pegasus/src/Pegasus/Server/CIMServer.cpp - annotate

Return to CIMServer.cpp CVS log

Up to [Pegasus] / pegasus / src / Pegasus / Server

1 martin 1.243 //%LICENSE////////////////////////////////////////////////////////////////
2 martin 1.244 //
3 martin 1.243 // Licensed to The Open Group (TOG) under one or more contributor license 4 // agreements. Refer to the OpenPegasusNOTICE.txt file distributed with 5 // this work for additional information regarding copyright ownership. 6 // Each contributor licenses this file to you under the OpenPegasus Open 7 // Source License; you may not use this file except in compliance with the 8 // License.
9 martin 1.244 //
10 martin 1.243 // Permission is hereby granted, free of charge, to any person obtaining a 11 // copy of this software and associated documentation files (the "Software"), 12 // to deal in the Software without restriction, including without limitation 13 // the rights to use, copy, modify, merge, publish, distribute, sublicense, 14 // and/or sell copies of the Software, and to permit persons to whom the 15 // Software is furnished to do so, subject to the following conditions:
16 martin 1.244 //
17 martin 1.243 // The above copyright notice and this permission notice shall be included 18 // in all copies or substantial portions of the Software.
19 martin 1.244 //
20 martin 1.243 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
21 martin 1.244 // OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
22 martin 1.243 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 23 // IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY 24 // CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, 25 // TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 26 // SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
27 martin 1.244 //
28 martin 1.243 //////////////////////////////////////////////////////////////////////////
29 mike 1.42 // 30 //%///////////////////////////////////////////////////////////////////////////// 31
32 mike 1.50 #include <Pegasus/Common/Config.h> 33
34 mike 1.42 #include <cstdio> 35 #include <cctype>
36 mike 1.50 #include <ctime>
37 kumpf 1.169 38 #if (defined(PEGASUS_OS_HPUX) \|\| defined(PEGASUS_OS_LINUX)) \ 39 && defined(PEGASUS_USE_RELEASE_DIRS) 40 # include <unistd.h>
41 kumpf 1.215 # include <errno.h>
42 kumpf 1.115 #endif
43 kumpf 1.169
44 kumpf 1.75 #include <Pegasus/Common/Constants.h>
45 mike 1.42 #include <Pegasus/Common/FileSystem.h>
46 mike 1.183 #include <Pegasus/Common/Signal.h>
47 mike 1.50 #include <Pegasus/Common/HTTPAcceptor.h>
48 kumpf 1.54 #include <Pegasus/Common/Tracer.h>
49 marek 1.194 #include <Pegasus/Common/Logger.h>
50 mday 1.58 #include <Pegasus/Common/Cimom.h>
51 kumpf 1.78 #include <Pegasus/Common/PegasusVersion.h>
52 kumpf 1.188 #include <Pegasus/Common/Time.h>
53 kumpf 1.195 #include <Pegasus/Common/MessageLoader.h>
54 kumpf 1.216 #include <Pegasus/Common/AuditLogger.h>
55 marek 1.261 #include <Pegasus/Common/StringConversion.h>
56 kumpf 1.78
57 thilo.boehm 1.249 #include <Pegasus/General/SSLContextManager.h> 58
59 mike 1.42 #include <Pegasus/Repository/CIMRepository.h>
60 mike 1.50 #include <Pegasus/ExportServer/CIMExportRequestDispatcher.h> 61 #include <Pegasus/ExportServer/CIMExportResponseEncoder.h> 62 #include <Pegasus/ExportServer/CIMExportRequestDecoder.h>
63 kumpf 1.54 #include <Pegasus/Config/ConfigManager.h>
64 mike 1.50 #include <Pegasus/Security/UserManager/UserManager.h>
65 kumpf 1.62 #include <Pegasus/HandlerService/IndicationHandlerService.h> 66 #include <Pegasus/IndicationService/IndicationService.h>
67 kumpf 1.184 #include <Pegasus/ProviderManagerService/ProviderManagerService.h>
68 mike 1.179 #include <Pegasus/ProviderManager2/Default/DefaultProviderManager.h>
69 karl 1.262 #include "reg_table.h"
70 chip 1.114
71 r.kieninger 1.239 #if defined PEGASUS_OS_ZOS
72 r.kieninger 1.209 # include "ConsoleManager_zOS.h" 73 #endif 74
75 tony 1.134 #ifdef PEGASUS_ENABLE_SLP
76 kumpf 1.195 # include <Pegasus/Client/CIMClient.h>
77 tony 1.134 #endif 78
79 mike 1.47 #include "CIMServer.h"
80 mike 1.50 #include "CIMOperationRequestDispatcher.h" 81 #include "CIMOperationResponseEncoder.h" 82 #include "CIMOperationRequestDecoder.h"
83 kumpf 1.54 #include "CIMOperationRequestAuthorizer.h"
84 mike 1.50 #include "HTTPAuthenticatorDelegator.h"
85 kumpf 1.79 #include "ShutdownProvider.h"
86 kumpf 1.101 #include "ShutdownService.h"
87 kumpf 1.69 #include <Pegasus/Common/ModuleController.h>
88 kumpf 1.71 #include <Pegasus/ControlProviders/UserAuthProvider/UserAuthProvider.h>
89 kumpf 1.215 #include <Pegasus/ControlProviders/ConfigSettingProvider/\ 90 ConfigSettingProvider.h> 91 #include <Pegasus/ControlProviders/ProviderRegistrationProvider/\ 92 ProviderRegistrationProvider.h>
93 karl 1.80 #include <Pegasus/ControlProviders/NamespaceProvider/NamespaceProvider.h>
94 humberto 1.110
95 karl 1.158 #ifndef PEGASUS_DISABLE_PERFINST
96 kumpf 1.195 # include <Pegasus/ControlProviders/Statistic/CIMOMStatDataProvider.h>
97 w.white 1.142 #endif 98
99 h.sterling 1.154 #ifdef PEGASUS_HAS_SSL
100 kumpf 1.195 # include <Pegasus/ControlProviders/CertificateProvider/CertificateProvider.h>
101 h.sterling 1.154 #endif
102 w.white 1.142
103 karl 1.226 #ifdef PEGASUS_ENABLE_CQL
104 kumpf 1.215 # include <Pegasus/ControlProviders/QueryCapabilitiesProvider/\ 105 CIMQueryCapabilitiesProvider.h>
106 a.arora 1.156 #endif 107
108 karl 1.210 #if defined PEGASUS_ENABLE_INTEROP_PROVIDER
109 kumpf 1.195 # include <Pegasus/ControlProviders/InteropProvider/InteropProvider.h>
110 tony 1.134 #endif 111
112 kumpf 1.228 #ifdef PEGASUS_ENABLE_PROTOCOL_WSMAN 113 # include <Pegasus/WsmServer/WsmProcessor.h> 114 #endif 115
116 mike 1.42 PEGASUS_NAMESPACE_BEGIN
117 karl 1.262
118 dave.sudlik 1.197 #ifdef PEGASUS_SLP_REG_TIMEOUT 119 ThreadReturnType PEGASUS_THREAD_CDECL registerPegasusWithSLP(void *parm); 120 // Configurable SLP port to be handeled in a separate bug. 121 # define SLP_DEFAULT_PORT 427 122 # define LOCALHOST_IP "127.0.0.1" 123 #endif
124 mike 1.42
125 kumpf 1.195 static CIMServer* _cimserver = NULL;
126 a.arora 1.143
127 kumpf 1.100 // Need a static method to act as a callback for the control provider. 128 // This doesn't belong here, but I don't have a better place to put it.
129 kumpf 1.195 static Message* controlProviderReceiveMessageCallback( 130 Message* message, 131 void* instance)
132 kumpf 1.69 {
133 kumpf 1.185 CIMRequestMessage* request = dynamic_cast<CIMRequestMessage*>(message); 134 PEGASUS_ASSERT(request != 0); 135
136 kumpf 1.220 Thread::setLanguages(
137 kumpf 1.185 ((AcceptLanguageListContainer) request->operationContext.get( 138 AcceptLanguageListContainer::NAME)).getLanguages()); 139 140 ProviderMessageHandler* pmh = 141 reinterpret_cast<ProviderMessageHandler*>(instance);
142 venkat.puvvada 1.256 143 MessageType reqType = request->getType(); 144 if (reqType == CIM_STOP_ALL_PROVIDERS_REQUEST_MESSAGE) 145 { 146 pmh->terminate(); 147 return 0; 148 } 149 else if (reqType == CIM_SUBSCRIPTION_INIT_COMPLETE_REQUEST_MESSAGE) 150 { 151 pmh->subscriptionInitComplete(); 152 return 0; 153 } 154 else if (reqType == CIM_INDICATION_SERVICE_DISABLED_REQUEST_MESSAGE) 155 { 156 pmh->indicationServiceDisabled(); 157 return 0; 158 }
159 kumpf 1.185 return pmh->processMessage(request);
160 kumpf 1.73 }
161 kumpf 1.71
162 kumpf 1.137 // 163 // Signal handler for shutdown signals, currently SIGHUP and SIGTERM 164 //
165 kumpf 1.108 Boolean handleShutdownSignal = false;
166 kumpf 1.195 void shutdownSignalHandler(int s_n, PEGASUS_SIGINFO_T* s_info, void* sig)
167 kumpf 1.101 {
168 kumpf 1.108 PEG_METHOD_ENTER(TRC_SERVER, "shutdownSignalHandler");
169 marek 1.231 PEG_TRACE((TRC_SERVER, Tracer::LEVEL3, "Signal %d received.", s_n));
170 kumpf 1.101
171 a.arora 1.143 CIMServer::shutdownSignal();
172 kumpf 1.101 173 PEG_METHOD_EXIT(); 174 } 175
176 s.hills 1.123 void CIMServer::shutdownSignal() 177 { 178 PEG_METHOD_ENTER(TRC_SERVER, "CIMServer::shutdownSignal()"); 179 handleShutdownSignal = true;
180 a.arora 1.143 _cimserver->tickle_monitor();
181 s.hills 1.123 PEG_METHOD_EXIT(); 182 } 183
184 ouyang.jian 1.212 #ifdef PEGASUS_OS_PASE 185 static void _synchronousSignalHandler(int s_n, PEGASUS_SIGINFO_T* s_info, 186 void* sig) 187 { 188 static bool mark = false; 189 if (mark) 190 return; 191 192 mark = true; 193 194 Logger::put_l(Logger::ERROR_LOG, "CIMServer", Logger::SEVERE,
195 kumpf 1.233 MessageLoaderParms( 196 "Pegasus.Server.CIMServer.RECEIVE_SYN_SIGNAL.PEGASUS_OS_PASE", 197 "Synchronous signal received."));
198 ouyang.jian 1.212 199 CIMServer::shutdownSignal(); 200 } 201 202 static void _asynchronousSignalHandler(int s_n, PEGASUS_SIGINFO_T* s_info, 203 void* sig) 204 { 205 static bool mark = false; 206 if (mark) 207 return; 208 209 mark = true; 210 211 Logger::put_l(Logger::ERROR_LOG, "CIMServer", Logger::SEVERE,
212 kumpf 1.233 MessageLoaderParms( 213 "Pegasus.Server.CIMServer.RECEIVE_ASYN_SIGNAL.PEGASUS_OS_PASE", 214 "Asynchronous signal received."));
215 ouyang.jian 1.212 216 CIMServer::shutdownSignal(); 217 } 218 #endif 219
220 kumpf 1.206 CIMServer::CIMServer() 221 : _dieNow(false)
222 mike 1.43 {
223 kumpf 1.75 PEG_METHOD_ENTER(TRC_SERVER, "CIMServer::CIMServer()");
224 yi.zhou 1.192 _cimserver = this;
225 mday 1.111 _init();
226 yi.zhou 1.192
227 mday 1.111 PEG_METHOD_EXIT(); 228 } 229
230 kumpf 1.195 void CIMServer::tickle_monitor() 231 {
232 a.arora 1.143 _monitor->tickle(); 233 }
234 mike 1.179
235 thilo.boehm 1.252 SCMOClass CIMServer::_scmoClassCache_GetClass( 236 const CIMNamespaceName& nameSpace, 237 const CIMName& className) 238 { 239 CIMClass cc; 240 241 PEG_METHOD_ENTER(TRC_SERVER, "CIMServer::_scmoClassCache_GetClass()");
242 karl 1.262 try
243 thilo.boehm 1.252 { 244 cc = _cimserver->_repository->getClass( 245 nameSpace, 246 className, 247 false, // localOnly 248 true, // includeQualifiers 249 true, // includeClassOrigin 250 CIMPropertyList()); 251 } 252 catch (Exception& e) 253 { 254 PEG_TRACE((TRC_DISCARDED_DATA, Tracer::LEVEL2,
255 thilo.boehm 1.253 "The class '%s' in the name space '%s' was not found. " 256 "The repository throws the following exception: %s", 257 (const char)className.getString().getCString(), 258 (const char)nameSpace.getString().getCString(),
259 thilo.boehm 1.252 (const char*)e.getMessage().getCString())); 260 // Return a empty class. 261 PEG_METHOD_EXIT();
262 karl 1.262 return SCMOClass("","");
263 thilo.boehm 1.252 } 264 265 if (cc.isUninitialized()) 266 { 267 // The requested class was not found ! 268 // Return a empty class. 269 PEG_METHOD_EXIT(); 270 return SCMOClass("",""); 271 } 272 PEG_METHOD_EXIT(); 273 return SCMOClass(cc,(const char*)nameSpace.getString().getCString()); 274 275 } 276 277
278 kumpf 1.195 void CIMServer::_init()
279 mday 1.111 {
280 thilo.boehm 1.254 281 // pre-initialize the hostname. 282 System::getHostName(); 283
284 kumpf 1.206 _monitor.reset(new Monitor()); 285
286 kumpf 1.167 #if (defined(PEGASUS_OS_HPUX) \|\| defined(PEGASUS_OS_LINUX)) \ 287 && defined(PEGASUS_USE_RELEASE_DIRS)
288 kumpf 1.215 if (chdir(PEGASUS_CORE_DIR) != 0) 289 { 290 PEG_TRACE((TRC_SERVER, Tracer::LEVEL2, 291 "chdir(\"%s\") failed with errno %d.", PEGASUS_CORE_DIR, errno)); 292 }
293 kumpf 1.115 #endif
294 kumpf 1.60
295 mike 1.43 // -- Create a repository: 296
297 kumpf 1.193 String repositoryRootPath = 298 ConfigManager::getHomedPath( 299 ConfigManager::getInstance()->getCurrentValue("repositoryDir")); 300
301 kumpf 1.81 #ifdef DO_NOT_CREATE_REPOSITORY_ON_STARTUP 302 // If this code is enable, the CIMServer will fail to start
303 kumpf 1.206 // if the repository directory does not exist. If called,
304 kumpf 1.81 // the Repository will create an empty repository. 305
306 chip 1.112 // This check has been disabled to allow cimmof to call
307 kumpf 1.81 // the CIMServer to build the initial repository.
308 kumpf 1.60 if (!FileSystem::isDirectory(repositoryRootPath))
309 kumpf 1.54 {
310 kumpf 1.195 throw NoSuchDirectory(repositoryRootPath);
311 kumpf 1.54 }
312 kumpf 1.81 #endif
313 mike 1.43
314 kumpf 1.193 _repository = new CIMRepository(repositoryRootPath);
315 mike 1.50
316 kumpf 1.76 // -- Create a UserManager object:
317 marek 1.260 UserManager::getInstance(_repository);
318 kumpf 1.76
319 thilo.boehm 1.252 // -- Create a SCMOClass Cache and set call back for the repository 320 321 SCMOClassCache::getInstance()->setCallBack(_scmoClassCache_GetClass); 322
323 mike 1.50 // -- Create a CIMServerState object: 324
325 a.arora 1.133 _serverState.reset(new CIMServerState());
326 mike 1.50
327 kumpf 1.67 _providerRegistrationManager = new ProviderRegistrationManager(_repository); 328
329 mike 1.50 // -- Create queue inter-connections:
330 schuur 1.127
331 mike 1.179 _providerManager = new ProviderManagerService(
332 kumpf 1.195 _providerRegistrationManager, 333 _repository, 334 DefaultProviderManager::createDefaultProviderManagerCallback);
335 mike 1.179 336 // Create IndicationHandlerService:
337 kumpf 1.159
338 kumpf 1.67 _handlerService = new IndicationHandlerService(_repository);
339 kumpf 1.69
340 sushma.fernandes 1.208 _cimOperationRequestDispatcher = new CIMOperationRequestDispatcher( 341 _repository, _providerRegistrationManager); 342
343 kumpf 1.71 // Create the control service
344 kumpf 1.99 _controlService = new ModuleController(PEGASUS_QUEUENAME_CONTROLSERVICE);
345 kumpf 1.71
346 kumpf 1.195 // Jump this number up when there are more control providers. 347 _controlProviders.reserveCapacity(16);
348 kumpf 1.185
349 kumpf 1.71 // Create the Configuration control provider
350 kumpf 1.185 ProviderMessageHandler* configProvider = new ProviderMessageHandler(
351 dmitry.mikulin 1.211 "CIMServerControlProvider", "ConfigSettingProvider", 352 new ConfigSettingProvider(), 0, 0, false);
353 konrad.r 1.171
354 kumpf 1.185 _controlProviders.append(configProvider);
355 venkat.puvvada 1.237 _controlService->register_module(
356 kumpf 1.195 PEGASUS_MODULENAME_CONFIGPROVIDER, 357 configProvider,
358 venkat.puvvada 1.237 controlProviderReceiveMessageCallback);
359 kumpf 1.71 360 // Create the User/Authorization control provider
361 kumpf 1.185 ProviderMessageHandler* userAuthProvider = new ProviderMessageHandler(
362 dmitry.mikulin 1.211 "CIMServerControlProvider", "UserAuthProvider", 363 new UserAuthProvider(_repository), 0, 0, false);
364 kumpf 1.185 _controlProviders.append(userAuthProvider);
365 venkat.puvvada 1.237 _controlService->register_module(
366 kumpf 1.195 PEGASUS_MODULENAME_USERAUTHPROVIDER, 367 userAuthProvider,
368 venkat.puvvada 1.237 controlProviderReceiveMessageCallback);
369 mike 1.50
370 kumpf 1.74 // Create the Provider Registration control provider
371 kumpf 1.185 ProviderMessageHandler* provRegProvider = new ProviderMessageHandler(
372 dmitry.mikulin 1.211 "CIMServerControlProvider", "ProviderRegistrationProvider",
373 kumpf 1.185 new ProviderRegistrationProvider(_providerRegistrationManager),
374 venkat.puvvada 1.256 ModuleController::indicationCallback, 0, false);
375 kumpf 1.185 // Warning: The ProviderRegistrationProvider destructor deletes 376 // _providerRegistrationManager 377 _controlProviders.append(provRegProvider);
378 venkat.puvvada 1.237 _controlService->register_module(
379 kumpf 1.195 PEGASUS_MODULENAME_PROVREGPROVIDER, 380 provRegProvider,
381 venkat.puvvada 1.237 controlProviderReceiveMessageCallback);
382 kumpf 1.79
383 kumpf 1.185 // Create the Shutdown control provider 384 ProviderMessageHandler* shutdownProvider = new ProviderMessageHandler(
385 dmitry.mikulin 1.211 "CIMServerControlProvider", "ShutdownProvider", 386 new ShutdownProvider(this), 0, 0, false);
387 kumpf 1.185 _controlProviders.append(shutdownProvider);
388 venkat.puvvada 1.237 _controlService->register_module(
389 kumpf 1.195 PEGASUS_MODULENAME_SHUTDOWNPROVIDER, 390 shutdownProvider,
391 venkat.puvvada 1.237 controlProviderReceiveMessageCallback);
392 karl 1.80
393 kumpf 1.185 // Create the namespace control provider 394 ProviderMessageHandler* namespaceProvider = new ProviderMessageHandler(
395 dmitry.mikulin 1.211 "CIMServerControlProvider", "NamespaceProvider", 396 new NamespaceProvider(_repository), 0, 0, false);
397 kumpf 1.185 _controlProviders.append(namespaceProvider);
398 venkat.puvvada 1.237 _controlService->register_module(
399 kumpf 1.195 PEGASUS_MODULENAME_NAMESPACEPROVIDER, 400 namespaceProvider,
401 venkat.puvvada 1.237 controlProviderReceiveMessageCallback);
402 kumpf 1.195 403 // 404 // Create a SSLContextManager object 405 // 406 _sslContextMgr = new SSLContextManager();
407 nag.boranna 1.161
408 h.sterling 1.154 #ifdef PEGASUS_HAS_SSL
409 kumpf 1.195 // Because this provider allows management of the cimserver truststore 410 // it needs to be available regardless of the value 411 // of sslClientVerificationMode config property.
412 kumpf 1.185 ProviderMessageHandler* certificateProvider = new ProviderMessageHandler(
413 dmitry.mikulin 1.211 "CIMServerControlProvider", "CertificateProvider",
414 kumpf 1.185 new CertificateProvider(_repository, _sslContextMgr), 415 0, 0, false); 416 _controlProviders.append(certificateProvider);
417 venkat.puvvada 1.237 _controlService->register_module(
418 kumpf 1.195 PEGASUS_MODULENAME_CERTIFICATEPROVIDER, 419 certificateProvider,
420 venkat.puvvada 1.237 controlProviderReceiveMessageCallback);
421 h.sterling 1.154 #endif
422 h.sterling 1.153
423 karl 1.158 #ifndef PEGASUS_DISABLE_PERFINST
424 kumpf 1.185 // Create the Statistical Data control provider 425 ProviderMessageHandler* cimomstatdataProvider = new ProviderMessageHandler(
426 dmitry.mikulin 1.211 "CIMServerControlProvider", "CIMOMStatDataProvider", 427 new CIMOMStatDataProvider(), 0, 0, false);
428 kumpf 1.185 _controlProviders.append(cimomstatdataProvider);
429 venkat.puvvada 1.237 _controlService->register_module(
430 kumpf 1.195 PEGASUS_MODULENAME_CIMOMSTATDATAPROVIDER, 431 cimomstatdataProvider,
432 venkat.puvvada 1.237 controlProviderReceiveMessageCallback);
433 w.white 1.142 #endif 434
435 karl 1.226 #ifdef PEGASUS_ENABLE_CQL
436 a.arora 1.156
437 kumpf 1.185 // Create the Query Capabilities control provider 438 ProviderMessageHandler* cimquerycapprovider = new ProviderMessageHandler(
439 dmitry.mikulin 1.211 "CIMServerControlProvider", "CIMQueryCapabilitiesProvider",
440 kumpf 1.185 new CIMQueryCapabilitiesProvider(), 441 0, 0, false); 442 _controlProviders.append(cimquerycapprovider);
443 venkat.puvvada 1.237 _controlService->register_module(
444 kumpf 1.195 PEGASUS_MODULENAME_CIMQUERYCAPPROVIDER, 445 cimquerycapprovider,
446 venkat.puvvada 1.237 controlProviderReceiveMessageCallback);
447 a.arora 1.156 #endif 448
449 karl 1.210 #if defined PEGASUS_ENABLE_INTEROP_PROVIDER
450 w.white 1.149
451 kumpf 1.185 // Create the interop control provider 452 ProviderMessageHandler* interopProvider = new ProviderMessageHandler(
453 dmitry.mikulin 1.211 "CIMServerControlProvider", "InteropProvider",
454 venkat.puvvada 1.251 new InteropProvider(
455 thilo.boehm 1.252 _repository,
456 venkat.puvvada 1.251 _providerRegistrationManager), 457 0, 0, false); 458
459 kumpf 1.185 _controlProviders.append(interopProvider);
460 venkat.puvvada 1.237 _controlService->register_module(
461 kumpf 1.195 PEGASUS_MODULENAME_INTEROPPROVIDER, 462 interopProvider,
463 venkat.puvvada 1.237 controlProviderReceiveMessageCallback);
464 tony 1.134 #endif
465 kumpf 1.74
466 kumpf 1.195 _cimOperationResponseEncoder = new CIMOperationResponseEncoder;
467 mike 1.50
468 kumpf 1.54 // 469 // get the configured authentication and authorization flags 470 // 471 ConfigManager* configManager = ConfigManager::getInstance(); 472
473 kumpf 1.182 Boolean enableAuthentication = ConfigManager::parseBooleanValue( 474 configManager->getCurrentValue("enableAuthentication"));
475 kumpf 1.54
476 sahana.prabhakar 1.248 MessageQueue* cimOperationProcessorQueue = 0;
477 kumpf 1.228
478 kumpf 1.54 //
479 kumpf 1.104 // Create Authorization queue only if authentication is enabled
480 kumpf 1.54 //
481 kumpf 1.104 if ( enableAuthentication )
482 kumpf 1.54 { 483 _cimOperationRequestAuthorizer = new CIMOperationRequestAuthorizer( 484 _cimOperationRequestDispatcher);
485 kumpf 1.228 cimOperationProcessorQueue = _cimOperationRequestAuthorizer;
486 kumpf 1.54 } 487 else 488 {
489 kumpf 1.99 _cimOperationRequestAuthorizer = 0;
490 kumpf 1.228 cimOperationProcessorQueue = _cimOperationRequestDispatcher; 491 }
492 kumpf 1.99
493 kumpf 1.228 _cimOperationRequestDecoder = new CIMOperationRequestDecoder( 494 cimOperationProcessorQueue, 495 _cimOperationResponseEncoder->getQueueId());
496 mike 1.43
497 kumpf 1.195 _cimExportRequestDispatcher = new CIMExportRequestDispatcher();
498 mike 1.43
499 kumpf 1.195 _cimExportResponseEncoder = new CIMExportResponseEncoder;
500 mike 1.43
501 mike 1.50 _cimExportRequestDecoder = new CIMExportRequestDecoder(
502 kumpf 1.195 _cimExportRequestDispatcher, 503 _cimExportResponseEncoder->getQueueId());
504 mike 1.43
505 kumpf 1.99 _httpAuthenticatorDelegator = new HTTPAuthenticatorDelegator(
506 mike 1.50 _cimOperationRequestDecoder->getQueueId(),
507 h.sterling 1.153 _cimExportRequestDecoder->getQueueId(),
508 nag.boranna 1.161 _repository);
509 mike 1.43
510 kumpf 1.228 #ifdef PEGASUS_ENABLE_PROTOCOL_WSMAN 511 _wsmProcessor = new WsmProcessor( 512 cimOperationProcessorQueue, 513 _repository); 514 _httpAuthenticatorDelegator->setWsmQueueId( 515 _wsmProcessor->getWsmRequestDecoderQueueId()); 516 #endif 517
518 kumpf 1.82 // IMPORTANT-NU-20020513: Indication service must start after ExportService 519 // otherwise HandlerService started by indicationService will never 520 // get ExportQueue to export indications for existing subscriptions 521
522 venkat.puvvada 1.250 _indicationService = new IndicationService( 523 _repository, 524 _providerRegistrationManager);
525 mike 1.50
526 karl 1.262 // Build the Control Provider and Service internal routing table. This must 527 // be called after MessageQueueService initialized and ServiceQueueIds 528 // installed. 529 530 DynamicRoutingTable::buildRoutingTable(); 531
532 kumpf 1.108 // Enable the signal handler to shutdown gracefully on SIGHUP and SIGTERM 533 getSigHandle()->registerHandler(PEGASUS_SIGHUP, shutdownSignalHandler);
534 kumpf 1.107 getSigHandle()->activate(PEGASUS_SIGHUP);
535 kumpf 1.108 getSigHandle()->registerHandler(PEGASUS_SIGTERM, shutdownSignalHandler); 536 getSigHandle()->activate(PEGASUS_SIGTERM);
537 ouyang.jian 1.212 #ifdef PEGASUS_OS_PASE 538 getSigHandle()->registerHandler(SIGFPE, _synchronousSignalHandler); 539 getSigHandle()->activate(SIGFPE); 540 getSigHandle()->registerHandler(SIGILL, _synchronousSignalHandler); 541 getSigHandle()->activate(SIGILL); 542 getSigHandle()->registerHandler(SIGSEGV, _synchronousSignalHandler); 543 getSigHandle()->activate(SIGSEGV); 544 getSigHandle()->registerHandler(SIGIO, _asynchronousSignalHandler); 545 getSigHandle()->activate(SIGIO); 546 #endif
547 marek 1.223 #ifdef PEGASUS_OS_ZOS 548 // Establish handling signal send to us on USS shutdown 549 getSigHandle()->registerHandler(PEGASUS_SIGDANGER, shutdownSignalHandler); 550 getSigHandle()->activate(PEGASUS_SIGDANGER); 551 // enable process to receive SIGDANGER on USS shutdown 552 __shutdown_registration(_SDR_NOTIFY, _SDR_REGPROCESS, _SDR_SENDSIGDANGER); 553 #endif
554 marek 1.194 555 //
556 r.kieninger 1.209 // Set up an additional thread waiting for commands from the 557 // system console
558 marek 1.194 //
559 r.kieninger 1.239 #if defined PEGASUS_OS_ZOS
560 r.kieninger 1.209 ZOSConsoleManager::startConsoleWatchThread();
561 marek 1.194 #endif 562
563 kumpf 1.216 #ifdef PEGASUS_ENABLE_AUDIT_LOGGER
564 yi.zhou 1.192 565 // Register audit logger initialize callback 566 AuditLogger::setInitializeCallback(auditLogInitializeCallback); 567 568 Boolean enableAuditLog = ConfigManager::parseBooleanValue( 569 configManager->getCurrentValue("enableAuditLog")); 570 571 if (enableAuditLog) 572 { 573 AuditLogger::setEnabled(enableAuditLog); 574 } 575 576 #endif
577 mike 1.43 } 578
579 venkat.puvvada 1.247 void CIMServer::initComplete() 580 { 581 // CIMServer initialization is now complete. Inform indication service 582 // to send CIMSubscriptionInitCompleteRequestMessage. 583 if (_indicationService) 584 { 585 _indicationService->sendSubscriptionInitComplete(); 586 }
587 venkat.puvvada 1.256 _providerRegistrationManager->setInitComplete();
588 venkat.puvvada 1.247 }
589 mday 1.111
590 konrad.r 1.171 CIMServer::~CIMServer () 591 {
592 kumpf 1.175 PEG_METHOD_ENTER (TRC_SERVER, "CIMServer::~CIMServer()");
593 mday 1.111
594 kumpf 1.175 // Wait until the Shutdown provider request has cleared through the
595 kumpf 1.195 // system.
596 kumpf 1.175 ShutdownService::getInstance(this)->waitUntilNoMoreRequests(false);
597 mday 1.111
598 kumpf 1.245 // Make sure no providers are running (since they might depend on the 599 // services we are about to delete). 600 ShutdownService::getInstance(this)->shutdownProviders(); 601
602 kumpf 1.175 // Ok, shutdown all the MQSs. This shuts their communication channel. 603 ShutdownService::getInstance(this)->shutdownCimomServices();
604 kumpf 1.54
605 kumpf 1.175 // Start deleting the objects. 606 // The order is very important. 607 608 // The HTTPAcceptor depends on HTTPAuthenticationDelegator 609 for (Uint32 i = 0, n = _acceptors.size (); i < n; i++)
610 konrad.r 1.171 {
611 kumpf 1.195 HTTPAcceptor* p = _acceptors[i];
612 kumpf 1.175 delete p;
613 konrad.r 1.171 }
614 kumpf 1.99
615 kumpf 1.175 // IndicationService depends on ProviderManagerService, 616 // IndicationHandlerService, and ProviderRegistrationManager, and thus 617 // should be deleted before the ProviderManagerService, 618 // IndicationHandlerService, and ProviderRegistrationManager are deleted. 619 delete _indicationService; 620 621 // HTTPAuthenticationDelegator depends on CIMRepository, 622 // CIMOperationRequestDecoder and CIMExportRequestDecoder 623 delete _httpAuthenticatorDelegator; 624 625 delete _cimExportRequestDecoder; 626 627 delete _cimExportResponseEncoder; 628 629 delete _cimExportRequestDispatcher; 630 631 // CIMOperationRequestDecoder depends on CIMOperationRequestAuthorizer 632 // and CIMOperationResponseEncoder 633 delete _cimOperationRequestDecoder;
634 kumpf 1.228 delete _cimOperationResponseEncoder;
635 kumpf 1.175
636 kumpf 1.228 #ifdef PEGASUS_ENABLE_PROTOCOL_WSMAN 637 // WsmProcessor depends on CIMOperationRequestAuthorizer/Dispatcher and 638 // CIMRepository 639 delete _wsmProcessor; 640 #endif
641 kumpf 1.175 642 // CIMOperationRequestAuthorizer depends on 643 // CIMOperationRequestDispatcher 644 delete _cimOperationRequestAuthorizer; 645 646 // IndicationHandlerService uses CIMOperationRequestDispatcher 647 delete _handlerService; 648
649 kumpf 1.195 // CIMOperationRequestDispatcher depends on
650 kumpf 1.175 // CIMRepository and ProviderRegistrationManager. 651 // CIMOperationRequestDispatcher keeps an internal list of control 652 // providers. Must delete this before ModuleController. 653 delete _cimOperationRequestDispatcher; 654 655 // ModuleController takes care of deleting all wrappers around 656 // the control providers. 657 delete _controlService; 658 659 // Find all of the control providers (module) 660 // Must delete CIMOperationRequestDispatcher _before_ deleting each 661 // of the control provider. The CIMOperationRequestDispatcher keeps 662 // its own table of the internal providers (pointers). 663 for (Uint32 i = 0, n = _controlProviders.size(); i < n; i++)
664 konrad.r 1.171 {
665 kumpf 1.195 ProviderMessageHandler* p = _controlProviders[i];
666 kumpf 1.196 delete p->getProvider();
667 kumpf 1.175 delete p;
668 konrad.r 1.171 } 669
670 kumpf 1.195 // The SSL control providers use the SSL context manager.
671 kumpf 1.175 delete _sslContextMgr; 672 673 // ProviderManagerService depends on ProviderRegistrationManager. 674 // Note that deleting the ProviderManagerService causes the 675 // DefaultProviderManager (if loaded) to get unloaded. Dynamically 676 // unloading the DefaultProviderManager library affects (on HP-UX, at 677 // least) the statically loaded version of this library used by the
678 kumpf 1.185 // ProviderMessageHandler wrapper for the control providers. Deleting
679 kumpf 1.175 // the ProviderManagerService after the control providers is a 680 // workaround for this problem. 681 delete _providerManager; 682 683 delete _providerRegistrationManager;
684 konrad.r 1.171
685 kumpf 1.175 // Almost everybody uses the CIMRepository. 686 delete _repository;
687 kumpf 1.99
688 kumpf 1.175 // Destroy the singleton services
689 thilo.boehm 1.252 SCMOClassCache::destroy();
690 kumpf 1.175 UserManager::destroy(); 691 ShutdownService::destroy();
692 konrad.r 1.172
693 kumpf 1.175 PEG_METHOD_EXIT ();
694 mike 1.43 } 695
696 kumpf 1.101 void CIMServer::addAcceptor(
697 dave.sudlik 1.207 Uint16 connectionType,
698 kumpf 1.101 Uint32 portNumber,
699 dev.meetei 1.259 Boolean useSSL, 700 HostAddress *ipAddress)
701 kumpf 1.101 { 702 HTTPAcceptor* acceptor;
703 sushma.fernandes 1.189 704 acceptor = new HTTPAcceptor(
705 kumpf 1.206 _monitor.get(),
706 kumpf 1.195 _httpAuthenticatorDelegator,
707 dave.sudlik 1.207 connectionType,
708 kumpf 1.195 portNumber, 709 useSSL ? _getSSLContext() : 0,
710 karl 1.262 useSSL ? _sslContextMgr->getSSLContextObjectLock() : 0,
711 dev.meetei 1.259 ipAddress);
712 marek 1.180
713 kumpf 1.101 _acceptors.append(acceptor); 714 } 715 716 void CIMServer::bind()
717 mike 1.43 {
718 kumpf 1.75 PEG_METHOD_ENTER(TRC_SERVER, "CIMServer::bind()");
719 kumpf 1.54
720 kumpf 1.157 if (_acceptors.size() == 0) 721 { 722 MessageLoaderParms mlp = MessageLoaderParms( 723 "Server.CIMServer.BIND_FAILED", 724 "No CIM Server connections are enabled.");
725 chip 1.112
726 kumpf 1.157 throw BindFailedException(mlp); 727 }
728 chip 1.112
729 kumpf 1.157 for (Uint32 i=0; i<_acceptors.size(); i++) 730 { 731 _acceptors[i]->bind();
732 kumpf 1.101 }
733 chip 1.112
734 kumpf 1.75 PEG_METHOD_EXIT();
735 mike 1.43 } 736 737 void CIMServer::runForever() 738 {
739 mday 1.111 // Note: Trace code in this method will be invoked frequently.
740 kumpf 1.101
741 kumpf 1.195 if (!_dieNow)
742 kumpf 1.157 {
743 kumpf 1.195 _monitor->run(500000); 744 static struct timeval lastIdleCleanupTime = {0, 0};
745 venkat.puvvada 1.227 struct timeval now;
746 kumpf 1.195 Time::gettimeofday(&now);
747 kumpf 1.186
748 kumpf 1.195 if (now.tv_sec - lastIdleCleanupTime.tv_sec > 300) 749 { 750 lastIdleCleanupTime.tv_sec = now.tv_sec;
751 kumpf 1.186
752 kumpf 1.195 try 753 {
754 sahana.prabhakar 1.255 _providerManager->idleTimeCleanup();
755 kumpf 1.195 MessageQueueService::get_thread_pool()->cleanupIdleThreads();
756 kumpf 1.238 #ifdef PEGASUS_ENABLE_PROTOCOL_WSMAN 757 _wsmProcessor->cleanupExpiredContexts(); 758 #endif
759 kumpf 1.195 } 760 catch (...) 761 { 762 } 763 }
764 nag.boranna 1.161
765 kumpf 1.195 if (handleShutdownSignal) 766 {
767 marek 1.199 PEG_TRACE_CSTRING(TRC_SERVER, Tracer::LEVEL3,
768 kumpf 1.195 "CIMServer::runForever - signal received. Shutting down.");
769 dl.meetei 1.263 770 //same statement as that of getShutdownTimeout 771 //TODO: DL consolidate in one place 772 ConfigManager *cfgManager = ConfigManager::getInstance(); 773 String shutdnTimestr = cfgManager ->getCurrentValue( 774 "shutdownTimeout"); 775 776 Uint64 shutdownTimeout = 0; 777 778 StringConversion::decimalStringToUint64( 779 shutdnTimestr.getCString(), shutdownTimeout); 780 781 ShutdownService::getInstance(this)->shutdown( 782 true, 783 (Uint32)shutdownTimeout, 784 false); 785 786
787 kumpf 1.195 // Set to false must be after call to shutdown. See 788 // stopClientConnection. 789 handleShutdownSignal = false; 790 }
791 kumpf 1.157 }
792 mike 1.50 }
793 mday 1.118
794 mike 1.50 void CIMServer::stopClientConnection() 795 {
796 kumpf 1.75 PEG_METHOD_ENTER(TRC_SERVER, "CIMServer::stopClientConnection()");
797 kumpf 1.54
798 kumpf 1.157 // tell Monitor to stop listening for client connections 799 if (handleShutdownSignal) 800 // If shutting down, this is in the same thread as runForever. 801 // No need to wait for the thread to see the stop flag. 802 _monitor->stopListeningForConnections(false); 803 else 804 // If not shutting down, this is not in the same thread as runForever. 805 // Need to wait for the thread to see the stop flag. 806 _monitor->stopListeningForConnections(true); 807 808 //
809 kumpf 1.195 // Wait 150 milliseconds to allow time for the Monitor to stop 810 // listening for client connections.
811 kumpf 1.157 // 812 // This wait time is the timeout value for the select() call
813 kumpf 1.195 // in the Monitor's run() method (currently set to 100
814 kumpf 1.157 // milliseconds) plus a delta of 50 milliseconds. The reason 815 // for the wait here is to make sure that the Monitor entries 816 // are updated before closing the connection sockets. 817 //
818 marek 1.199 // PEG_TRACE_CSTRING(TRC_SERVER, Tracer::LEVEL4, "Wait 150 milliseconds.");
819 mike 1.183 // Threads::sleep(150); not needed anymore due to the semaphore
820 kumpf 1.157 // in the monitor 821 822 for (Uint32 i=0; i<_acceptors.size(); i++)
823 kumpf 1.117 {
824 kumpf 1.157 _acceptors[i]->closeConnectionSocket();
825 kumpf 1.101 }
826 chip 1.112
827 kumpf 1.75 PEG_METHOD_EXIT();
828 mike 1.50 } 829 830 void CIMServer::shutdown() 831 {
832 kumpf 1.75 PEG_METHOD_ENTER(TRC_SERVER, "CIMServer::shutdown()");
833 kumpf 1.54
834 dave.sudlik 1.176 #ifdef PEGASUS_DEBUG 835 _repository->DisplayCacheStatistics();
836 thilo.boehm 1.252 SCMOClassCache::getInstance()->DisplayCacheStatistics();
837 dave.sudlik 1.176 #endif 838
839 mike 1.50 _dieNow = true;
840 kumpf 1.157 _cimserver->tickle_monitor();
841 kumpf 1.54
842 kumpf 1.75 PEG_METHOD_EXIT();
843 mike 1.50 } 844 845 void CIMServer::resume() 846 {
847 kumpf 1.75 PEG_METHOD_ENTER(TRC_SERVER, "CIMServer::resume()");
848 kumpf 1.54
849 kumpf 1.101 for (Uint32 i=0; i<_acceptors.size(); i++) 850 { 851 _acceptors[i]->reopenConnectionSocket(); 852 }
853 kumpf 1.54
854 kumpf 1.75 PEG_METHOD_EXIT();
855 mike 1.50 } 856 857 void CIMServer::setState(Uint32 state) 858 {
859 kumpf 1.75 PEG_METHOD_ENTER(TRC_SERVER, "CIMServer::setState()");
860 kumpf 1.54
861 mike 1.50 _serverState->setState(state);
862 chip 1.53
863 kumpf 1.85 // 864 // get the configured authentication and authorization flags 865 // 866 ConfigManager* configManager = ConfigManager::getInstance(); 867
868 kumpf 1.182 Boolean enableAuthentication = ConfigManager::parseBooleanValue( 869 configManager->getCurrentValue("enableAuthentication")); 870 Boolean enableNamespaceAuthorization = ConfigManager::parseBooleanValue( 871 configManager->getCurrentValue("enableNamespaceAuthorization"));
872 kumpf 1.85
873 mike 1.50 if (state == CIMServerState::TERMINATING) 874 { 875 // tell decoder that CIMServer is terminating 876 _cimOperationRequestDecoder->setServerTerminating(true); 877 _cimExportRequestDecoder->setServerTerminating(true);
878 kumpf 1.228 #ifdef PEGASUS_ENABLE_PROTOCOL_WSMAN 879 _wsmProcessor->setServerTerminating(true); 880 #endif
881 kumpf 1.85 882 // tell authorizer that CIMServer is terminating ONLY if 883 // authentication and authorization are enabled 884 //
885 kumpf 1.87 if ( enableAuthentication && enableNamespaceAuthorization )
886 kumpf 1.85 { 887 _cimOperationRequestAuthorizer->setServerTerminating(true); 888 }
889 mike 1.50 } 890 else 891 { 892 // tell decoder that CIMServer is not terminating 893 _cimOperationRequestDecoder->setServerTerminating(false); 894 _cimExportRequestDecoder->setServerTerminating(false);
895 kumpf 1.228 #ifdef PEGASUS_ENABLE_PROTOCOL_WSMAN 896 _wsmProcessor->setServerTerminating(false); 897 #endif
898 kumpf 1.85 899 // tell authorizer that CIMServer is terminating ONLY if 900 // authentication and authorization are enabled 901 //
902 kumpf 1.87 if ( enableAuthentication && enableNamespaceAuthorization )
903 kumpf 1.85 { 904 _cimOperationRequestAuthorizer->setServerTerminating(false); 905 }
906 mike 1.50 }
907 kumpf 1.75 PEG_METHOD_EXIT();
908 mike 1.50 } 909 910 Uint32 CIMServer::getOutstandingRequestCount() 911 {
912 kumpf 1.75 PEG_METHOD_ENTER(TRC_SERVER, "CIMServer::getOutstandingRequestCount()");
913 kumpf 1.54
914 kumpf 1.101 Uint32 requestCount = 0;
915 mday 1.111
916 kumpf 1.157 for (Uint32 i=0; i<_acceptors.size(); i++) 917 { 918 requestCount += _acceptors[i]->getOutstandingRequestCount();
919 kumpf 1.101 }
920 chip 1.112
921 kumpf 1.75 PEG_METHOD_EXIT(); 922 return requestCount;
923 kumpf 1.101 } 924
925 nag.boranna 1.163 //
926 sushma.fernandes 1.189 SSLContext* CIMServer::_getSSLContext()
927 nag.boranna 1.163 { 928 PEG_METHOD_ENTER(TRC_SERVER, "CIMServer::_getSSLContext()"); 929 930 static const String PROPERTY_NAME__SSL_CERT_FILEPATH =
931 kumpf 1.195 "sslCertificateFilePath"; 932 static const String PROPERTY_NAME__SSL_KEY_FILEPATH = "sslKeyFilePath"; 933 static const String PROPERTY_NAME__SSL_TRUST_STORE = "sslTrustStore"; 934 static const String PROPERTY_NAME__SSL_CRL_STORE = "crlStore";
935 nag.boranna 1.163 static const String PROPERTY_NAME__SSL_CLIENT_VERIFICATION =
936 kumpf 1.195 "sslClientVerificationMode";
937 nag.boranna 1.163 static const String PROPERTY_NAME__SSL_AUTO_TRUST_STORE_UPDATE =
938 kumpf 1.195 "enableSSLTrustStoreAutoUpdate";
939 nag.boranna 1.163 static const String PROPERTY_NAME__SSL_TRUST_STORE_USERNAME =
940 kumpf 1.195 "sslTrustStoreUserName";
941 nag.boranna 1.163 static const String PROPERTY_NAME__HTTP_ENABLED =
942 kumpf 1.195 "enableHttpConnection";
943 rohini.deshpande 1.257 static const String PROPERTY_NAME__SSL_CIPHER_SUITE = "sslCipherSuite";
944 nag.boranna 1.163
945 kumpf 1.201 String verifyClient; 946 String trustStore;
947 nag.boranna 1.163 SSLContext* sslContext = 0; 948 949 // 950 // Get a config manager instance 951 // 952 ConfigManager* configManager = ConfigManager::getInstance(); 953
954 sushma.fernandes 1.189 // Note that if invalid values were set for either sslKeyFilePath, 955 // sslCertificateFilePath, crlStore or sslTrustStore, the invalid 956 // paths would have been detected in SecurityPropertyOwner and 957 // terminated the server startup. This happens regardless of whether 958 // or not HTTPS is enabled (not a great design, but that seems to 959 // be how other properties are validated as well) 960 // 961 // Get the sslClientVerificationMode property from the Config 962 // Manager. 963 // 964 verifyClient = configManager->getCurrentValue(
965 kumpf 1.195 PROPERTY_NAME__SSL_CLIENT_VERIFICATION);
966 sushma.fernandes 1.189 967 // 968 // Get the sslTrustStore property from the Config Manager. 969 // 970 trustStore = configManager->getCurrentValue(
971 kumpf 1.195 PROPERTY_NAME__SSL_TRUST_STORE);
972 sushma.fernandes 1.189 973 if (trustStore != String::EMPTY)
974 nag.boranna 1.163 {
975 sushma.fernandes 1.189 trustStore = ConfigManager::getHomedPath(trustStore); 976 }
977 nag.boranna 1.163
978 thilo.boehm 1.236 PEG_TRACE((TRC_SERVER, Tracer::LEVEL4,"Server trust store name: %s", 979 (const char*)trustStore.getCString()));
980 nag.boranna 1.163
981 sushma.fernandes 1.189 // 982 // Get the sslTrustStoreUserName property from the Config Manager. 983 //
984 kumpf 1.201 String trustStoreUserName;
985 sushma.fernandes 1.189 trustStoreUserName = configManager->getCurrentValue(
986 kumpf 1.195 PROPERTY_NAME__SSL_TRUST_STORE_USERNAME);
987 nag.boranna 1.163
988 sushma.fernandes 1.189 if (!String::equal(verifyClient, "disabled")) 989 {
990 nag.boranna 1.163 //
991 mreddy 1.191 // 'required' and 'optional' settings must have a valid truststore
992 nag.boranna 1.163 //
993 sushma.fernandes 1.189 if (trustStore == String::EMPTY)
994 nag.boranna 1.163 {
995 mreddy 1.191 MessageLoaderParms parms(
996 kumpf 1.206 "Pegasus.Server.SSLContextManager."
997 kumpf 1.195 "SSL_CLIENT_VERIFICATION_EMPTY_TRUSTSTORE", 998 "The \"sslTrustStore\" configuration property must be set " 999 "if \"sslClientVerificationMode\" is 'required' or "
1000 kumpf 1.206 "'optional'.");
1001 mreddy 1.191 PEG_METHOD_EXIT(); 1002 throw SSLException(parms);
1003 sushma.fernandes 1.189 }
1004 h.sterling 1.165
1005 h.sterling 1.168 #ifdef PEGASUS_DISABLE_LOCAL_DOMAIN_SOCKET
1006 sushma.fernandes 1.189 // 1007 // ATTN: 'required' setting must have http port enabled. 1008 // If only https is enabled, and a call to shutdown the 1009 // cimserver is given, the call will hang and a forced shutdown 1010 // will ensue. This is because the CIMClient::connectLocal call 1011 // cannot specify a certificate for authentication against 1012 // the local server. This limitation is being investigated. 1013 // See Bugzilla 2995. 1014 // 1015 if (String::equal(verifyClient, "required")) 1016 { 1017 if (!ConfigManager::parseBooleanValue( 1018 configManager->getCurrentValue( 1019 PROPERTY_NAME__HTTP_ENABLED)))
1020 nag.boranna 1.163 {
1021 sushma.fernandes 1.189 MessageLoaderParms parms(
1022 kumpf 1.195 "Pegasus.Server.SSLContextManager." 1023 "INVALID_CONF_HTTPS_REQUIRED",
1024 sushma.fernandes 1.189 "The \"sslClientVerificationMode\" property cannot be " 1025 "set to \"required\" if HTTP is disabled, as the " 1026 "cimserver will be unable to properly shutdown. " 1027 "The recommended course of action is to change "
1028 kumpf 1.206 "the property value to \"optional\".");
1029 sushma.fernandes 1.189 PEG_METHOD_EXIT(); 1030 throw SSLException(parms);
1031 nag.boranna 1.163 }
1032 sushma.fernandes 1.189 }
1033 h.sterling 1.165 #endif
1034 nag.boranna 1.163 //
1035 sushma.fernandes 1.189 // A truststore username must be specified if 1036 // sslClientVerificationMode is enabled and the truststore is a 1037 // single CA file. If the truststore is a directory, then the 1038 // CertificateProvider should be used to register users with 1039 // certificates.
1040 nag.boranna 1.163 //
1041 a.rachapudi 1.241
1042 kumpf 1.246 if (trustStore != String::EMPTY)
1043 nag.boranna 1.163 {
1044 a.rachapudi 1.241 if (!FileSystem::exists(trustStore))
1045 sushma.fernandes 1.189 { 1046 MessageLoaderParms parms(
1047 kumpf 1.206 "Pegasus.Server.SSLContextManager."
1048 a.rachapudi 1.241 "COULD_NOT_ACCESS_TRUST_STORE", 1049 "Could not access the trust store." 1050 "Check the permissions of the truststore path \"$0\".",
1051 kumpf 1.246 trustStore);
1052 sushma.fernandes 1.189 PEG_METHOD_EXIT(); 1053 throw SSLException(parms); 1054 }
1055 kumpf 1.246
1056 a.rachapudi 1.241 if (!FileSystem::isDirectory(trustStore)) 1057 { 1058 if (trustStoreUserName == String::EMPTY) 1059 { 1060 MessageLoaderParms parms( 1061 "Pegasus.Server.SSLContextManager." 1062 "SSL_CLIENT_VERIFICATION_EMPTY_USERNAME", 1063 "The \"sslTrustStoreUserName\" property must specify a " 1064 "valid username if \"sslClientVerificationMode\" " 1065 "is 'required' or 'optional' and the truststore is " 1066 "a single CA file. To register individual " 1067 "certificates to users, you must use a truststore " 1068 "directory along with the CertificateProvider."); 1069 PEG_METHOD_EXIT(); 1070 throw SSLException(parms); 1071 } 1072 }
1073 nag.boranna 1.163 } 1074 } 1075
1076 sushma.fernandes 1.178 #ifdef PEGASUS_ENABLE_SSL_CRL_VERIFICATION
1077 nag.boranna 1.163 // 1078 // Get the crlStore property from the Config Manager. 1079 // 1080 String crlStore = configManager->getCurrentValue(
1081 kumpf 1.195 PROPERTY_NAME__SSL_CRL_STORE);
1082 nag.boranna 1.163 1083 if (crlStore != String::EMPTY) 1084 { 1085 crlStore = ConfigManager::getHomedPath(crlStore); 1086 }
1087 sushma.fernandes 1.178 #else
1088 kumpf 1.195 String crlStore;
1089 sushma.fernandes 1.178 #endif
1090 nag.boranna 1.163 1091 // 1092 // Get the sslCertificateFilePath property from the Config Manager. 1093 // 1094 String certPath; 1095 certPath = ConfigManager::getHomedPath( 1096 configManager->getCurrentValue(PROPERTY_NAME__SSL_CERT_FILEPATH)); 1097 1098 // 1099 // Get the sslKeyFilePath property from the Config Manager. 1100 // 1101 String keyPath; 1102 keyPath = ConfigManager::getHomedPath( 1103 configManager->getCurrentValue(PROPERTY_NAME__SSL_KEY_FILEPATH)); 1104
1105 kumpf 1.201 String randFile;
1106 nag.boranna 1.163 1107 #ifdef PEGASUS_SSL_RANDOMFILE 1108 // NOTE: It is technically not necessary to set up a random file on 1109 // the server side, but it is easier to use a consistent interface 1110 // on the client and server than to optimize out the random file on 1111 // the server side. 1112 randFile = ConfigManager::getHomedPath(PEGASUS_SSLSERVER_RANDOMFILE); 1113 #endif 1114
1115 sushma.fernandes 1.189 //
1116 rohini.deshpande 1.257 // Get the cipherSuite property from the Config Manager. 1117 // 1118 String cipherSuite = configManager->getCurrentValue( 1119 PROPERTY_NAME__SSL_CIPHER_SUITE);
1120 karl 1.262 PEG_TRACE((TRC_SERVER, Tracer::LEVEL4, "Cipher suite is %s", 1121 (const char*)cipherSuite.getCString()));
1122 rohini.deshpande 1.257 1123 //
1124 sushma.fernandes 1.189 // Create the SSLContext defined by the configuration properties 1125 // 1126 if (String::equal(verifyClient, "required"))
1127 nag.boranna 1.163 {
1128 marek 1.231 PEG_TRACE_CSTRING(TRC_SERVER, Tracer::LEVEL3,
1129 sushma.fernandes 1.189 "SSL Client verification REQUIRED.");
1130 nag.boranna 1.163
1131 sushma.fernandes 1.189 _sslContextMgr->createSSLContext(
1132 rohini.deshpande 1.257 trustStore, certPath, keyPath, crlStore, false, randFile, 1133 cipherSuite);
1134 sushma.fernandes 1.189 } 1135 else if (String::equal(verifyClient, "optional")) 1136 {
1137 marek 1.231 PEG_TRACE_CSTRING(TRC_SERVER, Tracer::LEVEL3,
1138 sushma.fernandes 1.189 "SSL Client verification OPTIONAL.");
1139 nag.boranna 1.163
1140 sushma.fernandes 1.189 _sslContextMgr->createSSLContext(
1141 rohini.deshpande 1.257 trustStore, certPath, keyPath, crlStore, true, randFile, 1142 cipherSuite);
1143 nag.boranna 1.163 }
1144 sushma.fernandes 1.189 else if (String::equal(verifyClient, "disabled") \|\| 1145 verifyClient == String::EMPTY)
1146 nag.boranna 1.163 {
1147 marek 1.231 PEG_TRACE_CSTRING(TRC_SERVER, Tracer::LEVEL3,
1148 sushma.fernandes 1.189 "SSL Client verification DISABLED.");
1149 nag.boranna 1.163
1150 sushma.fernandes 1.189 _sslContextMgr->createSSLContext(
1151 rohini.deshpande 1.257 String::EMPTY, certPath, keyPath, crlStore, false, randFile, 1152 cipherSuite);
1153 nag.boranna 1.163 }
1154 sushma.fernandes 1.189 sslContext = _sslContextMgr->getSSLContext();
1155 nag.boranna 1.163
1156 kumpf 1.229 try 1157 {
1158 kumpf 1.230 sslContext->_validateCertificate();
1159 kumpf 1.229 } 1160 catch (SSLException& e) 1161 { 1162 Logger::put( 1163 Logger::STANDARD_LOG, System::CIMSERVER, Logger::WARNING, 1164 e.getMessage()); 1165 } 1166
1167 nag.boranna 1.163 PEG_METHOD_EXIT(); 1168 return sslContext; 1169 }
1170 h.sterling 1.130
1171 yi.zhou 1.192 void CIMServer::auditLogInitializeCallback() 1172 {
1173 kumpf 1.216 #ifdef PEGASUS_ENABLE_AUDIT_LOGGER
1174 yi.zhou 1.192 1175 Array<String> propertyNames; 1176 Array<String> propertyValues; 1177 1178 // Get all current property names and values 1179 ConfigManager* configManager = ConfigManager::getInstance(); 1180 1181 configManager->getAllPropertyNames(propertyNames, false);
1182 kumpf 1.195
1183 yi.zhou 1.192 for (Uint32 i = 0; i < propertyNames.size(); i++)
1184 kumpf 1.195 {
1185 yi.zhou 1.192 propertyValues.append(configManager->getCurrentValue(propertyNames[i])); 1186 } 1187 1188 AuditLogger::logCurrentConfig(propertyNames, propertyValues); 1189 1190 // get currently registered provider module instances 1191 Array<CIMInstance> moduleInstances; 1192
1193 kumpf 1.195 moduleInstances =
1194 yi.zhou 1.192 _cimserver->_providerRegistrationManager->enumerateInstancesForClass( 1195 CIMObjectPath("PG_ProviderModule")); 1196 1197 AuditLogger::logCurrentRegProvider(moduleInstances); 1198 1199 AuditLogger::logCurrentEnvironmentVar(); 1200 1201 #endif 1202 } 1203
1204 tony 1.134 #ifdef PEGASUS_ENABLE_SLP 1205
1206 kumpf 1.195 ThreadReturnType PEGASUS_THREAD_CDECL _callSLPProvider(void* parm);
1207 tony 1.134 1208 // This is a control function that starts a new thread which issues a
1209 kumpf 1.246 // cim operation to start the slp provider. Used for both External and
1210 venkat.puvvada 1.227 // Embedded SLP registrations.
1211 dave.sudlik 1.197 // 1212
1213 tony 1.134 void CIMServer::startSLPProvider() 1214 {
1215 marek 1.204 PEG_METHOD_ENTER(TRC_SERVER, "CIMServer::startSLPProvider");
1216 tony 1.134 1217 // Get Config parameter to determine if we should start SLP. 1218 ConfigManager* configManager = ConfigManager::getInstance();
1219 venkat.puvvada 1.227 Boolean _runSLP = ConfigManager::parseBooleanValue(
1220 kumpf 1.182 configManager->getCurrentValue("slp"));
1221 tony 1.134 1222 // If false, do not start slp provider 1223 if (!_runSLP) 1224 {
1225 marek 1.224 PEG_METHOD_EXIT();
1226 tony 1.134 return; 1227 }
1228 kumpf 1.195 // Create a separate thread, detach and call function to execute the 1229 // startup.
1230 tony 1.134 Thread t( _callSLPProvider, 0, true ); 1231 t.run(); 1232 1233 PEG_METHOD_EXIT(); 1234 return; 1235 } 1236 1237 1238 // startSLPProvider is a function to get the slp provider kicked off
1239 kumpf 1.195 // during startup. It is placed in the provider manager simply because
1240 tony 1.134 // the provider manager is the only component of the system is 1241 // driven by a timer after startup. It should never be here and must be 1242 // moved to somewhere more logical or really replaced. We simply needed 1243 // something that was run shortly after system startup.
1244 kumpf 1.195 // This function is assumed to operate in a separate thread and
1245 tony 1.134 // KS 15 February 2004. 1246
1247 kumpf 1.195 ThreadReturnType PEGASUS_THREAD_CDECL _callSLPProvider(void* parm)
1248 tony 1.134 {
1249 kumpf 1.195 PEG_METHOD_ENTER(TRC_SERVER, "CIMServer::_callSLPProvider()"); 1250
1251 tony 1.134 CIMClient client; 1252 String hostStr = System::getHostName(); 1253 1254 try 1255 { 1256 client.connectLocal();
1257 marek 1.261 1258 String timeoutStr= 1259 ConfigManager::getInstance()->getCurrentValue( 1260 "slpProviderStartupTimeout"); 1261 Uint64 timeOut; 1262 1263 StringConversion::decimalStringToUint64( 1264 timeoutStr.getCString(), 1265 timeOut); 1266 client.setTimeout(timeOut & 0xFFFFFFFF);
1267 karl 1.262
1268 tony 1.134 String referenceStr = "//"; 1269 referenceStr.append(hostStr);
1270 kumpf 1.195 referenceStr.append("/");
1271 tony 1.134 referenceStr.append(PEGASUS_NAMESPACENAME_INTERNAL.getString()); 1272 referenceStr.append(":"); 1273 referenceStr.append(PEGASUS_CLASSNAME_WBEMSLPTEMPLATE.getString()); 1274 CIMObjectPath reference(referenceStr); 1275 // 1276 // issue the invokeMethod request on the register method 1277 // 1278 Array<CIMParamValue> inParams; 1279 Array<CIMParamValue> outParams; 1280
1281 marek 1.261 Uint32 retries = 3; 1282 1283 while (retries > 0) 1284 { 1285 try 1286 { 1287 CIMValue retValue = client.invokeMethod( 1288 PEGASUS_NAMESPACENAME_INTERNAL, 1289 reference, 1290 CIMName("register"), 1291 inParams, 1292 outParams); 1293 break; 1294 } 1295 catch(ConnectionTimeoutException&) 1296 { 1297 retries--; 1298 if (retries == 0) 1299 { 1300 throw; 1301 } 1302 marek 1.261 } 1303 }
1304 dave.sudlik 1.197
1305 kumpf 1.200 Logger::put_l( 1306 Logger::STANDARD_LOG, System::CIMSERVER, Logger::INFORMATION,
1307 kumpf 1.233 MessageLoaderParms( 1308 "Pegasus.Server.SLP.SLP_REGISTRATION_INITIATED", 1309 "SLP Registration Initiated"));
1310 tony 1.134 } 1311
1312 dave.sudlik 1.197 catch(Exception& e)
1313 tony 1.134 {
1314 venkat.puvvada 1.227 #ifdef PEGASUS_SLP_REG_TIMEOUT
1315 kumpf 1.233 Logger::put_l( 1316 Logger::STANDARD_LOG, System::CIMSERVER, Logger::WARNING, 1317 MessageLoaderParms( 1318 "Pegasus.Server.SLP.EXTERNAL_SLP_REGISTRATION_FAILED_EXCEPTION", 1319 "CIM Server registration with External SLP Failed. " 1320 "Exception: $0",
1321 kumpf 1.235 e.getMessage()));
1322 venkat.puvvada 1.227 #else
1323 kumpf 1.233 Logger::put_l( 1324 Logger::STANDARD_LOG, System::CIMSERVER, Logger::WARNING, 1325 MessageLoaderParms( 1326 "Pegasus.Server.SLP.INTERNAL_SLP_REGISTRATION_FAILED_EXCEPTION", 1327 "CIM Server registration with Internal SLP Failed. " 1328 "Exception: $0",
1329 kumpf 1.234 e.getMessage()));
1330 venkat.puvvada 1.227 #endif
1331 tony 1.134 }
1332 dave.sudlik 1.197 1333 catch(...)
1334 tony 1.134 {
1335 venkat.puvvada 1.227 #ifdef PEGASUS_SLP_REG_TIMEOUT
1336 kumpf 1.233 Logger::put_l(Logger::STANDARD_LOG, System::CIMSERVER, Logger::WARNING, 1337 MessageLoaderParms( 1338 "Pegasus.Server.SLP.EXTERNAL_SLP_REGISTRATION_FAILED_ERROR", 1339 "CIM Server registration with External SLP Failed."));
1340 venkat.puvvada 1.227 #else
1341 dave.sudlik 1.197 Logger::put_l(Logger::STANDARD_LOG, System::CIMSERVER, Logger::WARNING,
1342 kumpf 1.233 MessageLoaderParms( 1343 "Pegasus.Server.SLP.INTERNAL_SLP_REGISTRATION_FAILED_ERROR", 1344 "CIM Server registration with Internal SLP Failed."));
1345 venkat.puvvada 1.227 #endif
1346 tony 1.134 } 1347 1348 client.disconnect(); 1349
1350 dave.sudlik 1.197 PEG_METHOD_EXIT(); 1351 return( (ThreadReturnType)32 ); 1352 }
1353 tony 1.134 #endif 1354
1355 mike 1.42 PEGASUS_NAMESPACE_END

No CVS admin address has been configured