Commit [c43167] Maximize Restore History

Merge remote-tracking branch 'origin/fixConformance' into demo

amw amw 2012-03-02

1 2 > >> (Page 1 of 2)
removed rsync_aur/rsync_pull_sample.config
removed run_scripts/samples
removed run_scripts/rsync_mock.config
changed cg/casn/casn.c
changed cg/tools/add_cms_cert_no_check.c
changed cg/tools/sign_cert.c
changed cg/tools/sign_cms.c
changed doc/rsync_uri_handling.doc
changed proto/Makefile.am
changed proto/chaser.c
changed proto/err.c
changed proto/garbage.c
changed proto/querySupport.c
changed proto/sqcon.c
changed proto/sqhl.c
changed proto/sqhl.h
changed rsync_aur/rsync_cord.py
changed rsync_aur/rsync_listener.c
changed run_scripts/chaser.sh
copied rsync_aur/rsync_pull.sh -> proto/CHASER-OUTLINE
copied run_scripts/pull_and_feed.sh -> proto/db_constants.h
run_scripts/samples
File was removed.
run_scripts/rsync_mock.config
File was removed.
cg/casn/casn.c Diff Switch to side-by-side view
Loading...
cg/tools/add_cms_cert_no_check.c Diff Switch to side-by-side view
Loading...
cg/tools/sign_cert.c Diff Switch to side-by-side view
Loading...
cg/tools/sign_cms.c Diff Switch to side-by-side view
Loading...
doc/rsync_uri_handling.doc Diff Switch to side-by-side view
Loading...
proto/Makefile.am Diff Switch to side-by-side view
Loading...
proto/chaser.c Diff Switch to side-by-side view
Loading...
proto/err.c Diff Switch to side-by-side view
Loading...
proto/garbage.c Diff Switch to side-by-side view
Loading...
proto/querySupport.c Diff Switch to side-by-side view
Loading...
proto/sqcon.c Diff Switch to side-by-side view
Loading...
proto/sqhl.c Diff Switch to side-by-side view
Loading...
proto/sqhl.h Diff Switch to side-by-side view
Loading...
rsync_aur/rsync_cord.py Diff Switch to side-by-side view
Loading...
rsync_aur/rsync_listener.c Diff Switch to side-by-side view
Loading...
run_scripts/chaser.sh Diff Switch to side-by-side view
Loading...
rsync_aur/rsync_pull.sh to proto/CHASER-OUTLINE
--- a/rsync_aur/rsync_pull.sh
+++ b/proto/CHASER-OUTLINE
@@ -1,161 +1,63 @@
-#!/bin/sh
+================================================================================
+    Introduction
+--------------------------------------------------------------------------------
+This document is a portion of a Software Design Document for RPSTIR, pertaining
+to the "chaser".  Chaser collects publication points, specifically rsync URIs,
+for use in downloading the Repository Objects of the RPKI.
 
-# set environment variables if not set
-THIS_SCRIPT_DIR=$(dirname $0)
-. $THIS_SCRIPT_DIR/../envir.setup
 
-RSYNC=/usr/local/bin/rsync
+================================================================================
+    Top-level requirements
+--------------------------------------------------------------------------------
+T1. 
 
-# This is the rsync_pull.sh script. It takes one argument which is
-# a config file. After checking it's input, the script rotates 
-# any existing log files and then rsyncs the data specified in the
-# config file. After this is completed, the rsync_aur program should
-# be invoked with the log names to alert the database as to new 
-# or changed elements to be in RPKI_DB.
-#
-# The config file must contain the following variable defines:
-#
-# DIRS=
-#   A list of the form system/dir or "system1/dir1 system2/dir2 ..." (e.g.
-#   "apnic.mirin.apnic.net/mock/AFRINIC apnic.mirin.apnic.net/mock/APNIC")
-# REPOSITORY=
-#   The full path of where the repositories should be deposited
-#   (e.g. /home/mudge/rsync_aur/REPOSITORY ) - note: leave the trailing
-#   slash off as rsync interprets that to mean something else.
-# LOGS=
-#   The full path of where the rsync log file (that the AUR program
-#   will ultimately use) should be put. 
-# DOPULL=
-#   NO or no if do not want to pull the data from remote repositories
-# DOLOAD=
-#   NO or no if do not want to load the data into the database
-#
-# ***NOTE*** we are handing off these variables to rsync. As such, 
-# if someone were to include shell metacharacters then badness can 
-# be acheived (e.g. DIRS="foo bar ba;touch\ /etc/nologin;" or similar)
-#
-# This script is a proof of concept, if you want to redo it in perl, c
-# or something else remember to allow only legitimate characters and
-# deny all others prior to handing any of the variables to the shell or
-# other programs. (.mudge) 
 
-# check that we have a config file specified as the arg
-if [ $# -ne 1 ] ; then
-  echo "usage: $0 config_file"
-  echo    "look in the source of this script for config format"
-  exit 1
-fi
+================================================================================
+    Derived requirements
+--------------------------------------------------------------------------------
+D1. Perform a top-down walk of the distributed repository structure, as
+    suggested in draft-ietf-sidr-repos-struct.
 
-# check that it is a regular file
-if ! [ -f $1 ] ; then
-  echo "no file"
-  exit 1
-fi
 
-# source the file to load the variables
-. ./$1
-if [ $? -ne 0 ] ; then
-  echo "failed to source config file"
-  exit 1
-fi
+================================================================================
+    Design Overview
+--------------------------------------------------------------------------------
+Chaser...
 
-# check for the DIRS variable
-if [ "${DIRS}NO" = "NO" ] ; then
-  echo "missing DIRS= variable in config"
-  exit 1
-fi
+Currently (Jan, 2012), chaser takes any input string and separates it into
+multiple input strings, delimited by the semicolon character.  It then processes
+each separate string as a potential rsync URI.  This is because the database
+currently stores multiple URIs in a single field, delimited by a semicolon.  The
+database is being redesigned and will store each URI separately.  Then, chaser
+will be changed to no longer separate input strings at semicolons.
 
-# check for the REPOSITORY variable
-if [ "${REPOSITORY}NO" = "NO" ] ; then
-  echo "missing REPOSITORY= variable in config"
-  exit 1
-fi
-# and make sure it's a directory
-if ! [ -d ${REPOSITORY} ] ; then
-  echo "${REPOSITORY} does not appear to be a valid directory"
-  exit 1
-fi
+Chaser does not remove or escape character combinations from the URIs that may
+present a security risk when used on a shell command line.  That input
+sanitization is left to the program that uses chaser's output.
 
-# check for the LOGS variable
-if [ "${LOGS}NO" = "NO" ] ; then
-  echo "missing LOGS= variable in config"
-  exit 1
-fi
-# and make sure it's a directory
-if ! [ -d ${LOGS} ] ; then
-  echo "${LOGS} does not appear to be a valid directory"
-  exit 1
-fi
 
-#############
-# if we got here... things look somewhat sane...
-#############
-if [ "${DOPULL}y" != "noy" ] && [ "${DOPULL}y" != "NOy" ]; then
-  echo "Creating directories and rotating rpki rsync logs"
+================================================================================
+    Interface - external
+--------------------------------------------------------------------------------
+Chaser loads from file, additional_rsync_uris.config.
 
-  for arg in ${DIRS}
-  do
-    IFS=' '
-    cd ${LOGS}
-    IFS=/
-    dir=""
-    for i in ${arg}
-    do
-      if ! [ "${dir}NO" = "NO" ] ; then
-        if ! [ -d "${dir}" ] ; then mkdir ${dir}; fi
-        cd ${dir}
-      fi
-      dir=${i}
-    done
-    if [ -f "${dir}.log.8" ]; then mv -f "${dir}.log.8" "${dir}.log.9"; fi
-    if [ -f "${dir}.log.7" ]; then mv -f "${dir}.log.7" "${dir}.log.8"; fi
-    if [ -f "${dir}.log.6" ]; then mv -f "${dir}.log.6" "${dir}.log.7"; fi
-    if [ -f "${dir}.log.5" ]; then mv -f "${dir}.log.5" "${dir}.log.6"; fi
-    if [ -f "${dir}.log.4" ]; then mv -f "${dir}.log.4" "${dir}.log.5"; fi
-    if [ -f "${dir}.log.3" ]; then mv -f "${dir}.log.3" "${dir}.log.4"; fi
-    if [ -f "${dir}.log.2" ]; then mv -f "${dir}.log.2" "${dir}.log.3"; fi
-    if [ -f "${dir}.log.1" ]; then mv -f "${dir}.log.1" "${dir}.log.2"; fi
-    if [ -f "${dir}.log" ]; then mv -f "${dir}.log" "${dir}.log.1"; fi
+The program that calls chaser sets flags to determine:
+  - whether to search bottom-to-top
+  - whether to process URIs from not-yet-validated objects
+  - what input file to use
+  - whether to limit CRLs by date
+  - whether to remove non-printable characters from URIs
 
-    IFS=' '
-    cd ${REPOSITORY}
-    IFS=/
-    dir=""
-    for i in ${arg}
-    do
-      if ! [ "${dir}NO" = "NO" ] ; then
-        if ! [ -d "${dir}" ] ; then mkdir ${dir}; fi
-        cd ${dir}
-      fi
-      dir=${i}
-    done
-  done
-fi
+Chaser prints rsync uris to standard output, separated by null characters.
 
-start2=`date +%s`
-IFS=' '
-for arg in ${DIRS}
-do
-  if [ "${DOPULL}y" != "noy" ] && [ "${DOPULL}y" != "NOy" ]; then
-    echo "retrieving ${arg}"
-    start=`date +%s`
-    $RSYNC -airz --del rsync://${arg}/ ${REPOSITORY}/${arg} > \
-          ${LOGS}/${arg}.log
-    end=`date +%s`
-    echo "retrieve required $(($end-$start)) seconds"
-  fi
-  if [ "${DOLOAD}y" != "noy" ] && [ "${DOLOAD}y" != "NOy" ]; then
-    echo "loading ${arg}"
-    start=`date +%s`
-    ${RPKI_ROOT}/rsync_aur/rsync_aur -t ${RPKI_PORT} -f ${LOGS}/${arg}.log -d ${REPOSITORY}/${arg}
-    end=`date +%s`
-    echo "load required $(($end-$start)) seconds"
-  fi
-done
-if [ "${DOLOAD}y" != "noy" ] && [ "${DOLOAD}y" != "NOy" ]; then
-  echo "Waiting for loader to finish ..."
-  ${RPKI_ROOT}/rsync_aur/rsync_aur -s -t ${RPKI_PORT} -f ${RPKI_ROOT}/run_scripts/empty.log -d ${REPOSITORY}
-  echo "Loader finished"
-fi
-end2=`date +%s`
-echo "total time was $(($end2-$start2)) seconds"
+
+================================================================================
+    Interface - internal
+--------------------------------------------------------------------------------
+The main internal interface is between the chaser logic and access to the
+database.  The chaser logic is in chaser.c, which uses files from
+$RPKI_ROOT/util/mysql-c-api/ to access the database.  Of those files,
+prep-stmt.c contains the prepared statements used to access the database, and
+client-chaser.c contains the functions that use the prepared statements and
+handle their results.
+
run_scripts/pull_and_feed.sh to proto/db_constants.h
--- a/run_scripts/pull_and_feed.sh
+++ b/proto/db_constants.h
@@ -1,40 +1,31 @@
-#!/bin/sh
-# This script is a shortcut to invoke the script rsync_pull.sh
-# It executes rsync to pull down data and then optionally loads it
-#   into the database.
-# It takes a single argument, which is the name of the configuration
-#   file that contains the instructions for what to do.
-# 
-# The file rsync_mock.config is a sample configuration file.
-# The following is the set of variables to define in the configuration file.
-#
-# DIRS=
-#   A list of the form system/dir or "system1/dir1 system2/dir2 ..." (e.g.
-#   "apnic.mirin.apnic.net/mock/AFRINIC apnic.mirin.apnic.net/mock/APNIC")
-# REPOSITORY=
-#   The full path of where the repositories should be deposited
-#   (e.g. /home/mudge/rsync_aur/REPOSITORY ) - note: leave the trailing
-#   slash off as rsync interprets that to mean something else.
-# LOGS=
-#   The full path of where the rsync log file (that the AUR program
-#   will ultimately use) should be put. 
-# DOPULL=
-#   NO or no if do not want to pull the data from remote repositories
-# DOLOAD=
-#   NO or no if do not want to load the data into the database
-#
-# Addtional documentation is in the rsync_pull.sh file.
+#ifndef _PROTO_DB_CONSTANTS_H
+#define _PROTO_DB_CONSTANTS_H
 
-# check that we have a config file specified as the arg
-if [ $# -ne 1 ] ; then
-  echo "usage: $0 config_file"
-  echo " look in the source of this script for config format"
-  echo " or look at rsync_mock.config as a sample config file"
-  exit 1
-fi
 
-# set environment variables if not set
-THIS_SCRIPT_DIR=$(dirname $0)
-. $THIS_SCRIPT_DIR/../envir.setup
+/*
+  Signature validation states
+*/
 
-${RPKI_ROOT}/rsync_aur/rsync_pull.sh $1
+#define SIGVAL_UNKNOWN     0
+#define SIGVAL_NOTPRESENT  1
+#define SIGVAL_VALID       2
+#define SIGVAL_INVALID     3
+
+/*
+  Flags
+*/
+
+#define SCM_FLAG_CA           0x1    /* certificate authority */
+#define SCM_FLAG_TRUSTED      0x2    /* trusted */
+#define SCM_FLAG_VALIDATED    0x4    /* at some point, chain existed */
+#define SCM_FLAG_NOCHAIN      0x8    /* now missing links on chain to anchor */
+#define SCM_FLAG_NOTYET       0x10   /* too early, not yet ready */
+#define SCM_FLAG_STALECRL     0x20   /* assoc crl of self or ancestor stale */
+#define SCM_FLAG_STALEMAN     0x40   /* assoc man of self or ancestor stale */
+#define SCM_FLAG_ONMAN        0x100  /* has associated valid manifest */
+#define SCM_FLAG_ISPARACERT   0x200  /* is a paracert */
+#define SCM_FLAG_HASPARACERT  0x400  /* has a paracert */
+#define SCM_FLAG_ISTARGET     0x800  /* is a target for LTA work */
+
+
+#endif
1 2 > >> (Page 1 of 2)