diff --git a/CVE-2019-3833.patch b/CVE-2019-3833.patch new file mode 100644 index 0000000..a0a97cb --- /dev/null +++ b/CVE-2019-3833.patch @@ -0,0 +1,169 @@ +--- a/src/server/shttpd/shttpd.c ++++ b/src/server/shttpd/shttpd.c +@@ -336,10 +336,12 @@ date_to_epoch(const char *s) + } + + static void +-remove_double_dots(char *s) ++remove_all_leading_dots(char *s) + { + char *p = s; + ++ while (*s != '\0' && *s == '.') s++; ++ + while (*s != '\0') { + *p++ = *s++; + if (s[-1] == '/' || s[-1] == '\\') +@@ -546,7 +548,7 @@ decide_what_to_do(struct conn *c) + *c->query++ = '\0'; + + _shttpd_url_decode(c->uri, strlen(c->uri), c->uri, strlen(c->uri) + 1); +- remove_double_dots(c->uri); ++ remove_all_leading_dots(c->uri); + + root = c->ctx->options[OPT_ROOT]; + if (strlen(c->uri) + strlen(root) >= sizeof(path)) { +@@ -556,6 +558,7 @@ decide_what_to_do(struct conn *c) + + (void) _shttpd_snprintf(path, sizeof(path), "%s%s", root, c->uri); + ++ DBG(("decide_what_to_do -> processed path: [%s]", path)); + /* User may use the aliases - check URI for mount point */ + if (is_alias(c->ctx, c->uri, &alias_uri, &alias_path) != NULL) { + (void) _shttpd_snprintf(path, sizeof(path), "%.*s%s", +@@ -572,7 +575,10 @@ decide_what_to_do(struct conn *c) + if ((ruri = _shttpd_is_registered_uri(c->ctx, c->uri)) != NULL) { + _shttpd_setup_embedded_stream(c, + ruri->callback, ruri->callback_data); +- } else ++ } else { ++ _shttpd_send_server_error(c, 403, "Forbidden"); ++ } ++#if 0 + if (strstr(path, HTPASSWD)) { + /* Do not allow to view passwords files */ + _shttpd_send_server_error(c, 403, "Forbidden"); +@@ -656,6 +662,7 @@ decide_what_to_do(struct conn *c) + } else { + _shttpd_send_server_error(c, 500, "Internal Error"); + } ++#endif + } + + static int +@@ -698,11 +705,11 @@ parse_http_request(struct conn *c) + _shttpd_send_server_error(c, 500, "Cannot allocate request"); + } + ++ io_inc_tail(&c->rem.io, req_len); ++ + if (c->loc.flags & FLAG_CLOSED) + return; + +- io_inc_tail(&c->rem.io, req_len); +- + DBG(("Conn %d: parsing request: [%.*s]", c->rem.chan.sock, req_len, s)); + c->rem.flags |= FLAG_HEADERS_PARSED; + +@@ -968,7 +975,7 @@ write_stream(struct stream *from, struct + } + + +-static void ++static int + connection_desctructor(struct llhead *lp) + { + struct conn *c = LL_ENTRY(lp, struct conn, link); +@@ -992,7 +999,8 @@ connection_desctructor(struct llhead *lp + * Check the "Connection: " header before we free c->request + * If it its 'keep-alive', then do not close the connection + */ +- do_close = (c->ch.connection.v_vec.len >= vec.len && ++ do_close = c->rem.flags & FLAG_CLOSED || ++ (c->ch.connection.v_vec.len >= vec.len && + !_shttpd_strncasecmp(vec.ptr,c->ch.connection.v_vec.ptr,vec.len)) || + (c->major_version < 1 || + (c->major_version >= 1 && c->minor_version < 1)); +@@ -1014,7 +1022,7 @@ connection_desctructor(struct llhead *lp + io_clear(&c->loc.io); + c->birth_time = _shttpd_current_time; + if (io_data_len(&c->rem.io) > 0) +- process_connection(c, 0, 0); ++ return 1; + } else { + if (c->rem.io_class != NULL) + c->rem.io_class->close(&c->rem); +@@ -1025,6 +1033,8 @@ connection_desctructor(struct llhead *lp + + free(c); + } ++ ++ return 0; + } + + static void +@@ -1032,7 +1042,7 @@ worker_destructor(struct llhead *lp) + { + struct worker *worker = LL_ENTRY(lp, struct worker, link); + +- free_list(&worker->connections, connection_desctructor); ++ free_list(&worker->connections, (void (*)(struct llhead *))connection_desctructor); + free(worker); + } + +@@ -1065,6 +1075,8 @@ add_to_set(int fd, fd_set *set, int *max + static void + process_connection(struct conn *c, int remote_ready, int local_ready) + { ++again: ++ + /* Read from remote end if it is ready */ + if (remote_ready && io_space_len(&c->rem.io)) + read_stream(&c->rem); +@@ -1093,7 +1105,11 @@ process_connection(struct conn *c, int r + if ((_shttpd_current_time > c->expire_time) || + (c->rem.flags & FLAG_CLOSED) || + ((c->loc.flags & FLAG_CLOSED) && !io_data_len(&c->loc.io))) +- connection_desctructor(&c->link); ++ if (connection_desctructor(&c->link)) { ++ remote_ready = 0; ++ local_ready = 0; ++ goto again; ++ } + } + + static int +@@ -1650,7 +1666,7 @@ worker_function(void *param) + while (worker->exit_flag == 0) + poll_worker(worker, 1000 * 10); + +- free_list(&worker->connections, connection_desctructor); ++ free_list(&worker->connections, (void (*)(struct llhead *))connection_desctructor); + free(worker); + } + +--- a/src/server/wsmand.c ++++ b/src/server/wsmand.c +@@ -198,6 +198,11 @@ static void daemonize(void) + int fd; + char *pid; + ++ /* Change our CWD to service_path */ ++ i=chdir("/"); ++ // i=chdir(wsmand_options_get_service_path()); ++ assert(i == 0); ++ + if (wsmand_options_get_foreground_debug() > 0) { + return; + } +@@ -214,10 +219,6 @@ static void daemonize(void) + log_pid = 0; + setsid(); + +- /* Change our CWD to / */ +- i=chdir("/"); +- assert(i == 0); +- + /* Close all file descriptors. */ + for (i = getdtablesize(); i >= 0; --i) + close(i); diff --git a/openwsman-2.4.0-pamsetup.patch b/openwsman-2.4.0-pamsetup.patch new file mode 100644 index 0000000..021ca88 --- /dev/null +++ b/openwsman-2.4.0-pamsetup.patch @@ -0,0 +1,16 @@ +diff -up openwsman-2.6.1/etc/pam/openwsman.pamsetup openwsman-2.6.1/etc/pam/openwsman +--- openwsman-2.6.1/etc/pam/openwsman.pamsetup 2015-08-27 15:46:46.000000000 +0200 ++++ openwsman-2.6.1/etc/pam/openwsman 2015-08-31 16:08:28.166913889 +0200 +@@ -1,7 +1,7 @@ + #%PAM-1.0 +-auth required pam_unix2.so nullok ++auth required pam_unix.so nullok + auth required pam_nologin.so +-account required pam_unix2.so +-password required pam_pwcheck.so nullok +-password required pam_unix2.so nullok use_first_pass use_authtok +-session required pam_unix2.so none ++account required pam_unix.so ++password required pam_pwquality.so ++password required pam_unix.so nullok use_first_pass use_authtok ++session required pam_unix.so diff --git a/openwsman-2.4.12-ruby-binding-build.patch b/openwsman-2.4.12-ruby-binding-build.patch new file mode 100644 index 0000000..7f46996 --- /dev/null +++ b/openwsman-2.4.12-ruby-binding-build.patch @@ -0,0 +1,12 @@ +diff -up openwsman-2.4.12/bindings/ruby/extconf.rb.orig openwsman-2.4.12/bindings/ruby/extconf.rb +--- openwsman-2.4.12/bindings/ruby/extconf.rb.orig 2015-02-09 09:28:58.232581263 +0100 ++++ openwsman-2.4.12/bindings/ruby/extconf.rb 2015-02-09 09:38:22.836772879 +0100 +@@ -32,7 +32,7 @@ swig = find_executable("swig") + raise "SWIG not found" unless swig + + major, minor, path = RUBY_VERSION.split(".") +-raise "SWIG failed to run" unless system("#{swig} -ruby -autorename -DRUBY_VERSION=#{major}#{minor} -I. -I/usr/include/openwsman -o openwsman_wrap.c openwsman.i") ++raise "SWIG failed to run" unless system("#{swig} -ruby -autorename -DRUBY_VERSION=#{major}#{minor} -I. -I/usr/include/openwsman -I/builddir/build/BUILD/openwsman-2.6.5/include/ -o openwsman_wrap.c openwsman.i") + + $CPPFLAGS = "-I/usr/include/openwsman -I.." + diff --git a/openwsman-2.6.2-openssl-1.1-fix.patch b/openwsman-2.6.2-openssl-1.1-fix.patch new file mode 100644 index 0000000..1be385d --- /dev/null +++ b/openwsman-2.6.2-openssl-1.1-fix.patch @@ -0,0 +1,162 @@ +diff -up openwsman-2.6.5/src/lib/wsman-curl-client-transport.c.orig openwsman-2.6.5/src/lib/wsman-curl-client-transport.c +--- openwsman-2.6.5/src/lib/wsman-curl-client-transport.c.orig 2017-11-28 09:32:15.000000000 +0100 ++++ openwsman-2.6.5/src/lib/wsman-curl-client-transport.c 2018-01-23 13:14:59.357153453 +0100 +@@ -241,12 +241,20 @@ write_handler( void *ptr, size_t size, s + static int ssl_certificate_thumbprint_verify_callback(X509_STORE_CTX *ctx, void *arg) + { + unsigned char *thumbprint = (unsigned char *)arg; +- X509 *cert = ctx->cert; + EVP_MD *tempDigest; + + unsigned char tempFingerprint[EVP_MAX_MD_SIZE]; + unsigned int tempFingerprintLen; + tempDigest = (EVP_MD*)EVP_sha1( ); ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ X509 *cert = X509_STORE_CTX_get_current_cert(ctx); ++#else ++ X509 *cert = ctx->cert; ++#endif ++ if(!cert) ++ return 0; ++ + if ( X509_digest(cert, tempDigest, tempFingerprint, &tempFingerprintLen ) <= 0) + return 0; + if(!memcmp(tempFingerprint, thumbprint, tempFingerprintLen)) +diff -up openwsman-2.6.5/src/server/shttpd/compat_unix.h.orig openwsman-2.6.5/src/server/shttpd/compat_unix.h +--- openwsman-2.6.5/src/server/shttpd/compat_unix.h.orig 2017-11-28 09:32:15.000000000 +0100 ++++ openwsman-2.6.5/src/server/shttpd/compat_unix.h 2018-01-23 13:14:59.357153453 +0100 +@@ -27,10 +27,6 @@ + pthread_create(&tid, NULL, (void *(*)(void *))a, c); } while (0) + #endif /* !NO_THREADS */ + +-#ifndef SSL_LIB +-#define SSL_LIB "libssl.so" +-#endif +- + #define DIRSEP '/' + #define IS_DIRSEP_CHAR(c) ((c) == '/') + #define O_BINARY 0 +diff -up openwsman-2.6.5/src/server/shttpd/io_ssl.c.orig openwsman-2.6.5/src/server/shttpd/io_ssl.c +--- openwsman-2.6.5/src/server/shttpd/io_ssl.c.orig 2017-11-28 09:32:15.000000000 +0100 ++++ openwsman-2.6.5/src/server/shttpd/io_ssl.c 2018-01-23 13:14:59.357153453 +0100 +@@ -11,23 +11,6 @@ + #include "defs.h" + + #if !defined(NO_SSL) +-struct ssl_func ssl_sw[] = { +- {"SSL_free", {0}}, +- {"SSL_accept", {0}}, +- {"SSL_connect", {0}}, +- {"SSL_read", {0}}, +- {"SSL_write", {0}}, +- {"SSL_get_error", {0}}, +- {"SSL_set_fd", {0}}, +- {"SSL_new", {0}}, +- {"SSL_CTX_new", {0}}, +- {"SSLv23_server_method", {0}}, +- {"SSL_library_init", {0}}, +- {"SSL_CTX_use_PrivateKey_file", {0}}, +- {"SSL_CTX_use_certificate_file",{0}}, +- {NULL, {0}} +-}; +- + void + _shttpd_ssl_handshake(struct stream *stream) + { +diff -up openwsman-2.6.5/src/server/shttpd/shttpd.c.orig openwsman-2.6.5/src/server/shttpd/shttpd.c +--- openwsman-2.6.5/src/server/shttpd/shttpd.c.orig 2017-11-28 09:32:15.000000000 +0100 ++++ openwsman-2.6.5/src/server/shttpd/shttpd.c 2018-01-23 13:16:13.738228773 +0100 +@@ -1476,20 +1476,14 @@ set_ssl(struct shttpd_ctx *ctx, const ch + int retval = FALSE; + EC_KEY* key; + +- /* Load SSL library dynamically */ +- if ((lib = dlopen(SSL_LIB, RTLD_LAZY)) == NULL) { +- _shttpd_elog(E_LOG, NULL, "set_ssl: cannot load %s", SSL_LIB); +- return (FALSE); +- } +- +- for (fp = ssl_sw; fp->name != NULL; fp++) +- if ((fp->ptr.v_void = dlsym(lib, fp->name)) == NULL) { +- _shttpd_elog(E_LOG, NULL,"set_ssl: cannot find %s", fp->name); +- return (FALSE); +- } +- + /* Initialize SSL crap */ ++ debug("Initialize SSL"); ++ SSL_load_error_strings(); ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ OPENSSL_init_ssl(0, NULL); ++#else + SSL_library_init(); ++#endif + + if ((CTX = SSL_CTX_new(SSLv23_server_method())) == NULL) + _shttpd_elog(E_LOG, NULL, "SSL_CTX_new error"); +@@ -1532,7 +1526,11 @@ set_ssl(struct shttpd_ctx *ctx, const ch + if (strncasecmp(protocols[idx].name, ssl_disabled_protocols, blank_ptr-ssl_disabled_protocols) == 0) { + //_shttpd_elog(E_LOG, NULL, "SSL: disable %s protocol", protocols[idx].name); + debug("SSL: disable %s protocol", protocols[idx].name); ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ SSL_CTX_set_options(CTX, protocols[idx].opt); ++#else + SSL_CTX_ctrl(CTX, SSL_CTRL_OPTIONS, protocols[idx].opt, NULL); ++#endif + break; + } + } +diff -up openwsman-2.6.5/src/server/shttpd/ssl.h.orig openwsman-2.6.5/src/server/shttpd/ssl.h +--- openwsman-2.6.5/src/server/shttpd/ssl.h.orig 2017-11-28 09:32:15.000000000 +0100 ++++ openwsman-2.6.5/src/server/shttpd/ssl.h 2018-01-23 13:14:59.358153454 +0100 +@@ -12,50 +12,4 @@ + + #include + +-#else +- +-/* +- * Snatched from OpenSSL includes. I put the prototypes here to be independent +- * from the OpenSSL source installation. Having this, shttpd + SSL can be +- * built on any system with binary SSL libraries installed. +- */ +- +-typedef struct ssl_st SSL; +-typedef struct ssl_method_st SSL_METHOD; +-typedef struct ssl_ctx_st SSL_CTX; +- +-#define SSL_ERROR_WANT_READ 2 +-#define SSL_ERROR_WANT_WRITE 3 +-#define SSL_ERROR_SYSCALL 5 +-#define SSL_FILETYPE_PEM 1 +- + #endif +- +-/* +- * Dynamically loaded SSL functionality +- */ +-struct ssl_func { +- const char *name; /* SSL function name */ +- union variant ptr; /* Function pointer */ +-}; +- +-extern struct ssl_func ssl_sw[]; +- +-#define FUNC(x) ssl_sw[x].ptr.v_func +- +-#define SSL_free(x) (* (void (*)(SSL *)) FUNC(0))(x) +-#define SSL_accept(x) (* (int (*)(SSL *)) FUNC(1))(x) +-#define SSL_connect(x) (* (int (*)(SSL *)) FUNC(2))(x) +-#define SSL_read(x,y,z) (* (int (*)(SSL *, void *, int)) FUNC(3))((x),(y),(z)) +-#define SSL_write(x,y,z) \ +- (* (int (*)(SSL *, const void *,int)) FUNC(4))((x), (y), (z)) +-#define SSL_get_error(x,y)(* (int (*)(SSL *, int)) FUNC(5))((x), (y)) +-#define SSL_set_fd(x,y) (* (int (*)(SSL *, int)) FUNC(6))((x), (y)) +-#define SSL_new(x) (* (SSL * (*)(SSL_CTX *)) FUNC(7))(x) +-#define SSL_CTX_new(x) (* (SSL_CTX * (*)(SSL_METHOD *)) FUNC(8))(x) +-#define SSLv23_server_method() (* (SSL_METHOD * (*)(void)) FUNC(9))() +-#define SSL_library_init() (* (int (*)(void)) FUNC(10))() +-#define SSL_CTX_use_PrivateKey_file(x,y,z) (* (int (*)(SSL_CTX *, \ +- const char *, int)) FUNC(11))((x), (y), (z)) +-#define SSL_CTX_use_certificate_file(x,y,z) (* (int (*)(SSL_CTX *, \ +- const char *, int)) FUNC(12))((x), (y), (z)) diff --git a/openwsman-2.6.5-fix-set-cipher-list-retval-check.patch b/openwsman-2.6.5-fix-set-cipher-list-retval-check.patch new file mode 100644 index 0000000..dc3e52c --- /dev/null +++ b/openwsman-2.6.5-fix-set-cipher-list-retval-check.patch @@ -0,0 +1,12 @@ +diff -up openwsman-2.6.5/src/server/shttpd/shttpd.c.orig openwsman-2.6.5/src/server/shttpd/shttpd.c +--- openwsman-2.6.5/src/server/shttpd/shttpd.c.orig 2018-02-21 10:53:24.964163710 +0100 ++++ openwsman-2.6.5/src/server/shttpd/shttpd.c 2018-02-21 10:53:31.854162875 +0100 +@@ -1541,7 +1541,7 @@ set_ssl(struct shttpd_ctx *ctx, const ch + + if (ssl_cipher_list) { + int rc = SSL_CTX_set_cipher_list(CTX, ssl_cipher_list); +- if (rc != 0) { ++ if (rc != 1) { + _shttpd_elog(E_LOG, NULL, "Failed to set SSL cipher list \"%s\"", ssl_cipher_list); + } + } diff --git a/openwsman-2.6.5-libcurl-error-codes-update.patch b/openwsman-2.6.5-libcurl-error-codes-update.patch new file mode 100644 index 0000000..40de8bf --- /dev/null +++ b/openwsman-2.6.5-libcurl-error-codes-update.patch @@ -0,0 +1,28 @@ +diff -up openwsman-2.6.5/src/lib/wsman-curl-client-transport.c.orig openwsman-2.6.5/src/lib/wsman-curl-client-transport.c +--- openwsman-2.6.5/src/lib/wsman-curl-client-transport.c.orig 2018-11-14 13:53:27.442138557 +0100 ++++ openwsman-2.6.5/src/lib/wsman-curl-client-transport.c 2018-11-14 14:11:28.508714204 +0100 +@@ -186,16 +186,23 @@ convert_to_last_error(CURLcode r) + return WS_LASTERR_SSL_CONNECT_ERROR; + case CURLE_BAD_FUNCTION_ARGUMENT: + return WS_LASTERR_CURL_BAD_FUNCTION_ARG; ++#if LIBCURL_VERSION_NUM < 0x073E00 + case CURLE_SSL_PEER_CERTIFICATE: + return WS_LASTERR_SSL_PEER_CERTIFICATE; ++#endif + case CURLE_SSL_ENGINE_NOTFOUND: + return WS_LASTERR_SSL_ENGINE_NOTFOUND; + case CURLE_SSL_ENGINE_SETFAILED: + return WS_LASTERR_SSL_ENGINE_SETFAILED; + case CURLE_SSL_CERTPROBLEM: + return WS_LASTERR_SSL_CERTPROBLEM; ++#if LIBCURL_VERSION_NUM < 0x073E00 + case CURLE_SSL_CACERT: + return WS_LASTERR_SSL_CACERT; ++#else ++ case CURLE_PEER_FAILED_VERIFICATION: ++ return WS_LASTERR_SSL_PEER_CERTIFICATE; ++#endif + #if LIBCURL_VERSION_NUM > 0x70C01 + case CURLE_SSL_ENGINE_INITFAILED: + return WS_LASTERR_SSL_ENGINE_INITFAILED; + diff --git a/openwsman.spec b/openwsman.spec new file mode 100644 index 0000000..9f123dc --- /dev/null +++ b/openwsman.spec @@ -0,0 +1,315 @@ +%bcond_with pam + +# RubyGems's macros expect gem_name to exist. +%global gem_name %{name} + +Name: openwsman +Version: 2.6.5 +Release: 10 +Summary: Opensource Implementation of WS-Management +License: BSD +URL: http://www.openwsman.org/ +Source0: https://github.com/Openwsman/openwsman/archive/v%{version}.tar.gz +Source1: openwsmand.8.gz +Source2: openwsmand.service +Source3: owsmantestcert.sh +%if %{with pam} +Patch1: openwsman-2.4.0-pamsetup.patch +%endif +Patch2: openwsman-2.4.12-ruby-binding-build.patch +Patch3: openwsman-2.6.2-openssl-1.1-fix.patch +Patch4: openwsman-2.6.5-fix-set-cipher-list-retval-check.patch +Patch5: openwsman-2.6.5-libcurl-error-codes-update.patch +Patch6000: CVE-2019-3833.patch + +BuildRequires: swig libcurl-devel libxml2-devel pam-devel sblim-sfcc-devel python3 +BuildRequires: python3-devel ruby ruby-devel rubygems-devel perl-interpreter +BuildRequires: perl-devel perl-generators pkgconfig openssl-devel +BuildRequires: cmake systemd-units gcc gcc-c++ + + +%description +Opensource Implementation of WS-Management protocol stack + +%package -n libwsman1 +License: BSD +Summary: Opensource Implementation of WS-Management +Provides: %{name} = %{version}-%{release} +Obsoletes: %{name} < %{version}-%{release} + +%description -n libwsman1 +Opensource Implementation of WS-Management protocol stack +(Common libraries) + +%package -n libwsman-devel +License: BSD +Summary: Opensource Implementation of WS-Management +Provides: %{name}-devel = %{version}-%{release} +Obsoletes: %{name}-devel < %{version}-%{release} +Requires: libwsman1 = %{version}-%{release} +Requires: %{name}-server = %{version}-%{release} +Requires: %{name}-client = %{version}-%{release} +Requires: sblim-sfcc-devel libxml2-devel libcurl-devel + +%if %{with pam} +Requires: pam-devel +%endif +%description -n libwsman-devel +Opensource Implementation of WS-Management stack +(Development files) + +%package client +License: BSD +Summary: Openwsman Client libraries + +%description client +Openwsman Client libraries. + +%package server +License: BSD +Summary: Openwsman Server and service libraries +Requires: libwsman1 = %{version}-%{release} + +%description server +Openwsman Server and service libraries. + +%package python3 +License: BSD +Summary: Python bindings for openwsman client API +Requires: python3 +Requires: libwsman1 = %{version}-%{release} +%{?python_provide:%python_provide python3-openwsman} + +%description python3 +This package provides Python3 bindings to access the openwsman client API. + +%if %{with pam} +%package ruby +License: BSD +Summary: Ruby bindings for openwsman client API +Obsoletes: %{name}-ruby < %{version}-%{release} + +%description -n rubygem-%{gem_name} +This package provides Ruby bindings to access the openwsman client API. + +%package ruby-docs +Summary: HTML documentation for Opendwsman Ruby bindings +BuildArch: noarch + +%description ruby-docs +This package provides HTML documentation for the Openwsman Ruby +bindings. + +%endif + +%package perl +License: BSD +Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) +Summary: Perl bindings for openwsman client API +Requires: libwsman1 = %{version}-%{release} + +%description perl +This package provides Perl bindings to access the openwsman client API. + +%package winrs +Summary: Windows Remote Shell +Requires: rubygem-%{gem_name} = %{version}-%{release} + +%description winrs +This is a command line tool for the Windows Remote Shell protocol. +You can use it to send shell commands to a remote Windows hosts. + +%package_help + +%prep +%autosetup -p1 + +%build +# Removing executable permissions on .c and .h files to fix rpmlint warnings. +chmod -x src/cpp/WsmanClient.h + +mkdir build + +export RPM_OPT_FLAGS="$RPM_OPT_FLAGS -DNO_SSL_CALLBACK" +export CFLAGS="-D_GNU_SOURCE -fPIE -DPIE" +export LDFLAGS="$LDFLAGS -Wl,-z,now -pie" +cd build +cmake \ + -DCMAKE_INSTALL_PREFIX=/usr \ + -DCMAKE_VERBOSE_MAKEFILE=TRUE \ + -DCMAKE_BUILD_TYPE=Release \ + -DCMAKE_C_FLAGS_RELEASE:STRING="$RPM_OPT_FLAGS -fno-strict-aliasing" \ + -DCMAKE_CXX_FLAGS_RELEASE:STRING="$RPM_OPT_FLAGS" \ + -DCMAKE_SKIP_RPATH=1 \ + -DPACKAGE_ARCHITECTURE=`uname -m` \ + -DLIB=%{_lib} \ + -DBUILD_JAVA=no \ +%if %{without pam} + -DBUILD_RUBY_GEM=no \ +%endif + .. + +make + +%if %{with pam} +# Make the freshly build openwsman libraries available to build the gem's +# binary extension. +export LIBRARY_PATH=%{_builddir}/%{name}-%{version}/build/src/lib +export CPATH=%{_builddir}/%{name}-%{version}/include/ +export LD_LIBRARY_PATH=%{_builddir}/%{name}-%{version}/build/src/lib/ +%endif + +%if %{with pam} +%gem_install -n ./bindings/ruby/%{name}-%{version}.gem +%endif + +%install +cd build + +%if %{with pam} +# Do not install the ruby extension, we are proviging the rubygem- instead. +echo -n > bindings/ruby/cmake_install.cmake +%endif + +%make_install +cd .. +rm -f %{buildroot}/%{_libdir}/*.la +rm -f %{buildroot}/%{_libdir}/openwsman/plugins/*.la +rm -f %{buildroot}/%{_libdir}/openwsman/authenticators/*.la +[ -d %{buildroot}/%{ruby_vendorlibdir} ] && rm -f %{buildroot}/%{ruby_vendorlibdir}/openwsmanplugin.rb +[ -d %{buildroot}/%{ruby_vendorlibdir} ] && rm -f %{buildroot}/%{ruby_vendorlibdir}/openwsman.rb +install -d %{buildroot}%{_sysconfdir}/init.d +install -m 644 etc/openwsman.conf %{buildroot}/%{_sysconfdir}/openwsman +install -m 644 etc/openwsman_client.conf %{buildroot}/%{_sysconfdir}/openwsman +install -d %{buildroot}/%{_unitdir} +install -p -m 644 %{SOURCE2} %{buildroot}/%{_unitdir}/openwsmand.service +install -m 644 etc/ssleay.cnf %{buildroot}/%{_sysconfdir}/openwsman +install -p -m 755 %{SOURCE3} %{buildroot}/%{_sysconfdir}/openwsman +install -d %{buildroot}/%{_mandir}/man8/ +cp %SOURCE1 %{buildroot}/%{_mandir}/man8/ +install -m 644 include/wsman-xml.h %{buildroot}/%{_includedir}/openwsman +install -m 644 include/wsman-xml-binding.h %{buildroot}/%{_includedir}/openwsman +install -m 644 include/wsman-dispatcher.h %{buildroot}/%{_includedir}/openwsman + +%if %{with pam} +install -d %{buildroot}%{gem_dir} +cp -pa ./build%{gem_dir}/* %{buildroot}%{gem_dir}/ +install -d %{buildroot}%{gem_extdir_mri} +cp -a ./build%{gem_extdir_mri}/{gem.build_complete,*.so} %{buildroot}%{gem_extdir_mri}/ +%endif + +%post -n libwsman1 -p /sbin/ldconfig + +%postun -n libwsman1 -p /sbin/ldconfig + +%post server +/sbin/ldconfig +%systemd_post openwsmand.service + +%preun server +%systemd_preun openwsmand.service + +%postun server +rm -f /var/log/wsmand.log +%systemd_postun_with_restart openwsmand.service +/sbin/ldconfig + +%post client -p /sbin/ldconfig + +%postun client -p /sbin/ldconfig + +%files -n libwsman1 +%doc COPYING +%{_libdir}/libwsman.so.* +%{_libdir}/libwsman_client.so.* +%{_libdir}/libwsman_curl_client_transport.so.* + +%if %{without pam} +%exclude %{_exec_prefix}/lib/debug/usr/lib64/ruby/vendor_ruby/_openwsman.so* +%exclude %{_libdir}/ruby/vendor_ruby/_openwsman.so +%exclude %{_datadir}/ruby/vendor_ruby/%{name}/%{name}.rb +%exclude %{_datadir}/ruby/vendor_ruby/%{name}/version.rb +%exclude %{_datadir}/ruby/vendor_ruby/%{name}/xmldoc.rb +%exclude %{_datadir}/ruby/vendor_ruby/%{name}/xmlnode.rb +%{_sysconfdir}/pam.d/openwsman +%{_exec_prefix}/lib/debug%{python2_sitearch}/_pywsman.so* +%{python2_sitearch}/_pywsman.so +%{python2_sitearch}/pywsman.py +%{python2_sitearch}/pywsman.pyc +%{python2_sitearch}/pywsman.pyo + +%endif + +%files -n libwsman-devel +%{_includedir}/* +%{_libdir}/pkgconfig/* +%{_libdir}/*.so + +%files python3 +%if %{with pam} +%{python3_sitearch}/*.so +%{python3_sitearch}/*.py +%{python3_sitearch}/__pycache__/* +%endif + +%if %{with pam} +%files ruby +%dir %{gem_instdir} +%exclude %{gem_instdir}/ext +%{gem_libdir} +%{gem_extdir_mri} +%exclude %{gem_cache} +%{gem_spec} + +%files ruby-docs +%doc %{gem_docdir} + +%endif + + +%files perl +%{perl_vendorarch}/openwsman.so +%{perl_vendorlib}/openwsman.pm + +%files server +# Don't remove *.so files from the server package. +# the server fails to start without these files. +%dir %{_sysconfdir}/openwsman +%config(noreplace) %{_sysconfdir}/openwsman/openwsman.conf +%config(noreplace) %{_sysconfdir}/openwsman/ssleay.cnf +%attr(0755,root,root) %{_sysconfdir}/openwsman/owsmangencert.sh +%attr(0755,root,root) %{_sysconfdir}/openwsman/owsmantestcert.sh +%if %{with pam} +%config(noreplace) %{_sysconfdir}/pam.d/openwsman +%endif +%{_unitdir}/openwsmand.service +%dir %{_libdir}/openwsman +%dir %{_libdir}/openwsman/authenticators +%{_libdir}/openwsman/authenticators/*.so +%{_libdir}/openwsman/authenticators/*.so.* +%dir %{_libdir}/openwsman/plugins +%{_libdir}/openwsman/plugins/*.so +%{_libdir}/openwsman/plugins/*.so.* +%{_sbindir}/openwsmand +%{_libdir}/libwsman_server.so.* + +%files client +%{_libdir}/libwsman_clientpp.so.* +%config(noreplace) %{_sysconfdir}/openwsman/openwsman_client.conf + +%files winrs +%{_bindir}/winrs + +%files help +%doc AUTHORS ChangeLog README.md TODO +%{_mandir}/man8/* + +%changelog +* Thu Feb 13 2020 fengbing - 2.6.5-10 +- Type:N/A +- ID:N/A +- SUG:N/A +- DESC:fix build fail + +* Fri Nov 29 2019 mengxian - 2.6.5-9 +- OpenEuler package init diff --git a/openwsmand.8.gz b/openwsmand.8.gz new file mode 100644 index 0000000..2b86ec1 Binary files /dev/null and b/openwsmand.8.gz differ diff --git a/openwsmand.service b/openwsmand.service new file mode 100644 index 0000000..e10c75d --- /dev/null +++ b/openwsmand.service @@ -0,0 +1,12 @@ +[Unit] +Description=Openwsman WS-Management Service +After=syslog.target + +[Service] +Type=forking +ExecStart=/usr/sbin/openwsmand -S +ExecStartPre=/etc/openwsman/owsmantestcert.sh +PIDFile=/var/run/wsmand.pid + +[Install] +WantedBy=multi-user.target diff --git a/owsmantestcert.sh b/owsmantestcert.sh new file mode 100644 index 0000000..8918f41 --- /dev/null +++ b/owsmantestcert.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +if [ ! -f "/etc/openwsman/serverkey.pem" ]; then + if [ -f "/etc/ssl/servercerts/servercert.pem" \ + -a -f "/etc/ssl/servercerts/serverkey.pem" ]; then + echo "Using common server certificate /etc/ssl/servercerts/servercert.pem" + ln -s /etc/ssl/servercerts/server{cert,key}.pem /etc/openwsman + exit 0 + else + echo "FAILED: Starting openwsman server" + echo "There is no ssl server key available for openwsman server to use." + echo -e "Please generate one with the following script and start the openwsman service again:\n" + echo "##################################" + echo "/etc/openwsman/owsmangencert.sh" + echo "=================================" + + echo "NOTE: The script uses /dev/random device for generating some random bits while generating the server key." + echo " If this takes too long, you can replace the value of \"RANDFILE\" in /etc/openwsman/ssleay.cnf with /dev/urandom. Please understand the implications of replacing the RNADFILE." + exit 1 + fi +fi diff --git a/v2.6.5.tar.gz b/v2.6.5.tar.gz new file mode 100644 index 0000000..5968b51 Binary files /dev/null and b/v2.6.5.tar.gz differ