void CIMServer::setState(Uint32 state)
{
    PEG_METHOD_ENTER(TRC_SERVER, "CIMServer::setState()");

    _serverState->setState(state);

    //
    // get the configured authentication and authorization flags
    //
    ConfigManager* configManager = ConfigManager::getInstance();

    Boolean enableAuthentication = ConfigManager::parseBooleanValue(
        configManager->getCurrentValue("enableAuthentication"));
    Boolean enableNamespaceAuthorization = ConfigManager::parseBooleanValue(
        configManager->getCurrentValue("enableNamespaceAuthorization"));

    if (state == CIMServerState::TERMINATING)
    {
        // tell decoder that CIMServer is terminating
        _cimOperationRequestDecoder->setServerTerminating(true);
        _cimExportRequestDecoder->setServerTerminating(true);
        _rsProcessor->setServerTerminating(true);
#ifdef PEGASUS_ENABLE_PROTOCOL_WSMAN
        _wsmProcessor->setServerTerminating(true);
#endif

        // tell authorizer that CIMServer is terminating ONLY if
        // authentication and authorization are enabled
        //
        if ( enableAuthentication && enableNamespaceAuthorization )
        {
            _cimOperationRequestAuthorizer->setServerTerminating(true);
        }
    }
    else
    {
        // tell decoder that CIMServer is not terminating
        _cimOperationRequestDecoder->setServerTerminating(false);
        _cimExportRequestDecoder->setServerTerminating(false);

        _rsProcessor->setServerTerminating(false);
#ifdef PEGASUS_ENABLE_PROTOCOL_WSMAN
        _wsmProcessor->setServerTerminating(false);
#endif

        // tell authorizer that CIMServer is terminating ONLY if
        // authentication and authorization are enabled
        //
        if ( enableAuthentication && enableNamespaceAuthorization )
        {
            _cimOperationRequestAuthorizer->setServerTerminating(false);
        }
    }
    PEG_METHOD_EXIT();
}
void CIMServer::auditLogInitializeCallback()
{
#ifdef PEGASUS_ENABLE_AUDIT_LOGGER

    Array<String> propertyNames;
    Array<String> propertyValues;

    // Get all current property names and values
    ConfigManager* configManager = ConfigManager::getInstance();

    configManager->getAllPropertyNames(propertyNames, false);

    for (Uint32 i = 0; i < propertyNames.size(); i++)
    {
        propertyValues.append(configManager->getCurrentValue(propertyNames[i]));
    }

    AuditLogger::logCurrentConfig(propertyNames, propertyValues);

    // get currently registered provider module instances
    Array<CIMInstance> moduleInstances;

    moduleInstances =
        _cimserver->_providerRegistrationManager->enumerateInstancesForClass(
        CIMObjectPath("PG_ProviderModule"));

    AuditLogger::logCurrentRegProvider(moduleInstances);

    AuditLogger::logCurrentEnvironmentVar();

#endif
}
Example #3
0
Array<String> CIMOperationRequestAuthorizer::_getAuthorizedUserGroups()
{
    PEG_METHOD_ENTER(TRC_SERVER,
        "CIMOperationRequestAuthorizer::getAuthorizedUserGroups");

    Array<String> authorizedGroups;

    String groupNames;

    //
    // Get a config manager instance
    //
    ConfigManager* configManager = ConfigManager::getInstance();

    groupNames = configManager->getCurrentValue("authorizedUserGroups");

    //
    // Check if the group name is empty
    //
    if (groupNames == String::EMPTY)
    {
        PEG_METHOD_EXIT();
        return authorizedGroups;
    }

    //
    // Append _GROUPNAME_SEPARATOR to the end of the groups
    //
    groupNames.append(_GROUPNAME_SEPARATOR);

    Uint32 position = 0;
    String groupName;

    while (groupNames != String::EMPTY)
    {
        //
        // Get a group name from user groups
        // User groups are separated by _GROUPNAME_SEPARATOR
        //
        position = groupNames.find(_GROUPNAME_SEPARATOR);
        groupName = groupNames.subString(0,(position));

        authorizedGroups.append(groupName);

        // Remove the searched group name
        groupNames.remove(0, position + 1);
    }

    PEG_METHOD_EXIT();

    return authorizedGroups;
}
Example #4
0
/* constructor. */
SecureBasicAuthenticator::SecureBasicAuthenticator() 
{ 
    PEG_METHOD_ENTER(TRC_AUTHENTICATION,
        "SecureBasicAuthenticator::SecureBasicAuthenticator()");

    // Build Authentication parameter realm required for Basic Challenge
    // e.g. realm="HostName"
    
    _realm.assign("realm=");
    _realm.append(Char16('"'));
    _realm.append(System::getHostName());
    _realm.append(Char16('"'));

    // Get a user manager instance handler
    _userManager = UserManager::getInstance();
                                       
#ifdef PEGASUS_OS_ZOS
    ConfigManager* configManager = ConfigManager::getInstance();
    
    if (String::equalNoCase(
        configManager->getCurrentValue("enableCFZAPPLID"),"true"))
# if (__TARGET_LIB__ < 0x410A0000) 
#ifdef PEGASUS_PLATFORM_ZOS_ZSERIES_IBM
    {

        //
        // Enable __passwd() for passticket validation 
        // for APPLID CFZAPPL in this thread.
        //
        set_ZOS_ApplicationID();
    } 
    else
    {
        Logger::put_l(Logger::STANDARD_LOG, ZOS_SECURITY_NAME, Logger::WARNING,
            MessageLoaderParms(
                "Security.Authentication.SecureBasicAuthenticator."
                     "APPLID_OMVSAPPL.PEGASUS_OS_ZOS",
                "CIM server authentication is using application ID OMVSAPPL."));
    }

    pthread_security_np(0,__USERID_IDENTITY,0,NULL,NULL,0);
#else
#error APPLID support is not available in 64-bit compilation mode before V1R10
#endif //PEGASUS_PLATFORM_ZOS_ZSERIES_IBM
#else
    {
        _zosAPPLID = "CFZAPPL";
    }
    else
    {
Example #5
0
int HTTPSessionList::_getSessionTimeout()
{
    PEG_METHOD_ENTER(TRC_AUTHENTICATION, "HTTPSessionList::_getSessionTimeout");
    // load httpSessionTimeout configuration value
    ConfigManager* configManager = ConfigManager::getInstance();
    String strTimeout = configManager->getCurrentValue("httpSessionTimeout");


    Uint64 timeout;
    StringConversion::decimalStringToUint64(strTimeout.getCString(),
            timeout, false);

    PEG_TRACE((TRC_AUTHENTICATION, Tracer::LEVEL3,
            "Session timeout is %d", (int)timeout));

    PEG_METHOD_EXIT();
    return timeout;
}
void CIMServer::startSLPProvider()
{
    PEG_METHOD_ENTER(TRC_SERVER, "CIMServer::startSLPProvider");

    // Get Config parameter to determine if we should start SLP.
    ConfigManager* configManager = ConfigManager::getInstance();
    Boolean _runSLP = ConfigManager::parseBooleanValue(
         configManager->getCurrentValue("slp"));

    // If false, do not start slp provider
    if (!_runSLP)
    {
        PEG_METHOD_EXIT();
        return;
    }
    // Create a separate thread, detach and call function to execute the
    // startup.
    Thread t( _callSLPProvider, 0, true );
    t.run();

    PEG_METHOD_EXIT();
    return;
}
Example #7
0
Boolean ProviderAgent::_readAndProcessRequest()
{
    PEG_METHOD_ENTER(TRC_PROVIDERAGENT,
        "ProviderAgent::_readAndProcessRequest");

    CIMRequestMessage* request;

    //
    // Read the request from CIM Server
    //
    CIMMessage* cimMessage;
    AnonymousPipe::Status readStatus = _pipeFromServer->readMessage(cimMessage);
    request = dynamic_cast<CIMRequestMessage*>(cimMessage);

    // Read operation was interrupted
    if (readStatus == AnonymousPipe::STATUS_INTERRUPT)
    {
        PEG_TRACE_CSTRING(TRC_PROVIDERAGENT, Tracer::LEVEL1,
            "Read operation was interrupted.");
        PEG_METHOD_EXIT();
        return false;
    }

    if (readStatus == AnonymousPipe::STATUS_CLOSED)
    {
        // The CIM Server connection is closed
        PEG_TRACE_CSTRING(TRC_PROVIDERAGENT, Tracer::LEVEL2,
            "CIMServer connection closed. Exiting.");
        _terminating = true;
        PEG_METHOD_EXIT();
        return false;
    }

    if (readStatus == AnonymousPipe::STATUS_ERROR)
    {
        PEG_TRACE_CSTRING(TRC_PROVIDERAGENT, Tracer::LEVEL1,
            "Error reading from pipe. Exiting.");
        Logger::put_l(Logger::ERROR_LOG, System::CIMSERVER, Logger::WARNING,
            MessageLoaderParms(
                "ProviderManager.ProviderAgent.ProviderAgent."
                    "CIMSERVER_COMMUNICATION_FAILED",
                "cimprovagt \"$0\" communication with CIM Server failed.  "
                    "Exiting.",
                _agentId));
        _terminating = true;
        PEG_METHOD_EXIT();
        return false;
    }

    // The message was not a request message.
    if (request == 0)
    {
        // The message was not empty.
        if (0 != cimMessage )
        {
            // The message was not a "wake up" message.
            if (cimMessage->getType() == PROVAGT_GET_SCMOCLASS_RESPONSE_MESSAGE)
            {

                PEG_TRACE_CSTRING(TRC_PROVIDERAGENT, Tracer::LEVEL3,
                    "Processing a SCMOClassResponseMessage.");

                AutoPtr<ProvAgtGetScmoClassResponseMessage> response(
                    dynamic_cast<ProvAgtGetScmoClassResponseMessage*>
                        (cimMessage));

                PEGASUS_DEBUG_ASSERT(response.get());

                _processGetSCMOClassResponse(response.get());

                // The provider agent is still busy.
                PEG_METHOD_EXIT();
                return true;
           }
        }

        // A "wake up" message means we should unload idle providers
        PEG_TRACE_CSTRING(TRC_PROVIDERAGENT, Tracer::LEVEL4,
            "Got a wake up message.");

        if (!_providerManagerRouter.hasActiveProviders())
        {
            // No active providers, so do not start an idle unload thread
            return false;
        }

        try
        {
            _unloadIdleProviders();
        }
        catch (...)
        {
            // Ignore exceptions from idle provider unloading
            PEG_TRACE_CSTRING(TRC_PROVIDERAGENT, Tracer::LEVEL2,
                "Ignoring exception from _unloadIdleProviders()");
        }
        PEG_METHOD_EXIT();
        return false;
    }

    PEG_TRACE((TRC_PROVIDERAGENT, Tracer::LEVEL3,
        "Received request from server with messageId %s",
        (const char*)request->messageId.getCString()));

    const AcceptLanguageListContainer acceptLang =
        request->operationContext.get(AcceptLanguageListContainer::NAME);
    Thread::setLanguages(acceptLang.getLanguages());

    // Get the ProviderIdContainer to complete the provider module instance
    // optimization.  If the provider module instance is blank (optimized
    // out), fill it in from our cache.  If it is not blank, update our
    // cache.  (See the _providerModuleCache member description.)
    if (request->operationContext.contains(ProviderIdContainer::NAME))
    {
        ProviderIdContainer pidc = request->operationContext.get(
            ProviderIdContainer::NAME);
        if (pidc.getModule().isUninitialized())
        {
            // Provider module is optimized out.  Fill it in from the cache.
            request->operationContext.set(ProviderIdContainer(
                _providerModuleCache, pidc.getProvider(),
                pidc.isRemoteNameSpace(), pidc.getRemoteInfo()));
        }
        else
        {
            // Update the cache with the new provider module instance.
            _providerModuleCache = pidc.getModule();
        }
    }

    //
    // It never should be possible to receive a request other than "initialise"
    // before the provider agent is in state isInitialised
    //
    // Bail out.
    //
    if (!_isInitialised &&
        (request->getType() != CIM_INITIALIZE_PROVIDER_AGENT_REQUEST_MESSAGE))
    {
        Logger::put_l(Logger::ERROR_LOG, System::CIMSERVER, Logger::WARNING,
            MessageLoaderParms(
                "ProviderManager.ProviderAgent.ProviderAgent."
                    "PROVIDERAGENT_NOT_INITIALIZED",
                "cimprovagt \"$0\" was not yet initialized "
                    "prior to receiving a request message. Exiting.",
                _agentId));
        _terminating = true;
        PEG_METHOD_EXIT();
        return false;
    }

    //
    // Check for messages to be handled by the Agent itself.
    //
    if (request->getType() == CIM_INITIALIZE_PROVIDER_AGENT_REQUEST_MESSAGE)
    {
        // Process the request in this thread
        AutoPtr<CIMInitializeProviderAgentRequestMessage> ipaRequest(
            dynamic_cast<CIMInitializeProviderAgentRequestMessage*>(request));
        PEGASUS_ASSERT(ipaRequest.get() != 0);

        ConfigManager::setPegasusHome(ipaRequest->pegasusHome);
        ConfigManager* configManager = ConfigManager::getInstance();

        // Initialize the configuration properties
        for (Uint32 i = 0; i < ipaRequest->configProperties.size(); i++)
        {
            configManager->initCurrentValue(
                ipaRequest->configProperties[i].first,
                ipaRequest->configProperties[i].second);
        }

        // Set the default resource bundle directory for the MessageLoader
        MessageLoader::setPegasusMsgHome(ConfigManager::getHomedPath(
            configManager->getCurrentValue("messageDir")));

        // Set the log file directory
#if !defined(PEGASUS_USE_SYSLOGS)
        Logger::setHomeDirectory(ConfigManager::getHomedPath(
            configManager->getCurrentValue("logdir")));
#endif
        System::bindVerbose = ipaRequest->bindVerbose;

        //
        //  Set _subscriptionInitComplete from value in
        //  InitializeProviderAgent request
        //
        _providerManagerRouter.setSubscriptionInitComplete
            (ipaRequest->subscriptionInitComplete);

        PEG_TRACE_CSTRING(TRC_PROVIDERAGENT, Tracer::LEVEL2,
            "Processed the agent initialization message.");

        // Notify the cimserver that the provider agent is initialized.
        Uint32 messageLength = 0;
        _pipeToServer->writeBuffer((const char*)&messageLength, sizeof(Uint32));

#if defined(PEGASUS_OS_ZOS) && defined(PEGASUS_ZOS_SECURITY)
        // prepare and setup the thread-level security environment on z/OS
        // if security initialization fails
        startupCheckBPXServer(false);
        startupCheckMSC();
        if (!isZOSSecuritySetup())
        {
            Logger::put_l(Logger::ERROR_LOG, ZOS_SECURITY_NAME, Logger::FATAL,
                MessageLoaderParms(
                    "ProviderManager.ProviderAgent.ProviderAgent."
                        "UNINITIALIZED_SECURITY_SETUP.PEGASUS_OS_ZOS",
                    "Security environment could not be initialised. "
                        "Assume security fraud. Stopping Provider Agent."));
            exit(1);
        }
#endif
        // provider agent is initialised and ready to go
        _isInitialised = true;
    }
    else if (request->getType() == CIM_NOTIFY_CONFIG_CHANGE_REQUEST_MESSAGE)
    {
        // Process the request in this thread
        AutoPtr<CIMNotifyConfigChangeRequestMessage> notifyRequest(
            dynamic_cast<CIMNotifyConfigChangeRequestMessage*>(request));
        PEGASUS_ASSERT(notifyRequest.get() != 0);

        //
        // Update the ConfigManager with the new property value
        //
        ConfigManager* configManager = ConfigManager::getInstance();
        CIMException responseException;
        try
        {
            if (notifyRequest->currentValueModified)
            {
                String userName = ((IdentityContainer)
                    request->operationContext.get(
                        IdentityContainer::NAME)).getUserName();

                configManager->updateCurrentValue(
                    notifyRequest->propertyName,
                    notifyRequest->newPropertyValue,
                    userName,
                    0,
                    false);
            }
            else
            {
                configManager->updatePlannedValue(
                    notifyRequest->propertyName,
                    notifyRequest->newPropertyValue,
                    true);
            }
        }
        catch (Exception& e)
        {
            responseException = PEGASUS_CIM_EXCEPTION(
                CIM_ERR_FAILED, e.getMessage());
        }

        AutoPtr<CIMResponseMessage> response(notifyRequest->buildResponse());
        response->cimException = responseException;

        // Return response to CIM Server
        _writeResponse(response.get());
    }
    else if ((request->getType() == CIM_DISABLE_MODULE_REQUEST_MESSAGE) ||
             (request->getType() == CIM_STOP_ALL_PROVIDERS_REQUEST_MESSAGE))
    {
        // Process the request in this thread
        AutoPtr<Message> response(_processRequest(request));
        _writeResponse(response.get());

        CIMResponseMessage * respMsg =
            dynamic_cast<CIMResponseMessage*>(response.get());

        // If StopAllProviders, terminate the agent process.
        // If DisableModule not successful, leave agent process running.
        if ((request->getType() == CIM_STOP_ALL_PROVIDERS_REQUEST_MESSAGE) ||
            ((request->getType() == CIM_DISABLE_MODULE_REQUEST_MESSAGE) &&
             (!dynamic_cast<CIMDisableModuleRequestMessage*>(request)->
                  disableProviderOnly) &&
             (respMsg->cimException.getCode() == CIM_ERR_SUCCESS)))
        {
            // Operation is successful. End the agent process.
            _providersStopped = true;
            _terminating = true;
        }

        delete request;
    }
    else if (request->getType () ==
             CIM_SUBSCRIPTION_INIT_COMPLETE_REQUEST_MESSAGE ||
            request->getType () ==
             CIM_INDICATION_SERVICE_DISABLED_REQUEST_MESSAGE)

    {
        //
        // Process the request in this thread
        //
        AutoPtr <Message> response (_processRequest (request));
        _writeResponse (response.get ());

        //
        //  Note: the response does not contain interesting data
        //

        delete request;
    }
    else
    {
        // Start a new thread to process the request
        ProviderAgentRequest* agentRequest =
            new ProviderAgentRequest(this, request);
        ThreadStatus rtn = PEGASUS_THREAD_OK;

        while ((rtn = _threadPool.allocate_and_awaken(agentRequest,
                   ProviderAgent::_processRequestAndWriteResponse)) !=
               PEGASUS_THREAD_OK)
        {
            if (rtn == PEGASUS_THREAD_INSUFFICIENT_RESOURCES)
            {
                Threads::yield();
            }
            else
            {
                PEG_TRACE_CSTRING(TRC_PROVIDERAGENT, Tracer::LEVEL1,
                    "Could not allocate thread to process agent request.");

                AutoPtr<CIMResponseMessage> response(request->buildResponse());
                response->cimException = PEGASUS_CIM_EXCEPTION_L(
                    CIM_ERR_FAILED,
                    MessageLoaderParms(
                        "ProviderManager.ProviderAgent.ProviderAgent."
                            "THREAD_ALLOCATION_FAILED",
                        "Failed to allocate a thread in cimprovagt \"$0\".",
                        _agentId));

                // Return response to CIM Server
                _writeResponse(response.get());

                delete agentRequest;
                delete request;

                break;
            }
        }
    }

    PEG_METHOD_EXIT();
    return true;
}
Example #8
0
void CIMOperationRequestAuthorizer::handleEnqueue(Message* request)
{

    PEG_METHOD_ENTER(TRC_SERVER,
        "CIMOperationRequestAuthorizer::handleEnqueue");

    if (!request)
    {
       PEG_METHOD_EXIT();
       return;
    }

    CIMOperationRequestMessage* tmp = 
        dynamic_cast<CIMOperationRequestMessage*>(request);
    AutoPtr<CIMOperationRequestMessage> req(tmp);

    PEGASUS_ASSERT(req.get());

    //
    // Get the HTTPConnection queue id
    //
    QueueIdStack qis = req->queueIds.copyAndPop();

    Uint32 queueId = qis.top();

    // Set the client's requested language into this service thread.
    // This will allow functions in this service to return messages
    // in the correct language.
    req->updateThreadLanguages();

    //
    // If CIMOM is shutting down, return "Service Unavailable" response
    //
    if (_serverTerminating)
    {
        Buffer message;
        message = XmlWriter::formatHttpErrorRspMessage(
            HTTP_STATUS_SERVICEUNAVAILABLE,
            String::EMPTY,
            "CIM Server is shutting down.");

        sendResponse(queueId, message);
        PEG_METHOD_EXIT();
        return;
    }

    String userName = ((IdentityContainer)(req->operationContext.get(
        IdentityContainer::NAME))).getUserName();
    String authType = req->authType;
    CIMNamespaceName nameSpace = req->nameSpace;
    String cimMethodName;

    switch (req->getType())
    {
        case CIM_GET_CLASS_REQUEST_MESSAGE:
            cimMethodName = "GetClass";
            break;

        case CIM_GET_INSTANCE_REQUEST_MESSAGE:
            cimMethodName = "GetInstance";
            break;

        case CIM_DELETE_CLASS_REQUEST_MESSAGE:
            cimMethodName = "DeleteClass";
            break;

        case CIM_DELETE_INSTANCE_REQUEST_MESSAGE:
            cimMethodName = "DeleteInstance";
            break;

        case CIM_CREATE_CLASS_REQUEST_MESSAGE:
            cimMethodName = "CreateClass";
            break;

        case CIM_CREATE_INSTANCE_REQUEST_MESSAGE:
            cimMethodName = "CreateInstance";
            break;

        case CIM_MODIFY_CLASS_REQUEST_MESSAGE:
            cimMethodName = "ModifyClass";
            break;

        case CIM_MODIFY_INSTANCE_REQUEST_MESSAGE:
            cimMethodName = "ModifyInstance";
            break;

        case CIM_ENUMERATE_CLASSES_REQUEST_MESSAGE:
            cimMethodName = "EnumerateClasses";
            break;

        case CIM_ENUMERATE_CLASS_NAMES_REQUEST_MESSAGE:
            cimMethodName = "EnumerateClassNames";
            break;

        case CIM_ENUMERATE_INSTANCES_REQUEST_MESSAGE:
            cimMethodName = "EnumerateInstances";
            break;

        case CIM_ENUMERATE_INSTANCE_NAMES_REQUEST_MESSAGE:
            cimMethodName = "EnumerateInstanceNames";
            break;

        case CIM_EXEC_QUERY_REQUEST_MESSAGE:
            cimMethodName = "ExecQuery";
            break;

        case CIM_ASSOCIATORS_REQUEST_MESSAGE:
            cimMethodName = "Associators";
            break;

        case CIM_ASSOCIATOR_NAMES_REQUEST_MESSAGE:
            cimMethodName = "AssociatorNames";
            break;

        case CIM_REFERENCES_REQUEST_MESSAGE:
            cimMethodName = "References";
            break;

        case CIM_REFERENCE_NAMES_REQUEST_MESSAGE:
            cimMethodName = "ReferenceNames";
            break;

        case CIM_GET_PROPERTY_REQUEST_MESSAGE:
            cimMethodName = "GetProperty";
            break;

        case CIM_SET_PROPERTY_REQUEST_MESSAGE:
            cimMethodName = "SetProperty";
            break;

        case CIM_GET_QUALIFIER_REQUEST_MESSAGE:
            cimMethodName = "GetQualifier";
            break;

        case CIM_SET_QUALIFIER_REQUEST_MESSAGE:
            cimMethodName = "SetQualifier";
            break;

        case CIM_DELETE_QUALIFIER_REQUEST_MESSAGE:
            cimMethodName = "DeleteQualifier";
            break;

        case CIM_ENUMERATE_QUALIFIERS_REQUEST_MESSAGE:
            cimMethodName = "EnumerateQualifiers";
            break;

        case CIM_INVOKE_METHOD_REQUEST_MESSAGE:
            cimMethodName = "InvokeMethod";
            break;

        default:
            PEGASUS_ASSERT(0);
            break;
    }

#ifdef PEGASUS_ZOS_SECURITY
    if (checkRequestTypeAuthorizationZOS(
            req->getType(), userName, nameSpace) == false)
    {
        //
        // user is not authorized, send an
        // error message to the requesting client.
        //
        if (cimMethodName == "InvokeMethod")
        {
            sendMethodError(
                queueId,
                req->getHttpMethod(),
                req->messageId,
                ((CIMInvokeMethodRequestMessage*)req.get())->methodName,
                PEGASUS_CIM_EXCEPTION_L(CIM_ERR_ACCESS_DENIED,
                    MessageLoaderParms(
                        "Server.CIMOperationRequestAuthorizer."
                            "NAMESPACE_AUTHORIZATION_FAILED",
                        "User '$0' is not authorized to run '$1' in the "
                            "namespace '$2'",
                        userName, cimMethodName, nameSpace.getString())));
        }
        else
        {
            sendIMethodError(
                queueId,
                req->getHttpMethod(),
                req->messageId,
                cimMethodName,
                PEGASUS_CIM_EXCEPTION_L(CIM_ERR_ACCESS_DENIED,
                    MessageLoaderParms(
                        "Server.CIMOperationRequestAuthorizer."
                            "NAMESPACE_AUTHORIZATION_FAILED",
                        "User '$0' is not authorized to run '$1' in the "
                            "namespace '$2'",
                        userName, cimMethodName, nameSpace.getString())));
        }
        PEG_METHOD_EXIT();
        return;
    }
#endif

#ifdef PEGASUS_ENABLE_USERGROUP_AUTHORIZATION
    //
    // If the user is not privileged and authorized user group is specified,
    // then perform the user group authorization check.
    //
    try
    {
        if ( ! System::isPrivilegedUser(userName) )
        {
            Uint32 size = _authorizedUserGroups.size();

            if (size > 0)
            {
                Boolean authorized = false;

                //
                // Check if the user name is in the authorized user groups.
                //
                for (Uint32 i = 0; i < size; i++)
                {
                    //
                    // Check if the user is a member of the group
                    //
                    if (System::isGroupMember(userName.getCString(),
                            _authorizedUserGroups[i].getCString()))
                    {
                        authorized = true;
                        break;
                    }
                }

                //
                // If the user is not a member of any of the authorized
                // user groups then generate error response.
                //
                if (!authorized)
                {
                    PEG_TRACE((TRC_SERVER, Tracer::LEVEL1,
                        "Authorization Failed: User '%s' "
                        "is not a member of the authorized groups",
                        (const char*)userName.getCString()));

                    MessageLoaderParms msgLoaderParms(
                        "Server.CIMOperationRequestAuthorizer."
                            "NOT_IN_AUTHORIZED_GRP",
                        "User '$0' is not authorized to access CIM data.",
                        userName);

                    //
                    // user is not in the authorized user groups, send an
                    // error message to the requesting client.
                    //
                    if (cimMethodName == "InvokeMethod")
                    {
                        sendMethodError(
                            queueId,
                            req->getHttpMethod(),
                            req->messageId,
                            ((CIMInvokeMethodRequestMessage*)req.get())->
                                methodName,
                            PEGASUS_CIM_EXCEPTION_L(CIM_ERR_ACCESS_DENIED,
                                msgLoaderParms));
                        PEG_METHOD_EXIT();
                        return;
                    }
                    else
                    {
                        sendIMethodError(
                            queueId,
                            req->getHttpMethod(),
                            req->messageId,
                            cimMethodName,
                            PEGASUS_CIM_EXCEPTION_L(CIM_ERR_ACCESS_DENIED,
                                msgLoaderParms));
                        PEG_METHOD_EXIT();
                        return;
                    }
                }
            }
        }
    }
    catch (InternalSystemError& ise)
    {
        sendIMethodError(
            queueId,
            req->getHttpMethod(),
            req->messageId,
            cimMethodName,
            PEGASUS_CIM_EXCEPTION(CIM_ERR_ACCESS_DENIED, ise.getMessage()));
        PEG_METHOD_EXIT();
        return;
    }
#endif  // #ifdef PEGASUS_ENABLE_USERGROUP_AUTHORIZATION

    //
    // Get a config manager instance
    //
    ConfigManager* configManager = ConfigManager::getInstance();

    //
    // Do namespace authorization verification
    //
    if (ConfigManager::parseBooleanValue(
        configManager->getCurrentValue("enableNamespaceAuthorization")))
    {
        //
        // If the user is not privileged, perform the authorization check.
        //
        if (!System::isPrivilegedUser(userName))
        {
            UserManager* userManager = UserManager::getInstance();

            if (!userManager ||
                !userManager->verifyAuthorization(
                     userName, nameSpace, cimMethodName))
            {
                if (cimMethodName == "InvokeMethod")
                {
                    sendMethodError(
                      queueId,
                      req->getHttpMethod(),
                      req->messageId,
                      ((CIMInvokeMethodRequestMessage*)req.get())->methodName,
                      PEGASUS_CIM_EXCEPTION_L(CIM_ERR_ACCESS_DENIED,
                          MessageLoaderParms(
                              "Server.CIMOperationRequestAuthorizer."
                                  "NAMESPACE_AUTHORIZATION_FAILED",
                              "User '$0' is not authorized to run '$1' in the "
                                  "namespace '$2'",
                              userName, cimMethodName, nameSpace.getString())));
                }
                else
                {
                    sendIMethodError(
                        queueId,
                        req->getHttpMethod(),
                        req->messageId,
                        cimMethodName,
                        PEGASUS_CIM_EXCEPTION_L(CIM_ERR_ACCESS_DENIED,
                            MessageLoaderParms(
                                "Server.CIMOperationRequestAuthorizer."
                                    "NAMESPACE_AUTHORIZATION_FAILED",
                                "User '$0' is not authorized to run '$1' in "
                                    "the namespace '$2'",
                                userName,
                                cimMethodName,
                                nameSpace.getString())));
                }

                PEG_METHOD_EXIT();
                return;
            }
        }
    }

    //
    // Enqueue the request
    //
    _outputQueue->enqueue(req.release());

    PEG_METHOD_EXIT();
}
Example #9
0
int CIMServerProcess::cimserver_run(
    int argc,
    char** argv,
    Boolean shutdownOption,
    Boolean debugOutputOption)
{
    Boolean daemonOption = false;

#if defined (PEGASUS_OS_PASE) && !defined (PEGASUS_DEBUG)
    // PASE have itself regular for checking privileged user
    if (!System::isPrivilegedUser("*CURRENT  "))
    {
        MessageLoaderParms parms(
                "src.Server.cimserver.NO_AUTHORITY.PEGASUS_OS_PASE",
                "The caller should be a privileged user,"
                " or the server will not run.");
        cerr << MessageLoader::getMessage(parms) << endl;
        exit (1);
    }
    char jobName[11];
    // this function only can be found in PASE environment
    umeGetJobName(jobName, false);
    if (strncmp("QUMECIMOM ", jobName, 10) != 0
            && strncmp("QUMEENDCIM", jobName, 10) != 0)
    {
        MessageLoaderParms parms(
                "src.Server.cimserver.NOT_OFFICIAL_START.PEGASUS_OS_PASE",
                "cimserver can not be started by user.\nServer will not run.");
        cerr << MessageLoader::getMessage(parms) << endl;
        exit (1);
    }

    // Direct standard input, output, and error to /dev/null,
    // PASE run this job in background, any output in not allowed
    freopen("/dev/null", "r", stdin);
    freopen("/dev/null", "w", stdout);
    freopen("/dev/null", "w", stderr);
#endif

    //
    // Get an instance of the Config Manager.
    //
    ConfigManager* configManager = ConfigManager::getInstance();
    configManager->useConfigFiles = true;

    try
    {
        //
        // Get options (from command line and from configuration file); this
        // removes corresponding options and their arguments from the command
        // line.  NOTE: If shutdownOption=true, the contents of current config
        // file are not overwritten by the planned config file.
        //
        GetOptions(configManager, argc, argv, shutdownOption);

        //
        // Initialize the message home directory in the MessageLoader.
        // This is the default directory where the resource bundles are found.
        //
        MessageLoader::setPegasusMsgHome(ConfigManager::getHomedPath(
            ConfigManager::getInstance()->getCurrentValue("messageDir")));

#if !defined(PEGASUS_USE_SYSLOGS)
        String logsDirectory = ConfigManager::getHomedPath(
            configManager->getCurrentValue("logdir"));

        // Set up the Logger.  This does not open the logs.
        // Might be more logical to clean before set.
        Logger::setHomeDirectory(logsDirectory);
#endif


#ifdef PEGASUS_OS_PASE
        /* write job log to tell where pegasus log is.*/
        if(logsDirectory.size() > 0)
            // this function only can be found in PASE environment
            logPegasusDir2joblog(logsDirectory.getCString());
        else
            logPegasusDir2joblog(".");

        // set ccsid to unicode for entire job
        // ccsid is globolization mechanism in PASE environment
        if (_SETCCSID(1208) == -1)
        {
            MessageLoaderParms parms(
                    "src.Server.cimserver.SET_CCSID_ERROR.PEGASUS_OS_PASE",
                    "Failed to set CCSID, server will stop.");
            cerr << MessageLoader::getMessage(parms) << endl;
            Logger::put_l(Logger::ERROR_LOG, System::CIMSERVER, Logger::FATAL,
                    parms);
            exit (1);
        }

        char fullJobName[29];
        umeGetJobName(fullJobName, true);
        Logger::put_l(Logger::STANDARD_LOG, System::CIMSERVER,
                Logger::INFORMATION,
                MessageLoaderParms(
                    "src.Server.cimserver.SERVER_JOB_NAME.PEGASUS_OS_PASE",
                    "CIM Server's Job Name is: $0", fullJobName));
#endif

#ifdef PEGASUS_DISABLE_LOCAL_DOMAIN_SOCKET
        // Make sure at least one connection is enabled

        Boolean enableHttpConnection = ConfigManager::parseBooleanValue(
            configManager->getCurrentValue("enableHttpConnection"));
        Boolean enableHttpsConnection = ConfigManager::parseBooleanValue(
            configManager->getCurrentValue("enableHttpsConnection"));

        if (!enableHttpConnection && !enableHttpsConnection)
        {
            MessageLoaderParms parms(
                "src.Server.cimserver.HTTP_NOT_ENABLED_SERVER_NOT_STARTING",
                "Neither HTTP nor HTTPS connection is enabled."
                    "  CIMServer will not be started.");
            Logger::put_l(
                Logger::STANDARD_LOG, System::CIMSERVER, Logger::WARNING,
                parms);
            cerr << MessageLoader::getMessage(parms) << endl;
            return 1;
        }
#endif

        //
        // Check to see if we should start Pegasus as a daemon
        //
        daemonOption = ConfigManager::parseBooleanValue(
            configManager->getCurrentValue("daemon"));

        if ((Executor::detectExecutor() == 0) && (daemonOption == false))
        {
            MessageLoaderParms parms(
                "src.Server.cimserver.PRIVSEP_REQUIRES_DAEMON",
                "Warning: The configuration setting daemon=false is ignored "
                    "with privilege separation enabled.");
            cerr << MessageLoader::getMessage(parms) << endl;
            daemonOption = true;
        }

        //
        // Check to see if we need to shutdown CIMOM
        //
        if (shutdownOption)
        {
#if defined(PEGASUS_OS_ZOS) && defined(PEGASUS_ZOS_SECURITY)
            // This checks whether user is authorized to stop the
            // CIM Server. When unauthorized a message is logged to
            // to the user and program exits.
            shutdownCheckProfileCIMSERVclassWBEM();
            // Depending on the success of the previous check we may not
            // reach this code!!!
#endif
            String configTimeout =
                configManager->getCurrentValue("shutdownTimeout");
            Uint32 timeoutValue =
                strtol(configTimeout.getCString(), (char **)0, 10);

            ServerShutdownClient serverShutdownClient(&_serverRunStatus);
            serverShutdownClient.shutdown(timeoutValue);

            MessageLoaderParms parms(
                "src.Server.cimserver.SERVER_STOPPED",
                "CIM Server stopped.");

            cout << MessageLoader::getMessage(parms) << endl;
            return 0;
        }

#if defined(PEGASUS_DEBUG) && !defined(PEGASUS_USE_SYSLOGS)
        // Leave this in until people get familiar with the logs.
        MessageLoaderParms parms("src.Server.cimserver.LOGS_DIRECTORY",
                                 "Logs Directory = ");
        cout << MessageLoader::getMessage(parms) << logsDirectory << endl;
#endif
    }
    catch (Exception& e)
    {
        MessageLoaderParms parms("src.Server.cimserver.SERVER_NOT_STARTED",
            "cimserver not started: $0", e.getMessage());
        Logger::put_l(Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE,
            parms);
        cerr << MessageLoader::getMessage(parms) << endl;

        return 1;
    }

#if defined(PEGASUS_OS_ZOS) 
#  if defined(PEGASUS_ZOS_SECURITY)
    startupCheckBPXServer(true);
    startupCheckProfileCIMSERVclassWBEM();
    startupEnableMSC();
#  endif
    startupWaitForTCPIP();
#endif

#if defined(PEGASUS_DEBUG)
    // Put out startup up message.
    cout << _cimServerProcess->getProductName() << " " <<
        _cimServerProcess->getCompleteVersion() << endl;
#endif

    // Force initialization of hostname and fullyQualifiedHostName through
    // retrieving current value from Configuration Manager
    // - this will run getCurrentValue() in DefaultPropertyOwner.cpp
    configManager->getCurrentValue("hostname");
    configManager->getCurrentValue("fullyQualifiedHostName");

    // reset message loading to NON-process locale
    MessageLoader::_useProcessLocale = false;

    // Get the parent's PID before forking
    _serverRunStatus.setParentPid(System::getPID());

    // Do not fork when using privilege separation (executor will daemonize
    // itself later).
    if (daemonOption)
    {
        if (-1 == _cimServerProcess->cimserver_fork())
            return -1;
    }

    // Now we are after the fork...
    // Create a dummy Thread object that can be used to store the
    // AcceptLanguageList object for CIM requests that are serviced
    // by this thread (initial thread of server).  Need to do this
    // because this thread is not in a ThreadPool, but is used
    // to service CIM requests.
    // The run function for the dummy Thread should never be called,
    dummyInitialThread = new Thread(dummyThreadFunc, NULL, false);
    Thread::setCurrent(dummyInitialThread);
    try
    {
        Thread::setLanguages(LanguageParser::getDefaultAcceptLanguages());
    }
    catch (InvalidAcceptLanguageHeader& e)
    {
        Logger::put_l(Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE,
            MessageLoaderParms(
                "src.Server.cimserver.FAILED_TO_SET_PROCESS_LOCALE",
                "Could not convert the system process locale into a valid "
                    "AcceptLanguage format."));
        Logger::put(Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE,
            e.getMessage());
    }

#ifndef PEGASUS_OS_TYPE_WINDOWS
    umask(S_IRWXG|S_IRWXO);
#endif

    // Start up the CIM Server

    try
    {
#if defined(PEGASUS_OS_TYPE_UNIX)
        //
        // Lock the CIMSERVER_LOCK_FILE during CIM Server start-up to prevent
        // concurrent writes to this file by multiple cimserver processes
        // starting at the same time.
        //
        CString startupLockFileName = ConfigManager::getHomedPath(
            PEGASUS_CIMSERVER_START_LOCK_FILE).getCString();

        // Make sure the start-up lock file exists
        FILE* startupLockFile;
        if ((startupLockFile = fopen(startupLockFileName, "w")) != 0)
        {
            fclose(startupLockFile);
        }

        AutoFileLock fileLock(startupLockFileName);
#endif

#if defined(PEGASUS_OS_TYPE_UNIX) || defined(PEGASUS_OS_VMS)
        //
        // Check if a CIM Server is already running.  If so, print an error
        // message and notify the parent process (if there is one) to terminate
        //
        if (_serverRunStatus.isServerRunning())
        {
            MessageLoaderParms parms(
                "src.Server.cimserver.UNABLE_TO_START_SERVER_ALREADY_RUNNING",
                "Unable to start CIMServer. CIMServer is already running.");
            Logger::put_l(
                Logger::ERROR_LOG, System::CIMSERVER, Logger::INFORMATION,
                parms);
            cerr << MessageLoader::getMessage(parms) << endl;

            if (daemonOption)
            {
                _cimServerProcess->notify_parent(1);
            }

            return 1;
        }

        //
        // Declare ourselves as the running CIM Server process, and write our
        // PID to the PID file.
        //
        _serverRunStatus.setServerRunning();
#endif

        // Create and initialize the CIMServer object

        _cimServer = new CIMServer();

        Boolean enableHttpConnection = ConfigManager::parseBooleanValue(
            configManager->getCurrentValue("enableHttpConnection"));
        Boolean enableHttpsConnection = ConfigManager::parseBooleanValue(
            configManager->getCurrentValue("enableHttpsConnection"));

#ifdef PEGASUS_DISABLE_LOCAL_DOMAIN_SOCKET
        // Make sure at least one connection is enabled
        if (!enableHttpConnection && !enableHttpsConnection)
        {
            MessageLoaderParms parms(
                "src.Server.cimserver.HTTP_NOT_ENABLED_SERVER_NOT_STARTING",
                "Neither HTTP nor HTTPS connection is enabled.");
            throw Exception(parms);
        }
#endif

        Boolean addIP6Acceptor = false;
        Boolean addIP4Acceptor = false;

#ifdef PEGASUS_OS_TYPE_WINDOWS
        addIP4Acceptor = true;
#endif

#ifdef PEGASUS_ENABLE_IPV6
        // If IPv6 stack is disabled swicth to IPv4 stack.
        if (System::isIPv6StackActive())
        {
            addIP6Acceptor = true;
        }
        else
        {
            PEG_TRACE_CSTRING(TRC_SERVER,Tracer::LEVEL4,
                "IPv6 stack is not active, using IPv4 socket.");
        }
#endif
        if (!addIP6Acceptor)
        {
            addIP4Acceptor = true;
        }

        // The server HTTP and HTTPS ports are determined via this algorithm:
        // 1) If the user explicitly specified a port, use it.
        // 2) If the user did not specify a port, get the port from the
        //    services file.
        // 3) If no value is specified in the services file, use the IANA WBEM
        //    default port.
        // Note that 2 and 3 are done within the System::lookupPort method
        // An empty string from the ConfigManager implies that the user did not
        // specify a port.

        if (enableHttpConnection)
        {
            Uint32 portNumberHttp = 0;
            String httpPort = configManager->getCurrentValue("httpPort");
            if (httpPort.size() == 0)
            {
                //
                // Look up the WBEM-HTTP port number
                //
                portNumberHttp = System::lookupPort(
                    WBEM_HTTP_SERVICE_NAME, WBEM_DEFAULT_HTTP_PORT);
                _initConfigProperty("httpPort", portNumberHttp);
            }
            else
            {
                Uint64 longNumber;
                // use the current value which has been checked for validity at
                // load(fct. GetOptions), see DefaultPropertyOwner::isValid()
                StringConversion::decimalStringToUint64(
                    httpPort.getCString(),
                    longNumber);
                portNumberHttp = longNumber & 0xffff;
            }

            String listenOn = configManager->getCurrentValue("listenAddress");
            if(String::equalNoCase(listenOn, "All"))
            {
                if (addIP6Acceptor)
                {
                    _cimServer->addAcceptor(HTTPAcceptor::IPV6_CONNECTION,
                        portNumberHttp, false);
                }
                if (addIP4Acceptor)
                {
                    _cimServer->addAcceptor(HTTPAcceptor::IPV4_CONNECTION,
                        portNumberHttp, false);
                }
            }
            else // Restricted listening
            {
                _restrictListening(
                    configManager, listenOn, portNumberHttp, false);
            }

            // The port number is converted to a string to avoid the
            //  addition of localized characters (e.g., "5,988").
            char scratchBuffer[22];
            Uint32 n;
            const char * portNumberHttpStr = Uint32ToString(
                scratchBuffer, portNumberHttp, n);
            MessageLoaderParms parms(
                "src.Server.cimserver.LISTENING_ON_HTTP_PORT",
                "Listening on HTTP port $0.", portNumberHttpStr);
            Logger::put_l(
                Logger::STANDARD_LOG, System::CIMSERVER, Logger::INFORMATION,
                parms);
#if defined(PEGASUS_DEBUG)
            cout << MessageLoader::getMessage(parms) << endl;
#endif
        }

        if (enableHttpsConnection)
        {
            Uint32 portNumberHttps = 0;
            String httpsPort = configManager->getCurrentValue("httpsPort");
            if (httpsPort.size() == 0)
            {
                //
                // Look up the WBEM-HTTPS port number
                //
                portNumberHttps = System::lookupPort(
                    WBEM_HTTPS_SERVICE_NAME, WBEM_DEFAULT_HTTPS_PORT);
                _initConfigProperty("httpsPort", portNumberHttps);
            }
            else
            {
                Uint64 longNumber;
                // use the current value which has been checked for validity at
                // load(fct. GetOptions), see DefaultPropertyOwner::isValid()
                StringConversion::decimalStringToUint64(
                    httpsPort.getCString(),
                    longNumber);
                portNumberHttps = longNumber & 0xffff;
            }

            String listenOn = configManager->getCurrentValue("listenAddress");
            if(String::equalNoCase(listenOn, "All"))
            {
                if (addIP6Acceptor)
                {
                    _cimServer->addAcceptor(HTTPAcceptor::IPV6_CONNECTION,
                        portNumberHttps, true);
                }
                if (addIP4Acceptor)
                {
                    _cimServer->addAcceptor(HTTPAcceptor::IPV4_CONNECTION,
                        portNumberHttps, true);
                }
            }
            else //Restricted
            {
                _restrictListening(
                    configManager, listenOn, portNumberHttps, true);
            }

            // The port number is converted to a string to avoid the
            //  addition of localized characters (e.g., "5,989").
            char scratchBuffer[22];
            Uint32 n;
            const char * portNumberHttpsStr = Uint32ToString(
                scratchBuffer, portNumberHttps, n);
            MessageLoaderParms parms(
                "src.Server.cimserver.LISTENING_ON_HTTPS_PORT",
                "Listening on HTTPS port $0.", portNumberHttpsStr);
            Logger::put_l(
                Logger::STANDARD_LOG, System::CIMSERVER, Logger::INFORMATION,
                parms);
#if defined(PEGASUS_DEBUG)
            cout << MessageLoader::getMessage(parms) << endl;
#endif
        }

#ifndef PEGASUS_DISABLE_LOCAL_DOMAIN_SOCKET
        {
            _cimServer->addAcceptor(HTTPAcceptor::LOCAL_CONNECTION, 0, false);

            MessageLoaderParms parms(
                "src.Server.cimserver.LISTENING_ON_LOCAL",
                "Listening on local connection socket.");
            Logger::put_l(
                Logger::STANDARD_LOG, System::CIMSERVER, Logger::INFORMATION,
                parms);
# if defined(PEGASUS_DEBUG)
            cout << MessageLoader::getMessage(parms) << endl;
# endif
        }
#endif

        _cimServer->bind();

        // notify parent process (if there is a parent process) to terminate
        // so user knows that there is cimserver ready to serve CIM requests.
        if (daemonOption)
        {
            _cimServerProcess->notify_parent(0);
        }

#if defined(PEGASUS_DEBUG)
        cout << "Started. " << endl;
#endif

        // Put server started message to the logger
        Logger::put_l(Logger::STANDARD_LOG, System::CIMSERVER,
            Logger::INFORMATION,
            MessageLoaderParms(
                "src.Server.cimserver.STARTED_VERSION",
                "Started $0 version $1.",
                _cimServerProcess->getProductName(),
                _cimServerProcess->getCompleteVersion()));

#if defined(PEGASUS_OS_TYPE_UNIX) && !defined(PEGASUS_OS_ZOS)
        if (daemonOption && !debugOutputOption)
        {
            // Direct standard input, output, and error to /dev/null,
            // since we are running as a daemon.
            close(STDIN_FILENO);
            open("/dev/null", O_RDONLY);
            close(STDOUT_FILENO);
            open("/dev/null", O_RDWR);
            close(STDERR_FILENO);
            open("/dev/null", O_RDWR);
        }
#endif
    }
    catch (Exception& e)
    {
        MessageLoaderParms parms("src.Server.cimserver.SERVER_NOT_STARTED",
            "cimserver not started: $0", e.getMessage());
        Logger::put_l(Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE,
            parms);
        cerr << MessageLoader::getMessage(parms) << endl;

        deleteCIMServer();

        //
        // notify parent process (if there is a parent process) to terminate
        //
        if (daemonOption)
            _cimServerProcess->notify_parent(1);

        return 1;
    }

    // Run the main CIM Server loop

    try
    {
#if defined(PEGASUS_OS_ZOS)

        // ARM is a z/OS internal restart facility.
        // This is a z/OS specific change.

        // Instatiating the automatic restart manager for zOS
        ARM_zOS automaticRestartManager;

        // register to zOS ARM
        automaticRestartManager.Register();

#endif

#ifdef PEGASUS_ENABLE_SLP
        _cimServer->startSLPProvider();
#endif
        _cimServer->initComplete();

        //
        // Loop to call CIMServer's runForever() method until CIMServer
        // has been shutdown
        //
        while (!_cimServer->terminated())
        {
            _cimServer->runForever();
        }

        //
        // normal termination
        //

#if defined(PEGASUS_OS_ZOS)

        // ARM is a z/OS internal restart facility.
        // This is a z/OS specific change.

        // register to zOS ARM
        automaticRestartManager.DeRegister();

#endif

        // Put server shutdown message to the logger
        Logger::put_l(
            Logger::STANDARD_LOG, System::CIMSERVER, Logger::INFORMATION,
            MessageLoaderParms(
                "src.Server.cimserver.STOPPED",
                "$0 stopped.", _cimServerProcess->getProductName()));
    }
    catch (Exception& e)
    {
        MessageLoaderParms parms(
            "src.Server.cimserver.ERROR",
            "Error: $0",
            e.getMessage());
        Logger::put_l(Logger::STANDARD_LOG, System::CIMSERVER, Logger::WARNING,
            parms);
        cerr << MessageLoader::getMessage(parms) << endl;

        deleteCIMServer();
        return 1;
    }

    deleteCIMServer();
    return 0;
}
PEGASUS_NAMESPACE_BEGIN

/*****************************************************************************
 *
 * The following are constants representing property names for the classes
 * managed by the Interop Provider. Where multiple classes have properties of
 * the same name, there will be a common CIMName object defined, and a macro
 * defined that points to the common CIMName object, but whose macro name
 * reflects the class in which the property is used.
 *
 *****************************************************************************/

//
// Constructor for the InteropProvider control provider
//
InteropProvider::InteropProvider(CIMRepository * rep) : repository(rep),
    hostName(System::getHostName()), providerInitialized(false),
    updateProfileCache(0),
    profileIds(Array<String>()), conformingElements(Array<CIMNameArray>()),
    elementNamespaces(Array<CIMNamespaceArray>())
{
    PEG_METHOD_ENTER(TRC_CONTROLPROVIDER,"InteropProvider::InteropProvider");

    ConfigManager *configManager = ConfigManager::getInstance();
#ifdef PEGASUS_ENABLE_SLP
    enableSLP = ConfigManager::parseBooleanValue(
        configManager->getCurrentValue("slp"));
#else
    enableSLP = false;
#endif

    httpPort = configManager->getCurrentValue("httpPort");
    if (httpPort.size() == 0)
    {
        Uint32 portNumberHttp = System::lookupPort(
            WBEM_HTTP_SERVICE_NAME, WBEM_DEFAULT_HTTP_PORT);
        char buffer[32];
        Uint32 n;
        const char *output = Uint32ToString(buffer, portNumberHttp, n);
        httpPort.assign(output, n);
    }

    httpsPort = configManager->getCurrentValue("httpsPort");
    if (httpsPort.size() == 0)
    {
        Uint32 portNumberHttps = System::lookupPort(
            WBEM_HTTPS_SERVICE_NAME, WBEM_DEFAULT_HTTPS_PORT);
        char buffer[32];
        Uint32 n;
        const char *output = Uint32ToString(buffer, portNumberHttps, n);
        httpsPort.assign(output, n);
    }


#ifndef PEGASUS_DISABLE_PERFINST
    try
    {
        initProvider();
    }
    catch(const Exception &)
    {
        // Provider initialization may fail if the repository is not
        // populated
    }
#endif

    PEG_METHOD_EXIT();
}
Example #11
0
SSLContext* CIMServer::_getSSLContext()
{
    PEG_METHOD_ENTER(TRC_SERVER, "CIMServer::_getSSLContext()");

    static const String PROPERTY_NAME__SSL_CERT_FILEPATH =
        "sslCertificateFilePath";
    static const String PROPERTY_NAME__SSL_KEY_FILEPATH = "sslKeyFilePath";
    static const String PROPERTY_NAME__SSL_TRUST_STORE = "sslTrustStore";
    static const String PROPERTY_NAME__SSL_CRL_STORE = "crlStore";
    static const String PROPERTY_NAME__SSL_CLIENT_VERIFICATION =
        "sslClientVerificationMode";
    static const String PROPERTY_NAME__SSL_AUTO_TRUST_STORE_UPDATE =
        "enableSSLTrustStoreAutoUpdate";
    static const String PROPERTY_NAME__SSL_TRUST_STORE_USERNAME =
        "******";
    static const String PROPERTY_NAME__HTTP_ENABLED =
        "enableHttpConnection";
    static const String PROPERTY_NAME__SSL_CIPHER_SUITE = "sslCipherSuite";
    static const String PROPERTY_NAME__SSL_COMPATIBILITY =
        "sslBackwardCompatibility";

    String verifyClient;
    String trustStore;
    SSLContext* sslContext = 0;

    //
    // Get a config manager instance
    //
    ConfigManager* configManager = ConfigManager::getInstance();

    // Note that if invalid values were set for either sslKeyFilePath,
    // sslCertificateFilePath, crlStore or sslTrustStore, the invalid
    // paths would have been detected in SecurityPropertyOwner and
    // terminated the server startup. This happens regardless of whether
    // or not HTTPS is enabled (not a great design, but that seems to
    // be how other properties are validated as well)
    //
    // Get the sslClientVerificationMode property from the Config
    // Manager.
    //
    verifyClient = configManager->getCurrentValue(
        PROPERTY_NAME__SSL_CLIENT_VERIFICATION);

    //
    // Get the sslTrustStore property from the Config Manager.
    //
    trustStore = configManager->getCurrentValue(
        PROPERTY_NAME__SSL_TRUST_STORE);

    if (trustStore != String::EMPTY)
    {
        trustStore = ConfigManager::getHomedPath(trustStore);
    }

    PEG_TRACE((TRC_SERVER, Tracer::LEVEL4,"Server trust store name: %s",
        (const char*)trustStore.getCString()));

    //
    // Get the sslTrustStoreUserName property from the Config Manager.
    //
    String trustStoreUserName;
    trustStoreUserName = configManager->getCurrentValue(
        PROPERTY_NAME__SSL_TRUST_STORE_USERNAME);

    if (!String::equal(verifyClient, "disabled"))
    {
        //
        // 'required' and 'optional' settings must have a valid truststore
        //
        if (trustStore == String::EMPTY)
        {
            MessageLoaderParms parms(
                "Pegasus.Server.SSLContextManager."
                    "SSL_CLIENT_VERIFICATION_EMPTY_TRUSTSTORE",
                "The \"sslTrustStore\" configuration property must be set "
                    "if \"sslClientVerificationMode\" is 'required' or "
                    "'optional'.");
            PEG_METHOD_EXIT();
            throw SSLException(parms);
        }

#ifdef PEGASUS_DISABLE_LOCAL_DOMAIN_SOCKET
        //
        // ATTN: 'required' setting must have http port enabled.
        // If only https is enabled, and a call to shutdown the
        // cimserver is given, the call will hang and a forced shutdown
        // will ensue. This is because the CIMClient::connectLocal call
        // cannot specify a certificate for authentication against
        // the local server.  This limitation is being investigated.
        // See Bugzilla 2995.
        //
        if (String::equal(verifyClient, "required"))
        {
            if (!ConfigManager::parseBooleanValue(
                configManager->getCurrentValue(
                    PROPERTY_NAME__HTTP_ENABLED)))
            {
                MessageLoaderParms parms(
                    "Pegasus.Server.SSLContextManager."
                        "INVALID_CONF_HTTPS_REQUIRED",
                    "The \"sslClientVerificationMode\" property cannot be "
                        "set to \"required\" if HTTP is disabled, as the "
                        "cimserver will be unable to properly shutdown.  "
                        "The recommended course of action is to change "
                        "the property value to \"optional\".");
                PEG_METHOD_EXIT();
                throw SSLException(parms);
            }
        }
#endif
        //
        // A truststore username must be specified if
        // sslClientVerificationMode is enabled and the truststore is a
        // single CA file.  If the truststore is a directory, then the
        // CertificateProvider should be used to register users with
        // certificates.
        //

        if (trustStore != String::EMPTY)
        {
            if (!FileSystem::exists(trustStore))
            {
                MessageLoaderParms parms(
                    "Pegasus.Server.SSLContextManager."
                        "COULD_NOT_ACCESS_TRUST_STORE",
                    "Could not access the trust store."
                        "Check the permissions of the truststore path \"$0\".",
                        trustStore);
                PEG_METHOD_EXIT();
                throw SSLException(parms);
            }

            if (!FileSystem::isDirectory(trustStore))
            {
                if (trustStoreUserName == String::EMPTY)
                {
                    MessageLoaderParms parms(
                        "Pegasus.Server.SSLContextManager."
                            "SSL_CLIENT_VERIFICATION_EMPTY_USERNAME",
                        "The \"sslTrustStoreUserName\" property must specify a "
                            "valid username if \"sslClientVerificationMode\" "
                            "is 'required' or 'optional' and the truststore is "
                            "a single CA file. To register individual "
                            "certificates to users, you must use a truststore "
                            "directory along with the CertificateProvider.");
                    PEG_METHOD_EXIT();
                    throw SSLException(parms);
                }
            }
        }
    }

#ifdef PEGASUS_ENABLE_SSL_CRL_VERIFICATION
    //
    // Get the crlStore property from the Config Manager.
    //
    String crlStore = configManager->getCurrentValue(
        PROPERTY_NAME__SSL_CRL_STORE);

    if (crlStore != String::EMPTY)
    {
        crlStore = ConfigManager::getHomedPath(crlStore);
    }
#else
    String crlStore;
#endif

    //
    // Get the sslCertificateFilePath property from the Config Manager.
    //
    String certPath;
    certPath = ConfigManager::getHomedPath(
        configManager->getCurrentValue(PROPERTY_NAME__SSL_CERT_FILEPATH));

    //
    // Get the sslKeyFilePath property from the Config Manager.
    //
    String keyPath;
    keyPath = ConfigManager::getHomedPath(
        configManager->getCurrentValue(PROPERTY_NAME__SSL_KEY_FILEPATH));

    String randFile;

#ifdef PEGASUS_SSL_RANDOMFILE
    // NOTE: It is technically not necessary to set up a random file on
    // the server side, but it is easier to use a consistent interface
    // on the client and server than to optimize out the random file on
    // the server side.
    randFile = ConfigManager::getHomedPath(PEGASUS_SSLSERVER_RANDOMFILE);
#endif

    //
    // Get the cipherSuite property from the Config Manager.
    //
    String cipherSuite = configManager->getCurrentValue(
        PROPERTY_NAME__SSL_CIPHER_SUITE);
    PEG_TRACE((TRC_SERVER, Tracer::LEVEL4, "Cipher suite is %s",
        (const char*)cipherSuite.getCString()));

    Boolean sslCompatibility = ConfigManager::parseBooleanValue(
        configManager->getCurrentValue(
        PROPERTY_NAME__SSL_COMPATIBILITY));
    //
    // Create the SSLContext defined by the configuration properties
    //
    if (String::equal(verifyClient, "required"))
    {
        PEG_TRACE_CSTRING(TRC_SERVER, Tracer::LEVEL3,
            "SSL Client verification REQUIRED.");

        _sslContextMgr->createSSLContext(
            trustStore, certPath, keyPath, crlStore, false, randFile,
            cipherSuite,sslCompatibility);
    }
    else if (String::equal(verifyClient, "optional"))
    {
        PEG_TRACE_CSTRING(TRC_SERVER, Tracer::LEVEL3,
            "SSL Client verification OPTIONAL.");

        _sslContextMgr->createSSLContext(
            trustStore, certPath, keyPath, crlStore, true, randFile,
            cipherSuite,sslCompatibility);
    }
    else if (String::equal(verifyClient, "disabled") ||
             verifyClient == String::EMPTY)
    {
        PEG_TRACE_CSTRING(TRC_SERVER, Tracer::LEVEL3,
            "SSL Client verification DISABLED.");

        _sslContextMgr->createSSLContext(
            String::EMPTY, certPath, keyPath, crlStore, false, randFile,
            cipherSuite,sslCompatibility);
    }
    sslContext = _sslContextMgr->getSSLContext();

    try
    {
        sslContext->_validateCertificate();
    }
    catch (SSLException& e)
    {
        Logger::put(
            Logger::STANDARD_LOG, System::CIMSERVER, Logger::WARNING,
            e.getMessage());
    }

    PEG_METHOD_EXIT();
    return sslContext;
}
Example #12
0
void CIMServer::_init()
{

    // pre-initialize the hostname.
    System::getHostName();

    _monitor.reset(new Monitor());

#if (defined(PEGASUS_OS_HPUX) || defined(PEGASUS_OS_LINUX)) \
    && defined(PEGASUS_USE_RELEASE_DIRS)
    if (chdir(PEGASUS_CORE_DIR) != 0)
    {
        PEG_TRACE((TRC_SERVER, Tracer::LEVEL2,
            "chdir(\"%s\") failed with errno %d.", PEGASUS_CORE_DIR, errno));
    }
#endif

    // -- Create a repository:

    String repositoryRootPath =
        ConfigManager::getHomedPath(
            ConfigManager::getInstance()->getCurrentValue("repositoryDir"));

#ifdef DO_NOT_CREATE_REPOSITORY_ON_STARTUP
    // If this code is enable, the CIMServer will fail to start
    // if the repository directory does not exist. If called,
    // the Repository will create an empty repository.

    // This check has been disabled to allow cimmof to call
    // the CIMServer to build the initial repository.
    if (!FileSystem::isDirectory(repositoryRootPath))
    {
        throw NoSuchDirectory(repositoryRootPath);
    }
#endif

    _repository = new CIMRepository(repositoryRootPath);

    // -- Create a UserManager object:
#ifndef PEGASUS_PAM_AUTHENTICATION
    UserManager::getInstance(_repository);
#endif


    // -- Create a SCMOClass Cache and set call back for the repository

    SCMOClassCache::getInstance()->setCallBack(_scmoClassCache_GetClass);

    // -- Create a CIMServerState object:

    _serverState.reset(new CIMServerState());

    _providerRegistrationManager = new ProviderRegistrationManager(_repository);

    // -- Create queue inter-connections:

    _providerManager = new ProviderManagerService(
        _providerRegistrationManager,
        _repository,
        DefaultProviderManager::createDefaultProviderManagerCallback);

    // Create IndicationHandlerService:

    _handlerService = new IndicationHandlerService(_repository);

    _cimOperationRequestDispatcher = new CIMOperationRequestDispatcher(
        _repository, _providerRegistrationManager);

    // Create the control service
    _controlService = new ModuleController(PEGASUS_QUEUENAME_CONTROLSERVICE);

    // Jump this number up when there are more control providers.
    _controlProviders.reserveCapacity(16);

    // Create the Configuration control provider
    ProviderMessageHandler* configProvider = new ProviderMessageHandler(
        "CIMServerControlProvider", "ConfigSettingProvider",
        new ConfigSettingProvider(), 0, 0, false);

    _controlProviders.append(configProvider);
    _controlService->register_module(
        PEGASUS_MODULENAME_CONFIGPROVIDER,
        configProvider,
        controlProviderReceiveMessageCallback);

#ifndef PEGASUS_PAM_AUTHENTICATION
    // Create the User/Authorization control provider
    ProviderMessageHandler* userAuthProvider = new ProviderMessageHandler(
        "CIMServerControlProvider", "UserAuthProvider",
        new UserAuthProvider(_repository), 0, 0, false);
    _controlProviders.append(userAuthProvider);
    _controlService->register_module(
        PEGASUS_MODULENAME_USERAUTHPROVIDER,
        userAuthProvider,
        controlProviderReceiveMessageCallback);
#endif

    // Create the Provider Registration control provider
    ProviderMessageHandler* provRegProvider = new ProviderMessageHandler(
        "CIMServerControlProvider", "ProviderRegistrationProvider",
        new ProviderRegistrationProvider(_providerRegistrationManager),
        ModuleController::indicationCallback, 0, false);
    // Warning: The ProviderRegistrationProvider destructor deletes
    // _providerRegistrationManager
    _controlProviders.append(provRegProvider);
    _controlService->register_module(
        PEGASUS_MODULENAME_PROVREGPROVIDER,
        provRegProvider,
        controlProviderReceiveMessageCallback);

    // Create the Shutdown control provider
    ProviderMessageHandler* shutdownProvider = new ProviderMessageHandler(
        "CIMServerControlProvider", "ShutdownProvider",
        new ShutdownProvider(this), 0, 0, false);
    _controlProviders.append(shutdownProvider);
    _controlService->register_module(
        PEGASUS_MODULENAME_SHUTDOWNPROVIDER,
        shutdownProvider,
        controlProviderReceiveMessageCallback);

    // Create the namespace control provider
    ProviderMessageHandler* namespaceProvider = new ProviderMessageHandler(
        "CIMServerControlProvider", "NamespaceProvider",
        new NamespaceProvider(_repository), 0, 0, false);
    _controlProviders.append(namespaceProvider);
    _controlService->register_module(
        PEGASUS_MODULENAME_NAMESPACEPROVIDER,
        namespaceProvider,
        controlProviderReceiveMessageCallback);

    //
    // Create a SSLContextManager object
    //
    _sslContextMgr = new SSLContextManager();

#ifdef PEGASUS_HAS_SSL
    // Because this provider allows management of the cimserver truststore
    // it needs to be available regardless of the value
    // of sslClientVerificationMode config property.
    ProviderMessageHandler* certificateProvider = new ProviderMessageHandler(
        "CIMServerControlProvider", "CertificateProvider",
        new CertificateProvider(_repository, _sslContextMgr),
        0, 0, false);
    _controlProviders.append(certificateProvider);
    _controlService->register_module(
        PEGASUS_MODULENAME_CERTIFICATEPROVIDER,
        certificateProvider,
        controlProviderReceiveMessageCallback);
#endif

#ifndef PEGASUS_DISABLE_PERFINST
    // Create the Statistical Data control provider
    ProviderMessageHandler* cimomstatdataProvider = new ProviderMessageHandler(
        "CIMServerControlProvider", "CIMOMStatDataProvider",
        new CIMOMStatDataProvider(), 0, 0, false);
    _controlProviders.append(cimomstatdataProvider);
    _controlService->register_module(
        PEGASUS_MODULENAME_CIMOMSTATDATAPROVIDER,
        cimomstatdataProvider,
        controlProviderReceiveMessageCallback);
#endif

#ifdef PEGASUS_ENABLE_CQL

    // Create the Query Capabilities control provider
    ProviderMessageHandler* cimquerycapprovider = new ProviderMessageHandler(
        "CIMServerControlProvider", "CIMQueryCapabilitiesProvider",
        new CIMQueryCapabilitiesProvider(),
        0, 0, false);
    _controlProviders.append(cimquerycapprovider);
    _controlService->register_module(
        PEGASUS_MODULENAME_CIMQUERYCAPPROVIDER,
        cimquerycapprovider,
        controlProviderReceiveMessageCallback);
#endif

#if defined PEGASUS_ENABLE_INTEROP_PROVIDER

    // Create the interop control provider
    ProviderMessageHandler* interopProvider = new ProviderMessageHandler(
        "CIMServerControlProvider", "InteropProvider",
        new InteropProvider(
                _repository,
                _providerRegistrationManager),
        0, 0, false);

    _controlProviders.append(interopProvider);
    _controlService->register_module(
        PEGASUS_MODULENAME_INTEROPPROVIDER,
        interopProvider,
        controlProviderReceiveMessageCallback);
#endif

    _cimOperationResponseEncoder = new CIMOperationResponseEncoder;

    //
    // get the configured authentication and authorization flags
    //
    ConfigManager* configManager = ConfigManager::getInstance();

    Boolean enableAuthentication = ConfigManager::parseBooleanValue(
        configManager->getCurrentValue("enableAuthentication"));

    MessageQueue* cimOperationProcessorQueue = 0;

    //
    // Create Authorization queue only if authentication is enabled
    //
    if ( enableAuthentication )
    {
        _cimOperationRequestAuthorizer = new CIMOperationRequestAuthorizer(
            _cimOperationRequestDispatcher);
        cimOperationProcessorQueue = _cimOperationRequestAuthorizer;
    }
    else
    {
        _cimOperationRequestAuthorizer = 0;
        cimOperationProcessorQueue = _cimOperationRequestDispatcher;
    }

    _cimOperationRequestDecoder = new CIMOperationRequestDecoder(
        cimOperationProcessorQueue,
        _cimOperationResponseEncoder->getQueueId());

    _cimExportRequestDispatcher = new CIMExportRequestDispatcher();

    _cimExportResponseEncoder = new CIMExportResponseEncoder;

    _cimExportRequestDecoder = new CIMExportRequestDecoder(
        _cimExportRequestDispatcher,
        _cimExportResponseEncoder->getQueueId());

    _httpAuthenticatorDelegator = new HTTPAuthenticatorDelegator(
        _cimOperationRequestDecoder->getQueueId(),
        _cimExportRequestDecoder->getQueueId(),
        _repository);

    _rsProcessor = new RsProcessor(
        cimOperationProcessorQueue,
        _repository);
    _httpAuthenticatorDelegator->setRsQueueId(
        _rsProcessor->getRsRequestDecoderQueueId());

#ifdef PEGASUS_ENABLE_PROTOCOL_WEB
    _webServer = new WebServer();
    _httpAuthenticatorDelegator->setWebQueueId(
        _webServer->getQueueId());
#endif

#ifdef PEGASUS_ENABLE_PROTOCOL_WSMAN
    _wsmProcessor = new WsmProcessor(
        cimOperationProcessorQueue,
        _repository);
    _httpAuthenticatorDelegator->setWsmQueueId(
        _wsmProcessor->getWsmRequestDecoderQueueId());
#endif

    // IMPORTANT-NU-20020513: Indication service must start after ExportService
    // otherwise HandlerService started by indicationService will never
    // get ExportQueue to export indications for existing subscriptions

    _indicationService = new IndicationService(
        _repository,
        _providerRegistrationManager);

    // Build the Control Provider and Service internal routing table. This must
    // be called after MessageQueueService initialized and ServiceQueueIds
    // installed.

    DynamicRoutingTable::buildRoutingTable();

    // Enable the signal handler to shutdown gracefully on SIGHUP and SIGTERM
    getSigHandle()->registerHandler(PEGASUS_SIGHUP, shutdownSignalHandler);
    getSigHandle()->activate(PEGASUS_SIGHUP);
    getSigHandle()->registerHandler(PEGASUS_SIGTERM, shutdownSignalHandler);
    getSigHandle()->activate(PEGASUS_SIGTERM);
#ifdef PEGASUS_OS_PASE
    getSigHandle()->registerHandler(SIGFPE, _synchronousSignalHandler);
    getSigHandle()->activate(SIGFPE);
    getSigHandle()->registerHandler(SIGILL, _synchronousSignalHandler);
    getSigHandle()->activate(SIGILL);
    getSigHandle()->registerHandler(SIGSEGV, _synchronousSignalHandler);
    getSigHandle()->activate(SIGSEGV);
    getSigHandle()->registerHandler(SIGIO, _asynchronousSignalHandler);
    getSigHandle()->activate(SIGIO);
#endif
#ifdef PEGASUS_OS_ZOS
    // Establish handling signal send to us on USS shutdown
    getSigHandle()->registerHandler(PEGASUS_SIGDANGER, shutdownSignalHandler);
    getSigHandle()->activate(PEGASUS_SIGDANGER);
    // enable process to receive SIGDANGER on USS shutdown
    __shutdown_registration(_SDR_NOTIFY, _SDR_REGPROCESS, _SDR_SENDSIGDANGER);
#endif

    //
    // Set up an additional thread waiting for commands from the
    // system console
    //
#if defined PEGASUS_OS_ZOS
    ZOSConsoleManager::startConsoleWatchThread();
#endif

#ifdef PEGASUS_ENABLE_AUDIT_LOGGER

    // Register audit logger initialize callback
    AuditLogger::setInitializeCallback(auditLogInitializeCallback);

    Boolean enableAuditLog = ConfigManager::parseBooleanValue(
        configManager->getCurrentValue("enableAuditLog"));

    if (enableAuditLog)
    {
        AuditLogger::setEnabled(enableAuditLog);
    }

#endif
}
void CIMOperationRequestAuthorizer::handleEnqueue(Message *request)
{

   PEG_METHOD_ENTER(TRC_SERVER, "CIMOperationRequestAuthorizer::handleEnqueue");

   if (!request)
   {
      PEG_METHOD_EXIT();
      return;
   }

   AutoPtr<CIMOperationRequestMessage> 
         req(dynamic_cast<CIMOperationRequestMessage *>(request));

   PEGASUS_ASSERT(req.get());

   //
   // Get the HTTPConnection queue id
   //
   QueueIdStack qis = req->queueIds.copyAndPop();

   Uint32 queueId = qis.top();

// l10n
   // Set the client's requested language into this service thread.
   // This will allow functions in this service to return messages
   // in the correct language.
   if (req->thread_changed())
   {
       AutoPtr<AcceptLanguages> langs(new AcceptLanguages(((AcceptLanguageListContainer)req->operationContext.get
	   (AcceptLanguageListContainer:: NAME)).getLanguages()));	
       Thread::setLanguages(langs.release());   		
   }

   //
   // If CIMOM is shutting down, return "Service Unavailable" response
   //
   if (_serverTerminating)
   {
       Array<char> message;
       message = XmlWriter::formatHttpErrorRspMessage(
           HTTP_STATUS_SERVICEUNAVAILABLE,
           String::EMPTY,
           "CIM Server is shutting down.");

       sendResponse(queueId, message);
       PEG_METHOD_EXIT();
       return;
   }

   String userName = String::EMPTY;
   String authType = String::EMPTY;
   CIMNamespaceName nameSpace;
   String cimMethodName = String::EMPTY;

   // Set the username and namespace.
   nameSpace = req->nameSpace;
   userName = ((IdentityContainer)(req->operationContext.get
			(IdentityContainer::NAME))).getUserName();

   switch (req->getType())
   {
      case CIM_GET_CLASS_REQUEST_MESSAGE:
	 authType = 
	    ((CIMGetClassRequestMessage*)req.get())->authType;
	 cimMethodName = "GetClass";
	 break;

      case CIM_GET_INSTANCE_REQUEST_MESSAGE:
	 authType = 
	    ((CIMGetInstanceRequestMessage*)req.get())->authType;
	 cimMethodName = "GetInstance";
	 break;

      case CIM_DELETE_CLASS_REQUEST_MESSAGE:
	 authType = 
	    ((CIMDeleteClassRequestMessage*)req.get())->authType;
	 cimMethodName = "DeleteClass";
	 break;

      case CIM_DELETE_INSTANCE_REQUEST_MESSAGE:
	 authType = 
	    ((CIMDeleteInstanceRequestMessage*)req.get())->authType;
	 cimMethodName = "DeleteInstance";
	 break;

      case CIM_CREATE_CLASS_REQUEST_MESSAGE:
	 authType = 
	    ((CIMCreateClassRequestMessage*)req.get())->authType;
	 cimMethodName = "CreateClass";
	 break;

      case CIM_CREATE_INSTANCE_REQUEST_MESSAGE:
	 authType = 
	    ((CIMCreateInstanceRequestMessage*)req.get())->authType;
	 cimMethodName = "CreateInstance";
	 break;

      case CIM_MODIFY_CLASS_REQUEST_MESSAGE:
	 authType = 
	    ((CIMModifyClassRequestMessage*)req.get())->authType;
	 cimMethodName = "ModifyClass";
	 break;

      case CIM_MODIFY_INSTANCE_REQUEST_MESSAGE:
	 authType = 
	    ((CIMModifyInstanceRequestMessage*)req.get())->authType;
	 cimMethodName = "ModifyInstance";
	 break;

      case CIM_ENUMERATE_CLASSES_REQUEST_MESSAGE:
	 authType = ((CIMEnumerateClassesRequestMessage*)req.get())->authType;
	 cimMethodName = "EnumerateClasses";
	 break;

      case CIM_ENUMERATE_CLASS_NAMES_REQUEST_MESSAGE:
	 authType = 
	    ((CIMEnumerateClassNamesRequestMessage*)req.get())->authType;
	 cimMethodName = "EnumerateClassNames";
	 break;

      case CIM_ENUMERATE_INSTANCES_REQUEST_MESSAGE:
	 authType = ((CIMEnumerateInstancesRequestMessage*)req.get())->authType;
	 cimMethodName = "EnumerateInstances";
	 break;

      case CIM_ENUMERATE_INSTANCE_NAMES_REQUEST_MESSAGE:
	 authType = ((CIMEnumerateInstanceNamesRequestMessage*)req.get())->authType;
	 cimMethodName = "EnumerateInstanceNames";
	 break;

      case CIM_EXEC_QUERY_REQUEST_MESSAGE:
	 authType = ((CIMExecQueryRequestMessage*)req.get())->authType;
	 cimMethodName = "ExecQuery";
	 break;

      case CIM_ASSOCIATORS_REQUEST_MESSAGE:
	 authType = ((CIMAssociatorsRequestMessage*)req.get())->authType;
	 cimMethodName = "Associators";
	 break;

      case CIM_ASSOCIATOR_NAMES_REQUEST_MESSAGE:
	 authType = ((CIMAssociatorNamesRequestMessage*)req.get())->authType;
	 cimMethodName = "AssociatorNames";
	 break;

      case CIM_REFERENCES_REQUEST_MESSAGE:
	 authType = ((CIMReferencesRequestMessage*)req.get())->authType;
	 cimMethodName = "References";
	 break;

      case CIM_REFERENCE_NAMES_REQUEST_MESSAGE:
	 authType = ((CIMReferenceNamesRequestMessage*)req.get())->authType;
	 cimMethodName = "ReferenceNames";
	 break;

      case CIM_GET_PROPERTY_REQUEST_MESSAGE:
	 authType = ((CIMGetPropertyRequestMessage*)req.get())->authType;
	 cimMethodName = "GetProperty";
	 break;

      case CIM_SET_PROPERTY_REQUEST_MESSAGE:
	 authType = ((CIMSetPropertyRequestMessage*)req.get())->authType;
	 cimMethodName = "SetProperty";
	 break;

      case CIM_GET_QUALIFIER_REQUEST_MESSAGE:
	 authType = ((CIMGetQualifierRequestMessage*)req.get())->authType;
	 cimMethodName = "GetQualifier";
	 break;

      case CIM_SET_QUALIFIER_REQUEST_MESSAGE:
	 authType = ((CIMSetQualifierRequestMessage*)req.get())->authType;
	 cimMethodName = "SetQualifier";
	 break;

      case CIM_DELETE_QUALIFIER_REQUEST_MESSAGE:
	 authType = ((CIMDeleteQualifierRequestMessage*)req.get())->authType;
	 cimMethodName = "DeleteQualifier";
	 break;

      case CIM_ENUMERATE_QUALIFIERS_REQUEST_MESSAGE:
	 authType = ((CIMEnumerateQualifiersRequestMessage*)req.get())->authType;
	 cimMethodName = "EnumerateQualifiers";
	 break;

      case CIM_INVOKE_METHOD_REQUEST_MESSAGE:
	 authType = ((CIMInvokeMethodRequestMessage*)req.get())->authType;
	 cimMethodName = "InvokeMethod";
	 break;

      default:
         PEGASUS_ASSERT(0);
	 break;
   }

#ifdef PEGASUS_ENABLE_USERGROUP_AUTHORIZATION
   //
   // If the user is not privileged and authorized user group is specified, 
   // then perform the user group authorization check.
   //
   try
   {
       if ( ! System::isPrivilegedUser(userName) )
       {
           Uint32 size = _authorizedUserGroups.size();

           if (size > 0)
           {
               Boolean authorized = false;

               //
               // Check if the user name is in the authorized user groups.
               //
               for (Uint32 i = 0; i < size; i++)
               {
                   //
                   // Check if the user is a member of the group
                   //
                   if ( System::isGroupMember(userName.getCString(),
                            _authorizedUserGroups[i].getCString()) )
                   {
                       authorized = true;
                       break;
                   }
               }

               //
               // If the user is not a member of any of the authorized
               // user groups then generate error response.
               //
               if (!authorized)
               {
                   PEG_TRACE_STRING(TRC_SERVER, Tracer::LEVEL2,
                       "Authorization Failed: User '" + userName +
                       "' is not a member of the authorized groups");

                   MessageLoaderParms msgLoaderParms(
                       "Server.CIMOperationRequestAuthorizer.NOT_IN_AUTHORIZED_GRP",
                       "User '$0' is not authorized to access CIM data.",
                       userName);
                   //
                   // user is not in the authorized user groups, send an
                   // error message to the requesting client.
                   //
                   if (cimMethodName == "InvokeMethod")
                   {
                       // l10n
                       sendMethodError(
                           queueId,
                           req->getHttpMethod(),
                           req->messageId,
                           ((CIMInvokeMethodRequestMessage*)req.get())->methodName,
                           PEGASUS_CIM_EXCEPTION_L(CIM_ERR_ACCESS_DENIED, 
                                                   msgLoaderParms));
                       PEG_METHOD_EXIT();
                       return;
                   }
                   else
                   {
                       // l10n
                       sendIMethodError(
                           queueId,
                           req->getHttpMethod(),
                           req->messageId,
                           cimMethodName,
                           PEGASUS_CIM_EXCEPTION_L(CIM_ERR_ACCESS_DENIED, 
                                                   msgLoaderParms));
                       PEG_METHOD_EXIT();
                       return;
                   }
               }
           }
       }
   }
   catch (InternalSystemError &ise)
   {
       sendIMethodError(
               queueId,
               req->getHttpMethod(),
               req->messageId,
               cimMethodName,
               PEGASUS_CIM_EXCEPTION(CIM_ERR_ACCESS_DENIED, ise.getMessage()));
       PEG_METHOD_EXIT();
       return;
   }
#endif  // #ifdef PEGASUS_ENABLE_USERGROUP_AUTHORIZATION

   //
   // Get a config manager instance
   //
   ConfigManager* configManager = ConfigManager::getInstance();

   //
   // Do namespace authorization verification
   //
   if (String::equalNoCase(
          configManager->getCurrentValue("enableNamespaceAuthorization"),
          "true"))
   {
      //
      // If the user is not privileged, perform the authorization check.
      //
#if !defined(PEGASUS_PLATFORM_OS400_ISERIES_IBM)
      if ( ! System::isPrivilegedUser(userName) )
#else
      // On OS/400, always check authorization if remote user.
      // Always allow local privileged users through.
      // Check authorization for local non-privileged users.
      // (User authorization to providers are checked downstream from here).
      if ( ! String::equalNoCase(authType,"Local") ||
           ! System::isPrivilegedUser(userName) )
#endif
      {
         UserManager* userManager = UserManager::getInstance();

         if ( !userManager || !userManager->verifyAuthorization(
                 userName, nameSpace, cimMethodName) )
         {

	   // l10n
	   
           // String description = "Not authorized to run ";
           // description.append(cimMethodName);
           // description.append(" in the namespace ");
           // description.append(nameSpace.getString());

            if (cimMethodName == "InvokeMethod")
            {
	      // l10n
	      sendMethodError(
                  queueId,
                  req->getHttpMethod(),
                  req->messageId,
                  ((CIMInvokeMethodRequestMessage*)req.get())->methodName,
                  PEGASUS_CIM_EXCEPTION_L(CIM_ERR_ACCESS_DENIED, 
			 MessageLoaderParms(
			 "Server.CIMOperationRequestAuthorizer.NOT_AUTHORIZED", 
			 "Not authorized to run $0 in the namespace $1", 
			   cimMethodName, nameSpace.getString())));
            }
            else
            {
	      // l10n
	      sendIMethodError(
		       queueId,
		       req->getHttpMethod(),
		       req->messageId,
		       cimMethodName,
		       PEGASUS_CIM_EXCEPTION_L(CIM_ERR_ACCESS_DENIED, 
		       MessageLoaderParms(
		       "Server.CIMOperationRequestAuthorizer.NOT_AUTHORIZED", 
		 	"Not authorized to run $0 in the namespace $1", 
	    		cimMethodName, nameSpace.getString())));
            }

            PEG_METHOD_EXIT();

            return;
         }
      }
   }

   //
   // If the user is privileged, and remote privileged user access is not 
   // enabled and the auth type is not Local then reject access.
   //
   if ( System::isPrivilegedUser(userName) &&
        !String::equalNoCase(authType, "Local") &&
        !String::equalNoCase(
           configManager->getCurrentValue("enableRemotePrivilegedUserAccess"),
           "true") )
   {

      if (cimMethodName == "InvokeMethod")
      {

	// l10n

         sendMethodError(
            queueId,
            req->getHttpMethod(),
            req->messageId,
            ((CIMInvokeMethodRequestMessage*)req.get())->methodName,
           PEGASUS_CIM_EXCEPTION_L(CIM_ERR_ACCESS_DENIED, MessageLoaderParms(
                   "Server.CIMOperationRequestAuthorizer.REMOTE_NOT_ENABLED", 
                   "Remote privileged user access is not enabled.")));
      }
      else
      {
	// l10n

         sendIMethodError(
            queueId,
            req->getHttpMethod(),
            req->messageId,
            cimMethodName,
           PEGASUS_CIM_EXCEPTION_L(CIM_ERR_ACCESS_DENIED, MessageLoaderParms(
              "Server.CIMOperationRequestAuthorizer.REMOTE_NOT_ENABLED", 
              "Remote privileged user access is not enabled.")));
      }

      PEG_METHOD_EXIT();

      return;
   }

   //
   // Enqueue the request
   //
   _outputQueue->enqueue(req.release());

   PEG_METHOD_EXIT();

}