version 1.1.4.2, 2007/03/23 21:53:51
|
version 1.9, 2010/10/29 05:29:50
|
|
|
//%2006//////////////////////////////////////////////////////////////////////// |
//%LICENSE//////////////////////////////////////////////////////////////// |
// | // |
// Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development |
// Licensed to The Open Group (TOG) under one or more contributor license |
// Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems. |
// agreements. Refer to the OpenPegasusNOTICE.txt file distributed with |
// Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.; |
// this work for additional information regarding copyright ownership. |
// IBM Corp.; EMC Corporation, The Open Group. |
// Each contributor licenses this file to you under the OpenPegasus Open |
// Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.; |
// Source License; you may not use this file except in compliance with the |
// IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group. |
// License. |
// Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.; |
|
// EMC Corporation; VERITAS Software Corporation; The Open Group. |
|
// Copyright (c) 2006 Hewlett-Packard Development Company, L.P.; IBM Corp.; |
|
// EMC Corporation; Symantec Corporation; The Open Group. |
|
// | // |
// Permission is hereby granted, free of charge, to any person obtaining a copy |
// Permission is hereby granted, free of charge, to any person obtaining a |
// of this software and associated documentation files (the "Software"), to |
// copy of this software and associated documentation files (the "Software"), |
// deal in the Software without restriction, including without limitation the |
// to deal in the Software without restriction, including without limitation |
// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or |
// the rights to use, copy, modify, merge, publish, distribute, sublicense, |
// sell copies of the Software, and to permit persons to whom the Software is |
// and/or sell copies of the Software, and to permit persons to whom the |
// furnished to do so, subject to the following conditions: |
// Software is furnished to do so, subject to the following conditions: |
// | // |
// THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN |
// The above copyright notice and this permission notice shall be included |
// ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED |
// in all copies or substantial portions of the Software. |
// "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT |
|
// LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR |
|
// PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT |
|
// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN |
|
// ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION |
|
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
|
// | // |
//============================================================================== |
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS |
|
// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF |
|
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. |
|
// IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY |
|
// CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, |
|
// TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE |
|
// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
|
// |
|
////////////////////////////////////////////////////////////////////////// |
// | // |
//%///////////////////////////////////////////////////////////////////////////// | //%///////////////////////////////////////////////////////////////////////////// |
| |
|
|
#include <Pegasus/Common/MessageLoader.h> | #include <Pegasus/Common/MessageLoader.h> |
#include <Pegasus/Common/AnonymousPipe.h> | #include <Pegasus/Common/AnonymousPipe.h> |
#include <Pegasus/Common/Linkage.h> | #include <Pegasus/Common/Linkage.h> |
#include <Pegasus/Common/SessionKey.h> |
|
#include <Executor/Defines.h> | #include <Executor/Defines.h> |
#include <cstdio> | #include <cstdio> |
| |
|
|
*/ | */ |
static int ping(); | static int ping(); |
| |
/** Open the given file with the given mode. |
/** Open the given file with the given mode. The file permissions are |
|
governed by Executor policy (if the Executor is called) or by the |
|
process umask setting. |
@param path the path of the file. | @param path the path of the file. |
@param mode 'r'=read, 'w'=write, and 'a'=append. | @param mode 'r'=read, 'w'=write, and 'a'=append. |
@return the file stream or NULL on failure. | @return the file stream or NULL on failure. |
|
|
| |
/** Start a provider agent as the given user. The provider agent will | /** Start a provider agent as the given user. The provider agent will |
load the given provider module. | load the given provider module. |
|
@param type of provider module (32 or 64 bit) |
@param sessionKey a valid session key. |
|
@param module name of provider module to be loaded. | @param module name of provider module to be loaded. |
@param uid the UID to run the provider agent as. |
@param pegasusHome the Pegasus home directory to use to find the |
@param gid the GID to run the provider agent as. |
cimprovagt executable. |
|
@param userName the user name to run the provider agent as. |
@param pid the PID of the new process (to be eventually passed to | @param pid the PID of the new process (to be eventually passed to |
reapProviderAgent()). | reapProviderAgent()). |
@param providerAgentSessionKey a newly generated providerAgentSessionKey |
|
(to be eventually passed to reapProviderAgent()). |
|
@param readPipe pipe used to read data from provider agent. | @param readPipe pipe used to read data from provider agent. |
@param writePipe pipe used to write data from provider agent. | @param writePipe pipe used to write data from provider agent. |
@return 0=success, -1=failure | @return 0=success, -1=failure |
*/ | */ |
static int startProviderAgent( | static int startProviderAgent( |
const SessionKey& sessionKey, |
unsigned short bitness, |
const char* module, | const char* module, |
int uid, |
const String& pegasusHome, |
int gid, |
const String& userName, |
int& pid, | int& pid, |
SessionKey& providerAgentSessionKey, |
|
AnonymousPipe*& readPipe, | AnonymousPipe*& readPipe, |
AnonymousPipe*& writePipe); | AnonymousPipe*& writePipe); |
| |
/** Cause the executor to daemonize itself. |
/** Cause the executor to complete its daemonization and the cimserver |
|
command to exit with success status. |
@return 0=success, -1=failure | @return 0=success, -1=failure |
*/ | */ |
static int daemonizeExecutor(); | static int daemonizeExecutor(); |
| |
/** Wait for the provider agent to exit. | /** Wait for the provider agent to exit. |
@param sessionKey the sessionKey obtained with startProviderAgent(). |
|
@param pid the process id obtained with startProviderAgent(). | @param pid the process id obtained with startProviderAgent(). |
@return 0=success, -1=failure | @return 0=success, -1=failure |
*/ | */ |
static int reapProviderAgent( | static int reapProviderAgent( |
const SessionKey& sessionKey, |
|
int pid); | int pid); |
| |
/** Check whether the password is correct for the given user, using an | /** Check whether the password is correct for the given user, using an |
|
|
file). | file). |
@param username the name of a valid system user. | @param username the name of a valid system user. |
@param password the clear text password for the given user. | @param password the clear text password for the given user. |
@param sessionKey a new session key that may be passed to |
|
startProviderAgent() and other methods. |
|
@return 0=success, -1=failure | @return 0=success, -1=failure |
*/ | */ |
static int authenticatePassword( | static int authenticatePassword( |
const char* username, | const char* username, |
const char* password, |
const char* password); |
SessionKey& sessionKey); |
|
| |
/** Check whether the given user is valid for the underlying authentcation | /** Check whether the given user is valid for the underlying authentcation |
mechanism. | mechanism. |
|
|
| |
/** Begin authenticating the given *user* using the "local authentication" | /** Begin authenticating the given *user* using the "local authentication" |
algorithm. A file containing a secret token is created on the local | algorithm. A file containing a secret token is created on the local |
file system. The file is only reabable by the given user. The caller |
file system. The file is only readable by the given user. The caller |
should pass the path of this file to the client, who will attempt to | should pass the path of this file to the client, who will attempt to |
read the secret token from the file and return it to the server. This | read the secret token from the file and return it to the server. This |
token and the session key generated by this function should then be |
token and the file path generated by this function should then be |
passed to authenticateLocal(). | passed to authenticateLocal(). |
@param username name of user to be challenged. | @param username name of user to be challenged. |
@param challenged the challenge to be forwared by the caller to the |
@param challenge The challenge file path to be forwared by the caller |
client (this is the path name of the secrets file mentioned above). |
to the client. |
@param sessionKey a new session key that may be passed to the |
|
startProviderAgent() and other methods. |
|
@return 0=success, -1=failure | @return 0=success, -1=failure |
*/ | */ |
static int challengeLocal( | static int challengeLocal( |
const char* username, | const char* username, |
char challenge[EXECUTOR_BUFFER_SIZE], |
char challengeFilePath[EXECUTOR_BUFFER_SIZE]); |
SessionKey& sessionKey); |
|
| |
/** Authenticate the given *user* using the "local authentication" | /** Authenticate the given *user* using the "local authentication" |
algorithm. The secret token is read from the file created by | algorithm. The secret token is read from the file created by |
challengeLocal(). If it matches the *challengeResponse* argument, |
challengeLocal(). If it matches the *response* argument, |
then the authentication is successful (returns zero). | then the authentication is successful (returns zero). |
@param sessionKey a session key obtained from challengeLocal(). |
@param challengeFilePath The file path that was sent to the client |
@param challengeResponse the challenge response obtained from the |
to challenge for the secret token, generated by challengeLocal(). |
|
@param response The challenge response obtained from the |
authenticating user. This is the response to the challenge | authenticating user. This is the response to the challenge |
obtained from challengeLocal(). | obtained from challengeLocal(). |
@return 0=success, -1=failure | @return 0=success, -1=failure |
*/ | */ |
static int authenticateLocal( | static int authenticateLocal( |
const SessionKey& sessionKey, |
const char* challengeFilePath, |
const char* challengeResponse); |
const char* response); |
|
|
/** Generate a new sesion key for the given user. This method will be |
|
limited as soon as the SSL certificate authentication scheme is |
|
moved into the executor (it will cease to generate session keys |
|
upon the very first client connection). |
|
@param username user for whom to create a session key. |
|
@param sessionKey new session key that may be passed to |
|
startProviderAgent() and other methods. |
|
@return 0=success, -1=failure |
|
*/ |
|
static int newSessionKey( |
|
const char username[EXECUTOR_BUFFER_SIZE], |
|
SessionKey& sessionKey); |
|
| |
/** Delete an existing session key. |
/** Update the log level used by the Executor process. |
@param sessionKey the session key that will be deleted. |
@param logLevel the new log level to use in the Executor. |
@return 0=success, -1=failure | @return 0=success, -1=failure |
*/ | */ |
static int deleteSessionKey( |
static int updateLogLevel( |
const SessionKey& sessionKey); |
const char* logLevel); |
| |
private: | private: |
// Private to prevent instantiation. | // Private to prevent instantiation. |