• Absolute path to running C program

    20Aug
    Categories: development, general IT, linux Comments: 1

    One day I needed to make an embedded Python interpreter in a Fortran/C program aware of its path, since it should search for a predefined python source code file in the same directory from the binary is located.

    Now, this introduces some issues, as the Fortran/C program can be runned in many ways:

    1. Absolute path (/home/asbjorn/test1/main)
    2. Standing in the directory and run ./main
    3. Having the /home/asbjorn/test1/ in your $PATH variable (Linux/UNIX), and type ‘main’.

    Now, the simplest approach is to use the “int argc, char *argv[]” variables inside your ‘int main()’ method. Then the “argv[0]” would contain the binary file name, including any absolute path if that what being used. But, if your application is in your $PATH variable, it wont work.

    A ‘dirty’ trick could be to use:

    char path[255];
path = system("which main");

    but, its not recommended using this approach. Another very hackish and cool solution is the following:

    #include <stdlib.h>
#include <stdio.h>
#include <sys/param.h>
int main(int argc, char* argv[])
{
   char path[MAXPATHLEN];
   int length;
   length = readlink("/proc/self/exe", path, sizeof(path));
   if(length<0) {
      fprintf(stderr,"error resolving /proc/self/exe!\n");
      exit(1);
   }
   path[length] = '\0';
   printf("The absolute path to this running binary is: %s\n", path);
 
   return 0;
}

    Another approach which is often used is to include some kind of configuration file that contains this path. Or, in my case, I could specify another folder which should hold my Python files. This approach would probably make more sense in the long run, as it is more flexible.

    So, in case you find yourself in this situation, then feel free to copy-paste the code and save the day ;) Have a good summer people!

    Tags: , ,

  • Apache, subversion and LDAP group authentication

    04Jun
    Categories: general IT, linux, tips, work Comments: 1

    Hellu!

    Lately I’ve been working on securing some web accessible resource, especially Subversion access to repositories through the Apache webserver. One aspect we found very difficult was to secure subversion access through our apache server, when we had a Active Directory server to authenticate against (I know..).

    Apache have some directives such as “Require valid-user” which signals that a user has to be authenticated against some authentication provider. This is in most cases a standard “.htaccess” and “.htpasswd” combination which provides this. For small projects, this may be a working approach. However, in a large-scale organization where you want a dynamic handling of users and their access, then using groups to reflect the users access to resources may be a better working solution.

    For one of our projects, we wanted all LDAP (AD) users to have read access, while members of certain groups have read and write access. We solved this with the following Apache config:

    1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

    <Location /wicked_project>
   DAV svn
   SVNParentPath /var/svn/wicked_project
   AuthzLDAPAuthoritative off
   AuthType basic
   AuthBasicProvider ldap
   AuthName "Need to authenticate here"
   AuthLDAPBindDN "ldap_user@domain.net"
   AuthLDAPBindPassword secretPassword
   AuthLDAPURL "ldap://ad.domain.net/dc=domain,dc=net?sAMAccountName?sub?(objectClass=*)"
 
   <Limit GET PROPFIND OPTIONS CHECKOUT>
      Require valid-user
   </Limit>
   <Limit REPORT MKACTIVITY PROPPATCH PUT MKCOL MOVE COPY DELETE LOCK UNLOCK MERGE>
   Require ldap-filter |(memberOf=CN=Staff,OU=GROUPS,DC=DOMAIN,DC=NET) \
                (memberOf=CN=Wicked_project_rw,OU=GROUPS,DC=DOMAIN,DC=NET)
   </Limit>
</Location>

    Another LDAP directive which can work if you only need one group to have read and write access is the “ldap-group” directive. However, in our case we needed multiple groups, which is not supported by the “ldap-group” directive.

    To solve this problem we used “ldap-filter” with multiple group filters inside the same filter, and divide them with the boolean OR. I don’t know if there are any more elegant ways of achieving the same result, but this solved our problems.

    Having a second look at this “ldap-fiter” directive, I see that it have a significant strength in terms of flexibility. However, one aspect I have not considered is the performance of this approach. Without looking in-depth into the mod_ldap apache module, I can guess that for each filter inside the ldap-filter directive, it have to make a query to the LDAP (AD) server to retrieve the wanted resource. So, for each group filter inside the ldap-filter, you need a call. In our approach, we need two LDAP queries. As you now may see, the more groups to filter, the more LDAP queries, hence the performance will degrade the more complex the ldap-filter is.

    Tags: , , , , , ,

  • Twitter from commandline

    05May
    Categories: Funny, Uncategorized, linux, lucene, python, tips Comments: 1

    I’ve been taken by the Twitter storm these days.. Damn, I should focus a hole lot more on my master report. Well, this took me only one little hour, so it’s not that waste of time.. :) So, I guess you have heard about the new “facebook” called Twitter? Well, its this new web community thing were people can write their current status for what they are doing in the world.. And, of course, one can follow friends and pay attention to were / what they are doing.. Now, after some time I found it rather heavy to enter the twitter webpage, login, and then post a new twitter message for each time I want to update my status. So, as a python fan I am, I created myself a little python script to capture this problem. It relies on the python-twitter module available at the Google Code pages. So, lets have a look at the code. I have named this file “update.py”, however feel free to rename it.

    1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36

    #!/usr/bin/env python
import twitter
import sys
 
USERNAME=""
PASSWORD=""
 
def postNewMessage(msg):
    api = twitter.Api()
    api = twitter.Api(username="", password="")
 
    if isinstance(msg, list):
        msg = " ".join(msg)
    msg = unicode(msg, "utf-8")
    if len(msg) > 140:
        print "ERROR: Message can't be over 140 chars."
        return
    try:
        api.PostUpdate(msg)
        print "OK. Was %i chars in msg." % len(msg)
    except Exception, e:
        print "FUck.."
 
    api.ClearCredentials()
 
if __name__ == "__main__":
    if len(sys.argv) > 1:
        t = sys.argv[1:]
        if len(t) == 1 and len(t[0]) > 10:
            # writes ./update "hi there mate"
            postNewMessage(t[0])
        else:
            # writes ./update hello world
            postNewMessage(sys.argv[1:])
    else:
        print "fuck"
    Tags: ,

  • SSL and CAcert.org

    19Apr
    Categories: linux Comments: 0

    Today I spent some time trying to understand SSL certificates and how I could implement SSL on my web sites. Some googling later gave me some interessting tips regarding using CAcert and Apache2.

    So, signing up as a user at CAcert, I was able to get my certificates signed by CAcert by simple web clicks. One thing to notice about CAcert is that they are not shipped as an CA in most web browser. This means that if you implement your CAcert signed certificate in your Apache2 web server, and visits your website with Firefox (via HTTPS) you will receive a notification stating that your certificate is not signed by any know authorities. What you will need is to import CAcert.org root certificate to make the browser able to verifi the certificates.

    What does CAcert.org have in constrast to other CA’s around the world? Well, its a free service, so you don’t need to pay expensive fees to get your certificates signed. This is the most attractive feature. One downside has already been mentioned here, that the root certificate is not already in most browsers, so one has to import them manually. If you want to provide your webpages through HTTPS, I would absolutely recommend you to have a look at CAcert.org. For tutorials and guides for how to use CAcert.org with Apache, take a look at the http://wiki.cacert.org page.

    Some links:

    • http://wiki.cacert.org/wiki/SimpleApacheCert
    • http://wiki.cacert.org/wiki/CSRGenerator
    Tags: , , ,

  • Linux and internal OS caching

    19Apr
    Categories: linux, tips Comments: 0

    Caching inside Linux such as pages and inodes can become quite hugh, and thats the point. Linux wants to utilize all the available memory to create a faster working environment…

    Now, lately I’ve been experimenting on some IR-software (http://lucene.apache.org), and for these experiments I needed to clear the internal page caching of I/O data. Basicly, whenever I open a file, then Linux caches that particular file, so that if I need it again later on, it will be available in “no-time”. For my experiments, I needed a “clean” cache for every run, and therefor needed to clear my cache.

    After some Googling I stumbled upon this site: http://linux-mm.org/Drop_Caches. There was a lot of interessting stuff there, so I would recommend people to read it.

    Basically, whenever you need to uncache something in your computer, you can (in Linux that is), write the following in a terminal:

    This one below will free pagecache:

    # echo 1 > /proc/sys/vm/drop_caches

    This one below will free dentries and inodes:

    # echo 2 > /proc/sys/vm/drop_caches

    This one below will free both pagecache, dentries and inodes:

    # echo 3 > /proc/sys/vm/drop_caches
    Tags: , ,

Blogroll:

Meta:

Recent Posts