MetricsMapI::MetricsMapI(const std::string& mapPrefix, const PropertiesPtr& properties) : _properties(properties->getPropertiesForPrefix(mapPrefix)), _retain(properties->getPropertyAsIntWithDefault(mapPrefix + "RetainDetached", 10)), _accept(parseRule(properties, mapPrefix + "Accept")), _reject(parseRule(properties, mapPrefix + "Reject")) { validateProperties(mapPrefix, properties); string groupBy = properties->getPropertyWithDefault(mapPrefix + "GroupBy", "id"); vector<string>& groupByAttributes = const_cast<vector<string>&>(_groupByAttributes); vector<string>& groupBySeparators = const_cast<vector<string>&>(_groupBySeparators); if(!groupBy.empty()) { string v; bool attribute = IceUtilInternal::isAlpha(groupBy[0]) || IceUtilInternal::isDigit(groupBy[0]); if(!attribute) { groupByAttributes.push_back(""); } for(string::const_iterator p = groupBy.begin(); p != groupBy.end(); ++p) { bool isAlphaNum = IceUtilInternal::isAlpha(*p) || IceUtilInternal::isDigit(*p) || *p == '.'; if(attribute && !isAlphaNum) { groupByAttributes.push_back(v); v = *p; attribute = false; } else if(!attribute && isAlphaNum) { groupBySeparators.push_back(v); v = *p; attribute = true; } else { v += *p; } } if(attribute) { groupByAttributes.push_back(v); } else { groupBySeparators.push_back(v); } } }
IcePatch2::Patcher::Patcher(const CommunicatorPtr& communicator, const PatcherFeedbackPtr& feedback) : _feedback(feedback), _dataDir(getDataDir(communicator, ".")), _thorough(getThorough(communicator, 0) > 0), _chunkSize(getChunkSize(communicator, 100)), _remove(getRemove(communicator, 1)), _log(0) { const PropertiesPtr properties = communicator->getProperties(); const char* clientProxyProperty = "IcePatch2Client.Proxy"; std::string clientProxy = properties->getProperty(clientProxyProperty); if(clientProxy.empty()) { const char* endpointsProperty = "IcePatch2.Endpoints"; string endpoints = properties->getProperty(endpointsProperty); if(endpoints.empty()) { ostringstream os; os << "No proxy to IcePatch2 server. Please set `" << clientProxyProperty << "' or `" << endpointsProperty << "'."; throw os.str(); } ostringstream os; os << "The property " << endpointsProperty << " is deprecated, use " << clientProxyProperty << " instead."; communicator->getLogger()->warning(os.str()); Identity id; id.category = properties->getPropertyWithDefault("IcePatch2.InstanceName", "IcePatch2"); id.name = "server"; clientProxy = "\"" + communicator->identityToString(id) + "\" :" + endpoints; } ObjectPrx serverBase = communicator->stringToProxy(clientProxy); FileServerPrx server = FileServerPrx::checkedCast(serverBase); if(!server) { throw "proxy `" + clientProxy + "' is not a file server."; } init(server); }
bool IceBox::ServiceManagerI::start() { try { ServiceManagerPtr obj = this; PropertiesPtr properties = _communicator->getProperties(); // // Create an object adapter. Services probably should NOT share // this object adapter, as the endpoint(s) for this object adapter // will most likely need to be firewalled for security reasons. // ObjectAdapterPtr adapter; if(properties->getProperty("IceBox.ServiceManager.Endpoints") != "") { adapter = _communicator->createObjectAdapter("IceBox.ServiceManager"); Identity identity; identity.category = properties->getPropertyWithDefault("IceBox.InstanceName", "IceBox"); identity.name = "ServiceManager"; adapter->add(obj, identity); } // // Parse the property set with the prefix "IceBox.Service.". These // properties should have the following format: // // IceBox.Service.Foo=entry_point [args] // // We parse the service properties specified in IceBox.LoadOrder // first, then the ones from remaining services. // const string prefix = "IceBox.Service."; PropertyDict services = properties->getPropertiesForPrefix(prefix); PropertyDict::iterator p; StringSeq loadOrder = properties->getPropertyAsList("IceBox.LoadOrder"); vector<StartServiceInfo> servicesInfo; for(StringSeq::const_iterator q = loadOrder.begin(); q != loadOrder.end(); ++q) { p = services.find(prefix + *q); if(p == services.end()) { FailureException ex(__FILE__, __LINE__); ex.reason = "ServiceManager: no service definition for `" + *q + "'"; throw ex; } servicesInfo.push_back(StartServiceInfo(*q, p->second, _argv)); services.erase(p); } for(p = services.begin(); p != services.end(); ++p) { servicesInfo.push_back(StartServiceInfo(p->first.substr(prefix.size()), p->second, _argv)); } // // Check if some services are using the shared communicator in which // case we create the shared communicator now with a property set which // is the union of all the service properties (services which are using // the shared communicator). // PropertyDict sharedCommunicatorServices = properties->getPropertiesForPrefix("IceBox.UseSharedCommunicator."); if(!sharedCommunicatorServices.empty()) { InitializationData initData; initData.properties = createServiceProperties("SharedCommunicator"); for(vector<StartServiceInfo>::iterator q = servicesInfo.begin(); q != servicesInfo.end(); ++q) { if(properties->getPropertyAsInt("IceBox.UseSharedCommunicator." + q->name) <= 0) { continue; } // // Load the service properties using the shared communicator properties as // the default properties. // PropertiesPtr svcProperties = createProperties(q->args, initData.properties); // // Erase properties from the shared communicator which don't exist in the // service properties (which include the shared communicator properties // overriden by the service properties). // PropertyDict allProps = initData.properties->getPropertiesForPrefix(""); for(PropertyDict::iterator p = allProps.begin(); p != allProps.end(); ++p) { if(svcProperties->getProperty(p->first) == "") { initData.properties->setProperty(p->first, ""); } } // // Add the service properties to the shared communicator properties. // PropertyDict props = svcProperties->getPropertiesForPrefix(""); for(PropertyDict::const_iterator r = props.begin(); r != props.end(); ++r) { initData.properties->setProperty(r->first, r->second); } // // Parse <service>.* command line options (the Ice command line options // were parsed by the createProperties above) // q->args = initData.properties->parseCommandLineOptions(q->name, q->args); } _sharedCommunicator = initialize(initData); } // // Start the services. // for(vector<StartServiceInfo>::const_iterator r = servicesInfo.begin(); r != servicesInfo.end(); ++r) { start(r->name, r->entryPoint, r->args); } // // We may want to notify external scripts that the services // have started. This is done by defining the property: // // IceBox.PrintServicesReady=bundleName // // Where bundleName is whatever you choose to call this set of // services. It will be echoed back as "bundleName ready". // // This must be done after start() has been invoked on the // services. // string bundleName = properties->getProperty("IceBox.PrintServicesReady"); if(!bundleName.empty()) { cout << bundleName << " ready" << endl; } // // Register "this" as a facet to the Admin object, and then create // Admin object // try { _communicator->addAdminFacet(this, "IceBox.ServiceManager"); // // Add a Properties facet for each service // for(vector<ServiceInfo>::iterator r = _services.begin(); r != _services.end(); ++r) { const ServiceInfo& info = *r; CommunicatorPtr communicator = info.communicator != 0 ? info.communicator : _sharedCommunicator; _communicator->addAdminFacet(new PropertiesAdminI(communicator->getProperties()), "IceBox.Service." + info.name + ".Properties"); } _communicator->getAdmin(); } catch(const ObjectAdapterDeactivatedException&) { // // Expected if the communicator has been shutdown. // } if(adapter) { try { adapter->activate(); } catch(const ObjectAdapterDeactivatedException&) { // // Expected if the communicator has been shutdown. // } } } catch(const FailureException& ex) { Error out(_logger); out << ex.reason; stopAll(); return false; } catch(const Exception& ex) { Error out(_logger); out << "ServiceManager: " << ex; stopAll(); return false; } return true; }
void Ice::ObjectAdapterI::initialize(const RouterPrx& router) { if(_noConfig) { _reference = _instance->referenceFactory()->create("dummy -t", ""); return; } PropertiesPtr properties = _instance->initializationData().properties; StringSeq unknownProps; bool noProps = filterProperties(unknownProps); // // Warn about unknown object adapter properties. // if(unknownProps.size() != 0 && properties->getPropertyAsIntWithDefault("Ice.Warn.UnknownProperties", 1) > 0) { Warning out(_instance->initializationData().logger); out << "found unknown properties for object adapter `" << _name << "':"; for(unsigned int i = 0; i < unknownProps.size(); ++i) { out << "\n " << unknownProps[i]; } } try { // // Make sure named adapter has some configuration // if(router == 0 && noProps) { InitializationException ex(__FILE__, __LINE__); ex.reason = "object adapter `" + _name + "' requires configuration"; throw ex; } const_cast<string&>(_id) = properties->getProperty(_name + ".AdapterId"); const_cast<string&>(_replicaGroupId) = properties->getProperty(_name + ".ReplicaGroupId"); // // Setup a reference to be used to get the default proxy options // when creating new proxies. By default, create twoway proxies. // string proxyOptions = properties->getPropertyWithDefault(_name + ".ProxyOptions", "-t"); try { _reference = _instance->referenceFactory()->create("dummy " + proxyOptions, ""); } catch(const ProxyParseException&) { InitializationException ex(__FILE__, __LINE__); ex.reason = "invalid proxy options `" + proxyOptions + "' for object adapter `" + _name + "'"; throw ex; } int threadPoolSize = properties->getPropertyAsInt(_name + ".ThreadPool.Size"); int threadPoolSizeMax = properties->getPropertyAsInt(_name + ".ThreadPool.SizeMax"); bool hasPriority = properties->getProperty(_name + ".ThreadPool.ThreadPriority") != ""; // // Create the per-adapter thread pool, if necessary. This is done before the creation of the incoming // connection factory as the thread pool is needed during creation for the call to incFdsInUse. // if(threadPoolSize > 0 || threadPoolSizeMax > 0 || hasPriority) { _threadPool = new ThreadPool(_instance, _name + ".ThreadPool", 0); } _hasAcmTimeout = properties->getProperty(_name + ".ACM") != ""; if(_hasAcmTimeout) { _acmTimeout = properties->getPropertyAsInt(_name + ".ACM"); _instance->connectionMonitor()->checkIntervalForACM(_acmTimeout); } if(!router) { const_cast<RouterPrx&>(router) = RouterPrx::uncheckedCast( _instance->proxyFactory()->propertyToProxy(_name + ".Router")); } if(router) { _routerInfo = _instance->routerManager()->get(router); if(_routerInfo) { // // Make sure this router is not already registered with another adapter. // if(_routerInfo->getAdapter()) { throw AlreadyRegisteredException(__FILE__, __LINE__, "object adapter with router", _instance->identityToString(router->ice_getIdentity())); } // // Add the router's server proxy endpoints to this object // adapter. // vector<EndpointIPtr> endpoints = _routerInfo->getServerEndpoints(); copy(endpoints.begin(), endpoints.end(), back_inserter(_routerEndpoints)); sort(_routerEndpoints.begin(), _routerEndpoints.end()); // Must be sorted. _routerEndpoints.erase(unique(_routerEndpoints.begin(), _routerEndpoints.end()), _routerEndpoints.end()); // // Associate this object adapter with the router. This way, // new outgoing connections to the router's client proxy will // use this object adapter for callbacks. // _routerInfo->setAdapter(this); // // Also modify all existing outgoing connections to the // router's client proxy to use this object adapter for // callbacks. // _instance->outgoingConnectionFactory()->setRouterInfo(_routerInfo); } } else { // // Parse the endpoints, but don't store them in the adapter. // The connection factory might change it, for example, to // fill in the real port number. // vector<EndpointIPtr> endpoints = parseEndpoints(properties->getProperty(_name + ".Endpoints"), true); for(vector<EndpointIPtr>::iterator p = endpoints.begin(); p != endpoints.end(); ++p) { IncomingConnectionFactoryPtr factory = new IncomingConnectionFactory(_instance, *p, this); factory->initialize(_name); _incomingConnectionFactories.push_back(factory); } if(endpoints.empty()) { TraceLevelsPtr tl = _instance->traceLevels(); if(tl->network >= 2) { Trace out(_instance->initializationData().logger, tl->networkCat); out << "created adapter `" << _name << "' without endpoints"; } } // // Parse the published endpoints. // _publishedEndpoints = parsePublishedEndpoints(); } if(!properties->getProperty(_name + ".Locator").empty()) { setLocator(LocatorPrx::uncheckedCast(_instance->proxyFactory()->propertyToProxy(_name + ".Locator"))); } else { setLocator(_instance->referenceFactory()->getDefaultLocator()); } } catch(...) { destroy(); throw; } }
void IceServiceInstaller::install(const PropertiesPtr& properties) { _debug = properties->getPropertyAsInt("Debug") != 0; initializeSid(properties->getPropertyWithDefault("ObjectName", "NT Authority\\LocalService")); const string defaultDisplayName[] = { "IceGrid registry (" + _icegridInstanceName + ")", "IceGrid node (" + _nodeName + " within " + _icegridInstanceName + ")", "Glacier2 router (" + _glacier2InstanceName + ")" }; const string defaultDescription[] = { "Location and deployment service for Ice applications", "Starts and monitors Ice servers", "Ice Firewall traversal service" }; string displayName = properties->getPropertyWithDefault("DisplayName", defaultDisplayName[_serviceType]); string description = properties->getPropertyWithDefault("Description", defaultDescription[_serviceType]); string imagePath = properties->getProperty("ImagePath"); if(imagePath == "") { char buffer[MAX_PATH]; DWORD size = GetModuleFileName(0, buffer, MAX_PATH); if(size == 0) { throw "Can't get full path to self: " + IceUtilInternal::errorToString(GetLastError()); } imagePath = string(buffer, size); imagePath.replace(imagePath.rfind('\\'), string::npos, "\\" + serviceTypeToLowerString(_serviceType) + ".exe"); } else { imagePath = fixDirSeparator(imagePath); } if(!fileExists(imagePath)) { throw imagePath + ": not found"; } string dependency; if(_serviceType == icegridregistry) { if(properties->getPropertyAsInt("DependOnRegistry") != 0) { throw "The IceGrid registry service can't depend on itself"; } string registryDataDir = fixDirSeparator(_serviceProperties->getProperty("IceGrid.Registry.Data")); if(registryDataDir == "") { throw "IceGrid.Registry.Data must be set in " + _configFile; } if(!IceUtilInternal::isAbsolutePath(registryDataDir)) { throw "'" + registryDataDir + "' is a relative path; IceGrid.Registry.Data must be an absolute path"; } if(!mkdir(registryDataDir)) { grantPermissions(registryDataDir, SE_FILE_OBJECT, true, true); } } else if(_serviceType == icegridnode) { string nodeDataDir = fixDirSeparator(_serviceProperties->getProperty("IceGrid.Node.Data")); if(nodeDataDir == "") { throw "IceGrid.Node.Data must be set in " + _configFile; } if(!IceUtilInternal::isAbsolutePath(nodeDataDir)) { throw "'" + nodeDataDir + "' is a relative path; IceGrid.Node.Data must be an absolute path"; } if(!mkdir(nodeDataDir)) { grantPermissions(nodeDataDir, SE_FILE_OBJECT, true, true); } grantPermissions("MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Perflib", SE_REGISTRY_KEY, true); if(properties->getPropertyAsInt("DependOnRegistry") != 0) { dependency = "icegridregistry." + _icegridInstanceName; } } else if(_serviceType == glacier2router) { if(properties->getPropertyAsInt("DependOnRegistry") != 0) { if(_icegridInstanceName == "") { throw "Ice.Default.Locator must be set in " + _configFile + " when DependOnRegistry is not zero"; } dependency = "icegridregistry." + _icegridInstanceName; } } if(!_configFile.find("HKLM\\") == 0) { grantPermissions(_configFile); } string eventLog = properties->getProperty("EventLog"); if(eventLog == "") { eventLog = "Application"; } else { addLog(eventLog); } string eventLogSource = _serviceProperties->getPropertyWithDefault("Ice.EventLog.Source", _serviceName); addSource(eventLogSource, eventLog, getIceDLLPath(imagePath)); SC_HANDLE scm = OpenSCManager(0, 0, SC_MANAGER_ALL_ACCESS); if(scm == 0) { DWORD res = GetLastError(); throw "Cannot open SCM: " + IceUtilInternal::errorToString(res); } string deps = dependency; if(deps.empty()) { const string candidates[] = { "netprofm", "Nla" }; const int candidatesLen = 2; for(int i = 0; i < candidatesLen; ++i) { SC_HANDLE service = OpenService(scm, candidates[i].c_str(), GENERIC_READ); if(service != 0) { deps = candidates[i]; CloseServiceHandle(service); break; // for } } } deps += '\0'; // must be double-null terminated string command = "\"" + imagePath + "\" --service " + _serviceName + " --Ice.Config=\""; // // Get the full path of config file. // if(!_configFile.find("HKLM\\") == 0) { char fullPath[MAX_PATH]; if(GetFullPathName(_configFile.c_str(), MAX_PATH, fullPath, 0) > MAX_PATH) { throw "Could not compute the full path of " + _configFile; } command += string(fullPath) + "\""; } else { command += _configFile + "\""; } bool autoStart = properties->getPropertyAsIntWithDefault("AutoStart", 1) != 0; string password = properties->getProperty("Password"); SC_HANDLE service = CreateServiceW( scm, IceUtil::stringToWstring(_serviceName).c_str(), IceUtil::stringToWstring(displayName).c_str(), SERVICE_ALL_ACCESS, SERVICE_WIN32_OWN_PROCESS, autoStart ? SERVICE_AUTO_START : SERVICE_DEMAND_START, SERVICE_ERROR_NORMAL, IceUtil::stringToWstring(command).c_str(), 0, 0, IceUtil::stringToWstring(deps).c_str(), IceUtil::stringToWstring(_sidName).c_str(), IceUtil::stringToWstring(password).c_str()); if(service == 0) { DWORD res = GetLastError(); CloseServiceHandle(scm); throw "Cannot create service" + _serviceName + ": " + IceUtilInternal::errorToString(res); } // // Set description // wstring uDescription = IceUtil::stringToWstring(description); SERVICE_DESCRIPTIONW sd = { const_cast<wchar_t*>(uDescription.c_str()) }; if(!ChangeServiceConfig2W(service, SERVICE_CONFIG_DESCRIPTION, &sd)) { DWORD res = GetLastError(); CloseServiceHandle(scm); CloseServiceHandle(service); throw "Cannot set description for service" + _serviceName + ": " + IceUtilInternal::errorToString(res); } CloseServiceHandle(scm); CloseServiceHandle(service); }
Ice::ObjectAdapter::ObjectAdapter(const InstancePtr& instance, const CommunicatorPtr& communicator, const ObjectAdapterFactoryPtr& objectAdapterFactory, const string& name, const string& endpointInfo, #ifdef ICEE_HAS_ROUTER const RouterPrx& router, #endif bool noConfig) : _deactivated(false), _instance(instance), _communicator(communicator), _objectAdapterFactory(objectAdapterFactory), _servantManager(new ServantManager(instance, name)), _activateOneOffDone(false), _name(name), #ifdef ICEE_HAS_LOCATOR _id(instance->initializationData().properties->getProperty(name + ".AdapterId")), _replicaGroupId(instance->initializationData().properties->getProperty(name + ".ReplicaGroupId")), #endif _waitForActivate(false), _destroying(false), _destroyed(false), _noConfig(noConfig) { if(_noConfig) { _reference = _instance->referenceFactory()->create("dummy -t", ""); return; } PropertiesPtr properties = instance->initializationData().properties; // // Setup a reference to be used to get the default proxy options // when creating new proxies. By default, create twoway proxies. // string proxyOptions = properties->getPropertyWithDefault(_name + ".ProxyOptions", "-t"); try { _reference = _instance->referenceFactory()->create("dummy " + proxyOptions, ""); } catch(const ProxyParseException&) { InitializationException ex(__FILE__, __LINE__); ex.reason = "invalid proxy options `" + proxyOptions + "' for object adapter `" + _name + "'"; throw ex; } __setNoDelete(true); try { #ifdef ICEE_HAS_ROUTER if(!router) { string routerStr = _instance->initializationData().properties->getProperty(_name + ".Router"); if(!routerStr.empty()) { const_cast<RouterPrx&>(router) = RouterPrx::uncheckedCast(_instance->proxyFactory()->stringToProxy(routerStr)); } } if(router) { _routerInfo = _instance->routerManager()->get(router); if(_routerInfo) { // // Make sure this router is not already registered with another adapter. // if(_routerInfo->getAdapter()) { throw AlreadyRegisteredException(__FILE__, __LINE__, "object adapter with router", _instance->identityToString(router->ice_getIdentity())); } // // Add the router's server proxy endpoints to this object // adapter. // vector<EndpointPtr> endpoints = _routerInfo->getServerEndpoints(); copy(endpoints.begin(), endpoints.end(), back_inserter(_routerEndpoints)); sort(_routerEndpoints.begin(), _routerEndpoints.end()); // Must be sorted. _routerEndpoints.erase(unique(_routerEndpoints.begin(), _routerEndpoints.end()), _routerEndpoints.end()); // // Associate this object adapter with the router. This way, // new outgoing connections to the router's client proxy will // use this object adapter for callbacks. // _routerInfo->setAdapter(this); // // Also modify all existing outgoing connections to the // router's client proxy to use this object adapter for // callbacks. // _instance->outgoingConnectionFactory()->setRouterInfo(_routerInfo); } } else #endif { // // Parse the endpoints, but don't store them in the adapter. // The connection factory might change it, for example, to // fill in the real port number. // vector<EndpointPtr> endpoints; if(endpointInfo.empty()) { endpoints = parseEndpoints(_instance->initializationData().properties->getProperty(_name + ".Endpoints"), true); } else { endpoints = parseEndpoints(endpointInfo, true); } for(vector<EndpointPtr>::iterator p = endpoints.begin(); p != endpoints.end(); ++p) { _incomingConnectionFactories.push_back(new IncomingConnectionFactory(_instance, *p, this)); } if(endpoints.empty()) { TraceLevelsPtr tl = _instance->traceLevels(); if(tl->network >= 2) { Trace out(_instance->initializationData().logger, tl->networkCat); out << "created adapter `" << name << "' without endpoints"; } } // // Parse published endpoints. // _publishedEndpoints = parsePublishedEndpoints(); } #ifdef ICEE_HAS_LOCATOR string locator = _instance->initializationData().properties->getProperty(_name + ".Locator"); if(!locator.empty()) { setLocator(LocatorPrx::uncheckedCast(_instance->proxyFactory()->stringToProxy(locator))); } else { setLocator(_instance->referenceFactory()->getDefaultLocator()); } #endif } catch(...) { // // There's no need to remove the adapter from the factory if // creation fails. Furthermore, since this code is called with // the factory mutex locked, we can't call removeObjectAdapter // on the factory here so we clear the factory reference to // ensure it won't be called by destroy(). // _objectAdapterFactory = 0; destroy(); __setNoDelete(false); throw; } __setNoDelete(false); }
void ServiceI::start( const string& name, const CommunicatorPtr& communicator, const StringSeq& /*args*/) { PropertiesPtr properties = communicator->getProperties(); validateProperties(name, properties, communicator->getLogger()); int id = properties->getPropertyAsIntWithDefault(name + ".NodeId", -1); // If we are using a replicated deployment and if the topic // manager thread pool max size is not set then ensure it is set // to some suitably high number. This ensures no deadlocks in the // replicated case due to call forwarding from replicas to // coordinators. if(id != -1 && properties->getProperty(name + ".TopicManager.ThreadPool.SizeMax").empty()) { properties->setProperty(name + ".TopicManager.ThreadPool.SizeMax", "100"); } Ice::ObjectAdapterPtr topicAdapter = communicator->createObjectAdapter(name + ".TopicManager"); Ice::ObjectAdapterPtr publishAdapter = communicator->createObjectAdapter(name + ".Publish"); // // We use the name of the service for the name of the database environment. // string instanceName = properties->getPropertyWithDefault(name + ".InstanceName", "IceStorm"); Identity topicManagerId; topicManagerId.category = instanceName; topicManagerId.name = "TopicManager"; if(properties->getPropertyAsIntWithDefault(name+ ".Transient", 0) > 0) { _instance = new Instance(instanceName, name, communicator, publishAdapter, topicAdapter, 0); try { TransientTopicManagerImplPtr manager = new TransientTopicManagerImpl(_instance); _managerProxy = TopicManagerPrx::uncheckedCast(topicAdapter->add(manager, topicManagerId)); } catch(const Ice::Exception& ex) { _instance = 0; LoggerOutputBase s; s << "exception while starting IceStorm service " << name << ":\n"; s << ex; IceBox::FailureException e(__FILE__, __LINE__); e.reason = s.str(); throw e; } topicAdapter->activate(); publishAdapter->activate(); return; } if(id == -1) // No replication. { _instance = new Instance(instanceName, name, communicator, publishAdapter, topicAdapter); try { _manager = new TopicManagerImpl(_instance); _managerProxy = TopicManagerPrx::uncheckedCast(topicAdapter->add(_manager->getServant(), topicManagerId)); } catch(const Ice::Exception& ex) { _instance = 0; LoggerOutputBase s; s << "exception while starting IceStorm service " << name << ":\n"; s << ex; IceBox::FailureException e(__FILE__, __LINE__); e.reason = s.str(); throw e; } } else { // Here we want to create a map of id -> election node // proxies. map<int, NodePrx> nodes; string topicManagerAdapterId = properties->getProperty(name + ".TopicManager.AdapterId"); // We support two possible deployments. The first is a manual // deployment, the second is IceGrid. // // Here we check for the manual deployment const string prefix = name + ".Nodes."; Ice::PropertyDict props = properties->getPropertiesForPrefix(prefix); if(!props.empty()) { for(Ice::PropertyDict::const_iterator p = props.begin(); p != props.end(); ++p) { int nodeid = atoi(p->first.substr(prefix.size()).c_str()); nodes[nodeid] = NodePrx::uncheckedCast(communicator->propertyToProxy(p->first)); } } else { // If adapter id's are defined for the topic manager or // node adapters then we consider this an IceGrid based // deployment. string nodeAdapterId = properties->getProperty(name + ".Node.AdapterId"); // Validate first that the adapter ids match for the node // and the topic manager otherwise some other deployment // is being used. const string suffix = ".TopicManager"; if(topicManagerAdapterId.empty() || nodeAdapterId.empty() || topicManagerAdapterId.replace( topicManagerAdapterId.find(suffix), suffix.size(), ".Node") != nodeAdapterId) { Ice::Error error(communicator->getLogger()); error << "deployment error: `" << topicManagerAdapterId << "' prefix does not match `" << nodeAdapterId << "'"; throw IceBox::FailureException(__FILE__, __LINE__, "IceGrid deployment is incorrect"); } // Determine the set of node id and node proxies. // // This is determined by locating all topic manager // replicas, and then working out the node for that // replica. // // We work out the node id by removing the instance // name. The node id must follow. // IceGrid::LocatorPrx locator = IceGrid::LocatorPrx::checkedCast(communicator->getDefaultLocator()); assert(locator); IceGrid::QueryPrx query = locator->getLocalQuery(); Ice::ObjectProxySeq replicas = query->findAllReplicas( communicator->stringToProxy(instanceName + "/TopicManager")); for(Ice::ObjectProxySeq::const_iterator p = replicas.begin(); p != replicas.end(); ++p) { string adapterid = (*p)->ice_getAdapterId(); // Replace TopicManager with the node endpoint. adapterid = adapterid.replace(adapterid.find(suffix), suffix.size(), ".Node"); // The adapter id must start with the instance name. if(adapterid.find(instanceName) != 0) { Ice::Error error(communicator->getLogger()); error << "deployment error: `" << adapterid << "' does not start with `" << instanceName << "'"; throw IceBox::FailureException(__FILE__, __LINE__, "IceGrid deployment is incorrect"); } // The node id follows. We find the first digit (the // start of the node id, and then the end of the // digits). string::size_type start = instanceName.size(); while(start < adapterid.size() && !IceUtilInternal::isDigit(adapterid[start])) { ++start; } string::size_type end = start; while(end < adapterid.size() && IceUtilInternal::isDigit(adapterid[end])) { ++end; } if(start == end) { // We must have at least one digit, otherwise there is // some sort of deployment error. Ice::Error error(communicator->getLogger()); error << "deployment error: node id does not follow instance name. instance name:" << instanceName << " adapter id: " << adapterid; throw IceBox::FailureException(__FILE__, __LINE__, "IceGrid deployment is incorrect"); } int nodeid = atoi(adapterid.substr(start, end-start).c_str()); ostringstream os; os << "node" << nodeid; Ice::Identity id; id.category = instanceName; id.name = os.str(); nodes[nodeid] = NodePrx::uncheckedCast((*p)->ice_adapterId(adapterid)->ice_identity(id)); } } if(nodes.size() < 3) { Ice::Error error(communicator->getLogger()); error << "Replication requires at least 3 Nodes"; throw IceBox::FailureException(__FILE__, __LINE__, "Replication requires at least 3 Nodes"); } try { // If the node thread pool size is not set then initialize // to the number of nodes + 1 and disable thread pool size // warnings. if(properties->getProperty(name + ".Node.ThreadPool.Size").empty()) { ostringstream os; os << nodes.size() + 1; properties->setProperty(name + ".Node.ThreadPool.Size", os.str()); properties->setProperty(name + ".Node.ThreadPool.SizeWarn", "0"); } if(properties->getProperty(name + ".Node.MessageSizeMax").empty()) { properties->setProperty(name + ".Node.MessageSizeMax", "0"); // No limit on data exchanged internally } Ice::ObjectAdapterPtr nodeAdapter = communicator->createObjectAdapter(name + ".Node"); _instance = new Instance(instanceName, name, communicator, publishAdapter, topicAdapter, nodeAdapter, nodes[id]); _instance->observers()->setMajority(static_cast<unsigned int>(nodes.size())/2); // Trace replication information. TraceLevelsPtr traceLevels = _instance->traceLevels(); if(traceLevels->election > 0) { Ice::Trace out(traceLevels->logger, traceLevels->electionCat); out << "I am node " << id << "\n"; for(map<int, NodePrx>::const_iterator p = nodes.begin(); p != nodes.end(); ++p) { out << "\tnode: " << p->first << " proxy: " << p->second->ice_toString() << "\n"; } } if(topicManagerAdapterId.empty()) { // We're not using an IceGrid deployment. Here we need // a proxy which is used to create proxies to the // replicas later. _managerProxy = TopicManagerPrx::uncheckedCast(topicAdapter->createProxy(topicManagerId)); } else { // If we're using IceGrid deployment we need to create // indirect proxies. _managerProxy = TopicManagerPrx::uncheckedCast(topicAdapter->createIndirectProxy(topicManagerId)); } _manager = new TopicManagerImpl(_instance); topicAdapter->add(_manager->getServant(), topicManagerId); ostringstream os; // The node object identity. os << "node" << id; Ice::Identity nodeid; nodeid.category = instanceName; nodeid.name = os.str(); NodeIPtr node = new NodeI(_instance, _manager, _managerProxy, id, nodes); _instance->setNode(node); nodeAdapter->add(node, nodeid); nodeAdapter->activate(); node->start(); } catch(const Ice::Exception& ex) { _instance = 0; LoggerOutputBase s; s << "exception while starting IceStorm service " << name << ":\n"; s << ex; IceBox::FailureException e(__FILE__, __LINE__); e.reason = s.str(); throw e; } } topicAdapter->add(new FinderI(TopicManagerPrx::uncheckedCast(topicAdapter->createProxy(topicManagerId))), communicator->stringToIdentity("IceStorm/Finder")); topicAdapter->activate(); publishAdapter->activate(); }
// // Setup the engine. // void IceSSL::SecureTransportEngine::initialize() { IceUtil::Mutex::Lock lock(_mutex); if(_initialized) { return; } SSLEngine::initialize(); const PropertiesPtr properties = communicator()->getProperties(); // // Check for a default directory. We look in this directory for // files mentioned in the configuration. // const string defaultDir = properties->getProperty("IceSSL.DefaultDir"); // // Load the CA certificates used to authenticate peers into // _certificateAuthorities array. // try { string caFile = properties->getProperty("IceSSL.CAs"); if(caFile.empty()) { caFile = properties->getProperty("IceSSL.CertAuthFile"); } if(!caFile.empty()) { string resolved; if(!checkPath(caFile, defaultDir, false, resolved)) { throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: CA certificate file not found:\n" + caFile); } _certificateAuthorities.reset(loadCACertificates(resolved)); } else if(properties->getPropertyAsInt("IceSSL.UsePlatformCAs") <= 0) { // Setup an empty list of Root CAs to not use the system root CAs. _certificateAuthorities.reset(CFArrayCreate(0, 0, 0, 0)); } } catch(const CertificateReadException& ce) { throw PluginInitializationException(__FILE__, __LINE__, ce.reason); } const string password = properties->getProperty("IceSSL.Password"); const int passwordRetryMax = properties->getPropertyAsIntWithDefault("IceSSL.PasswordRetryMax", 3); PasswordPromptPtr passwordPrompt = getPasswordPrompt(); string certFile = properties->getProperty("IceSSL.CertFile"); string keyFile = properties->getProperty("IceSSL.KeyFile"); string findCert = properties->getProperty("IceSSL.FindCert"); string keychain = properties->getProperty("IceSSL.Keychain"); string keychainPassword = properties->getProperty("IceSSL.KeychainPassword"); if(!certFile.empty()) { vector<string> files; if(!IceUtilInternal::splitString(certFile, IceUtilInternal::pathsep, files) || files.size() > 2) { throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: invalid value for IceSSL.CertFile:\n" + certFile); } vector<string> keyFiles; if(!keyFile.empty()) { if(!IceUtilInternal::splitString(keyFile, IceUtilInternal::pathsep, keyFiles) || keyFiles.size() > 2) { throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: invalid value for IceSSL.KeyFile:\n" + keyFile); } if(files.size() != keyFiles.size()) { throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: IceSSL.KeyFile does not agree with IceSSL.CertFile"); } } for(int i = 0; i < files.size(); ++i) { string file = files[i]; string keyFile = keyFiles.empty() ? "" : keyFiles[i]; string resolved; if(!checkPath(file, defaultDir, false, resolved)) { throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: certificate file not found:\n" + file); } file = resolved; if(!keyFile.empty()) { if(!checkPath(keyFile, defaultDir, false, resolved)) { throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: key file not found:\n" + keyFile); } keyFile = resolved; } try { _chain.reset(loadCertificateChain(file, keyFile, keychain, keychainPassword, password, passwordPrompt, passwordRetryMax)); break; } catch(const CertificateReadException& ce) { // // If this is the last certificate rethrow the exception as PluginInitializationException, // otherwise try the next certificate. // if(i == files.size() - 1) { throw PluginInitializationException(__FILE__, __LINE__, ce.reason); } } } } else if(!findCert.empty()) { _chain.reset(findCertificateChain(keychain, keychainPassword, findCert)); } // // DiffieHellmanParams in DER format. // #if defined(ICE_USE_SECURE_TRANSPORT_MACOS) string dhFile = properties->getProperty("IceSSL.DHParams"); if(!dhFile.empty()) { string resolved; if(!checkPath(dhFile, defaultDir, false, resolved)) { throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: DH params file not found:\n" + dhFile); } readFile(resolved, _dhParams); } #endif // // Establish the cipher list. // const string ciphers = properties->getProperty("IceSSL.Ciphers"); CiphersHelper::initialize(); if(!ciphers.empty()) { parseCiphers(ciphers); } if(securityTraceLevel() >= 1) { ostringstream os; os << "enabling SSL ciphersuites:"; if(_ciphers.empty()) { map<string, SSLCipherSuite> enabled = CiphersHelper::ciphers(); for(map<string, SSLCipherSuite>::const_iterator i = enabled.begin(); i != enabled.end(); ++i) { os << "\n " << i->first; } } else { for(vector<SSLCipherSuite>::const_iterator i = _ciphers.begin(); i != _ciphers.end(); ++i) { os << "\n " << getCipherName(*i); } } getLogger()->trace(securityTraceCategory(), os.str()); } // // Parse protocols // const string protocolVersionMax = properties->getProperty("IceSSL.ProtocolVersionMax"); if(!protocolVersionMax.empty()) { _protocolVersionMax = parseProtocol(protocolVersionMax); } // // The default min protocol version is set to TLS1.0 to avoid security issues with SSLv3 // const string protocolVersionMin = properties->getPropertyWithDefault("IceSSL.ProtocolVersionMin", "tls1_0"); if(!protocolVersionMin.empty()) { _protocolVersionMin = parseProtocol(protocolVersionMin); } _initialized = true; }
bool NodeService::startImpl(int argc, char* argv[], int& status) { bool nowarn = false; bool readonly = false; string initFromReplica; string desc; vector<string> targets; for(int i = 1; i < argc; ++i) { if(strcmp(argv[i], "-h") == 0 || strcmp(argv[i], "--help") == 0) { usage(argv[0]); status = EXIT_SUCCESS; return false; } else if(strcmp(argv[i], "-v") == 0 || strcmp(argv[i], "--version") == 0) { print(ICE_STRING_VERSION); status = EXIT_SUCCESS; return false; } else if(strcmp(argv[i], "--nowarn") == 0) { nowarn = true; } else if(strcmp(argv[i], "--readonly") == 0) { readonly = true; } else if(strcmp(argv[i], "--initdb-from-replica") == 0) { if(i + 1 >= argc) { error("missing replica argument for option `" + string(argv[i]) + "'"); usage(argv[0]); return false; } initFromReplica = argv[++i]; } else if(strcmp(argv[i], "--deploy") == 0) { if(i + 1 >= argc) { error("missing descriptor argument for option `" + string(argv[i]) + "'"); usage(argv[0]); return false; } desc = argv[++i]; while(i + 1 < argc && argv[++i][0] != '-') { targets.push_back(argv[i]); } } else { error("invalid option: `" + string(argv[i]) + "'"); usage(argv[0]); return false; } } PropertiesPtr properties = communicator()->getProperties(); // // Disable server idle time. Otherwise, the adapter would be // shutdown prematurely and the deactivation would fail. // Deactivation of the node relies on the object adapter // to be active since it needs to terminate servers. // // TODO: implement Ice.ServerIdleTime in the activator // termination listener instead? // properties->setProperty("Ice.ServerIdleTime", "0"); // // Warn the user that setting Ice.ThreadPool.Server isn't useful. // if(!nowarn && properties->getPropertyAsIntWithDefault("Ice.ThreadPool.Server.Size", 0) > 0) { Warning out(communicator()->getLogger()); out << "setting `Ice.ThreadPool.Server.Size' is not useful, "; out << "you should set individual adapter thread pools instead."; } setupThreadPool(properties, "IceGrid.Node.ThreadPool", 1, 100); // // Create the activator. // TraceLevelsPtr traceLevels = new TraceLevels(communicator(), "IceGrid.Node"); _activator = new Activator(traceLevels); // // Collocate the IceGrid registry if we need to. // if(properties->getPropertyAsInt("IceGrid.Node.CollocateRegistry") > 0) { _registry = new CollocatedRegistry(communicator(), _activator, nowarn, readonly, initFromReplica); if(!_registry->start()) { return false; } // // Set the default locator property to point to the collocated // locator (this property is passed by the activator to each // activated server). The default locator is also needed by // the node session manager. // if(properties->getProperty("Ice.Default.Locator").empty()) { Identity locatorId; locatorId.category = properties->getPropertyWithDefault("IceGrid.InstanceName", "IceGrid"); locatorId.name = "Locator"; string endpoints = properties->getProperty("IceGrid.Registry.Client.Endpoints"); string locPrx = "\"" + communicator()->identityToString(locatorId) + "\" :" + endpoints; communicator()->setDefaultLocator(Ice::LocatorPrx::uncheckedCast(communicator()->stringToProxy(locPrx))); properties->setProperty("Ice.Default.Locator", locPrx); } } else if(properties->getProperty("Ice.Default.Locator").empty()) { error("property `Ice.Default.Locator' is not set"); return false; } // // Initialize the database environment (first setup the directory structure if needed). // string dataPath = properties->getProperty("IceGrid.Node.Data"); string dbPath; if(dataPath.empty()) { error("property `IceGrid.Node.Data' is not set"); return false; } else { if(!IceUtilInternal::directoryExists(dataPath)) { FileException ex(__FILE__, __LINE__); ex.path = dataPath; ex.error = IceInternal::getSystemErrno(); ServiceError err(this); err << "property `IceGrid.Node.Data' is set to an invalid path:\n" << ex; return false; } // // Creates subdirectories. // if(dataPath[dataPath.length() - 1] != '/') { dataPath += "/"; } IcePatch2::createDirectory(dataPath + "servers"); IcePatch2::createDirectory(dataPath + "tmp"); IcePatch2::createDirectory(dataPath + "distrib"); #ifdef _WIN32 // // Make sure these directories are not indexed by the Windows // indexing service (which can cause random "Access Denied" // errors if indexing runs at the same time as the node is // creating/deleting files). // try { setNoIndexingAttribute(dataPath + "servers"); setNoIndexingAttribute(dataPath + "tmp"); setNoIndexingAttribute(dataPath + "distrib"); } catch(const FileException& ex) { if(!nowarn) { Warning out(communicator()->getLogger()); out << "couldn't disable file indexing:\n" << ex; } } #endif } // // Check that required properties are set and valid. // if(properties->getProperty("IceGrid.Node.Endpoints").empty()) { error("property `IceGrid.Node.Endpoints' is not set"); return false; } string name = properties->getProperty("IceGrid.Node.Name"); if(name.empty()) { error("property `IceGrid.Node.Name' is not set"); return false; } // // Setup the Freeze database environment home directory. The name of the database // environment for the IceGrid node is the name of the node. // properties->setProperty("Freeze.DbEnv." + name + ".DbHome", dbPath); // // Create the node object adapter. // _adapter = communicator()->createObjectAdapter("IceGrid.Node"); // // Setup the user account mapper if configured. // string mapperProperty = "IceGrid.Node.UserAccountMapper"; string mapperPropertyValue = properties->getProperty(mapperProperty); UserAccountMapperPrx mapper; if(!mapperPropertyValue.empty()) { try { mapper = UserAccountMapperPrx::uncheckedCast(communicator()->propertyToProxy(mapperProperty)); } catch(const std::exception& ex) { ServiceError err(this); err << "user account mapper `" << mapperProperty << "' is invalid:\n" << ex; return false; } } else { string userAccountFileProperty = properties->getProperty("IceGrid.Node.UserAccounts"); if(!userAccountFileProperty.empty()) { try { Ice::ObjectPrx object = _adapter->addWithUUID(new FileUserAccountMapperI(userAccountFileProperty)); object = object->ice_collocationOptimized(true); mapper = UserAccountMapperPrx::uncheckedCast(object); } catch(const std::string& msg) { error(msg); return false; } } } // // Create a new timer to handle server activation/deactivation timeouts. // _timer = new IceUtil::Timer(); // // The IceGrid instance name. // const string instanceName = communicator()->getDefaultLocator()->ice_getIdentity().category; _sessions.reset(new NodeSessionManager(communicator())); // // Create the server factory. The server factory creates persistent objects // for the server and server adapter. It also takes care of installing the // evictors and object factories necessary to store these objects. // Identity id = communicator()->stringToIdentity(instanceName + "/Node-" + name); NodePrx nodeProxy = NodePrx::uncheckedCast(_adapter->createProxy(id)); _node = new NodeI(_adapter, *_sessions, _activator, _timer, traceLevels, nodeProxy, name, mapper); _adapter->add(_node, nodeProxy->ice_getIdentity()); _adapter->addServantLocator(new DefaultServantLocator(new NodeServerAdminRouter(_node)), _node->getServerAdminCategory()); // // Start the platform info thread if needed. // _node->getPlatformInfo().start(); // // Ensures that the locator is reachable. // if(!nowarn) { try { communicator()->getDefaultLocator()->ice_timeout(1000)->ice_ping(); } catch(const Ice::LocalException& ex) { Warning out(communicator()->getLogger()); out << "couldn't reach the IceGrid registry (this is expected "; out << "if it's down, otherwise please check the value of the "; out << "Ice.Default.Locator property):\n" << ex; } } // // Create the node sessions with the registries. // _sessions->create(_node); // // In some tests, we deploy icegridnodes using IceGrid: // if(properties->getProperty("Ice.Admin.Endpoints") != "") { // // Replace Process facet and create Admin object // try { ProcessPtr origProcess = ProcessPtr::dynamicCast(communicator()->removeAdminFacet("Process")); communicator()->addAdminFacet(new ProcessI(_activator, origProcess), "Process"); communicator()->getAdmin(); } catch(const Ice::NotRegisteredException&) { // // Some plug-in removed the Process facet, so we don't replace it. // (unlikely error though) // } } // // Start the activator. // _activator->start(); // // Activate the adapter. // _adapter->activate(); // // Notify the node session manager that the node can start // accepting incoming connections. // _sessions->activate(); string bundleName = properties->getProperty("IceGrid.Node.PrintServersReady"); if(!bundleName.empty() || !desc.empty()) { enableInterrupt(); if(!_sessions->waitForCreate()) { // // Create was interrupted, return true as if the service was // correctly initiliazed to make sure it's properly stopped. // return true; } disableInterrupt(); } // // Deploy application if a descriptor is passed as a command-line option. // if(!desc.empty()) { try { Ice::Identity regId; regId.category = instanceName; regId.name = "Registry"; RegistryPrx registry = RegistryPrx::checkedCast(communicator()->getDefaultLocator()->findObjectById(regId)); if(!registry) { throw "invalid registry"; } registry = registry->ice_preferSecure(true); // Use SSL if available. IceGrid::AdminSessionPrx session; if(communicator()->getProperties()->getPropertyAsInt("IceGridAdmin.AuthenticateUsingSSL")) { session = registry->createAdminSessionFromSecureConnection(); } else { string id = communicator()->getProperties()->getProperty("IceGridAdmin.Username"); string password = communicator()->getProperties()->getProperty("IceGridAdmin.Password"); while(id.empty()) { cout << "user id: " << flush; getline(cin, id); id = IceUtilInternal::trim(id); } if(password.empty()) { cout << "password: "******"failed to deploy application `" << desc << "':\n" << ex; } catch(const AccessDeniedException& ex) { ServiceWarning warn(this); warn << "failed to deploy application `" << desc << "':\n" << "registry database is locked by `" << ex.lockUserId << "'"; } catch(const std::exception& ex) { ServiceWarning warn(this); warn << "failed to deploy application `" << desc << "':\n" << ex; } catch(const string& reason) { ServiceWarning warn(this); warn << "failed to deploy application `" << desc << "':\n" << reason; } } if(!bundleName.empty()) { print(bundleName + " ready"); } return true; }
bool RegistryI::start(bool nowarn) { assert(_communicator); PropertiesPtr properties = _communicator->getProperties(); // // Initialize the database environment. // string dbPath = properties->getProperty("IceGrid.Registry.Data"); if(dbPath.empty()) { Error out(_communicator->getLogger()); out << "property `IceGrid.Registry.Data' is not set"; return false; } else { struct stat filestat; if(stat(dbPath.c_str(), &filestat) != 0 || !S_ISDIR(filestat.st_mode)) { Error out(_communicator->getLogger()); SyscallException ex(__FILE__, __LINE__); ex.error = getSystemErrno(); out << "property `IceGrid.Registry.Data' is set to an invalid path:\n" << ex; return false; } } // // Check that required properties are set and valid. // if(properties->getProperty("IceGrid.Registry.Client.Endpoints").empty()) { Error out(_communicator->getLogger()); out << "property `IceGrid.Registry.Client.Endpoints' is not set"; return false; } if(properties->getProperty("IceGrid.Registry.Server.Endpoints").empty()) { Error out(_communicator->getLogger()); out << "property `IceGrid.Registry.Server.Endpoints' is not set"; return false; } if(properties->getProperty("IceGrid.Registry.Internal.Endpoints").empty()) { Error out(_communicator->getLogger()); out << "property `IceGrid.Registry.Internal.Endpoints' is not set"; return false; } if(!properties->getProperty("IceGrid.Registry.SessionManager.Endpoints").empty()) { if(!nowarn) { Warning out(_communicator->getLogger()); out << "session manager endpoints `IceGrid.Registry.SessionManager.Endpoints' enabled"; } } properties->setProperty("Ice.PrintProcessId", "0"); properties->setProperty("Ice.ServerIdleTime", "0"); properties->setProperty("IceGrid.Registry.Client.AdapterId", ""); properties->setProperty("IceGrid.Registry.Server.AdapterId", ""); properties->setProperty("IceGrid.Registry.SessionManager.AdapterId", ""); properties->setProperty("IceGrid.Registry.Internal.AdapterId", ""); setupThreadPool(properties, "Ice.ThreadPool.Client", 1, 100); setupThreadPool(properties, "IceGrid.Registry.Client.ThreadPool", 1, 10); setupThreadPool(properties, "IceGrid.Registry.Server.ThreadPool", 1, 10); setupThreadPool(properties, "IceGrid.Registry.SessionManager.ThreadPool", 1, 10); setupThreadPool(properties, "IceGrid.Registry.Internal.ThreadPool", 1, 100); _replicaName = properties->getPropertyWithDefault("IceGrid.Registry.ReplicaName", "Master"); _master = _replicaName == "Master"; _sessionTimeout = properties->getPropertyAsIntWithDefault("IceGrid.Registry.SessionTimeout", 30); // // Get the instance name // if(_master) { _instanceName = properties->getProperty("IceGrid.InstanceName"); if(_instanceName.empty()) { if(_communicator->getDefaultLocator()) { _instanceName = _communicator->getDefaultLocator()->ice_getIdentity().category; } else { _instanceName = "IceGrid"; } } } else { if(properties->getProperty("Ice.Default.Locator").empty()) { Error out(_communicator->getLogger()); out << "property `Ice.Default.Locator' is not set"; return false; } _instanceName = _communicator->getDefaultLocator()->ice_getIdentity().category; } // // Ensure that nothing is running on this port. This is also // useful to ensure that we don't run twice the same instance of // the service too (which would cause the database environment of // the already running instance to be "corrupted".) // try { string endpoints = properties->getProperty("IceGrid.Registry.Client.Endpoints"); string strPrx = _instanceName + "/Locator:" + endpoints; _communicator->stringToProxy(strPrx)->ice_timeout(5000)->ice_ping(); Error out(_communicator->getLogger()); out << "an IceGrid registry is already running and listening on the client endpoints `" << endpoints << "'"; return false; } catch(const Ice::LocalException&) { } properties->setProperty("Freeze.DbEnv.Registry.DbHome", dbPath); properties->setProperty("Freeze.DbEnv.Registry.DbPrivate", "0"); // // Create the reaper thread. // _reaper = new ReapThread(); _reaper->start(); // // Create the internal registry object adapter. // ObjectAdapterPtr registryAdapter = _communicator->createObjectAdapter("IceGrid.Registry.Internal"); registryAdapter->activate(); // // Create the internal IceStorm service. // Identity registryTopicManagerId; registryTopicManagerId.category = _instanceName; registryTopicManagerId.name = "RegistryTopicManager"; _iceStorm = IceStorm::Service::create(_communicator, registryAdapter, registryAdapter, "IceGrid.Registry", registryTopicManagerId, "Registry"); const IceStorm::TopicManagerPrx topicManager = _iceStorm->getTopicManager(); // // Create the registry database. // _database = new Database(registryAdapter, topicManager, _instanceName, _traceLevels, getInfo()); _wellKnownObjects = new WellKnownObjectsManager(_database); // // Get the saved replica/node proxies and remove them from the // database. // Ice::ObjectProxySeq proxies; Ice::ObjectProxySeq::const_iterator p; NodePrxSeq nodes; proxies = _database->getInternalObjectsByType(Node::ice_staticId()); for(p = proxies.begin(); p != proxies.end(); ++p) { nodes.push_back(NodePrx::uncheckedCast(*p)); } InternalRegistryPrxSeq replicas; proxies = _database->getObjectsByType(InternalRegistry::ice_staticId()); for(p = proxies.begin(); p != proxies.end(); ++p) { replicas.push_back(InternalRegistryPrx::uncheckedCast(*p)); } // // NOTE: The internal registry object must be added only once the // node/replica proxies are retrieved and removed from the // database. Otherwise, if some replica/node register as soon as // the internal registry is setup we might clear valid proxies. // InternalRegistryPrx internalRegistry = setupInternalRegistry(registryAdapter); if(_master) { nodes = registerReplicas(internalRegistry, replicas, nodes); registerNodes(internalRegistry, nodes); } else { InternalReplicaInfoPtr info = _platform.getInternalReplicaInfo(); _session.create(_replicaName, info, _database, _wellKnownObjects, internalRegistry); registerNodes(internalRegistry, _session.getNodes(nodes)); } ObjectAdapterPtr serverAdapter = _communicator->createObjectAdapter("IceGrid.Registry.Server"); _clientAdapter = _communicator->createObjectAdapter("IceGrid.Registry.Client"); ObjectAdapterPtr sessionManagerAdapter; if(!properties->getProperty("IceGrid.Registry.SessionManager.Endpoints").empty()) { sessionManagerAdapter = _communicator->createObjectAdapter("IceGrid.Registry.SessionManager"); } Ice::Identity dummy; dummy.name = "dummy"; _wellKnownObjects->addEndpoint("Client", _clientAdapter->createDirectProxy(dummy)); _wellKnownObjects->addEndpoint("Server", serverAdapter->createDirectProxy(dummy)); if(sessionManagerAdapter) { _wellKnownObjects->addEndpoint("SessionManager", sessionManagerAdapter->createDirectProxy(dummy)); } _wellKnownObjects->addEndpoint("Internal", registryAdapter->createDirectProxy(dummy)); setupNullPermissionsVerifier(registryAdapter); if(!setupUserAccountMapper(registryAdapter)) { return false; } QueryPrx query = setupQuery(_clientAdapter); RegistryPrx registry = setupRegistry(_clientAdapter); Ice::LocatorRegistryPrx locatorRegistry = setupLocatorRegistry(serverAdapter); LocatorPrx internalLocator = setupLocator(_clientAdapter, registryAdapter, locatorRegistry, registry, query); // // Add a default servant locator to the client object adapter. The // default servant ensure that request on session objects are from // the same connection as the connection that created the session. // _sessionServantLocator = new SessionServantLocatorI(_clientAdapter, _instanceName); _clientAdapter->addServantLocator(_sessionServantLocator, ""); setupClientSessionFactory(registryAdapter, sessionManagerAdapter, internalLocator, nowarn); setupAdminSessionFactory(registryAdapter, sessionManagerAdapter, internalLocator, nowarn); _wellKnownObjects->finish(); if(_master) { _wellKnownObjects->registerAll(); } else { _session.registerAllWellKnownObjects(); } // // We are ready to go! // serverAdapter->activate(); _clientAdapter->activate(); if(sessionManagerAdapter) { sessionManagerAdapter->activate(); } return true; }
bool RegistryI::startImpl() { assert(_communicator); PropertiesPtr properties = _communicator->getProperties(); // // Check that required properties are set and valid. // if(properties->getProperty("IceGrid.Registry.Client.Endpoints").empty()) { Error out(_communicator->getLogger()); out << "property `IceGrid.Registry.Client.Endpoints' is not set"; return false; } if(properties->getProperty("IceGrid.Registry.Server.Endpoints").empty()) { Error out(_communicator->getLogger()); out << "property `IceGrid.Registry.Server.Endpoints' is not set"; return false; } if(properties->getProperty("IceGrid.Registry.Internal.Endpoints").empty()) { Error out(_communicator->getLogger()); out << "property `IceGrid.Registry.Internal.Endpoints' is not set"; return false; } if(!properties->getProperty("IceGrid.Registry.SessionManager.Endpoints").empty()) { if(!_nowarn) { Warning out(_communicator->getLogger()); out << "session manager endpoints `IceGrid.Registry.SessionManager.Endpoints' enabled"; if(properties->getPropertyAsInt("IceGrid.Registry.SessionFilters") == 0) { out << " (with Glacier2 filters disabled)"; } } } if(!properties->getProperty("IceGrid.Registry.AdminSessionManager.Endpoints").empty()) { if(!_nowarn) { Warning out(_communicator->getLogger()); out << "administrative session manager endpoints `IceGrid.Registry.AdminSessionManager.Endpoints' enabled"; if(properties->getPropertyAsInt("IceGrid.Registry.AdminSessionFilters") == 0) { out << " (with Glacier2 filters disabled)"; } } } properties->setProperty("Ice.PrintProcessId", "0"); properties->setProperty("Ice.ServerIdleTime", "0"); properties->setProperty("IceGrid.Registry.Client.AdapterId", ""); properties->setProperty("IceGrid.Registry.Server.AdapterId", ""); properties->setProperty("IceGrid.Registry.SessionManager.AdapterId", ""); properties->setProperty("IceGrid.Registry.Internal.AdapterId", ""); setupThreadPool(properties, "IceGrid.Registry.Client.ThreadPool", 1, 10); setupThreadPool(properties, "IceGrid.Registry.Server.ThreadPool", 1, 10, true); // Serialize for admin callbacks setupThreadPool(properties, "IceGrid.Registry.SessionManager.ThreadPool", 1, 10); setupThreadPool(properties, "IceGrid.Registry.Internal.ThreadPool", 1, 100); _replicaName = properties->getPropertyWithDefault("IceGrid.Registry.ReplicaName", "Master"); _master = _replicaName == "Master"; _sessionTimeout = properties->getPropertyAsIntWithDefault("IceGrid.Registry.SessionTimeout", 30); if(!_master && properties->getProperty("Ice.Default.Locator").empty()) { if(properties->getProperty("Ice.Default.Locator").empty()) { Error out(_communicator->getLogger()); out << "property `Ice.Default.Locator' is not set"; return false; } } // // Get the instance name // if(_master) { _instanceName = properties->getProperty("IceGrid.InstanceName"); if(_instanceName.empty()) { if(_communicator->getDefaultLocator()) { _instanceName = _communicator->getDefaultLocator()->ice_getIdentity().category; } else { _instanceName = "IceGrid"; } } } else { _instanceName = _communicator->getDefaultLocator()->ice_getIdentity().category; } // // Ensure that nothing is running on this port. This is also // useful to ensure that we don't run twice the same instance of // the service too (which would cause the database environment of // the already running instance to be "corrupted".) // try { string endpoints = properties->getProperty("IceGrid.Registry.Client.Endpoints"); string strPrx = _instanceName + "/Locator:" + endpoints; _communicator->stringToProxy(strPrx)->ice_timeout(5000)->ice_ping(); Error out(_communicator->getLogger()); out << "an IceGrid registry is already running and listening on the client endpoints `" << endpoints << "'"; return false; } catch(const Ice::LocalException&) { } // // Create the reaper thread. // _reaper = new ReapThread(); _reaper->start(); // // Create the internal registry object adapter. // ObjectAdapterPtr registryAdapter = _communicator->createObjectAdapter("IceGrid.Registry.Internal"); registryAdapter->activate(); // // Create the internal IceStorm service. // Identity registryTopicManagerId; registryTopicManagerId.category = _instanceName; registryTopicManagerId.name = "RegistryTopicManager"; _iceStorm = IceStormInternal::Service::create(_communicator, registryAdapter, registryAdapter, "IceGrid.Registry", registryTopicManagerId, "Registry"); const IceStorm::TopicManagerPrx topicManager = _iceStorm->getTopicManager(); // // Create the registry database. // DatabasePluginPtr plugin; try { plugin = DatabasePluginPtr::dynamicCast(_communicator->getPluginManager()->getPlugin("DB")); } catch(const NotRegisteredException&) { } if(!plugin) { Error out(_communicator->getLogger()); out << "no database plugin configured with `Ice.Plugin.DB' or plugin is not a database plugin"; return false; } _database = new Database(registryAdapter, topicManager, _instanceName, _traceLevels, getInfo(), plugin, _readonly); _wellKnownObjects = new WellKnownObjectsManager(_database); // // Get the saved replica/node proxies. // ObjectProxySeq proxies; ObjectProxySeq::const_iterator p; NodePrxSeq nodes; proxies = _database->getInternalObjectsByType(Node::ice_staticId()); for(p = proxies.begin(); p != proxies.end(); ++p) { nodes.push_back(NodePrx::uncheckedCast(*p)); } InternalRegistryPrxSeq replicas; proxies = _database->getObjectsByType(InternalRegistry::ice_staticId()); for(p = proxies.begin(); p != proxies.end(); ++p) { replicas.push_back(InternalRegistryPrx::uncheckedCast(*p)); } // // NOTE: The internal registry object must be added only once the // node/replica proxies are retrieved. Otherwise, if some // replica/node register as soon as the internal registry is setup // we might clear valid proxies. // InternalRegistryPrx internalRegistry = setupInternalRegistry(registryAdapter); if(_master) { nodes = registerReplicas(internalRegistry, replicas, nodes); registerNodes(internalRegistry, nodes); } else { InternalReplicaInfoPtr info = _platform.getInternalReplicaInfo(); _session.create(_replicaName, info, _database, _wellKnownObjects, internalRegistry); registerNodes(internalRegistry, _session.getNodes(nodes)); } _serverAdapter = _communicator->createObjectAdapter("IceGrid.Registry.Server"); _clientAdapter = _communicator->createObjectAdapter("IceGrid.Registry.Client"); Ice::Identity dummy; dummy.name = "dummy"; _wellKnownObjects->addEndpoint("Client", _clientAdapter->createDirectProxy(dummy)); _wellKnownObjects->addEndpoint("Server", _serverAdapter->createDirectProxy(dummy)); _wellKnownObjects->addEndpoint("Internal", registryAdapter->createDirectProxy(dummy)); setupNullPermissionsVerifier(registryAdapter); if(!setupUserAccountMapper(registryAdapter)) { return false; } QueryPrx query = setupQuery(_clientAdapter); RegistryPrx registry = setupRegistry(_clientAdapter); Ice::LocatorRegistryPrx locatorRegistry = setupLocatorRegistry(_serverAdapter); LocatorPrx internalLocator = setupLocator(_clientAdapter, registryAdapter, locatorRegistry, registry, query); // // Create the session servant manager. The session servant manager is responsible // for managing sessions servants and to ensure that session servants are only // accessed by the connection that created the session. The session servant manager // also takes care of providing the router servant for server admin objects. // ObjectPtr serverAdminRouter = new RegistryServerAdminRouter(_database); AdminCallbackRouterPtr adminCallbackRouter = new AdminCallbackRouter; _servantManager = new SessionServantManager(_clientAdapter, _instanceName, true, getServerAdminCategory(), serverAdminRouter, adminCallbackRouter); _clientAdapter->addServantLocator(_servantManager, ""); _serverAdapter->addServantLocator(new DefaultServantLocator(adminCallbackRouter), ""); ObjectAdapterPtr sessionAdpt = setupClientSessionFactory(registryAdapter, internalLocator); ObjectAdapterPtr admSessionAdpt = setupAdminSessionFactory(registryAdapter, serverAdminRouter, internalLocator); _wellKnownObjects->finish(); if(_master) { _wellKnownObjects->registerAll(); } else { _session.registerAllWellKnownObjects(); } // // We are ready to go! // _serverAdapter->activate(); _clientAdapter->activate(); if(sessionAdpt) { sessionAdpt->activate(); } if(admSessionAdpt) { admSessionAdpt->activate(); } return true; }
IceInternal::DefaultsAndOverrides::DefaultsAndOverrides(const PropertiesPtr& properties) : overrideTimeout(false), overrideTimeoutValue(-1), overrideConnectTimeout(false), overrideConnectTimeoutValue(-1), overrideCloseTimeout(false), overrideCloseTimeoutValue(-1), overrideCompress(false), overrideCompressValue(false), overrideSecure(false), overrideSecureValue(false) { const_cast<string&>(defaultProtocol) = properties->getPropertyWithDefault("Ice.Default.Protocol", "tcp"); const_cast<string&>(defaultHost) = properties->getProperty("Ice.Default.Host"); string value; value = properties->getProperty("Ice.Override.Timeout"); if(!value.empty()) { const_cast<bool&>(overrideTimeout) = true; const_cast<Int&>(overrideTimeoutValue) = properties->getPropertyAsInt("Ice.Override.Timeout"); } value = properties->getProperty("Ice.Override.ConnectTimeout"); if(!value.empty()) { const_cast<bool&>(overrideConnectTimeout) = true; const_cast<Int&>(overrideConnectTimeoutValue) = properties->getPropertyAsInt("Ice.Override.ConnectTimeout"); } value = properties->getProperty("Ice.Override.CloseTimeout"); if(!value.empty()) { const_cast<bool&>(overrideCloseTimeout) = true; const_cast<Int&>(overrideCloseTimeoutValue) = properties->getPropertyAsInt("Ice.Override.CloseTimeout"); } value = properties->getProperty("Ice.Override.Compress"); if(!value.empty()) { const_cast<bool&>(overrideCompress) = true; const_cast<bool&>(overrideCompressValue) = properties->getPropertyAsInt("Ice.Override.Compress"); } value = properties->getProperty("Ice.Override.Secure"); if(!value.empty()) { const_cast<bool&>(overrideSecure) = true; const_cast<bool&>(overrideSecureValue) = properties->getPropertyAsInt("Ice.Override.Secure"); } const_cast<bool&>(defaultCollocationOptimization) = properties->getPropertyAsIntWithDefault("Ice.Default.CollocationOptimized", 1) > 0; value = properties->getPropertyWithDefault("Ice.Default.EndpointSelection", "Random"); if(value == "Random") { defaultEndpointSelection = Random; } else if(value == "Ordered") { defaultEndpointSelection = Ordered; } else { EndpointSelectionTypeParseException ex(__FILE__, __LINE__); ex.str = "illegal value `" + value + "'; expected `Random' or `Ordered'"; throw ex; } const_cast<int&>(defaultLocatorCacheTimeout) = properties->getPropertyAsIntWithDefault("Ice.Default.LocatorCacheTimeout", -1); const_cast<bool&>(defaultPreferSecure) = properties->getPropertyAsIntWithDefault("Ice.Default.PreferSecure", 0) > 0; value = properties->getPropertyWithDefault("Ice.Default.EncodingVersion", encodingVersionToString(currentEncoding)); defaultEncoding = stringToEncodingVersion(value); checkSupportedEncoding(defaultEncoding); bool slicedFormat = properties->getPropertyAsIntWithDefault("Ice.Default.SlicedFormat", 0) > 0; const_cast<FormatType&>(defaultFormat) = slicedFormat ? SlicedFormat : CompactFormat; }
IceInternal::DefaultsAndOverrides::DefaultsAndOverrides(const PropertiesPtr& properties, const LoggerPtr& logger) : overrideTimeout(false), overrideTimeoutValue(-1), overrideConnectTimeout(false), overrideConnectTimeoutValue(-1), overrideCloseTimeout(false), overrideCloseTimeoutValue(-1), overrideCompress(false), overrideCompressValue(false), overrideSecure(false), overrideSecureValue(false) { const_cast<string&>(defaultProtocol) = properties->getPropertyWithDefault("Ice.Default.Protocol", "tcp"); const_cast<string&>(defaultHost) = properties->getProperty("Ice.Default.Host"); string value; #ifndef ICE_OS_WINRT value = properties->getProperty("Ice.Default.SourceAddress"); if(!value.empty()) { const_cast<Address&>(defaultSourceAddress) = getNumericAddress(value); if(!isAddressValid(defaultSourceAddress)) { InitializationException ex(__FILE__, __LINE__); ex.reason = "invalid IP address set for Ice.Default.SourceAddress: `" + value + "'"; throw ex; } } #endif value = properties->getProperty("Ice.Override.Timeout"); if(!value.empty()) { const_cast<bool&>(overrideTimeout) = true; const_cast<Int&>(overrideTimeoutValue) = properties->getPropertyAsInt("Ice.Override.Timeout"); if(overrideTimeoutValue < 1 && overrideTimeoutValue != -1) { const_cast<Int&>(overrideTimeoutValue) = -1; Warning out(logger); out << "invalid value for Ice.Override.Timeout `" << properties->getProperty("Ice.Override.Timeout") << "': defaulting to -1"; } } value = properties->getProperty("Ice.Override.ConnectTimeout"); if(!value.empty()) { const_cast<bool&>(overrideConnectTimeout) = true; const_cast<Int&>(overrideConnectTimeoutValue) = properties->getPropertyAsInt("Ice.Override.ConnectTimeout"); if(overrideConnectTimeoutValue < 1 && overrideConnectTimeoutValue != -1) { const_cast<Int&>(overrideConnectTimeoutValue) = -1; Warning out(logger); out << "invalid value for Ice.Override.ConnectTimeout `" << properties->getProperty("Ice.Override.ConnectTimeout") << "': defaulting to -1"; } } value = properties->getProperty("Ice.Override.CloseTimeout"); if(!value.empty()) { const_cast<bool&>(overrideCloseTimeout) = true; const_cast<Int&>(overrideCloseTimeoutValue) = properties->getPropertyAsInt("Ice.Override.CloseTimeout"); if(overrideCloseTimeoutValue < 1 && overrideCloseTimeoutValue != -1) { const_cast<Int&>(overrideCloseTimeoutValue) = -1; Warning out(logger); out << "invalid value for Ice.Override.CloseTimeout `" << properties->getProperty("Ice.Override.CloseTimeout") << "': defaulting to -1"; } } value = properties->getProperty("Ice.Override.Compress"); if(!value.empty()) { const_cast<bool&>(overrideCompress) = true; const_cast<bool&>(overrideCompressValue) = properties->getPropertyAsInt("Ice.Override.Compress") > 0; } value = properties->getProperty("Ice.Override.Secure"); if(!value.empty()) { const_cast<bool&>(overrideSecure) = true; const_cast<bool&>(overrideSecureValue) = properties->getPropertyAsInt("Ice.Override.Secure") > 0; } const_cast<bool&>(defaultCollocationOptimization) = properties->getPropertyAsIntWithDefault("Ice.Default.CollocationOptimized", 1) > 0; value = properties->getPropertyWithDefault("Ice.Default.EndpointSelection", "Random"); if(value == "Random") { defaultEndpointSelection = Random; } else if(value == "Ordered") { defaultEndpointSelection = Ordered; } else { EndpointSelectionTypeParseException ex(__FILE__, __LINE__); ex.str = "illegal value `" + value + "'; expected `Random' or `Ordered'"; throw ex; } const_cast<int&>(defaultTimeout) = properties->getPropertyAsIntWithDefault("Ice.Default.Timeout", 60000); if(defaultTimeout < 1 && defaultTimeout != -1) { const_cast<Int&>(defaultTimeout) = 60000; Warning out(logger); out << "invalid value for Ice.Default.Timeout `" << properties->getProperty("Ice.Default.Timeout") << "': defaulting to 60000"; } const_cast<int&>(defaultInvocationTimeout) = properties->getPropertyAsIntWithDefault("Ice.Default.InvocationTimeout", -1); if(defaultInvocationTimeout < 1 && defaultInvocationTimeout != -1 && defaultInvocationTimeout != -2) { const_cast<Int&>(defaultInvocationTimeout) = -1; Warning out(logger); out << "invalid value for Ice.Default.InvocationTimeout `" << properties->getProperty("Ice.Default.InvocationTimeout") << "': defaulting to -1"; } const_cast<int&>(defaultLocatorCacheTimeout) = properties->getPropertyAsIntWithDefault("Ice.Default.LocatorCacheTimeout", -1); if(defaultLocatorCacheTimeout < -1) { const_cast<Int&>(defaultLocatorCacheTimeout) = -1; Warning out(logger); out << "invalid value for Ice.Default.LocatorCacheTimeout `" << properties->getProperty("Ice.Default.LocatorCacheTimeout") << "': defaulting to -1"; } const_cast<bool&>(defaultPreferSecure) = properties->getPropertyAsIntWithDefault("Ice.Default.PreferSecure", 0) > 0; value = properties->getPropertyWithDefault("Ice.Default.EncodingVersion", encodingVersionToString(currentEncoding)); defaultEncoding = stringToEncodingVersion(value); checkSupportedEncoding(defaultEncoding); bool slicedFormat = properties->getPropertyAsIntWithDefault("Ice.Default.SlicedFormat", 0) > 0; const_cast<FormatType&>(defaultFormat) = slicedFormat ? SlicedFormat : CompactFormat; }
int Client::run(int argc, char* argv[]) { IceUtilInternal::Options opts; opts.addOpt("h", "help"); opts.addOpt("v", "version"); vector<string> commands; try { commands = opts.parse(argc, const_cast<const char**>(argv)); } catch(const IceUtilInternal::BadOptException& e) { cerr << e.reason << endl; usage(); return EXIT_FAILURE; } if(opts.isSet("help")) { usage(); return EXIT_SUCCESS; } if(opts.isSet("version")) { cout << ICE_STRING_VERSION << endl; return EXIT_SUCCESS; } if(commands.empty()) { usage(); return EXIT_FAILURE; } ObjectPrxPtr base = communicator()->propertyToProxy("IceBoxAdmin.ServiceManager.Proxy"); if(base == 0) { // // The old deprecated way to retrieve the service manager proxy // PropertiesPtr properties = communicator()->getProperties(); Identity managerIdentity; managerIdentity.category = properties->getPropertyWithDefault("IceBox.InstanceName", "IceBox"); managerIdentity.name = "ServiceManager"; string managerProxy; if(properties->getProperty("Ice.Default.Locator").empty()) { string managerEndpoints = properties->getProperty("IceBox.ServiceManager.Endpoints"); if(managerEndpoints.empty()) { cerr << appName() << ": property `IceBoxAdmin.ServiceManager.Proxy' is not set" << endl; return EXIT_FAILURE; } managerProxy = "\"" + communicator()->identityToString(managerIdentity) + "\" :" + managerEndpoints; } else { string managerAdapterId = properties->getProperty("IceBox.ServiceManager.AdapterId"); if(managerAdapterId.empty()) { cerr << appName() << ": property `IceBoxAdmin.ServiceManager.Proxy' is not set" << endl; return EXIT_FAILURE; } managerProxy = "\"" + communicator()->identityToString(managerIdentity) + "\" @" + managerAdapterId; } base = communicator()->stringToProxy(managerProxy); } IceBox::ServiceManagerPrxPtr manager = ICE_CHECKED_CAST(IceBox::ServiceManagerPrx, base); if(!manager) { cerr << appName() << ": `" << base << "' is not an IceBox::ServiceManager" << endl; return EXIT_FAILURE; } Ice::SliceChecksumDict serverChecksums = manager->getSliceChecksums(); Ice::SliceChecksumDict localChecksums = Ice::sliceChecksums(); for(Ice::SliceChecksumDict::const_iterator p = localChecksums.begin(); p != localChecksums.end(); ++p) { Ice::SliceChecksumDict::const_iterator q = serverChecksums.find(p->first); if(q == serverChecksums.end()) { cerr << appName() << ": server is using unknown Slice type `" << q->first << "'" << endl; } else if(p->second != q->second) { cerr << appName() << ": server is using a different Slice definition of `" << q->first << "'" << endl; } } for(vector<string>::const_iterator r = commands.begin(); r != commands.end(); ++r) { if((*r) == "shutdown") { manager->shutdown(); } else if((*r) == "start") { if(++r == commands.end()) { cerr << appName() << ": no service name specified." << endl; return EXIT_FAILURE; } try { manager->startService(*r); } catch(const IceBox::NoSuchServiceException&) { cerr << appName() << ": unknown service `" << *r << "'" << endl; return EXIT_FAILURE; } catch(const IceBox::AlreadyStartedException&) { cerr << appName() << ": service already started." << endl; } } else if((*r) == "stop") { if(++r == commands.end()) { cerr << appName() << ": no service name specified." << endl; return EXIT_FAILURE; } try { manager->stopService(*r); } catch(const IceBox::NoSuchServiceException&) { cerr << appName() << ": unknown service `" << *r << "'" << endl; return EXIT_FAILURE; } catch(const IceBox::AlreadyStoppedException&) { cerr << appName() << ": service already stopped." << endl; } } else { cerr << appName() << ": unknown command `" << *r << "'" << endl; usage(); return EXIT_FAILURE; } } return EXIT_SUCCESS; }
void SChannelEngine::initialize() { Mutex::Lock lock(_mutex); if(_initialized) { return; } SSLEngine::initialize(); const string prefix = "IceSSL."; const PropertiesPtr properties = communicator()->getProperties(); // // Protocols selects which protocols to enable, by default we only enable TLS1.0 // TLS1.1 and TLS1.2 to avoid security issues with SSLv3 // vector<string> defaultProtocols; defaultProtocols.push_back("tls1_0"); defaultProtocols.push_back("tls1_1"); defaultProtocols.push_back("tls1_2"); const_cast<DWORD&>(_protocols) = parseProtocols(properties->getPropertyAsListWithDefault(prefix + "Protocols", defaultProtocols)); // // Check for a default directory. We look in this directory for // files mentioned in the configuration. // string defaultDir = properties->getProperty(prefix + "DefaultDir"); int passwordRetryMax = properties->getPropertyAsIntWithDefault(prefix + "PasswordRetryMax", 3); PasswordPromptPtr passwordPrompt = getPasswordPrompt(); setPassword(properties->getProperty(prefix + "Password")); string ciphers = properties->getProperty(prefix + "Ciphers"); if(!ciphers.empty()) { parseCiphers(ciphers); } if(securityTraceLevel() >= 1) { ostringstream os; os << "enabling SSL ciphersuites:"; if(_ciphers.empty()) { for(int i = 0; i < supportedCiphersSize; ++i) { os << "\n " << getCipherName(supportedCiphers[i]); } } else { for(vector<ALG_ID>::const_iterator i = _ciphers.begin(); i != _ciphers.end(); ++i) { os << "\n " << getCipherName(*i); } } getLogger()->trace(securityTraceCategory(), os.str()); } string certStore = properties->getPropertyWithDefault(prefix + "CertStore", "CurrentUser"); if(certStore != "CurrentUser" && certStore != "LocalMachine") { getLogger()->warning("Invalid IceSSL.CertStore value `" + certStore + "' adjusted to `CurrentUser'"); certStore = "CurrentUser"; } // // Create trusted CA store with contents of CertAuthFile // string caFile = properties->getProperty(prefix + "CertAuthFile"); if(!caFile.empty()) { _rootStore = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0, 0, 0); if(!_rootStore) { throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: error creating in memory certificate store:\n" + lastErrorToString()); } if(!checkPath(caFile, defaultDir, false)) { throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: CA certificate file not found:\n" + caFile); } addCertificateToStore(caFile, _rootStore); // // Create a chain engine that uses our Trusted Root Store // #ifdef __MINGW32__ CertChainEngineConfig config; memset(&config, 0, sizeof(CertChainEngineConfig)); config.cbSize = sizeof(CertChainEngineConfig); #else CERT_CHAIN_ENGINE_CONFIG config; memset(&config, 0, sizeof(CERT_CHAIN_ENGINE_CONFIG)); config.cbSize = sizeof(CERT_CHAIN_ENGINE_CONFIG); #endif config.hExclusiveRoot = _rootStore; // // Build the chain using the LocalMachine registry location as opposed // to the CurrentUser location. // if(certStore == "LocalMachine") { config.dwFlags = CERT_CHAIN_USE_LOCAL_MACHINE_STORE; } #ifdef __MINGW32__ if(!CertCreateCertificateChainEngine(reinterpret_cast<CERT_CHAIN_ENGINE_CONFIG*>(&config), &_chainEngine)) #else if(!CertCreateCertificateChainEngine(&config, &_chainEngine)) #endif { throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: error creating certificate chain engine:\n" + lastErrorToString()); } } else { _chainEngine = (certStore == "LocalMachine") ? HCCE_LOCAL_MACHINE : HCCE_CURRENT_USER; } // // Import the application certificate and private keys. // string keySet = properties->getPropertyWithDefault(prefix + "KeySet", "DefaultKeySet"); if(keySet != "DefaultKeySet" && keySet != "UserKeySet" && keySet != "MachineKeySet") { getLogger()->warning("Invalid IceSSL.KeySet value `" + keySet + "' adjusted to `DefaultKeySet'"); keySet = "DefaultKeySet"; } DWORD importFlags = (keySet == "MachineKeySet") ? CRYPT_MACHINE_KEYSET : CRYPT_USER_KEYSET; string certFile = properties->getProperty(prefix + "CertFile"); string keyFile = properties->getPropertyWithDefault(prefix + "KeyFile", certFile); if(!certFile.empty()) { vector<string> certFiles; if(!splitString(certFile, IceUtilInternal::pathsep, certFiles) || certFiles.size() > 2) { throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: invalid value for " + prefix + "CertFile:\n" + certFile); } vector<string> keyFiles; if(!splitString(keyFile, IceUtilInternal::pathsep, keyFiles) || keyFiles.size() > 2) { throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: invalid value for " + prefix + "KeyFile:\n" + keyFile); } if(certFiles.size() != keyFiles.size()) { throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: " + prefix + "KeyFile does not agree with " + prefix + "CertFile"); } for(size_t i = 0; i < certFiles.size(); ++i) { string certFile = certFiles[i]; if(!checkPath(certFile, defaultDir, false)) { throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: certificate file not found:\n" + certFile); } vector<char> buffer; readFile(certFile, buffer); CRYPT_DATA_BLOB pfxBlob; pfxBlob.cbData = static_cast<DWORD>(buffer.size()); pfxBlob.pbData = reinterpret_cast<BYTE*>(&buffer[0]); HCERTSTORE store = 0; PCCERT_CONTEXT cert = 0; int err = 0; int count = 0; do { string s = password(false); store = PFXImportCertStore(&pfxBlob, stringToWstring(s).c_str(), importFlags); err = store ? 0 : GetLastError(); } while(err == ERROR_INVALID_PASSWORD && passwordPrompt && ++count < passwordRetryMax); if(store) { _stores.push_back(store); cert = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0, CERT_FIND_ANY, 0, cert); if(!cert) { throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: certificate error:\n" + lastErrorToString()); } _certs.push_back(cert); continue; } assert(err); if(err != CRYPT_E_BAD_ENCODE) { throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: error decoding certificate:\n" + lastErrorToString()); } // // Try to load certificate & key as PEM files. // err = 0; keyFile = keyFiles[i]; if(!checkPath(keyFile, defaultDir, false)) { throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: key file not found:\n" + keyFile); } readFile(keyFile, buffer); vector<BYTE> outBuffer; outBuffer.resize(buffer.size()); DWORD outLength = static_cast<DWORD>(buffer.size()); // // Convert the PEM encoded buffer to DER binary format. // if(!CryptStringToBinary(&buffer[0], static_cast<DWORD>(buffer.size()), CRYPT_STRING_BASE64HEADER, &outBuffer[0], &outLength, 0, 0)) { throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: error decoding key:\n" + lastErrorToString()); } PCRYPT_PRIVATE_KEY_INFO keyInfo = 0; BYTE* key = 0; HCRYPTKEY hKey = 0; try { DWORD decodedLength = 0; if(!CryptDecodeObjectEx(X509_ASN_ENCODING, PKCS_PRIVATE_KEY_INFO, &outBuffer[0], outLength, CRYPT_DECODE_ALLOC_FLAG, 0, &keyInfo, &decodedLength)) { throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: error decoding key:\n" + lastErrorToString()); } // // Check that we are using a RSA Key // if(strcmp(keyInfo->Algorithm.pszObjId, szOID_RSA_RSA)) { throw PluginInitializationException(__FILE__, __LINE__, string("IceSSL: error unknow key algorithm: `") + keyInfo->Algorithm.pszObjId + "'"); } // // Create a new RSA key set to store our key // const wstring keySetName = stringToWstring(generateUUID()); HCRYPTPROV cryptProv = 0; DWORD contextFlags = (keySet == "MachineKeySet") ? CRYPT_MACHINE_KEYSET | CRYPT_NEWKEYSET : CRYPT_NEWKEYSET; if(!CryptAcquireContextW(&cryptProv, keySetName.c_str(), MS_DEF_PROV_W, PROV_RSA_FULL, contextFlags)) { throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: error acquiring cryptographic context:\n" + lastErrorToString()); } // // Decode the private key BLOB // if(!CryptDecodeObjectEx(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, PKCS_RSA_PRIVATE_KEY, keyInfo->PrivateKey.pbData, keyInfo->PrivateKey.cbData, CRYPT_DECODE_ALLOC_FLAG, 0, &key, &outLength)) { throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: error decoding key:\n" + lastErrorToString()); } LocalFree(keyInfo); keyInfo = 0; // // Import the private key // if(!CryptImportKey(cryptProv, key, outLength, 0, 0, &hKey)) { throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: error importing key:\n" + lastErrorToString()); } LocalFree(key); key = 0; CryptDestroyKey(hKey); hKey = 0; // // Create a new memory store to place the certificate // store = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0, 0, 0); if(!store) { throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: error creating certificate store:\n" + lastErrorToString()); } addCertificateToStore(certFile, store, &cert); // // Associate key & certificate // CRYPT_KEY_PROV_INFO keyProvInfo; memset(&keyProvInfo, 0, sizeof(keyProvInfo)); keyProvInfo.pwszContainerName = const_cast<wchar_t*>(keySetName.c_str()); keyProvInfo.pwszProvName = const_cast<wchar_t*>(MS_DEF_PROV_W); keyProvInfo.dwProvType = PROV_RSA_FULL; keyProvInfo.dwKeySpec = AT_KEYEXCHANGE; if(!CertSetCertificateContextProperty(cert, CERT_KEY_PROV_INFO_PROP_ID, 0, &keyProvInfo)) { throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: error seting certificate property:\n" + lastErrorToString()); } _certs.push_back(cert); _stores.push_back(store); } catch(...) { if(keyInfo) { LocalFree(keyInfo); } if(key) { LocalFree(key); } if(hKey) { CryptDestroyKey(hKey); } if(cert) { CertFreeCertificateContext(cert); } if(store) { CertCloseStore(store, 0); } throw; } } _allCerts.insert(_allCerts.end(), _certs.begin(), _certs.end()); } const string findPrefix = prefix + "FindCert."; map<string, string> certProps = properties->getPropertiesForPrefix(findPrefix); if(!certProps.empty()) { for(map<string, string>::const_iterator i = certProps.begin(); i != certProps.end(); ++i) { const string name = i->first; const string val = i->second; if(!val.empty()) { string storeSpec = name.substr(findPrefix.size()); vector<PCCERT_CONTEXT> certs = findCertificates(name, storeSpec, val, _stores); _allCerts.insert(_allCerts.end(), certs.begin(), certs.end()); } } if(_allCerts.empty()) { throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: no certificates found"); } } _initialized = true; }