void CIMServer::setState(Uint32 state)
{
PEG_METHOD_ENTER(TRC_SERVER, "CIMServer::setState()");
_serverState->setState(state);
//
// get the configured authentication and authorization flags
//
ConfigManager* configManager = ConfigManager::getInstance();
Boolean enableAuthentication = ConfigManager::parseBooleanValue(
configManager->getCurrentValue("enableAuthentication"));
Boolean enableNamespaceAuthorization = ConfigManager::parseBooleanValue(
configManager->getCurrentValue("enableNamespaceAuthorization"));
if (state == CIMServerState::TERMINATING)
{
// tell decoder that CIMServer is terminating
_cimOperationRequestDecoder->setServerTerminating(true);
_cimExportRequestDecoder->setServerTerminating(true);
_rsProcessor->setServerTerminating(true);
#ifdef PEGASUS_ENABLE_PROTOCOL_WSMAN
_wsmProcessor->setServerTerminating(true);
#endif
// tell authorizer that CIMServer is terminating ONLY if
// authentication and authorization are enabled
//
if ( enableAuthentication && enableNamespaceAuthorization )
{
_cimOperationRequestAuthorizer->setServerTerminating(true);
}
}
else
{
// tell decoder that CIMServer is not terminating
_cimOperationRequestDecoder->setServerTerminating(false);
_cimExportRequestDecoder->setServerTerminating(false);
_rsProcessor->setServerTerminating(false);
#ifdef PEGASUS_ENABLE_PROTOCOL_WSMAN
_wsmProcessor->setServerTerminating(false);
#endif
// tell authorizer that CIMServer is terminating ONLY if
// authentication and authorization are enabled
//
if ( enableAuthentication && enableNamespaceAuthorization )
{
_cimOperationRequestAuthorizer->setServerTerminating(false);
}
}
PEG_METHOD_EXIT();
}
void CIMServer::auditLogInitializeCallback()
{
#ifdef PEGASUS_ENABLE_AUDIT_LOGGER
Array<String> propertyNames;
Array<String> propertyValues;
// Get all current property names and values
ConfigManager* configManager = ConfigManager::getInstance();
configManager->getAllPropertyNames(propertyNames, false);
for (Uint32 i = 0; i < propertyNames.size(); i++)
{
propertyValues.append(configManager->getCurrentValue(propertyNames[i]));
}
AuditLogger::logCurrentConfig(propertyNames, propertyValues);
// get currently registered provider module instances
Array<CIMInstance> moduleInstances;
moduleInstances =
_cimserver->_providerRegistrationManager->enumerateInstancesForClass(
CIMObjectPath("PG_ProviderModule"));
AuditLogger::logCurrentRegProvider(moduleInstances);
AuditLogger::logCurrentEnvironmentVar();
#endif
}
Array<String> CIMOperationRequestAuthorizer::_getAuthorizedUserGroups()
{
PEG_METHOD_ENTER(TRC_SERVER,
"CIMOperationRequestAuthorizer::getAuthorizedUserGroups");
Array<String> authorizedGroups;
String groupNames;
//
// Get a config manager instance
//
ConfigManager* configManager = ConfigManager::getInstance();
groupNames = configManager->getCurrentValue("authorizedUserGroups");
//
// Check if the group name is empty
//
if (groupNames == String::EMPTY)
{
PEG_METHOD_EXIT();
return authorizedGroups;
}
//
// Append _GROUPNAME_SEPARATOR to the end of the groups
//
groupNames.append(_GROUPNAME_SEPARATOR);
Uint32 position = 0;
String groupName;
while (groupNames != String::EMPTY)
{
//
// Get a group name from user groups
// User groups are separated by _GROUPNAME_SEPARATOR
//
position = groupNames.find(_GROUPNAME_SEPARATOR);
groupName = groupNames.subString(0,(position));
authorizedGroups.append(groupName);
// Remove the searched group name
groupNames.remove(0, position + 1);
}
PEG_METHOD_EXIT();
return authorizedGroups;
}
/* constructor. */
SecureBasicAuthenticator::SecureBasicAuthenticator()
{
PEG_METHOD_ENTER(TRC_AUTHENTICATION,
"SecureBasicAuthenticator::SecureBasicAuthenticator()");
// Build Authentication parameter realm required for Basic Challenge
// e.g. realm="HostName"
_realm.assign("realm=");
_realm.append(Char16('"'));
_realm.append(System::getHostName());
_realm.append(Char16('"'));
// Get a user manager instance handler
_userManager = UserManager::getInstance();
#ifdef PEGASUS_OS_ZOS
ConfigManager* configManager = ConfigManager::getInstance();
if (String::equalNoCase(
configManager->getCurrentValue("enableCFZAPPLID"),"true"))
# if (__TARGET_LIB__ < 0x410A0000)
#ifdef PEGASUS_PLATFORM_ZOS_ZSERIES_IBM
{
//
// Enable __passwd() for passticket validation
// for APPLID CFZAPPL in this thread.
//
set_ZOS_ApplicationID();
}
else
{
Logger::put_l(Logger::STANDARD_LOG, ZOS_SECURITY_NAME, Logger::WARNING,
MessageLoaderParms(
"Security.Authentication.SecureBasicAuthenticator."
"APPLID_OMVSAPPL.PEGASUS_OS_ZOS",
"CIM server authentication is using application ID OMVSAPPL."));
}
pthread_security_np(0,__USERID_IDENTITY,0,NULL,NULL,0);
#else
#error APPLID support is not available in 64-bit compilation mode before V1R10
#endif //PEGASUS_PLATFORM_ZOS_ZSERIES_IBM
#else
{
_zosAPPLID = "CFZAPPL";
}
else
{
int HTTPSessionList::_getSessionTimeout()
{
PEG_METHOD_ENTER(TRC_AUTHENTICATION, "HTTPSessionList::_getSessionTimeout");
// load httpSessionTimeout configuration value
ConfigManager* configManager = ConfigManager::getInstance();
String strTimeout = configManager->getCurrentValue("httpSessionTimeout");
Uint64 timeout;
StringConversion::decimalStringToUint64(strTimeout.getCString(),
timeout, false);
PEG_TRACE((TRC_AUTHENTICATION, Tracer::LEVEL3,
"Session timeout is %d", (int)timeout));
PEG_METHOD_EXIT();
return timeout;
}
void CIMServer::startSLPProvider()
{
PEG_METHOD_ENTER(TRC_SERVER, "CIMServer::startSLPProvider");
// Get Config parameter to determine if we should start SLP.
ConfigManager* configManager = ConfigManager::getInstance();
Boolean _runSLP = ConfigManager::parseBooleanValue(
configManager->getCurrentValue("slp"));
// If false, do not start slp provider
if (!_runSLP)
{
PEG_METHOD_EXIT();
return;
}
// Create a separate thread, detach and call function to execute the
// startup.
Thread t( _callSLPProvider, 0, true );
t.run();
PEG_METHOD_EXIT();
return;
}
Boolean ProviderAgent::_readAndProcessRequest()
{
PEG_METHOD_ENTER(TRC_PROVIDERAGENT,
"ProviderAgent::_readAndProcessRequest");
CIMRequestMessage* request;
//
// Read the request from CIM Server
//
CIMMessage* cimMessage;
AnonymousPipe::Status readStatus = _pipeFromServer->readMessage(cimMessage);
request = dynamic_cast<CIMRequestMessage*>(cimMessage);
// Read operation was interrupted
if (readStatus == AnonymousPipe::STATUS_INTERRUPT)
{
PEG_TRACE_CSTRING(TRC_PROVIDERAGENT, Tracer::LEVEL1,
"Read operation was interrupted.");
PEG_METHOD_EXIT();
return false;
}
if (readStatus == AnonymousPipe::STATUS_CLOSED)
{
// The CIM Server connection is closed
PEG_TRACE_CSTRING(TRC_PROVIDERAGENT, Tracer::LEVEL2,
"CIMServer connection closed. Exiting.");
_terminating = true;
PEG_METHOD_EXIT();
return false;
}
if (readStatus == AnonymousPipe::STATUS_ERROR)
{
PEG_TRACE_CSTRING(TRC_PROVIDERAGENT, Tracer::LEVEL1,
"Error reading from pipe. Exiting.");
Logger::put_l(Logger::ERROR_LOG, System::CIMSERVER, Logger::WARNING,
MessageLoaderParms(
"ProviderManager.ProviderAgent.ProviderAgent."
"CIMSERVER_COMMUNICATION_FAILED",
"cimprovagt \"$0\" communication with CIM Server failed. "
"Exiting.",
_agentId));
_terminating = true;
PEG_METHOD_EXIT();
return false;
}
// The message was not a request message.
if (request == 0)
{
// The message was not empty.
if (0 != cimMessage )
{
// The message was not a "wake up" message.
if (cimMessage->getType() == PROVAGT_GET_SCMOCLASS_RESPONSE_MESSAGE)
{
PEG_TRACE_CSTRING(TRC_PROVIDERAGENT, Tracer::LEVEL3,
"Processing a SCMOClassResponseMessage.");
AutoPtr<ProvAgtGetScmoClassResponseMessage> response(
dynamic_cast<ProvAgtGetScmoClassResponseMessage*>
(cimMessage));
PEGASUS_DEBUG_ASSERT(response.get());
_processGetSCMOClassResponse(response.get());
// The provider agent is still busy.
PEG_METHOD_EXIT();
return true;
}
}
// A "wake up" message means we should unload idle providers
PEG_TRACE_CSTRING(TRC_PROVIDERAGENT, Tracer::LEVEL4,
"Got a wake up message.");
if (!_providerManagerRouter.hasActiveProviders())
{
// No active providers, so do not start an idle unload thread
return false;
}
try
{
_unloadIdleProviders();
}
catch (...)
{
// Ignore exceptions from idle provider unloading
PEG_TRACE_CSTRING(TRC_PROVIDERAGENT, Tracer::LEVEL2,
"Ignoring exception from _unloadIdleProviders()");
}
PEG_METHOD_EXIT();
return false;
}
PEG_TRACE((TRC_PROVIDERAGENT, Tracer::LEVEL3,
"Received request from server with messageId %s",
(const char*)request->messageId.getCString()));
const AcceptLanguageListContainer acceptLang =
request->operationContext.get(AcceptLanguageListContainer::NAME);
Thread::setLanguages(acceptLang.getLanguages());
// Get the ProviderIdContainer to complete the provider module instance
// optimization. If the provider module instance is blank (optimized
// out), fill it in from our cache. If it is not blank, update our
// cache. (See the _providerModuleCache member description.)
if (request->operationContext.contains(ProviderIdContainer::NAME))
{
ProviderIdContainer pidc = request->operationContext.get(
ProviderIdContainer::NAME);
if (pidc.getModule().isUninitialized())
{
// Provider module is optimized out. Fill it in from the cache.
request->operationContext.set(ProviderIdContainer(
_providerModuleCache, pidc.getProvider(),
pidc.isRemoteNameSpace(), pidc.getRemoteInfo()));
}
else
{
// Update the cache with the new provider module instance.
_providerModuleCache = pidc.getModule();
}
}
//
// It never should be possible to receive a request other than "initialise"
// before the provider agent is in state isInitialised
//
// Bail out.
//
if (!_isInitialised &&
(request->getType() != CIM_INITIALIZE_PROVIDER_AGENT_REQUEST_MESSAGE))
{
Logger::put_l(Logger::ERROR_LOG, System::CIMSERVER, Logger::WARNING,
MessageLoaderParms(
"ProviderManager.ProviderAgent.ProviderAgent."
"PROVIDERAGENT_NOT_INITIALIZED",
"cimprovagt \"$0\" was not yet initialized "
"prior to receiving a request message. Exiting.",
_agentId));
_terminating = true;
PEG_METHOD_EXIT();
return false;
}
//
// Check for messages to be handled by the Agent itself.
//
if (request->getType() == CIM_INITIALIZE_PROVIDER_AGENT_REQUEST_MESSAGE)
{
// Process the request in this thread
AutoPtr<CIMInitializeProviderAgentRequestMessage> ipaRequest(
dynamic_cast<CIMInitializeProviderAgentRequestMessage*>(request));
PEGASUS_ASSERT(ipaRequest.get() != 0);
ConfigManager::setPegasusHome(ipaRequest->pegasusHome);
ConfigManager* configManager = ConfigManager::getInstance();
// Initialize the configuration properties
for (Uint32 i = 0; i < ipaRequest->configProperties.size(); i++)
{
configManager->initCurrentValue(
ipaRequest->configProperties[i].first,
ipaRequest->configProperties[i].second);
}
// Set the default resource bundle directory for the MessageLoader
MessageLoader::setPegasusMsgHome(ConfigManager::getHomedPath(
configManager->getCurrentValue("messageDir")));
// Set the log file directory
#if !defined(PEGASUS_USE_SYSLOGS)
Logger::setHomeDirectory(ConfigManager::getHomedPath(
configManager->getCurrentValue("logdir")));
#endif
System::bindVerbose = ipaRequest->bindVerbose;
//
// Set _subscriptionInitComplete from value in
// InitializeProviderAgent request
//
_providerManagerRouter.setSubscriptionInitComplete
(ipaRequest->subscriptionInitComplete);
PEG_TRACE_CSTRING(TRC_PROVIDERAGENT, Tracer::LEVEL2,
"Processed the agent initialization message.");
// Notify the cimserver that the provider agent is initialized.
Uint32 messageLength = 0;
_pipeToServer->writeBuffer((const char*)&messageLength, sizeof(Uint32));
#if defined(PEGASUS_OS_ZOS) && defined(PEGASUS_ZOS_SECURITY)
// prepare and setup the thread-level security environment on z/OS
// if security initialization fails
startupCheckBPXServer(false);
startupCheckMSC();
if (!isZOSSecuritySetup())
{
Logger::put_l(Logger::ERROR_LOG, ZOS_SECURITY_NAME, Logger::FATAL,
MessageLoaderParms(
"ProviderManager.ProviderAgent.ProviderAgent."
"UNINITIALIZED_SECURITY_SETUP.PEGASUS_OS_ZOS",
"Security environment could not be initialised. "
"Assume security fraud. Stopping Provider Agent."));
exit(1);
}
#endif
// provider agent is initialised and ready to go
_isInitialised = true;
}
else if (request->getType() == CIM_NOTIFY_CONFIG_CHANGE_REQUEST_MESSAGE)
{
// Process the request in this thread
AutoPtr<CIMNotifyConfigChangeRequestMessage> notifyRequest(
dynamic_cast<CIMNotifyConfigChangeRequestMessage*>(request));
PEGASUS_ASSERT(notifyRequest.get() != 0);
//
// Update the ConfigManager with the new property value
//
ConfigManager* configManager = ConfigManager::getInstance();
CIMException responseException;
try
{
if (notifyRequest->currentValueModified)
{
String userName = ((IdentityContainer)
request->operationContext.get(
IdentityContainer::NAME)).getUserName();
configManager->updateCurrentValue(
notifyRequest->propertyName,
notifyRequest->newPropertyValue,
userName,
0,
false);
}
else
{
configManager->updatePlannedValue(
notifyRequest->propertyName,
notifyRequest->newPropertyValue,
true);
}
}
catch (Exception& e)
{
responseException = PEGASUS_CIM_EXCEPTION(
CIM_ERR_FAILED, e.getMessage());
}
AutoPtr<CIMResponseMessage> response(notifyRequest->buildResponse());
response->cimException = responseException;
// Return response to CIM Server
_writeResponse(response.get());
}
else if ((request->getType() == CIM_DISABLE_MODULE_REQUEST_MESSAGE) ||
(request->getType() == CIM_STOP_ALL_PROVIDERS_REQUEST_MESSAGE))
{
// Process the request in this thread
AutoPtr<Message> response(_processRequest(request));
_writeResponse(response.get());
CIMResponseMessage * respMsg =
dynamic_cast<CIMResponseMessage*>(response.get());
// If StopAllProviders, terminate the agent process.
// If DisableModule not successful, leave agent process running.
if ((request->getType() == CIM_STOP_ALL_PROVIDERS_REQUEST_MESSAGE) ||
((request->getType() == CIM_DISABLE_MODULE_REQUEST_MESSAGE) &&
(!dynamic_cast<CIMDisableModuleRequestMessage*>(request)->
disableProviderOnly) &&
(respMsg->cimException.getCode() == CIM_ERR_SUCCESS)))
{
// Operation is successful. End the agent process.
_providersStopped = true;
_terminating = true;
}
delete request;
}
else if (request->getType () ==
CIM_SUBSCRIPTION_INIT_COMPLETE_REQUEST_MESSAGE ||
request->getType () ==
CIM_INDICATION_SERVICE_DISABLED_REQUEST_MESSAGE)
{
//
// Process the request in this thread
//
AutoPtr <Message> response (_processRequest (request));
_writeResponse (response.get ());
//
// Note: the response does not contain interesting data
//
delete request;
}
else
{
// Start a new thread to process the request
ProviderAgentRequest* agentRequest =
new ProviderAgentRequest(this, request);
ThreadStatus rtn = PEGASUS_THREAD_OK;
while ((rtn = _threadPool.allocate_and_awaken(agentRequest,
ProviderAgent::_processRequestAndWriteResponse)) !=
PEGASUS_THREAD_OK)
{
if (rtn == PEGASUS_THREAD_INSUFFICIENT_RESOURCES)
{
Threads::yield();
}
else
{
PEG_TRACE_CSTRING(TRC_PROVIDERAGENT, Tracer::LEVEL1,
"Could not allocate thread to process agent request.");
AutoPtr<CIMResponseMessage> response(request->buildResponse());
response->cimException = PEGASUS_CIM_EXCEPTION_L(
CIM_ERR_FAILED,
MessageLoaderParms(
"ProviderManager.ProviderAgent.ProviderAgent."
"THREAD_ALLOCATION_FAILED",
"Failed to allocate a thread in cimprovagt \"$0\".",
_agentId));
// Return response to CIM Server
_writeResponse(response.get());
delete agentRequest;
delete request;
break;
}
}
}
PEG_METHOD_EXIT();
return true;
}
void CIMOperationRequestAuthorizer::handleEnqueue(Message* request)
{
PEG_METHOD_ENTER(TRC_SERVER,
"CIMOperationRequestAuthorizer::handleEnqueue");
if (!request)
{
PEG_METHOD_EXIT();
return;
}
CIMOperationRequestMessage* tmp =
dynamic_cast<CIMOperationRequestMessage*>(request);
AutoPtr<CIMOperationRequestMessage> req(tmp);
PEGASUS_ASSERT(req.get());
//
// Get the HTTPConnection queue id
//
QueueIdStack qis = req->queueIds.copyAndPop();
Uint32 queueId = qis.top();
// Set the client's requested language into this service thread.
// This will allow functions in this service to return messages
// in the correct language.
req->updateThreadLanguages();
//
// If CIMOM is shutting down, return "Service Unavailable" response
//
if (_serverTerminating)
{
Buffer message;
message = XmlWriter::formatHttpErrorRspMessage(
HTTP_STATUS_SERVICEUNAVAILABLE,
String::EMPTY,
"CIM Server is shutting down.");
sendResponse(queueId, message);
PEG_METHOD_EXIT();
return;
}
String userName = ((IdentityContainer)(req->operationContext.get(
IdentityContainer::NAME))).getUserName();
String authType = req->authType;
CIMNamespaceName nameSpace = req->nameSpace;
String cimMethodName;
switch (req->getType())
{
case CIM_GET_CLASS_REQUEST_MESSAGE:
cimMethodName = "GetClass";
break;
case CIM_GET_INSTANCE_REQUEST_MESSAGE:
cimMethodName = "GetInstance";
break;
case CIM_DELETE_CLASS_REQUEST_MESSAGE:
cimMethodName = "DeleteClass";
break;
case CIM_DELETE_INSTANCE_REQUEST_MESSAGE:
cimMethodName = "DeleteInstance";
break;
case CIM_CREATE_CLASS_REQUEST_MESSAGE:
cimMethodName = "CreateClass";
break;
case CIM_CREATE_INSTANCE_REQUEST_MESSAGE:
cimMethodName = "CreateInstance";
break;
case CIM_MODIFY_CLASS_REQUEST_MESSAGE:
cimMethodName = "ModifyClass";
break;
case CIM_MODIFY_INSTANCE_REQUEST_MESSAGE:
cimMethodName = "ModifyInstance";
break;
case CIM_ENUMERATE_CLASSES_REQUEST_MESSAGE:
cimMethodName = "EnumerateClasses";
break;
case CIM_ENUMERATE_CLASS_NAMES_REQUEST_MESSAGE:
cimMethodName = "EnumerateClassNames";
break;
case CIM_ENUMERATE_INSTANCES_REQUEST_MESSAGE:
cimMethodName = "EnumerateInstances";
break;
case CIM_ENUMERATE_INSTANCE_NAMES_REQUEST_MESSAGE:
cimMethodName = "EnumerateInstanceNames";
break;
case CIM_EXEC_QUERY_REQUEST_MESSAGE:
cimMethodName = "ExecQuery";
break;
case CIM_ASSOCIATORS_REQUEST_MESSAGE:
cimMethodName = "Associators";
break;
case CIM_ASSOCIATOR_NAMES_REQUEST_MESSAGE:
cimMethodName = "AssociatorNames";
break;
case CIM_REFERENCES_REQUEST_MESSAGE:
cimMethodName = "References";
break;
case CIM_REFERENCE_NAMES_REQUEST_MESSAGE:
cimMethodName = "ReferenceNames";
break;
case CIM_GET_PROPERTY_REQUEST_MESSAGE:
cimMethodName = "GetProperty";
break;
case CIM_SET_PROPERTY_REQUEST_MESSAGE:
cimMethodName = "SetProperty";
break;
case CIM_GET_QUALIFIER_REQUEST_MESSAGE:
cimMethodName = "GetQualifier";
break;
case CIM_SET_QUALIFIER_REQUEST_MESSAGE:
cimMethodName = "SetQualifier";
break;
case CIM_DELETE_QUALIFIER_REQUEST_MESSAGE:
cimMethodName = "DeleteQualifier";
break;
case CIM_ENUMERATE_QUALIFIERS_REQUEST_MESSAGE:
cimMethodName = "EnumerateQualifiers";
break;
case CIM_INVOKE_METHOD_REQUEST_MESSAGE:
cimMethodName = "InvokeMethod";
break;
default:
PEGASUS_ASSERT(0);
break;
}
#ifdef PEGASUS_ZOS_SECURITY
if (checkRequestTypeAuthorizationZOS(
req->getType(), userName, nameSpace) == false)
{
//
// user is not authorized, send an
// error message to the requesting client.
//
if (cimMethodName == "InvokeMethod")
{
sendMethodError(
queueId,
req->getHttpMethod(),
req->messageId,
((CIMInvokeMethodRequestMessage*)req.get())->methodName,
PEGASUS_CIM_EXCEPTION_L(CIM_ERR_ACCESS_DENIED,
MessageLoaderParms(
"Server.CIMOperationRequestAuthorizer."
"NAMESPACE_AUTHORIZATION_FAILED",
"User '$0' is not authorized to run '$1' in the "
"namespace '$2'",
userName, cimMethodName, nameSpace.getString())));
}
else
{
sendIMethodError(
queueId,
req->getHttpMethod(),
req->messageId,
cimMethodName,
PEGASUS_CIM_EXCEPTION_L(CIM_ERR_ACCESS_DENIED,
MessageLoaderParms(
"Server.CIMOperationRequestAuthorizer."
"NAMESPACE_AUTHORIZATION_FAILED",
"User '$0' is not authorized to run '$1' in the "
"namespace '$2'",
userName, cimMethodName, nameSpace.getString())));
}
PEG_METHOD_EXIT();
return;
}
#endif
#ifdef PEGASUS_ENABLE_USERGROUP_AUTHORIZATION
//
// If the user is not privileged and authorized user group is specified,
// then perform the user group authorization check.
//
try
{
if ( ! System::isPrivilegedUser(userName) )
{
Uint32 size = _authorizedUserGroups.size();
if (size > 0)
{
Boolean authorized = false;
//
// Check if the user name is in the authorized user groups.
//
for (Uint32 i = 0; i < size; i++)
{
//
// Check if the user is a member of the group
//
if (System::isGroupMember(userName.getCString(),
_authorizedUserGroups[i].getCString()))
{
authorized = true;
break;
}
}
//
// If the user is not a member of any of the authorized
// user groups then generate error response.
//
if (!authorized)
{
PEG_TRACE((TRC_SERVER, Tracer::LEVEL1,
"Authorization Failed: User '%s' "
"is not a member of the authorized groups",
(const char*)userName.getCString()));
MessageLoaderParms msgLoaderParms(
"Server.CIMOperationRequestAuthorizer."
"NOT_IN_AUTHORIZED_GRP",
"User '$0' is not authorized to access CIM data.",
userName);
//
// user is not in the authorized user groups, send an
// error message to the requesting client.
//
if (cimMethodName == "InvokeMethod")
{
sendMethodError(
queueId,
req->getHttpMethod(),
req->messageId,
((CIMInvokeMethodRequestMessage*)req.get())->
methodName,
PEGASUS_CIM_EXCEPTION_L(CIM_ERR_ACCESS_DENIED,
msgLoaderParms));
PEG_METHOD_EXIT();
return;
}
else
{
sendIMethodError(
queueId,
req->getHttpMethod(),
req->messageId,
cimMethodName,
PEGASUS_CIM_EXCEPTION_L(CIM_ERR_ACCESS_DENIED,
msgLoaderParms));
PEG_METHOD_EXIT();
return;
}
}
}
}
}
catch (InternalSystemError& ise)
{
sendIMethodError(
queueId,
req->getHttpMethod(),
req->messageId,
cimMethodName,
PEGASUS_CIM_EXCEPTION(CIM_ERR_ACCESS_DENIED, ise.getMessage()));
PEG_METHOD_EXIT();
return;
}
#endif // #ifdef PEGASUS_ENABLE_USERGROUP_AUTHORIZATION
//
// Get a config manager instance
//
ConfigManager* configManager = ConfigManager::getInstance();
//
// Do namespace authorization verification
//
if (ConfigManager::parseBooleanValue(
configManager->getCurrentValue("enableNamespaceAuthorization")))
{
//
// If the user is not privileged, perform the authorization check.
//
if (!System::isPrivilegedUser(userName))
{
UserManager* userManager = UserManager::getInstance();
if (!userManager ||
!userManager->verifyAuthorization(
userName, nameSpace, cimMethodName))
{
if (cimMethodName == "InvokeMethod")
{
sendMethodError(
queueId,
req->getHttpMethod(),
req->messageId,
((CIMInvokeMethodRequestMessage*)req.get())->methodName,
PEGASUS_CIM_EXCEPTION_L(CIM_ERR_ACCESS_DENIED,
MessageLoaderParms(
"Server.CIMOperationRequestAuthorizer."
"NAMESPACE_AUTHORIZATION_FAILED",
"User '$0' is not authorized to run '$1' in the "
"namespace '$2'",
userName, cimMethodName, nameSpace.getString())));
}
else
{
sendIMethodError(
queueId,
req->getHttpMethod(),
req->messageId,
cimMethodName,
PEGASUS_CIM_EXCEPTION_L(CIM_ERR_ACCESS_DENIED,
MessageLoaderParms(
"Server.CIMOperationRequestAuthorizer."
"NAMESPACE_AUTHORIZATION_FAILED",
"User '$0' is not authorized to run '$1' in "
"the namespace '$2'",
userName,
cimMethodName,
nameSpace.getString())));
}
PEG_METHOD_EXIT();
return;
}
}
}
//
// Enqueue the request
//
_outputQueue->enqueue(req.release());
PEG_METHOD_EXIT();
}
int CIMServerProcess::cimserver_run(
int argc,
char** argv,
Boolean shutdownOption,
Boolean debugOutputOption)
{
Boolean daemonOption = false;
#if defined (PEGASUS_OS_PASE) && !defined (PEGASUS_DEBUG)
// PASE have itself regular for checking privileged user
if (!System::isPrivilegedUser("*CURRENT "))
{
MessageLoaderParms parms(
"src.Server.cimserver.NO_AUTHORITY.PEGASUS_OS_PASE",
"The caller should be a privileged user,"
" or the server will not run.");
cerr << MessageLoader::getMessage(parms) << endl;
exit (1);
}
char jobName[11];
// this function only can be found in PASE environment
umeGetJobName(jobName, false);
if (strncmp("QUMECIMOM ", jobName, 10) != 0
&& strncmp("QUMEENDCIM", jobName, 10) != 0)
{
MessageLoaderParms parms(
"src.Server.cimserver.NOT_OFFICIAL_START.PEGASUS_OS_PASE",
"cimserver can not be started by user.\nServer will not run.");
cerr << MessageLoader::getMessage(parms) << endl;
exit (1);
}
// Direct standard input, output, and error to /dev/null,
// PASE run this job in background, any output in not allowed
freopen("/dev/null", "r", stdin);
freopen("/dev/null", "w", stdout);
freopen("/dev/null", "w", stderr);
#endif
//
// Get an instance of the Config Manager.
//
ConfigManager* configManager = ConfigManager::getInstance();
configManager->useConfigFiles = true;
try
{
//
// Get options (from command line and from configuration file); this
// removes corresponding options and their arguments from the command
// line. NOTE: If shutdownOption=true, the contents of current config
// file are not overwritten by the planned config file.
//
GetOptions(configManager, argc, argv, shutdownOption);
//
// Initialize the message home directory in the MessageLoader.
// This is the default directory where the resource bundles are found.
//
MessageLoader::setPegasusMsgHome(ConfigManager::getHomedPath(
ConfigManager::getInstance()->getCurrentValue("messageDir")));
#if !defined(PEGASUS_USE_SYSLOGS)
String logsDirectory = ConfigManager::getHomedPath(
configManager->getCurrentValue("logdir"));
// Set up the Logger. This does not open the logs.
// Might be more logical to clean before set.
Logger::setHomeDirectory(logsDirectory);
#endif
#ifdef PEGASUS_OS_PASE
/* write job log to tell where pegasus log is.*/
if(logsDirectory.size() > 0)
// this function only can be found in PASE environment
logPegasusDir2joblog(logsDirectory.getCString());
else
logPegasusDir2joblog(".");
// set ccsid to unicode for entire job
// ccsid is globolization mechanism in PASE environment
if (_SETCCSID(1208) == -1)
{
MessageLoaderParms parms(
"src.Server.cimserver.SET_CCSID_ERROR.PEGASUS_OS_PASE",
"Failed to set CCSID, server will stop.");
cerr << MessageLoader::getMessage(parms) << endl;
Logger::put_l(Logger::ERROR_LOG, System::CIMSERVER, Logger::FATAL,
parms);
exit (1);
}
char fullJobName[29];
umeGetJobName(fullJobName, true);
Logger::put_l(Logger::STANDARD_LOG, System::CIMSERVER,
Logger::INFORMATION,
MessageLoaderParms(
"src.Server.cimserver.SERVER_JOB_NAME.PEGASUS_OS_PASE",
"CIM Server's Job Name is: $0", fullJobName));
#endif
#ifdef PEGASUS_DISABLE_LOCAL_DOMAIN_SOCKET
// Make sure at least one connection is enabled
Boolean enableHttpConnection = ConfigManager::parseBooleanValue(
configManager->getCurrentValue("enableHttpConnection"));
Boolean enableHttpsConnection = ConfigManager::parseBooleanValue(
configManager->getCurrentValue("enableHttpsConnection"));
if (!enableHttpConnection && !enableHttpsConnection)
{
MessageLoaderParms parms(
"src.Server.cimserver.HTTP_NOT_ENABLED_SERVER_NOT_STARTING",
"Neither HTTP nor HTTPS connection is enabled."
" CIMServer will not be started.");
Logger::put_l(
Logger::STANDARD_LOG, System::CIMSERVER, Logger::WARNING,
parms);
cerr << MessageLoader::getMessage(parms) << endl;
return 1;
}
#endif
//
// Check to see if we should start Pegasus as a daemon
//
daemonOption = ConfigManager::parseBooleanValue(
configManager->getCurrentValue("daemon"));
if ((Executor::detectExecutor() == 0) && (daemonOption == false))
{
MessageLoaderParms parms(
"src.Server.cimserver.PRIVSEP_REQUIRES_DAEMON",
"Warning: The configuration setting daemon=false is ignored "
"with privilege separation enabled.");
cerr << MessageLoader::getMessage(parms) << endl;
daemonOption = true;
}
//
// Check to see if we need to shutdown CIMOM
//
if (shutdownOption)
{
#if defined(PEGASUS_OS_ZOS) && defined(PEGASUS_ZOS_SECURITY)
// This checks whether user is authorized to stop the
// CIM Server. When unauthorized a message is logged to
// to the user and program exits.
shutdownCheckProfileCIMSERVclassWBEM();
// Depending on the success of the previous check we may not
// reach this code!!!
#endif
String configTimeout =
configManager->getCurrentValue("shutdownTimeout");
Uint32 timeoutValue =
strtol(configTimeout.getCString(), (char **)0, 10);
ServerShutdownClient serverShutdownClient(&_serverRunStatus);
serverShutdownClient.shutdown(timeoutValue);
MessageLoaderParms parms(
"src.Server.cimserver.SERVER_STOPPED",
"CIM Server stopped.");
cout << MessageLoader::getMessage(parms) << endl;
return 0;
}
#if defined(PEGASUS_DEBUG) && !defined(PEGASUS_USE_SYSLOGS)
// Leave this in until people get familiar with the logs.
MessageLoaderParms parms("src.Server.cimserver.LOGS_DIRECTORY",
"Logs Directory = ");
cout << MessageLoader::getMessage(parms) << logsDirectory << endl;
#endif
}
catch (Exception& e)
{
MessageLoaderParms parms("src.Server.cimserver.SERVER_NOT_STARTED",
"cimserver not started: $0", e.getMessage());
Logger::put_l(Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE,
parms);
cerr << MessageLoader::getMessage(parms) << endl;
return 1;
}
#if defined(PEGASUS_OS_ZOS)
# if defined(PEGASUS_ZOS_SECURITY)
startupCheckBPXServer(true);
startupCheckProfileCIMSERVclassWBEM();
startupEnableMSC();
# endif
startupWaitForTCPIP();
#endif
#if defined(PEGASUS_DEBUG)
// Put out startup up message.
cout << _cimServerProcess->getProductName() << " " <<
_cimServerProcess->getCompleteVersion() << endl;
#endif
// Force initialization of hostname and fullyQualifiedHostName through
// retrieving current value from Configuration Manager
// - this will run getCurrentValue() in DefaultPropertyOwner.cpp
configManager->getCurrentValue("hostname");
configManager->getCurrentValue("fullyQualifiedHostName");
// reset message loading to NON-process locale
MessageLoader::_useProcessLocale = false;
// Get the parent's PID before forking
_serverRunStatus.setParentPid(System::getPID());
// Do not fork when using privilege separation (executor will daemonize
// itself later).
if (daemonOption)
{
if (-1 == _cimServerProcess->cimserver_fork())
return -1;
}
// Now we are after the fork...
// Create a dummy Thread object that can be used to store the
// AcceptLanguageList object for CIM requests that are serviced
// by this thread (initial thread of server). Need to do this
// because this thread is not in a ThreadPool, but is used
// to service CIM requests.
// The run function for the dummy Thread should never be called,
dummyInitialThread = new Thread(dummyThreadFunc, NULL, false);
Thread::setCurrent(dummyInitialThread);
try
{
Thread::setLanguages(LanguageParser::getDefaultAcceptLanguages());
}
catch (InvalidAcceptLanguageHeader& e)
{
Logger::put_l(Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE,
MessageLoaderParms(
"src.Server.cimserver.FAILED_TO_SET_PROCESS_LOCALE",
"Could not convert the system process locale into a valid "
"AcceptLanguage format."));
Logger::put(Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE,
e.getMessage());
}
#ifndef PEGASUS_OS_TYPE_WINDOWS
umask(S_IRWXG|S_IRWXO);
#endif
// Start up the CIM Server
try
{
#if defined(PEGASUS_OS_TYPE_UNIX)
//
// Lock the CIMSERVER_LOCK_FILE during CIM Server start-up to prevent
// concurrent writes to this file by multiple cimserver processes
// starting at the same time.
//
CString startupLockFileName = ConfigManager::getHomedPath(
PEGASUS_CIMSERVER_START_LOCK_FILE).getCString();
// Make sure the start-up lock file exists
FILE* startupLockFile;
if ((startupLockFile = fopen(startupLockFileName, "w")) != 0)
{
fclose(startupLockFile);
}
AutoFileLock fileLock(startupLockFileName);
#endif
#if defined(PEGASUS_OS_TYPE_UNIX) || defined(PEGASUS_OS_VMS)
//
// Check if a CIM Server is already running. If so, print an error
// message and notify the parent process (if there is one) to terminate
//
if (_serverRunStatus.isServerRunning())
{
MessageLoaderParms parms(
"src.Server.cimserver.UNABLE_TO_START_SERVER_ALREADY_RUNNING",
"Unable to start CIMServer. CIMServer is already running.");
Logger::put_l(
Logger::ERROR_LOG, System::CIMSERVER, Logger::INFORMATION,
parms);
cerr << MessageLoader::getMessage(parms) << endl;
if (daemonOption)
{
_cimServerProcess->notify_parent(1);
}
return 1;
}
//
// Declare ourselves as the running CIM Server process, and write our
// PID to the PID file.
//
_serverRunStatus.setServerRunning();
#endif
// Create and initialize the CIMServer object
_cimServer = new CIMServer();
Boolean enableHttpConnection = ConfigManager::parseBooleanValue(
configManager->getCurrentValue("enableHttpConnection"));
Boolean enableHttpsConnection = ConfigManager::parseBooleanValue(
configManager->getCurrentValue("enableHttpsConnection"));
#ifdef PEGASUS_DISABLE_LOCAL_DOMAIN_SOCKET
// Make sure at least one connection is enabled
if (!enableHttpConnection && !enableHttpsConnection)
{
MessageLoaderParms parms(
"src.Server.cimserver.HTTP_NOT_ENABLED_SERVER_NOT_STARTING",
"Neither HTTP nor HTTPS connection is enabled.");
throw Exception(parms);
}
#endif
Boolean addIP6Acceptor = false;
Boolean addIP4Acceptor = false;
#ifdef PEGASUS_OS_TYPE_WINDOWS
addIP4Acceptor = true;
#endif
#ifdef PEGASUS_ENABLE_IPV6
// If IPv6 stack is disabled swicth to IPv4 stack.
if (System::isIPv6StackActive())
{
addIP6Acceptor = true;
}
else
{
PEG_TRACE_CSTRING(TRC_SERVER,Tracer::LEVEL4,
"IPv6 stack is not active, using IPv4 socket.");
}
#endif
if (!addIP6Acceptor)
{
addIP4Acceptor = true;
}
// The server HTTP and HTTPS ports are determined via this algorithm:
// 1) If the user explicitly specified a port, use it.
// 2) If the user did not specify a port, get the port from the
// services file.
// 3) If no value is specified in the services file, use the IANA WBEM
// default port.
// Note that 2 and 3 are done within the System::lookupPort method
// An empty string from the ConfigManager implies that the user did not
// specify a port.
if (enableHttpConnection)
{
Uint32 portNumberHttp = 0;
String httpPort = configManager->getCurrentValue("httpPort");
if (httpPort.size() == 0)
{
//
// Look up the WBEM-HTTP port number
//
portNumberHttp = System::lookupPort(
WBEM_HTTP_SERVICE_NAME, WBEM_DEFAULT_HTTP_PORT);
_initConfigProperty("httpPort", portNumberHttp);
}
else
{
Uint64 longNumber;
// use the current value which has been checked for validity at
// load(fct. GetOptions), see DefaultPropertyOwner::isValid()
StringConversion::decimalStringToUint64(
httpPort.getCString(),
longNumber);
portNumberHttp = longNumber & 0xffff;
}
String listenOn = configManager->getCurrentValue("listenAddress");
if(String::equalNoCase(listenOn, "All"))
{
if (addIP6Acceptor)
{
_cimServer->addAcceptor(HTTPAcceptor::IPV6_CONNECTION,
portNumberHttp, false);
}
if (addIP4Acceptor)
{
_cimServer->addAcceptor(HTTPAcceptor::IPV4_CONNECTION,
portNumberHttp, false);
}
}
else // Restricted listening
{
_restrictListening(
configManager, listenOn, portNumberHttp, false);
}
// The port number is converted to a string to avoid the
// addition of localized characters (e.g., "5,988").
char scratchBuffer[22];
Uint32 n;
const char * portNumberHttpStr = Uint32ToString(
scratchBuffer, portNumberHttp, n);
MessageLoaderParms parms(
"src.Server.cimserver.LISTENING_ON_HTTP_PORT",
"Listening on HTTP port $0.", portNumberHttpStr);
Logger::put_l(
Logger::STANDARD_LOG, System::CIMSERVER, Logger::INFORMATION,
parms);
#if defined(PEGASUS_DEBUG)
cout << MessageLoader::getMessage(parms) << endl;
#endif
}
if (enableHttpsConnection)
{
Uint32 portNumberHttps = 0;
String httpsPort = configManager->getCurrentValue("httpsPort");
if (httpsPort.size() == 0)
{
//
// Look up the WBEM-HTTPS port number
//
portNumberHttps = System::lookupPort(
WBEM_HTTPS_SERVICE_NAME, WBEM_DEFAULT_HTTPS_PORT);
_initConfigProperty("httpsPort", portNumberHttps);
}
else
{
Uint64 longNumber;
// use the current value which has been checked for validity at
// load(fct. GetOptions), see DefaultPropertyOwner::isValid()
StringConversion::decimalStringToUint64(
httpsPort.getCString(),
longNumber);
portNumberHttps = longNumber & 0xffff;
}
String listenOn = configManager->getCurrentValue("listenAddress");
if(String::equalNoCase(listenOn, "All"))
{
if (addIP6Acceptor)
{
_cimServer->addAcceptor(HTTPAcceptor::IPV6_CONNECTION,
portNumberHttps, true);
}
if (addIP4Acceptor)
{
_cimServer->addAcceptor(HTTPAcceptor::IPV4_CONNECTION,
portNumberHttps, true);
}
}
else //Restricted
{
_restrictListening(
configManager, listenOn, portNumberHttps, true);
}
// The port number is converted to a string to avoid the
// addition of localized characters (e.g., "5,989").
char scratchBuffer[22];
Uint32 n;
const char * portNumberHttpsStr = Uint32ToString(
scratchBuffer, portNumberHttps, n);
MessageLoaderParms parms(
"src.Server.cimserver.LISTENING_ON_HTTPS_PORT",
"Listening on HTTPS port $0.", portNumberHttpsStr);
Logger::put_l(
Logger::STANDARD_LOG, System::CIMSERVER, Logger::INFORMATION,
parms);
#if defined(PEGASUS_DEBUG)
cout << MessageLoader::getMessage(parms) << endl;
#endif
}
#ifndef PEGASUS_DISABLE_LOCAL_DOMAIN_SOCKET
{
_cimServer->addAcceptor(HTTPAcceptor::LOCAL_CONNECTION, 0, false);
MessageLoaderParms parms(
"src.Server.cimserver.LISTENING_ON_LOCAL",
"Listening on local connection socket.");
Logger::put_l(
Logger::STANDARD_LOG, System::CIMSERVER, Logger::INFORMATION,
parms);
# if defined(PEGASUS_DEBUG)
cout << MessageLoader::getMessage(parms) << endl;
# endif
}
#endif
_cimServer->bind();
// notify parent process (if there is a parent process) to terminate
// so user knows that there is cimserver ready to serve CIM requests.
if (daemonOption)
{
_cimServerProcess->notify_parent(0);
}
#if defined(PEGASUS_DEBUG)
cout << "Started. " << endl;
#endif
// Put server started message to the logger
Logger::put_l(Logger::STANDARD_LOG, System::CIMSERVER,
Logger::INFORMATION,
MessageLoaderParms(
"src.Server.cimserver.STARTED_VERSION",
"Started $0 version $1.",
_cimServerProcess->getProductName(),
_cimServerProcess->getCompleteVersion()));
#if defined(PEGASUS_OS_TYPE_UNIX) && !defined(PEGASUS_OS_ZOS)
if (daemonOption && !debugOutputOption)
{
// Direct standard input, output, and error to /dev/null,
// since we are running as a daemon.
close(STDIN_FILENO);
open("/dev/null", O_RDONLY);
close(STDOUT_FILENO);
open("/dev/null", O_RDWR);
close(STDERR_FILENO);
open("/dev/null", O_RDWR);
}
#endif
}
catch (Exception& e)
{
MessageLoaderParms parms("src.Server.cimserver.SERVER_NOT_STARTED",
"cimserver not started: $0", e.getMessage());
Logger::put_l(Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE,
parms);
cerr << MessageLoader::getMessage(parms) << endl;
deleteCIMServer();
//
// notify parent process (if there is a parent process) to terminate
//
if (daemonOption)
_cimServerProcess->notify_parent(1);
return 1;
}
// Run the main CIM Server loop
try
{
#if defined(PEGASUS_OS_ZOS)
// ARM is a z/OS internal restart facility.
// This is a z/OS specific change.
// Instatiating the automatic restart manager for zOS
ARM_zOS automaticRestartManager;
// register to zOS ARM
automaticRestartManager.Register();
#endif
#ifdef PEGASUS_ENABLE_SLP
_cimServer->startSLPProvider();
#endif
_cimServer->initComplete();
//
// Loop to call CIMServer's runForever() method until CIMServer
// has been shutdown
//
while (!_cimServer->terminated())
{
_cimServer->runForever();
}
//
// normal termination
//
#if defined(PEGASUS_OS_ZOS)
// ARM is a z/OS internal restart facility.
// This is a z/OS specific change.
// register to zOS ARM
automaticRestartManager.DeRegister();
#endif
// Put server shutdown message to the logger
Logger::put_l(
Logger::STANDARD_LOG, System::CIMSERVER, Logger::INFORMATION,
MessageLoaderParms(
"src.Server.cimserver.STOPPED",
"$0 stopped.", _cimServerProcess->getProductName()));
}
catch (Exception& e)
{
MessageLoaderParms parms(
"src.Server.cimserver.ERROR",
"Error: $0",
e.getMessage());
Logger::put_l(Logger::STANDARD_LOG, System::CIMSERVER, Logger::WARNING,
parms);
cerr << MessageLoader::getMessage(parms) << endl;
deleteCIMServer();
return 1;
}
deleteCIMServer();
return 0;
}
PEGASUS_NAMESPACE_BEGIN
/*****************************************************************************
*
* The following are constants representing property names for the classes
* managed by the Interop Provider. Where multiple classes have properties of
* the same name, there will be a common CIMName object defined, and a macro
* defined that points to the common CIMName object, but whose macro name
* reflects the class in which the property is used.
*
*****************************************************************************/
//
// Constructor for the InteropProvider control provider
//
InteropProvider::InteropProvider(CIMRepository * rep) : repository(rep),
hostName(System::getHostName()), providerInitialized(false),
updateProfileCache(0),
profileIds(Array<String>()), conformingElements(Array<CIMNameArray>()),
elementNamespaces(Array<CIMNamespaceArray>())
{
PEG_METHOD_ENTER(TRC_CONTROLPROVIDER,"InteropProvider::InteropProvider");
ConfigManager *configManager = ConfigManager::getInstance();
#ifdef PEGASUS_ENABLE_SLP
enableSLP = ConfigManager::parseBooleanValue(
configManager->getCurrentValue("slp"));
#else
enableSLP = false;
#endif
httpPort = configManager->getCurrentValue("httpPort");
if (httpPort.size() == 0)
{
Uint32 portNumberHttp = System::lookupPort(
WBEM_HTTP_SERVICE_NAME, WBEM_DEFAULT_HTTP_PORT);
char buffer[32];
Uint32 n;
const char *output = Uint32ToString(buffer, portNumberHttp, n);
httpPort.assign(output, n);
}
httpsPort = configManager->getCurrentValue("httpsPort");
if (httpsPort.size() == 0)
{
Uint32 portNumberHttps = System::lookupPort(
WBEM_HTTPS_SERVICE_NAME, WBEM_DEFAULT_HTTPS_PORT);
char buffer[32];
Uint32 n;
const char *output = Uint32ToString(buffer, portNumberHttps, n);
httpsPort.assign(output, n);
}
#ifndef PEGASUS_DISABLE_PERFINST
try
{
initProvider();
}
catch(const Exception &)
{
// Provider initialization may fail if the repository is not
// populated
}
#endif
PEG_METHOD_EXIT();
}
SSLContext* CIMServer::_getSSLContext()
{
PEG_METHOD_ENTER(TRC_SERVER, "CIMServer::_getSSLContext()");
static const String PROPERTY_NAME__SSL_CERT_FILEPATH =
"sslCertificateFilePath";
static const String PROPERTY_NAME__SSL_KEY_FILEPATH = "sslKeyFilePath";
static const String PROPERTY_NAME__SSL_TRUST_STORE = "sslTrustStore";
static const String PROPERTY_NAME__SSL_CRL_STORE = "crlStore";
static const String PROPERTY_NAME__SSL_CLIENT_VERIFICATION =
"sslClientVerificationMode";
static const String PROPERTY_NAME__SSL_AUTO_TRUST_STORE_UPDATE =
"enableSSLTrustStoreAutoUpdate";
static const String PROPERTY_NAME__SSL_TRUST_STORE_USERNAME =
"******";
static const String PROPERTY_NAME__HTTP_ENABLED =
"enableHttpConnection";
static const String PROPERTY_NAME__SSL_CIPHER_SUITE = "sslCipherSuite";
static const String PROPERTY_NAME__SSL_COMPATIBILITY =
"sslBackwardCompatibility";
String verifyClient;
String trustStore;
SSLContext* sslContext = 0;
//
// Get a config manager instance
//
ConfigManager* configManager = ConfigManager::getInstance();
// Note that if invalid values were set for either sslKeyFilePath,
// sslCertificateFilePath, crlStore or sslTrustStore, the invalid
// paths would have been detected in SecurityPropertyOwner and
// terminated the server startup. This happens regardless of whether
// or not HTTPS is enabled (not a great design, but that seems to
// be how other properties are validated as well)
//
// Get the sslClientVerificationMode property from the Config
// Manager.
//
verifyClient = configManager->getCurrentValue(
PROPERTY_NAME__SSL_CLIENT_VERIFICATION);
//
// Get the sslTrustStore property from the Config Manager.
//
trustStore = configManager->getCurrentValue(
PROPERTY_NAME__SSL_TRUST_STORE);
if (trustStore != String::EMPTY)
{
trustStore = ConfigManager::getHomedPath(trustStore);
}
PEG_TRACE((TRC_SERVER, Tracer::LEVEL4,"Server trust store name: %s",
(const char*)trustStore.getCString()));
//
// Get the sslTrustStoreUserName property from the Config Manager.
//
String trustStoreUserName;
trustStoreUserName = configManager->getCurrentValue(
PROPERTY_NAME__SSL_TRUST_STORE_USERNAME);
if (!String::equal(verifyClient, "disabled"))
{
//
// 'required' and 'optional' settings must have a valid truststore
//
if (trustStore == String::EMPTY)
{
MessageLoaderParms parms(
"Pegasus.Server.SSLContextManager."
"SSL_CLIENT_VERIFICATION_EMPTY_TRUSTSTORE",
"The \"sslTrustStore\" configuration property must be set "
"if \"sslClientVerificationMode\" is 'required' or "
"'optional'.");
PEG_METHOD_EXIT();
throw SSLException(parms);
}
#ifdef PEGASUS_DISABLE_LOCAL_DOMAIN_SOCKET
//
// ATTN: 'required' setting must have http port enabled.
// If only https is enabled, and a call to shutdown the
// cimserver is given, the call will hang and a forced shutdown
// will ensue. This is because the CIMClient::connectLocal call
// cannot specify a certificate for authentication against
// the local server. This limitation is being investigated.
// See Bugzilla 2995.
//
if (String::equal(verifyClient, "required"))
{
if (!ConfigManager::parseBooleanValue(
configManager->getCurrentValue(
PROPERTY_NAME__HTTP_ENABLED)))
{
MessageLoaderParms parms(
"Pegasus.Server.SSLContextManager."
"INVALID_CONF_HTTPS_REQUIRED",
"The \"sslClientVerificationMode\" property cannot be "
"set to \"required\" if HTTP is disabled, as the "
"cimserver will be unable to properly shutdown. "
"The recommended course of action is to change "
"the property value to \"optional\".");
PEG_METHOD_EXIT();
throw SSLException(parms);
}
}
#endif
//
// A truststore username must be specified if
// sslClientVerificationMode is enabled and the truststore is a
// single CA file. If the truststore is a directory, then the
// CertificateProvider should be used to register users with
// certificates.
//
if (trustStore != String::EMPTY)
{
if (!FileSystem::exists(trustStore))
{
MessageLoaderParms parms(
"Pegasus.Server.SSLContextManager."
"COULD_NOT_ACCESS_TRUST_STORE",
"Could not access the trust store."
"Check the permissions of the truststore path \"$0\".",
trustStore);
PEG_METHOD_EXIT();
throw SSLException(parms);
}
if (!FileSystem::isDirectory(trustStore))
{
if (trustStoreUserName == String::EMPTY)
{
MessageLoaderParms parms(
"Pegasus.Server.SSLContextManager."
"SSL_CLIENT_VERIFICATION_EMPTY_USERNAME",
"The \"sslTrustStoreUserName\" property must specify a "
"valid username if \"sslClientVerificationMode\" "
"is 'required' or 'optional' and the truststore is "
"a single CA file. To register individual "
"certificates to users, you must use a truststore "
"directory along with the CertificateProvider.");
PEG_METHOD_EXIT();
throw SSLException(parms);
}
}
}
}
#ifdef PEGASUS_ENABLE_SSL_CRL_VERIFICATION
//
// Get the crlStore property from the Config Manager.
//
String crlStore = configManager->getCurrentValue(
PROPERTY_NAME__SSL_CRL_STORE);
if (crlStore != String::EMPTY)
{
crlStore = ConfigManager::getHomedPath(crlStore);
}
#else
String crlStore;
#endif
//
// Get the sslCertificateFilePath property from the Config Manager.
//
String certPath;
certPath = ConfigManager::getHomedPath(
configManager->getCurrentValue(PROPERTY_NAME__SSL_CERT_FILEPATH));
//
// Get the sslKeyFilePath property from the Config Manager.
//
String keyPath;
keyPath = ConfigManager::getHomedPath(
configManager->getCurrentValue(PROPERTY_NAME__SSL_KEY_FILEPATH));
String randFile;
#ifdef PEGASUS_SSL_RANDOMFILE
// NOTE: It is technically not necessary to set up a random file on
// the server side, but it is easier to use a consistent interface
// on the client and server than to optimize out the random file on
// the server side.
randFile = ConfigManager::getHomedPath(PEGASUS_SSLSERVER_RANDOMFILE);
#endif
//
// Get the cipherSuite property from the Config Manager.
//
String cipherSuite = configManager->getCurrentValue(
PROPERTY_NAME__SSL_CIPHER_SUITE);
PEG_TRACE((TRC_SERVER, Tracer::LEVEL4, "Cipher suite is %s",
(const char*)cipherSuite.getCString()));
Boolean sslCompatibility = ConfigManager::parseBooleanValue(
configManager->getCurrentValue(
PROPERTY_NAME__SSL_COMPATIBILITY));
//
// Create the SSLContext defined by the configuration properties
//
if (String::equal(verifyClient, "required"))
{
PEG_TRACE_CSTRING(TRC_SERVER, Tracer::LEVEL3,
"SSL Client verification REQUIRED.");
_sslContextMgr->createSSLContext(
trustStore, certPath, keyPath, crlStore, false, randFile,
cipherSuite,sslCompatibility);
}
else if (String::equal(verifyClient, "optional"))
{
PEG_TRACE_CSTRING(TRC_SERVER, Tracer::LEVEL3,
"SSL Client verification OPTIONAL.");
_sslContextMgr->createSSLContext(
trustStore, certPath, keyPath, crlStore, true, randFile,
cipherSuite,sslCompatibility);
}
else if (String::equal(verifyClient, "disabled") ||
verifyClient == String::EMPTY)
{
PEG_TRACE_CSTRING(TRC_SERVER, Tracer::LEVEL3,
"SSL Client verification DISABLED.");
_sslContextMgr->createSSLContext(
String::EMPTY, certPath, keyPath, crlStore, false, randFile,
cipherSuite,sslCompatibility);
}
sslContext = _sslContextMgr->getSSLContext();
try
{
sslContext->_validateCertificate();
}
catch (SSLException& e)
{
Logger::put(
Logger::STANDARD_LOG, System::CIMSERVER, Logger::WARNING,
e.getMessage());
}
PEG_METHOD_EXIT();
return sslContext;
}
void CIMServer::_init()
{
// pre-initialize the hostname.
System::getHostName();
_monitor.reset(new Monitor());
#if (defined(PEGASUS_OS_HPUX) || defined(PEGASUS_OS_LINUX)) \
&& defined(PEGASUS_USE_RELEASE_DIRS)
if (chdir(PEGASUS_CORE_DIR) != 0)
{
PEG_TRACE((TRC_SERVER, Tracer::LEVEL2,
"chdir(\"%s\") failed with errno %d.", PEGASUS_CORE_DIR, errno));
}
#endif
// -- Create a repository:
String repositoryRootPath =
ConfigManager::getHomedPath(
ConfigManager::getInstance()->getCurrentValue("repositoryDir"));
#ifdef DO_NOT_CREATE_REPOSITORY_ON_STARTUP
// If this code is enable, the CIMServer will fail to start
// if the repository directory does not exist. If called,
// the Repository will create an empty repository.
// This check has been disabled to allow cimmof to call
// the CIMServer to build the initial repository.
if (!FileSystem::isDirectory(repositoryRootPath))
{
throw NoSuchDirectory(repositoryRootPath);
}
#endif
_repository = new CIMRepository(repositoryRootPath);
// -- Create a UserManager object:
#ifndef PEGASUS_PAM_AUTHENTICATION
UserManager::getInstance(_repository);
#endif
// -- Create a SCMOClass Cache and set call back for the repository
SCMOClassCache::getInstance()->setCallBack(_scmoClassCache_GetClass);
// -- Create a CIMServerState object:
_serverState.reset(new CIMServerState());
_providerRegistrationManager = new ProviderRegistrationManager(_repository);
// -- Create queue inter-connections:
_providerManager = new ProviderManagerService(
_providerRegistrationManager,
_repository,
DefaultProviderManager::createDefaultProviderManagerCallback);
// Create IndicationHandlerService:
_handlerService = new IndicationHandlerService(_repository);
_cimOperationRequestDispatcher = new CIMOperationRequestDispatcher(
_repository, _providerRegistrationManager);
// Create the control service
_controlService = new ModuleController(PEGASUS_QUEUENAME_CONTROLSERVICE);
// Jump this number up when there are more control providers.
_controlProviders.reserveCapacity(16);
// Create the Configuration control provider
ProviderMessageHandler* configProvider = new ProviderMessageHandler(
"CIMServerControlProvider", "ConfigSettingProvider",
new ConfigSettingProvider(), 0, 0, false);
_controlProviders.append(configProvider);
_controlService->register_module(
PEGASUS_MODULENAME_CONFIGPROVIDER,
configProvider,
controlProviderReceiveMessageCallback);
#ifndef PEGASUS_PAM_AUTHENTICATION
// Create the User/Authorization control provider
ProviderMessageHandler* userAuthProvider = new ProviderMessageHandler(
"CIMServerControlProvider", "UserAuthProvider",
new UserAuthProvider(_repository), 0, 0, false);
_controlProviders.append(userAuthProvider);
_controlService->register_module(
PEGASUS_MODULENAME_USERAUTHPROVIDER,
userAuthProvider,
controlProviderReceiveMessageCallback);
#endif
// Create the Provider Registration control provider
ProviderMessageHandler* provRegProvider = new ProviderMessageHandler(
"CIMServerControlProvider", "ProviderRegistrationProvider",
new ProviderRegistrationProvider(_providerRegistrationManager),
ModuleController::indicationCallback, 0, false);
// Warning: The ProviderRegistrationProvider destructor deletes
// _providerRegistrationManager
_controlProviders.append(provRegProvider);
_controlService->register_module(
PEGASUS_MODULENAME_PROVREGPROVIDER,
provRegProvider,
controlProviderReceiveMessageCallback);
// Create the Shutdown control provider
ProviderMessageHandler* shutdownProvider = new ProviderMessageHandler(
"CIMServerControlProvider", "ShutdownProvider",
new ShutdownProvider(this), 0, 0, false);
_controlProviders.append(shutdownProvider);
_controlService->register_module(
PEGASUS_MODULENAME_SHUTDOWNPROVIDER,
shutdownProvider,
controlProviderReceiveMessageCallback);
// Create the namespace control provider
ProviderMessageHandler* namespaceProvider = new ProviderMessageHandler(
"CIMServerControlProvider", "NamespaceProvider",
new NamespaceProvider(_repository), 0, 0, false);
_controlProviders.append(namespaceProvider);
_controlService->register_module(
PEGASUS_MODULENAME_NAMESPACEPROVIDER,
namespaceProvider,
controlProviderReceiveMessageCallback);
//
// Create a SSLContextManager object
//
_sslContextMgr = new SSLContextManager();
#ifdef PEGASUS_HAS_SSL
// Because this provider allows management of the cimserver truststore
// it needs to be available regardless of the value
// of sslClientVerificationMode config property.
ProviderMessageHandler* certificateProvider = new ProviderMessageHandler(
"CIMServerControlProvider", "CertificateProvider",
new CertificateProvider(_repository, _sslContextMgr),
0, 0, false);
_controlProviders.append(certificateProvider);
_controlService->register_module(
PEGASUS_MODULENAME_CERTIFICATEPROVIDER,
certificateProvider,
controlProviderReceiveMessageCallback);
#endif
#ifndef PEGASUS_DISABLE_PERFINST
// Create the Statistical Data control provider
ProviderMessageHandler* cimomstatdataProvider = new ProviderMessageHandler(
"CIMServerControlProvider", "CIMOMStatDataProvider",
new CIMOMStatDataProvider(), 0, 0, false);
_controlProviders.append(cimomstatdataProvider);
_controlService->register_module(
PEGASUS_MODULENAME_CIMOMSTATDATAPROVIDER,
cimomstatdataProvider,
controlProviderReceiveMessageCallback);
#endif
#ifdef PEGASUS_ENABLE_CQL
// Create the Query Capabilities control provider
ProviderMessageHandler* cimquerycapprovider = new ProviderMessageHandler(
"CIMServerControlProvider", "CIMQueryCapabilitiesProvider",
new CIMQueryCapabilitiesProvider(),
0, 0, false);
_controlProviders.append(cimquerycapprovider);
_controlService->register_module(
PEGASUS_MODULENAME_CIMQUERYCAPPROVIDER,
cimquerycapprovider,
controlProviderReceiveMessageCallback);
#endif
#if defined PEGASUS_ENABLE_INTEROP_PROVIDER
// Create the interop control provider
ProviderMessageHandler* interopProvider = new ProviderMessageHandler(
"CIMServerControlProvider", "InteropProvider",
new InteropProvider(
_repository,
_providerRegistrationManager),
0, 0, false);
_controlProviders.append(interopProvider);
_controlService->register_module(
PEGASUS_MODULENAME_INTEROPPROVIDER,
interopProvider,
controlProviderReceiveMessageCallback);
#endif
_cimOperationResponseEncoder = new CIMOperationResponseEncoder;
//
// get the configured authentication and authorization flags
//
ConfigManager* configManager = ConfigManager::getInstance();
Boolean enableAuthentication = ConfigManager::parseBooleanValue(
configManager->getCurrentValue("enableAuthentication"));
MessageQueue* cimOperationProcessorQueue = 0;
//
// Create Authorization queue only if authentication is enabled
//
if ( enableAuthentication )
{
_cimOperationRequestAuthorizer = new CIMOperationRequestAuthorizer(
_cimOperationRequestDispatcher);
cimOperationProcessorQueue = _cimOperationRequestAuthorizer;
}
else
{
_cimOperationRequestAuthorizer = 0;
cimOperationProcessorQueue = _cimOperationRequestDispatcher;
}
_cimOperationRequestDecoder = new CIMOperationRequestDecoder(
cimOperationProcessorQueue,
_cimOperationResponseEncoder->getQueueId());
_cimExportRequestDispatcher = new CIMExportRequestDispatcher();
_cimExportResponseEncoder = new CIMExportResponseEncoder;
_cimExportRequestDecoder = new CIMExportRequestDecoder(
_cimExportRequestDispatcher,
_cimExportResponseEncoder->getQueueId());
_httpAuthenticatorDelegator = new HTTPAuthenticatorDelegator(
_cimOperationRequestDecoder->getQueueId(),
_cimExportRequestDecoder->getQueueId(),
_repository);
_rsProcessor = new RsProcessor(
cimOperationProcessorQueue,
_repository);
_httpAuthenticatorDelegator->setRsQueueId(
_rsProcessor->getRsRequestDecoderQueueId());
#ifdef PEGASUS_ENABLE_PROTOCOL_WEB
_webServer = new WebServer();
_httpAuthenticatorDelegator->setWebQueueId(
_webServer->getQueueId());
#endif
#ifdef PEGASUS_ENABLE_PROTOCOL_WSMAN
_wsmProcessor = new WsmProcessor(
cimOperationProcessorQueue,
_repository);
_httpAuthenticatorDelegator->setWsmQueueId(
_wsmProcessor->getWsmRequestDecoderQueueId());
#endif
// IMPORTANT-NU-20020513: Indication service must start after ExportService
// otherwise HandlerService started by indicationService will never
// get ExportQueue to export indications for existing subscriptions
_indicationService = new IndicationService(
_repository,
_providerRegistrationManager);
// Build the Control Provider and Service internal routing table. This must
// be called after MessageQueueService initialized and ServiceQueueIds
// installed.
DynamicRoutingTable::buildRoutingTable();
// Enable the signal handler to shutdown gracefully on SIGHUP and SIGTERM
getSigHandle()->registerHandler(PEGASUS_SIGHUP, shutdownSignalHandler);
getSigHandle()->activate(PEGASUS_SIGHUP);
getSigHandle()->registerHandler(PEGASUS_SIGTERM, shutdownSignalHandler);
getSigHandle()->activate(PEGASUS_SIGTERM);
#ifdef PEGASUS_OS_PASE
getSigHandle()->registerHandler(SIGFPE, _synchronousSignalHandler);
getSigHandle()->activate(SIGFPE);
getSigHandle()->registerHandler(SIGILL, _synchronousSignalHandler);
getSigHandle()->activate(SIGILL);
getSigHandle()->registerHandler(SIGSEGV, _synchronousSignalHandler);
getSigHandle()->activate(SIGSEGV);
getSigHandle()->registerHandler(SIGIO, _asynchronousSignalHandler);
getSigHandle()->activate(SIGIO);
#endif
#ifdef PEGASUS_OS_ZOS
// Establish handling signal send to us on USS shutdown
getSigHandle()->registerHandler(PEGASUS_SIGDANGER, shutdownSignalHandler);
getSigHandle()->activate(PEGASUS_SIGDANGER);
// enable process to receive SIGDANGER on USS shutdown
__shutdown_registration(_SDR_NOTIFY, _SDR_REGPROCESS, _SDR_SENDSIGDANGER);
#endif
//
// Set up an additional thread waiting for commands from the
// system console
//
#if defined PEGASUS_OS_ZOS
ZOSConsoleManager::startConsoleWatchThread();
#endif
#ifdef PEGASUS_ENABLE_AUDIT_LOGGER
// Register audit logger initialize callback
AuditLogger::setInitializeCallback(auditLogInitializeCallback);
Boolean enableAuditLog = ConfigManager::parseBooleanValue(
configManager->getCurrentValue("enableAuditLog"));
if (enableAuditLog)
{
AuditLogger::setEnabled(enableAuditLog);
}
#endif
}
void CIMOperationRequestAuthorizer::handleEnqueue(Message *request)
{
PEG_METHOD_ENTER(TRC_SERVER, "CIMOperationRequestAuthorizer::handleEnqueue");
if (!request)
{
PEG_METHOD_EXIT();
return;
}
AutoPtr<CIMOperationRequestMessage>
req(dynamic_cast<CIMOperationRequestMessage *>(request));
PEGASUS_ASSERT(req.get());
//
// Get the HTTPConnection queue id
//
QueueIdStack qis = req->queueIds.copyAndPop();
Uint32 queueId = qis.top();
// l10n
// Set the client's requested language into this service thread.
// This will allow functions in this service to return messages
// in the correct language.
if (req->thread_changed())
{
AutoPtr<AcceptLanguages> langs(new AcceptLanguages(((AcceptLanguageListContainer)req->operationContext.get
(AcceptLanguageListContainer:: NAME)).getLanguages()));
Thread::setLanguages(langs.release());
}
//
// If CIMOM is shutting down, return "Service Unavailable" response
//
if (_serverTerminating)
{
Array<char> message;
message = XmlWriter::formatHttpErrorRspMessage(
HTTP_STATUS_SERVICEUNAVAILABLE,
String::EMPTY,
"CIM Server is shutting down.");
sendResponse(queueId, message);
PEG_METHOD_EXIT();
return;
}
String userName = String::EMPTY;
String authType = String::EMPTY;
CIMNamespaceName nameSpace;
String cimMethodName = String::EMPTY;
// Set the username and namespace.
nameSpace = req->nameSpace;
userName = ((IdentityContainer)(req->operationContext.get
(IdentityContainer::NAME))).getUserName();
switch (req->getType())
{
case CIM_GET_CLASS_REQUEST_MESSAGE:
authType =
((CIMGetClassRequestMessage*)req.get())->authType;
cimMethodName = "GetClass";
break;
case CIM_GET_INSTANCE_REQUEST_MESSAGE:
authType =
((CIMGetInstanceRequestMessage*)req.get())->authType;
cimMethodName = "GetInstance";
break;
case CIM_DELETE_CLASS_REQUEST_MESSAGE:
authType =
((CIMDeleteClassRequestMessage*)req.get())->authType;
cimMethodName = "DeleteClass";
break;
case CIM_DELETE_INSTANCE_REQUEST_MESSAGE:
authType =
((CIMDeleteInstanceRequestMessage*)req.get())->authType;
cimMethodName = "DeleteInstance";
break;
case CIM_CREATE_CLASS_REQUEST_MESSAGE:
authType =
((CIMCreateClassRequestMessage*)req.get())->authType;
cimMethodName = "CreateClass";
break;
case CIM_CREATE_INSTANCE_REQUEST_MESSAGE:
authType =
((CIMCreateInstanceRequestMessage*)req.get())->authType;
cimMethodName = "CreateInstance";
break;
case CIM_MODIFY_CLASS_REQUEST_MESSAGE:
authType =
((CIMModifyClassRequestMessage*)req.get())->authType;
cimMethodName = "ModifyClass";
break;
case CIM_MODIFY_INSTANCE_REQUEST_MESSAGE:
authType =
((CIMModifyInstanceRequestMessage*)req.get())->authType;
cimMethodName = "ModifyInstance";
break;
case CIM_ENUMERATE_CLASSES_REQUEST_MESSAGE:
authType = ((CIMEnumerateClassesRequestMessage*)req.get())->authType;
cimMethodName = "EnumerateClasses";
break;
case CIM_ENUMERATE_CLASS_NAMES_REQUEST_MESSAGE:
authType =
((CIMEnumerateClassNamesRequestMessage*)req.get())->authType;
cimMethodName = "EnumerateClassNames";
break;
case CIM_ENUMERATE_INSTANCES_REQUEST_MESSAGE:
authType = ((CIMEnumerateInstancesRequestMessage*)req.get())->authType;
cimMethodName = "EnumerateInstances";
break;
case CIM_ENUMERATE_INSTANCE_NAMES_REQUEST_MESSAGE:
authType = ((CIMEnumerateInstanceNamesRequestMessage*)req.get())->authType;
cimMethodName = "EnumerateInstanceNames";
break;
case CIM_EXEC_QUERY_REQUEST_MESSAGE:
authType = ((CIMExecQueryRequestMessage*)req.get())->authType;
cimMethodName = "ExecQuery";
break;
case CIM_ASSOCIATORS_REQUEST_MESSAGE:
authType = ((CIMAssociatorsRequestMessage*)req.get())->authType;
cimMethodName = "Associators";
break;
case CIM_ASSOCIATOR_NAMES_REQUEST_MESSAGE:
authType = ((CIMAssociatorNamesRequestMessage*)req.get())->authType;
cimMethodName = "AssociatorNames";
break;
case CIM_REFERENCES_REQUEST_MESSAGE:
authType = ((CIMReferencesRequestMessage*)req.get())->authType;
cimMethodName = "References";
break;
case CIM_REFERENCE_NAMES_REQUEST_MESSAGE:
authType = ((CIMReferenceNamesRequestMessage*)req.get())->authType;
cimMethodName = "ReferenceNames";
break;
case CIM_GET_PROPERTY_REQUEST_MESSAGE:
authType = ((CIMGetPropertyRequestMessage*)req.get())->authType;
cimMethodName = "GetProperty";
break;
case CIM_SET_PROPERTY_REQUEST_MESSAGE:
authType = ((CIMSetPropertyRequestMessage*)req.get())->authType;
cimMethodName = "SetProperty";
break;
case CIM_GET_QUALIFIER_REQUEST_MESSAGE:
authType = ((CIMGetQualifierRequestMessage*)req.get())->authType;
cimMethodName = "GetQualifier";
break;
case CIM_SET_QUALIFIER_REQUEST_MESSAGE:
authType = ((CIMSetQualifierRequestMessage*)req.get())->authType;
cimMethodName = "SetQualifier";
break;
case CIM_DELETE_QUALIFIER_REQUEST_MESSAGE:
authType = ((CIMDeleteQualifierRequestMessage*)req.get())->authType;
cimMethodName = "DeleteQualifier";
break;
case CIM_ENUMERATE_QUALIFIERS_REQUEST_MESSAGE:
authType = ((CIMEnumerateQualifiersRequestMessage*)req.get())->authType;
cimMethodName = "EnumerateQualifiers";
break;
case CIM_INVOKE_METHOD_REQUEST_MESSAGE:
authType = ((CIMInvokeMethodRequestMessage*)req.get())->authType;
cimMethodName = "InvokeMethod";
break;
default:
PEGASUS_ASSERT(0);
break;
}
#ifdef PEGASUS_ENABLE_USERGROUP_AUTHORIZATION
//
// If the user is not privileged and authorized user group is specified,
// then perform the user group authorization check.
//
try
{
if ( ! System::isPrivilegedUser(userName) )
{
Uint32 size = _authorizedUserGroups.size();
if (size > 0)
{
Boolean authorized = false;
//
// Check if the user name is in the authorized user groups.
//
for (Uint32 i = 0; i < size; i++)
{
//
// Check if the user is a member of the group
//
if ( System::isGroupMember(userName.getCString(),
_authorizedUserGroups[i].getCString()) )
{
authorized = true;
break;
}
}
//
// If the user is not a member of any of the authorized
// user groups then generate error response.
//
if (!authorized)
{
PEG_TRACE_STRING(TRC_SERVER, Tracer::LEVEL2,
"Authorization Failed: User '" + userName +
"' is not a member of the authorized groups");
MessageLoaderParms msgLoaderParms(
"Server.CIMOperationRequestAuthorizer.NOT_IN_AUTHORIZED_GRP",
"User '$0' is not authorized to access CIM data.",
userName);
//
// user is not in the authorized user groups, send an
// error message to the requesting client.
//
if (cimMethodName == "InvokeMethod")
{
// l10n
sendMethodError(
queueId,
req->getHttpMethod(),
req->messageId,
((CIMInvokeMethodRequestMessage*)req.get())->methodName,
PEGASUS_CIM_EXCEPTION_L(CIM_ERR_ACCESS_DENIED,
msgLoaderParms));
PEG_METHOD_EXIT();
return;
}
else
{
// l10n
sendIMethodError(
queueId,
req->getHttpMethod(),
req->messageId,
cimMethodName,
PEGASUS_CIM_EXCEPTION_L(CIM_ERR_ACCESS_DENIED,
msgLoaderParms));
PEG_METHOD_EXIT();
return;
}
}
}
}
}
catch (InternalSystemError &ise)
{
sendIMethodError(
queueId,
req->getHttpMethod(),
req->messageId,
cimMethodName,
PEGASUS_CIM_EXCEPTION(CIM_ERR_ACCESS_DENIED, ise.getMessage()));
PEG_METHOD_EXIT();
return;
}
#endif // #ifdef PEGASUS_ENABLE_USERGROUP_AUTHORIZATION
//
// Get a config manager instance
//
ConfigManager* configManager = ConfigManager::getInstance();
//
// Do namespace authorization verification
//
if (String::equalNoCase(
configManager->getCurrentValue("enableNamespaceAuthorization"),
"true"))
{
//
// If the user is not privileged, perform the authorization check.
//
#if !defined(PEGASUS_PLATFORM_OS400_ISERIES_IBM)
if ( ! System::isPrivilegedUser(userName) )
#else
// On OS/400, always check authorization if remote user.
// Always allow local privileged users through.
// Check authorization for local non-privileged users.
// (User authorization to providers are checked downstream from here).
if ( ! String::equalNoCase(authType,"Local") ||
! System::isPrivilegedUser(userName) )
#endif
{
UserManager* userManager = UserManager::getInstance();
if ( !userManager || !userManager->verifyAuthorization(
userName, nameSpace, cimMethodName) )
{
// l10n
// String description = "Not authorized to run ";
// description.append(cimMethodName);
// description.append(" in the namespace ");
// description.append(nameSpace.getString());
if (cimMethodName == "InvokeMethod")
{
// l10n
sendMethodError(
queueId,
req->getHttpMethod(),
req->messageId,
((CIMInvokeMethodRequestMessage*)req.get())->methodName,
PEGASUS_CIM_EXCEPTION_L(CIM_ERR_ACCESS_DENIED,
MessageLoaderParms(
"Server.CIMOperationRequestAuthorizer.NOT_AUTHORIZED",
"Not authorized to run $0 in the namespace $1",
cimMethodName, nameSpace.getString())));
}
else
{
// l10n
sendIMethodError(
queueId,
req->getHttpMethod(),
req->messageId,
cimMethodName,
PEGASUS_CIM_EXCEPTION_L(CIM_ERR_ACCESS_DENIED,
MessageLoaderParms(
"Server.CIMOperationRequestAuthorizer.NOT_AUTHORIZED",
"Not authorized to run $0 in the namespace $1",
cimMethodName, nameSpace.getString())));
}
PEG_METHOD_EXIT();
return;
}
}
}
//
// If the user is privileged, and remote privileged user access is not
// enabled and the auth type is not Local then reject access.
//
if ( System::isPrivilegedUser(userName) &&
!String::equalNoCase(authType, "Local") &&
!String::equalNoCase(
configManager->getCurrentValue("enableRemotePrivilegedUserAccess"),
"true") )
{
if (cimMethodName == "InvokeMethod")
{
// l10n
sendMethodError(
queueId,
req->getHttpMethod(),
req->messageId,
((CIMInvokeMethodRequestMessage*)req.get())->methodName,
PEGASUS_CIM_EXCEPTION_L(CIM_ERR_ACCESS_DENIED, MessageLoaderParms(
"Server.CIMOperationRequestAuthorizer.REMOTE_NOT_ENABLED",
"Remote privileged user access is not enabled.")));
}
else
{
// l10n
sendIMethodError(
queueId,
req->getHttpMethod(),
req->messageId,
cimMethodName,
PEGASUS_CIM_EXCEPTION_L(CIM_ERR_ACCESS_DENIED, MessageLoaderParms(
"Server.CIMOperationRequestAuthorizer.REMOTE_NOT_ENABLED",
"Remote privileged user access is not enabled.")));
}
PEG_METHOD_EXIT();
return;
}
//
// Enqueue the request
//
_outputQueue->enqueue(req.release());
PEG_METHOD_EXIT();
}