diff options
| author | James McKenzie <git@madingley.org> | 2019-10-13 01:41:06 +0100 |
|---|---|---|
| committer | James McKenzie <git@madingley.org> | 2019-10-13 01:42:38 +0100 |
| commit | 79d7554a7c66130b2c1392970da415393ba41c5c (patch) | |
| tree | 8b56debddd17850c7f9f5dc56e9c1f463d446e24 | |
| parent | 71de12861c6e6f82c3a26a0305400c2ad8e9727b (diff) | |
| download | inf-79d7554a7c66130b2c1392970da415393ba41c5c.tar.gz inf-79d7554a7c66130b2c1392970da415393ba41c5c.tar.bz2 inf-79d7554a7c66130b2c1392970da415393ba41c5c.zip | |
fix up for fc30
| -rw-r--r-- | INF/APC.pm | 4 | ||||
| -rw-r--r-- | INF/DSRx020.pm | 40 | ||||
| -rw-r--r-- | INF/ILO.pm | 34 | ||||
| -rw-r--r-- | INF/ILO2.pm | 12 | ||||
| -rw-r--r-- | INF/SuperMicro.pm | 2 | ||||
| -rw-r--r-- | Makefile | 1 | ||||
| -rw-r--r-- | avocent/crypto.properties | 2 | ||||
| -rw-r--r-- | ilo/mypolicy | 3 | ||||
| -rwxr-xr-x | inf.pl | 2 | ||||
| -rw-r--r-- | notes | 6 |
10 files changed, 78 insertions, 28 deletions
@@ -329,8 +329,8 @@ sub port_state_set($$$) { } for my $node ( 'rPDUOutletControlOutletCommand', 'sPDUOutletCtl' ) { - my $ret = $self->get( $node, $i ); - my $oid = name_to_oid( $node, $i ); + my $ret = $self->get( $node, $i ); + my $oid = name_to_oid( $node, $i ); my $name = oid_to_name($oid); if ( defined $ret ) { diff --git a/INF/DSRx020.pm b/INF/DSRx020.pm index 191f4bf..c68274c 100644 --- a/INF/DSRx020.pm +++ b/INF/DSRx020.pm @@ -548,10 +548,12 @@ sub view($$) { system( "echo", "java", - "-Djava.net.preferIPv4Stack=true", - "-Djava.net.useSystemProxies=false", - "-DsocksProxyVersion=4", - "-DsocksProxySet=true", + "-Djava.security.disableSystemPropertiesFile=1", +"-Djava.security.properties=/usr/local/share/inf/avocent/crypto.properties", + "-Djava.net.preferIPv4Stack=true", + "-Djava.net.useSystemProxies=false", + "-DsocksProxyVersion=4", + "-DsocksProxySet=true", "-DsocksProxyHost=" . $self->{proxy_host}, "-DsocksProxyPort=" . $self->{proxy_port}, "-cp", @@ -561,10 +563,12 @@ sub view($$) { ); system( "java", - "-Djava.net.preferIPv4Stack=true", - "-Djava.net.useSystemProxies=false", - "-DsocksProxyVersion=4", - "-DsocksProxySet=true", + "-Djava.security.disableSystemPropertiesFile=1", +"-Djava.security.properties=/usr/local/share/inf/avocent/crypto.properties", + "-Djava.net.preferIPv4Stack=true", + "-Djava.net.useSystemProxies=false", + "-DsocksProxyVersion=4", + "-DsocksProxySet=true", "-DsocksProxyHost=" . $self->{proxy_host}, "-DsocksProxyPort=" . $self->{proxy_port}, "-cp", @@ -575,7 +579,25 @@ sub view($$) { } else { - system( "java", "-cp", $cp, "com.avocent.video.Stingray", @$args ); + system( + "echo", + "java", + "-Djava.security.disableSystemPropertiesFile=1", +"-Djava.security.properties=/usr/local/share/inf/avocent/crypto.properties", + "-cp", + $cp, + "com.avocent.video.Stingray", + @$args + ); + system( + "java", + "-Djava.security.disableSystemPropertiesFile=1", +"-Djava.security.properties=/usr/local/share/inf/avocent/crypto.properties", + "-cp", + $cp, + "com.avocent.video.Stingray", + @$args + ); } } @@ -1,7 +1,5 @@ #!/usr/bin/env perl -IO::Socket::SSL::set_ctx_defaults( SSL_verify_mode => SSL_VERIFY_NONE ); - package INF::ILO; use HTTP::Daemon::SSL; @@ -18,6 +16,10 @@ use XML::Simple; use Data::Dumper; use JSON::PP; +#IO::Socket::SSL::set_ctx_defaults( SSL_verify_mode => SSL_VERIFY_NONE ); +IO::Socket::SSL::set_ctx_defaults( + SSL_verify_mode => Net::SSLeay::VERIFY_NONE() ); + sub read_file($) { my ($name) = @_; @@ -100,7 +102,6 @@ sub setup_port_proxy($$$$) { return $child; } - sub proxy($$$) { my ( $self, $req, $res ) = @_; @@ -213,7 +214,7 @@ sub view($) { } my $content = $res->content; - unless ( $content =~ /Netscape'\) \{(.*)}[\s\n]*else if/s ) { + unless ( $content =~ /Netscape'\) \{(.*)\}[\s\n]*else if/s ) { print STDERR "returned html doesn't look right\n"; return -1; } @@ -250,8 +251,21 @@ sub view($) { $SIG{TERM} = sub { kill 'TERM', ( @{ $self->{to_kill} } ); die; }; system( + "echo", "appletviewer", "-J-Djava.security.manager", + + # "-J-Djava.security.debug=access,failure,policy", + "-J-Djava.security.policy=/usr/local/share/inf/ilo/mypolicy", + "-J-Djavax.net.ssl.trustStore=/usr/local/share/inf/ilo/server.jks", + $self->{proxy_url} . "/html/java_irc.html" + ); + + system( + "appletviewer", + "-J-Djava.security.manager", + + # "-J-Djava.security.debug=access,failure,policy", "-J-Djava.security.policy=/usr/local/share/inf/ilo/mypolicy", "-J-Djavax.net.ssl.trustStore=/usr/local/share/inf/ilo/server.jks", $self->{proxy_url} . "/html/java_irc.html" @@ -404,7 +418,9 @@ sub new ($;$) { $self->{userid} = undef; $self->{ua}->ssl_opts( - SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE, + + # SSL_verify_mode => SSL_VERIFY_NONE, + SSL_verify_mode => Net::SSLeay::VERIFY_NONE(), verify_hostname => 0, ); @@ -416,7 +432,6 @@ sub new ($;$) { $self->{proxy_port} = $parm->{proxy_port}; } - my $local_port = int( rand(30000) ) + 30000; $self->{proxy_url} = 'https://127.0.0.1:' . $local_port; @@ -425,9 +440,10 @@ sub new ($;$) { port => $local_port, daemon_class => 'HTTP::Daemon::SSL', daemon_args => [ - LocalAddr => '127.0.0.1', - SSL_key_file => '/usr/local/share/inf/ilo/server.key', - SSL_cert_file => '/usr/local/share/inf/ilo/server.crt', + LocalAddr => '127.0.0.1', + SSL_key_file => '/usr/local/share/inf/ilo/server.key', + SSL_cert_file => '/usr/local/share/inf/ilo/server.crt', + SSL_verify_mode => Net::SSLeay::VERIFY_NONE(), ], ); $self->{server}->mount( diff --git a/INF/ILO2.pm b/INF/ILO2.pm index 6a5265e..0e2375b 100644 --- a/INF/ILO2.pm +++ b/INF/ILO2.pm @@ -1,6 +1,7 @@ #!/usr/bin/env perl -IO::Socket::SSL::set_ctx_defaults( SSL_verify_mode => SSL_VERIFY_NONE ); +IO::Socket::SSL::set_ctx_defaults( + SSL_verify_mode => Net::SSLeay::VERIFY_NONE() ); package INF::ILO2; @@ -584,7 +585,7 @@ sub new ($;$) { $self->{userid} = undef; $self->{ua}->ssl_opts( - SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE, + SSL_verify_mode => Net::SSLeay::VERIFY_NONE(), verify_hostname => 0, ); @@ -604,9 +605,10 @@ sub new ($;$) { port => $local_port, daemon_class => 'HTTP::Daemon::SSL', daemon_args => [ - LocalAddr => '127.0.0.1', - SSL_key_file => '/usr/local/share/inf/ilo/server.key', - SSL_cert_file => '/usr/local/share/inf/ilo/server.crt', + LocalAddr => '127.0.0.1', + SSL_key_file => '/usr/local/share/inf/ilo/server.key', + SSL_cert_file => '/usr/local/share/inf/ilo/server.crt', + SSL_verify_mode => Net::SSLeay::VERIFY_NONE(), ], ); $self->{server}->mount( diff --git a/INF/SuperMicro.pm b/INF/SuperMicro.pm index 3afa3d6..7284826 100644 --- a/INF/SuperMicro.pm +++ b/INF/SuperMicro.pm @@ -260,7 +260,7 @@ sub new ($;$) { my ( $class, $parm ) = @_; my $self; - $self->{ua} = my $ua = LWP::UserAgent->new; + $self->{ua} = my $ua = LWP::UserAgent->new; $self->{cookie_jar} = HTTP::Cookies->new(); $self->{ua}->cookie_jar( $self->{cookie_jar} ); @@ -33,6 +33,7 @@ install: install -m 644 avocent/avmWin32Lib.jar /usr/local/share/inf/avocent/ install -m 644 avocent/jpcscdll.jar /usr/local/share/inf/avocent/ install -m 644 avocent/jpcscso.jar /usr/local/share/inf/avocent/ + install -m 644 avocent/crypto.properties /usr/local/share/inf/avocent/ install -m 644 ilo/certs /usr/local/share/inf/ilo/ install -m 644 ilo/intgapp_221.jar /usr/local/share/inf/ilo/ install -m 644 ilo/rc175p08.jar /usr/local/share/inf/ilo/ diff --git a/avocent/crypto.properties b/avocent/crypto.properties new file mode 100644 index 0000000..9208258 --- /dev/null +++ b/avocent/crypto.properties @@ -0,0 +1,2 @@ +jdk.certpath.disabledAlgorithms=MD2 +jdk.tls.disabledAlgorithms=RC2 diff --git a/ilo/mypolicy b/ilo/mypolicy index e945c25..5e96ff0 100644 --- a/ilo/mypolicy +++ b/ilo/mypolicy @@ -1,5 +1,6 @@ grant { - permission java.net.SocketPermission "localhost", "connect, accept ,resolve, listen"; + permission java.security.AllPermission; + permission java.net.SocketPermission "127.0.0.1:*", "connect, accept ,resolve, listen"; permission java.util.PropertyPermission "java.io.tmpdir","read"; permission java.io.FilePermission "/tmp/-", "read, write"; permission java.io.FilePermission "/tmp", "read, write"; @@ -101,7 +101,7 @@ sub thing($$$$) { and ( $s =~ /$looks/i ) ); print "Outlet is $s\n"; $i++; - } until ( ( $i > $wait ) + } until ( ( $i > $wait ) and ( not( $s =~ /Pending/ ) ) and ( $s =~ /$looke/i ) ); @@ -0,0 +1,6 @@ + +debugging java's miserable handshakes can be done with + -Djavax.net.debug=ssl:handsake + +edit /etc/java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.222.b10-0.fc30.x86_64/lib/security/java.security + |