pegasus/src/Pegasus/Common/Executor.h - annotate

Return to Executor.h CVS log

Up to [Pegasus] / pegasus / src / Pegasus / Common

1 kumpf 1.1.4.2 //%2006//////////////////////////////////////////////////////////////////////// 2 // 3 // Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development 4 // Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems. 5 // Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.; 6 // IBM Corp.; EMC Corporation, The Open Group. 7 // Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.; 8 // IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group. 9 // Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.; 10 // EMC Corporation; VERITAS Software Corporation; The Open Group. 11 // Copyright (c) 2006 Hewlett-Packard Development Company, L.P.; IBM Corp.; 12 // EMC Corporation; Symantec Corporation; The Open Group. 13 // 14 // Permission is hereby granted, free of charge, to any person obtaining a copy 15 // of this software and associated documentation files (the "Software"), to 16 // deal in the Software without restriction, including without limitation the 17 // rights to use, copy, modify, merge, publish, distribute, sublicense, and/or 18 // sell copies of the Software, and to permit persons to whom the Software is 19 // furnished to do so, subject to the following conditions: 20 // 21 // THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN 22 kumpf 1.1.4.2 // ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED 23 // "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT 24 // LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR 25 // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 26 // HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN 27 // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION 28 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 29 // 30 //============================================================================== 31 // 32 //%///////////////////////////////////////////////////////////////////////////// 33 34 #ifndef _Pegasus_Common_Executor_h 35 #define _Pegasus_Common_Executor_h 36 37 #include <Pegasus/Common/Config.h> 38 #include <Pegasus/Common/MessageLoader.h> 39 #include <Pegasus/Common/AnonymousPipe.h> 40 #include <Pegasus/Common/Linkage.h> 41 #include <Executor/Defines.h> 42 #include <cstdio> 43 kumpf 1.1.4.2 44 PEGASUS_NAMESPACE_BEGIN 45 46 /** The Executor class is used to perform various privileged operations. When 47 Pegasus is built with privilege separation, the methods of this class are 48 used to submit requests to a privileged process called and "executor". The 49 current process communicates with the executor over an anonymous local 50 domain socket. But, when Pegasus is built without privilege separation, 51 the methods are implemented in the same process (within Executor.cpp). 52 53 <br> 54 When configured for privilege separation, the Pegasus server runs as two 55 processes. 56 57 <ul> 58 <li>the executor (the cimserver program). 59 <li>the server (the cimservermain program). 60 </ul> 61 62 The "executor" is the parent process. When it starts the server it passes 63 the -x option with a socket number. The server checks for this option. It 64 kumpf 1.1.4.2 if finds it, is assumes it is running in privilege separation mode, in 65 which case is calls Executor::setSock() with this socket number. 66 67 <br> 68 The Executor::detectExecutor() method is used in various places to see if 69 the executor is present. For example. 70 71 <pre> 72 if (Executor::detectExecutor() == 0) 73 { 74 // Executor is present. 75 } 76 </pre> 77 78 The remaining methods provide an interface for submitting requests to the 79 executor over the given socket, if present. Otherwise, the methods are 80 handled directly by this class (see Executor.cpp). Here is a typical 81 exampe of its usage. 82 83 <pre> 84 if (Executor::removeFile(path) == 0) 85 kumpf 1.1.4.2 { 86 // File successfully removed. 87 } 88 </pre> 89 90 This example removes the given file. But be aware that the executor defines 91 a policy that identifies which files it may removed (or manipulated by the 92 other methods). In order to remove a file, the file must be added to the 93 executor policy (located in pegasus/src/Executor/Policy.c). 94 / 95 class PEGASUS_COMMON_LINKAGE Executor 96 { 97 public: 98 99 /* Sets the local socket used to communicate with the executor. 100 Warning: this method must be called before any other method or 101 not at all. 102 @sock the socket 103 / 104 static void setSock(int sock); 105 106 kumpf 1.1.4.2 /* Return zero if the executor is the parent of the current process. 107 If so, the methods below are handled by the executor. Otherwise, 108 they are handled by alternative in-process "loopback" methods. 109 @return 0=success, -1=failure 110 / 111 static int detectExecutor(); 112 113 /* Ping the executor to see if it is responsive. 114 @return 0=success, -1=failure 115 / 116 static int ping(); 117 118 /* Open the given file with the given mode. 119 @param path the path of the file. 120 @param mode 'r'=read, 'w'=write, and 'a'=append. 121 @return the file stream or NULL on failure. 122 / 123 static FILE openFile( 124 const char* path, 125 int mode); 126 127 kumpf 1.1.4.2 /** Rename the given file. 128 @param oldPath the path of the old file. 129 @param newPath the path of the new file. 130 @return 0=success, -1=failure 131 / 132 static int renameFile( 133 const char oldPath, 134 const char* newPath); 135 136 /** Remove the given file. 137 @path the path of the file that will be reoved. 138 @return 0=success, -1=failure 139 / 140 static int removeFile( 141 const char path); 142 143 /** Start a provider agent as the given user. The provider agent will 144 load the given provider module. 145 146 @param module name of provider module to be loaded. 147 @param uid the UID to run the provider agent as. 148 kumpf 1.1.4.2 @param gid the GID to run the provider agent as. 149 @param pid the PID of the new process (to be eventually passed to 150 reapProviderAgent()). 151 @param readPipe pipe used to read data from provider agent. 152 @param writePipe pipe used to write data from provider agent. 153 @return 0=success, -1=failure 154 / 155 static int startProviderAgent( 156 const char module, 157 int uid, 158 int gid, 159 int& pid, 160 AnonymousPipe& readPipe, 161 AnonymousPipe& writePipe); 162 163 /** Cause the executor to daemonize itself. 164 @return 0=success, -1=failure 165 / 166 static int daemonizeExecutor(); 167 168 /* Wait for the provider agent to exit. 169 kumpf 1.1.4.2 @param pid the process id obtained with startProviderAgent(). 170 @return 0=success, -1=failure 171 / 172 static int reapProviderAgent( 173 int pid); 174 175 /* Check whether the password is correct for the given user, using an 176 underyling authentication mechanism (either PAM or cimserver.passwd 177 file). 178 @param username the name of a valid system user. 179 @param password the clear text password for the given user. 180 @return 0=success, -1=failure 181 / 182 static int authenticatePassword( 183 const char username,
184 mike 1.1.4.3 const char* password);
185 kumpf 1.1.4.2 186 /** Check whether the given user is valid for the underlying authentcation 187 mechanism. 188 @param username the name of the user. 189 @return 0=success, -1=failure 190 / 191 static int validateUser( 192 const char username); 193 194 /** Begin authenticating the given user using the "local authentication" 195 algorithm. A file containing a secret token is created on the local 196 file system. The file is only reabable by the given user. The caller 197 should pass the path of this file to the client, who will attempt to 198 read the secret token from the file and return it to the server. This 199 token and the session key generated by this function should then be 200 passed to authenticateLocal(). 201 @param username name of user to be challenged. 202 @param challenged the challenge to be forwared by the caller to the 203 client (this is the path name of the secrets file mentioned above). 204 @return 0=success, -1=failure 205 / 206 kumpf 1.1.4.2 static int challengeLocal( 207 const char username,
208 mike 1.1.4.3 char challenge[EXECUTOR_BUFFER_SIZE]);
209 kumpf 1.1.4.2 210 /** Authenticate the given user using the "local authentication" 211 algorithm. The secret token is read from the file created by
212 mike 1.1.4.3 challengeLocal(). If it matches the response argument,
213 kumpf 1.1.4.2 then the authentication is successful (returns zero).
214 mike 1.1.4.3 @param response the challenge response obtained from the
215 kumpf 1.1.4.2 authenticating user. This is the response to the challenge 216 obtained from challengeLocal(). 217 @return 0=success, -1=failure 218 */ 219 static int authenticateLocal(
220 mike 1.1.4.3 const char* challenge, 221 const char* response);
222 kumpf 1.1.4.2 223 private: 224 // Private to prevent instantiation. 225 Executor(); 226 }; 227 228 PEGASUS_NAMESPACE_END 229 230 #endif /* _Pegasus_Common_Executor_h */

No CVS admin address has been configured