- Timestamp:
- Jun 8, 2009, 1:07:47 PM (15 years ago)
- Location:
- branches/fc11-dev
- Files:
-
- 2 deleted
- 21 edited
- 5 copied
Legend:
- Unmodified
- Added
- Removed
-
branches/fc11-dev/locker/deploy/bin/phpbb
r476 r1179 2 2 use strict; 3 3 use lib '/mit/scripts/deploy/bin'; 4 use onserver ;4 use onserver_star; 5 5 use File::Path; 6 6 7 7 setup(); 8 8 9 fetch_uri( 10 'install/install.php', 11 {}, 12 {lang => 'english', 13 dbms => 'mysql4', 14 upgrade => 0, 15 dbhost => $sqlhost, 16 dbuser => $sqluser, 17 dbname => $sqldb, 18 dbpasswd => $sqlpass, 19 prefix => '', 20 board_email => $email, 21 server_name => $server, 22 server_port => 80, 23 script_path => "/~$USER/$addrend/", 24 admin_name => $admin_username, 25 admin_pass1 => $admin_password, 26 admin_pass2 => $admin_password, 27 install_step => 1, 28 cur_lang => 'english'}); 29 30 rmtree(['contrib', 'install']); 9 # Initial installation page 10 fetch_uri( 11 'install/index.php', 12 {mode => 'install', 13 language => 'en'}, 14 {}); 15 print "Loaded initial installation page\n"; 16 17 # Requirements page 18 fetch_uri( 19 'install/index.php', 20 {mode => 'install', 21 sub => 'requirements', 22 language => 'en'}, 23 {}); 24 print "Loaded requirements page\n"; 25 26 # Database page 27 fetch_uri( 28 'install/index.php', 29 {mode => 'install', 30 sub => 'database', 31 language => 'en'}, 32 {img_imagick => '/usr/bin/'}); 33 print "Loaded database page\n"; 34 35 # Database again 36 fetch_uri( 37 'install/index.php', 38 {mode => 'install', 39 sub => 'database'}, 40 {dbms => 'mysql', 41 dbhost => $sqlhost, 42 dbname => $sqldb, 43 dbuser => $sqluser, 44 dbpasswd => $sqlpass, 45 table_prefix => '', 46 img_imagick => '/usr/bin/', 47 language => 'en', 48 testdb => 'true'}); 49 print "Loaded database page (part 2)\n"; 50 51 # Administrator page 52 fetch_uri( 53 'install/index.php', 54 {mode => 'install', 55 sub => 'administrator'}, 56 {img_imagick => '/usr/bin/', 57 language => 'en', 58 dbms => 'mysql', 59 dbhost => $sqlhost, 60 dbport => '', 61 dbname => $sqldb, 62 dbuser => $sqluser, 63 dbpasswd => $sqlpass, 64 table_prefix => ''}); 65 print "Loaded administrator page\n"; 66 67 # Administrator page again 68 fetch_uri( 69 'install/index.php', 70 {mode => 'install', 71 sub => 'administrator'}, 72 {default_lang => 'en', 73 admin_name => $admin_username, 74 admin_pass1 => $admin_password, 75 admin_pass2 => $admin_password, 76 board_email1 => $email, 77 board_email2 => $email, 78 img_imagick => '/usr/bin/', 79 language => 'en', 80 dbms => 'mysql', 81 dbhost => $sqlhost, 82 dbport => '', 83 dbname => $sqldb, 84 dbuser => $sqluser, 85 dbpasswd => $sqlpass, 86 table_prefix => '', 87 check => 'true'}); 88 print "Loaded administrator page (part 2)\n"; 89 90 # Config file page 91 fetch_uri( 92 'install/index.php', 93 {mode => 'install', 94 sub => 'config_file'}, 95 {img_imagick => '/usr/bin/', 96 default_lang => 'en', 97 admin_name => $admin_username, 98 admin_pass1 => $admin_password, 99 admin_pass2 => $admin_password, 100 board_email1 => $email, 101 board_email2 => $email, 102 language => 'en', 103 dbms => 'mysql', 104 dbhost => $sqlhost, 105 dbport => '', 106 dbname => $sqldb, 107 dbuser => $sqluser, 108 dbpasswd => $sqlpass, 109 table_prefix => ''}); 110 print "Loaded config file page\n"; 111 112 # Advanced page 113 fetch_uri( 114 'install/index.php', 115 {mode => 'install', 116 sub => 'advanced'}, 117 {img_imagick => '/usr/bin/', 118 language => 'en', 119 dbms => 'mysql', 120 dbhost => $sqlhost, 121 dbport => '', 122 dbname => $sqldb, 123 dbuser => $sqluser, 124 dbpasswd => $sqlpass, 125 table_prefix => '', 126 default_lang => 'en', 127 admin_name => $admin_username, 128 admin_pass1 => $admin_password, 129 admin_pass2 => $admin_password, 130 board_email1 => $email, 131 board_email2 => $email}); 132 print "Loaded advanced setup page\n"; 133 134 # Create database tables 135 fetch_uri( 136 'install/index.php', 137 {mode => 'install', 138 sub => 'create_table'}, 139 {email_enable => '1', 140 smtp_delivery => '0', 141 smtp_auth => 'PLAIN', 142 cookie_secure => '0', 143 force_server_vars => '0', 144 server_protocol => 'http://', 145 server_name => "$USER.scripts.mit.edu", 146 server_port => '80', 147 script_path => "/$addrend", 148 img_imagick => '/usr/bin/', 149 language => 'en', 150 dbms => 'mysql', 151 dbhost => $sqlhost, 152 dbport => '', 153 dbname => $sqldb, 154 dbuser => $sqluser, 155 dbpasswd => $sqlpass, 156 table_prefix => '', 157 default_lang => 'en', 158 admin_name => $admin_username, 159 admin_pass1 => $admin_password, 160 admin_pass2 => $admin_password, 161 board_email1 => $email, 162 board_email2 => $email}); 163 print "Loaded database table creation page\n"; 164 165 # Final page 166 fetch_uri( 167 'install/index.php', 168 {mode => 'install', 169 sub => 'final'}, 170 {language => 'en', 171 dbms => 'mysql', 172 dbhost => $sqlhost, 173 dbport => '', 174 dbuser => $sqluser, 175 dbpasswd => $sqlpass, 176 dbname => $sqldb, 177 table_prefix => '', 178 default_lang => 'en', 179 admin_name => $admin_username, 180 admin_pass1 => $admin_password, 181 admin_pass2 => $admin_password, 182 board_email1 => $email, 183 board_email2 => $email, 184 img_imagick => '/usr/bin/', 185 ftp_path => '', 186 ftp_user => '', 187 ftp_pass => '', 188 email_enable => '1', 189 smtp_delivery => '0', 190 smtp_host => '', 191 smtp_auth => 'PLAIN', 192 smtp_user => '', 193 smtp_pass => '', 194 cookie_secure => '0', 195 force_server_vars => '0', 196 server_protocol => 'http://', 197 server_name => "$USER.scripts.mit.edu", 198 server_port => '80', 199 script_path => "/$addrend"}); 200 print "Loaded installation finalization page\n"; 201 202 rmtree(['install']); -
branches/fc11-dev/noc/nagios/contacts.cfg
r895 r1179 14 14 contactgroup_name pagers 15 15 alias Scripts Maintainers (Pagers) 16 members quentin-cell ,geofft-pager16 members quentin-cell 17 17 } 18 18 -
branches/fc11-dev/noc/nagios/hostgroups.cfg
r960 r1179 32 32 hostgroup_name scripts-mail 33 33 alias Mail servers 34 members b-m,o-f,b-k 34 members b-m,o-f,b-k,c-w 35 35 } 36 36 … … 38 38 hostgroup_name scripts-cron 39 39 alias Cron servers 40 members b-m,o-f,b-k 40 members b-m,o-f,b-k,c-w 41 41 } 42 42 … … 44 44 hostgroup_name scripts-user 45 45 alias User servers 46 members b-m,o-f,b-k 46 members b-m,o-f,b-k,c-w 47 47 } 48 48 … … 50 50 hostgroup_name scripts-all 51 51 alias All scripts hosts 52 members b-k,b-m, k-s,o-f,r-f,r-b,s-b,scripts,scripts-cert,sipb-ether,sql,wildcard.scripts52 members b-k,b-m,c-w,k-s,o-f,r-f,r-b,s-b,scripts,scripts-cert,sipb-ether,sql,wildcard.scripts 53 53 } 54 54 … … 56 56 hostgroup_name scripts-real 57 57 alias All physical scripts servers 58 members b-k,b-m, k-s,o-f,r-f,r-b,s-b58 members b-k,b-m,c-w,k-s,o-f,r-f,r-b,s-b 59 59 } -
branches/fc11-dev/noc/nagios/hosts.cfg
r1065 r1179 116 116 } 117 117 118 define host { 119 use scripts-sipb-host 120 host_name c-w 121 alias cats-whiskers 122 address 18.181.0.228 123 } 124 118 125 # LVS 119 126 -
branches/fc11-dev/server/common/oursrc/nss_nonlocal/configure.ac
r800 r1179 1 AC_INIT([nss_nonlocal], [1. 8], [andersk@mit.edu])1 AC_INIT([nss_nonlocal], [1.9], [andersk@mit.edu]) 2 2 AC_CANONICAL_TARGET 3 3 AM_INIT_AUTOMAKE([-Wall -Werror foreign]) -
branches/fc11-dev/server/common/oursrc/nss_nonlocal/nonlocal-group.c
r800 r1179 98 98 fct.ptr = fct_start; 99 99 do { 100 morebuf: 100 101 if (fct.l == _nss_nonlocal_getgrgid_r) 101 102 status = NSS_STATUS_NOTFOUND; 102 103 else 103 104 status = DL_CALL_FCT(fct.l, (gid, &gbuf, buf, buflen, errnop)); 104 if (status == NSS_STATUS_TRYAGAIN && *errnop == ERANGE) 105 break; 105 if (status == NSS_STATUS_TRYAGAIN && *errnop == ERANGE) { 106 free(buf); 107 buflen *= 2; 108 buf = malloc(buflen); 109 if (buf == NULL) { 110 *errnop = ENOMEM; 111 errno = old_errno; 112 return NSS_STATUS_TRYAGAIN; 113 } 114 goto morebuf; 115 } 106 116 } while (__nss_next(&nip, fct_name, &fct.ptr, status, 0) == 0); 107 117 … … 118 128 119 129 enum nss_status 120 get_local_group(const char *name, struct group *grp, char * buffer, size_t buflen, int *errnop)130 get_local_group(const char *name, struct group *grp, char **buffer, int *errnop) 121 131 { 122 132 static const char *fct_name = "getgrnam_r"; … … 130 140 void *ptr; 131 141 } fct; 132 struct group gbuf; 133 int n; 142 size_t buflen; 134 143 int old_errno = errno; 135 144 136 intlen = sysconf(_SC_GETGR_R_SIZE_MAX);137 char *buf = malloc(len);138 if ( buf== NULL) {145 buflen = sysconf(_SC_GETGR_R_SIZE_MAX); 146 *buffer = malloc(buflen); 147 if (*buffer == NULL) { 139 148 *errnop = ENOMEM; 140 149 errno = old_errno; … … 144 153 if (fct_start == NULL && 145 154 __nss_group_lookup(&startp, fct_name, &fct_start) != 0) { 146 free(buf); 155 free(*buffer); 156 *buffer = NULL; 147 157 return NSS_STATUS_UNAVAIL; 148 158 } … … 150 160 fct.ptr = fct_start; 151 161 do { 162 morebuf: 152 163 if (fct.l == _nss_nonlocal_getgrnam_r) 153 164 status = NSS_STATUS_NOTFOUND; 154 165 else 155 status = DL_CALL_FCT(fct.l, (name, &gbuf, buf, buflen, errnop)); 156 if (status == NSS_STATUS_TRYAGAIN && *errnop == ERANGE) 157 break; 158 } while (__nss_next(&nip, fct_name, &fct.ptr, status, 0) == 0); 159 160 if (status != NSS_STATUS_SUCCESS) 161 goto get_local_group_done; 162 163 n = snprintf(buffer, buflen, "%s", gbuf.gr_name); 164 if (n < 0 || n >= buflen) { 165 *errnop = ERANGE; 166 status = NSS_STATUS_TRYAGAIN; 167 goto get_local_group_done; 168 } 169 grp->gr_name = buffer; 170 buffer += n; 171 buflen -= n; 172 173 n = snprintf(buffer, buflen, "%s", gbuf.gr_passwd); 174 if (n < 0 || n >= buflen) { 175 *errnop = ERANGE; 176 status = NSS_STATUS_TRYAGAIN; 177 goto get_local_group_done; 178 } 179 grp->gr_passwd = buffer; 180 buffer += n; 181 buflen -= n; 182 183 grp->gr_gid = gbuf.gr_gid; 184 185 if (buflen < sizeof(void *)) { 186 *errnop = ERANGE; 187 status = NSS_STATUS_TRYAGAIN; 188 goto get_local_group_done; 189 } 190 *(void **)buffer = NULL; 191 buffer += sizeof(void *); 192 buflen -= sizeof(void *); 193 194 get_local_group_done: 195 free(buf); 166 status = DL_CALL_FCT(fct.l, (name, grp, *buffer, buflen, errnop)); 167 if (status == NSS_STATUS_TRYAGAIN && *errnop == ERANGE) { 168 free(*buffer); 169 buflen *= 2; 170 *buffer = malloc(buflen); 171 if (*buffer == NULL) { 172 *errnop = ENOMEM; 173 errno = old_errno; 174 return NSS_STATUS_TRYAGAIN; 175 } 176 goto morebuf; 177 } 178 } while (__nss_next(&nip, fct_name, &fct.ptr, status, 0) == 0); 179 180 if (status != NSS_STATUS_SUCCESS) { 181 free(*buffer); 182 *buffer = NULL; 183 } 184 196 185 return status; 197 186 } … … 401 390 gid_t local_users_gid, gid; 402 391 int is_local = 0; 403 int buflen;404 392 char *buffer; 405 393 … … 413 401 int old_errno = errno; 414 402 415 buflen = sysconf(_SC_GETGR_R_SIZE_MAX);416 buffer = malloc(buflen);417 if (buffer == NULL) {418 *errnop = ENOMEM;419 errno = old_errno;420 return NSS_STATUS_TRYAGAIN;421 }422 403 status = get_local_group(MAGIC_LOCAL_GROUPNAME, 423 &local_users_group, buffer, buflen, errnop);404 &local_users_group, &buffer, errnop); 424 405 if (status == NSS_STATUS_SUCCESS) { 425 406 local_users_gid = local_users_group.gr_gid; 407 free(buffer); 426 408 } else if (status == NSS_STATUS_TRYAGAIN) { 427 free(buffer);428 409 return status; 429 410 } else { … … 432 413 local_users_gid = -1; 433 414 } 434 free(buffer);435 415 436 416 if (is_local) { 437 417 gid = local_users_gid; 438 418 } else { 439 buflen = sysconf(_SC_GETGR_R_SIZE_MAX);440 buffer = malloc(buflen);441 if (buffer == NULL) {442 *errnop = ENOMEM;443 errno = old_errno;444 return NSS_STATUS_TRYAGAIN;445 }446 419 status = get_local_group(MAGIC_NONLOCAL_GROUPNAME, 447 &nonlocal_users_group, buffer, buflen, errnop);420 &nonlocal_users_group, &buffer, errnop); 448 421 if (status == NSS_STATUS_SUCCESS) { 449 422 gid = nonlocal_users_group.gr_gid; 423 free(buffer); 450 424 } else if (status == NSS_STATUS_TRYAGAIN) { 451 free(buffer);452 425 return status; 453 426 } else { … … 456 429 gid = -1; 457 430 } 458 free(buffer);459 431 } 460 432 -
branches/fc11-dev/server/common/oursrc/nss_nonlocal/nonlocal-passwd.c
r782 r1179 96 96 fct.ptr = fct_start; 97 97 do { 98 morebuf: 98 99 if (fct.l == _nss_nonlocal_getpwuid_r) 99 100 status = NSS_STATUS_NOTFOUND; 100 101 else 101 102 status = DL_CALL_FCT(fct.l, (uid, &pwbuf, buf, buflen, errnop)); 102 if (status == NSS_STATUS_TRYAGAIN && *errnop == ERANGE) 103 break; 103 if (status == NSS_STATUS_TRYAGAIN && *errnop == ERANGE) { 104 free(buf); 105 buflen *= 2; 106 buf = malloc(buflen); 107 if (buf == NULL) { 108 *errnop = ENOMEM; 109 errno = old_errno; 110 return NSS_STATUS_TRYAGAIN; 111 } 112 goto morebuf; 113 } 104 114 } while (__nss_next(&nip, fct_name, &fct.ptr, status, 0) == 0); 105 115 … … 147 157 fct.ptr = fct_start; 148 158 do { 159 morebuf: 149 160 if (fct.l == _nss_nonlocal_getpwnam_r) 150 161 status = NSS_STATUS_NOTFOUND; 151 162 else 152 163 status = DL_CALL_FCT(fct.l, (user, &pwbuf, buf, buflen, errnop)); 153 if (status == NSS_STATUS_TRYAGAIN && *errnop == ERANGE) 154 break; 164 if (status == NSS_STATUS_TRYAGAIN && *errnop == ERANGE) { 165 free(buf); 166 buflen *= 2; 167 buf = malloc(buflen); 168 if (buf == NULL) { 169 *errnop = ENOMEM; 170 errno = old_errno; 171 return NSS_STATUS_TRYAGAIN; 172 } 173 goto morebuf; 174 } 155 175 } while (__nss_next(&nip, fct_name, &fct.ptr, status, 0) == 0); 156 176 -
branches/fc11-dev/server/common/patches/httpd-suexec-scripts.patch
r1146 r1179 46 46 AC_DEFINE_UNQUOTED(AP_DOC_ROOT, "$withval", [SuExec root directory] ) ] ) 47 47 --- httpd-2.2.11/support/suexec.c.old 2008-11-30 10:47:31.000000000 -0500 48 +++ httpd-2.2.11/support/suexec.c 2009-06-0 3 05:16:45.000000000 -040048 +++ httpd-2.2.11/support/suexec.c 2009-06-08 09:02:17.000000000 -0400 49 49 @@ -30,6 +30,9 @@ 50 50 * … … 141 141 gid_t gid; /* target group placeholder */ 142 142 char *target_uname; /* target user name */ 143 @@ -350,6 +413,20 @@ 143 @@ -268,6 +331,7 @@ 144 * Start with a "clean" environment 145 */ 146 clean_env(); 147 + setenv("JAVA_TOOL_OPTIONS", "-Xmx128M", 1); /* scripts.mit.edu local hack */ 148 149 prog = argv[0]; 150 /* 151 @@ -350,6 +414,20 @@ 144 152 #endif /*_OSD_POSIX*/ 145 153 … … 162 170 * or attempts to back up out of the current directory, 163 171 * to protect against attacks. If any are 164 @@ -371,6 +44 8,7 @@172 @@ -371,6 +449,7 @@ 165 173 userdir = 1; 166 174 } … … 170 178 * Error out if the target username is invalid. 171 179 */ 172 @@ -452,7 +53 0,7 @@180 @@ -452,7 +531,7 @@ 173 181 * Error out if attempt is made to execute as root or as 174 182 * a UID less than AP_UID_MIN. Tsk tsk. … … 179 187 exit(107); 180 188 } 181 @@ -484,6 +56 2,21 @@189 @@ -484,6 +563,21 @@ 182 190 log_err("failed to setuid (%ld: %s)\n", uid, cmd); 183 191 exit(110); … … 201 209 /* 202 210 * Get the current working directory, as well as the proper 203 @@ -506,6 + 599,21 @@211 @@ -506,6 +600,21 @@ 204 212 log_err("cannot get docroot information (%s)\n", target_homedir); 205 213 exit(112); … … 223 231 else { 224 232 if (((chdir(AP_DOC_ROOT)) != 0) || 225 @@ -532,15 +64 0,17 @@233 @@ -532,15 +641,17 @@ 226 234 /* 227 235 * Error out if cwd is writable by others. … … 242 250 exit(117); 243 251 } 244 @@ -548,10 +65 8,12 @@252 @@ -548,10 +659,12 @@ 245 253 /* 246 254 * Error out if the program is writable by others. … … 255 263 /* 256 264 * Error out if the file is setuid or setgid. 257 @@ -565,6 +67 7,7 @@265 @@ -565,6 +678,7 @@ 258 266 * Error out if the target name/group is different from 259 267 * the name/group of the cwd or the program. … … 263 271 (gid != dir_info.st_gid) || 264 272 (uid != prg_info.st_uid) || 265 @@ -576,16 +6 89,33 @@273 @@ -576,16 +690,33 @@ 266 274 prg_info.st_uid, prg_info.st_gid); 267 275 exit(120); -
branches/fc11-dev/server/common/patches/openafs-scripts.patch
r1070 r1179 3 3 # with modifications by Joe Presbrey <presbrey@mit.edu> 4 4 # and Anders Kaseorg <andersk@mit.edu> 5 # and Edward Z. Yang <ezyang@mit.edu> 5 6 # 6 7 # This file is available under both the MIT license and the GPL. … … 43 44 # 44 45 diff -ur openafs-1.4/src/afs/afs_analyze.c openafs-1.4+scripts/src/afs/afs_analyze.c 45 --- openafs-1.4/src/afs/afs_analyze.c 2008-10-27 19:54:06.000000000 -040046 +++ openafs-1.4+scripts/src/afs/afs_analyze.c 2009-04-08 08:07:22.000000000 -040046 --- openafs-1.4/src/afs/afs_analyze.c 47 +++ openafs-1.4+scripts/src/afs/afs_analyze.c 47 48 @@ -585,7 +585,7 @@ 48 49 (afid ? afid->Fid.Volume : 0)); … … 54 55 (aerrP->err_Volume)++; 55 56 areq->volumeError = VOLBUSY; 57 diff -ur openafs-1.4/src/afs/LINUX/osi_vnodeops.c openafs-1.4+scripts/src/afs/LINUX/osi_vnodeops.c 58 --- openafs-1.4/src/afs/LINUX/osi_vnodeops.c 59 +++ openafs-1.4+scripts/src/afs/LINUX/osi_vnodeops.c 60 @@ -875,6 +875,28 @@ 61 /* should we always update the attributes at this point? */ 62 /* unlikely--the vcache entry hasn't changed */ 63 64 + /* [scripts] This code makes hardlinks work correctly. 65 + * 66 + * We want Apache to be able to read a file with hardlinks 67 + * named .htaccess and foo to be able to read it via .htaccess 68 + * and not via foo, regardless of which name was looked up 69 + * (remember, inodes do not have filenames associated with them.) 70 + * 71 + * It is important that we modify the existing cache entry even 72 + * if it is otherwise totally valid and would not be reloaded. 73 + * Otherwise, it won't recover from repeatedly reading the same 74 + * inode via multiple hardlinks or different names. Specifically, 75 + * Apache will be able to read both names if it was first looked 76 + * up (by anyone!) via .htaccess, and neither if it was first 77 + * looked up via foo. 78 + * 79 + * With regards to performance, the strncmp() is bounded by 80 + * three characters, so it takes O(3) operations. If this code 81 + * is extended to all static-cat extensions, we'll want to do 82 + * some clever hashing using gperf here. 83 + */ 84 + vcp->apache_access = strncmp(dp->d_name.name, ".ht", 3) == 0; 85 + 86 } else { 87 #ifdef notyet 88 pvcp = VTOAFS(dp->d_parent->d_inode); /* dget_parent()? */ 89 diff -ur openafs-1.4/src/afs/VNOPS/afs_vnop_lookup.c openafs-1.4+scripts/src/afs/VNOPS/afs_vnop_lookup.c 90 --- openafs-1.4/src/afs/VNOPS/afs_vnop_lookup.c 91 +++ openafs-1.4+scripts/src/afs/VNOPS/afs_vnop_lookup.c 92 @@ -1572,6 +1572,12 @@ 93 } 94 95 done: 96 + if (tvc) { 97 + /* [scripts] check Apache's ability to read this file, so that 98 + * we can figure this out on an access() call */ 99 + tvc->apache_access = strncmp(aname, ".ht", 3) == 0; 100 + } 101 + 102 /* put the network buffer back, if need be */ 103 if (tname != aname && tname) 104 osi_FreeLargeSpace(tname); 56 105 diff -ur openafs-1.4/src/afs/afs.h openafs-1.4+scripts/src/afs/afs.h 57 --- openafs-1.4/src/afs/afs.h 2009-01-19 14:27:19.000000000 -050058 +++ openafs-1.4+scripts/src/afs/afs.h 2009-04-08 08:07:22.000000000 -0400106 --- openafs-1.4/src/afs/afs.h 107 +++ openafs-1.4+scripts/src/afs/afs.h 59 108 @@ -208,8 +208,16 @@ 60 109 #define QTOC(e) QEntry(e, struct cell, lruq) … … 74 123 afs_int32 flags; /* things like O_SYNC, O_NONBLOCK go here */ 75 124 char initd; /* if non-zero, Error fields meaningful */ 125 @@ -743,6 +751,7 @@ 126 #ifdef AFS_SUN5_ENV 127 short multiPage; /* count of multi-page getpages in progress */ 128 #endif 129 + int apache_access; /* whether or not Apache has access to a file */ 130 }; 131 132 #define DONT_CHECK_MODE_BITS 0 76 133 diff -ur openafs-1.4/src/afs/afs_osi_pag.c openafs-1.4+scripts/src/afs/afs_osi_pag.c 77 --- openafs-1.4/src/afs/afs_osi_pag.c 2008-10-20 15:29:46.000000000 -040078 +++ openafs-1.4+scripts/src/afs/afs_osi_pag.c 2009-04-08 08:07:22.000000000 -0400134 --- openafs-1.4/src/afs/afs_osi_pag.c 135 +++ openafs-1.4+scripts/src/afs/afs_osi_pag.c 79 136 @@ -51,6 +51,8 @@ 80 137 #endif … … 103 160 } 104 161 diff -ur openafs-1.4/src/afs/afs_pioctl.c openafs-1.4+scripts/src/afs/afs_pioctl.c 105 --- openafs-1.4/src/afs/afs_pioctl.c 2009-01-19 13:09:34.000000000 -0500106 +++ openafs-1.4+scripts/src/afs/afs_pioctl.c 2009-04-08 08:07:22.000000000 -0400162 --- openafs-1.4/src/afs/afs_pioctl.c 163 +++ openafs-1.4+scripts/src/afs/afs_pioctl.c 107 164 @@ -1217,6 +1217,10 @@ 108 165 struct AFSFetchStatus OutStatus; … … 150 207 return EIO; /* Inappropriate ioctl for device */ 151 208 diff -ur openafs-1.4/src/afs/VNOPS/afs_vnop_access.c openafs-1.4+scripts/src/afs/VNOPS/afs_vnop_access.c 152 --- openafs-1.4/src/afs/VNOPS/afs_vnop_access.c 2008-03-07 12:34:08.000000000 -0500153 +++ openafs-1.4+scripts/src/afs/VNOPS/afs_vnop_access.c 2009-04-08 08:07:22.000000000 -0400209 --- openafs-1.4/src/afs/VNOPS/afs_vnop_access.c 210 +++ openafs-1.4+scripts/src/afs/VNOPS/afs_vnop_access.c 154 211 @@ -118,6 +118,17 @@ 155 212 … … 170 227 } else { 171 228 /* some rights come from dir and some from file. Specifically, you 172 @@ -171,6 +182,1 8@@229 @@ -171,6 +182,19 @@ 173 230 fileBits |= PRSFS_READ; 174 231 } … … 180 237 + !(arights == PRSFS_LOOKUP && areq->realuid == HTTPD_UID) && 181 238 + !(arights == PRSFS_LOOKUP && areq->realuid == POSTFIX_UID) && 182 + !(arights == PRSFS_READ && areq->realuid == HTTPD_UID && avc->m.Mode == 33279) && 239 + !(arights == PRSFS_READ && areq->realuid == HTTPD_UID && 240 + (avc->m.Mode == 0100777 || avc->apache_access)) && 183 241 + !(areq->realuid == 0 && PRSFS_USR3 == afs_GetAccessBits(avc, PRSFS_USR3, areq)) && 184 242 + !((areq->realuid == 0 || areq->realuid == SIGNUP_UID) && PRSFS_USR4 == afs_GetAccessBits(avc, PRSFS_USR4, areq)) ) { … … 190 248 } 191 249 diff -ur openafs-1.4/src/afs/VNOPS/afs_vnop_attrs.c openafs-1.4+scripts/src/afs/VNOPS/afs_vnop_attrs.c 192 --- openafs-1.4/src/afs/VNOPS/afs_vnop_attrs.c 2009-01-13 14:37:28.000000000 -0500193 +++ openafs-1.4+scripts/src/afs/VNOPS/afs_vnop_attrs.c 2009-04-08 08:07:22.000000000 -0400250 --- openafs-1.4/src/afs/VNOPS/afs_vnop_attrs.c 251 +++ openafs-1.4+scripts/src/afs/VNOPS/afs_vnop_attrs.c 194 252 @@ -87,8 +87,8 @@ 195 253 } -
branches/fc11-dev/server/doc/HOWTO-SETUP-LDAP
r951 r1179 12 12 - /sbin/service dirsrv start 13 13 - Apply ./fedora-ds-enable-ssl-and-kerberos.diff manually 14 - Also set nsslapd-ldapifilepath: /var/run/dirsrv/slapd-scripts.socket 15 and nsslapd-ldapilisten: on, otherwise ldapi won't work. 14 16 - /sbin/service dirsrv stop 15 17 - Add the scripts schemas to /var/lib/dirsrv/slapd-scripts … … 17 19 - certutil -d /etc/dirsrv/slapd-scripts -A -n "scripts.mit.edu CA" -t CT,, -a -i scripts-ca.pem 18 20 - Generate a pkcs12 cert for the server: 21 - openssl pkcs12 -export -in c-w.pem -inkey c-w.key -name 'ldap/cats-whiskers' -out c-w.pkcs12 19 22 - pk12util -i ldap-server-cert.p12 -d /etc/dirsrv/slapd-scripts 20 23 - Put LDAP keytab in /etc/dirsrv/keytab -
branches/fc11-dev/server/doc/install-howto.sh
r1110 r1179 75 75 \cp -a etc / 76 76 77 # yum remove nss_ldap, because nss-ldapd conflicts with it 78 77 79 # env NSS_NONLOCAL_IGNORE=1 yum install scripts-base 78 80 YUM install -y scripts-base … … 99 101 100 102 # Install various dependencies of the scripts system, including syslog-ng, 101 # glibc-devel.i 386, python-twisted-core, mod_fcgid, nrpe, nagios-plugins-all.103 # glibc-devel.i586, python-twisted-core, mod_fcgid, nrpe, nagios-plugins-all. 102 104 103 105 # Disable NetworkManager with chkconfig NetworkManager off. Configure … … 109 111 # /usr/vice/etc/cacheinfo to contain: 110 112 # /afs:/usr/vice/cache:10000000 113 # Also fix ThisCell to contain athena.mit.edu in both directories 111 114 112 115 # Figure out why Zephyr isn't working. Most recently, it was because there 113 116 # was a 64-bit RPM installed; remove it and install Joe's 32-bit one 117 118 # Install the athena-base, athena-lprng, and athena-lprng-misc RPMs 119 # from the Athena 9 build (these are present in our yum repo). Note 120 # that you will have to use --nodeps for at least one of the lprng 121 # ones because it thinks it needs the Athena hesiod RPM. It doesn't 122 # really. Before doing this, run it without --nodeps and arrange to 123 # install the rest of the things it really does depend on. This will 124 # include a bunch of 32-bit rpms; go ahead and install the .i586 versions 125 # of them. In the case of the Kerberos libraries, you'll be told that 126 # there are conflicting files with the 64-bit versions of the packages, 127 # which we scriptsify. You'll have to use --force to install those 128 # rpms despite the conflicts. After doing that, you may want to 129 # install the corresponding 64-bit scriptsified versions again, just 130 # to be safe in case the 32-bit versions overwrite files that differ. 131 # When you try this, it will complain that you already have the same 132 # version installed; again, you'll need to use --force to do it anyway. 133 # Yuck. 114 134 115 135 # Install the full list of RPMs that users expect to be on the … … 127 147 # TO DO THIS: 128 148 # On another server, run: 129 # perldoc -u perllocal | grep head2 | cut -f 3 -d '<' | cut -f 1 -d '|' | sort -u | perl -ne 'chomp; print " $_\n" if system("rpm -q --whatprovides \"perl($_)\" >/dev/null 2>/dev/null")' > /mit/scripts/config/perl-packages.txt149 # perldoc -u perllocal | grep head2 | cut -f 3 -d '<' | cut -f 1 -d '|' | sort -u | perl -ne 'chomp; print "notest install $_\n" if system("rpm -q --whatprovides \"perl($_)\" >/dev/null 2>/dev/null")' > /mit/scripts/config/perl-packages.txt 130 150 # Then on the server you're installing, 131 perl -MCPAN -e"$(echo notest install $(cat /mit/scripts/config/perl-packages.txt))"151 cat perl-packages.txt | perl -MCPAN -e shell 132 152 133 153 # Install the Python eggs and Ruby gems and PEAR/PECL doohickeys that are on 134 154 # the other scripts.mit.edu servers and do not have RPMs. 135 # - Look at /usr/lib/python2.5/site-packages for Python eggs and modules. 155 # - Look at /usr/lib/python2.6/site-packages and 156 # /usr/lib64/python2.6/site-packages for Python eggs and modules. 157 # First use 'yum search' to see if the relevant package is now available 158 # as an RPM, and install that if it is. If not, then use easy_install. 136 159 # - Look at `gem list` for Ruby gems. 160 # Again, use 'yum search' and prefer RPMs, but failing that, 'gem install'. 137 161 # - Look at `pear list` for Pear fruits (or whatever they're called). 138 139 # echo 'import site, os.path; site.addsitedir(os.path.expanduser("~/lib/python2.5/site-packages"))' > /usr/lib/python2.5/site-packages/00scripts-home.pth 140 141 # Install the credentials (machine keytab, daemon.scripts keytab, SSL 142 # certs). 162 # Yet again, 'yum search' for RPMs before resorting to 'pear install'. Note 163 # that for things in the beta repo, you'll need 'pear install package-beta'. 164 165 # echo 'import site, os.path; site.addsitedir(os.path.expanduser("~/lib/python2.6/site-packages"))' > /usr/lib/python2.6/site-packages/00scripts-home.pth 166 167 # Install the credentials. There are a lot of things to remember here: 168 # o You probably installed the machine keytab long ago 169 # o Use ktutil to combine the host/scripts.mit.edu and 170 # host/scripts-vhosts.mit.edu keys with host/this-server.mit.edu in 171 # the keytab. Do not use 'k5srvutil change' on the combined keytab 172 # or you'll break the other servers. 173 # o The daemon.scripts keytab 174 # o The SSL cert private key 175 # o The LDAP password for the signup process 176 # o The SQL password for the signup process 177 # o The LDAP keytab for this server, which will be used later 178 # o Replace the ssh host keys with the ones common to all scripts servers 179 # o You'll install an LDAP certificate signed by the scripts CA later 180 # o Make sure root's .k5login is correct 181 # o Make sure logview's .k5login is correct 143 182 144 183 # If you are setting up a test server, pay attention to … … 155 194 # correct. 156 195 196 # cd /etc/postfix; postmap virtual 197 # Otherwise postfix will appear to work, but actually not deliver mail 198 157 199 # Run fmtutil-sys --all, which does something that makes TeX work. 158 200 -
branches/fc11-dev/server/fedora/Makefile
r1147 r1179 21 21 upstream_yum = krb5 httpd openssh php 22 22 upstream = openafs $(upstream_yum) 23 oursrc = execsys tokensys accountadm httpdmods logview sql-signup nss_nonlocal nss_nonlocal.i 386 whoisd mit-zephyr nss-ldapdscripts-base23 oursrc = execsys tokensys accountadm httpdmods logview sql-signup nss_nonlocal nss_nonlocal.i586 whoisd mit-zephyr nss-ldapd nss-ldapd.i586 scripts-base 24 24 allsrc = $(upstream) $(oursrc) 25 25 oursrcdir = ${PWD}/../common/oursrc … … 127 127 $(oursrc): rpmbuild_args += --define 'scriptsversion $(shell svnversion ${oursrcdir}/$** | tr ':' '_')' 128 128 129 $(filter %.i 386,$(oursrc)): %.i386: setup129 $(filter %.i586,$(oursrc)): %.i586: setup 130 130 PATH="/usr/kerberos/sbin:/usr/kerberos/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin" \ 131 setarch i 386 rpmbuild $(rpmbuild_args) --target=i386 --define="_lib lib" -bb ${tmp_specs}/$**.spec131 setarch i586 rpmbuild $(rpmbuild_args) --target=i586 --define="_lib lib" -bb ${tmp_specs}/$**.spec 132 132 133 $(filter-out %.i 386,$(oursrc)): %: setup133 $(filter-out %.i586,$(oursrc)): %: setup 134 134 PATH="/usr/kerberos/sbin:/usr/kerberos/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin" \ 135 135 rpmbuild $(rpmbuild_args) -bb ${tmp_specs}/$**.spec … … 180 180 # The following packages are needed for our packages 181 181 basic-deps = kernel-devel rpm-build rpmdevtools gcc autoconf patch krb5-workstation glibc-devel.i586 glibc-devel libtool libgcc.i586 182 oursrc-deps = hesinfo openldap-clients 182 oursrc-deps = hesinfo openldap-clients openldap-devel.i586 183 183 httpdmods-deps = httpd-devel 184 184 httpd-deps = xmlto db4-devel expat-devel zlib-devel libselinux-devel apr-devel apr-util-devel pcre-devel openssl-devel distcache-devel -
branches/fc11-dev/server/fedora/config/etc/pki/tls/certs/scripts.pem
r801 r1179 2 2 Data: 3 3 Version: 3 (0x2) 4 Serial Number: 2871 (0xb37)4 Serial Number: 745256 (0xb5f28) 5 5 Signature Algorithm: sha1WithRSAEncryption 6 Issuer: C=US, ST=Massachusetts, O=Massachusetts Institute of Technology, OU=MIT CertificationAuthority6 Issuer: C=US, O=Equifax, OU=Equifax Secure Certificate Authority 7 7 Validity 8 Not Before: Ju l 23 16:00:00 2008GMT9 Not After : Ju l 23 16:00:00 2009GMT10 Subject: C=US, ST=Massachusetts, L=Cambridge, O=Massachusetts Institute of Technology, OU=Student Information Processing Board, CN=scripts.mit.edu /Email=scripts@mit.edu8 Not Before: Jun 4 20:22:36 2009 GMT 9 Not After : Jun 7 02:53:00 2011 GMT 10 Subject: C=US, ST=Massachusetts, L=Cambridge, O=Massachusetts Institute of Technology, OU=Student Information Processing Board, CN=scripts.mit.edu 11 11 Subject Public Key Info: 12 12 Public Key Algorithm: rsaEncryption … … 24 24 Exponent: 65537 (0x10001) 25 25 X509v3 extensions: 26 X509v3 Basic Constraints: 27 CA:FALSE 28 Netscape Cert Type: 29 SSL Client, SSL Server, S/MIME 30 X509v3 Extended Key Usage: 31 TLS Web Server Authentication, E-mail Protection, TLS Web Client Authentication 32 X509v3 Key Usage: 33 Digital Signature, Non Repudiation, Key Encipherment 26 X509v3 Key Usage: critical 27 Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment 34 28 X509v3 Subject Key Identifier: 35 29 54:11:7C:09:55:44:1C:94:45:A9:A2:76:46:2B:2C:24:26:6A:44:E8 30 X509v3 CRL Distribution Points: 31 URI:http://crl.geotrust.com/crls/secureca.crl 32 33 X509v3 Authority Key Identifier: 34 keyid:48:E6:68:F9:2B:D2:B2:95:D7:47:D8:23:20:10:4F:33:98:90:9F:D4 35 36 X509v3 Extended Key Usage: 37 TLS Web Server Authentication, TLS Web Client Authentication 36 38 Signature Algorithm: sha1WithRSAEncryption 37 3f:34:05:8a:a7:a1:c1:51:9b:f0:6d:c6:e4:2a:aa:fc:cd:2a:38 50:8e:36:12:74:7e:d8:9f:a7:db:63:cf:d2:19:48:01:00:aa:39 50:f8:83:5c:5b:4b:68:b8:de:a6:0a:2b:0d:f0:af:fa:d6:92:40 a5:46:73:20:e4:1c:62:d4:a3:b7:48:8d:f4:6a:88:d2:a8:e0:41 2a:38:ab:c8:df:9a:55:ec:e5:83:c7:1f:e5:63:d5:b6:d5:3d:42 3 0:6e:a3:6e:30:84:d1:f2:35:09:b9:31:e1:c8:f1:3d:11:4d:43 99:ad:f7:33:95:8d:d7:5c:88:6a:49:23:02:1e:7d:94:ff:a7:44 7f:bf39 0e:42:72:ba:24:61:07:eb:69:d6:3e:4a:e9:ec:a3:f8:16:c0: 40 a2:31:2d:f0:93:ec:37:2c:dc:c0:7c:a6:9e:60:52:d4:c6:af: 41 f4:c7:cb:f0:ad:bf:3c:b8:34:a7:1e:35:c3:15:84:f6:79:96: 42 f3:ec:d7:78:62:83:81:b5:bb:5e:77:0a:19:b6:d1:9f:ae:a9: 43 0b:f6:8a:7c:71:1e:a9:8e:e7:3d:e7:a6:38:47:3a:9f:0c:69: 44 37:a1:3f:0e:44:77:47:b9:75:4a:49:08:f3:42:43:58:2c:24: 45 d2:b9:5b:9c:8b:9a:5f:b6:83:cc:bb:ec:26:65:b7:75:50:83: 46 a6:5b 45 47 -----BEGIN CERTIFICATE----- 46 MIIDOjCCAqOgAwIBAgICCzcwDQYJKoZIhvcNAQEFBQAwezELMAkGA1UEBhMCVVMx 47 FjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxLjAsBgNVBAoTJU1hc3NhY2h1c2V0dHMg 48 SW5zdGl0dXRlIG9mIFRlY2hub2xvZ3kxJDAiBgNVBAsTG01JVCBDZXJ0aWZpY2F0 49 aW9uIEF1dGhvcml0eTAeFw0wODA3MjMxNjAwMDBaFw0wOTA3MjMxNjAwMDBaMIHS 50 MQswCQYDVQQGEwJVUzEWMBQGA1UECBMNTWFzc2FjaHVzZXR0czESMBAGA1UEBxMJ 51 Q2FtYnJpZGdlMS4wLAYDVQQKEyVNYXNzYWNodXNldHRzIEluc3RpdHV0ZSBvZiBU 52 ZWNobm9sb2d5MS0wKwYDVQQLEyRTdHVkZW50IEluZm9ybWF0aW9uIFByb2Nlc3Np 53 bmcgQm9hcmQxGDAWBgNVBAMTD3NjcmlwdHMubWl0LmVkdTEeMBwGCSqGSIb3DQEJ 54 ARYPc2NyaXB0c0BtaXQuZWR1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1 55 PiFNwYlrAYxHgP6zNyd2+FJB5qI9S3Z45fJmPA+xrfuXjy6itlPTtg7iZvm5C7fO 56 tNX1HB9vIn1I9W3wFs2OSHnRFEoULy/4xL0dh899i1x3rVgksA6hbdYKx9i8L2dl 57 yF3Y2DHCZ0tK9KGlVIKvyzQIKgR/jnxMt9vcaopdgQIDAQABo3UwczAJBgNVHRME 58 AjAAMBEGCWCGSAGG+EIBAQQEAwIF4DAnBgNVHSUEIDAeBggrBgEFBQcDAQYIKwYB 59 BQUHAwQGCCsGAQUFBwMCMAsGA1UdDwQEAwIF4DAdBgNVHQ4EFgQUVBF8CVVEHJRF 60 qaJ2RissJCZqROgwDQYJKoZIhvcNAQEFBQADgYEAPzQFiqehwVGb8G3G5Cqq/M0q 61 UI42EnR+2J+n22PP0hlIAQCqUPiDXFtLaLjepgorDfCv+taSpUZzIOQcYtSjt0iN 62 9GqI0qjgKjiryN+aVezlg8cf5WPVttU9MG6jbjCE0fI1Cbkx4cjxPRFNma33M5WN 63 11yIakkjAh59lP+nf78= 48 MIIDKDCCApGgAwIBAgIDC18oMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT 49 MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0 50 aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDkwNjA0MjAyMjM2WhcNMTEwNjA3MDI1MzAw 51 WjCBsjELMAkGA1UEBhMCVVMxFjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxEjAQBgNV 52 BAcTCUNhbWJyaWRnZTEuMCwGA1UEChMlTWFzc2FjaHVzZXR0cyBJbnN0aXR1dGUg 53 b2YgVGVjaG5vbG9neTEtMCsGA1UECxMkU3R1ZGVudCBJbmZvcm1hdGlvbiBQcm9j 54 ZXNzaW5nIEJvYXJkMRgwFgYDVQQDEw9zY3JpcHRzLm1pdC5lZHUwgZ8wDQYJKoZI 55 hvcNAQEBBQADgY0AMIGJAoGBALU+IU3BiWsBjEeA/rM3J3b4UkHmoj1Ldnjl8mY8 56 D7Gt+5ePLqK2U9O2DuJm+bkLt8601fUcH28ifUj1bfAWzY5IedEUShQvL/jEvR2H 57 z32LXHetWCSwDqFt1grH2LwvZ2XIXdjYMcJnS0r0oaVUgq/LNAgqBH+OfEy329xq 58 il2BAgMBAAGjga4wgaswDgYDVR0PAQH/BAQDAgTwMB0GA1UdDgQWBBRUEXwJVUQc 59 lEWponZGKywkJmpE6DA6BgNVHR8EMzAxMC+gLaArhilodHRwOi8vY3JsLmdlb3Ry 60 dXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDAfBgNVHSMEGDAWgBRI5mj5K9KylddH 61 2CMgEE8zmJCf1DAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZI 62 hvcNAQEFBQADgYEADkJyuiRhB+tp1j5K6eyj+BbAojEt8JPsNyzcwHymnmBS1Mav 63 9MfL8K2/PLg0px41wxWE9nmW8+zXeGKDgbW7XncKGbbRn66pC/aKfHEeqY7nPeem 64 OEc6nwxpN6E/DkR3R7l1SkkI80JDWCwk0rlbnIuaX7aDzLvsJmW3dVCDpls= 64 65 -----END CERTIFICATE----- -
branches/fc11-dev/server/fedora/config/etc/pki/tls/certs/star.scripts.pem
r801 r1179 2 2 Data: 3 3 Version: 3 (0x2) 4 Serial Number: 2870 (0xb36)4 Serial Number: 744584 (0xb5c88) 5 5 Signature Algorithm: sha1WithRSAEncryption 6 Issuer: C=US, ST=Massachusetts, O=Massachusetts Institute of Technology, OU=MIT CertificationAuthority6 Issuer: C=US, O=Equifax, OU=Equifax Secure Certificate Authority 7 7 Validity 8 Not Before: Ju l 23 16:00:00 2008GMT9 Not After : Ju l 23 16:00:00 2009GMT10 Subject: C=US, ST=Massachusetts, L=Cambridge, O=Massachusetts Institute of Technology, OU=Student Information Processing Board, CN=*.scripts.mit.edu /Email=scripts@mit.edu8 Not Before: Jun 4 09:13:16 2009 GMT 9 Not After : Jun 5 13:13:22 2014 GMT 10 Subject: C=US, ST=Massachusetts, L=Cambridge, O=Massachusetts Institute of Technology, OU=Student Information Processing Board, CN=*.scripts.mit.edu 11 11 Subject Public Key Info: 12 12 Public Key Algorithm: rsaEncryption … … 24 24 Exponent: 65537 (0x10001) 25 25 X509v3 extensions: 26 X509v3 Basic Constraints: 27 CA:FALSE 28 Netscape Cert Type: 29 SSL Client, SSL Server, S/MIME 30 X509v3 Extended Key Usage: 31 TLS Web Server Authentication, E-mail Protection, TLS Web Client Authentication 32 X509v3 Key Usage: 33 Digital Signature, Non Repudiation, Key Encipherment 26 X509v3 Key Usage: critical 27 Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment 34 28 X509v3 Subject Key Identifier: 35 29 54:11:7C:09:55:44:1C:94:45:A9:A2:76:46:2B:2C:24:26:6A:44:E8 30 X509v3 CRL Distribution Points: 31 URI:http://crl.geotrust.com/crls/secureca.crl 32 33 X509v3 Authority Key Identifier: 34 keyid:48:E6:68:F9:2B:D2:B2:95:D7:47:D8:23:20:10:4F:33:98:90:9F:D4 35 36 X509v3 Extended Key Usage: 37 TLS Web Server Authentication, TLS Web Client Authentication 36 38 Signature Algorithm: sha1WithRSAEncryption 37 2 a:6e:b7:99:2a:13:93:a1:35:42:e2:fd:a9:30:3c:63:a2:e0:38 c0:87:b0:8c:1a:60:9e:12:db:be:e7:6d:01:9a:1b:d2:80:fd:39 fa:49:12:2b:7e:48:cf:00:0d:d6:f8:aa:d2:2a:0d:cf:86:01:40 4c:bd:33:bf:ca:ee:b5:4e:aa:fe:4b:c3:6d:e5:2a:ad:d8:2e:41 8a:87:e3:f0:3e:11:c8:fa:0e:bf:0f:6e:c3:7a:25:17:e5:96:42 33:7a:e6:fb:5b:03:b0:b3:7d:75:31:e7:ab:59:3a:0e:f9:11:43 44:0a:23:1a:3e:1c:a8:06:5c:f7:e7:7d:0b:0c:f4:53:02:e9:44 51: 8d39 2c:25:90:82:a2:82:e8:03:58:b4:38:11:bc:c0:b5:f0:44:ee: 40 b3:d9:5f:90:ab:b3:f6:24:fa:92:6b:9c:3a:7d:5d:89:f4:a2: 41 3c:2f:cb:85:b2:fe:b6:92:0f:1b:94:65:2d:d6:70:f8:9f:77: 42 9c:b3:20:fa:16:91:9d:e1:b7:64:07:27:42:8b:be:e2:f3:d9: 43 78:71:42:12:3d:6f:33:37:4b:01:2e:1d:87:25:48:bf:50:23: 44 7a:b0:02:41:5d:35:08:bf:e7:15:08:5c:11:7d:91:10:06:52: 45 19:d3:05:01:94:86:07:f7:76:41:e1:fb:d9:1c:d0:ee:74:9f: 46 51:66 45 47 -----BEGIN CERTIFICATE----- 46 MIIDPDCCAqWgAwIBAgICCzYwDQYJKoZIhvcNAQEFBQAwezELMAkGA1UEBhMCVVMx 47 FjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxLjAsBgNVBAoTJU1hc3NhY2h1c2V0dHMg 48 SW5zdGl0dXRlIG9mIFRlY2hub2xvZ3kxJDAiBgNVBAsTG01JVCBDZXJ0aWZpY2F0 49 aW9uIEF1dGhvcml0eTAeFw0wODA3MjMxNjAwMDBaFw0wOTA3MjMxNjAwMDBaMIHU 50 MQswCQYDVQQGEwJVUzEWMBQGA1UECBMNTWFzc2FjaHVzZXR0czESMBAGA1UEBxMJ 51 Q2FtYnJpZGdlMS4wLAYDVQQKEyVNYXNzYWNodXNldHRzIEluc3RpdHV0ZSBvZiBU 52 ZWNobm9sb2d5MS0wKwYDVQQLEyRTdHVkZW50IEluZm9ybWF0aW9uIFByb2Nlc3Np 53 bmcgQm9hcmQxGjAYBgNVBAMTESouc2NyaXB0cy5taXQuZWR1MR4wHAYJKoZIhvcN 54 AQkBFg9zY3JpcHRzQG1pdC5lZHUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB 55 ALU+IU3BiWsBjEeA/rM3J3b4UkHmoj1Ldnjl8mY8D7Gt+5ePLqK2U9O2DuJm+bkL 56 t8601fUcH28ifUj1bfAWzY5IedEUShQvL/jEvR2Hz32LXHetWCSwDqFt1grH2Lwv 57 Z2XIXdjYMcJnS0r0oaVUgq/LNAgqBH+OfEy329xqil2BAgMBAAGjdTBzMAkGA1Ud 58 EwQCMAAwEQYJYIZIAYb4QgEBBAQDAgXgMCcGA1UdJQQgMB4GCCsGAQUFBwMBBggr 59 BgEFBQcDBAYIKwYBBQUHAwIwCwYDVR0PBAQDAgXgMB0GA1UdDgQWBBRUEXwJVUQc 60 lEWponZGKywkJmpE6DANBgkqhkiG9w0BAQUFAAOBgQAqbreZKhOToTVC4v2pMDxj 61 ouDAh7CMGmCeEtu+520BmhvSgP36SRIrfkjPAA3W+KrSKg3PhgFMvTO/yu61Tqr+ 62 S8Nt5Sqt2C6Kh+PwPhHI+g6/D27DeiUX5ZYzeub7WwOws311MeerWToO+RFECiMa 63 PhyoBlz3530LDPRTAulRjQ== 48 MIIDKjCCApOgAwIBAgIDC1yIMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT 49 MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0 50 aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDkwNjA0MDkxMzE2WhcNMTQwNjA1MTMxMzIy 51 WjCBtDELMAkGA1UEBhMCVVMxFjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxEjAQBgNV 52 BAcTCUNhbWJyaWRnZTEuMCwGA1UEChMlTWFzc2FjaHVzZXR0cyBJbnN0aXR1dGUg 53 b2YgVGVjaG5vbG9neTEtMCsGA1UECxMkU3R1ZGVudCBJbmZvcm1hdGlvbiBQcm9j 54 ZXNzaW5nIEJvYXJkMRowGAYDVQQDFBEqLnNjcmlwdHMubWl0LmVkdTCBnzANBgkq 55 hkiG9w0BAQEFAAOBjQAwgYkCgYEAtT4hTcGJawGMR4D+szcndvhSQeaiPUt2eOXy 56 ZjwPsa37l48uorZT07YO4mb5uQu3zrTV9RwfbyJ9SPVt8BbNjkh50RRKFC8v+MS9 57 HYfPfYtcd61YJLAOoW3WCsfYvC9nZchd2NgxwmdLSvShpVSCr8s0CCoEf458TLfb 58 3GqKXYECAwEAAaOBrjCBqzAOBgNVHQ8BAf8EBAMCBPAwHQYDVR0OBBYEFFQRfAlV 59 RByURamidkYrLCQmakToMDoGA1UdHwQzMDEwL6AtoCuGKWh0dHA6Ly9jcmwuZ2Vv 60 dHJ1c3QuY29tL2NybHMvc2VjdXJlY2EuY3JsMB8GA1UdIwQYMBaAFEjmaPkr0rKV 61 10fYIyAQTzOYkJ/UMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkq 62 hkiG9w0BAQUFAAOBgQAsJZCCooLoA1i0OBG8wLXwRO6z2V+Qq7P2JPqSa5w6fV2J 63 9KI8L8uFsv62kg8blGUt1nD4n3ecsyD6FpGd4bdkBydCi77i89l4cUISPW8zN0sB 64 Lh2HJUi/UCN6sAJBXTUIv+cVCFwRfZEQBlIZ0wUBlIYH93ZB4fvZHNDudJ9RZg== 64 65 -----END CERTIFICATE----- -
branches/fc11-dev/server/fedora/config/etc/postfix/main.cf
r1153 r1179 10 10 alias_database = hash:/etc/aliases 11 11 myorigin = scripts.mit.edu 12 mydestination = scripts.mit.edu, scripts, $myhostname, scripts-test.mit.edu, scripts-test, localhost12 mydestination = scripts.mit.edu, scripts, $myhostname, scripts-test.mit.edu, scripts-test, scripts-vhosts.mit.edu, scripts-vhosts, localhost 13 13 relayhost = 14 14 mynetworks = 127.0.0.0/8 -
branches/fc11-dev/server/fedora/config/etc/security/limits.conf
r1158 r1179 45 45 # For everyone else, 46 46 * soft core 0 47 * - memlock 6448 47 * - rss 524268 49 48 * - data 1048576 -
branches/fc11-dev/server/fedora/config/etc/ssh/shosts.equiv
r1018 r1179 2 2 old-faithful.mit.edu 3 3 bees-knees.mit.edu 4 cats-whiskers.mit.edu 4 5 172.21.0.53 5 6 172.21.0.57 6 7 172.21.0.167 8 172.21.0.228 -
branches/fc11-dev/server/fedora/config/etc/ssh/ssh_known_hosts
r946 r1179 1 cats-whiskers.mit.edu,cats-whiskers,c-w.mit.edu,c-w,scripts4.mit.edu,scripts4,18.181.0.228,172.21.0.228 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuEpkEgaIgjK7F1gV81lLSYTwSqIZX/9IJs37VaJCsJFv3D86uuJSdfI3Y94fPn2OH6AxfdaqGNksVdi27mKQfzvCB4ogjQgxmM391MIDLd+izZDY0YvCb4DqJLMJUpX49cNUMkj+/rJg1O0K2w/lb8DGr7wdoLSPKCUJNJv5WMMDxpFL253lPELsmnds4T+R6LpTt6W9+FalHl84me51sEjV9PbmhcTaNwuoJStAjhrKPfgHHDIKNyCUvaVkoHPXEsdzz00yY7i57djyZlzPV/jM7LKar+Xw2LB0Z3098IQcdbD8zmz2DdakPTlShxavNPC6kZDZ3WVqziC+bszaSQ== 1 2 bees-knees.mit.edu,bees-knees,b-k.mit.edu,b-k,scripts3.mit.edu,scripts3,18.181.0.167,172.21.0.167 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuEpkEgaIgjK7F1gV81lLSYTwSqIZX/9IJs37VaJCsJFv3D86uuJSdfI3Y94fPn2OH6AxfdaqGNksVdi27mKQfzvCB4ogjQgxmM391MIDLd+izZDY0YvCb4DqJLMJUpX49cNUMkj+/rJg1O0K2w/lb8DGr7wdoLSPKCUJNJv5WMMDxpFL253lPELsmnds4T+R6LpTt6W9+FalHl84me51sEjV9PbmhcTaNwuoJStAjhrKPfgHHDIKNyCUvaVkoHPXEsdzz00yY7i57djyZlzPV/jM7LKar+Xw2LB0Z3098IQcdbD8zmz2DdakPTlShxavNPC6kZDZ3WVqziC+bszaSQ== 2 3 better-mousetrap.mit.edu,better-mousetrap,b-m.mit.edu,b-m,scripts1.mit.edu,scripts1,18.181.0.57,172.21.0.57 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuEpkEgaIgjK7F1gV81lLSYTwSqIZX/9IJs37VaJCsJFv3D86uuJSdfI3Y94fPn2OH6AxfdaqGNksVdi27mKQfzvCB4ogjQgxmM391MIDLd+izZDY0YvCb4DqJLMJUpX49cNUMkj+/rJg1O0K2w/lb8DGr7wdoLSPKCUJNJv5WMMDxpFL253lPELsmnds4T+R6LpTt6W9+FalHl84me51sEjV9PbmhcTaNwuoJStAjhrKPfgHHDIKNyCUvaVkoHPXEsdzz00yY7i57djyZlzPV/jM7LKar+Xw2LB0Z3098IQcdbD8zmz2DdakPTlShxavNPC6kZDZ3WVqziC+bszaSQ== -
branches/fc11-dev/server/fedora/config/etc/ssh/sshd_config
r978 r1179 19 19 IgnoreRhosts yes 20 20 IgnoreUserKnownHosts yes 21 DenyUsers root@old-faithful.mit.edu root@better-mousetrap.mit.edu root@bees-knees.mit.edu 21 DenyUsers root@old-faithful.mit.edu root@better-mousetrap.mit.edu root@bees-knees.mit.edu root@cats-whiskers.mit.edu -
branches/fc11-dev/server/fedora/config/etc/sysconfig/network-scripts/route-eth1
r1017 r1179 5 5 18.181.0.57 via 172.21.0.57 6 6 18.181.0.167 via 172.21.0.167 7 18.181.0.228 via 172.21.0.228 -
branches/fc11-dev/server/fedora/specs/nss_nonlocal.spec
r800 r1179 2 2 Group: System Environment/Libraries 3 3 Name: nss_nonlocal 4 Version: 1. 84 Version: 1.9 5 5 Release: 0 6 6 URL: http://debathena.mit.edu/nss_nonlocal/
Note: See TracChangeset
for help on using the changeset viewer.