From patchwork Wed Jul 6 22:54:35 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ira Weiny X-Patchwork-Id: 951512 X-Patchwork-Delegate: alexne@voltaire.com Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by demeter1.kernel.org (8.14.4/8.14.4) with ESMTP id p66MsbNj006215 for ; Wed, 6 Jul 2011 22:54:38 GMT Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753353Ab1GFWyh (ORCPT ); Wed, 6 Jul 2011 18:54:37 -0400 Received: from nspiron-1.llnl.gov ([128.115.41.81]:42037 "EHLO nspiron-1.llnl.gov" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753344Ab1GFWyg (ORCPT ); Wed, 6 Jul 2011 18:54:36 -0400 X-Attachments: None Received: from eris.llnl.gov (HELO trebuchet) ([134.9.2.84]) by nspiron-1.llnl.gov with SMTP; 06 Jul 2011 15:54:35 -0700 Date: Wed, 6 Jul 2011 15:54:35 -0700 From: Ira Weiny To: Alex Netes Cc: "linux-rdma@vger.kernel.org" Subject: [PATCH] opensm: make loopback console compile on by default. Message-Id: <20110706155435.ada5fbb6.weiny2@llnl.gov> X-Mailer: Sylpheed 3.1.1 (GTK+ 2.18.9; x86_64-unknown-linux-gnu) Mime-Version: 1.0 Sender: linux-rdma-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-rdma@vger.kernel.org X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.2.6 (demeter1.kernel.org [140.211.167.41]); Wed, 06 Jul 2011 22:54:38 +0000 (UTC) The console is very useful for debugging and should be available in opensm.conf as an option. Generic socket is still an option which is off for security reasons. Signed-off-by: Ira Weiny --- config/osmvsel.m4 | 28 ++++++++++++++++++++++++---- include/opensm/osm_console_io.h | 6 +++++- man/opensm.8.in | 8 +++++--- opensm/main.c | 13 +++++++++---- opensm/osm_console.c | 6 +++--- opensm/osm_console_io.c | 19 ++++++++++++++----- opensm/osm_subnet.c | 9 +++++++-- 7 files changed, 67 insertions(+), 22 deletions(-) diff --git a/config/osmvsel.m4 b/config/osmvsel.m4 index 2c91f63..4a0c5ab 100644 --- a/config/osmvsel.m4 +++ b/config/osmvsel.m4 @@ -178,28 +178,48 @@ fi # --- END OPENIB_APP_OSMV_CHECK_HEADER --- ]) dnl OPENIB_APP_OSMV_CHECK_HEADER -dnl Check if they want the socket console +dnl Check for socket console support AC_DEFUN([OPENIB_OSM_CONSOLE_SOCKET_SEL], [ # --- BEGIN OPENIB_OSM_CONSOLE_SOCKET_SEL --- +dnl Console over a loopback socket is default if libwrap is available +AC_ARG_ENABLE(console-loopback, +[ --enable-console-loopback Enable a console socket on the loopback interface, requires tcp_wrappers (default yes)], +[case $enableval in + yes) console_loopback=yes ;; + no) console_loopback=no ;; + esac], + console_loopback=yes) + +if test $console_loopback = yes; then +AC_CHECK_LIB(wrap, request_init, [], [console_loopback=no]) + AC_DEFINE(ENABLE_OSM_CONSOLE_LOOPBACK, + 1, + [Define as 1 if you want to enable a loopback console]) +fi + dnl Console over a socket connection AC_ARG_ENABLE(console-socket, -[ --enable-console-socket Enable a console socket, requires tcp_wrappers (default no)], +[ --enable-console-socket Enable a console socket, requires --enable-console-loopback (default no)], [case $enableval in yes) console_socket=yes ;; no) console_socket=no ;; esac], console_socket=no) if test $console_socket = yes; then - AC_CHECK_LIB(wrap, request_init, [], - AC_MSG_ERROR([request_init() not found. console-socket requires libwrap.])) + if test $console_loopback = no; then + AC_MSG_ERROR([--enable-console-socket requires --enable-console-loopback]) + fi AC_DEFINE(ENABLE_OSM_CONSOLE_SOCKET, 1, [Define as 1 if you want to enable a console on a socket connection]) fi + # --- END OPENIB_OSM_CONSOLE_SOCKET_SEL --- ]) dnl OPENIB_OSM_CONSOLE_SOCKET_SEL + + dnl Check if they want the PerfMgr AC_DEFUN([OPENIB_OSM_PERF_MGR_SEL], [ # --- BEGIN OPENIB_OSM_PERF_MGR_SEL --- diff --git a/include/opensm/osm_console_io.h b/include/opensm/osm_console_io.h index b51cbf7..7bf1313 100644 --- a/include/opensm/osm_console_io.h +++ b/include/opensm/osm_console_io.h @@ -45,8 +45,12 @@ #define OSM_DISABLE_CONSOLE "off" #define OSM_LOCAL_CONSOLE "local" +#ifdef ENABLE_OSM_CONSOLE_SOCKET #define OSM_REMOTE_CONSOLE "socket" +#endif +#ifdef ENABLE_OSM_CONSOLE_LOOPBACK #define OSM_LOOPBACK_CONSOLE "loopback" +#endif #define OSM_CONSOLE_NAME "OSM Console" #define OSM_DEFAULT_CONSOLE OSM_DISABLE_CONSOLE @@ -81,7 +85,7 @@ int osm_console_init(osm_subn_opt_t * opt, osm_console_t * p_oct, osm_log_t * p_ void osm_console_exit(osm_console_t * p_oct, osm_log_t * p_log); int is_console_enabled(osm_subn_opt_t *p_opt); -#ifdef ENABLE_OSM_CONSOLE_SOCKET +#ifdef ENABLE_OSM_CONSOLE_LOOPBACK int cio_open(osm_console_t * p_oct, int new_fd, osm_log_t * p_log); int cio_close(osm_console_t * p_oct, osm_log_t * p_log); int is_authorized(osm_console_t * p_oct); diff --git a/man/opensm.8.in b/man/opensm.8.in index f360739..eac004d 100644 --- a/man/opensm.8.in +++ b/man/opensm.8.in @@ -267,9 +267,11 @@ Without -maxsmps, OpenSM defaults to a maximum of 4 outstanding SMPs. .TP \fB\-console [off | local | socket | loopback]\fR -This option brings up the OpenSM console (default off). -Note that the socket and loopback options will only be available -if OpenSM was built with --enable-console-socket. +This option brings up the OpenSM console (default off). Note that loopback and +socket open a socket which can be connected to WITHOUT CREDENTIALS. Loopback +is safer if access to your SM host is controlled. hosts.[allow|deny] can be +used for some control with socket. Note that the socket option will only be +available if OpenSM was built with --enable-console-socket. .TP \fB\-console-port\fR Specify an alternate telnet port for the socket console (default 10000). diff --git a/opensm/main.c b/opensm/main.c index 798cb20..51c8291 100644 --- a/opensm/main.c +++ b/opensm/main.c @@ -270,11 +270,14 @@ static void show_usage(void) " Without --maxsmps, OpenSM defaults to a maximum of\n" " 4 outstanding SMPs.\n\n"); printf("--console, -q [off|local" +#ifdef ENABLE_OSM_CONSOLE_LOOPBACK + "|loopback" +#endif #ifdef ENABLE_OSM_CONSOLE_SOCKET - "|socket|loopback" + "|socket" #endif "]\n This option activates the OpenSM console (default off).\n\n"); -#ifdef ENABLE_OSM_CONSOLE_SOCKET +#ifdef ENABLE_OSM_CONSOLE_LOOPBACK printf("--console-port, -C \n" " Specify an alternate telnet port for the console (default %d).\n\n", OSM_DEFAULT_CONSOLE_PORT); @@ -621,7 +624,7 @@ int main(int argc, char *argv[]) {"guid_routing_order_file", 1, NULL, 'X'}, {"stay_on_fatal", 0, NULL, 'y'}, {"honor_guid2lid", 0, NULL, 'x'}, -#ifdef ENABLE_OSM_CONSOLE_SOCKET +#ifdef ENABLE_OSM_CONSOLE_LOOPBACK {"console-port", 1, NULL, 'C'}, #endif {"daemon", 0, NULL, 'B'}, @@ -788,6 +791,8 @@ int main(int argc, char *argv[]) || strcmp(optarg, OSM_LOCAL_CONSOLE) == 0 #ifdef ENABLE_OSM_CONSOLE_SOCKET || strcmp(optarg, OSM_REMOTE_CONSOLE) == 0 +#endif +#ifdef ENABLE_OSM_CONSOLE_LOOPBACK || strcmp(optarg, OSM_LOOPBACK_CONSOLE) == 0 #endif ) @@ -797,7 +802,7 @@ int main(int argc, char *argv[]) optarg); break; -#ifdef ENABLE_OSM_CONSOLE_SOCKET +#ifdef ENABLE_OSM_CONSOLE_LOOPBACK case 'C': opt.console_port = strtol(optarg, NULL, 0); break; diff --git a/opensm/osm_console.c b/opensm/osm_console.c index 684d6ee..82a9b48 100644 --- a/opensm/osm_console.c +++ b/opensm/osm_console.c @@ -45,7 +45,7 @@ #include #include #include -#ifdef ENABLE_OSM_CONSOLE_SOCKET +#ifdef ENABLE_OSM_CONSOLE_LOOPBACK #include #endif #include @@ -1620,7 +1620,7 @@ int osm_console(osm_opensm_t * p_osm) if (poll(fds, nfds, 1000) <= 0) return 0; -#ifdef ENABLE_OSM_CONSOLE_SOCKET +#ifdef ENABLE_OSM_CONSOLE_LOOPBACK if (pollfd[0].revents & POLLIN) { int new_fd = 0; struct sockaddr_in sin; @@ -1678,7 +1678,7 @@ int osm_console(osm_opensm_t * p_osm) } /* input fd is closed (hanged up) */ if (pollfd[1].revents & POLLHUP) { -#ifdef ENABLE_OSM_CONSOLE_SOCKET +#ifdef ENABLE_OSM_CONSOLE_LOOPBACK /* If we are using a socket, we close the current connection */ if (p_oct->socket >= 0) { cio_close(p_oct, &p_osm->log); diff --git a/opensm/osm_console_io.c b/opensm/osm_console_io.c index 0614c7f..78e8800 100644 --- a/opensm/osm_console_io.c +++ b/opensm/osm_console_io.c @@ -46,7 +46,7 @@ #endif /* HAVE_CONFIG_H */ #define _GNU_SOURCE /* for getline */ -#ifdef ENABLE_OSM_CONSOLE_SOCKET +#ifdef ENABLE_OSM_CONSOLE_LOOPBACK #include #include #include @@ -74,6 +74,7 @@ static int is_loopback(char *str) return 0; } +#ifdef ENABLE_OSM_CONSOLE_SOCKET static int is_remote(char *str) { /* convenience - checks if socket based connection */ @@ -81,6 +82,9 @@ static int is_remote(char *str) return strcmp(str, OSM_REMOTE_CONSOLE) == 0 || is_loopback(str); return 0; } +#else +#define is_remote is_loopback +#endif int is_console_enabled(osm_subn_opt_t * p_opt) { @@ -92,7 +96,7 @@ int is_console_enabled(osm_subn_opt_t * p_opt) } -#ifdef ENABLE_OSM_CONSOLE_SOCKET +#ifdef ENABLE_OSM_CONSOLE_LOOPBACK int cio_close(osm_console_t * p_oct, osm_log_t * p_log) { int rtnval = -1; @@ -181,9 +185,12 @@ int osm_console_init(osm_subn_opt_t * opt, osm_console_t * p_oct, osm_log_t * p_ p_oct->out_fd = fileno(stdout); osm_console_prompt(p_oct->out); +#ifdef ENABLE_OSM_CONSOLE_LOOPBACK + } else if (strcmp(opt->console, OSM_LOOPBACK_CONSOLE) == 0 #ifdef ENABLE_OSM_CONSOLE_SOCKET - } else if (strcmp(opt->console, OSM_REMOTE_CONSOLE) == 0 - || strcmp(opt->console, OSM_LOOPBACK_CONSOLE) == 0) { + || strcmp(opt->console, OSM_REMOTE_CONSOLE) == 0 +#endif + ) { struct sockaddr_in sin; int optval = 1; @@ -197,9 +204,11 @@ int osm_console_init(osm_subn_opt_t * opt, osm_console_t * p_oct, osm_log_t * p_ &optval, sizeof(optval)); sin.sin_family = AF_INET; sin.sin_port = htons(opt->console_port); +#ifdef ENABLE_OSM_CONSOLE_SOCKET if (strcmp(opt->console, OSM_REMOTE_CONSOLE) == 0) sin.sin_addr.s_addr = htonl(INADDR_ANY); else +#endif sin.sin_addr.s_addr = htonl(INADDR_LOOPBACK); if (bind(p_oct->socket, &sin, sizeof(sin)) < 0) { OSM_LOG(p_log, OSM_LOG_ERROR, @@ -230,7 +239,7 @@ int osm_console_init(osm_subn_opt_t * opt, osm_console_t * p_oct, osm_log_t * p_ /* clean up and release resources */ void osm_console_exit(osm_console_t * p_oct, osm_log_t * p_log) { -#ifdef ENABLE_OSM_CONSOLE_SOCKET +#ifdef ENABLE_OSM_CONSOLE_LOOPBACK cio_close(p_oct, p_log); if (p_oct->socket > 0) { OSM_LOG(p_log, OSM_LOG_INFO, "Closing console socket\n"); diff --git a/opensm/osm_subnet.c b/opensm/osm_subnet.c index 0b79d3a..3ba1f81 100644 --- a/opensm/osm_subnet.c +++ b/opensm/osm_subnet.c @@ -1118,8 +1118,10 @@ int osm_subn_verify_config(IN osm_subn_opt_t * p_opts) if (strcmp(p_opts->console, OSM_DISABLE_CONSOLE) && strcmp(p_opts->console, OSM_LOCAL_CONSOLE) -#ifdef ENABLE_OSM_CONSOLE_SOCKET +#ifdef ENABLE_OSM_CONSOLE_LOOPBACK && strcmp(p_opts->console, OSM_LOOPBACK_CONSOLE) +#endif +#ifdef ENABLE_OSM_CONSOLE_SOCKET && strcmp(p_opts->console, OSM_REMOTE_CONSOLE) #endif ) { @@ -1634,8 +1636,11 @@ int osm_subn_output_conf(FILE *out, IN osm_subn_opt_t * p_opts) "disable_multicast %s\n\n" "# If TRUE opensm will exit on fatal initialization issues\n" "exit_on_fatal %s\n\n" "# console [off|local" +#ifdef ENABLE_OSM_CONSOLE_LOOPBACK + "|loopback" +#endif #ifdef ENABLE_OSM_CONSOLE_SOCKET - "|loopback|socket]\n" + "|socket]\n" #else "]\n" #endif