pegasus/src/Pegasus/Server/CIMServer.cpp - annotate

Return to CIMServer.cpp CVS log

Up to [Pegasus] / pegasus / src / Pegasus / Server

1 karl 1.177 //%2006////////////////////////////////////////////////////////////////////////
2 mike 1.42 //
3 karl 1.152 // Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development 4 // Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems. 5 // Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.;
6 karl 1.124 // IBM Corp.; EMC Corporation, The Open Group.
7 karl 1.152 // Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.; 8 // IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group.
9 karl 1.160 // Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.; 10 // EMC Corporation; VERITAS Software Corporation; The Open Group.
11 karl 1.177 // Copyright (c) 2006 Hewlett-Packard Development Company, L.P.; IBM Corp.; 12 // EMC Corporation; Symantec Corporation; The Open Group.
13 mike 1.42 // 14 // Permission is hereby granted, free of charge, to any person obtaining a copy
15 mike 1.50 // of this software and associated documentation files (the "Software"), to 16 // deal in the Software without restriction, including without limitation the 17 // rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
18 mike 1.42 // sell copies of the Software, and to permit persons to whom the Software is 19 // furnished to do so, subject to the following conditions:
20 karl 1.124 //
21 mike 1.50 // THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN
22 mike 1.42 // ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED 23 // "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
24 mike 1.50 // LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR 25 // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 26 // HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
27 mike 1.42 // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION 28 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 29 // 30 //============================================================================== 31 // 32 //%///////////////////////////////////////////////////////////////////////////// 33
34 mike 1.50 #include <Pegasus/Common/Config.h> 35
36 mike 1.42 #include <cstdio> 37 #include <cctype>
38 mike 1.50 #include <ctime>
39 kumpf 1.169 40 #if (defined(PEGASUS_OS_HPUX) \|\| defined(PEGASUS_OS_LINUX)) \ 41 && defined(PEGASUS_USE_RELEASE_DIRS) 42 # include <unistd.h>
43 kumpf 1.215 # include <errno.h>
44 kumpf 1.115 #endif
45 kumpf 1.169
46 ouyang.jian 1.214 #ifdef PEGASUS_OS_PASE 47 #include <as400_protos.h> // for systemCL() 48 #endif 49
50 kumpf 1.75 #include <Pegasus/Common/Constants.h>
51 mike 1.42 #include <Pegasus/Common/FileSystem.h>
52 mike 1.183 #include <Pegasus/Common/Signal.h>
53 mike 1.50 #include <Pegasus/Common/HTTPAcceptor.h>
54 kumpf 1.54 #include <Pegasus/Common/Tracer.h>
55 marek 1.194 #include <Pegasus/Common/Logger.h>
56 mday 1.58 #include <Pegasus/Common/Cimom.h>
57 kumpf 1.78 #include <Pegasus/Common/PegasusVersion.h>
58 nag.boranna 1.163 #include <Pegasus/Common/SSLContextManager.h>
59 kumpf 1.188 #include <Pegasus/Common/Time.h>
60 kumpf 1.195 #include <Pegasus/Common/MessageLoader.h>
61 kumpf 1.216 #include <Pegasus/Common/AuditLogger.h>
62 kumpf 1.78
63 mike 1.42 #include <Pegasus/Repository/CIMRepository.h>
64 mike 1.50 #include <Pegasus/ExportServer/CIMExportRequestDispatcher.h> 65 #include <Pegasus/ExportServer/CIMExportResponseEncoder.h> 66 #include <Pegasus/ExportServer/CIMExportRequestDecoder.h>
67 kumpf 1.54 #include <Pegasus/Config/ConfigManager.h>
68 mike 1.50 #include <Pegasus/Security/UserManager/UserManager.h>
69 kumpf 1.62 #include <Pegasus/HandlerService/IndicationHandlerService.h> 70 #include <Pegasus/IndicationService/IndicationService.h>
71 kumpf 1.184 #include <Pegasus/ProviderManagerService/ProviderManagerService.h>
72 mike 1.179 #include <Pegasus/ProviderManager2/Default/DefaultProviderManager.h>
73 chip 1.114
74 r.kieninger 1.209 #if defined PEGASUS_PLATFORM_ZOS_ZSERIES_IBM 75 # include "ConsoleManager_zOS.h" 76 #endif 77
78 tony 1.134 #ifdef PEGASUS_ENABLE_SLP
79 kumpf 1.195 # include <Pegasus/Client/CIMClient.h>
80 tony 1.134 #endif 81
82 mike 1.47 #include "CIMServer.h"
83 mike 1.50 #include "CIMOperationRequestDispatcher.h" 84 #include "CIMOperationResponseEncoder.h" 85 #include "CIMOperationRequestDecoder.h"
86 kumpf 1.54 #include "CIMOperationRequestAuthorizer.h"
87 mike 1.50 #include "HTTPAuthenticatorDelegator.h"
88 kumpf 1.79 #include "ShutdownProvider.h"
89 kumpf 1.101 #include "ShutdownService.h"
90 mday 1.103 #include "BinaryMessageHandler.h"
91 kumpf 1.69 #include <Pegasus/Common/ModuleController.h>
92 kumpf 1.71 #include <Pegasus/ControlProviders/UserAuthProvider/UserAuthProvider.h>
93 kumpf 1.215 #include <Pegasus/ControlProviders/ConfigSettingProvider/\ 94 ConfigSettingProvider.h> 95 #include <Pegasus/ControlProviders/ProviderRegistrationProvider/\ 96 ProviderRegistrationProvider.h>
97 karl 1.80 #include <Pegasus/ControlProviders/NamespaceProvider/NamespaceProvider.h>
98 humberto 1.110
99 karl 1.158 #ifndef PEGASUS_DISABLE_PERFINST
100 kumpf 1.195 # include <Pegasus/ControlProviders/Statistic/CIMOMStatDataProvider.h>
101 w.white 1.142 #endif 102
103 h.sterling 1.154 #ifdef PEGASUS_HAS_SSL
104 kumpf 1.195 # include <Pegasus/ControlProviders/CertificateProvider/CertificateProvider.h>
105 h.sterling 1.154 #endif
106 w.white 1.142
107 karl 1.226 #ifdef PEGASUS_ENABLE_CQL
108 kumpf 1.215 # include <Pegasus/ControlProviders/QueryCapabilitiesProvider/\ 109 CIMQueryCapabilitiesProvider.h>
110 a.arora 1.156 #endif 111
112 karl 1.210 #if defined PEGASUS_ENABLE_INTEROP_PROVIDER
113 kumpf 1.195 # include <Pegasus/ControlProviders/InteropProvider/InteropProvider.h>
114 tony 1.134 #endif 115
116 kumpf 1.228 #ifdef PEGASUS_ENABLE_PROTOCOL_WSMAN 117 # include <Pegasus/WsmServer/WsmProcessor.h> 118 #endif 119
120 mike 1.42 PEGASUS_NAMESPACE_BEGIN
121 dave.sudlik 1.197 #ifdef PEGASUS_SLP_REG_TIMEOUT 122 ThreadReturnType PEGASUS_THREAD_CDECL registerPegasusWithSLP(void *parm); 123 // Configurable SLP port to be handeled in a separate bug. 124 # define SLP_DEFAULT_PORT 427 125 # define LOCALHOST_IP "127.0.0.1" 126 #endif
127 mike 1.42
128 kumpf 1.195 static CIMServer* _cimserver = NULL;
129 a.arora 1.143
130 kumpf 1.100 // Need a static method to act as a callback for the control provider. 131 // This doesn't belong here, but I don't have a better place to put it.
132 kumpf 1.195 static Message* controlProviderReceiveMessageCallback( 133 Message* message, 134 void* instance)
135 kumpf 1.69 {
136 kumpf 1.185 CIMRequestMessage* request = dynamic_cast<CIMRequestMessage*>(message); 137 PEGASUS_ASSERT(request != 0); 138
139 kumpf 1.220 Thread::setLanguages(
140 kumpf 1.185 ((AcceptLanguageListContainer) request->operationContext.get( 141 AcceptLanguageListContainer::NAME)).getLanguages()); 142 143 ProviderMessageHandler* pmh = 144 reinterpret_cast<ProviderMessageHandler*>(instance); 145 return pmh->processMessage(request);
146 kumpf 1.73 }
147 kumpf 1.71
148 kumpf 1.137 // 149 // Signal handler for shutdown signals, currently SIGHUP and SIGTERM 150 //
151 kumpf 1.108 Boolean handleShutdownSignal = false;
152 kumpf 1.195 void shutdownSignalHandler(int s_n, PEGASUS_SIGINFO_T* s_info, void* sig)
153 kumpf 1.101 {
154 kumpf 1.108 PEG_METHOD_ENTER(TRC_SERVER, "shutdownSignalHandler");
155 mike 1.230.4.1 PEG_TRACE((TRC_SERVER, Tracer::LEVEL3, "Signal %d received.", s_n));
156 kumpf 1.101
157 a.arora 1.143 CIMServer::shutdownSignal();
158 kumpf 1.101 159 PEG_METHOD_EXIT(); 160 } 161
162 s.hills 1.123 void CIMServer::shutdownSignal() 163 { 164 PEG_METHOD_ENTER(TRC_SERVER, "CIMServer::shutdownSignal()"); 165 handleShutdownSignal = true;
166 a.arora 1.143 _cimserver->tickle_monitor();
167 s.hills 1.123 PEG_METHOD_EXIT(); 168 } 169
170 ouyang.jian 1.212 #ifdef PEGASUS_OS_PASE 171 static void _synchronousSignalHandler(int s_n, PEGASUS_SIGINFO_T* s_info, 172 void* sig) 173 { 174 static bool mark = false; 175 if (mark) 176 return; 177 178 mark = true; 179 180 Logger::put_l(Logger::ERROR_LOG, "CIMServer", Logger::SEVERE, 181 "Pegasus.Server.CIMServer.RECEIVE_SYN_SIGNAL.PEGASUS_OS_PASE", \ 182 "Synchronous signal received."); 183 184 /* save job log / 185 systemCL ("QSYS/CHGJOB JOB() LOG(4 00 NOLIST)", 186 SYSTEMCL_MSG_STDOUT \| SYSTEMCL_MSG_STDERR); 187 188 CIMServer::shutdownSignal(); 189 } 190 191 ouyang.jian 1.212 static void _asynchronousSignalHandler(int s_n, PEGASUS_SIGINFO_T s_info, 192 void* sig) 193 { 194 static bool mark = false; 195 if (mark) 196 return; 197 198 mark = true; 199 200 Logger::put_l(Logger::ERROR_LOG, "CIMServer", Logger::SEVERE, 201 "Pegasus.Server.CIMServer.RECEIVE_ASYN_SIGNAL.PEGASUS_OS_PASE", \ 202 "Asynchronous signal received."); 203 204 CIMServer::shutdownSignal(); 205 } 206 #endif 207
208 s.hills 1.123
209 kumpf 1.206 CIMServer::CIMServer() 210 : _dieNow(false)
211 mike 1.43 {
212 kumpf 1.75 PEG_METHOD_ENTER(TRC_SERVER, "CIMServer::CIMServer()");
213 yi.zhou 1.192 _cimserver = this;
214 mday 1.111 _init();
215 yi.zhou 1.192
216 dave.sudlik 1.218 // Get value of idle connection timeout in seconds. 217 String idleConnectionConfigTimeout = 218 ConfigManager::getInstance()->getCurrentValue("idleConnectionTimeout"); 219 220 _idleConnectionTimeoutSeconds = 221 strtol(idleConnectionConfigTimeout.getCString(), (char**)0, 10); 222
223 mday 1.111 PEG_METHOD_EXIT(); 224 } 225
226 kumpf 1.195 void CIMServer::tickle_monitor() 227 {
228 a.arora 1.143 _monitor->tickle(); 229 }
230 mike 1.179
231 kumpf 1.195 void CIMServer::_init()
232 mday 1.111 {
233 kumpf 1.206 _monitor.reset(new Monitor()); 234
235 kumpf 1.167 #if (defined(PEGASUS_OS_HPUX) \|\| defined(PEGASUS_OS_LINUX)) \ 236 && defined(PEGASUS_USE_RELEASE_DIRS)
237 kumpf 1.215 if (chdir(PEGASUS_CORE_DIR) != 0) 238 { 239 PEG_TRACE((TRC_SERVER, Tracer::LEVEL2, 240 "chdir(\"%s\") failed with errno %d.", PEGASUS_CORE_DIR, errno)); 241 }
242 kumpf 1.115 #endif
243 kumpf 1.60
244 mike 1.43 // -- Create a repository: 245
246 kumpf 1.193 String repositoryRootPath = 247 ConfigManager::getHomedPath( 248 ConfigManager::getInstance()->getCurrentValue("repositoryDir")); 249
250 kumpf 1.81 #ifdef DO_NOT_CREATE_REPOSITORY_ON_STARTUP 251 // If this code is enable, the CIMServer will fail to start
252 kumpf 1.206 // if the repository directory does not exist. If called,
253 kumpf 1.81 // the Repository will create an empty repository. 254
255 chip 1.112 // This check has been disabled to allow cimmof to call
256 kumpf 1.81 // the CIMServer to build the initial repository.
257 kumpf 1.60 if (!FileSystem::isDirectory(repositoryRootPath))
258 kumpf 1.54 {
259 kumpf 1.75 PEG_METHOD_EXIT();
260 kumpf 1.195 throw NoSuchDirectory(repositoryRootPath);
261 kumpf 1.54 }
262 kumpf 1.81 #endif
263 mike 1.43
264 kumpf 1.193 _repository = new CIMRepository(repositoryRootPath);
265 mike 1.50
266 kumpf 1.76 // -- Create a UserManager object: 267 268 UserManager* userManager = UserManager::getInstance(_repository); 269
270 mike 1.50 // -- Create a CIMServerState object: 271
272 a.arora 1.133 _serverState.reset(new CIMServerState());
273 mike 1.50
274 kumpf 1.67 _providerRegistrationManager = new ProviderRegistrationManager(_repository); 275
276 mike 1.50 // -- Create queue inter-connections:
277 schuur 1.127
278 mike 1.179 _providerManager = new ProviderManagerService(
279 kumpf 1.195 _providerRegistrationManager, 280 _repository, 281 DefaultProviderManager::createDefaultProviderManagerCallback);
282 mike 1.179 283 // Create IndicationHandlerService:
284 kumpf 1.159
285 kumpf 1.67 _handlerService = new IndicationHandlerService(_repository);
286 kumpf 1.69
287 sushma.fernandes 1.208 _cimOperationRequestDispatcher = new CIMOperationRequestDispatcher( 288 _repository, _providerRegistrationManager); 289 _binaryMessageHandler = 290 new BinaryMessageHandler(_cimOperationRequestDispatcher); 291
292 kumpf 1.71 // Create the control service
293 kumpf 1.99 _controlService = new ModuleController(PEGASUS_QUEUENAME_CONTROLSERVICE);
294 kumpf 1.71
295 kumpf 1.195 // Jump this number up when there are more control providers. 296 _controlProviders.reserveCapacity(16);
297 kumpf 1.185
298 kumpf 1.71 // Create the Configuration control provider
299 kumpf 1.185 ProviderMessageHandler* configProvider = new ProviderMessageHandler(
300 dmitry.mikulin 1.211 "CIMServerControlProvider", "ConfigSettingProvider", 301 new ConfigSettingProvider(), 0, 0, false);
302 konrad.r 1.171
303 kumpf 1.185 _controlProviders.append(configProvider);
304 kumpf 1.195 ModuleController::register_module( 305 PEGASUS_QUEUENAME_CONTROLSERVICE, 306 PEGASUS_MODULENAME_CONFIGPROVIDER, 307 configProvider, 308 controlProviderReceiveMessageCallback, 309 0);
310 kumpf 1.71 311 // Create the User/Authorization control provider
312 kumpf 1.185 ProviderMessageHandler* userAuthProvider = new ProviderMessageHandler(
313 dmitry.mikulin 1.211 "CIMServerControlProvider", "UserAuthProvider", 314 new UserAuthProvider(_repository), 0, 0, false);
315 kumpf 1.185 _controlProviders.append(userAuthProvider);
316 kumpf 1.195 ModuleController::register_module( 317 PEGASUS_QUEUENAME_CONTROLSERVICE, 318 PEGASUS_MODULENAME_USERAUTHPROVIDER, 319 userAuthProvider, 320 controlProviderReceiveMessageCallback, 321 0);
322 mike 1.50
323 kumpf 1.74 // Create the Provider Registration control provider
324 kumpf 1.185 ProviderMessageHandler* provRegProvider = new ProviderMessageHandler(
325 dmitry.mikulin 1.211 "CIMServerControlProvider", "ProviderRegistrationProvider",
326 kumpf 1.185 new ProviderRegistrationProvider(_providerRegistrationManager), 327 0, 0, false); 328 // Warning: The ProviderRegistrationProvider destructor deletes 329 // _providerRegistrationManager 330 _controlProviders.append(provRegProvider);
331 kumpf 1.195 ModuleController::register_module( 332 PEGASUS_QUEUENAME_CONTROLSERVICE, 333 PEGASUS_MODULENAME_PROVREGPROVIDER, 334 provRegProvider, 335 controlProviderReceiveMessageCallback, 336 0);
337 kumpf 1.79
338 kumpf 1.185 // Create the Shutdown control provider 339 ProviderMessageHandler* shutdownProvider = new ProviderMessageHandler(
340 dmitry.mikulin 1.211 "CIMServerControlProvider", "ShutdownProvider", 341 new ShutdownProvider(this), 0, 0, false);
342 kumpf 1.185 _controlProviders.append(shutdownProvider);
343 kumpf 1.195 ModuleController::register_module( 344 PEGASUS_QUEUENAME_CONTROLSERVICE, 345 PEGASUS_MODULENAME_SHUTDOWNPROVIDER, 346 shutdownProvider, 347 controlProviderReceiveMessageCallback, 348 0);
349 karl 1.80
350 kumpf 1.185 // Create the namespace control provider 351 ProviderMessageHandler* namespaceProvider = new ProviderMessageHandler(
352 dmitry.mikulin 1.211 "CIMServerControlProvider", "NamespaceProvider", 353 new NamespaceProvider(_repository), 0, 0, false);
354 kumpf 1.185 _controlProviders.append(namespaceProvider);
355 kumpf 1.195 ModuleController::register_module( 356 PEGASUS_QUEUENAME_CONTROLSERVICE, 357 PEGASUS_MODULENAME_NAMESPACEPROVIDER, 358 namespaceProvider, 359 controlProviderReceiveMessageCallback, 360 0); 361 362 // 363 // Create a SSLContextManager object 364 // 365 _sslContextMgr = new SSLContextManager();
366 nag.boranna 1.161
367 h.sterling 1.154 #ifdef PEGASUS_HAS_SSL
368 kumpf 1.195 // Because this provider allows management of the cimserver truststore 369 // it needs to be available regardless of the value 370 // of sslClientVerificationMode config property.
371 kumpf 1.185 ProviderMessageHandler* certificateProvider = new ProviderMessageHandler(
372 dmitry.mikulin 1.211 "CIMServerControlProvider", "CertificateProvider",
373 kumpf 1.185 new CertificateProvider(_repository, _sslContextMgr), 374 0, 0, false); 375 _controlProviders.append(certificateProvider);
376 kumpf 1.195 ModuleController::register_module( 377 PEGASUS_QUEUENAME_CONTROLSERVICE, 378 PEGASUS_MODULENAME_CERTIFICATEPROVIDER, 379 certificateProvider, 380 controlProviderReceiveMessageCallback, 381 0);
382 h.sterling 1.154 #endif
383 h.sterling 1.153
384 karl 1.158 #ifndef PEGASUS_DISABLE_PERFINST
385 kumpf 1.185 // Create the Statistical Data control provider 386 ProviderMessageHandler* cimomstatdataProvider = new ProviderMessageHandler(
387 dmitry.mikulin 1.211 "CIMServerControlProvider", "CIMOMStatDataProvider", 388 new CIMOMStatDataProvider(), 0, 0, false);
389 kumpf 1.185 _controlProviders.append(cimomstatdataProvider);
390 kumpf 1.195 ModuleController::register_module( 391 PEGASUS_QUEUENAME_CONTROLSERVICE, 392 PEGASUS_MODULENAME_CIMOMSTATDATAPROVIDER, 393 cimomstatdataProvider, 394 controlProviderReceiveMessageCallback, 395 0);
396 w.white 1.142 #endif 397
398 karl 1.226 #ifdef PEGASUS_ENABLE_CQL
399 a.arora 1.156
400 kumpf 1.185 // Create the Query Capabilities control provider 401 ProviderMessageHandler* cimquerycapprovider = new ProviderMessageHandler(
402 dmitry.mikulin 1.211 "CIMServerControlProvider", "CIMQueryCapabilitiesProvider",
403 kumpf 1.185 new CIMQueryCapabilitiesProvider(), 404 0, 0, false); 405 _controlProviders.append(cimquerycapprovider);
406 kumpf 1.195 ModuleController::register_module( 407 PEGASUS_QUEUENAME_CONTROLSERVICE, 408 PEGASUS_MODULENAME_CIMQUERYCAPPROVIDER, 409 cimquerycapprovider, 410 controlProviderReceiveMessageCallback, 411 0);
412 a.arora 1.156 #endif 413
414 karl 1.210 #if defined PEGASUS_ENABLE_INTEROP_PROVIDER
415 w.white 1.149
416 kumpf 1.185 // Create the interop control provider 417 ProviderMessageHandler* interopProvider = new ProviderMessageHandler(
418 dmitry.mikulin 1.211 "CIMServerControlProvider", "InteropProvider", 419 new InteropProvider(_repository), 0, 0, false);
420 kumpf 1.185 _controlProviders.append(interopProvider);
421 kumpf 1.195 ModuleController::register_module( 422 PEGASUS_QUEUENAME_CONTROLSERVICE, 423 PEGASUS_MODULENAME_INTEROPPROVIDER, 424 interopProvider, 425 controlProviderReceiveMessageCallback, 426 0);
427 tony 1.134 #endif
428 kumpf 1.74
429 kumpf 1.195 _cimOperationResponseEncoder = new CIMOperationResponseEncoder;
430 mike 1.50
431 kumpf 1.54 // 432 // get the configured authentication and authorization flags 433 // 434 ConfigManager* configManager = ConfigManager::getInstance(); 435
436 kumpf 1.182 Boolean enableAuthentication = ConfigManager::parseBooleanValue( 437 configManager->getCurrentValue("enableAuthentication"));
438 kumpf 1.54
439 kumpf 1.228 MessageQueueService* cimOperationProcessorQueue = 0; 440
441 kumpf 1.54 //
442 kumpf 1.104 // Create Authorization queue only if authentication is enabled
443 kumpf 1.54 //
444 kumpf 1.104 if ( enableAuthentication )
445 kumpf 1.54 { 446 _cimOperationRequestAuthorizer = new CIMOperationRequestAuthorizer( 447 _cimOperationRequestDispatcher);
448 kumpf 1.228 cimOperationProcessorQueue = _cimOperationRequestAuthorizer;
449 kumpf 1.54 } 450 else 451 {
452 kumpf 1.99 _cimOperationRequestAuthorizer = 0;
453 kumpf 1.228 cimOperationProcessorQueue = _cimOperationRequestDispatcher; 454 }
455 kumpf 1.99
456 kumpf 1.228 _cimOperationRequestDecoder = new CIMOperationRequestDecoder( 457 cimOperationProcessorQueue, 458 _cimOperationResponseEncoder->getQueueId());
459 mike 1.43
460 kumpf 1.195 _cimExportRequestDispatcher = new CIMExportRequestDispatcher();
461 mike 1.43
462 kumpf 1.195 _cimExportResponseEncoder = new CIMExportResponseEncoder;
463 mike 1.43
464 mike 1.50 _cimExportRequestDecoder = new CIMExportRequestDecoder(
465 kumpf 1.195 _cimExportRequestDispatcher, 466 _cimExportResponseEncoder->getQueueId());
467 mike 1.43
468 kumpf 1.99 _httpAuthenticatorDelegator = new HTTPAuthenticatorDelegator(
469 mike 1.50 _cimOperationRequestDecoder->getQueueId(),
470 h.sterling 1.153 _cimExportRequestDecoder->getQueueId(),
471 nag.boranna 1.161 _repository);
472 mike 1.43
473 kumpf 1.228 #ifdef PEGASUS_ENABLE_PROTOCOL_WSMAN 474 _wsmProcessor = new WsmProcessor( 475 cimOperationProcessorQueue, 476 _repository); 477 _httpAuthenticatorDelegator->setWsmQueueId( 478 _wsmProcessor->getWsmRequestDecoderQueueId()); 479 #endif 480
481 kumpf 1.82 // IMPORTANT-NU-20020513: Indication service must start after ExportService 482 // otherwise HandlerService started by indicationService will never 483 // get ExportQueue to export indications for existing subscriptions 484
485 kumpf 1.90 _indicationService = 0;
486 kumpf 1.182 if (ConfigManager::parseBooleanValue( 487 configManager->getCurrentValue("enableIndicationService")))
488 kumpf 1.90 {
489 kumpf 1.195 _indicationService = new IndicationService( 490 _repository, _providerRegistrationManager);
491 kumpf 1.90 }
492 mike 1.50
493 kumpf 1.108 // Enable the signal handler to shutdown gracefully on SIGHUP and SIGTERM 494 getSigHandle()->registerHandler(PEGASUS_SIGHUP, shutdownSignalHandler);
495 kumpf 1.107 getSigHandle()->activate(PEGASUS_SIGHUP);
496 kumpf 1.108 getSigHandle()->registerHandler(PEGASUS_SIGTERM, shutdownSignalHandler); 497 getSigHandle()->activate(PEGASUS_SIGTERM);
498 ouyang.jian 1.212 #ifdef PEGASUS_OS_PASE 499 getSigHandle()->registerHandler(SIGFPE, _synchronousSignalHandler); 500 getSigHandle()->activate(SIGFPE); 501 getSigHandle()->registerHandler(SIGILL, _synchronousSignalHandler); 502 getSigHandle()->activate(SIGILL); 503 getSigHandle()->registerHandler(SIGSEGV, _synchronousSignalHandler); 504 getSigHandle()->activate(SIGSEGV); 505 getSigHandle()->registerHandler(SIGIO, _asynchronousSignalHandler); 506 getSigHandle()->activate(SIGIO); 507 #endif
508 marek 1.223 #ifdef PEGASUS_OS_ZOS 509 // Establish handling signal send to us on USS shutdown 510 getSigHandle()->registerHandler(PEGASUS_SIGDANGER, shutdownSignalHandler); 511 getSigHandle()->activate(PEGASUS_SIGDANGER); 512 // enable process to receive SIGDANGER on USS shutdown 513 __shutdown_registration(_SDR_NOTIFY, _SDR_REGPROCESS, _SDR_SENDSIGDANGER); 514 #endif
515 marek 1.194 516 //
517 r.kieninger 1.209 // Set up an additional thread waiting for commands from the 518 // system console
519 marek 1.194 // 520 #if defined PEGASUS_PLATFORM_ZOS_ZSERIES_IBM
521 r.kieninger 1.209 ZOSConsoleManager::startConsoleWatchThread();
522 marek 1.194 #endif 523
524 kumpf 1.216 #ifdef PEGASUS_ENABLE_AUDIT_LOGGER
525 yi.zhou 1.192 526 // Register audit logger initialize callback 527 AuditLogger::setInitializeCallback(auditLogInitializeCallback); 528 529 Boolean enableAuditLog = ConfigManager::parseBooleanValue( 530 configManager->getCurrentValue("enableAuditLog")); 531 532 if (enableAuditLog) 533 { 534 AuditLogger::setEnabled(enableAuditLog); 535 } 536 537 #endif
538 mike 1.43 } 539
540 mday 1.111
541 konrad.r 1.171 CIMServer::~CIMServer () 542 {
543 kumpf 1.175 PEG_METHOD_ENTER (TRC_SERVER, "CIMServer::~CIMServer()");
544 mday 1.111
545 kumpf 1.175 // Wait until the Shutdown provider request has cleared through the
546 kumpf 1.195 // system.
547 kumpf 1.175 ShutdownService::getInstance(this)->waitUntilNoMoreRequests(false);
548 mday 1.111
549 kumpf 1.175 // Ok, shutdown all the MQSs. This shuts their communication channel. 550 ShutdownService::getInstance(this)->shutdownCimomServices();
551 kumpf 1.54
552 kumpf 1.175 // Start deleting the objects. 553 // The order is very important. 554 555 // The HTTPAcceptor depends on HTTPAuthenticationDelegator 556 for (Uint32 i = 0, n = _acceptors.size (); i < n; i++)
557 konrad.r 1.171 {
558 kumpf 1.195 HTTPAcceptor* p = _acceptors[i];
559 kumpf 1.175 delete p;
560 konrad.r 1.171 }
561 kumpf 1.99
562 kumpf 1.175 // IndicationService depends on ProviderManagerService, 563 // IndicationHandlerService, and ProviderRegistrationManager, and thus 564 // should be deleted before the ProviderManagerService, 565 // IndicationHandlerService, and ProviderRegistrationManager are deleted. 566 delete _indicationService; 567 568 // HTTPAuthenticationDelegator depends on CIMRepository, 569 // CIMOperationRequestDecoder and CIMExportRequestDecoder 570 delete _httpAuthenticatorDelegator; 571 572 delete _cimExportRequestDecoder; 573 574 delete _cimExportResponseEncoder; 575 576 delete _cimExportRequestDispatcher; 577 578 // CIMOperationRequestDecoder depends on CIMOperationRequestAuthorizer 579 // and CIMOperationResponseEncoder 580 delete _cimOperationRequestDecoder;
581 kumpf 1.228 delete _cimOperationResponseEncoder;
582 kumpf 1.175
583 kumpf 1.228 #ifdef PEGASUS_ENABLE_PROTOCOL_WSMAN 584 // WsmProcessor depends on CIMOperationRequestAuthorizer/Dispatcher and 585 // CIMRepository 586 delete _wsmProcessor; 587 #endif
588 kumpf 1.175 589 // BinaryMessageHandler depends on CIMOperationRequestDispatcher 590 delete _binaryMessageHandler; 591 592 // CIMOperationRequestAuthorizer depends on 593 // CIMOperationRequestDispatcher 594 delete _cimOperationRequestAuthorizer; 595 596 // IndicationHandlerService uses CIMOperationRequestDispatcher 597 delete _handlerService; 598
599 kumpf 1.195 // CIMOperationRequestDispatcher depends on
600 kumpf 1.175 // CIMRepository and ProviderRegistrationManager. 601 // CIMOperationRequestDispatcher keeps an internal list of control 602 // providers. Must delete this before ModuleController. 603 delete _cimOperationRequestDispatcher; 604 605 // ModuleController takes care of deleting all wrappers around 606 // the control providers. 607 delete _controlService; 608 609 // Find all of the control providers (module) 610 // Must delete CIMOperationRequestDispatcher _before_ deleting each 611 // of the control provider. The CIMOperationRequestDispatcher keeps 612 // its own table of the internal providers (pointers). 613 for (Uint32 i = 0, n = _controlProviders.size(); i < n; i++)
614 konrad.r 1.171 {
615 kumpf 1.195 ProviderMessageHandler* p = _controlProviders[i];
616 kumpf 1.196 delete p->getProvider();
617 kumpf 1.175 delete p;
618 konrad.r 1.171 } 619
620 kumpf 1.195 // The SSL control providers use the SSL context manager.
621 kumpf 1.175 delete _sslContextMgr; 622 623 // ProviderManagerService depends on ProviderRegistrationManager. 624 // Note that deleting the ProviderManagerService causes the 625 // DefaultProviderManager (if loaded) to get unloaded. Dynamically 626 // unloading the DefaultProviderManager library affects (on HP-UX, at 627 // least) the statically loaded version of this library used by the
628 kumpf 1.185 // ProviderMessageHandler wrapper for the control providers. Deleting
629 kumpf 1.175 // the ProviderManagerService after the control providers is a 630 // workaround for this problem. 631 delete _providerManager; 632 633 delete _providerRegistrationManager;
634 konrad.r 1.171
635 kumpf 1.175 // Almost everybody uses the CIMRepository. 636 delete _repository;
637 kumpf 1.99
638 kumpf 1.175 // Destroy the singleton services 639 UserManager::destroy(); 640 ShutdownService::destroy();
641 konrad.r 1.172
642 kumpf 1.175 PEG_METHOD_EXIT ();
643 mike 1.43 } 644
645 kumpf 1.101 void CIMServer::addAcceptor(
646 dave.sudlik 1.207 Uint16 connectionType,
647 kumpf 1.101 Uint32 portNumber,
648 sushma.fernandes 1.189 Boolean useSSL)
649 kumpf 1.101 { 650 HTTPAcceptor* acceptor;
651 sushma.fernandes 1.189 652 acceptor = new HTTPAcceptor(
653 kumpf 1.206 _monitor.get(),
654 kumpf 1.195 _httpAuthenticatorDelegator,
655 dave.sudlik 1.207 connectionType,
656 kumpf 1.195 portNumber, 657 useSSL ? _getSSLContext() : 0, 658 useSSL ? _sslContextMgr->getSSLContextObjectLock() : 0 );
659 marek 1.180 660 ConfigManager* configManager = ConfigManager::getInstance();
661 kumpf 1.195 String socketWriteConfigTimeout =
662 marek 1.180 configManager->getCurrentValue("socketWriteTimeout"); 663 // Set timeout value for server socket timeouts 664 // depending on config option
665 kumpf 1.195 Uint32 socketWriteTimeout = 666 strtol(socketWriteConfigTimeout.getCString(), (char**)0, 10);
667 marek 1.180 // equal what went wrong, there has to be a timeout
668 marek 1.198 if (socketWriteTimeout == 0) 669 socketWriteTimeout = PEGASUS_DEFAULT_SOCKETWRITE_TIMEOUT_SECONDS;
670 marek 1.180 acceptor->setSocketWriteTimeout(socketWriteTimeout); 671
672 dave.sudlik 1.218 // Set idle connection timeout in seconds. 673 acceptor->setIdleConnectionTimeout(_idleConnectionTimeoutSeconds); 674
675 kumpf 1.101 _acceptors.append(acceptor); 676 } 677 678 void CIMServer::bind()
679 mike 1.43 {
680 kumpf 1.75 PEG_METHOD_ENTER(TRC_SERVER, "CIMServer::bind()");
681 kumpf 1.54
682 kumpf 1.157 if (_acceptors.size() == 0) 683 { 684 MessageLoaderParms mlp = MessageLoaderParms( 685 "Server.CIMServer.BIND_FAILED", 686 "No CIM Server connections are enabled.");
687 chip 1.112
688 kumpf 1.157 throw BindFailedException(mlp); 689 }
690 chip 1.112
691 kumpf 1.157 for (Uint32 i=0; i<_acceptors.size(); i++) 692 { 693 _acceptors[i]->bind();
694 kumpf 1.101 }
695 chip 1.112
696 kumpf 1.75 PEG_METHOD_EXIT();
697 mike 1.43 } 698 699 void CIMServer::runForever() 700 {
701 mday 1.111 // Note: Trace code in this method will be invoked frequently.
702 kumpf 1.101
703 kumpf 1.195 if (!_dieNow)
704 kumpf 1.157 {
705 kumpf 1.195 _monitor->run(500000); 706 static struct timeval lastIdleCleanupTime = {0, 0};
707 venkat.puvvada 1.227 struct timeval now;
708 kumpf 1.195 Time::gettimeofday(&now);
709 kumpf 1.186
710 kumpf 1.195 if (now.tv_sec - lastIdleCleanupTime.tv_sec > 300) 711 { 712 lastIdleCleanupTime.tv_sec = now.tv_sec;
713 kumpf 1.186
714 kumpf 1.195 try 715 { 716 _providerManager->unloadIdleProviders(); 717 MessageQueueService::get_thread_pool()->cleanupIdleThreads(); 718 } 719 catch (...) 720 { 721 } 722 }
723 nag.boranna 1.161
724 kumpf 1.195 if (handleShutdownSignal) 725 {
726 marek 1.199 PEG_TRACE_CSTRING(TRC_SERVER, Tracer::LEVEL3,
727 kumpf 1.195 "CIMServer::runForever - signal received. Shutting down."); 728 ShutdownService::getInstance(this)->shutdown(true, 10, false); 729 // Set to false must be after call to shutdown. See 730 // stopClientConnection. 731 handleShutdownSignal = false; 732 }
733 kumpf 1.157 }
734 mike 1.50 }
735 mday 1.118
736 mike 1.50 void CIMServer::stopClientConnection() 737 {
738 kumpf 1.75 PEG_METHOD_ENTER(TRC_SERVER, "CIMServer::stopClientConnection()");
739 kumpf 1.54
740 kumpf 1.157 // tell Monitor to stop listening for client connections 741 if (handleShutdownSignal) 742 // If shutting down, this is in the same thread as runForever. 743 // No need to wait for the thread to see the stop flag. 744 _monitor->stopListeningForConnections(false); 745 else 746 // If not shutting down, this is not in the same thread as runForever. 747 // Need to wait for the thread to see the stop flag. 748 _monitor->stopListeningForConnections(true); 749 750 //
751 kumpf 1.195 // Wait 150 milliseconds to allow time for the Monitor to stop 752 // listening for client connections.
753 kumpf 1.157 // 754 // This wait time is the timeout value for the select() call
755 kumpf 1.195 // in the Monitor's run() method (currently set to 100
756 kumpf 1.157 // milliseconds) plus a delta of 50 milliseconds. The reason 757 // for the wait here is to make sure that the Monitor entries 758 // are updated before closing the connection sockets. 759 //
760 marek 1.199 // PEG_TRACE_CSTRING(TRC_SERVER, Tracer::LEVEL4, "Wait 150 milliseconds.");
761 mike 1.183 // Threads::sleep(150); not needed anymore due to the semaphore
762 kumpf 1.157 // in the monitor 763 764 for (Uint32 i=0; i<_acceptors.size(); i++)
765 kumpf 1.117 {
766 kumpf 1.157 _acceptors[i]->closeConnectionSocket();
767 kumpf 1.101 }
768 chip 1.112
769 kumpf 1.75 PEG_METHOD_EXIT();
770 mike 1.50 } 771 772 void CIMServer::shutdown() 773 {
774 kumpf 1.75 PEG_METHOD_ENTER(TRC_SERVER, "CIMServer::shutdown()");
775 kumpf 1.54
776 dave.sudlik 1.176 #ifdef PEGASUS_DEBUG 777 _repository->DisplayCacheStatistics(); 778 #endif 779
780 mike 1.50 _dieNow = true;
781 kumpf 1.157 _cimserver->tickle_monitor();
782 kumpf 1.54
783 kumpf 1.75 PEG_METHOD_EXIT();
784 mike 1.50 } 785 786 void CIMServer::resume() 787 {
788 kumpf 1.75 PEG_METHOD_ENTER(TRC_SERVER, "CIMServer::resume()");
789 kumpf 1.54
790 kumpf 1.101 for (Uint32 i=0; i<_acceptors.size(); i++) 791 { 792 _acceptors[i]->reopenConnectionSocket(); 793 }
794 kumpf 1.54
795 kumpf 1.75 PEG_METHOD_EXIT();
796 mike 1.50 } 797 798 void CIMServer::setState(Uint32 state) 799 {
800 kumpf 1.75 PEG_METHOD_ENTER(TRC_SERVER, "CIMServer::setState()");
801 kumpf 1.54
802 mike 1.50 _serverState->setState(state);
803 chip 1.53
804 kumpf 1.85 // 805 // get the configured authentication and authorization flags 806 // 807 ConfigManager* configManager = ConfigManager::getInstance(); 808
809 kumpf 1.182 Boolean enableAuthentication = ConfigManager::parseBooleanValue( 810 configManager->getCurrentValue("enableAuthentication")); 811 Boolean enableNamespaceAuthorization = ConfigManager::parseBooleanValue( 812 configManager->getCurrentValue("enableNamespaceAuthorization"));
813 kumpf 1.85
814 mike 1.50 if (state == CIMServerState::TERMINATING) 815 { 816 // tell decoder that CIMServer is terminating 817 _cimOperationRequestDecoder->setServerTerminating(true); 818 _cimExportRequestDecoder->setServerTerminating(true);
819 kumpf 1.228 #ifdef PEGASUS_ENABLE_PROTOCOL_WSMAN 820 _wsmProcessor->setServerTerminating(true); 821 #endif
822 kumpf 1.85 823 // tell authorizer that CIMServer is terminating ONLY if 824 // authentication and authorization are enabled 825 //
826 kumpf 1.87 if ( enableAuthentication && enableNamespaceAuthorization )
827 kumpf 1.85 { 828 _cimOperationRequestAuthorizer->setServerTerminating(true); 829 }
830 mike 1.50 } 831 else 832 { 833 // tell decoder that CIMServer is not terminating 834 _cimOperationRequestDecoder->setServerTerminating(false); 835 _cimExportRequestDecoder->setServerTerminating(false);
836 kumpf 1.228 #ifdef PEGASUS_ENABLE_PROTOCOL_WSMAN 837 _wsmProcessor->setServerTerminating(false); 838 #endif
839 kumpf 1.85 840 // tell authorizer that CIMServer is terminating ONLY if 841 // authentication and authorization are enabled 842 //
843 kumpf 1.87 if ( enableAuthentication && enableNamespaceAuthorization )
844 kumpf 1.85 { 845 _cimOperationRequestAuthorizer->setServerTerminating(false); 846 }
847 mike 1.50 }
848 kumpf 1.75 PEG_METHOD_EXIT();
849 mike 1.50 } 850 851 Uint32 CIMServer::getOutstandingRequestCount() 852 {
853 kumpf 1.75 PEG_METHOD_ENTER(TRC_SERVER, "CIMServer::getOutstandingRequestCount()");
854 kumpf 1.54
855 kumpf 1.101 Uint32 requestCount = 0;
856 mday 1.111
857 kumpf 1.157 for (Uint32 i=0; i<_acceptors.size(); i++) 858 { 859 requestCount += _acceptors[i]->getOutstandingRequestCount();
860 kumpf 1.101 }
861 chip 1.112
862 kumpf 1.75 PEG_METHOD_EXIT(); 863 return requestCount;
864 kumpf 1.101 } 865
866 nag.boranna 1.163 //
867 sushma.fernandes 1.189 SSLContext* CIMServer::_getSSLContext()
868 nag.boranna 1.163 { 869 PEG_METHOD_ENTER(TRC_SERVER, "CIMServer::_getSSLContext()"); 870 871 static const String PROPERTY_NAME__SSL_CERT_FILEPATH =
872 kumpf 1.195 "sslCertificateFilePath"; 873 static const String PROPERTY_NAME__SSL_KEY_FILEPATH = "sslKeyFilePath"; 874 static const String PROPERTY_NAME__SSL_TRUST_STORE = "sslTrustStore"; 875 static const String PROPERTY_NAME__SSL_CRL_STORE = "crlStore";
876 nag.boranna 1.163 static const String PROPERTY_NAME__SSL_CLIENT_VERIFICATION =
877 kumpf 1.195 "sslClientVerificationMode";
878 nag.boranna 1.163 static const String PROPERTY_NAME__SSL_AUTO_TRUST_STORE_UPDATE =
879 kumpf 1.195 "enableSSLTrustStoreAutoUpdate";
880 nag.boranna 1.163 static const String PROPERTY_NAME__SSL_TRUST_STORE_USERNAME =
881 kumpf 1.195 "sslTrustStoreUserName";
882 nag.boranna 1.163 static const String PROPERTY_NAME__HTTP_ENABLED =
883 kumpf 1.195 "enableHttpConnection";
884 nag.boranna 1.163
885 kumpf 1.201 String verifyClient; 886 String trustStore;
887 nag.boranna 1.163 SSLContext* sslContext = 0; 888 889 // 890 // Get a config manager instance 891 // 892 ConfigManager* configManager = ConfigManager::getInstance(); 893
894 sushma.fernandes 1.189 // Note that if invalid values were set for either sslKeyFilePath, 895 // sslCertificateFilePath, crlStore or sslTrustStore, the invalid 896 // paths would have been detected in SecurityPropertyOwner and 897 // terminated the server startup. This happens regardless of whether 898 // or not HTTPS is enabled (not a great design, but that seems to 899 // be how other properties are validated as well) 900 // 901 // Get the sslClientVerificationMode property from the Config 902 // Manager. 903 // 904 verifyClient = configManager->getCurrentValue(
905 kumpf 1.195 PROPERTY_NAME__SSL_CLIENT_VERIFICATION);
906 sushma.fernandes 1.189 907 // 908 // Get the sslTrustStore property from the Config Manager. 909 // 910 trustStore = configManager->getCurrentValue(
911 kumpf 1.195 PROPERTY_NAME__SSL_TRUST_STORE);
912 sushma.fernandes 1.189 913 if (trustStore != String::EMPTY)
914 nag.boranna 1.163 {
915 sushma.fernandes 1.189 trustStore = ConfigManager::getHomedPath(trustStore); 916 }
917 nag.boranna 1.163
918 sushma.fernandes 1.189 PEG_TRACE_STRING(TRC_SERVER, Tracer::LEVEL4, 919 "Server trust store name: " + trustStore);
920 nag.boranna 1.163
921 sushma.fernandes 1.189 // 922 // Get the sslTrustStoreUserName property from the Config Manager. 923 //
924 kumpf 1.201 String trustStoreUserName;
925 sushma.fernandes 1.189 trustStoreUserName = configManager->getCurrentValue(
926 kumpf 1.195 PROPERTY_NAME__SSL_TRUST_STORE_USERNAME);
927 nag.boranna 1.163
928 sushma.fernandes 1.189 if (!String::equal(verifyClient, "disabled")) 929 {
930 nag.boranna 1.163 //
931 mreddy 1.191 // 'required' and 'optional' settings must have a valid truststore
932 nag.boranna 1.163 //
933 sushma.fernandes 1.189 if (trustStore == String::EMPTY)
934 nag.boranna 1.163 {
935 mreddy 1.191 MessageLoaderParms parms(
936 kumpf 1.206 "Pegasus.Server.SSLContextManager."
937 kumpf 1.195 "SSL_CLIENT_VERIFICATION_EMPTY_TRUSTSTORE", 938 "The \"sslTrustStore\" configuration property must be set " 939 "if \"sslClientVerificationMode\" is 'required' or "
940 kumpf 1.206 "'optional'.");
941 mreddy 1.191 PEG_METHOD_EXIT(); 942 throw SSLException(parms);
943 sushma.fernandes 1.189 }
944 h.sterling 1.165
945 h.sterling 1.168 #ifdef PEGASUS_DISABLE_LOCAL_DOMAIN_SOCKET
946 sushma.fernandes 1.189 // 947 // ATTN: 'required' setting must have http port enabled. 948 // If only https is enabled, and a call to shutdown the 949 // cimserver is given, the call will hang and a forced shutdown 950 // will ensue. This is because the CIMClient::connectLocal call 951 // cannot specify a certificate for authentication against 952 // the local server. This limitation is being investigated. 953 // See Bugzilla 2995. 954 // 955 if (String::equal(verifyClient, "required")) 956 { 957 if (!ConfigManager::parseBooleanValue( 958 configManager->getCurrentValue( 959 PROPERTY_NAME__HTTP_ENABLED)))
960 nag.boranna 1.163 {
961 sushma.fernandes 1.189 MessageLoaderParms parms(
962 kumpf 1.195 "Pegasus.Server.SSLContextManager." 963 "INVALID_CONF_HTTPS_REQUIRED",
964 sushma.fernandes 1.189 "The \"sslClientVerificationMode\" property cannot be " 965 "set to \"required\" if HTTP is disabled, as the " 966 "cimserver will be unable to properly shutdown. " 967 "The recommended course of action is to change "
968 kumpf 1.206 "the property value to \"optional\".");
969 sushma.fernandes 1.189 PEG_METHOD_EXIT(); 970 throw SSLException(parms);
971 nag.boranna 1.163 }
972 sushma.fernandes 1.189 }
973 h.sterling 1.165 #endif
974 nag.boranna 1.163 //
975 sushma.fernandes 1.189 // A truststore username must be specified if 976 // sslClientVerificationMode is enabled and the truststore is a 977 // single CA file. If the truststore is a directory, then the 978 // CertificateProvider should be used to register users with 979 // certificates.
980 nag.boranna 1.163 //
981 sushma.fernandes 1.189 if ((trustStore != String::EMPTY) && 982 (!FileSystem::isDirectory(trustStore)))
983 nag.boranna 1.163 {
984 sushma.fernandes 1.189 if (trustStoreUserName == String::EMPTY) 985 { 986 MessageLoaderParms parms(
987 kumpf 1.206 "Pegasus.Server.SSLContextManager."
988 kumpf 1.195 "SSL_CLIENT_VERIFICATION_EMPTY_USERNAME", 989 "The \"sslTrustStoreUserName\" property must specify a " 990 "valid username if \"sslClientVerificationMode\" is " 991 "'required' or 'optional' and the truststore is a " 992 "single CA file. To register individual certificates " 993 "to users, you must use a truststore directory along "
994 kumpf 1.206 "with the CertificateProvider.");
995 sushma.fernandes 1.189 PEG_METHOD_EXIT(); 996 throw SSLException(parms); 997 }
998 nag.boranna 1.163 } 999 } 1000
1001 sushma.fernandes 1.178 #ifdef PEGASUS_ENABLE_SSL_CRL_VERIFICATION
1002 nag.boranna 1.163 // 1003 // Get the crlStore property from the Config Manager. 1004 // 1005 String crlStore = configManager->getCurrentValue(
1006 kumpf 1.195 PROPERTY_NAME__SSL_CRL_STORE);
1007 nag.boranna 1.163 1008 if (crlStore != String::EMPTY) 1009 { 1010 crlStore = ConfigManager::getHomedPath(crlStore); 1011 }
1012 sushma.fernandes 1.178 #else
1013 kumpf 1.195 String crlStore;
1014 sushma.fernandes 1.178 #endif
1015 nag.boranna 1.163 1016 // 1017 // Get the sslCertificateFilePath property from the Config Manager. 1018 // 1019 String certPath; 1020 certPath = ConfigManager::getHomedPath( 1021 configManager->getCurrentValue(PROPERTY_NAME__SSL_CERT_FILEPATH)); 1022 1023 // 1024 // Get the sslKeyFilePath property from the Config Manager. 1025 // 1026 String keyPath; 1027 keyPath = ConfigManager::getHomedPath( 1028 configManager->getCurrentValue(PROPERTY_NAME__SSL_KEY_FILEPATH)); 1029
1030 kumpf 1.201 String randFile;
1031 nag.boranna 1.163 1032 #ifdef PEGASUS_SSL_RANDOMFILE 1033 // NOTE: It is technically not necessary to set up a random file on 1034 // the server side, but it is easier to use a consistent interface 1035 // on the client and server than to optimize out the random file on 1036 // the server side. 1037 randFile = ConfigManager::getHomedPath(PEGASUS_SSLSERVER_RANDOMFILE); 1038 #endif 1039
1040 sushma.fernandes 1.189 // 1041 // Create the SSLContext defined by the configuration properties 1042 // 1043 if (String::equal(verifyClient, "required"))
1044 nag.boranna 1.163 {
1045 mike 1.230.4.1 PEG_TRACE_CSTRING(TRC_SERVER, Tracer::LEVEL3,
1046 sushma.fernandes 1.189 "SSL Client verification REQUIRED.");
1047 nag.boranna 1.163
1048 sushma.fernandes 1.189 _sslContextMgr->createSSLContext( 1049 trustStore, certPath, keyPath, crlStore, false, randFile); 1050 } 1051 else if (String::equal(verifyClient, "optional")) 1052 {
1053 mike 1.230.4.1 PEG_TRACE_CSTRING(TRC_SERVER, Tracer::LEVEL3,
1054 sushma.fernandes 1.189 "SSL Client verification OPTIONAL.");
1055 nag.boranna 1.163
1056 sushma.fernandes 1.189 _sslContextMgr->createSSLContext( 1057 trustStore, certPath, keyPath, crlStore, true, randFile);
1058 nag.boranna 1.163 }
1059 sushma.fernandes 1.189 else if (String::equal(verifyClient, "disabled") \|\| 1060 verifyClient == String::EMPTY)
1061 nag.boranna 1.163 {
1062 mike 1.230.4.1 PEG_TRACE_CSTRING(TRC_SERVER, Tracer::LEVEL3,
1063 sushma.fernandes 1.189 "SSL Client verification DISABLED.");
1064 nag.boranna 1.163
1065 sushma.fernandes 1.189 _sslContextMgr->createSSLContext( 1066 String::EMPTY, certPath, keyPath, crlStore, false, randFile);
1067 nag.boranna 1.163 }
1068 sushma.fernandes 1.189 sslContext = _sslContextMgr->getSSLContext();
1069 nag.boranna 1.163
1070 kumpf 1.229 try 1071 {
1072 kumpf 1.230 sslContext->_validateCertificate();
1073 kumpf 1.229 } 1074 catch (SSLException& e) 1075 { 1076 Logger::put( 1077 Logger::STANDARD_LOG, System::CIMSERVER, Logger::WARNING, 1078 e.getMessage()); 1079 } 1080
1081 nag.boranna 1.163 PEG_METHOD_EXIT(); 1082 return sslContext; 1083 }
1084 h.sterling 1.130
1085 yi.zhou 1.192 void CIMServer::auditLogInitializeCallback() 1086 {
1087 kumpf 1.216 #ifdef PEGASUS_ENABLE_AUDIT_LOGGER
1088 yi.zhou 1.192 1089 Array<String> propertyNames; 1090 Array<String> propertyValues; 1091 1092 // Get all current property names and values 1093 ConfigManager* configManager = ConfigManager::getInstance(); 1094 1095 configManager->getAllPropertyNames(propertyNames, false);
1096 kumpf 1.195
1097 yi.zhou 1.192 for (Uint32 i = 0; i < propertyNames.size(); i++)
1098 kumpf 1.195 {
1099 yi.zhou 1.192 propertyValues.append(configManager->getCurrentValue(propertyNames[i])); 1100 } 1101 1102 AuditLogger::logCurrentConfig(propertyNames, propertyValues); 1103 1104 // get currently registered provider module instances 1105 Array<CIMInstance> moduleInstances; 1106
1107 kumpf 1.195 moduleInstances =
1108 yi.zhou 1.192 _cimserver->_providerRegistrationManager->enumerateInstancesForClass( 1109 CIMObjectPath("PG_ProviderModule")); 1110 1111 AuditLogger::logCurrentRegProvider(moduleInstances); 1112 1113 AuditLogger::logCurrentEnvironmentVar(); 1114 1115 #endif 1116 } 1117
1118 tony 1.134 #ifdef PEGASUS_ENABLE_SLP 1119
1120 kumpf 1.195 ThreadReturnType PEGASUS_THREAD_CDECL _callSLPProvider(void* parm);
1121 tony 1.134 1122 // This is a control function that starts a new thread which issues a
1123 venkat.puvvada 1.227 // cim operation to start the slp provider. Used for both External and 1124 // Embedded SLP registrations.
1125 dave.sudlik 1.197 // 1126
1127 tony 1.134 void CIMServer::startSLPProvider() 1128 {
1129 marek 1.204 PEG_METHOD_ENTER(TRC_SERVER, "CIMServer::startSLPProvider");
1130 tony 1.134 1131 // Get Config parameter to determine if we should start SLP. 1132 ConfigManager* configManager = ConfigManager::getInstance();
1133 venkat.puvvada 1.227 Boolean _runSLP = ConfigManager::parseBooleanValue(
1134 kumpf 1.182 configManager->getCurrentValue("slp"));
1135 tony 1.134 1136 // If false, do not start slp provider 1137 if (!_runSLP) 1138 {
1139 marek 1.224 PEG_METHOD_EXIT();
1140 tony 1.134 return; 1141 }
1142 kumpf 1.195 // Create a separate thread, detach and call function to execute the 1143 // startup.
1144 tony 1.134 Thread t( _callSLPProvider, 0, true ); 1145 t.run(); 1146 1147 PEG_METHOD_EXIT(); 1148 return; 1149 } 1150 1151 1152 // startSLPProvider is a function to get the slp provider kicked off
1153 kumpf 1.195 // during startup. It is placed in the provider manager simply because
1154 tony 1.134 // the provider manager is the only component of the system is 1155 // driven by a timer after startup. It should never be here and must be 1156 // moved to somewhere more logical or really replaced. We simply needed 1157 // something that was run shortly after system startup.
1158 kumpf 1.195 // This function is assumed to operate in a separate thread and
1159 tony 1.134 // KS 15 February 2004. 1160
1161 kumpf 1.195 ThreadReturnType PEGASUS_THREAD_CDECL _callSLPProvider(void* parm)
1162 tony 1.134 {
1163 kumpf 1.195 PEG_METHOD_ENTER(TRC_SERVER, "CIMServer::_callSLPProvider()"); 1164
1165 tony 1.134 CIMClient client; 1166 String hostStr = System::getHostName(); 1167 1168 try 1169 { 1170 client.connectLocal(); 1171 // set client timeout to 2 seconds 1172 client.setTimeout(40000); 1173 String referenceStr = "//"; 1174 referenceStr.append(hostStr);
1175 kumpf 1.195 referenceStr.append("/");
1176 tony 1.134 referenceStr.append(PEGASUS_NAMESPACENAME_INTERNAL.getString()); 1177 referenceStr.append(":"); 1178 referenceStr.append(PEGASUS_CLASSNAME_WBEMSLPTEMPLATE.getString()); 1179 CIMObjectPath reference(referenceStr); 1180 // 1181 // issue the invokeMethod request on the register method 1182 // 1183 Array<CIMParamValue> inParams; 1184 Array<CIMParamValue> outParams; 1185 1186 CIMValue retValue = client.invokeMethod( 1187 PEGASUS_NAMESPACENAME_INTERNAL, 1188 reference, 1189 CIMName("register"), 1190 inParams,
1191 kumpf 1.195 outParams);
1192 dave.sudlik 1.197
1193 kumpf 1.200 Logger::put_l( 1194 Logger::STANDARD_LOG, System::CIMSERVER, Logger::INFORMATION,
1195 dave.sudlik 1.197 "Pegasus.Server.SLP.SLP_REGISTRATION_INITIATED", 1196 "SLP Registration Initiated");
1197 tony 1.134 } 1198
1199 dave.sudlik 1.197 catch(Exception& e)
1200 tony 1.134 {
1201 venkat.puvvada 1.227 #ifdef PEGASUS_SLP_REG_TIMEOUT 1202 Logger::put_l( 1203 Logger::STANDARD_LOG, System::CIMSERVER, Logger::WARNING, 1204 "Pegasus.Server.SLP.EXTERNAL_SLP_REGISTRATION_FAILED_EXCEPTION", 1205 "CIM Server registration with External SLP Failed. Exception: $0", 1206 e.getMessage()); 1207 #else
1208 dave.sudlik 1.197 Logger::put_l(Logger::STANDARD_LOG, System::CIMSERVER, Logger::WARNING, 1209 "Pegasus.Server.SLP.INTERNAL_SLP_REGISTRATION_FAILED_EXCEPTION", 1210 "CIM Server registration with Internal SLP Failed. Exception: $0", 1211 e.getMessage());
1212 venkat.puvvada 1.227 #endif
1213 tony 1.134 }
1214 dave.sudlik 1.197 1215 catch(...)
1216 tony 1.134 {
1217 venkat.puvvada 1.227 #ifdef PEGASUS_SLP_REG_TIMEOUT 1218 Logger::put_l( 1219 Logger::STANDARD_LOG, System::CIMSERVER, Logger::WARNING, 1220 "Pegasus.Server.SLP.EXTERNAL_SLP_REGISTRATION_FAILED_ERROR", 1221 "CIM Server registration with External SLP Failed."); 1222 #else
1223 dave.sudlik 1.197 Logger::put_l(Logger::STANDARD_LOG, System::CIMSERVER, Logger::WARNING, 1224 "Pegasus.Server.SLP.INTERNAL_SLP_REGISTRATION_FAILED_ERROR", 1225 "CIM Server registration with Internal SLP Failed.");
1226 venkat.puvvada 1.227 #endif
1227 tony 1.134 } 1228 1229 client.disconnect(); 1230
1231 dave.sudlik 1.197 PEG_METHOD_EXIT(); 1232 return( (ThreadReturnType)32 ); 1233 }
1234 tony 1.134 #endif 1235
1236 mike 1.42 PEGASUS_NAMESPACE_END

No CVS admin address has been configured