1 karl 1.177 //%2006////////////////////////////////////////////////////////////////////////
|
2 mike 1.42 //
|
3 karl 1.152 // Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development
4 // Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems.
5 // Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.;
|
6 karl 1.124 // IBM Corp.; EMC Corporation, The Open Group.
|
7 karl 1.152 // Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.;
8 // IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group.
|
9 karl 1.160 // Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.;
10 // EMC Corporation; VERITAS Software Corporation; The Open Group.
|
11 karl 1.177 // Copyright (c) 2006 Hewlett-Packard Development Company, L.P.; IBM Corp.;
12 // EMC Corporation; Symantec Corporation; The Open Group.
|
13 mike 1.42 //
14 // Permission is hereby granted, free of charge, to any person obtaining a copy
|
15 mike 1.50 // of this software and associated documentation files (the "Software"), to
16 // deal in the Software without restriction, including without limitation the
17 // rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
|
18 mike 1.42 // sell copies of the Software, and to permit persons to whom the Software is
19 // furnished to do so, subject to the following conditions:
|
20 karl 1.124 //
|
21 mike 1.50 // THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN
|
22 mike 1.42 // ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED
23 // "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
|
24 mike 1.50 // LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
25 // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
26 // HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
|
27 mike 1.42 // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
28 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
29 //
30 //==============================================================================
31 //
32 //%/////////////////////////////////////////////////////////////////////////////
33
|
34 mike 1.50 #include <Pegasus/Common/Config.h>
35
|
36 mike 1.42 #include <cstdio>
37 #include <cctype>
|
38 mike 1.50 #include <ctime>
|
39 kumpf 1.169
40 #if (defined(PEGASUS_OS_HPUX) || defined(PEGASUS_OS_LINUX)) \
41 && defined(PEGASUS_USE_RELEASE_DIRS)
42 # include <unistd.h>
|
43 kumpf 1.215 # include <errno.h>
|
44 kumpf 1.115 #endif
|
45 kumpf 1.169
|
46 ouyang.jian 1.214 #ifdef PEGASUS_OS_PASE
47 #include <as400_protos.h> // for systemCL()
48 #endif
49
|
50 kumpf 1.75 #include <Pegasus/Common/Constants.h>
|
51 mike 1.42 #include <Pegasus/Common/FileSystem.h>
|
52 mike 1.183 #include <Pegasus/Common/Signal.h>
|
53 mike 1.50 #include <Pegasus/Common/HTTPAcceptor.h>
|
54 kumpf 1.54 #include <Pegasus/Common/Tracer.h>
|
55 marek 1.194 #include <Pegasus/Common/Logger.h>
|
56 mday 1.58 #include <Pegasus/Common/Cimom.h>
|
57 kumpf 1.78 #include <Pegasus/Common/PegasusVersion.h>
|
58 nag.boranna 1.163 #include <Pegasus/Common/SSLContextManager.h>
|
59 kumpf 1.188 #include <Pegasus/Common/Time.h>
|
60 kumpf 1.195 #include <Pegasus/Common/MessageLoader.h>
|
61 kumpf 1.216 #include <Pegasus/Common/AuditLogger.h>
|
62 kumpf 1.78
|
63 mike 1.42 #include <Pegasus/Repository/CIMRepository.h>
|
64 mike 1.50 #include <Pegasus/ExportServer/CIMExportRequestDispatcher.h>
65 #include <Pegasus/ExportServer/CIMExportResponseEncoder.h>
66 #include <Pegasus/ExportServer/CIMExportRequestDecoder.h>
|
67 kumpf 1.54 #include <Pegasus/Config/ConfigManager.h>
|
68 mike 1.50 #include <Pegasus/Security/UserManager/UserManager.h>
|
69 kumpf 1.62 #include <Pegasus/HandlerService/IndicationHandlerService.h>
70 #include <Pegasus/IndicationService/IndicationService.h>
|
71 kumpf 1.184 #include <Pegasus/ProviderManagerService/ProviderManagerService.h>
|
72 mike 1.179 #include <Pegasus/ProviderManager2/Default/DefaultProviderManager.h>
|
73 chip 1.114
|
74 r.kieninger 1.209 #if defined PEGASUS_PLATFORM_ZOS_ZSERIES_IBM
75 # include "ConsoleManager_zOS.h"
76 #endif
77
|
78 tony 1.134 #ifdef PEGASUS_ENABLE_SLP
|
79 kumpf 1.195 # include <Pegasus/Client/CIMClient.h>
|
80 tony 1.134 #endif
81
|
82 mike 1.47 #include "CIMServer.h"
|
83 mike 1.50 #include "CIMOperationRequestDispatcher.h"
84 #include "CIMOperationResponseEncoder.h"
85 #include "CIMOperationRequestDecoder.h"
|
86 kumpf 1.54 #include "CIMOperationRequestAuthorizer.h"
|
87 mike 1.50 #include "HTTPAuthenticatorDelegator.h"
|
88 kumpf 1.79 #include "ShutdownProvider.h"
|
89 kumpf 1.101 #include "ShutdownService.h"
|
90 mday 1.103 #include "BinaryMessageHandler.h"
|
91 kumpf 1.69 #include <Pegasus/Common/ModuleController.h>
|
92 kumpf 1.71 #include <Pegasus/ControlProviders/UserAuthProvider/UserAuthProvider.h>
|
93 kumpf 1.215 #include <Pegasus/ControlProviders/ConfigSettingProvider/\
94 ConfigSettingProvider.h>
95 #include <Pegasus/ControlProviders/ProviderRegistrationProvider/\
96 ProviderRegistrationProvider.h>
|
97 karl 1.80 #include <Pegasus/ControlProviders/NamespaceProvider/NamespaceProvider.h>
|
98 humberto 1.110
|
99 karl 1.158 #ifndef PEGASUS_DISABLE_PERFINST
|
100 kumpf 1.195 # include <Pegasus/ControlProviders/Statistic/CIMOMStatDataProvider.h>
|
101 w.white 1.142 #endif
102
|
103 h.sterling 1.154 #ifdef PEGASUS_HAS_SSL
|
104 kumpf 1.195 # include <Pegasus/ControlProviders/CertificateProvider/CertificateProvider.h>
|
105 h.sterling 1.154 #endif
|
106 w.white 1.142
|
107 karl 1.226 #ifdef PEGASUS_ENABLE_CQL
|
108 kumpf 1.215 # include <Pegasus/ControlProviders/QueryCapabilitiesProvider/\
109 CIMQueryCapabilitiesProvider.h>
|
110 a.arora 1.156 #endif
111
|
112 karl 1.210 #if defined PEGASUS_ENABLE_INTEROP_PROVIDER
|
113 kumpf 1.195 # include <Pegasus/ControlProviders/InteropProvider/InteropProvider.h>
|
114 tony 1.134 #endif
115
|
116 kumpf 1.228 #ifdef PEGASUS_ENABLE_PROTOCOL_WSMAN
117 # include <Pegasus/WsmServer/WsmProcessor.h>
118 #endif
119
|
120 mike 1.42 PEGASUS_NAMESPACE_BEGIN
|
121 dave.sudlik 1.197 #ifdef PEGASUS_SLP_REG_TIMEOUT
122 ThreadReturnType PEGASUS_THREAD_CDECL registerPegasusWithSLP(void *parm);
123 // Configurable SLP port to be handeled in a separate bug.
124 # define SLP_DEFAULT_PORT 427
125 # define LOCALHOST_IP "127.0.0.1"
126 #endif
|
127 mike 1.42
|
128 kumpf 1.195 static CIMServer* _cimserver = NULL;
|
129 a.arora 1.143
|
130 kumpf 1.100 // Need a static method to act as a callback for the control provider.
131 // This doesn't belong here, but I don't have a better place to put it.
|
132 kumpf 1.195 static Message* controlProviderReceiveMessageCallback(
133 Message* message,
134 void* instance)
|
135 kumpf 1.69 {
|
136 kumpf 1.185 CIMRequestMessage* request = dynamic_cast<CIMRequestMessage*>(message);
137 PEGASUS_ASSERT(request != 0);
138
|
139 kumpf 1.220 Thread::setLanguages(
|
140 kumpf 1.185 ((AcceptLanguageListContainer) request->operationContext.get(
141 AcceptLanguageListContainer::NAME)).getLanguages());
142
143 ProviderMessageHandler* pmh =
144 reinterpret_cast<ProviderMessageHandler*>(instance);
145 return pmh->processMessage(request);
|
146 kumpf 1.73 }
|
147 kumpf 1.71
|
148 kumpf 1.137 //
149 // Signal handler for shutdown signals, currently SIGHUP and SIGTERM
150 //
|
151 kumpf 1.108 Boolean handleShutdownSignal = false;
|
152 kumpf 1.195 void shutdownSignalHandler(int s_n, PEGASUS_SIGINFO_T* s_info, void* sig)
|
153 kumpf 1.101 {
|
154 kumpf 1.108 PEG_METHOD_ENTER(TRC_SERVER, "shutdownSignalHandler");
|
155 mike 1.230.4.1 PEG_TRACE((TRC_SERVER, Tracer::LEVEL3, "Signal %d received.", s_n));
|
156 kumpf 1.101
|
157 a.arora 1.143 CIMServer::shutdownSignal();
|
158 kumpf 1.101
159 PEG_METHOD_EXIT();
160 }
161
|
162 s.hills 1.123 void CIMServer::shutdownSignal()
163 {
164 PEG_METHOD_ENTER(TRC_SERVER, "CIMServer::shutdownSignal()");
165 handleShutdownSignal = true;
|
166 a.arora 1.143 _cimserver->tickle_monitor();
|
167 s.hills 1.123 PEG_METHOD_EXIT();
168 }
169
|
170 ouyang.jian 1.212 #ifdef PEGASUS_OS_PASE
171 static void _synchronousSignalHandler(int s_n, PEGASUS_SIGINFO_T* s_info,
172 void* sig)
173 {
174 static bool mark = false;
175 if (mark)
176 return;
177
178 mark = true;
179
180 Logger::put_l(Logger::ERROR_LOG, "CIMServer", Logger::SEVERE,
181 "Pegasus.Server.CIMServer.RECEIVE_SYN_SIGNAL.PEGASUS_OS_PASE", \
182 "Synchronous signal received.");
183
184 /* save job log */
185 systemCL ("QSYS/CHGJOB JOB(*) LOG(4 00 *NOLIST)",
186 SYSTEMCL_MSG_STDOUT | SYSTEMCL_MSG_STDERR);
187
188 CIMServer::shutdownSignal();
189 }
190
191 ouyang.jian 1.212 static void _asynchronousSignalHandler(int s_n, PEGASUS_SIGINFO_T* s_info,
192 void* sig)
193 {
194 static bool mark = false;
195 if (mark)
196 return;
197
198 mark = true;
199
200 Logger::put_l(Logger::ERROR_LOG, "CIMServer", Logger::SEVERE,
201 "Pegasus.Server.CIMServer.RECEIVE_ASYN_SIGNAL.PEGASUS_OS_PASE", \
202 "Asynchronous signal received.");
203
204 CIMServer::shutdownSignal();
205 }
206 #endif
207
|
208 s.hills 1.123
|
209 kumpf 1.206 CIMServer::CIMServer()
210 : _dieNow(false)
|
211 mike 1.43 {
|
212 kumpf 1.75 PEG_METHOD_ENTER(TRC_SERVER, "CIMServer::CIMServer()");
|
213 yi.zhou 1.192 _cimserver = this;
|
214 mday 1.111 _init();
|
215 yi.zhou 1.192
|
216 dave.sudlik 1.218 // Get value of idle connection timeout in seconds.
217 String idleConnectionConfigTimeout =
218 ConfigManager::getInstance()->getCurrentValue("idleConnectionTimeout");
219
220 _idleConnectionTimeoutSeconds =
221 strtol(idleConnectionConfigTimeout.getCString(), (char**)0, 10);
222
|
223 mday 1.111 PEG_METHOD_EXIT();
224 }
225
|
226 kumpf 1.195 void CIMServer::tickle_monitor()
227 {
|
228 a.arora 1.143 _monitor->tickle();
229 }
|
230 mike 1.179
|
231 kumpf 1.195 void CIMServer::_init()
|
232 mday 1.111 {
|
233 kumpf 1.206 _monitor.reset(new Monitor());
234
|
235 kumpf 1.167 #if (defined(PEGASUS_OS_HPUX) || defined(PEGASUS_OS_LINUX)) \
236 && defined(PEGASUS_USE_RELEASE_DIRS)
|
237 kumpf 1.215 if (chdir(PEGASUS_CORE_DIR) != 0)
238 {
239 PEG_TRACE((TRC_SERVER, Tracer::LEVEL2,
240 "chdir(\"%s\") failed with errno %d.", PEGASUS_CORE_DIR, errno));
241 }
|
242 kumpf 1.115 #endif
|
243 kumpf 1.60
|
244 mike 1.43 // -- Create a repository:
245
|
246 kumpf 1.193 String repositoryRootPath =
247 ConfigManager::getHomedPath(
248 ConfigManager::getInstance()->getCurrentValue("repositoryDir"));
249
|
250 kumpf 1.81 #ifdef DO_NOT_CREATE_REPOSITORY_ON_STARTUP
251 // If this code is enable, the CIMServer will fail to start
|
252 kumpf 1.206 // if the repository directory does not exist. If called,
|
253 kumpf 1.81 // the Repository will create an empty repository.
254
|
255 chip 1.112 // This check has been disabled to allow cimmof to call
|
256 kumpf 1.81 // the CIMServer to build the initial repository.
|
257 kumpf 1.60 if (!FileSystem::isDirectory(repositoryRootPath))
|
258 kumpf 1.54 {
|
259 kumpf 1.75 PEG_METHOD_EXIT();
|
260 kumpf 1.195 throw NoSuchDirectory(repositoryRootPath);
|
261 kumpf 1.54 }
|
262 kumpf 1.81 #endif
|
263 mike 1.43
|
264 kumpf 1.193 _repository = new CIMRepository(repositoryRootPath);
|
265 mike 1.50
|
266 kumpf 1.76 // -- Create a UserManager object:
267
268 UserManager* userManager = UserManager::getInstance(_repository);
269
|
270 mike 1.50 // -- Create a CIMServerState object:
271
|
272 a.arora 1.133 _serverState.reset(new CIMServerState());
|
273 mike 1.50
|
274 kumpf 1.67 _providerRegistrationManager = new ProviderRegistrationManager(_repository);
275
|
276 mike 1.50 // -- Create queue inter-connections:
|
277 schuur 1.127
|
278 mike 1.179 _providerManager = new ProviderManagerService(
|
279 kumpf 1.195 _providerRegistrationManager,
280 _repository,
281 DefaultProviderManager::createDefaultProviderManagerCallback);
|
282 mike 1.179
283 // Create IndicationHandlerService:
|
284 kumpf 1.159
|
285 kumpf 1.67 _handlerService = new IndicationHandlerService(_repository);
|
286 kumpf 1.69
|
287 sushma.fernandes 1.208 _cimOperationRequestDispatcher = new CIMOperationRequestDispatcher(
288 _repository, _providerRegistrationManager);
289 _binaryMessageHandler =
290 new BinaryMessageHandler(_cimOperationRequestDispatcher);
291
|
292 kumpf 1.71 // Create the control service
|
293 kumpf 1.99 _controlService = new ModuleController(PEGASUS_QUEUENAME_CONTROLSERVICE);
|
294 kumpf 1.71
|
295 kumpf 1.195 // Jump this number up when there are more control providers.
296 _controlProviders.reserveCapacity(16);
|
297 kumpf 1.185
|
298 kumpf 1.71 // Create the Configuration control provider
|
299 kumpf 1.185 ProviderMessageHandler* configProvider = new ProviderMessageHandler(
|
300 dmitry.mikulin 1.211 "CIMServerControlProvider", "ConfigSettingProvider",
301 new ConfigSettingProvider(), 0, 0, false);
|
302 konrad.r 1.171
|
303 kumpf 1.185 _controlProviders.append(configProvider);
|
304 kumpf 1.195 ModuleController::register_module(
305 PEGASUS_QUEUENAME_CONTROLSERVICE,
306 PEGASUS_MODULENAME_CONFIGPROVIDER,
307 configProvider,
308 controlProviderReceiveMessageCallback,
309 0);
|
310 kumpf 1.71
311 // Create the User/Authorization control provider
|
312 kumpf 1.185 ProviderMessageHandler* userAuthProvider = new ProviderMessageHandler(
|
313 dmitry.mikulin 1.211 "CIMServerControlProvider", "UserAuthProvider",
314 new UserAuthProvider(_repository), 0, 0, false);
|
315 kumpf 1.185 _controlProviders.append(userAuthProvider);
|
316 kumpf 1.195 ModuleController::register_module(
317 PEGASUS_QUEUENAME_CONTROLSERVICE,
318 PEGASUS_MODULENAME_USERAUTHPROVIDER,
319 userAuthProvider,
320 controlProviderReceiveMessageCallback,
321 0);
|
322 mike 1.50
|
323 kumpf 1.74 // Create the Provider Registration control provider
|
324 kumpf 1.185 ProviderMessageHandler* provRegProvider = new ProviderMessageHandler(
|
325 dmitry.mikulin 1.211 "CIMServerControlProvider", "ProviderRegistrationProvider",
|
326 kumpf 1.185 new ProviderRegistrationProvider(_providerRegistrationManager),
327 0, 0, false);
328 // Warning: The ProviderRegistrationProvider destructor deletes
329 // _providerRegistrationManager
330 _controlProviders.append(provRegProvider);
|
331 kumpf 1.195 ModuleController::register_module(
332 PEGASUS_QUEUENAME_CONTROLSERVICE,
333 PEGASUS_MODULENAME_PROVREGPROVIDER,
334 provRegProvider,
335 controlProviderReceiveMessageCallback,
336 0);
|
337 kumpf 1.79
|
338 kumpf 1.185 // Create the Shutdown control provider
339 ProviderMessageHandler* shutdownProvider = new ProviderMessageHandler(
|
340 dmitry.mikulin 1.211 "CIMServerControlProvider", "ShutdownProvider",
341 new ShutdownProvider(this), 0, 0, false);
|
342 kumpf 1.185 _controlProviders.append(shutdownProvider);
|
343 kumpf 1.195 ModuleController::register_module(
344 PEGASUS_QUEUENAME_CONTROLSERVICE,
345 PEGASUS_MODULENAME_SHUTDOWNPROVIDER,
346 shutdownProvider,
347 controlProviderReceiveMessageCallback,
348 0);
|
349 karl 1.80
|
350 kumpf 1.185 // Create the namespace control provider
351 ProviderMessageHandler* namespaceProvider = new ProviderMessageHandler(
|
352 dmitry.mikulin 1.211 "CIMServerControlProvider", "NamespaceProvider",
353 new NamespaceProvider(_repository), 0, 0, false);
|
354 kumpf 1.185 _controlProviders.append(namespaceProvider);
|
355 kumpf 1.195 ModuleController::register_module(
356 PEGASUS_QUEUENAME_CONTROLSERVICE,
357 PEGASUS_MODULENAME_NAMESPACEPROVIDER,
358 namespaceProvider,
359 controlProviderReceiveMessageCallback,
360 0);
361
362 //
363 // Create a SSLContextManager object
364 //
365 _sslContextMgr = new SSLContextManager();
|
366 nag.boranna 1.161
|
367 h.sterling 1.154 #ifdef PEGASUS_HAS_SSL
|
368 kumpf 1.195 // Because this provider allows management of the cimserver truststore
369 // it needs to be available regardless of the value
370 // of sslClientVerificationMode config property.
|
371 kumpf 1.185 ProviderMessageHandler* certificateProvider = new ProviderMessageHandler(
|
372 dmitry.mikulin 1.211 "CIMServerControlProvider", "CertificateProvider",
|
373 kumpf 1.185 new CertificateProvider(_repository, _sslContextMgr),
374 0, 0, false);
375 _controlProviders.append(certificateProvider);
|
376 kumpf 1.195 ModuleController::register_module(
377 PEGASUS_QUEUENAME_CONTROLSERVICE,
378 PEGASUS_MODULENAME_CERTIFICATEPROVIDER,
379 certificateProvider,
380 controlProviderReceiveMessageCallback,
381 0);
|
382 h.sterling 1.154 #endif
|
383 h.sterling 1.153
|
384 karl 1.158 #ifndef PEGASUS_DISABLE_PERFINST
|
385 kumpf 1.185 // Create the Statistical Data control provider
386 ProviderMessageHandler* cimomstatdataProvider = new ProviderMessageHandler(
|
387 dmitry.mikulin 1.211 "CIMServerControlProvider", "CIMOMStatDataProvider",
388 new CIMOMStatDataProvider(), 0, 0, false);
|
389 kumpf 1.185 _controlProviders.append(cimomstatdataProvider);
|
390 kumpf 1.195 ModuleController::register_module(
391 PEGASUS_QUEUENAME_CONTROLSERVICE,
392 PEGASUS_MODULENAME_CIMOMSTATDATAPROVIDER,
393 cimomstatdataProvider,
394 controlProviderReceiveMessageCallback,
395 0);
|
396 w.white 1.142 #endif
397
|
398 karl 1.226 #ifdef PEGASUS_ENABLE_CQL
|
399 a.arora 1.156
|
400 kumpf 1.185 // Create the Query Capabilities control provider
401 ProviderMessageHandler* cimquerycapprovider = new ProviderMessageHandler(
|
402 dmitry.mikulin 1.211 "CIMServerControlProvider", "CIMQueryCapabilitiesProvider",
|
403 kumpf 1.185 new CIMQueryCapabilitiesProvider(),
404 0, 0, false);
405 _controlProviders.append(cimquerycapprovider);
|
406 kumpf 1.195 ModuleController::register_module(
407 PEGASUS_QUEUENAME_CONTROLSERVICE,
408 PEGASUS_MODULENAME_CIMQUERYCAPPROVIDER,
409 cimquerycapprovider,
410 controlProviderReceiveMessageCallback,
411 0);
|
412 a.arora 1.156 #endif
413
|
414 karl 1.210 #if defined PEGASUS_ENABLE_INTEROP_PROVIDER
|
415 w.white 1.149
|
416 kumpf 1.185 // Create the interop control provider
417 ProviderMessageHandler* interopProvider = new ProviderMessageHandler(
|
418 dmitry.mikulin 1.211 "CIMServerControlProvider", "InteropProvider",
419 new InteropProvider(_repository), 0, 0, false);
|
420 kumpf 1.185 _controlProviders.append(interopProvider);
|
421 kumpf 1.195 ModuleController::register_module(
422 PEGASUS_QUEUENAME_CONTROLSERVICE,
423 PEGASUS_MODULENAME_INTEROPPROVIDER,
424 interopProvider,
425 controlProviderReceiveMessageCallback,
426 0);
|
427 tony 1.134 #endif
|
428 kumpf 1.74
|
429 kumpf 1.195 _cimOperationResponseEncoder = new CIMOperationResponseEncoder;
|
430 mike 1.50
|
431 kumpf 1.54 //
432 // get the configured authentication and authorization flags
433 //
434 ConfigManager* configManager = ConfigManager::getInstance();
435
|
436 kumpf 1.182 Boolean enableAuthentication = ConfigManager::parseBooleanValue(
437 configManager->getCurrentValue("enableAuthentication"));
|
438 kumpf 1.54
|
439 kumpf 1.228 MessageQueueService* cimOperationProcessorQueue = 0;
440
|
441 kumpf 1.54 //
|
442 kumpf 1.104 // Create Authorization queue only if authentication is enabled
|
443 kumpf 1.54 //
|
444 kumpf 1.104 if ( enableAuthentication )
|
445 kumpf 1.54 {
446 _cimOperationRequestAuthorizer = new CIMOperationRequestAuthorizer(
447 _cimOperationRequestDispatcher);
|
448 kumpf 1.228 cimOperationProcessorQueue = _cimOperationRequestAuthorizer;
|
449 kumpf 1.54 }
450 else
451 {
|
452 kumpf 1.99 _cimOperationRequestAuthorizer = 0;
|
453 kumpf 1.228 cimOperationProcessorQueue = _cimOperationRequestDispatcher;
454 }
|
455 kumpf 1.99
|
456 kumpf 1.228 _cimOperationRequestDecoder = new CIMOperationRequestDecoder(
457 cimOperationProcessorQueue,
458 _cimOperationResponseEncoder->getQueueId());
|
459 mike 1.43
|
460 kumpf 1.195 _cimExportRequestDispatcher = new CIMExportRequestDispatcher();
|
461 mike 1.43
|
462 kumpf 1.195 _cimExportResponseEncoder = new CIMExportResponseEncoder;
|
463 mike 1.43
|
464 mike 1.50 _cimExportRequestDecoder = new CIMExportRequestDecoder(
|
465 kumpf 1.195 _cimExportRequestDispatcher,
466 _cimExportResponseEncoder->getQueueId());
|
467 mike 1.43
|
468 kumpf 1.99 _httpAuthenticatorDelegator = new HTTPAuthenticatorDelegator(
|
469 mike 1.50 _cimOperationRequestDecoder->getQueueId(),
|
470 h.sterling 1.153 _cimExportRequestDecoder->getQueueId(),
|
471 nag.boranna 1.161 _repository);
|
472 mike 1.43
|
473 kumpf 1.228 #ifdef PEGASUS_ENABLE_PROTOCOL_WSMAN
474 _wsmProcessor = new WsmProcessor(
475 cimOperationProcessorQueue,
476 _repository);
477 _httpAuthenticatorDelegator->setWsmQueueId(
478 _wsmProcessor->getWsmRequestDecoderQueueId());
479 #endif
480
|
481 kumpf 1.82 // IMPORTANT-NU-20020513: Indication service must start after ExportService
482 // otherwise HandlerService started by indicationService will never
483 // get ExportQueue to export indications for existing subscriptions
484
|
485 kumpf 1.90 _indicationService = 0;
|
486 kumpf 1.182 if (ConfigManager::parseBooleanValue(
487 configManager->getCurrentValue("enableIndicationService")))
|
488 kumpf 1.90 {
|
489 kumpf 1.195 _indicationService = new IndicationService(
490 _repository, _providerRegistrationManager);
|
491 kumpf 1.90 }
|
492 mike 1.50
|
493 kumpf 1.108 // Enable the signal handler to shutdown gracefully on SIGHUP and SIGTERM
494 getSigHandle()->registerHandler(PEGASUS_SIGHUP, shutdownSignalHandler);
|
495 kumpf 1.107 getSigHandle()->activate(PEGASUS_SIGHUP);
|
496 kumpf 1.108 getSigHandle()->registerHandler(PEGASUS_SIGTERM, shutdownSignalHandler);
497 getSigHandle()->activate(PEGASUS_SIGTERM);
|
498 ouyang.jian 1.212 #ifdef PEGASUS_OS_PASE
499 getSigHandle()->registerHandler(SIGFPE, _synchronousSignalHandler);
500 getSigHandle()->activate(SIGFPE);
501 getSigHandle()->registerHandler(SIGILL, _synchronousSignalHandler);
502 getSigHandle()->activate(SIGILL);
503 getSigHandle()->registerHandler(SIGSEGV, _synchronousSignalHandler);
504 getSigHandle()->activate(SIGSEGV);
505 getSigHandle()->registerHandler(SIGIO, _asynchronousSignalHandler);
506 getSigHandle()->activate(SIGIO);
507 #endif
|
508 marek 1.223 #ifdef PEGASUS_OS_ZOS
509 // Establish handling signal send to us on USS shutdown
510 getSigHandle()->registerHandler(PEGASUS_SIGDANGER, shutdownSignalHandler);
511 getSigHandle()->activate(PEGASUS_SIGDANGER);
512 // enable process to receive SIGDANGER on USS shutdown
513 __shutdown_registration(_SDR_NOTIFY, _SDR_REGPROCESS, _SDR_SENDSIGDANGER);
514 #endif
|
515 marek 1.194
516 //
|
517 r.kieninger 1.209 // Set up an additional thread waiting for commands from the
518 // system console
|
519 marek 1.194 //
520 #if defined PEGASUS_PLATFORM_ZOS_ZSERIES_IBM
|
521 r.kieninger 1.209 ZOSConsoleManager::startConsoleWatchThread();
|
522 marek 1.194 #endif
523
|
524 kumpf 1.216 #ifdef PEGASUS_ENABLE_AUDIT_LOGGER
|
525 yi.zhou 1.192
526 // Register audit logger initialize callback
527 AuditLogger::setInitializeCallback(auditLogInitializeCallback);
528
529 Boolean enableAuditLog = ConfigManager::parseBooleanValue(
530 configManager->getCurrentValue("enableAuditLog"));
531
532 if (enableAuditLog)
533 {
534 AuditLogger::setEnabled(enableAuditLog);
535 }
536
537 #endif
|
538 mike 1.43 }
539
|
540 mday 1.111
|
541 konrad.r 1.171 CIMServer::~CIMServer ()
542 {
|
543 kumpf 1.175 PEG_METHOD_ENTER (TRC_SERVER, "CIMServer::~CIMServer()");
|
544 mday 1.111
|
545 kumpf 1.175 // Wait until the Shutdown provider request has cleared through the
|
546 kumpf 1.195 // system.
|
547 kumpf 1.175 ShutdownService::getInstance(this)->waitUntilNoMoreRequests(false);
|
548 mday 1.111
|
549 kumpf 1.175 // Ok, shutdown all the MQSs. This shuts their communication channel.
550 ShutdownService::getInstance(this)->shutdownCimomServices();
|
551 kumpf 1.54
|
552 kumpf 1.175 // Start deleting the objects.
553 // The order is very important.
554
555 // The HTTPAcceptor depends on HTTPAuthenticationDelegator
556 for (Uint32 i = 0, n = _acceptors.size (); i < n; i++)
|
557 konrad.r 1.171 {
|
558 kumpf 1.195 HTTPAcceptor* p = _acceptors[i];
|
559 kumpf 1.175 delete p;
|
560 konrad.r 1.171 }
|
561 kumpf 1.99
|
562 kumpf 1.175 // IndicationService depends on ProviderManagerService,
563 // IndicationHandlerService, and ProviderRegistrationManager, and thus
564 // should be deleted before the ProviderManagerService,
565 // IndicationHandlerService, and ProviderRegistrationManager are deleted.
566 delete _indicationService;
567
568 // HTTPAuthenticationDelegator depends on CIMRepository,
569 // CIMOperationRequestDecoder and CIMExportRequestDecoder
570 delete _httpAuthenticatorDelegator;
571
572 delete _cimExportRequestDecoder;
573
574 delete _cimExportResponseEncoder;
575
576 delete _cimExportRequestDispatcher;
577
578 // CIMOperationRequestDecoder depends on CIMOperationRequestAuthorizer
579 // and CIMOperationResponseEncoder
580 delete _cimOperationRequestDecoder;
|
581 kumpf 1.228 delete _cimOperationResponseEncoder;
|
582 kumpf 1.175
|
583 kumpf 1.228 #ifdef PEGASUS_ENABLE_PROTOCOL_WSMAN
584 // WsmProcessor depends on CIMOperationRequestAuthorizer/Dispatcher and
585 // CIMRepository
586 delete _wsmProcessor;
587 #endif
|
588 kumpf 1.175
589 // BinaryMessageHandler depends on CIMOperationRequestDispatcher
590 delete _binaryMessageHandler;
591
592 // CIMOperationRequestAuthorizer depends on
593 // CIMOperationRequestDispatcher
594 delete _cimOperationRequestAuthorizer;
595
596 // IndicationHandlerService uses CIMOperationRequestDispatcher
597 delete _handlerService;
598
|
599 kumpf 1.195 // CIMOperationRequestDispatcher depends on
|
600 kumpf 1.175 // CIMRepository and ProviderRegistrationManager.
601 // CIMOperationRequestDispatcher keeps an internal list of control
602 // providers. Must delete this before ModuleController.
603 delete _cimOperationRequestDispatcher;
604
605 // ModuleController takes care of deleting all wrappers around
606 // the control providers.
607 delete _controlService;
608
609 // Find all of the control providers (module)
610 // Must delete CIMOperationRequestDispatcher _before_ deleting each
611 // of the control provider. The CIMOperationRequestDispatcher keeps
612 // its own table of the internal providers (pointers).
613 for (Uint32 i = 0, n = _controlProviders.size(); i < n; i++)
|
614 konrad.r 1.171 {
|
615 kumpf 1.195 ProviderMessageHandler* p = _controlProviders[i];
|
616 kumpf 1.196 delete p->getProvider();
|
617 kumpf 1.175 delete p;
|
618 konrad.r 1.171 }
619
|
620 kumpf 1.195 // The SSL control providers use the SSL context manager.
|
621 kumpf 1.175 delete _sslContextMgr;
622
623 // ProviderManagerService depends on ProviderRegistrationManager.
624 // Note that deleting the ProviderManagerService causes the
625 // DefaultProviderManager (if loaded) to get unloaded. Dynamically
626 // unloading the DefaultProviderManager library affects (on HP-UX, at
627 // least) the statically loaded version of this library used by the
|
628 kumpf 1.185 // ProviderMessageHandler wrapper for the control providers. Deleting
|
629 kumpf 1.175 // the ProviderManagerService after the control providers is a
630 // workaround for this problem.
631 delete _providerManager;
632
633 delete _providerRegistrationManager;
|
634 konrad.r 1.171
|
635 kumpf 1.175 // Almost everybody uses the CIMRepository.
636 delete _repository;
|
637 kumpf 1.99
|
638 kumpf 1.175 // Destroy the singleton services
639 UserManager::destroy();
640 ShutdownService::destroy();
|
641 konrad.r 1.172
|
642 kumpf 1.175 PEG_METHOD_EXIT ();
|
643 mike 1.43 }
644
|
645 kumpf 1.101 void CIMServer::addAcceptor(
|
646 dave.sudlik 1.207 Uint16 connectionType,
|
647 kumpf 1.101 Uint32 portNumber,
|
648 sushma.fernandes 1.189 Boolean useSSL)
|
649 kumpf 1.101 {
650 HTTPAcceptor* acceptor;
|
651 sushma.fernandes 1.189
652 acceptor = new HTTPAcceptor(
|
653 kumpf 1.206 _monitor.get(),
|
654 kumpf 1.195 _httpAuthenticatorDelegator,
|
655 dave.sudlik 1.207 connectionType,
|
656 kumpf 1.195 portNumber,
657 useSSL ? _getSSLContext() : 0,
658 useSSL ? _sslContextMgr->getSSLContextObjectLock() : 0 );
|
659 marek 1.180
660 ConfigManager* configManager = ConfigManager::getInstance();
|
661 kumpf 1.195 String socketWriteConfigTimeout =
|
662 marek 1.180 configManager->getCurrentValue("socketWriteTimeout");
663 // Set timeout value for server socket timeouts
664 // depending on config option
|
665 kumpf 1.195 Uint32 socketWriteTimeout =
666 strtol(socketWriteConfigTimeout.getCString(), (char**)0, 10);
|
667 marek 1.180 // equal what went wrong, there has to be a timeout
|
668 marek 1.198 if (socketWriteTimeout == 0)
669 socketWriteTimeout = PEGASUS_DEFAULT_SOCKETWRITE_TIMEOUT_SECONDS;
|
670 marek 1.180 acceptor->setSocketWriteTimeout(socketWriteTimeout);
671
|
672 dave.sudlik 1.218 // Set idle connection timeout in seconds.
673 acceptor->setIdleConnectionTimeout(_idleConnectionTimeoutSeconds);
674
|
675 kumpf 1.101 _acceptors.append(acceptor);
676 }
677
678 void CIMServer::bind()
|
679 mike 1.43 {
|
680 kumpf 1.75 PEG_METHOD_ENTER(TRC_SERVER, "CIMServer::bind()");
|
681 kumpf 1.54
|
682 kumpf 1.157 if (_acceptors.size() == 0)
683 {
684 MessageLoaderParms mlp = MessageLoaderParms(
685 "Server.CIMServer.BIND_FAILED",
686 "No CIM Server connections are enabled.");
|
687 chip 1.112
|
688 kumpf 1.157 throw BindFailedException(mlp);
689 }
|
690 chip 1.112
|
691 kumpf 1.157 for (Uint32 i=0; i<_acceptors.size(); i++)
692 {
693 _acceptors[i]->bind();
|
694 kumpf 1.101 }
|
695 chip 1.112
|
696 kumpf 1.75 PEG_METHOD_EXIT();
|
697 mike 1.43 }
698
699 void CIMServer::runForever()
700 {
|
701 mday 1.111 // Note: Trace code in this method will be invoked frequently.
|
702 kumpf 1.101
|
703 kumpf 1.195 if (!_dieNow)
|
704 kumpf 1.157 {
|
705 kumpf 1.195 _monitor->run(500000);
706 static struct timeval lastIdleCleanupTime = {0, 0};
|
707 venkat.puvvada 1.227 struct timeval now;
|
708 kumpf 1.195 Time::gettimeofday(&now);
|
709 kumpf 1.186
|
710 kumpf 1.195 if (now.tv_sec - lastIdleCleanupTime.tv_sec > 300)
711 {
712 lastIdleCleanupTime.tv_sec = now.tv_sec;
|
713 kumpf 1.186
|
714 kumpf 1.195 try
715 {
716 _providerManager->unloadIdleProviders();
717 MessageQueueService::get_thread_pool()->cleanupIdleThreads();
718 }
719 catch (...)
720 {
721 }
722 }
|
723 nag.boranna 1.161
|
724 kumpf 1.195 if (handleShutdownSignal)
725 {
|
726 marek 1.199 PEG_TRACE_CSTRING(TRC_SERVER, Tracer::LEVEL3,
|
727 kumpf 1.195 "CIMServer::runForever - signal received. Shutting down.");
728 ShutdownService::getInstance(this)->shutdown(true, 10, false);
729 // Set to false must be after call to shutdown. See
730 // stopClientConnection.
731 handleShutdownSignal = false;
732 }
|
733 kumpf 1.157 }
|
734 mike 1.50 }
|
735 mday 1.118
|
736 mike 1.50 void CIMServer::stopClientConnection()
737 {
|
738 kumpf 1.75 PEG_METHOD_ENTER(TRC_SERVER, "CIMServer::stopClientConnection()");
|
739 kumpf 1.54
|
740 kumpf 1.157 // tell Monitor to stop listening for client connections
741 if (handleShutdownSignal)
742 // If shutting down, this is in the same thread as runForever.
743 // No need to wait for the thread to see the stop flag.
744 _monitor->stopListeningForConnections(false);
745 else
746 // If not shutting down, this is not in the same thread as runForever.
747 // Need to wait for the thread to see the stop flag.
748 _monitor->stopListeningForConnections(true);
749
750 //
|
751 kumpf 1.195 // Wait 150 milliseconds to allow time for the Monitor to stop
752 // listening for client connections.
|
753 kumpf 1.157 //
754 // This wait time is the timeout value for the select() call
|
755 kumpf 1.195 // in the Monitor's run() method (currently set to 100
|
756 kumpf 1.157 // milliseconds) plus a delta of 50 milliseconds. The reason
757 // for the wait here is to make sure that the Monitor entries
758 // are updated before closing the connection sockets.
759 //
|
760 marek 1.199 // PEG_TRACE_CSTRING(TRC_SERVER, Tracer::LEVEL4, "Wait 150 milliseconds.");
|
761 mike 1.183 // Threads::sleep(150); not needed anymore due to the semaphore
|
762 kumpf 1.157 // in the monitor
763
764 for (Uint32 i=0; i<_acceptors.size(); i++)
|
765 kumpf 1.117 {
|
766 kumpf 1.157 _acceptors[i]->closeConnectionSocket();
|
767 kumpf 1.101 }
|
768 chip 1.112
|
769 kumpf 1.75 PEG_METHOD_EXIT();
|
770 mike 1.50 }
771
772 void CIMServer::shutdown()
773 {
|
774 kumpf 1.75 PEG_METHOD_ENTER(TRC_SERVER, "CIMServer::shutdown()");
|
775 kumpf 1.54
|
776 dave.sudlik 1.176 #ifdef PEGASUS_DEBUG
777 _repository->DisplayCacheStatistics();
778 #endif
779
|
780 mike 1.50 _dieNow = true;
|
781 kumpf 1.157 _cimserver->tickle_monitor();
|
782 kumpf 1.54
|
783 kumpf 1.75 PEG_METHOD_EXIT();
|
784 mike 1.50 }
785
786 void CIMServer::resume()
787 {
|
788 kumpf 1.75 PEG_METHOD_ENTER(TRC_SERVER, "CIMServer::resume()");
|
789 kumpf 1.54
|
790 kumpf 1.101 for (Uint32 i=0; i<_acceptors.size(); i++)
791 {
792 _acceptors[i]->reopenConnectionSocket();
793 }
|
794 kumpf 1.54
|
795 kumpf 1.75 PEG_METHOD_EXIT();
|
796 mike 1.50 }
797
798 void CIMServer::setState(Uint32 state)
799 {
|
800 kumpf 1.75 PEG_METHOD_ENTER(TRC_SERVER, "CIMServer::setState()");
|
801 kumpf 1.54
|
802 mike 1.50 _serverState->setState(state);
|
803 chip 1.53
|
804 kumpf 1.85 //
805 // get the configured authentication and authorization flags
806 //
807 ConfigManager* configManager = ConfigManager::getInstance();
808
|
809 kumpf 1.182 Boolean enableAuthentication = ConfigManager::parseBooleanValue(
810 configManager->getCurrentValue("enableAuthentication"));
811 Boolean enableNamespaceAuthorization = ConfigManager::parseBooleanValue(
812 configManager->getCurrentValue("enableNamespaceAuthorization"));
|
813 kumpf 1.85
|
814 mike 1.50 if (state == CIMServerState::TERMINATING)
815 {
816 // tell decoder that CIMServer is terminating
817 _cimOperationRequestDecoder->setServerTerminating(true);
818 _cimExportRequestDecoder->setServerTerminating(true);
|
819 kumpf 1.228 #ifdef PEGASUS_ENABLE_PROTOCOL_WSMAN
820 _wsmProcessor->setServerTerminating(true);
821 #endif
|
822 kumpf 1.85
823 // tell authorizer that CIMServer is terminating ONLY if
824 // authentication and authorization are enabled
825 //
|
826 kumpf 1.87 if ( enableAuthentication && enableNamespaceAuthorization )
|
827 kumpf 1.85 {
828 _cimOperationRequestAuthorizer->setServerTerminating(true);
829 }
|
830 mike 1.50 }
831 else
832 {
833 // tell decoder that CIMServer is not terminating
834 _cimOperationRequestDecoder->setServerTerminating(false);
835 _cimExportRequestDecoder->setServerTerminating(false);
|
836 kumpf 1.228 #ifdef PEGASUS_ENABLE_PROTOCOL_WSMAN
837 _wsmProcessor->setServerTerminating(false);
838 #endif
|
839 kumpf 1.85
840 // tell authorizer that CIMServer is terminating ONLY if
841 // authentication and authorization are enabled
842 //
|
843 kumpf 1.87 if ( enableAuthentication && enableNamespaceAuthorization )
|
844 kumpf 1.85 {
845 _cimOperationRequestAuthorizer->setServerTerminating(false);
846 }
|
847 mike 1.50 }
|
848 kumpf 1.75 PEG_METHOD_EXIT();
|
849 mike 1.50 }
850
851 Uint32 CIMServer::getOutstandingRequestCount()
852 {
|
853 kumpf 1.75 PEG_METHOD_ENTER(TRC_SERVER, "CIMServer::getOutstandingRequestCount()");
|
854 kumpf 1.54
|
855 kumpf 1.101 Uint32 requestCount = 0;
|
856 mday 1.111
|
857 kumpf 1.157 for (Uint32 i=0; i<_acceptors.size(); i++)
858 {
859 requestCount += _acceptors[i]->getOutstandingRequestCount();
|
860 kumpf 1.101 }
|
861 chip 1.112
|
862 kumpf 1.75 PEG_METHOD_EXIT();
863 return requestCount;
|
864 kumpf 1.101 }
865
|
866 nag.boranna 1.163 //
|
867 sushma.fernandes 1.189 SSLContext* CIMServer::_getSSLContext()
|
868 nag.boranna 1.163 {
869 PEG_METHOD_ENTER(TRC_SERVER, "CIMServer::_getSSLContext()");
870
871 static const String PROPERTY_NAME__SSL_CERT_FILEPATH =
|
872 kumpf 1.195 "sslCertificateFilePath";
873 static const String PROPERTY_NAME__SSL_KEY_FILEPATH = "sslKeyFilePath";
874 static const String PROPERTY_NAME__SSL_TRUST_STORE = "sslTrustStore";
875 static const String PROPERTY_NAME__SSL_CRL_STORE = "crlStore";
|
876 nag.boranna 1.163 static const String PROPERTY_NAME__SSL_CLIENT_VERIFICATION =
|
877 kumpf 1.195 "sslClientVerificationMode";
|
878 nag.boranna 1.163 static const String PROPERTY_NAME__SSL_AUTO_TRUST_STORE_UPDATE =
|
879 kumpf 1.195 "enableSSLTrustStoreAutoUpdate";
|
880 nag.boranna 1.163 static const String PROPERTY_NAME__SSL_TRUST_STORE_USERNAME =
|
881 kumpf 1.195 "sslTrustStoreUserName";
|
882 nag.boranna 1.163 static const String PROPERTY_NAME__HTTP_ENABLED =
|
883 kumpf 1.195 "enableHttpConnection";
|
884 nag.boranna 1.163
|
885 kumpf 1.201 String verifyClient;
886 String trustStore;
|
887 nag.boranna 1.163 SSLContext* sslContext = 0;
888
889 //
890 // Get a config manager instance
891 //
892 ConfigManager* configManager = ConfigManager::getInstance();
893
|
894 sushma.fernandes 1.189 // Note that if invalid values were set for either sslKeyFilePath,
895 // sslCertificateFilePath, crlStore or sslTrustStore, the invalid
896 // paths would have been detected in SecurityPropertyOwner and
897 // terminated the server startup. This happens regardless of whether
898 // or not HTTPS is enabled (not a great design, but that seems to
899 // be how other properties are validated as well)
900 //
901 // Get the sslClientVerificationMode property from the Config
902 // Manager.
903 //
904 verifyClient = configManager->getCurrentValue(
|
905 kumpf 1.195 PROPERTY_NAME__SSL_CLIENT_VERIFICATION);
|
906 sushma.fernandes 1.189
907 //
908 // Get the sslTrustStore property from the Config Manager.
909 //
910 trustStore = configManager->getCurrentValue(
|
911 kumpf 1.195 PROPERTY_NAME__SSL_TRUST_STORE);
|
912 sushma.fernandes 1.189
913 if (trustStore != String::EMPTY)
|
914 nag.boranna 1.163 {
|
915 sushma.fernandes 1.189 trustStore = ConfigManager::getHomedPath(trustStore);
916 }
|
917 nag.boranna 1.163
|
918 sushma.fernandes 1.189 PEG_TRACE_STRING(TRC_SERVER, Tracer::LEVEL4,
919 "Server trust store name: " + trustStore);
|
920 nag.boranna 1.163
|
921 sushma.fernandes 1.189 //
922 // Get the sslTrustStoreUserName property from the Config Manager.
923 //
|
924 kumpf 1.201 String trustStoreUserName;
|
925 sushma.fernandes 1.189 trustStoreUserName = configManager->getCurrentValue(
|
926 kumpf 1.195 PROPERTY_NAME__SSL_TRUST_STORE_USERNAME);
|
927 nag.boranna 1.163
|
928 sushma.fernandes 1.189 if (!String::equal(verifyClient, "disabled"))
929 {
|
930 nag.boranna 1.163 //
|
931 mreddy 1.191 // 'required' and 'optional' settings must have a valid truststore
|
932 nag.boranna 1.163 //
|
933 sushma.fernandes 1.189 if (trustStore == String::EMPTY)
|
934 nag.boranna 1.163 {
|
935 mreddy 1.191 MessageLoaderParms parms(
|
936 kumpf 1.206 "Pegasus.Server.SSLContextManager."
|
937 kumpf 1.195 "SSL_CLIENT_VERIFICATION_EMPTY_TRUSTSTORE",
938 "The \"sslTrustStore\" configuration property must be set "
939 "if \"sslClientVerificationMode\" is 'required' or "
|
940 kumpf 1.206 "'optional'.");
|
941 mreddy 1.191 PEG_METHOD_EXIT();
942 throw SSLException(parms);
|
943 sushma.fernandes 1.189 }
|
944 h.sterling 1.165
|
945 h.sterling 1.168 #ifdef PEGASUS_DISABLE_LOCAL_DOMAIN_SOCKET
|
946 sushma.fernandes 1.189 //
947 // ATTN: 'required' setting must have http port enabled.
948 // If only https is enabled, and a call to shutdown the
949 // cimserver is given, the call will hang and a forced shutdown
950 // will ensue. This is because the CIMClient::connectLocal call
951 // cannot specify a certificate for authentication against
952 // the local server. This limitation is being investigated.
953 // See Bugzilla 2995.
954 //
955 if (String::equal(verifyClient, "required"))
956 {
957 if (!ConfigManager::parseBooleanValue(
958 configManager->getCurrentValue(
959 PROPERTY_NAME__HTTP_ENABLED)))
|
960 nag.boranna 1.163 {
|
961 sushma.fernandes 1.189 MessageLoaderParms parms(
|
962 kumpf 1.195 "Pegasus.Server.SSLContextManager."
963 "INVALID_CONF_HTTPS_REQUIRED",
|
964 sushma.fernandes 1.189 "The \"sslClientVerificationMode\" property cannot be "
965 "set to \"required\" if HTTP is disabled, as the "
966 "cimserver will be unable to properly shutdown. "
967 "The recommended course of action is to change "
|
968 kumpf 1.206 "the property value to \"optional\".");
|
969 sushma.fernandes 1.189 PEG_METHOD_EXIT();
970 throw SSLException(parms);
|
971 nag.boranna 1.163 }
|
972 sushma.fernandes 1.189 }
|
973 h.sterling 1.165 #endif
|
974 nag.boranna 1.163 //
|
975 sushma.fernandes 1.189 // A truststore username must be specified if
976 // sslClientVerificationMode is enabled and the truststore is a
977 // single CA file. If the truststore is a directory, then the
978 // CertificateProvider should be used to register users with
979 // certificates.
|
980 nag.boranna 1.163 //
|
981 sushma.fernandes 1.189 if ((trustStore != String::EMPTY) &&
982 (!FileSystem::isDirectory(trustStore)))
|
983 nag.boranna 1.163 {
|
984 sushma.fernandes 1.189 if (trustStoreUserName == String::EMPTY)
985 {
986 MessageLoaderParms parms(
|
987 kumpf 1.206 "Pegasus.Server.SSLContextManager."
|
988 kumpf 1.195 "SSL_CLIENT_VERIFICATION_EMPTY_USERNAME",
989 "The \"sslTrustStoreUserName\" property must specify a "
990 "valid username if \"sslClientVerificationMode\" is "
991 "'required' or 'optional' and the truststore is a "
992 "single CA file. To register individual certificates "
993 "to users, you must use a truststore directory along "
|
994 kumpf 1.206 "with the CertificateProvider.");
|
995 sushma.fernandes 1.189 PEG_METHOD_EXIT();
996 throw SSLException(parms);
997 }
|
998 nag.boranna 1.163 }
999 }
1000
|
1001 sushma.fernandes 1.178 #ifdef PEGASUS_ENABLE_SSL_CRL_VERIFICATION
|
1002 nag.boranna 1.163 //
1003 // Get the crlStore property from the Config Manager.
1004 //
1005 String crlStore = configManager->getCurrentValue(
|
1006 kumpf 1.195 PROPERTY_NAME__SSL_CRL_STORE);
|
1007 nag.boranna 1.163
1008 if (crlStore != String::EMPTY)
1009 {
1010 crlStore = ConfigManager::getHomedPath(crlStore);
1011 }
|
1012 sushma.fernandes 1.178 #else
|
1013 kumpf 1.195 String crlStore;
|
1014 sushma.fernandes 1.178 #endif
|
1015 nag.boranna 1.163
1016 //
1017 // Get the sslCertificateFilePath property from the Config Manager.
1018 //
1019 String certPath;
1020 certPath = ConfigManager::getHomedPath(
1021 configManager->getCurrentValue(PROPERTY_NAME__SSL_CERT_FILEPATH));
1022
1023 //
1024 // Get the sslKeyFilePath property from the Config Manager.
1025 //
1026 String keyPath;
1027 keyPath = ConfigManager::getHomedPath(
1028 configManager->getCurrentValue(PROPERTY_NAME__SSL_KEY_FILEPATH));
1029
|
1030 kumpf 1.201 String randFile;
|
1031 nag.boranna 1.163
1032 #ifdef PEGASUS_SSL_RANDOMFILE
1033 // NOTE: It is technically not necessary to set up a random file on
1034 // the server side, but it is easier to use a consistent interface
1035 // on the client and server than to optimize out the random file on
1036 // the server side.
1037 randFile = ConfigManager::getHomedPath(PEGASUS_SSLSERVER_RANDOMFILE);
1038 #endif
1039
|
1040 sushma.fernandes 1.189 //
1041 // Create the SSLContext defined by the configuration properties
1042 //
1043 if (String::equal(verifyClient, "required"))
|
1044 nag.boranna 1.163 {
|
1045 mike 1.230.4.1 PEG_TRACE_CSTRING(TRC_SERVER, Tracer::LEVEL3,
|
1046 sushma.fernandes 1.189 "SSL Client verification REQUIRED.");
|
1047 nag.boranna 1.163
|
1048 sushma.fernandes 1.189 _sslContextMgr->createSSLContext(
1049 trustStore, certPath, keyPath, crlStore, false, randFile);
1050 }
1051 else if (String::equal(verifyClient, "optional"))
1052 {
|
1053 mike 1.230.4.1 PEG_TRACE_CSTRING(TRC_SERVER, Tracer::LEVEL3,
|
1054 sushma.fernandes 1.189 "SSL Client verification OPTIONAL.");
|
1055 nag.boranna 1.163
|
1056 sushma.fernandes 1.189 _sslContextMgr->createSSLContext(
1057 trustStore, certPath, keyPath, crlStore, true, randFile);
|
1058 nag.boranna 1.163 }
|
1059 sushma.fernandes 1.189 else if (String::equal(verifyClient, "disabled") ||
1060 verifyClient == String::EMPTY)
|
1061 nag.boranna 1.163 {
|
1062 mike 1.230.4.1 PEG_TRACE_CSTRING(TRC_SERVER, Tracer::LEVEL3,
|
1063 sushma.fernandes 1.189 "SSL Client verification DISABLED.");
|
1064 nag.boranna 1.163
|
1065 sushma.fernandes 1.189 _sslContextMgr->createSSLContext(
1066 String::EMPTY, certPath, keyPath, crlStore, false, randFile);
|
1067 nag.boranna 1.163 }
|
1068 sushma.fernandes 1.189 sslContext = _sslContextMgr->getSSLContext();
|
1069 nag.boranna 1.163
|
1070 kumpf 1.229 try
1071 {
|
1072 kumpf 1.230 sslContext->_validateCertificate();
|
1073 kumpf 1.229 }
1074 catch (SSLException& e)
1075 {
1076 Logger::put(
1077 Logger::STANDARD_LOG, System::CIMSERVER, Logger::WARNING,
1078 e.getMessage());
1079 }
1080
|
1081 nag.boranna 1.163 PEG_METHOD_EXIT();
1082 return sslContext;
1083 }
|
1084 h.sterling 1.130
|
1085 yi.zhou 1.192 void CIMServer::auditLogInitializeCallback()
1086 {
|
1087 kumpf 1.216 #ifdef PEGASUS_ENABLE_AUDIT_LOGGER
|
1088 yi.zhou 1.192
1089 Array<String> propertyNames;
1090 Array<String> propertyValues;
1091
1092 // Get all current property names and values
1093 ConfigManager* configManager = ConfigManager::getInstance();
1094
1095 configManager->getAllPropertyNames(propertyNames, false);
|
1096 kumpf 1.195
|
1097 yi.zhou 1.192 for (Uint32 i = 0; i < propertyNames.size(); i++)
|
1098 kumpf 1.195 {
|
1099 yi.zhou 1.192 propertyValues.append(configManager->getCurrentValue(propertyNames[i]));
1100 }
1101
1102 AuditLogger::logCurrentConfig(propertyNames, propertyValues);
1103
1104 // get currently registered provider module instances
1105 Array<CIMInstance> moduleInstances;
1106
|
1107 kumpf 1.195 moduleInstances =
|
1108 yi.zhou 1.192 _cimserver->_providerRegistrationManager->enumerateInstancesForClass(
1109 CIMObjectPath("PG_ProviderModule"));
1110
1111 AuditLogger::logCurrentRegProvider(moduleInstances);
1112
1113 AuditLogger::logCurrentEnvironmentVar();
1114
1115 #endif
1116 }
1117
|
1118 tony 1.134 #ifdef PEGASUS_ENABLE_SLP
1119
|
1120 kumpf 1.195 ThreadReturnType PEGASUS_THREAD_CDECL _callSLPProvider(void* parm);
|
1121 tony 1.134
1122 // This is a control function that starts a new thread which issues a
|
1123 venkat.puvvada 1.227 // cim operation to start the slp provider. Used for both External and
1124 // Embedded SLP registrations.
|
1125 dave.sudlik 1.197 //
1126
|
1127 tony 1.134 void CIMServer::startSLPProvider()
1128 {
|
1129 marek 1.204 PEG_METHOD_ENTER(TRC_SERVER, "CIMServer::startSLPProvider");
|
1130 tony 1.134
1131 // Get Config parameter to determine if we should start SLP.
1132 ConfigManager* configManager = ConfigManager::getInstance();
|
1133 venkat.puvvada 1.227 Boolean _runSLP = ConfigManager::parseBooleanValue(
|
1134 kumpf 1.182 configManager->getCurrentValue("slp"));
|
1135 tony 1.134
1136 // If false, do not start slp provider
1137 if (!_runSLP)
1138 {
|
1139 marek 1.224 PEG_METHOD_EXIT();
|
1140 tony 1.134 return;
1141 }
|
1142 kumpf 1.195 // Create a separate thread, detach and call function to execute the
1143 // startup.
|
1144 tony 1.134 Thread t( _callSLPProvider, 0, true );
1145 t.run();
1146
1147 PEG_METHOD_EXIT();
1148 return;
1149 }
1150
1151
1152 // startSLPProvider is a function to get the slp provider kicked off
|
1153 kumpf 1.195 // during startup. It is placed in the provider manager simply because
|
1154 tony 1.134 // the provider manager is the only component of the system is
1155 // driven by a timer after startup. It should never be here and must be
1156 // moved to somewhere more logical or really replaced. We simply needed
1157 // something that was run shortly after system startup.
|
1158 kumpf 1.195 // This function is assumed to operate in a separate thread and
|
1159 tony 1.134 // KS 15 February 2004.
1160
|
1161 kumpf 1.195 ThreadReturnType PEGASUS_THREAD_CDECL _callSLPProvider(void* parm)
|
1162 tony 1.134 {
|
1163 kumpf 1.195 PEG_METHOD_ENTER(TRC_SERVER, "CIMServer::_callSLPProvider()");
1164
|
1165 tony 1.134 CIMClient client;
1166 String hostStr = System::getHostName();
1167
1168 try
1169 {
1170 client.connectLocal();
1171 // set client timeout to 2 seconds
1172 client.setTimeout(40000);
1173 String referenceStr = "//";
1174 referenceStr.append(hostStr);
|
1175 kumpf 1.195 referenceStr.append("/");
|
1176 tony 1.134 referenceStr.append(PEGASUS_NAMESPACENAME_INTERNAL.getString());
1177 referenceStr.append(":");
1178 referenceStr.append(PEGASUS_CLASSNAME_WBEMSLPTEMPLATE.getString());
1179 CIMObjectPath reference(referenceStr);
1180 //
1181 // issue the invokeMethod request on the register method
1182 //
1183 Array<CIMParamValue> inParams;
1184 Array<CIMParamValue> outParams;
1185
1186 CIMValue retValue = client.invokeMethod(
1187 PEGASUS_NAMESPACENAME_INTERNAL,
1188 reference,
1189 CIMName("register"),
1190 inParams,
|
1191 kumpf 1.195 outParams);
|
1192 dave.sudlik 1.197
|
1193 kumpf 1.200 Logger::put_l(
1194 Logger::STANDARD_LOG, System::CIMSERVER, Logger::INFORMATION,
|
1195 dave.sudlik 1.197 "Pegasus.Server.SLP.SLP_REGISTRATION_INITIATED",
1196 "SLP Registration Initiated");
|
1197 tony 1.134 }
1198
|
1199 dave.sudlik 1.197 catch(Exception& e)
|
1200 tony 1.134 {
|
1201 venkat.puvvada 1.227 #ifdef PEGASUS_SLP_REG_TIMEOUT
1202 Logger::put_l(
1203 Logger::STANDARD_LOG, System::CIMSERVER, Logger::WARNING,
1204 "Pegasus.Server.SLP.EXTERNAL_SLP_REGISTRATION_FAILED_EXCEPTION",
1205 "CIM Server registration with External SLP Failed. Exception: $0",
1206 e.getMessage());
1207 #else
|
1208 dave.sudlik 1.197 Logger::put_l(Logger::STANDARD_LOG, System::CIMSERVER, Logger::WARNING,
1209 "Pegasus.Server.SLP.INTERNAL_SLP_REGISTRATION_FAILED_EXCEPTION",
1210 "CIM Server registration with Internal SLP Failed. Exception: $0",
1211 e.getMessage());
|
1212 venkat.puvvada 1.227 #endif
|
1213 tony 1.134 }
|
1214 dave.sudlik 1.197
1215 catch(...)
|
1216 tony 1.134 {
|
1217 venkat.puvvada 1.227 #ifdef PEGASUS_SLP_REG_TIMEOUT
1218 Logger::put_l(
1219 Logger::STANDARD_LOG, System::CIMSERVER, Logger::WARNING,
1220 "Pegasus.Server.SLP.EXTERNAL_SLP_REGISTRATION_FAILED_ERROR",
1221 "CIM Server registration with External SLP Failed.");
1222 #else
|
1223 dave.sudlik 1.197 Logger::put_l(Logger::STANDARD_LOG, System::CIMSERVER, Logger::WARNING,
1224 "Pegasus.Server.SLP.INTERNAL_SLP_REGISTRATION_FAILED_ERROR",
1225 "CIM Server registration with Internal SLP Failed.");
|
1226 venkat.puvvada 1.227 #endif
|
1227 tony 1.134 }
1228
1229 client.disconnect();
1230
|
1231 dave.sudlik 1.197 PEG_METHOD_EXIT();
1232 return( (ThreadReturnType)32 );
1233 }
|
1234 tony 1.134 #endif
1235
|
1236 mike 1.42 PEGASUS_NAMESPACE_END
|