[Audit-test-developer] [PATCH 10/26] utils/network-server: server-side cleanup on port 4009

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

This mechanism provides a generic way of cleaning up any possible
lblnet_tst_server instances that might be running, and,
due to "instances = 1" xinetd option, blocking the execution of new
instances.

The usage is as simple as

  nc <addr> 4009

or

  ncat <addr> 4009 < /dev/null

to make ncat quit immediately after opening the connection
(which is enough to spawn the cleanup tool by xinetd on the server).

Signed-off-by: Jiri Jaburek <jja...@re...>
---
 audit-test/utils/network-server/Makefile       |  2 +-
 audit-test/utils/network-server/lblnet_tst-tcp | 23 ++++++++++-
 audit-test/utils/network-server/pidfile_kill.c | 57 ++++++++++++++++++++++++++
 audit-test/utils/selinux-policy/lspp_test.fc   |  1 +
 4 files changed, 80 insertions(+), 3 deletions(-)
 create mode 100644 audit-test/utils/network-server/pidfile_kill.c

diff --git a/audit-test/utils/network-server/Makefile b/audit-test/utils/network-server/Makefile
index 579c9ea..98478d2 100644
--- a/audit-test/utils/network-server/Makefile
+++ b/audit-test/utils/network-server/Makefile
@@ -20,7 +20,7 @@ CPPFLAGS	+= -I$(UTILSDIR)/include
 
 SRVR_EXE        = lblnet_tst_server
 
-ALL_EXE		= $(SRVR_EXE)
+ALL_EXE		= $(SRVR_EXE) pidfile_kill
 
 include $(TOPDIR)/rules.mk
 
diff --git a/audit-test/utils/network-server/lblnet_tst-tcp b/audit-test/utils/network-server/lblnet_tst-tcp
index ee87ccd..388e6a1 100644
--- a/audit-test/utils/network-server/lblnet_tst-tcp
+++ b/audit-test/utils/network-server/lblnet_tst-tcp
@@ -18,7 +18,7 @@ service lblnet_tst_unlabeled_ipv6
 	port		= 4000
 
 	server		= /usr/local/eal4_testing/audit-test/utils/network-server/lblnet_tst_server
-	server_args	= -i -t 10 -l /var/log/lblnet_tst_server.log -vv
+	server_args	= -i -t 10 -l /var/log/lblnet_tst_server.log -f /var/run/lblnet_tst_server6.pid -vv
 }
 
 service lblnet_tst_labeled_ipv4
@@ -37,5 +37,24 @@ service lblnet_tst_labeled_ipv4
 	port		= 4001
 
 	server		= /usr/local/eal4_testing/audit-test/utils/network-server/lblnet_tst_server
-	server_args	= -i -t 10 -l /var/log/lblnet_tst_server.log -vv
+	server_args	= -i -t 10 -l /var/log/lblnet_tst_server.log -f /var/run/lblnet_tst_server4.pid -vv
+}
+
+service lblnet_tst_cleanup
+{
+	id		= lblnet_tst_cleanup
+	type		= UNLISTED
+	flags		= REUSE
+	wait		= no
+	user		= root
+	disable		= no
+
+	instances	= 1
+
+	socket_type	= stream
+	protocol	= tcp
+	port		= 4009
+
+	server		= /usr/local/eal4_testing/audit-test/utils/network-server/pidfile_kill
+	server_args	= /var/run/lblnet_tst_server6.pid /var/run/lblnet_tst_server4.pid
 }
diff --git a/audit-test/utils/network-server/pidfile_kill.c b/audit-test/utils/network-server/pidfile_kill.c
new file mode 100644
index 0000000..b6e5763
--- /dev/null
+++ b/audit-test/utils/network-server/pidfile_kill.c
@@ -0,0 +1,57 @@
+/* Copyright (c) 2013 Red Hat, Inc. All rights reserved.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of version 2 the GNU General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+/* AUTHOR: Jiri Jaburek <jja...@re...>
+ *
+ * This tool processes a list of pidfiles passed on cmdline,
+ * extracts PIDs from them an issues SIGKILL to those PIDs.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <signal.h>
+#include <sys/types.h>
+
+int main(int argc, char **argv)
+{
+    int fd;
+    pid_t pid;
+    char pidstr[6] = {0};
+
+    for (;--argc;argv++) {
+        /* check if pidfile exists */
+        if (access(argv[1], F_OK) == -1)
+            continue;
+
+        /* read pid from file */
+        if ((fd = open(argv[1], O_RDONLY)) == -1)
+            continue;
+        read(fd, pidstr, sizeof(pidstr)-1);
+        close(fd);
+
+        /* get numeric pid */
+        pid = atoi(pidstr);
+        if (pid == 0)
+            continue;
+
+        /* signal the process, ignore return value
+         * (the process might not exist anymore) */
+        kill(pid, SIGKILL);
+    }
+
+    return 0;
+}
diff --git a/audit-test/utils/selinux-policy/lspp_test.fc b/audit-test/utils/selinux-policy/lspp_test.fc
index ee4dcb9..87493b1 100644
--- a/audit-test/utils/selinux-policy/lspp_test.fc
+++ b/audit-test/utils/selinux-policy/lspp_test.fc
@@ -64,6 +64,7 @@
 
 # network test driver
 /usr/local/eal4_testing/audit-test/utils/network-server/lblnet_tst_server	--	gen_context(system_u:object_r:lspp_harness_exec_t,s0)
+/usr/local/eal4_testing/audit-test/utils/network-server/pidfile_kill		--	gen_context(system_u:object_r:lspp_harness_exec_t,s0)
 
 # unprivileged test applets
 /usr/local/eal4_testing/audit-test/utils/bin/do_[a-zA-Z0-9_\-]+	--	gen_context(system_u:object_r:lspp_test_generic_exec_t,s0)
-- 
1.8.3.1





[Audit-test-developer] [PATCH 10/26] utils/network-server: server-side cleanup on port 4009

Test suite for Linux audit and related security functionality

[Audit-test-developer] [PATCH 10/26] utils/network-server: server-side cleanup on port 4009