Sasha,
Trivial patch to enforce root for these perl scripts. More importantly,
doesn't silently fail if not root, and returns an error code.
--
Timothy A. Meier
Computer Scientist
ICCD/High Performance Computing
925.422.3341
[EMAIL PROTECTED]
>From f4058a22d31dc31f0e8ecdffcc42bff065eefcce Mon Sep 17 00:00:00 2001
From: Tim Meier <[EMAIL PROTECTED]>
Date: Wed, 21 May 2008 16:40:18 -0700
Subject: [PATCH] infiniband-diags: terminate perl scripts with error if not root
Adds the "auth_check" routine at the beginning of each main, which
terminates with an error if not invoked as root.
Signed-off-by: Tim Meier <[EMAIL PROTECTED]>
---
infiniband-diags/scripts/IBswcountlimits.pm | 10 ++++++++++
infiniband-diags/scripts/ibfindnodesusing.pl | 1 +
infiniband-diags/scripts/ibidsverify.pl | 1 +
infiniband-diags/scripts/iblinkinfo.pl | 1 +
infiniband-diags/scripts/ibprintca.pl | 1 +
infiniband-diags/scripts/ibprintrt.pl | 1 +
infiniband-diags/scripts/ibprintswitch.pl | 1 +
infiniband-diags/scripts/ibqueryerrors.pl | 1 +
infiniband-diags/scripts/ibswportwatch.pl | 1 +
9 files changed, 18 insertions(+), 0 deletions(-)
diff --git a/infiniband-diags/scripts/IBswcountlimits.pm
b/infiniband-diags/scripts/IBswcountlimits.pm
index 9bc356f..0b7563e 100755
--- a/infiniband-diags/scripts/IBswcountlimits.pm
+++ b/infiniband-diags/scripts/IBswcountlimits.pm
@@ -123,6 +123,16 @@ sub check_counters
"Total number of packets, excluding link packets, received on all VLs to the
port"
);
+# =========================================================================
+# only root is authorized, terminate with msg and err code
+#
+sub auth_check
+{
+ if ( $> != 0 ) {
+ die "Permission denied, must be root\n";
+ }
+}
+
sub check_data_counters
{
my $print_action = $_[0];
diff --git a/infiniband-diags/scripts/ibfindnodesusing.pl
b/infiniband-diags/scripts/ibfindnodesusing.pl
index 1bf0987..49003af 100755
--- a/infiniband-diags/scripts/ibfindnodesusing.pl
+++ b/infiniband-diags/scripts/ibfindnodesusing.pl
@@ -168,6 +168,7 @@ sub compress_hostlist
#
sub main
{
+ auth_check;
my $found_switch = undef;
my $cache_file = get_cache_file($ca_name, $ca_port);
open IBNET_TOPO, "<$cache_file" or die "Failed to open ibnet
topology\n";
diff --git a/infiniband-diags/scripts/ibidsverify.pl
b/infiniband-diags/scripts/ibidsverify.pl
index de78e6b..b857166 100755
--- a/infiniband-diags/scripts/ibidsverify.pl
+++ b/infiniband-diags/scripts/ibidsverify.pl
@@ -163,6 +163,7 @@ sub insert_portguid
sub main
{
+ auth_check;
if ($regenerate_map
|| !(-f "$IBswcountlimits::cache_dir/ibnetdiscover.topology"))
{
diff --git a/infiniband-diags/scripts/iblinkinfo.pl
b/infiniband-diags/scripts/iblinkinfo.pl
index a195474..4bb9598 100755
--- a/infiniband-diags/scripts/iblinkinfo.pl
+++ b/infiniband-diags/scripts/iblinkinfo.pl
@@ -98,6 +98,7 @@ my $extra_smpquery_params =
get_ca_name_port_param_string($ca_name, $ca_port);
sub main
{
+ auth_check;
get_link_ends($regenerate_map, $ca_name, $ca_port);
if (defined($direct_route)) {
# convert DR to guid, then use original single_switch option
diff --git a/infiniband-diags/scripts/ibprintca.pl
b/infiniband-diags/scripts/ibprintca.pl
index 38b4330..d5c5fba 100755
--- a/infiniband-diags/scripts/ibprintca.pl
+++ b/infiniband-diags/scripts/ibprintca.pl
@@ -88,6 +88,7 @@ if ($target_hca eq "") {
#
sub main
{
+ auth_check;
my $found_hca = undef;
open IBNET_TOPO, "<$cache_file" or die "Failed to open ibnet
topology\n";
my $in_hca = "no";
diff --git a/infiniband-diags/scripts/ibprintrt.pl
b/infiniband-diags/scripts/ibprintrt.pl
index 86dcb64..c6070ff 100755
--- a/infiniband-diags/scripts/ibprintrt.pl
+++ b/infiniband-diags/scripts/ibprintrt.pl
@@ -88,6 +88,7 @@ if ($target_rt eq "") {
#
sub main
{
+ auth_check;
my $found_rt = undef;
open IBNET_TOPO, "<$cache_file" or die "Failed to open ibnet
topology\n";
my $in_rt = "no";
diff --git a/infiniband-diags/scripts/ibprintswitch.pl
b/infiniband-diags/scripts/ibprintswitch.pl
index 6712201..41a5131 100755
--- a/infiniband-diags/scripts/ibprintswitch.pl
+++ b/infiniband-diags/scripts/ibprintswitch.pl
@@ -87,6 +87,7 @@ if ($target_switch eq "") {
#
sub main
{
+ auth_check;
my $found_switch = undef;
open IBNET_TOPO, "<$cache_file" or die "Failed to open ibnet
topology\n";
my $in_switch = "no";
diff --git a/infiniband-diags/scripts/ibqueryerrors.pl
b/infiniband-diags/scripts/ibqueryerrors.pl
index c807c02..3330687 100755
--- a/infiniband-diags/scripts/ibqueryerrors.pl
+++ b/infiniband-diags/scripts/ibqueryerrors.pl
@@ -185,6 +185,7 @@ $cache_file = get_cache_file($ca_name, $ca_port);
sub main
{
+ auth_check;
if (@IBswcountlimits::suppress_errors) {
my $msg = join(",", @IBswcountlimits::suppress_errors);
print "Suppressing: $msg\n";
diff --git a/infiniband-diags/scripts/ibswportwatch.pl
b/infiniband-diags/scripts/ibswportwatch.pl
index 6d6ba1c..76398fa 100755
--- a/infiniband-diags/scripts/ibswportwatch.pl
+++ b/infiniband-diags/scripts/ibswportwatch.pl
@@ -157,6 +157,7 @@ my $sw_port = $ARGV[1];
sub main
{
+ auth_check;
clear_counters;
get_new_counts($sw_addr, $sw_port);
while ($cycle != 0) {
--
1.5.1
_______________________________________________
general mailing list
[email protected]
http://lists.openfabrics.org/cgi-bin/mailman/listinfo/general
To unsubscribe, please visit http://openib.org/mailman/listinfo/openib-general
