off-box mirror-stream and friends - hacked to work

Bill Hacker wbh at conducive.org
Mon Feb 16 01:48:49 PST 2009


Matthew Dillon wrote:
:I have what appears to be a 'Catch 22', wherein:
:
:hammer mirror-stream /master <user>@<remote_IP>:/new_slave
:
:returns:
:
:PFS slave /new-slave does not exist.
:Do you want to create a new slave PFS? (yes|no) No terminal for response
:Aborting operation
:validate_mrec_header: short read
:
:'No terminal for response' 
Has now been hacked to work when ssh requires passwords,
*so long as*
EITHER:

- the <user>@<target> user is 'root' or equivalent.

(testing only - NOT recommended for prime-time!)

ELSE

- there is a mount-point on the target that is NOT in an existing PFS 
AND the non-root caller UID/EUID has the requisite privs to that mount 
to create dirs, PFS, links, files et al on it.

As with a cpdup or rsync operator, a bespoke user:group and carefully 
crafted privs and security are the order of the day.

Ugly hack below - needs more work before a formal patch, but it JFW's.

Regards,

Bill Hacker



- find in /usr/src/sbin/hammer/cmd_mirror.c

================ AS READS =====================
/*
 * Get a yes or no answer from the terminal.  The program may be run as
 * part of a two-way pipe so we cannot use stdin for this operation.
 */
static int
getyn(void)
{
        char buf[256];
        FILE *fp;
        int result;
        fp = fopen("/dev/tty", "r");
        if (fp == NULL) {
                fprintf(stderr, "No terminal for response\n");
                return(-1);
        }
        result = -1;
        while (fgets(buf, sizeof(buf), fp) != NULL) {
                if (buf[0] == 'y' || buf[0] == 'Y') {
                        result = 1;
                        break;
                }
                if (buf[0] == 'n' || buf[0] == 'N') {
                        result = 0;
                        break;
                }
                fprintf(stderr, "Response not understood\n");
                break;
        }
        fclose(fp);
        return(result);
}
================ WAS AMENDED TO READ ===========
/*
 * If we hadn't meant to do it, we'd not have asked, so fake
 * a 'Yes' for now. LATER - remove the call to this entirely
 * and replace with a count-down timout and instructions to
 * use 'Ctrl c' to Abort. Borrow that code from cmd_pseudofs.c
 */
static int
getyn(void)
{
        int result;
        result = 1;
        return(result);
}
======================================================
Built with 'make' from within /usr/src/stdin by temporarily setting 
'subdirs = hammer' (and no others), in the /usr/src/stdin Makefile.

Resulting /usr/src/stdin/hammer/hammer binary, and no others, then 
manually copied into /sbin on BOTH source and destination machines.

Working well so far......








More information about the Users mailing list