pegasus/src/Executor/Policy.c - annotate

Return to Policy.c CVS log

Up to [Pegasus] / pegasus / src / Executor

1 kumpf 1.2 /* 2 //%2006//////////////////////////////////////////////////////////////////////// 3 // 4 // Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development 5 // Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems. 6 // Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.; 7 // IBM Corp.; EMC Corporation, The Open Group. 8 // Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.; 9 // IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group. 10 // Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.; 11 // EMC Corporation; VERITAS Software Corporation; The Open Group. 12 // Copyright (c) 2006 Hewlett-Packard Development Company, L.P.; IBM Corp.; 13 // EMC Corporation; Symantec Corporation; The Open Group. 14 // 15 // Permission is hereby granted, free of charge, to any person obtaining a copy 16 // of this software and associated documentation files (the "Software"), to 17 // deal in the Software without restriction, including without limitation the 18 // rights to use, copy, modify, merge, publish, distribute, sublicense, and/or 19 // sell copies of the Software, and to permit persons to whom the Software is 20 // furnished to do so, subject to the following conditions: 21 // 22 kumpf 1.2 // THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN 23 // ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED 24 // "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT 25 // LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR 26 // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 27 // HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN 28 // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION 29 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 30 // 31 //%///////////////////////////////////////////////////////////////////////////// 32 / 33 34 #include <string.h> 35 #include <unistd.h> 36 #include <ctype.h> 37 #include <fcntl.h> 38 #include "Policy.h" 39 #include "Defines.h" 40 #include "Macro.h" 41 #include "Path.h" 42 #include "Fatal.h" 43 kumpf 1.2 #include "Log.h" 44 #include "Match.h" 45 #include "Messages.h" 46 #include "Globals.h" 47 #include "Strlcat.h" 48 #include "Strlcpy.h" 49 50 / 51 ============================================================================== 52 53 ARG() 54 55 Expands function arguments to "name, value" for use in formatted 56 output statements. 57 58 For example, this, 59 60 printf("%s=\"%s\"", ARG(count)); 61 62 is expanded to this: 63 64 kumpf 1.2 printf("%s=\"%s\"", "count", count); 65 66 ============================================================================== 67 / 68 69 #define ARG(X) #X, X 70 71 / 72 ============================================================================== 73 74 _staticPolicyTable[] 75 76 This array defines the static policy table for the executor. 77 78 *============================================================================== 79 / 80 81 static struct Policy _staticPolicyTable[] = 82 { 83 /* cimserver_current.conf policies */ 84 { 85 kumpf 1.2 EXECUTOR_OPEN_FILE_MESSAGE, 86 "${currentConfigFilePath}", 87 "w",
88 kumpf 1.6 (S_IRUSR \| S_IWUSR \| S_IRGRP \| S_IROTH) /* 0644 */
89 kumpf 1.2 }, 90 { 91 EXECUTOR_RENAME_FILE_MESSAGE, 92 "${currentConfigFilePath}", 93 "${currentConfigFilePath}.bak",
94 kumpf 1.6 0, /* flags */
95 kumpf 1.2 }, 96 { 97 EXECUTOR_REMOVE_FILE_MESSAGE, 98 "${currentConfigFilePath}", 99 NULL,
100 kumpf 1.6 0, /* flags */
101 kumpf 1.2 }, 102 { 103 EXECUTOR_REMOVE_FILE_MESSAGE, 104 "${currentConfigFilePath}.bak", 105 NULL,
106 kumpf 1.6 0, /* flags */
107 kumpf 1.2 }, 108 /* cimserver_planned.conf policies */ 109 { 110 EXECUTOR_OPEN_FILE_MESSAGE, 111 "${plannedConfigFilePath}", 112 "w",
113 kumpf 1.6 (S_IRUSR \| S_IWUSR \| S_IRGRP \| S_IROTH) /* 0644 */
114 kumpf 1.2 }, 115 { 116 EXECUTOR_RENAME_FILE_MESSAGE, 117 "${plannedConfigFilePath}", 118 "${plannedConfigFilePath}.bak",
119 kumpf 1.6 0, /* flags */
120 kumpf 1.2 }, 121 { 122 EXECUTOR_REMOVE_FILE_MESSAGE, 123 "${plannedConfigFilePath}", 124 NULL,
125 kumpf 1.6 0, /* flags */
126 kumpf 1.2 }, 127 { 128 EXECUTOR_REMOVE_FILE_MESSAGE, 129 "${plannedConfigFilePath}.bak", 130 NULL,
131 kumpf 1.6 0, /* flags */
132 kumpf 1.2 }, 133 /* cimserver.passwd policies */ 134 { 135 EXECUTOR_OPEN_FILE_MESSAGE, 136 "${passwordFilePath}", 137 "w",
138 kumpf 1.6 (S_IRUSR \| S_IWUSR) /* 0600 */
139 kumpf 1.2 }, 140 { 141 EXECUTOR_RENAME_FILE_MESSAGE, 142 "${passwordFilePath}.bak", 143 "${passwordFilePath}",
144 kumpf 1.6 0, /* flags */
145 kumpf 1.2 }, 146 { 147 EXECUTOR_RENAME_FILE_MESSAGE, 148 "${passwordFilePath}", 149 "${passwordFilePath}.bak",
150 kumpf 1.6 0, /* flags */
151 kumpf 1.2 }, 152 { 153 EXECUTOR_REMOVE_FILE_MESSAGE, 154 "${passwordFilePath}.bak", 155 NULL,
156 kumpf 1.6 0, /* flags */
157 kumpf 1.2 }, 158 { 159 EXECUTOR_REMOVE_FILE_MESSAGE, 160 "${passwordFilePath}", 161 NULL,
162 kumpf 1.6 0, /* flags */
163 kumpf 1.2 }, 164 /* SSL key file policies. */ 165 { 166 EXECUTOR_OPEN_FILE_MESSAGE, 167 "${sslKeyFilePath}", 168 "r",
169 kumpf 1.6 0, /* flags not used when opening a file for read access */
170 kumpf 1.2 }, 171 /* SSL trust store policies. / 172 { 173 EXECUTOR_OPEN_FILE_MESSAGE, 174 "${sslTrustStore}/", 175 "w",
176 kumpf 1.6 (S_IRUSR \| S_IWUSR \| S_IRGRP \| S_IROTH) /* 0644 */
177 kumpf 1.2 }, 178 { 179 EXECUTOR_REMOVE_FILE_MESSAGE, 180 "${sslTrustStore}/*", 181 NULL,
182 kumpf 1.6 0, /* flags */
183 kumpf 1.2 }, 184 /* CRL store policies. / 185 { 186 EXECUTOR_OPEN_FILE_MESSAGE, 187 "${crlStore}/", 188 "w",
189 kumpf 1.6 (S_IRUSR \| S_IWUSR \| S_IRGRP \| S_IROTH) /* 0644 */
190 kumpf 1.2 }, 191 { 192 EXECUTOR_REMOVE_FILE_MESSAGE, 193 "${crlStore}/*", 194 NULL,
195 kumpf 1.6 0, /* flags */
196 kumpf 1.2 }, 197 }; 198 199 static const size_t _staticPolicyTableSize = 200 sizeof(_staticPolicyTable) / sizeof(_staticPolicyTable[0]); 201 202 /* 203 ============================================================================== 204 205 CheckPolicy() 206 207 *============================================================================== 208 / 209
210 kumpf 1.4 int CheckPolicy(
211 kumpf 1.2 const struct Policy* policyTable, 212 size_t policyTableSize, 213 enum ExecutorMessageCode messageCode, 214 const char* arg1,
215 kumpf 1.6 const char* arg2, 216 unsigned long* flags)
217 kumpf 1.2 { 218 size_t i; 219
220 kumpf 1.6 /* Clear the flags. / 221 222 if (flags) 223 flags = 0; 224
225 kumpf 1.2 for (i = 0; i < policyTableSize; i++) 226 { 227 const struct Policy* p; 228 229 p = &policyTable[i]; 230 231 /* Check message code / 232 233 if (p->messageCode != messageCode) 234 continue; 235 236 / Check arg1. / 237 238 if (p->arg1) 239 { 240 char pat[EXECUTOR_BUFFER_SIZE]; 241 242 if (ExpandMacros(p->arg1, pat) != 0 \|\| Match(pat, arg1) != 0) 243 continue; 244 } 245 246 kumpf 1.2 / Check arg2. */ 247 248 if (p->arg2) 249 { 250 char pat[EXECUTOR_BUFFER_SIZE]; 251 252 if (ExpandMacros(p->arg2, pat) != 0 \|\| Match(pat, arg2) != 0) 253 continue; 254 } 255
256 kumpf 1.6 /* Set the output flags argument. / 257 258 if (flags) 259 flags = p->flags; 260
261 kumpf 1.2 /* Found a matching policy! */
262 kumpf 1.6
263 kumpf 1.2 return 0; 264 } 265 266 /* Failed to find any matching policy. / 267 268 return -1; 269 } 270 271 / 272 ============================================================================== 273 274 CheckOpenFilePolicy() 275 276 *============================================================================== 277 / 278
279 kumpf 1.6 int CheckOpenFilePolicy(const char* path, int mode, unsigned long* flags)
280 kumpf 1.2 { 281 char arg2[2]; 282 283 arg2[0] = mode; 284 arg2[1] = '\0'; 285 286 if (CheckPolicy(_staticPolicyTable, _staticPolicyTableSize,
287 kumpf 1.6 EXECUTOR_OPEN_FILE_MESSAGE, path, arg2, flags) == 0)
288 kumpf 1.2 { 289 Log(LL_TRACE, "CheckOpenFilePolicy(%s=\"%s\", %s='%c') passed", 290 ARG(path), ARG(mode)); 291 return 0; 292 } 293 294 Log(LL_SEVERE, "CheckOpenFilePolicy(%s=\"%s\", %s='%c') failed", 295 ARG(path), ARG(mode)); 296 297 #if defined(EXIT_ON_POLICY_FAILURE) 298 Fatal(FL, "exited due to policy failure"); 299 #endif 300 301 return -1; 302 } 303 304 /* 305 ============================================================================== 306 307 CheckRemoveFilePolicy() 308 309 kumpf 1.2 *============================================================================== 310 / 311 312 int CheckRemoveFilePolicy(const char* path) 313 { 314 if (CheckPolicy(_staticPolicyTable, _staticPolicyTableSize,
315 kumpf 1.6 EXECUTOR_REMOVE_FILE_MESSAGE, path, NULL, NULL) == 0)
316 kumpf 1.2 { 317 Log(LL_TRACE, "CheckRemoveFilePolicy(%s=\"%s\") passed", ARG(path)); 318 return 0; 319 } 320 321 Log(LL_SEVERE, "CheckRemoveFilePolicy(%s=\"%s\") failed", ARG(path)); 322 323 #if defined(EXIT_ON_POLICY_FAILURE) 324 Fatal(FL, "exited due to policy failure"); 325 #endif 326 327 return -1; 328 } 329 330 /* 331 ============================================================================== 332 333 CheckRenameFilePolicy() 334 335 *============================================================================== 336 / 337 kumpf 1.2 338 int CheckRenameFilePolicy(const char* oldPath, const char* newPath) 339 { 340 if (CheckPolicy(_staticPolicyTable, _staticPolicyTableSize,
341 kumpf 1.6 EXECUTOR_RENAME_FILE_MESSAGE, oldPath, newPath, NULL) == 0)
342 kumpf 1.2 { 343 Log(LL_TRACE, "CheckRenameFilePolicy(%s=\"%s\", %s=\"%s\") passed", 344 ARG(oldPath), ARG(newPath)); 345 return 0; 346 } 347 348 Log(LL_SEVERE, "CheckRenameFilePolicy(%s=\"%s\", %s=\"%s\") failed", 349 ARG(oldPath), ARG(newPath)); 350 351 #if defined(EXIT_ON_POLICY_FAILURE) 352 Fatal(FL, "exited due to policy failure"); 353 #endif 354 355 return -1; 356 } 357 358 /* 359 ============================================================================== 360
361 kumpf 1.5 ** DumpPolicyHelper()
362 kumpf 1.2 363 Dump the policy table given by policyTable and policyTableSize.
364 kumpf 1.5 ** Expand any macros in the entries, if requested.
365 kumpf 1.2 366 ============================================================================== 367 */ 368
369 kumpf 1.5 void DumpPolicyHelper( 370 FILE* outputStream,
371 kumpf 1.2 const struct Policy* policyTable, 372 size_t policyTableSize, 373 int expandMacros) 374 { 375 size_t i; 376 377 for (i = 0; i < policyTableSize; i++) 378 { 379 const struct Policy* p = &policyTable[i]; 380 const char* codeStr = MessageCodeToString(p->messageCode); 381 char arg1[EXECUTOR_BUFFER_SIZE]; 382 char arg2[EXECUTOR_BUFFER_SIZE]; 383 384 if (expandMacros) 385 {
386 kumpf 1.5 if (p->arg1) 387 ExpandMacros(p->arg1, arg1);
388 kumpf 1.2 389 if (p->arg2) 390 ExpandMacros(p->arg2, arg2); 391 } 392 else 393 {
394 kumpf 1.5 if (p->arg1) 395 Strlcpy(arg1, p->arg1, sizeof(arg1));
396 kumpf 1.2 397 if (p->arg2) 398 Strlcpy(arg2, p->arg2, sizeof(arg2)); 399 } 400
401 kumpf 1.5 fprintf(outputStream, "%s(", codeStr); 402 if (p->arg1) 403 fprintf(outputStream, "\"%s\"", arg1);
404 kumpf 1.2 if (p->arg2)
405 kumpf 1.5 fprintf(outputStream, ", \"%s\"", arg2); 406 fprintf(outputStream, ")\n");
407 kumpf 1.2 } 408 } 409 410 /* 411 ============================================================================== 412 413 DumpPolicy() 414
415 kumpf 1.5 ** Dump the static policy table.
416 kumpf 1.2 417 ============================================================================== 418 */ 419
420 kumpf 1.5 void DumpPolicy(FILE* outputStream, int expandMacros)
421 kumpf 1.2 {
422 kumpf 1.5 fprintf(outputStream, "===== Policy:\n");
423 kumpf 1.2
424 kumpf 1.5 DumpPolicyHelper( 425 outputStream, _staticPolicyTable, _staticPolicyTableSize, expandMacros);
426 kumpf 1.2
427 kumpf 1.5 putc('\n', outputStream);
428 kumpf 1.2 }

No CVS admin address has been configured