pegasus/src/Executor/Policy.c - annotate

Return to Policy.c CVS log

Up to [Pegasus] / pegasus / src / Executor

1 kumpf 1.2 /* 2 //%2006//////////////////////////////////////////////////////////////////////// 3 // 4 // Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development 5 // Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems. 6 // Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.; 7 // IBM Corp.; EMC Corporation, The Open Group. 8 // Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.; 9 // IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group. 10 // Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.; 11 // EMC Corporation; VERITAS Software Corporation; The Open Group. 12 // Copyright (c) 2006 Hewlett-Packard Development Company, L.P.; IBM Corp.; 13 // EMC Corporation; Symantec Corporation; The Open Group. 14 // 15 // Permission is hereby granted, free of charge, to any person obtaining a copy 16 // of this software and associated documentation files (the "Software"), to 17 // deal in the Software without restriction, including without limitation the 18 // rights to use, copy, modify, merge, publish, distribute, sublicense, and/or 19 // sell copies of the Software, and to permit persons to whom the Software is 20 // furnished to do so, subject to the following conditions: 21 // 22 kumpf 1.2 // THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN 23 // ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED 24 // "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT 25 // LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR 26 // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 27 // HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN 28 // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION 29 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 30 // 31 //%///////////////////////////////////////////////////////////////////////////// 32 / 33 34 #include <string.h> 35 #include <unistd.h> 36 #include <ctype.h> 37 #include <fcntl.h> 38 #include "Policy.h" 39 #include "Defines.h" 40 #include "Macro.h" 41 #include "Path.h" 42 #include "Fatal.h" 43 kumpf 1.2 #include "Log.h" 44 #include "Match.h" 45 #include "Messages.h" 46 #include "Globals.h" 47 #include "Strlcat.h" 48 #include "Strlcpy.h" 49 50 / 51 ============================================================================== 52 53 ARG() 54 55 Expands function arguments to "name, value" for use in formatted 56 output statements. 57 58 For example, this, 59 60 printf("%s=\"%s\"", ARG(count)); 61 62 is expanded to this: 63 64 kumpf 1.2 printf("%s=\"%s\"", "count", count); 65 66 ============================================================================== 67 / 68 69 #define ARG(X) #X, X 70 71 / 72 ============================================================================== 73 74 _staticPolicyTable[] 75 76 This array defines the static policy table for the executor. 77 78 *============================================================================== 79 / 80 81 static struct Policy _staticPolicyTable[] = 82 { 83 /* cimserver_current.conf policies / 84 { 85 kumpf 1.2 EXECUTOR_OPEN_FILE_MESSAGE, 86 "${currentConfigFilePath}", 87 "w", 88 }, 89 { 90 EXECUTOR_RENAME_FILE_MESSAGE, 91 "${currentConfigFilePath}", 92 "${currentConfigFilePath}.bak", 93 }, 94 { 95 EXECUTOR_REMOVE_FILE_MESSAGE, 96 "${currentConfigFilePath}", 97 NULL, 98 }, 99 { 100 EXECUTOR_REMOVE_FILE_MESSAGE, 101 "${currentConfigFilePath}.bak", 102 NULL, 103 }, 104 / cimserver_planned.conf policies / 105 { 106 kumpf 1.2 EXECUTOR_OPEN_FILE_MESSAGE, 107 "${plannedConfigFilePath}", 108 "w", 109 }, 110 { 111 EXECUTOR_RENAME_FILE_MESSAGE, 112 "${plannedConfigFilePath}", 113 "${plannedConfigFilePath}.bak", 114 }, 115 { 116 EXECUTOR_REMOVE_FILE_MESSAGE, 117 "${plannedConfigFilePath}", 118 NULL, 119 }, 120 { 121 EXECUTOR_REMOVE_FILE_MESSAGE, 122 "${plannedConfigFilePath}.bak", 123 NULL, 124 }, 125 / cimserver.passwd policies / 126 { 127 kumpf 1.2 EXECUTOR_OPEN_FILE_MESSAGE, 128 "${passwordFilePath}", 129 "w", 130 }, 131 { 132 EXECUTOR_RENAME_FILE_MESSAGE, 133 "${passwordFilePath}.bak", 134 "${passwordFilePath}", 135 }, 136 { 137 EXECUTOR_RENAME_FILE_MESSAGE, 138 "${passwordFilePath}", 139 "${passwordFilePath}.bak", 140 }, 141 { 142 EXECUTOR_REMOVE_FILE_MESSAGE, 143 "${passwordFilePath}.bak", 144 NULL, 145 }, 146 { 147 EXECUTOR_REMOVE_FILE_MESSAGE, 148 kumpf 1.2 "${passwordFilePath}", 149 NULL, 150 }, 151 / SSL key file policies. / 152 { 153 EXECUTOR_OPEN_FILE_MESSAGE, 154 "${sslKeyFilePath}", 155 "r", 156 }, 157 / SSL trust store policies. / 158 { 159 EXECUTOR_OPEN_FILE_MESSAGE, 160 "${sslTrustStore}/", 161 "w", 162 }, 163 { 164 EXECUTOR_REMOVE_FILE_MESSAGE, 165 "${sslTrustStore}/", 166 NULL, 167 }, 168 / CRL store policies. / 169 kumpf 1.2 { 170 EXECUTOR_OPEN_FILE_MESSAGE, 171 "${crlStore}/", 172 "w", 173 }, 174 { 175 EXECUTOR_REMOVE_FILE_MESSAGE, 176 "${crlStore}/", 177 NULL, 178 }, 179 }; 180 181 static const size_t _staticPolicyTableSize = 182 sizeof(_staticPolicyTable) / sizeof(_staticPolicyTable[0]); 183 184 / 185 ============================================================================== 186 187 CheckPolicy() 188 189 *============================================================================== 190 kumpf 1.2 / 191
192 kumpf 1.4 int CheckPolicy(
193 kumpf 1.2 const struct Policy* policyTable, 194 size_t policyTableSize, 195 enum ExecutorMessageCode messageCode, 196 const char* arg1, 197 const char* arg2) 198 { 199 size_t i; 200 201 for (i = 0; i < policyTableSize; i++) 202 { 203 const struct Policy* p; 204 205 p = &policyTable[i]; 206 207 /* Check message code / 208 209 if (p->messageCode != messageCode) 210 continue; 211 212 / Check arg1. / 213 214 kumpf 1.2 if (p->arg1) 215 { 216 char pat[EXECUTOR_BUFFER_SIZE]; 217 218 if (ExpandMacros(p->arg1, pat) != 0 \|\| Match(pat, arg1) != 0) 219 continue; 220 } 221 222 / Check arg2. / 223 224 if (p->arg2) 225 { 226 char pat[EXECUTOR_BUFFER_SIZE]; 227 228 if (ExpandMacros(p->arg2, pat) != 0 \|\| Match(pat, arg2) != 0) 229 continue; 230 } 231 232 / Found a matching policy! / 233 return 0; 234 } 235 kumpf 1.2 236 / Failed to find any matching policy. / 237 238 return -1; 239 } 240 241 / 242 ============================================================================== 243 244 CheckOpenFilePolicy() 245 246 *============================================================================== 247 / 248 249 int CheckOpenFilePolicy(const char* path, int mode) 250 { 251 char arg2[2]; 252 253 arg2[0] = mode; 254 arg2[1] = '\0'; 255 256 kumpf 1.2 if (CheckPolicy(_staticPolicyTable, _staticPolicyTableSize, 257 EXECUTOR_OPEN_FILE_MESSAGE, path, arg2) == 0) 258 { 259 Log(LL_TRACE, "CheckOpenFilePolicy(%s=\"%s\", %s='%c') passed", 260 ARG(path), ARG(mode)); 261 return 0; 262 } 263 264 Log(LL_SEVERE, "CheckOpenFilePolicy(%s=\"%s\", %s='%c') failed", 265 ARG(path), ARG(mode)); 266 267 #if defined(EXIT_ON_POLICY_FAILURE) 268 Fatal(FL, "exited due to policy failure"); 269 #endif 270 271 return -1; 272 } 273 274 /* 275 ============================================================================== 276 277 kumpf 1.2 CheckRemoveFilePolicy() 278 279 *============================================================================== 280 / 281 282 int CheckRemoveFilePolicy(const char* path) 283 { 284 if (CheckPolicy(_staticPolicyTable, _staticPolicyTableSize, 285 EXECUTOR_REMOVE_FILE_MESSAGE, path, NULL) == 0) 286 { 287 Log(LL_TRACE, "CheckRemoveFilePolicy(%s=\"%s\") passed", ARG(path)); 288 return 0; 289 } 290 291 Log(LL_SEVERE, "CheckRemoveFilePolicy(%s=\"%s\") failed", ARG(path)); 292 293 #if defined(EXIT_ON_POLICY_FAILURE) 294 Fatal(FL, "exited due to policy failure"); 295 #endif 296 297 return -1; 298 kumpf 1.2 } 299 300 /* 301 ============================================================================== 302 303 CheckRenameFilePolicy() 304 305 *============================================================================== 306 / 307 308 int CheckRenameFilePolicy(const char* oldPath, const char* newPath) 309 { 310 if (CheckPolicy(_staticPolicyTable, _staticPolicyTableSize, 311 EXECUTOR_RENAME_FILE_MESSAGE, oldPath, newPath) == 0) 312 { 313 Log(LL_TRACE, "CheckRenameFilePolicy(%s=\"%s\", %s=\"%s\") passed", 314 ARG(oldPath), ARG(newPath)); 315 return 0; 316 } 317 318 Log(LL_SEVERE, "CheckRenameFilePolicy(%s=\"%s\", %s=\"%s\") failed", 319 kumpf 1.2 ARG(oldPath), ARG(newPath)); 320 321 #if defined(EXIT_ON_POLICY_FAILURE) 322 Fatal(FL, "exited due to policy failure"); 323 #endif 324 325 return -1; 326 } 327 328 /* 329 ============================================================================== 330
331 kumpf 1.5 ** DumpPolicyHelper()
332 kumpf 1.2 333 Dump the policy table given by policyTable and policyTableSize.
334 kumpf 1.5 ** Expand any macros in the entries, if requested.
335 kumpf 1.2 336 ============================================================================== 337 */ 338
339 kumpf 1.5 void DumpPolicyHelper( 340 FILE* outputStream,
341 kumpf 1.2 const struct Policy* policyTable, 342 size_t policyTableSize, 343 int expandMacros) 344 { 345 size_t i; 346 347 for (i = 0; i < policyTableSize; i++) 348 { 349 const struct Policy* p = &policyTable[i]; 350 const char* codeStr = MessageCodeToString(p->messageCode); 351 char arg1[EXECUTOR_BUFFER_SIZE]; 352 char arg2[EXECUTOR_BUFFER_SIZE]; 353 354 if (expandMacros) 355 {
356 kumpf 1.5 if (p->arg1) 357 ExpandMacros(p->arg1, arg1);
358 kumpf 1.2 359 if (p->arg2) 360 ExpandMacros(p->arg2, arg2); 361 } 362 else 363 {
364 kumpf 1.5 if (p->arg1) 365 Strlcpy(arg1, p->arg1, sizeof(arg1));
366 kumpf 1.2 367 if (p->arg2) 368 Strlcpy(arg2, p->arg2, sizeof(arg2)); 369 } 370
371 kumpf 1.5 fprintf(outputStream, "%s(", codeStr); 372 if (p->arg1) 373 fprintf(outputStream, "\"%s\"", arg1);
374 kumpf 1.2 if (p->arg2)
375 kumpf 1.5 fprintf(outputStream, ", \"%s\"", arg2); 376 fprintf(outputStream, ")\n");
377 kumpf 1.2 } 378 } 379 380 /* 381 ============================================================================== 382 383 DumpPolicy() 384
385 kumpf 1.5 ** Dump the static policy table.
386 kumpf 1.2 387 ============================================================================== 388 */ 389
390 kumpf 1.5 void DumpPolicy(FILE* outputStream, int expandMacros)
391 kumpf 1.2 {
392 kumpf 1.5 fprintf(outputStream, "===== Policy:\n");
393 kumpf 1.2
394 kumpf 1.5 DumpPolicyHelper( 395 outputStream, _staticPolicyTable, _staticPolicyTableSize, expandMacros);
396 kumpf 1.2
397 kumpf 1.5 putc('\n', outputStream);
398 kumpf 1.2 }

No CVS admin address has been configured