Changeset 1179


Ignore:
Timestamp:
Jun 8, 2009, 1:07:47 PM (12 years ago)
Author:
mitchb
Message:
Merge r1121:1178 from trunk to branches/fc11-dev
Location:
branches/fc11-dev
Files:
2 deleted
21 edited
5 copied

Legend:

Unmodified
Added
Removed
  • branches/fc11-dev/locker/deploy/bin/phpbb

    r476 r1179  
    22use strict;
    33use lib '/mit/scripts/deploy/bin';
    4 use onserver;
     4use onserver_star;
    55use File::Path;
    66
    77setup();
    88
    9 fetch_uri(
    10     'install/install.php',
    11     {},
    12     {lang => 'english',
    13      dbms => 'mysql4',
    14      upgrade => 0,
    15      dbhost => $sqlhost,
    16      dbuser => $sqluser,
    17      dbname => $sqldb,
    18      dbpasswd => $sqlpass,
    19      prefix => '',
    20      board_email => $email,
    21      server_name => $server,
    22      server_port => 80,
    23      script_path => "/~$USER/$addrend/",
    24      admin_name => $admin_username,
    25      admin_pass1 => $admin_password,
    26      admin_pass2 => $admin_password,
    27      install_step => 1,
    28      cur_lang => 'english'});
    29 
    30 rmtree(['contrib', 'install']);
     9# Initial installation page
     10fetch_uri(
     11    'install/index.php',
     12    {mode => 'install',
     13     language => 'en'},
     14    {});
     15print "Loaded initial installation page\n";
     16
     17# Requirements page
     18fetch_uri(
     19    'install/index.php',
     20    {mode => 'install',
     21     sub => 'requirements',
     22     language => 'en'},
     23    {});
     24print "Loaded requirements page\n";
     25
     26# Database page
     27fetch_uri(
     28    'install/index.php',
     29    {mode => 'install',
     30     sub => 'database',
     31     language => 'en'},
     32    {img_imagick => '/usr/bin/'});
     33print "Loaded database page\n";
     34
     35# Database again
     36fetch_uri(
     37    'install/index.php',
     38    {mode => 'install',
     39     sub => 'database'},
     40    {dbms => 'mysql',
     41     dbhost => $sqlhost,
     42     dbname => $sqldb,
     43     dbuser => $sqluser,
     44     dbpasswd => $sqlpass,
     45     table_prefix => '',
     46     img_imagick => '/usr/bin/',
     47     language => 'en',
     48     testdb => 'true'});
     49print "Loaded database page (part 2)\n";
     50
     51# Administrator page
     52fetch_uri(
     53    'install/index.php',
     54    {mode => 'install',
     55     sub => 'administrator'},
     56    {img_imagick => '/usr/bin/',
     57     language => 'en',
     58     dbms => 'mysql',
     59     dbhost => $sqlhost,
     60     dbport => '',
     61     dbname => $sqldb,
     62     dbuser => $sqluser,
     63     dbpasswd => $sqlpass,
     64     table_prefix => ''});
     65print "Loaded administrator page\n";
     66
     67# Administrator page again
     68fetch_uri(
     69    'install/index.php',
     70    {mode => 'install',
     71     sub => 'administrator'},
     72    {default_lang => 'en',
     73     admin_name => $admin_username,
     74     admin_pass1 => $admin_password,
     75     admin_pass2 => $admin_password,
     76     board_email1 => $email,
     77     board_email2 => $email,
     78     img_imagick => '/usr/bin/',
     79     language => 'en',
     80     dbms => 'mysql',
     81     dbhost => $sqlhost,
     82     dbport => '',
     83     dbname => $sqldb,
     84     dbuser => $sqluser,
     85     dbpasswd => $sqlpass,
     86     table_prefix => '',
     87     check => 'true'});
     88print "Loaded administrator page (part 2)\n";
     89
     90# Config file page
     91fetch_uri(
     92    'install/index.php',
     93    {mode => 'install',
     94     sub => 'config_file'},
     95    {img_imagick => '/usr/bin/',
     96     default_lang => 'en',
     97     admin_name => $admin_username,
     98     admin_pass1 => $admin_password,
     99     admin_pass2 => $admin_password,
     100     board_email1 => $email,
     101     board_email2 => $email,
     102     language => 'en',
     103     dbms => 'mysql',
     104     dbhost => $sqlhost,
     105     dbport => '',
     106     dbname => $sqldb,
     107     dbuser => $sqluser,
     108     dbpasswd => $sqlpass,
     109     table_prefix => ''});
     110print "Loaded config file page\n";
     111
     112# Advanced page
     113fetch_uri(
     114    'install/index.php',
     115    {mode => 'install',
     116     sub => 'advanced'},
     117    {img_imagick => '/usr/bin/',
     118     language => 'en',
     119     dbms => 'mysql',
     120     dbhost => $sqlhost,
     121     dbport => '',
     122     dbname => $sqldb,
     123     dbuser => $sqluser,
     124     dbpasswd => $sqlpass,
     125     table_prefix => '',
     126     default_lang => 'en',
     127     admin_name => $admin_username,
     128     admin_pass1 => $admin_password,
     129     admin_pass2 => $admin_password,
     130     board_email1 => $email,
     131     board_email2 => $email});
     132print "Loaded advanced setup page\n";
     133
     134# Create database tables
     135fetch_uri(
     136    'install/index.php',
     137    {mode => 'install',
     138     sub => 'create_table'},
     139    {email_enable => '1',
     140     smtp_delivery => '0',
     141     smtp_auth => 'PLAIN',
     142     cookie_secure => '0',
     143     force_server_vars => '0',
     144     server_protocol => 'http://',
     145     server_name => "$USER.scripts.mit.edu",
     146     server_port => '80',
     147     script_path => "/$addrend",
     148     img_imagick => '/usr/bin/',
     149     language => 'en',
     150     dbms => 'mysql',
     151     dbhost => $sqlhost,
     152     dbport => '',
     153     dbname => $sqldb,
     154     dbuser => $sqluser,
     155     dbpasswd => $sqlpass,
     156     table_prefix => '',
     157     default_lang => 'en',
     158     admin_name => $admin_username,
     159     admin_pass1 => $admin_password,
     160     admin_pass2 => $admin_password,
     161     board_email1 => $email,
     162     board_email2 => $email});
     163print "Loaded database table creation page\n";
     164
     165# Final page
     166fetch_uri(
     167    'install/index.php',
     168    {mode => 'install',
     169     sub => 'final'},
     170    {language => 'en',
     171     dbms => 'mysql',
     172     dbhost => $sqlhost,
     173     dbport => '',
     174     dbuser => $sqluser,
     175     dbpasswd => $sqlpass,
     176     dbname => $sqldb,
     177     table_prefix => '',
     178     default_lang => 'en',
     179     admin_name => $admin_username,
     180     admin_pass1 => $admin_password,
     181     admin_pass2 => $admin_password,
     182     board_email1 => $email,
     183     board_email2 => $email,
     184     img_imagick => '/usr/bin/',
     185     ftp_path => '',
     186     ftp_user => '',
     187     ftp_pass => '',
     188     email_enable => '1',
     189     smtp_delivery => '0',
     190     smtp_host => '',
     191     smtp_auth => 'PLAIN',
     192     smtp_user => '',
     193     smtp_pass => '',
     194     cookie_secure => '0',
     195     force_server_vars => '0',
     196     server_protocol => 'http://',
     197     server_name => "$USER.scripts.mit.edu",
     198     server_port => '80',
     199     script_path => "/$addrend"});
     200print "Loaded installation finalization page\n";
     201
     202rmtree(['install']);
  • branches/fc11-dev/noc/nagios/contacts.cfg

    r895 r1179  
    1414        contactgroup_name       pagers
    1515        alias                   Scripts Maintainers (Pagers)
    16         members                 quentin-cell,geofft-pager
     16        members                 quentin-cell
    1717}
    1818
  • branches/fc11-dev/noc/nagios/hostgroups.cfg

    r960 r1179  
    3232        hostgroup_name  scripts-mail
    3333        alias   Mail servers
    34         members b-m,o-f,b-k
     34        members b-m,o-f,b-k,c-w
    3535}
    3636
     
    3838        hostgroup_name  scripts-cron
    3939        alias   Cron servers
    40         members b-m,o-f,b-k
     40        members b-m,o-f,b-k,c-w
    4141}
    4242
     
    4444        hostgroup_name  scripts-user
    4545        alias   User servers
    46         members b-m,o-f,b-k
     46        members b-m,o-f,b-k,c-w
    4747}
    4848
     
    5050        hostgroup_name  scripts-all
    5151        alias   All scripts hosts
    52         members b-k,b-m,k-s,o-f,r-f,r-b,s-b,scripts,scripts-cert,sipb-ether,sql,wildcard.scripts
     52        members b-k,b-m,c-w,k-s,o-f,r-f,r-b,s-b,scripts,scripts-cert,sipb-ether,sql,wildcard.scripts
    5353}
    5454
     
    5656        hostgroup_name  scripts-real
    5757        alias   All physical scripts servers
    58         members b-k,b-m,k-s,o-f,r-f,r-b,s-b
     58        members b-k,b-m,c-w,k-s,o-f,r-f,r-b,s-b
    5959}
  • branches/fc11-dev/noc/nagios/hosts.cfg

    r1065 r1179  
    116116}
    117117
     118define host {
     119        use     scripts-sipb-host
     120        host_name       c-w
     121        alias           cats-whiskers
     122        address         18.181.0.228
     123}
     124
    118125# LVS
    119126
  • branches/fc11-dev/server/common/oursrc/nss_nonlocal/configure.ac

    r800 r1179  
    1 AC_INIT([nss_nonlocal], [1.8], [andersk@mit.edu])
     1AC_INIT([nss_nonlocal], [1.9], [andersk@mit.edu])
    22AC_CANONICAL_TARGET
    33AM_INIT_AUTOMAKE([-Wall -Werror foreign])
  • branches/fc11-dev/server/common/oursrc/nss_nonlocal/nonlocal-group.c

    r800 r1179  
    9898    fct.ptr = fct_start;
    9999    do {
     100    morebuf:
    100101        if (fct.l == _nss_nonlocal_getgrgid_r)
    101102            status = NSS_STATUS_NOTFOUND;
    102103        else
    103104            status = DL_CALL_FCT(fct.l, (gid, &gbuf, buf, buflen, errnop));
    104         if (status == NSS_STATUS_TRYAGAIN && *errnop == ERANGE)
    105             break;
     105        if (status == NSS_STATUS_TRYAGAIN && *errnop == ERANGE) {
     106            free(buf);
     107            buflen *= 2;
     108            buf = malloc(buflen);
     109            if (buf == NULL) {
     110                *errnop = ENOMEM;
     111                errno = old_errno;
     112                return NSS_STATUS_TRYAGAIN;
     113            }
     114            goto morebuf;
     115        }
    106116    } while (__nss_next(&nip, fct_name, &fct.ptr, status, 0) == 0);
    107117
     
    118128
    119129enum nss_status
    120 get_local_group(const char *name, struct group *grp, char *buffer, size_t buflen, int *errnop)
     130get_local_group(const char *name, struct group *grp, char **buffer, int *errnop)
    121131{
    122132    static const char *fct_name = "getgrnam_r";
     
    130140        void *ptr;
    131141    } fct;
    132     struct group gbuf;
    133     int n;
     142    size_t buflen;
    134143    int old_errno = errno;
    135144
    136     int len = sysconf(_SC_GETGR_R_SIZE_MAX);
    137     char *buf = malloc(len);
    138     if (buf == NULL) {
     145    buflen = sysconf(_SC_GETGR_R_SIZE_MAX);
     146    *buffer = malloc(buflen);
     147    if (*buffer == NULL) {
    139148        *errnop = ENOMEM;
    140149        errno = old_errno;
     
    144153    if (fct_start == NULL &&
    145154        __nss_group_lookup(&startp, fct_name, &fct_start) != 0) {
    146         free(buf);
     155        free(*buffer);
     156        *buffer = NULL;
    147157        return NSS_STATUS_UNAVAIL;
    148158    }
     
    150160    fct.ptr = fct_start;
    151161    do {
     162    morebuf:
    152163        if (fct.l == _nss_nonlocal_getgrnam_r)
    153164            status = NSS_STATUS_NOTFOUND;
    154165        else
    155             status = DL_CALL_FCT(fct.l, (name, &gbuf, buf, buflen, errnop));
    156         if (status == NSS_STATUS_TRYAGAIN && *errnop == ERANGE)
    157             break;
    158     } while (__nss_next(&nip, fct_name, &fct.ptr, status, 0) == 0);
    159 
    160     if (status != NSS_STATUS_SUCCESS)
    161         goto get_local_group_done;
    162 
    163     n = snprintf(buffer, buflen, "%s", gbuf.gr_name);
    164     if (n < 0 || n >= buflen) {
    165         *errnop = ERANGE;
    166         status = NSS_STATUS_TRYAGAIN;
    167         goto get_local_group_done;
    168     }
    169     grp->gr_name = buffer;
    170     buffer += n;
    171     buflen -= n;
    172 
    173     n = snprintf(buffer, buflen, "%s", gbuf.gr_passwd);
    174     if (n < 0 || n >= buflen) {
    175         *errnop = ERANGE;
    176         status = NSS_STATUS_TRYAGAIN;
    177         goto get_local_group_done;
    178     }
    179     grp->gr_passwd = buffer;
    180     buffer += n;
    181     buflen -= n;
    182 
    183     grp->gr_gid = gbuf.gr_gid;
    184 
    185     if (buflen < sizeof(void *)) {
    186         *errnop = ERANGE;
    187         status = NSS_STATUS_TRYAGAIN;
    188         goto get_local_group_done;
    189     }
    190     *(void **)buffer = NULL;
    191     buffer += sizeof(void *);
    192     buflen -= sizeof(void *);
    193 
    194  get_local_group_done:
    195     free(buf);
     166            status = DL_CALL_FCT(fct.l, (name, grp, *buffer, buflen, errnop));
     167        if (status == NSS_STATUS_TRYAGAIN && *errnop == ERANGE) {
     168            free(*buffer);
     169            buflen *= 2;
     170            *buffer = malloc(buflen);
     171            if (*buffer == NULL) {
     172                *errnop = ENOMEM;
     173                errno = old_errno;
     174                return NSS_STATUS_TRYAGAIN;
     175            }
     176            goto morebuf;
     177        }
     178    } while (__nss_next(&nip, fct_name, &fct.ptr, status, 0) == 0);
     179
     180    if (status != NSS_STATUS_SUCCESS) {
     181        free(*buffer);
     182        *buffer = NULL;
     183    }
     184
    196185    return status;
    197186}
     
    401390    gid_t local_users_gid, gid;
    402391    int is_local = 0;
    403     int buflen;
    404392    char *buffer;
    405393
     
    413401    int old_errno = errno;
    414402
    415     buflen = sysconf(_SC_GETGR_R_SIZE_MAX);
    416     buffer = malloc(buflen);
    417     if (buffer == NULL) {
    418         *errnop = ENOMEM;
    419         errno = old_errno;
    420         return NSS_STATUS_TRYAGAIN;
    421     }
    422403    status = get_local_group(MAGIC_LOCAL_GROUPNAME,
    423                              &local_users_group, buffer, buflen, errnop);
     404                             &local_users_group, &buffer, errnop);
    424405    if (status == NSS_STATUS_SUCCESS) {
    425406        local_users_gid = local_users_group.gr_gid;
     407        free(buffer);
    426408    } else if (status == NSS_STATUS_TRYAGAIN) {
    427         free(buffer);
    428409        return status;
    429410    } else {
     
    432413        local_users_gid = -1;
    433414    }
    434     free(buffer);
    435415
    436416    if (is_local) {
    437417        gid = local_users_gid;
    438418    } else {
    439         buflen = sysconf(_SC_GETGR_R_SIZE_MAX);
    440         buffer = malloc(buflen);
    441         if (buffer == NULL) {
    442             *errnop = ENOMEM;
    443             errno = old_errno;
    444             return NSS_STATUS_TRYAGAIN;
    445         }
    446419        status = get_local_group(MAGIC_NONLOCAL_GROUPNAME,
    447                                  &nonlocal_users_group, buffer, buflen, errnop);
     420                                 &nonlocal_users_group, &buffer, errnop);
    448421        if (status == NSS_STATUS_SUCCESS) {
    449422            gid = nonlocal_users_group.gr_gid;
     423            free(buffer);
    450424        } else if (status == NSS_STATUS_TRYAGAIN) {
    451             free(buffer);
    452425            return status;
    453426        } else {
     
    456429            gid = -1;
    457430        }
    458         free(buffer);
    459431    }
    460432
  • branches/fc11-dev/server/common/oursrc/nss_nonlocal/nonlocal-passwd.c

    r782 r1179  
    9696    fct.ptr = fct_start;
    9797    do {
     98    morebuf:
    9899        if (fct.l == _nss_nonlocal_getpwuid_r)
    99100            status = NSS_STATUS_NOTFOUND;
    100101        else
    101102            status = DL_CALL_FCT(fct.l, (uid, &pwbuf, buf, buflen, errnop));
    102         if (status == NSS_STATUS_TRYAGAIN && *errnop == ERANGE)
    103             break;
     103        if (status == NSS_STATUS_TRYAGAIN && *errnop == ERANGE) {
     104            free(buf);
     105            buflen *= 2;
     106            buf = malloc(buflen);
     107            if (buf == NULL) {
     108                *errnop = ENOMEM;
     109                errno = old_errno;
     110                return NSS_STATUS_TRYAGAIN;
     111            }
     112            goto morebuf;
     113        }
    104114    } while (__nss_next(&nip, fct_name, &fct.ptr, status, 0) == 0);
    105115
     
    147157    fct.ptr = fct_start;
    148158    do {
     159    morebuf:
    149160        if (fct.l == _nss_nonlocal_getpwnam_r)
    150161            status = NSS_STATUS_NOTFOUND;
    151162        else
    152163            status = DL_CALL_FCT(fct.l, (user, &pwbuf, buf, buflen, errnop));
    153         if (status == NSS_STATUS_TRYAGAIN && *errnop == ERANGE)
    154             break;
     164        if (status == NSS_STATUS_TRYAGAIN && *errnop == ERANGE) {
     165            free(buf);
     166            buflen *= 2;
     167            buf = malloc(buflen);
     168            if (buf == NULL) {
     169                *errnop = ENOMEM;
     170                errno = old_errno;
     171                return NSS_STATUS_TRYAGAIN;
     172            }
     173            goto morebuf;
     174        }
    155175    } while (__nss_next(&nip, fct_name, &fct.ptr, status, 0) == 0);
    156176
  • branches/fc11-dev/server/common/patches/httpd-suexec-scripts.patch

    r1146 r1179  
    4646   AC_DEFINE_UNQUOTED(AP_DOC_ROOT, "$withval", [SuExec root directory] ) ] )
    4747--- httpd-2.2.11/support/suexec.c.old   2008-11-30 10:47:31.000000000 -0500
    48 +++ httpd-2.2.11/support/suexec.c       2009-06-03 05:16:45.000000000 -0400
     48+++ httpd-2.2.11/support/suexec.c       2009-06-08 09:02:17.000000000 -0400
    4949@@ -30,6 +30,9 @@
    5050  *
     
    141141     gid_t gid;              /* target group placeholder  */
    142142     char *target_uname;     /* target user name          */
    143 @@ -350,6 +413,20 @@
     143@@ -268,6 +331,7 @@
     144      * Start with a "clean" environment
     145      */
     146     clean_env();
     147+    setenv("JAVA_TOOL_OPTIONS", "-Xmx128M", 1); /* scripts.mit.edu local hack */
     148 
     149     prog = argv[0];
     150     /*
     151@@ -350,6 +414,20 @@
    144152 #endif /*_OSD_POSIX*/
    145153 
     
    162170      * or attempts to back up out of the current directory,
    163171      * to protect against attacks.  If any are
    164 @@ -371,6 +448,7 @@
     172@@ -371,6 +449,7 @@
    165173         userdir = 1;
    166174     }
     
    170178      * Error out if the target username is invalid.
    171179      */
    172 @@ -452,7 +530,7 @@
     180@@ -452,7 +531,7 @@
    173181      * Error out if attempt is made to execute as root or as
    174182      * a UID less than AP_UID_MIN.  Tsk tsk.
     
    179187         exit(107);
    180188     }
    181 @@ -484,6 +562,21 @@
     189@@ -484,6 +563,21 @@
    182190         log_err("failed to setuid (%ld: %s)\n", uid, cmd);
    183191         exit(110);
     
    201209     /*
    202210      * Get the current working directory, as well as the proper
    203 @@ -506,6 +599,21 @@
     211@@ -506,6 +600,21 @@
    204212             log_err("cannot get docroot information (%s)\n", target_homedir);
    205213             exit(112);
     
    223231     else {
    224232         if (((chdir(AP_DOC_ROOT)) != 0) ||
    225 @@ -532,15 +640,17 @@
     233@@ -532,15 +641,17 @@
    226234     /*
    227235      * Error out if cwd is writable by others.
     
    242250         exit(117);
    243251     }
    244 @@ -548,10 +658,12 @@
     252@@ -548,10 +659,12 @@
    245253     /*
    246254      * Error out if the program is writable by others.
     
    255263     /*
    256264      * Error out if the file is setuid or setgid.
    257 @@ -565,6 +677,7 @@
     265@@ -565,6 +678,7 @@
    258266      * Error out if the target name/group is different from
    259267      * the name/group of the cwd or the program.
     
    263271         (gid != dir_info.st_gid) ||
    264272         (uid != prg_info.st_uid) ||
    265 @@ -576,16 +689,33 @@
     273@@ -576,16 +690,33 @@
    266274                 prg_info.st_uid, prg_info.st_gid);
    267275         exit(120);
  • branches/fc11-dev/server/common/patches/openafs-scripts.patch

    r1070 r1179  
    33# with modifications by Joe Presbrey <presbrey@mit.edu>
    44# and Anders Kaseorg <andersk@mit.edu>
     5# and Edward Z. Yang <ezyang@mit.edu>
    56#
    67# This file is available under both the MIT license and the GPL.
     
    4344#
    4445diff -ur openafs-1.4/src/afs/afs_analyze.c openafs-1.4+scripts/src/afs/afs_analyze.c
    45 --- openafs-1.4/src/afs/afs_analyze.c   2008-10-27 19:54:06.000000000 -0400
    46 +++ openafs-1.4+scripts/src/afs/afs_analyze.c   2009-04-08 08:07:22.000000000 -0400
     46--- openafs-1.4/src/afs/afs_analyze.c
     47+++ openafs-1.4+scripts/src/afs/afs_analyze.c
    4748@@ -585,7 +585,7 @@
    4849                         (afid ? afid->Fid.Volume : 0));
     
    5455                (aerrP->err_Volume)++;
    5556            areq->volumeError = VOLBUSY;
     57diff -ur openafs-1.4/src/afs/LINUX/osi_vnodeops.c openafs-1.4+scripts/src/afs/LINUX/osi_vnodeops.c
     58--- openafs-1.4/src/afs/LINUX/osi_vnodeops.c
     59+++ openafs-1.4+scripts/src/afs/LINUX/osi_vnodeops.c
     60@@ -875,6 +875,28 @@
     61        /* should we always update the attributes at this point? */
     62        /* unlikely--the vcache entry hasn't changed */
     63 
     64+       /* [scripts] This code makes hardlinks work correctly.
     65+        *
     66+        * We want Apache to be able to read a file with hardlinks
     67+        * named .htaccess and foo to be able to read it via .htaccess
     68+        * and not via foo, regardless of which name was looked up
     69+        * (remember, inodes do not have filenames associated with them.)
     70+        *
     71+        * It is important that we modify the existing cache entry even
     72+        * if it is otherwise totally valid and would not be reloaded.
     73+        * Otherwise, it won't recover from repeatedly reading the same
     74+        * inode via multiple hardlinks or different names.  Specifically,
     75+        * Apache will be able to read both names if it was first looked
     76+        * up (by anyone!) via .htaccess, and neither if it was first
     77+        * looked up via foo.
     78+        *
     79+        * With regards to performance, the strncmp() is bounded by
     80+        * three characters, so it takes O(3) operations.  If this code
     81+        * is extended to all static-cat extensions, we'll want to do
     82+        * some clever hashing using gperf here.
     83+        */
     84+       vcp->apache_access = strncmp(dp->d_name.name, ".ht", 3) == 0;
     85+
     86     } else {
     87 #ifdef notyet
     88        pvcp = VTOAFS(dp->d_parent->d_inode);           /* dget_parent()? */
     89diff -ur openafs-1.4/src/afs/VNOPS/afs_vnop_lookup.c openafs-1.4+scripts/src/afs/VNOPS/afs_vnop_lookup.c
     90--- openafs-1.4/src/afs/VNOPS/afs_vnop_lookup.c
     91+++ openafs-1.4+scripts/src/afs/VNOPS/afs_vnop_lookup.c
     92@@ -1572,6 +1572,12 @@
     93     }
     94 
     95   done:
     96+    if (tvc) {
     97+       /* [scripts] check Apache's ability to read this file, so that
     98+        * we can figure this out on an access() call */
     99+       tvc->apache_access = strncmp(aname, ".ht", 3) == 0;
     100+    }
     101+
     102     /* put the network buffer back, if need be */
     103     if (tname != aname && tname)
     104        osi_FreeLargeSpace(tname);
    56105diff -ur openafs-1.4/src/afs/afs.h openafs-1.4+scripts/src/afs/afs.h
    57 --- openafs-1.4/src/afs/afs.h   2009-01-19 14:27:19.000000000 -0500
    58 +++ openafs-1.4+scripts/src/afs/afs.h   2009-04-08 08:07:22.000000000 -0400
     106--- openafs-1.4/src/afs/afs.h
     107+++ openafs-1.4+scripts/src/afs/afs.h
    59108@@ -208,8 +208,16 @@
    60109 #define QTOC(e)            QEntry(e, struct cell, lruq)
     
    74123     afs_int32 flags;           /* things like O_SYNC, O_NONBLOCK go here */
    75124     char initd;                        /* if non-zero, Error fields meaningful */
     125@@ -743,6 +751,7 @@
     126 #ifdef AFS_SUN5_ENV
     127     short multiPage;           /* count of multi-page getpages in progress */
     128 #endif
     129+    int apache_access;         /* whether or not Apache has access to a file */
     130 };
     131 
     132 #define        DONT_CHECK_MODE_BITS    0
    76133diff -ur openafs-1.4/src/afs/afs_osi_pag.c openafs-1.4+scripts/src/afs/afs_osi_pag.c
    77 --- openafs-1.4/src/afs/afs_osi_pag.c   2008-10-20 15:29:46.000000000 -0400
    78 +++ openafs-1.4+scripts/src/afs/afs_osi_pag.c   2009-04-08 08:07:22.000000000 -0400
     134--- openafs-1.4/src/afs/afs_osi_pag.c
     135+++ openafs-1.4+scripts/src/afs/afs_osi_pag.c
    79136@@ -51,6 +51,8 @@
    80137 #endif
     
    103160 }
    104161diff -ur openafs-1.4/src/afs/afs_pioctl.c openafs-1.4+scripts/src/afs/afs_pioctl.c
    105 --- openafs-1.4/src/afs/afs_pioctl.c    2009-01-19 13:09:34.000000000 -0500
    106 +++ openafs-1.4+scripts/src/afs/afs_pioctl.c    2009-04-08 08:07:22.000000000 -0400
     162--- openafs-1.4/src/afs/afs_pioctl.c
     163+++ openafs-1.4+scripts/src/afs/afs_pioctl.c
    107164@@ -1217,6 +1217,10 @@
    108165     struct AFSFetchStatus OutStatus;
     
    150207        return EIO;             /* Inappropriate ioctl for device */
    151208diff -ur openafs-1.4/src/afs/VNOPS/afs_vnop_access.c openafs-1.4+scripts/src/afs/VNOPS/afs_vnop_access.c
    152 --- openafs-1.4/src/afs/VNOPS/afs_vnop_access.c 2008-03-07 12:34:08.000000000 -0500
    153 +++ openafs-1.4+scripts/src/afs/VNOPS/afs_vnop_access.c 2009-04-08 08:07:22.000000000 -0400
     209--- openafs-1.4/src/afs/VNOPS/afs_vnop_access.c
     210+++ openafs-1.4+scripts/src/afs/VNOPS/afs_vnop_access.c
    154211@@ -118,6 +118,17 @@
    155212 
     
    170227     } else {
    171228        /* some rights come from dir and some from file.  Specifically, you
    172 @@ -171,6 +182,18 @@
     229@@ -171,6 +182,19 @@
    173230                    fileBits |= PRSFS_READ;
    174231            }
     
    180237+             !(arights == PRSFS_LOOKUP && areq->realuid == HTTPD_UID) &&
    181238+             !(arights == PRSFS_LOOKUP && areq->realuid == POSTFIX_UID) &&
    182 +             !(arights == PRSFS_READ && areq->realuid == HTTPD_UID && avc->m.Mode == 33279) &&
     239+             !(arights == PRSFS_READ && areq->realuid == HTTPD_UID &&
     240+                 (avc->m.Mode == 0100777 || avc->apache_access)) &&
    183241+             !(areq->realuid == 0 && PRSFS_USR3 == afs_GetAccessBits(avc, PRSFS_USR3, areq)) &&
    184242+             !((areq->realuid == 0 || areq->realuid == SIGNUP_UID) && PRSFS_USR4 == afs_GetAccessBits(avc, PRSFS_USR4, areq)) ) {
     
    190248 }
    191249diff -ur openafs-1.4/src/afs/VNOPS/afs_vnop_attrs.c openafs-1.4+scripts/src/afs/VNOPS/afs_vnop_attrs.c
    192 --- openafs-1.4/src/afs/VNOPS/afs_vnop_attrs.c  2009-01-13 14:37:28.000000000 -0500
    193 +++ openafs-1.4+scripts/src/afs/VNOPS/afs_vnop_attrs.c  2009-04-08 08:07:22.000000000 -0400
     250--- openafs-1.4/src/afs/VNOPS/afs_vnop_attrs.c
     251+++ openafs-1.4+scripts/src/afs/VNOPS/afs_vnop_attrs.c
    194252@@ -87,8 +87,8 @@
    195253        }
  • branches/fc11-dev/server/doc/HOWTO-SETUP-LDAP

    r951 r1179  
    1212- /sbin/service dirsrv start
    1313- Apply ./fedora-ds-enable-ssl-and-kerberos.diff manually
     14- Also set nsslapd-ldapifilepath: /var/run/dirsrv/slapd-scripts.socket
     15  and nsslapd-ldapilisten: on, otherwise ldapi won't work.
    1416- /sbin/service dirsrv stop
    1517- Add the scripts schemas to /var/lib/dirsrv/slapd-scripts
     
    1719- certutil -d /etc/dirsrv/slapd-scripts -A -n "scripts.mit.edu CA" -t CT,, -a -i scripts-ca.pem
    1820- Generate a pkcs12 cert for the server:
     21- openssl pkcs12 -export -in c-w.pem -inkey c-w.key -name 'ldap/cats-whiskers' -out c-w.pkcs12
    1922- pk12util -i ldap-server-cert.p12 -d /etc/dirsrv/slapd-scripts
    2023- Put LDAP keytab in /etc/dirsrv/keytab
  • branches/fc11-dev/server/doc/install-howto.sh

    r1110 r1179  
    7575    \cp -a etc /
    7676
     77# yum remove nss_ldap, because nss-ldapd conflicts with it
     78
    7779# env NSS_NONLOCAL_IGNORE=1 yum install scripts-base
    7880    YUM install -y scripts-base
     
    99101
    100102# Install various dependencies of the scripts system, including syslog-ng,
    101 # glibc-devel.i386, python-twisted-core, mod_fcgid, nrpe, nagios-plugins-all.
     103# glibc-devel.i586, python-twisted-core, mod_fcgid, nrpe, nagios-plugins-all.
    102104
    103105# Disable NetworkManager with chkconfig NetworkManager off. Configure
     
    109111#  /usr/vice/etc/cacheinfo to contain:
    110112#       /afs:/usr/vice/cache:10000000
     113# Also fix ThisCell to contain athena.mit.edu in both directories
    111114
    112115# Figure out why Zephyr isn't working. Most recently, it was because there
    113116# was a 64-bit RPM installed; remove it and install Joe's 32-bit one
     117
     118# Install the athena-base, athena-lprng, and athena-lprng-misc RPMs
     119# from the Athena 9 build (these are present in our yum repo).  Note
     120# that you will have to use --nodeps for at least one of the lprng
     121# ones because it thinks it needs the Athena hesiod RPM.  It doesn't
     122# really.  Before doing this, run it without --nodeps and arrange to
     123# install the rest of the things it really does depend on.  This will
     124# include a bunch of 32-bit rpms; go ahead and install the .i586 versions
     125# of them.  In the case of the Kerberos libraries, you'll be told that
     126# there are conflicting files with the 64-bit versions of the packages,
     127# which we scriptsify.  You'll have to use --force to install those
     128# rpms despite the conflicts.  After doing that, you may want to
     129# install the corresponding 64-bit scriptsified versions again, just
     130# to be safe in case the 32-bit versions overwrite files that differ.
     131# When you try this, it will complain that you already have the same
     132# version installed; again, you'll need to use --force to do it anyway.
     133# Yuck.
    114134
    115135# Install the full list of RPMs that users expect to be on the
     
    127147# TO DO THIS:
    128148# On another server, run:
    129 # perldoc -u perllocal | grep head2 | cut -f 3 -d '<' | cut -f 1 -d '|' | sort -u | perl -ne 'chomp; print "$_\n" if system("rpm -q --whatprovides \"perl($_)\" >/dev/null 2>/dev/null")' > /mit/scripts/config/perl-packages.txt
     149# perldoc -u perllocal | grep head2 | cut -f 3 -d '<' | cut -f 1 -d '|' | sort -u | perl -ne 'chomp; print "notest install $_\n" if system("rpm -q --whatprovides \"perl($_)\" >/dev/null 2>/dev/null")' > /mit/scripts/config/perl-packages.txt
    130150# Then on the server you're installing,
    131     perl -MCPAN -e"$(echo notest install $(cat /mit/scripts/config/perl-packages.txt))"
     151    cat perl-packages.txt | perl -MCPAN -e shell
    132152
    133153# Install the Python eggs and Ruby gems and PEAR/PECL doohickeys that are on
    134154# the other scripts.mit.edu servers and do not have RPMs.
    135 # - Look at /usr/lib/python2.5/site-packages for Python eggs and modules.
     155# - Look at /usr/lib/python2.6/site-packages and
     156#           /usr/lib64/python2.6/site-packages for Python eggs and modules.
     157#   First use 'yum search' to see if the relevant package is now available
     158#   as an RPM, and install that if it is.  If not, then use easy_install.
    136159# - Look at `gem list` for Ruby gems.
     160#   Again, use 'yum search' and prefer RPMs, but failing that, 'gem install'.
    137161# - Look at `pear list` for Pear fruits (or whatever they're called).
    138 
    139 # echo 'import site, os.path; site.addsitedir(os.path.expanduser("~/lib/python2.5/site-packages"))' > /usr/lib/python2.5/site-packages/00scripts-home.pth
    140 
    141 # Install the credentials (machine keytab, daemon.scripts keytab, SSL
    142 # certs).
     162#   Yet again, 'yum search' for RPMs before resorting to 'pear install'.  Note
     163#   that for things in the beta repo, you'll need 'pear install package-beta'.
     164
     165# echo 'import site, os.path; site.addsitedir(os.path.expanduser("~/lib/python2.6/site-packages"))' > /usr/lib/python2.6/site-packages/00scripts-home.pth
     166
     167# Install the credentials.  There are a lot of things to remember here:
     168#   o You probably installed the machine keytab long ago
     169#   o Use ktutil to combine the host/scripts.mit.edu and
     170#     host/scripts-vhosts.mit.edu keys with host/this-server.mit.edu in
     171#     the keytab.  Do not use 'k5srvutil change' on the combined keytab
     172#     or you'll break the other servers.
     173#   o The daemon.scripts keytab
     174#   o The SSL cert private key
     175#   o The LDAP password for the signup process
     176#   o The SQL password for the signup process
     177#   o The LDAP keytab for this server, which will be used later
     178#   o Replace the ssh host keys with the ones common to all scripts servers
     179#   o You'll install an LDAP certificate signed by the scripts CA later
     180#   o Make sure root's .k5login is correct
     181#   o Make sure logview's .k5login is correct
    143182
    144183# If you are setting up a test server, pay attention to
     
    155194# correct.
    156195
     196# cd /etc/postfix; postmap virtual
     197# Otherwise postfix will appear to work, but actually not deliver mail
     198
    157199# Run fmtutil-sys --all, which does something that makes TeX work.
    158200
  • branches/fc11-dev/server/fedora/Makefile

    r1147 r1179  
    2121upstream_yum    = krb5 httpd openssh php
    2222upstream        = openafs $(upstream_yum)
    23 oursrc          = execsys tokensys accountadm httpdmods logview sql-signup nss_nonlocal nss_nonlocal.i386 whoisd mit-zephyr nss-ldapd scripts-base
     23oursrc          = execsys tokensys accountadm httpdmods logview sql-signup nss_nonlocal nss_nonlocal.i586 whoisd mit-zephyr nss-ldapd nss-ldapd.i586 scripts-base
    2424allsrc          = $(upstream) $(oursrc)
    2525oursrcdir       = ${PWD}/../common/oursrc
     
    127127$(oursrc): rpmbuild_args += --define 'scriptsversion $(shell svnversion ${oursrcdir}/$** | tr ':' '_')'
    128128
    129 $(filter %.i386,$(oursrc)): %.i386: setup
     129$(filter %.i586,$(oursrc)): %.i586: setup
    130130        PATH="/usr/kerberos/sbin:/usr/kerberos/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin" \
    131         setarch i386 rpmbuild $(rpmbuild_args) --target=i386 --define="_lib lib" -bb ${tmp_specs}/$**.spec
     131        setarch i586 rpmbuild $(rpmbuild_args) --target=i586 --define="_lib lib" -bb ${tmp_specs}/$**.spec
    132132
    133 $(filter-out %.i386,$(oursrc)): %: setup
     133$(filter-out %.i586,$(oursrc)): %: setup
    134134        PATH="/usr/kerberos/sbin:/usr/kerberos/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin" \
    135135        rpmbuild $(rpmbuild_args) -bb ${tmp_specs}/$**.spec
     
    180180# The following packages are needed for our packages
    181181basic-deps      = kernel-devel rpm-build rpmdevtools gcc autoconf patch krb5-workstation glibc-devel.i586 glibc-devel libtool libgcc.i586
    182 oursrc-deps     = hesinfo openldap-clients
     182oursrc-deps     = hesinfo openldap-clients openldap-devel.i586
    183183httpdmods-deps  = httpd-devel
    184184httpd-deps      = xmlto db4-devel expat-devel zlib-devel libselinux-devel apr-devel apr-util-devel pcre-devel openssl-devel distcache-devel
  • branches/fc11-dev/server/fedora/config/etc/pki/tls/certs/scripts.pem

    r801 r1179  
    22    Data:
    33        Version: 3 (0x2)
    4         Serial Number: 2871 (0xb37)
     4        Serial Number: 745256 (0xb5f28)
    55        Signature Algorithm: sha1WithRSAEncryption
    6         Issuer: C=US, ST=Massachusetts, O=Massachusetts Institute of Technology, OU=MIT Certification Authority
     6        Issuer: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
    77        Validity
    8             Not Before: Jul 23 16:00:00 2008 GMT
    9             Not After : Jul 23 16:00:00 2009 GMT
    10         Subject: C=US, ST=Massachusetts, L=Cambridge, O=Massachusetts Institute of Technology, OU=Student Information Processing Board, CN=scripts.mit.edu/Email=scripts@mit.edu
     8            Not Before: Jun  4 20:22:36 2009 GMT
     9            Not After : Jun  7 02:53:00 2011 GMT
     10        Subject: C=US, ST=Massachusetts, L=Cambridge, O=Massachusetts Institute of Technology, OU=Student Information Processing Board, CN=scripts.mit.edu
    1111        Subject Public Key Info:
    1212            Public Key Algorithm: rsaEncryption
     
    2424                Exponent: 65537 (0x10001)
    2525        X509v3 extensions:
    26             X509v3 Basic Constraints:
    27                 CA:FALSE
    28             Netscape Cert Type:
    29                 SSL Client, SSL Server, S/MIME
    30             X509v3 Extended Key Usage:
    31                 TLS Web Server Authentication, E-mail Protection, TLS Web Client Authentication
    32             X509v3 Key Usage:
    33                 Digital Signature, Non Repudiation, Key Encipherment
     26            X509v3 Key Usage: critical
     27                Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment
    3428            X509v3 Subject Key Identifier:
    3529                54:11:7C:09:55:44:1C:94:45:A9:A2:76:46:2B:2C:24:26:6A:44:E8
     30            X509v3 CRL Distribution Points:
     31                URI:http://crl.geotrust.com/crls/secureca.crl
     32
     33            X509v3 Authority Key Identifier:
     34                keyid:48:E6:68:F9:2B:D2:B2:95:D7:47:D8:23:20:10:4F:33:98:90:9F:D4
     35
     36            X509v3 Extended Key Usage:
     37                TLS Web Server Authentication, TLS Web Client Authentication
    3638    Signature Algorithm: sha1WithRSAEncryption
    37         3f:34:05:8a:a7:a1:c1:51:9b:f0:6d:c6:e4:2a:aa:fc:cd:2a:
    38         50:8e:36:12:74:7e:d8:9f:a7:db:63:cf:d2:19:48:01:00:aa:
    39         50:f8:83:5c:5b:4b:68:b8:de:a6:0a:2b:0d:f0:af:fa:d6:92:
    40         a5:46:73:20:e4:1c:62:d4:a3:b7:48:8d:f4:6a:88:d2:a8:e0:
    41         2a:38:ab:c8:df:9a:55:ec:e5:83:c7:1f:e5:63:d5:b6:d5:3d:
    42         30:6e:a3:6e:30:84:d1:f2:35:09:b9:31:e1:c8:f1:3d:11:4d:
    43         99:ad:f7:33:95:8d:d7:5c:88:6a:49:23:02:1e:7d:94:ff:a7:
    44         7f:bf
     39        0e:42:72:ba:24:61:07:eb:69:d6:3e:4a:e9:ec:a3:f8:16:c0:
     40        a2:31:2d:f0:93:ec:37:2c:dc:c0:7c:a6:9e:60:52:d4:c6:af:
     41        f4:c7:cb:f0:ad:bf:3c:b8:34:a7:1e:35:c3:15:84:f6:79:96:
     42        f3:ec:d7:78:62:83:81:b5:bb:5e:77:0a:19:b6:d1:9f:ae:a9:
     43        0b:f6:8a:7c:71:1e:a9:8e:e7:3d:e7:a6:38:47:3a:9f:0c:69:
     44        37:a1:3f:0e:44:77:47:b9:75:4a:49:08:f3:42:43:58:2c:24:
     45        d2:b9:5b:9c:8b:9a:5f:b6:83:cc:bb:ec:26:65:b7:75:50:83:
     46        a6:5b
    4547-----BEGIN CERTIFICATE-----
    46 MIIDOjCCAqOgAwIBAgICCzcwDQYJKoZIhvcNAQEFBQAwezELMAkGA1UEBhMCVVMx
    47 FjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxLjAsBgNVBAoTJU1hc3NhY2h1c2V0dHMg
    48 SW5zdGl0dXRlIG9mIFRlY2hub2xvZ3kxJDAiBgNVBAsTG01JVCBDZXJ0aWZpY2F0
    49 aW9uIEF1dGhvcml0eTAeFw0wODA3MjMxNjAwMDBaFw0wOTA3MjMxNjAwMDBaMIHS
    50 MQswCQYDVQQGEwJVUzEWMBQGA1UECBMNTWFzc2FjaHVzZXR0czESMBAGA1UEBxMJ
    51 Q2FtYnJpZGdlMS4wLAYDVQQKEyVNYXNzYWNodXNldHRzIEluc3RpdHV0ZSBvZiBU
    52 ZWNobm9sb2d5MS0wKwYDVQQLEyRTdHVkZW50IEluZm9ybWF0aW9uIFByb2Nlc3Np
    53 bmcgQm9hcmQxGDAWBgNVBAMTD3NjcmlwdHMubWl0LmVkdTEeMBwGCSqGSIb3DQEJ
    54 ARYPc2NyaXB0c0BtaXQuZWR1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1
    55 PiFNwYlrAYxHgP6zNyd2+FJB5qI9S3Z45fJmPA+xrfuXjy6itlPTtg7iZvm5C7fO
    56 tNX1HB9vIn1I9W3wFs2OSHnRFEoULy/4xL0dh899i1x3rVgksA6hbdYKx9i8L2dl
    57 yF3Y2DHCZ0tK9KGlVIKvyzQIKgR/jnxMt9vcaopdgQIDAQABo3UwczAJBgNVHRME
    58 AjAAMBEGCWCGSAGG+EIBAQQEAwIF4DAnBgNVHSUEIDAeBggrBgEFBQcDAQYIKwYB
    59 BQUHAwQGCCsGAQUFBwMCMAsGA1UdDwQEAwIF4DAdBgNVHQ4EFgQUVBF8CVVEHJRF
    60 qaJ2RissJCZqROgwDQYJKoZIhvcNAQEFBQADgYEAPzQFiqehwVGb8G3G5Cqq/M0q
    61 UI42EnR+2J+n22PP0hlIAQCqUPiDXFtLaLjepgorDfCv+taSpUZzIOQcYtSjt0iN
    62 9GqI0qjgKjiryN+aVezlg8cf5WPVttU9MG6jbjCE0fI1Cbkx4cjxPRFNma33M5WN
    63 11yIakkjAh59lP+nf78=
     48MIIDKDCCApGgAwIBAgIDC18oMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT
     49MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0
     50aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDkwNjA0MjAyMjM2WhcNMTEwNjA3MDI1MzAw
     51WjCBsjELMAkGA1UEBhMCVVMxFjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxEjAQBgNV
     52BAcTCUNhbWJyaWRnZTEuMCwGA1UEChMlTWFzc2FjaHVzZXR0cyBJbnN0aXR1dGUg
     53b2YgVGVjaG5vbG9neTEtMCsGA1UECxMkU3R1ZGVudCBJbmZvcm1hdGlvbiBQcm9j
     54ZXNzaW5nIEJvYXJkMRgwFgYDVQQDEw9zY3JpcHRzLm1pdC5lZHUwgZ8wDQYJKoZI
     55hvcNAQEBBQADgY0AMIGJAoGBALU+IU3BiWsBjEeA/rM3J3b4UkHmoj1Ldnjl8mY8
     56D7Gt+5ePLqK2U9O2DuJm+bkLt8601fUcH28ifUj1bfAWzY5IedEUShQvL/jEvR2H
     57z32LXHetWCSwDqFt1grH2LwvZ2XIXdjYMcJnS0r0oaVUgq/LNAgqBH+OfEy329xq
     58il2BAgMBAAGjga4wgaswDgYDVR0PAQH/BAQDAgTwMB0GA1UdDgQWBBRUEXwJVUQc
     59lEWponZGKywkJmpE6DA6BgNVHR8EMzAxMC+gLaArhilodHRwOi8vY3JsLmdlb3Ry
     60dXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDAfBgNVHSMEGDAWgBRI5mj5K9KylddH
     612CMgEE8zmJCf1DAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZI
     62hvcNAQEFBQADgYEADkJyuiRhB+tp1j5K6eyj+BbAojEt8JPsNyzcwHymnmBS1Mav
     639MfL8K2/PLg0px41wxWE9nmW8+zXeGKDgbW7XncKGbbRn66pC/aKfHEeqY7nPeem
     64OEc6nwxpN6E/DkR3R7l1SkkI80JDWCwk0rlbnIuaX7aDzLvsJmW3dVCDpls=
    6465-----END CERTIFICATE-----
  • branches/fc11-dev/server/fedora/config/etc/pki/tls/certs/star.scripts.pem

    r801 r1179  
    22    Data:
    33        Version: 3 (0x2)
    4         Serial Number: 2870 (0xb36)
     4        Serial Number: 744584 (0xb5c88)
    55        Signature Algorithm: sha1WithRSAEncryption
    6         Issuer: C=US, ST=Massachusetts, O=Massachusetts Institute of Technology, OU=MIT Certification Authority
     6        Issuer: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
    77        Validity
    8             Not Before: Jul 23 16:00:00 2008 GMT
    9             Not After : Jul 23 16:00:00 2009 GMT
    10         Subject: C=US, ST=Massachusetts, L=Cambridge, O=Massachusetts Institute of Technology, OU=Student Information Processing Board, CN=*.scripts.mit.edu/Email=scripts@mit.edu
     8            Not Before: Jun  4 09:13:16 2009 GMT
     9            Not After : Jun  5 13:13:22 2014 GMT
     10        Subject: C=US, ST=Massachusetts, L=Cambridge, O=Massachusetts Institute of Technology, OU=Student Information Processing Board, CN=*.scripts.mit.edu
    1111        Subject Public Key Info:
    1212            Public Key Algorithm: rsaEncryption
     
    2424                Exponent: 65537 (0x10001)
    2525        X509v3 extensions:
    26             X509v3 Basic Constraints:
    27                 CA:FALSE
    28             Netscape Cert Type:
    29                 SSL Client, SSL Server, S/MIME
    30             X509v3 Extended Key Usage:
    31                 TLS Web Server Authentication, E-mail Protection, TLS Web Client Authentication
    32             X509v3 Key Usage:
    33                 Digital Signature, Non Repudiation, Key Encipherment
     26            X509v3 Key Usage: critical
     27                Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment
    3428            X509v3 Subject Key Identifier:
    3529                54:11:7C:09:55:44:1C:94:45:A9:A2:76:46:2B:2C:24:26:6A:44:E8
     30            X509v3 CRL Distribution Points:
     31                URI:http://crl.geotrust.com/crls/secureca.crl
     32
     33            X509v3 Authority Key Identifier:
     34                keyid:48:E6:68:F9:2B:D2:B2:95:D7:47:D8:23:20:10:4F:33:98:90:9F:D4
     35
     36            X509v3 Extended Key Usage:
     37                TLS Web Server Authentication, TLS Web Client Authentication
    3638    Signature Algorithm: sha1WithRSAEncryption
    37         2a:6e:b7:99:2a:13:93:a1:35:42:e2:fd:a9:30:3c:63:a2:e0:
    38         c0:87:b0:8c:1a:60:9e:12:db:be:e7:6d:01:9a:1b:d2:80:fd:
    39         fa:49:12:2b:7e:48:cf:00:0d:d6:f8:aa:d2:2a:0d:cf:86:01:
    40         4c:bd:33:bf:ca:ee:b5:4e:aa:fe:4b:c3:6d:e5:2a:ad:d8:2e:
    41         8a:87:e3:f0:3e:11:c8:fa:0e:bf:0f:6e:c3:7a:25:17:e5:96:
    42         33:7a:e6:fb:5b:03:b0:b3:7d:75:31:e7:ab:59:3a:0e:f9:11:
    43         44:0a:23:1a:3e:1c:a8:06:5c:f7:e7:7d:0b:0c:f4:53:02:e9:
    44         51:8d
     39        2c:25:90:82:a2:82:e8:03:58:b4:38:11:bc:c0:b5:f0:44:ee:
     40        b3:d9:5f:90:ab:b3:f6:24:fa:92:6b:9c:3a:7d:5d:89:f4:a2:
     41        3c:2f:cb:85:b2:fe:b6:92:0f:1b:94:65:2d:d6:70:f8:9f:77:
     42        9c:b3:20:fa:16:91:9d:e1:b7:64:07:27:42:8b:be:e2:f3:d9:
     43        78:71:42:12:3d:6f:33:37:4b:01:2e:1d:87:25:48:bf:50:23:
     44        7a:b0:02:41:5d:35:08:bf:e7:15:08:5c:11:7d:91:10:06:52:
     45        19:d3:05:01:94:86:07:f7:76:41:e1:fb:d9:1c:d0:ee:74:9f:
     46        51:66
    4547-----BEGIN CERTIFICATE-----
    46 MIIDPDCCAqWgAwIBAgICCzYwDQYJKoZIhvcNAQEFBQAwezELMAkGA1UEBhMCVVMx
    47 FjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxLjAsBgNVBAoTJU1hc3NhY2h1c2V0dHMg
    48 SW5zdGl0dXRlIG9mIFRlY2hub2xvZ3kxJDAiBgNVBAsTG01JVCBDZXJ0aWZpY2F0
    49 aW9uIEF1dGhvcml0eTAeFw0wODA3MjMxNjAwMDBaFw0wOTA3MjMxNjAwMDBaMIHU
    50 MQswCQYDVQQGEwJVUzEWMBQGA1UECBMNTWFzc2FjaHVzZXR0czESMBAGA1UEBxMJ
    51 Q2FtYnJpZGdlMS4wLAYDVQQKEyVNYXNzYWNodXNldHRzIEluc3RpdHV0ZSBvZiBU
    52 ZWNobm9sb2d5MS0wKwYDVQQLEyRTdHVkZW50IEluZm9ybWF0aW9uIFByb2Nlc3Np
    53 bmcgQm9hcmQxGjAYBgNVBAMTESouc2NyaXB0cy5taXQuZWR1MR4wHAYJKoZIhvcN
    54 AQkBFg9zY3JpcHRzQG1pdC5lZHUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
    55 ALU+IU3BiWsBjEeA/rM3J3b4UkHmoj1Ldnjl8mY8D7Gt+5ePLqK2U9O2DuJm+bkL
    56 t8601fUcH28ifUj1bfAWzY5IedEUShQvL/jEvR2Hz32LXHetWCSwDqFt1grH2Lwv
    57 Z2XIXdjYMcJnS0r0oaVUgq/LNAgqBH+OfEy329xqil2BAgMBAAGjdTBzMAkGA1Ud
    58 EwQCMAAwEQYJYIZIAYb4QgEBBAQDAgXgMCcGA1UdJQQgMB4GCCsGAQUFBwMBBggr
    59 BgEFBQcDBAYIKwYBBQUHAwIwCwYDVR0PBAQDAgXgMB0GA1UdDgQWBBRUEXwJVUQc
    60 lEWponZGKywkJmpE6DANBgkqhkiG9w0BAQUFAAOBgQAqbreZKhOToTVC4v2pMDxj
    61 ouDAh7CMGmCeEtu+520BmhvSgP36SRIrfkjPAA3W+KrSKg3PhgFMvTO/yu61Tqr+
    62 S8Nt5Sqt2C6Kh+PwPhHI+g6/D27DeiUX5ZYzeub7WwOws311MeerWToO+RFECiMa
    63 PhyoBlz3530LDPRTAulRjQ==
     48MIIDKjCCApOgAwIBAgIDC1yIMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT
     49MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0
     50aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDkwNjA0MDkxMzE2WhcNMTQwNjA1MTMxMzIy
     51WjCBtDELMAkGA1UEBhMCVVMxFjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxEjAQBgNV
     52BAcTCUNhbWJyaWRnZTEuMCwGA1UEChMlTWFzc2FjaHVzZXR0cyBJbnN0aXR1dGUg
     53b2YgVGVjaG5vbG9neTEtMCsGA1UECxMkU3R1ZGVudCBJbmZvcm1hdGlvbiBQcm9j
     54ZXNzaW5nIEJvYXJkMRowGAYDVQQDFBEqLnNjcmlwdHMubWl0LmVkdTCBnzANBgkq
     55hkiG9w0BAQEFAAOBjQAwgYkCgYEAtT4hTcGJawGMR4D+szcndvhSQeaiPUt2eOXy
     56ZjwPsa37l48uorZT07YO4mb5uQu3zrTV9RwfbyJ9SPVt8BbNjkh50RRKFC8v+MS9
     57HYfPfYtcd61YJLAOoW3WCsfYvC9nZchd2NgxwmdLSvShpVSCr8s0CCoEf458TLfb
     583GqKXYECAwEAAaOBrjCBqzAOBgNVHQ8BAf8EBAMCBPAwHQYDVR0OBBYEFFQRfAlV
     59RByURamidkYrLCQmakToMDoGA1UdHwQzMDEwL6AtoCuGKWh0dHA6Ly9jcmwuZ2Vv
     60dHJ1c3QuY29tL2NybHMvc2VjdXJlY2EuY3JsMB8GA1UdIwQYMBaAFEjmaPkr0rKV
     6110fYIyAQTzOYkJ/UMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkq
     62hkiG9w0BAQUFAAOBgQAsJZCCooLoA1i0OBG8wLXwRO6z2V+Qq7P2JPqSa5w6fV2J
     639KI8L8uFsv62kg8blGUt1nD4n3ecsyD6FpGd4bdkBydCi77i89l4cUISPW8zN0sB
     64Lh2HJUi/UCN6sAJBXTUIv+cVCFwRfZEQBlIZ0wUBlIYH93ZB4fvZHNDudJ9RZg==
    6465-----END CERTIFICATE-----
  • branches/fc11-dev/server/fedora/config/etc/postfix/main.cf

    r1153 r1179  
    1010alias_database = hash:/etc/aliases
    1111myorigin = scripts.mit.edu
    12 mydestination = scripts.mit.edu, scripts, $myhostname, scripts-test.mit.edu, scripts-test, localhost
     12mydestination = scripts.mit.edu, scripts, $myhostname, scripts-test.mit.edu, scripts-test, scripts-vhosts.mit.edu, scripts-vhosts, localhost
    1313relayhost =
    1414mynetworks = 127.0.0.0/8
  • branches/fc11-dev/server/fedora/config/etc/security/limits.conf

    r1158 r1179  
    4545# For everyone else,
    4646*                soft    core            0
    47 *                -       memlock         64
    4847*                -       rss             524268
    4948*                -       data            1048576
  • branches/fc11-dev/server/fedora/config/etc/ssh/shosts.equiv

    r1018 r1179  
    22old-faithful.mit.edu
    33bees-knees.mit.edu
     4cats-whiskers.mit.edu
    45172.21.0.53
    56172.21.0.57
    67172.21.0.167
     8172.21.0.228
  • branches/fc11-dev/server/fedora/config/etc/ssh/ssh_known_hosts

    r946 r1179  
     1cats-whiskers.mit.edu,cats-whiskers,c-w.mit.edu,c-w,scripts4.mit.edu,scripts4,18.181.0.228,172.21.0.228 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuEpkEgaIgjK7F1gV81lLSYTwSqIZX/9IJs37VaJCsJFv3D86uuJSdfI3Y94fPn2OH6AxfdaqGNksVdi27mKQfzvCB4ogjQgxmM391MIDLd+izZDY0YvCb4DqJLMJUpX49cNUMkj+/rJg1O0K2w/lb8DGr7wdoLSPKCUJNJv5WMMDxpFL253lPELsmnds4T+R6LpTt6W9+FalHl84me51sEjV9PbmhcTaNwuoJStAjhrKPfgHHDIKNyCUvaVkoHPXEsdzz00yY7i57djyZlzPV/jM7LKar+Xw2LB0Z3098IQcdbD8zmz2DdakPTlShxavNPC6kZDZ3WVqziC+bszaSQ==
    12bees-knees.mit.edu,bees-knees,b-k.mit.edu,b-k,scripts3.mit.edu,scripts3,18.181.0.167,172.21.0.167 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuEpkEgaIgjK7F1gV81lLSYTwSqIZX/9IJs37VaJCsJFv3D86uuJSdfI3Y94fPn2OH6AxfdaqGNksVdi27mKQfzvCB4ogjQgxmM391MIDLd+izZDY0YvCb4DqJLMJUpX49cNUMkj+/rJg1O0K2w/lb8DGr7wdoLSPKCUJNJv5WMMDxpFL253lPELsmnds4T+R6LpTt6W9+FalHl84me51sEjV9PbmhcTaNwuoJStAjhrKPfgHHDIKNyCUvaVkoHPXEsdzz00yY7i57djyZlzPV/jM7LKar+Xw2LB0Z3098IQcdbD8zmz2DdakPTlShxavNPC6kZDZ3WVqziC+bszaSQ==
    23better-mousetrap.mit.edu,better-mousetrap,b-m.mit.edu,b-m,scripts1.mit.edu,scripts1,18.181.0.57,172.21.0.57 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuEpkEgaIgjK7F1gV81lLSYTwSqIZX/9IJs37VaJCsJFv3D86uuJSdfI3Y94fPn2OH6AxfdaqGNksVdi27mKQfzvCB4ogjQgxmM391MIDLd+izZDY0YvCb4DqJLMJUpX49cNUMkj+/rJg1O0K2w/lb8DGr7wdoLSPKCUJNJv5WMMDxpFL253lPELsmnds4T+R6LpTt6W9+FalHl84me51sEjV9PbmhcTaNwuoJStAjhrKPfgHHDIKNyCUvaVkoHPXEsdzz00yY7i57djyZlzPV/jM7LKar+Xw2LB0Z3098IQcdbD8zmz2DdakPTlShxavNPC6kZDZ3WVqziC+bszaSQ==
  • branches/fc11-dev/server/fedora/config/etc/ssh/sshd_config

    r978 r1179  
    1919IgnoreRhosts yes
    2020IgnoreUserKnownHosts yes
    21 DenyUsers root@old-faithful.mit.edu root@better-mousetrap.mit.edu root@bees-knees.mit.edu
     21DenyUsers root@old-faithful.mit.edu root@better-mousetrap.mit.edu root@bees-knees.mit.edu root@cats-whiskers.mit.edu
  • branches/fc11-dev/server/fedora/config/etc/sysconfig/network-scripts/route-eth1

    r1017 r1179  
    5518.181.0.57 via 172.21.0.57
    6618.181.0.167 via 172.21.0.167
     718.181.0.228 via 172.21.0.228
  • branches/fc11-dev/server/fedora/specs/nss_nonlocal.spec

    r800 r1179  
    22Group: System Environment/Libraries
    33Name: nss_nonlocal
    4 Version: 1.8
     4Version: 1.9
    55Release: 0
    66URL: http://debathena.mit.edu/nss_nonlocal/
Note: See TracChangeset for help on using the changeset viewer.