) by underdog.stansell.org (8.14.4/8.14.4) with ESMTP id oBELxn4b026712 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Tue, 14 Dec 2010 21:59:55 GMT Received: from [192.168.1.115] (buford.k3dc.com [208.65.90.32] (may be forged)) by support.opsdc.com (8.13.8/8.13.8) with ESMTP id oBELxmUl001389; Tue, 14 Dec 2010 16:59:48 -0500 Subject: Re: [SPAM] Re: Console taking 100% CPU From: Chris Fowler To: Chris Marget In-Reply-To: References: <1292362747.1868.64.camel@cfowler-desktop> Content-Type: text/plain; charset="UTF-8" Date: Tue, 14 Dec 2010 16:59:47 -0500 Message-ID: <1292363987.1868.67.camel@cfowler-desktop> Mime-Version: 1.0 X-Mailer: Evolution 2.28.3 Content-Transfer-Encoding: 7bit X-Spam-Score: 2.444 (**) BAYES_05,FH_DATE_PAST_20XX X-Scanned-By: MIMEDefang 2.67 on 209.182.219.30 Cc: users@conserver.com X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.12 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Dec 2010 21:59:55 -0000 On Tue, 2010-12-14 at 16:54 -0500, Chris Marget wrote: > read(0, "", 8192) = 0 > select(4, [0 3], [], NULL, NULL) = 1 (in [0]) > read(0, "", 8192) = 0 > select(4, [0 3], [], NULL, NULL) = 1 (in [0]) > read(0, "", 8192) = 0 select() has seen STDIN ready to be read. read() reads 0 bytes. This is an EOF condition. Easy. Fix the code so that when reading from 0 if 0 bytes are read is restores the terminal and exits. From chris@marget.com Tue Dec 14 22:15:11 2010 Received: from mail-qw0-f50.google.com (mail-qw0-f50.google.com [209.85.216.50]) by underdog.stansell.org (8.14.4/8.14.4) with ESMTP id oBEMF5GA027798 for ; Tue, 14 Dec 2010 22:15:11 GMT Received: by qwd6 with SMTP id 6so1237583qwd.9 for ; Tue, 14 Dec 2010 14:15:05 -0800 (PST) MIME-Version: 1.0 Received: by 10.224.19.195 with SMTP id c3mr5780804qab.77.1292364905105; Tue, 14 Dec 2010 14:15:05 -0800 (PST) Received: by 10.220.180.205 with HTTP; Tue, 14 Dec 2010 14:15:05 -0800 (PST) X-Originating-IP: [68.184.20.210] In-Reply-To: <1292363987.1868.67.camel@cfowler-desktop> References: <1292362747.1868.64.camel@cfowler-desktop> <1292363987.1868.67.camel@cfowler-desktop> Date: Tue, 14 Dec 2010 17:15:05 -0500 Message-ID: Subject: Re: [SPAM] Re: Console taking 100% CPU From: Chris Marget To: Chris Fowler Content-Type: text/plain; charset=ISO-8859-1 X-Spam-Score: 3.555 (***) BAYES_50,FH_DATE_PAST_20XX X-Scanned-By: MIMEDefang 2.67 on 209.182.219.30 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by underdog.stansell.org id oBEMF5GA027798 Cc: users@conserver.com X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.12 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Dec 2010 22:15:11 -0000 On Tue, Dec 14, 2010 at 4:59 PM, Chris Fowler wrote: > On Tue, 2010-12-14 at 16:54 -0500, Chris Marget wrote: >> read(0, "", 8192)                       = 0 >> select(4, [0 3], [], NULL, NULL)        = 1 (in [0]) >> read(0, "", 8192)                       = 0 >> select(4, [0 3], [], NULL, NULL)        = 1 (in [0]) >> read(0, "", 8192)                       = 0 > > select() has seen STDIN ready to be read. > read() reads 0 bytes.  This is an EOF condition. > > Easy.  Fix the code so that when reading from 0 if 0 bytes are read is > restores the terminal and exits. I've added two lines here. Seems to do what I need. Am I on the right track? static int screwy = 0; /* anything from stdin? */ if (FD_ISSET(0, &rmask)) { if ((nc = read(0, acMesg, sizeof(acMesg))) <= 0) { if ( nc == 0 ) fprintf(stderr, "gotcha!\n"); // added by chris m if ( nc == 0 ) break; // added by chris m if (screwy) break; else { FD_SET(0, &rinit); continue; } } Thanks very much! /chris From cfowler@outpostsentinel.com Tue Dec 14 22:23:28 2010 Received: from support.opsdc.com (support.opsdc.com [65.254.219.9]) by underdog.stansell.org (8.14.4/8.14.4) with ESMTP id oBEMNMZj027976 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Tue, 14 Dec 2010 22:23:27 GMT Received: from [192.168.1.115] (buford.k3dc.com [208.65.90.32] (may be forged)) by support.opsdc.com (8.13.8/8.13.8) with ESMTP id oBEMNLC6001897; Tue, 14 Dec 2010 17:23:21 -0500 Subject: Re: Console taking 100% CPU From: Chris Fowler To: Chris Marget In-Reply-To: References: <1292362747.1868.64.camel@cfowler-desktop> <1292363987.1868.67.camel@cfowler-desktop> Content-Type: text/plain; charset="UTF-8" Date: Tue, 14 Dec 2010 17:23:20 -0500 Message-ID: <1292365400.1868.71.camel@cfowler-desktop> Mime-Version: 1.0 X-Mailer: Evolution 2.28.3 Content-Transfer-Encoding: 7bit X-Spam-Score: 2.814 (**) BAYES_20,FH_DATE_PAST_20XX X-Scanned-By: MIMEDefang 2.67 on 209.182.219.30 Cc: users@conserver.com X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.12 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Dec 2010 22:23:28 -0000 On Tue, 2010-12-14 at 17:15 -0500, Chris Marget wrote: > > I've added two lines here. Seems to do what I need. Am I on the right track? > > static int screwy = 0; > > /* anything from stdin? */ > if (FD_ISSET(0, &rmask)) { > if ((nc = read(0, acMesg, sizeof(acMesg))) <= 0) { > if ( nc == 0 ) fprintf(stderr, "gotcha!\n"); // added by chris m > if ( nc == 0 ) break; // added by chris m > if (screwy) > break; > else { > FD_SET(0, &rinit); > continue; > } > } > Does the break terminate the program? From tls@coyotepoint.com Tue Dec 14 22:25:04 2010 Received: from mail1.panix.com (mail1.panix.com [166.84.1.72]) by underdog.stansell.org (8.14.4/8.14.4) with ESMTP id oBEMOt1t028015 for ; Tue, 14 Dec 2010 22:25:01 GMT Received: from mailbackend.panix.com (mailbackend.panix.com [166.84.1.89]) by mail1.panix.com (Postfix) with ESMTP id CA8381F094; Tue, 14 Dec 2010 17:24:54 -0500 (EST) Received: from maxey.hvg.tjls.com (cpe-66-108-106-113.nyc.res.rr.com [66.108.106.113]) by mailbackend.panix.com (Postfix) with ESMTP id C0A8A32E1D; Tue, 14 Dec 2010 17:24:54 -0500 (EST) Received: by maxey.hvg.tjls.com (Postfix, from userid 501) id 71D938BBDC3; Tue, 14 Dec 2010 17:24:54 -0500 (EST) Date: Tue, 14 Dec 2010 17:24:54 -0500 From: Thor Simon To: Chris Marget Subject: Re: [SPAM] Re: Console taking 100% CPU Message-ID: <20101214222454.GA61445@coyotepoint.com> References: <1292362747.1868.64.camel@cfowler-desktop> <1292363987.1868.67.camel@cfowler-desktop> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.3i X-Spam-Score: 1.242 (*) BAYES_00,FH_DATE_PAST_20XX X-Scanned-By: MIMEDefang 2.67 on 209.182.219.30 Cc: Chris Fowler , users@conserver.com X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.12 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Dec 2010 22:25:04 -0000 On Tue, Dec 14, 2010 at 05:15:05PM -0500, Chris Marget wrote: > > I've added two lines here. Seems to do what I need. Am I on the right track? Not really. There is nothing "screwy" about read returning 0; it just means end-of-file. And negative values other than -1 are not allowed by POSIX. Bearing that in mind, a better structure for the code would be: if (FD_ISSET(STDIN_FILENO, &rmask)) { nc = read(0, acMesg, sizeof(acMesg); switch (nc) { case -1: /* handle error */ break; case 0: /* handle end-of-file */ break; default: /* do whatever is usual; continue; } break; /* THIS one gets you out of the outer loop. Strategic use of 'goto' may make the code more clear. */ } Generally speaking testing particular individual file descriptors against the returned descriptor set is a sign of questionable program structure, though. Usually, programs calling select should loop over all the returned descriptors, handling each in turn. Thor From bryan@stansell.org Tue Dec 14 22:31:02 2010 Received: from underdog.stansell.org (localhost [127.0.0.1]) by underdog.stansell.org (8.14.4/8.14.4) with ESMTP id oBEMV2La028199 for ; Tue, 14 Dec 2010 22:31:02 GMT Received: (from bryan@localhost) by underdog.stansell.org (8.14.4/8.14.4/Submit) id oBEMV2vc028198 for users@conserver.com; Tue, 14 Dec 2010 22:31:02 GMT Date: Tue, 14 Dec 2010 22:31:02 +0000 From: Bryan Stansell To: users@conserver.com Subject: Re: Console taking 100% CPU Message-ID: <20101214223059.GA28186@underdog.stansell.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.3i X-Scanned-By: MIMEDefang 2.67 on 209.182.219.30 X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.12 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Dec 2010 22:31:02 -0000 I dug back into that code to see where it came from, etc. There was a desire to be able to pipe console commands/interaction to the console client and the code ignores EOF in that case. So, stuff like "echo '^[cr^[c.' | console host" can process the input, and then also send out the output without bailing prematurely. Why? Well, in this "batch" case, you don't want the console client to exit before getting back the output from the server - and there's no way to tell when the data will be "done". I should probably fix it to not chew up all the CPU...but it would still "hang". If you can wrap this thing in a pty, the code will detect it as such and actually close things down on EOF. Or adjust the 'screwy' (yeah, pleasant name) variable in console.c so it is always 1 - pretends all connections are pty-based. Bryan On Dec 14, 2010, at 1:59 PM, Chris Fowler wrote: > On Tue, 2010-12-14 at 16:54 -0500, Chris Marget wrote: >> read(0, "", 8192) = 0 >> select(4, [0 3], [], NULL, NULL) = 1 (in [0]) >> read(0, "", 8192) = 0 >> select(4, [0 3], [], NULL, NULL) = 1 (in [0]) >> read(0, "", 8192) = 0 > > select() has seen STDIN ready to be read. > read() reads 0 bytes. This is an EOF condition. > > Easy. Fix the code so that when reading from 0 if 0 bytes are read is > restores the terminal and exits. > > > _______________________________________________ > users mailing list > users@conserver.com > https://www.conserver.com/mailman/listinfo/users From cfowler@outpostsentinel.com Tue Dec 14 22:33:53 2010 Received: from support.opsdc.com (support.opsdc.com [65.254.219.9]) by underdog.stansell.org (8.14.4/8.14.4) with ESMTP id oBEMXlYY028261 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Tue, 14 Dec 2010 22:33:52 GMT Received: from [192.168.1.115] (buford.k3dc.com [208.65.90.32] (may be forged)) by support.opsdc.com (8.13.8/8.13.8) with ESMTP id oBEMXkRY002148; Tue, 14 Dec 2010 17:33:46 -0500 Subject: Re: [SPAM] Re: [SPAM] Re: Console taking 100% CPU From: Chris Fowler To: Thor Simon In-Reply-To: <20101214222454.GA61445@coyotepoint.com> References: <1292362747.1868.64.camel@cfowler-desktop> <1292363987.1868.67.camel@cfowler-desktop> <20101214222454.GA61445@coyotepoint.com> Content-Type: text/plain; charset="UTF-8" Date: Tue, 14 Dec 2010 17:33:45 -0500 Message-ID: <1292366025.1868.77.camel@cfowler-desktop> Mime-Version: 1.0 X-Mailer: Evolution 2.28.3 Content-Transfer-Encoding: 7bit X-Spam-Score: 2.814 (**) BAYES_20,FH_DATE_PAST_20XX X-Scanned-By: MIMEDefang 2.67 on 209.182.219.30 Cc: users@conserver.com X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.12 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Dec 2010 22:33:53 -0000 On Tue, 2010-12-14 at 17:24 -0500, Thor Simon wrote: > There is nothing "screwy" about read returning 0; it just means > end-of-file Years back we had a problem with Java NIO not understanding that read of 0 = EOF. If the user terminated the console client (written in Java as a we applet) gracefully then everything was fine. The problem we experienced happened when the network went down or the connection was lost. Once the TCP keep alive failed then NIO would go into this nasty select(), read(), select() loop just like his strace output. Problem was that the Java programmer was not a POSIX programmer and the strace output that I gave him showing this was totally Greek. He did everything "by the NIO book". In the end I "fired" that code and replaced it with a Perl version. I still use the console Java applet we wrote but the web proxy is now in Perl. The proxy is required because Java applet security will only let you connect to the originating host. Conserver is running on many embedded devices so the proxy's job is to bridge communications from the web applet and the conserver program on the device in the field. It is little more than a select() loop on a bunch of FD's. It does update the database and log the communications to a file. THAT is how I would have done it. Problem is that it is a real pain to do VT100 emulation great and putty does a much better job than I. From cfowler@outpostsentinel.com Tue Dec 14 22:36:06 2010 Received: from support.opsdc.com (support.opsdc.com [65.254.219.9]) by underdog.stansell.org (8.14.4/8.14.4) with ESMTP id oBEMa0Rg028337 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 14 Dec 2010 22:36:06 GMT Received: from [192.168.1.115] (buford.k3dc.com [208.65.90.32] (may be forged)) by support.opsdc.com (8.13.8/8.13.8) with ESMTP id oBEMa0dp002223; Tue, 14 Dec 2010 17:36:00 -0500 Subject: Re: Console taking 100% CPU From: Chris Fowler To: Bryan Stansell In-Reply-To: <20101214223059.GA28186@underdog.stansell.org> References: <20101214223059.GA28186@underdog.stansell.org> Content-Type: text/plain; charset="UTF-8" Date: Tue, 14 Dec 2010 17:35:59 -0500 Message-ID: <1292366159.1868.79.camel@cfowler-desktop> Mime-Version: 1.0 X-Mailer: Evolution 2.28.3 Content-Transfer-Encoding: 7bit X-Spam-Score: 2.444 (**) BAYES_05,FH_DATE_PAST_20XX X-Scanned-By: MIMEDefang 2.67 on 209.182.219.30 Cc: users@conserver.com X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.12 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Dec 2010 22:36:06 -0000 On Tue, 2010-12-14 at 22:31 +0000, Bryan Stansell wrote: > > I should probably fix it to not chew up all the CPU...but it would > still "hang". If you can wrap this thing in a pty, the code will > detect it as such and actually close things down on EOF. Or adjust > the 'screwy' (yeah, pleasant name) variable in console.c so it is > always 1 - pretends all connections are pty-based. > > The pty solution would be a good one and would allow the console code to remain pristine. In "APUE" by Richard Stevens (deceased) there is an example on how to do this. From bryan@stansell.org Tue Dec 14 23:54:22 2010 Received: from underdog.stansell.org (localhost [127.0.0.1]) by underdog.stansell.org (8.14.4/8.14.4) with ESMTP id oBENsMc8000340 for ; Tue, 14 Dec 2010 23:54:22 GMT Received: (from bryan@localhost) by underdog.stansell.org (8.14.4/8.14.4/Submit) id oBENsMp0000339 for users@conserver.com; Tue, 14 Dec 2010 23:54:22 GMT Date: Tue, 14 Dec 2010 23:54:22 +0000 From: Bryan Stansell To: users@conserver.com Subject: Re: Console taking 100% CPU Message-ID: <20101214235422.GA316@underdog.stansell.org> References: <20101214223059.GA28186@underdog.stansell.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20101214223059.GA28186@underdog.stansell.org> User-Agent: Mutt/1.4.2.3i X-Scanned-By: MIMEDefang 2.67 on 209.182.219.30 X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.12 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Dec 2010 23:54:22 -0000 On Tue, Dec 14, 2010 at 10:31:02PM +0000, Bryan Stansell wrote: > I should probably fix it to not chew up all the CPU... Found the problem...sorry folks. --- console.c 19 Oct 2009 06:44:06 -0000 5.185 +++ console.c 14 Dec 2010 23:52:50 -0000 @@ -1352,7 +1352,7 @@ if (screwy) break; else { - FD_SET(0, &rinit); + FD_CLR(0, &rinit); continue; } } Bryan From glance@acc.umu.se Thu Dec 30 19:04:04 2010 Received: from mail.acc.umu.se (mail.acc.umu.se [130.239.18.156]) by underdog.stansell.org (8.14.4/8.14.4) with ESMTP id oBUJ3t26012242 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for ; Thu, 30 Dec 2010 19:04:03 GMT Received: from localhost (localhost [127.0.0.1]) by amavisd-new (Postfix) with ESMTP id 8F627754 for ; Thu, 30 Dec 2010 20:03:53 +0100 (MET) X-Virus-Scanned: amavisd-new at acc.umu.se Received: from kennedy.acc.umu.se (kennedy.acc.umu.se [130.239.18.157]) by mail.acc.umu.se (Postfix) with ESMTP id 553C1753 for ; Thu, 30 Dec 2010 20:03:52 +0100 (MET) Received: by kennedy.acc.umu.se (Postfix, from userid 24471) id 1DA5E8CC; Thu, 30 Dec 2010 20:03:52 +0100 (MET) Date: Thu, 30 Dec 2010 20:03:51 +0100 From: Anton Lundin To: users@conserver.com Subject: Re: [PATCH] Power control Message-ID: <20101230190351.GC8896@kennedy.acc.umu.se> References: <20101029134359.GU4570@kennedy.acc.umu.se> <20101102092908.GD19794@ccswiss.in2p3.fr> <4CD015BC.2070807@redhat.com> <20101102154357.GT4570@kennedy.acc.umu.se> <20101104090128.GA8019@ccswiss.in2p3.fr> <8A3999E8-4114-4D17-9BEA-E42CE7C2B9D2@conserver.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="yIMHf/Pa6CzSkARF" Content-Disposition: inline In-Reply-To: <8A3999E8-4114-4D17-9BEA-E42CE7C2B9D2@conserver.com> User-Agent: Mutt/1.5.18 (2008-05-17) X-Spam-Score: 1.242 (*) BAYES_00,FH_DATE_PAST_20XX X-Scanned-By: MIMEDefang 2.67 on 209.182.219.30 X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.12 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Dec 2010 19:04:04 -0000 --yIMHf/Pa6CzSkARF Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Second generation of this patch, done. http://www.acc.umu.se/~glance/conserver/02-conserver-8.1.18-power-control.p= atch Fixed the "multiplexing" so that the powercmd can't hang the whole Kiddie()-process. Its pretty much the same as its done for initcmd's. There is probably still some fiddeling to be done before its perfect but its god enuff to take a look at. Things on the todo: * processgroup for the powercmd like its done for initcmd's? * stdin for powercmd? currently its just close()'d * put the output from the powercmd in the log? * kill hanging powercmd's after $foo seconds? * maybee rename everything to ServerSite-kommands? //Anton - Who is heading home to end this year with a big bang... On 04 November, 2010 - Bryan Stansell wrote: > There is certainly going to be a need to either redirect stdin/stdout of = the command to the console or not (some "interactive" flag). If not, stdin= would probably be /dev/null and stdout could be anyone connected to the co= nsole (so everyone sees the output). Maybe it should just be the console o= r nothing at all. Something to think about...=20 >=20 > Bryan >=20 > On Nov 4, 2010, at 2:01 AM, Fabien Wernli wrote: >=20 > > On Wed, Nov 03, 2010 at 02:43:46PM -0700, Bryan Stansell wrote: > >> And I'm all for making it more generic as well...perhaps by making the= 'k' command programmable - in the sense that you can associate a command w= ith any character ([a-z0-9]) after 'k' and give it a label so you know what= the command is supposed to do. > >>=20 > >> So, 'k' for 'k'ommand...or perhaps even '!' to invoke a command? Hard= er to type, but consistent with vi, for example. > >=20 > > Great. I vote for '!'. > > Also, maybe it would be interesting to have a distinction between comma= nds > > that output something or not on std(err|out). > >=20 > > _______________________________________________ > > users mailing list > > users@conserver.com > > https://www.conserver.com/mailman/listinfo/users >=20 >=20 > _______________________________________________ > users mailing list > users@conserver.com > https://www.conserver.com/mailman/listinfo/users --=20 Anton Lundin +46702-161604 --yIMHf/Pa6CzSkARF Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (SunOS) iQIcBAEBAgAGBQJNHNeXAAoJEBWKl8D+5XhVTogP/3JkWrHyEj5zzqTLAwriZKcS 8Tx72MZAd7I6Zqn9sedquzNSfms95UjtgGHeI84Dk2JsC0Qn/eibtFL0xZIqW2zz y1AavHxwtlZyUWPS8Jm9jOXFGQ7XeoRyK8D9FTaOVA0BfC42JZe7y5WkMVigbRd3 rVRptfh+ZUz7NZXjFCbfRTZjGIu1EpR/itACNQGQby6enE7yjJhkqmKtsyYw7WLH rWWSsqL5ZRp8eiWICA9TqriIE1do00UYxOt7YKZRXofQ3hIOGYj6HeO+98N6xxmJ s29ZKQxLnQpnTrUwI/rpjxJHlDYSTuznBKwomCyMW33TZ8LdzGiRzhhnJ13OkPeh 7m98miL4ywFnu8jJPfEzjqSug87QOXH5OGzeOXMUa0oR8Ybjh+ipZn7UaYeAvcFj 9I2teSOwb5ItC7AO4Q4OcjvEbrPg3GKj+uGviGQAQuAzxmHctHRiJPQTkbjlyjkS Du706XfqSZJcvxxUO9v/wH7eeqvEJluXIavYitOYejS74jJZjvs9Cj7o05LX7CNI 3QLPi3Ct/FA5dlPsCEpe7noxql2s/1GRtKsyrzykQVJQswzW0jFIpTQzLIP+a+Mm jAcGRPs/lgU+SsngZHBiXlziki95M39sqLo2f4OP1mu7UHLbV6lDAe1/nfdKO/HB cwuFJPgbvaSZ6pORfOYH =T0iD -----END PGP SIGNATURE----- --yIMHf/Pa6CzSkARF--