| Author |
Message
|
| WBI_user |
 Posted: Mon Jun 19, 2006 6:28 am Post subject: Help on security exit testing |
 |
|
Partisan
Joined: 07 Aug 2001
Posts: 386
|
I was given a channel security exit to implement on a Linux server Qmgr. But it does not seem to work properly. Looking at the source code, I can see printf statements sending output to stdout and stderr. But I don't see the output anywhere. If I can see the outout, I may be able to tell where is the failure. The program is wrtten in C and the programmer is on vacation for a couple of weeks.
Any idea how I can see those outputs when the exit is implemented on Linux without havng to modify the source code. Where does stdout and stderr go when the exit program runs under the MCA ?
If source code modification is required, I'll try. I am not a C programmer, but if someone can show me what to add or change, I probably can handle the editing and recompiling. |
|
| Back to top |
|
 |
| Mr Butcher |
| Posted: Mon Jun 19, 2006 6:40 am Post subject: |
|
|
Padawan
Joined: 23 May 2005
Posts: 1716
|
maybe home directory of the mqm userid (or the userid that runs the mca)? (just a guess, i do not know)
_________________
Regards, Butcher |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Mon Jun 19, 2006 6:43 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
I suspect that stdout and stderr will only show up if you enable MQ tracing, and then in the trace file.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| mvic |
| Posted: Mon Jun 19, 2006 7:29 am Post subject: Re: Help on security exit testing |
|
|
Jedi
Joined: 09 Mar 2004
Posts: 2080
|
| WBI_user wrote: |
| Where does stdout and stderr go when the exit program runs under the MCA ? |
Almost certainly they are closed, as is normal with a "server" process designed to run unattached from a console.
Instead of writing to stdout and stderr, code the exit to open a named file for output (use fopen) and write directly to the file (use fwrite). |
|
| Back to top |
|
|
| WBI_user |
| Posted: Mon Jun 19, 2006 8:32 am Post subject: |
|
|
Partisan
Joined: 07 Aug 2001
Posts: 386
|
Try to run with MQTRACE turned on. I can see that the Exit get invoked. But output are not shown in the exit.
I have tried to use frepon to send the stdout to a file. But printf output are not send there either. I'll try to use fwrite instead. But I donot want to spend too much time modifying the program as my job is administrator. |
|
| Back to top |
|
|
| mvic |
| Posted: Mon Jun 19, 2006 8:50 am Post subject: |
|
|
Jedi
Joined: 09 Mar 2004
Posts: 2080
|
| WBI_user wrote: |
| I'll try to use fwrite instead. |
Actually it might be quicker/easier to use fprintf, not fwrite. fprintf looks much more like printf. The following (untested) sequence of calls might work:
| Code: |
FILE * fp;
char * thestring = "abc";
int theinteger = 1;
int * thepointer = &theinteger;
fp = fopen("/home/myuser/myfile.txt", "a");
if ( fp != NULL )
{
fprintf(fp, "string %s integer %d pointer %p\n",
thestring, theinteger, thepointer);
fclose(fp);
} |
| Quote: |
| But I donot want to spend too much time modifying the program as my job is administrator. |
Is this exit code supported by the app development group? Perhaps they can assist. |
|
| Back to top |
|
|
| WBI_user |
| Posted: Mon Jun 19, 2006 2:39 pm Post subject: |
|
|
Partisan
Joined: 07 Aug 2001
Posts: 386
|
As I mentoned earlier, the author of the exit is on vacation and I just need to do as much as I can within my ability get the exit going.
I inserted the code to open a file and changed the printf to fprintf as suggested.
void MQStart() {;} /* dummy entry point */
void MQENTRY ChannelExit ( PMQCXP ChannelParms,
PMQCD ChannelDef,
:
MQLONG ExitBuffLen,
MQPTR ExitBuffAddr)
{
FILE *pFile;
pFile = fopen("/var/mqm/exits/Scyout.txt", "w");
fprintf (pFile, "exit code follows \n");
:
Original exit code with printfs changed to fprintf
:
fprintf (pFile, "exit code is done \n");
fclose(pFile);
:
}
Very strange, only the first fprintfs at the beginning and the end that I added were output to the file. All the other fprintfs (changed from printf in the exit code) were not.
Any idea ? Is there any limitation on writing to external file when the exit is running ?
Any suggesiton on how to trace the execuion of the exit other than trying to track the printfs to determine at what point is the exit failing ? |
|
| Back to top |
|
|
| RogerLacroix |
| Posted: Mon Jun 19, 2006 9:19 pm Post subject: |
|
|
Jedi Knight
Joined: 15 May 2001
Posts: 3264
Location: London, ON Canada
|
| WBI_user wrote: |
| Any idea ? Is there any limitation on writing to external file when the exit is running ? |
No.
| WBI_user wrote: |
| Any suggesiton on how to trace the execuion of the exit other than trying to track the printfs to determine at what point is the exit failing ? |
You are dabbling in a very complex area of programming. I strongly suggest you read the following posting:
http://www.mqseries.net/phpBB2/viewtopic.php?t=20523
Regards,
Roger Lacroix
Capitalware Inc.
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter |
|
| Back to top |
|
|
| mvic |
| Posted: Tue Jun 20, 2006 12:41 am Post subject: |
|
|
Jedi
Joined: 09 Mar 2004
Posts: 2080
|
| WBI_user wrote: |
| Any idea ? |
Try changing the "w" to "a" in your fopen call. |
|
| Back to top |
|
|
| WBI_user |
| Posted: Tue Jun 20, 2006 8:40 pm Post subject: |
|
|
Partisan
Joined: 07 Aug 2001
Posts: 386
|
| I found the problem but don't understand why. It is permission. Once I change the permission of the log file to 777, I can now see the fprintf messages. The log file Scyout.txt was created by the program and the first and last message was written to it. Why the other fprintfs cannot. The only explaination is the channel exit code is using a different userId. |
|
| Back to top |
|
|
| mvic |
| Posted: Wed Jun 21, 2006 3:24 am Post subject: |
|
|
Jedi
Joined: 09 Mar 2004
Posts: 2080
|
| WBI_user wrote: |
| Why the other fprintfs cannot. The only explaination is the channel exit code is using a different userId. |
Who can write to files in the directory /var/mqm/exits ? Hopefully not too many people... On one of my machines it's only mqm user and group that can write there. |
|
| Back to top |
|
|
|
|
