* [Cluster-devel] conga/ricci/ricci Auth.cpp Auth.h ClientInstan ...
@ 2007-08-30 17:07 rmccabe
0 siblings, 0 replies; only message in thread
From: rmccabe @ 2007-08-30 17:07 UTC (permalink / raw)
To: cluster-devel.redhat.com
CVSROOT: /cvs/cluster
Module name: conga
Changes by: rmccabe at sourceware.org 2007-08-30 17:07:16
Modified files:
ricci/ricci : Auth.cpp Auth.h ClientInstance.cpp
ClientInstance.h DBusController.cpp
DBusController.h Makefile QueueLocker.cpp
QueueLocker.h RebootModule.cpp RebootModule.h
Ricci.cpp Ricci.h RicciWorker.cpp RicciWorker.h
SSLInstance.cpp SSLInstance.h Server.cpp
Server.h dbus_test.cpp main.cpp ricci_defines.h
Log message:
- cleanup for readability and maintainability
- fix a handful of minor problems
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/ricci/ricci/Auth.cpp.diff?cvsroot=cluster&r1=1.5&r2=1.6
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/ricci/ricci/Auth.h.diff?cvsroot=cluster&r1=1.3&r2=1.4
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/ricci/ricci/ClientInstance.cpp.diff?cvsroot=cluster&r1=1.7&r2=1.8
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/ricci/ricci/ClientInstance.h.diff?cvsroot=cluster&r1=1.2&r2=1.3
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/ricci/ricci/DBusController.cpp.diff?cvsroot=cluster&r1=1.15&r2=1.16
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/ricci/ricci/DBusController.h.diff?cvsroot=cluster&r1=1.6&r2=1.7
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/ricci/ricci/Makefile.diff?cvsroot=cluster&r1=1.19&r2=1.20
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/ricci/ricci/QueueLocker.cpp.diff?cvsroot=cluster&r1=1.3&r2=1.4
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/ricci/ricci/QueueLocker.h.diff?cvsroot=cluster&r1=1.1&r2=1.2
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/ricci/ricci/RebootModule.cpp.diff?cvsroot=cluster&r1=1.1&r2=1.2
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/ricci/ricci/RebootModule.h.diff?cvsroot=cluster&r1=1.1&r2=1.2
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/ricci/ricci/Ricci.cpp.diff?cvsroot=cluster&r1=1.25&r2=1.26
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/ricci/ricci/Ricci.h.diff?cvsroot=cluster&r1=1.8&r2=1.9
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/ricci/ricci/RicciWorker.cpp.diff?cvsroot=cluster&r1=1.11&r2=1.12
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/ricci/ricci/RicciWorker.h.diff?cvsroot=cluster&r1=1.6&r2=1.7
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/ricci/ricci/SSLInstance.cpp.diff?cvsroot=cluster&r1=1.8&r2=1.9
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/ricci/ricci/SSLInstance.h.diff?cvsroot=cluster&r1=1.5&r2=1.6
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/ricci/ricci/Server.cpp.diff?cvsroot=cluster&r1=1.6&r2=1.7
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/ricci/ricci/Server.h.diff?cvsroot=cluster&r1=1.2&r2=1.3
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/ricci/ricci/dbus_test.cpp.diff?cvsroot=cluster&r1=1.4&r2=1.5
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/ricci/ricci/main.cpp.diff?cvsroot=cluster&r1=1.4&r2=1.5
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/ricci/ricci/ricci_defines.h.diff?cvsroot=cluster&r1=1.8&r2=1.9
--- conga/ricci/ricci/Auth.cpp 2006/10/24 21:54:29 1.5
+++ conga/ricci/ricci/Auth.cpp 2007/08/30 17:07:14 1.6
@@ -1,5 +1,5 @@
/*
- Copyright Red Hat, Inc. 2005
+ Copyright Red Hat, Inc. 2005-2007
This program is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the
@@ -13,7 +13,7 @@
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
- Free Software Foundation, Inc., 675 Mass Ave, Cambridge,
+ Free Software Foundation, Inc., 675 Mass Ave, Cambridge,
MA 02139, USA.
*/
/*
@@ -25,121 +25,115 @@
#include "Mutex.h"
#include <sasl/sasl.h>
+static int
+sasl_getopts_callback( void* context,
+ const char *plugin_name,
+ const char *option,
+ const char **result,
+ unsigned int *len);
+static Mutex mutex; // global sasl_lib protection mutex
+static bool inited = false; // sasl_lib initialized?
-static int
-sasl_getopts_callback(void* context,
- const char* plugin_name,
- const char* option,
- const char** result,
- unsigned int* len);
-
-
-static Mutex mutex; // global sasl_lib protection mutex
-static bool inited = false; // sasl_lib initialized?
-const static
+const static
sasl_callback_t callbacks[] = {
- {SASL_CB_GETOPT, (int (*)()) sasl_getopts_callback, NULL},
- {SASL_CB_LIST_END, NULL, NULL},
+ { SASL_CB_GETOPT, (int (*)()) sasl_getopts_callback, NULL },
+ { SASL_CB_LIST_END, NULL, NULL },
};
-
-
Auth::Auth()
{
- if (!initialize_auth_system())
- throw String("Failed to initialize authentication engine");
+ if (!initialize_auth_system())
+ throw String("Failed to initialize authentication engine");
}
Auth::~Auth()
{}
-bool
+bool
Auth::authenticate(const String& passwd) const
{
- MutexLocker l(mutex);
-
- sasl_conn_t *conn = 0;
- try {
- bool success = false;
-
- int ret = sasl_server_new("ricci", // servicename
- NULL, // hostname
- NULL, // realm
- NULL, // local ip:port
- NULL, // remote ip:port
- callbacks,
- 0, // connection flags
- &conn);
- if (ret != SASL_OK)
- throw String("authentication engine error");
-
- ret = sasl_checkpass(conn,
- "root", 4,
- passwd.c_str(), passwd.size());
- if (ret == SASL_OK)
- success = true;
- else
- if (ret != SASL_BADAUTH)
- throw String("authentication engine error");
-
- sasl_dispose(&conn); conn = 0;
- return success;
- } catch ( ... ) {
- if (conn) {
- sasl_dispose(&conn);
- conn = 0;
- }
- throw;
- }
-}
-
+ MutexLocker l(mutex);
+ sasl_conn_t *conn = NULL;
+ try {
+ bool success = false;
+ int ret = sasl_server_new("ricci", // servicename
+ NULL, // hostname
+ NULL, // realm
+ NULL, // local ip:port
+ NULL, // remote ip:port
+ callbacks,
+ 0, // connection flags
+ &conn);
+
+ if (ret != SASL_OK)
+ throw String("authentication engine error");
+
+ ret = sasl_checkpass(conn, "root", 4, passwd.c_str(), passwd.size());
+ if (ret == SASL_OK)
+ success = true;
+ else {
+ if (ret != SASL_BADAUTH)
+ throw String("authentication engine error");
+ }
+
+ sasl_dispose(&conn);
+ conn = NULL;
+ return success;
+ } catch ( ... ) {
+ if (conn) {
+ sasl_dispose(&conn);
+ conn = NULL;
+ }
+ throw;
+ }
+}
bool
Auth::initialize_auth_system()
{
- MutexLocker l(mutex);
-
- if (!inited) {
- int ret = sasl_server_init(callbacks, "ricci");
- inited = (ret == SASL_OK);
- }
- return inited;
+ MutexLocker l(mutex);
+
+ if (!inited) {
+ int ret = sasl_server_init(callbacks, "ricci");
+ inited = (ret == SASL_OK);
+ }
+ return inited;
}
-int
-sasl_getopts_callback(void* context,
- const char* plugin_name,
- const char* option,
- const char** result,
- unsigned * len)
+int
+sasl_getopts_callback( void *context,
+ const char *plugin_name,
+ const char *option,
+ const char **result,
+ unsigned *len)
{
- try {
- static const char authd_option[] = "pwcheck_method";
- static const char authd_result[] = "saslauthd";
-
- static const char authd_version_option[] = "saslauthd_version";
- static const char authd_version_result[] = "2";
-
-
- if (result) {
- *result = 0;
- if (strcmp(option, authd_option) == 0)
- *result = authd_result;
- else if (strcmp(option, authd_version_option) == 0)
- *result = authd_version_result;
- else {
- // modify more options we'd like to use
- }
- }
- if (len)
- *len = 0;
-
- return SASL_OK;
- } catch ( ... ) {
- return SASL_FAIL;
- }
+
+ try {
+ static const char authd_option[] = "pwcheck_method";
+ static const char authd_result[] = "saslauthd";
+ static const char authd_version_option[] = "saslauthd_version";
+ static const char authd_version_result[] = "2";
+
+ if (result) {
+ *result = 0;
+ if (!strcmp(option, authd_option))
+ *result = authd_result;
+ else if (!strcmp(option, authd_version_option))
+ *result = authd_version_result;
+ else {
+ // modify more options we'd like to use
+ }
+ }
+
+ if (len)
+ *len = 0;
+
+ return SASL_OK;
+ } catch ( ... ) {
+ return SASL_FAIL;
+ }
}
--- conga/ricci/ricci/Auth.h 2006/10/24 21:54:29 1.3
+++ conga/ricci/ricci/Auth.h 2007/08/30 17:07:14 1.4
@@ -1,5 +1,5 @@
/*
- Copyright Red Hat, Inc. 2005
+ Copyright Red Hat, Inc. 2005-2007
This program is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the
@@ -13,7 +13,7 @@
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
- Free Software Foundation, Inc., 675 Mass Ave, Cambridge,
+ Free Software Foundation, Inc., 675 Mass Ave, Cambridge,
MA 02139, USA.
*/
/*
@@ -29,20 +29,15 @@
// thread safe
-
class Auth
{
- public:
- Auth();
- virtual ~Auth();
-
- bool authenticate(const String& passwd) const;
-
-
- static bool initialize_auth_system(); // to be called at start-up (not required)
-
-
-};
+ public:
+ Auth();
+ virtual ~Auth();
+ bool authenticate(const String& passwd) const;
+ // to be called at start-up (not required)
+ static bool initialize_auth_system();
+};
-#endif // Auth_h
+#endif // Auth_h
--- conga/ricci/ricci/ClientInstance.cpp 2006/08/10 22:53:09 1.7
+++ conga/ricci/ricci/ClientInstance.cpp 2007/08/30 17:07:14 1.8
@@ -1,5 +1,5 @@
/*
- Copyright Red Hat, Inc. 2005
+ Copyright Red Hat, Inc. 2005-2007
This program is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the
@@ -13,7 +13,7 @@
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
- Free Software Foundation, Inc., 675 Mass Ave, Cambridge,
+ Free Software Foundation, Inc., 675 Mass Ave, Cambridge,
MA 02139, USA.
*/
/*
@@ -33,194 +33,202 @@
using namespace std;
-
-
-#define ACCEPT_TIMEOUT 30 // seconds
-#define SEND_TIMEOUT 120 // seconds
-#define RECEIVE_TIMEOUT 120 // seconds
-
-
-
-#define MAXIMUM_CLIENTS 10
-static int counter = 0;
-static Mutex counter_mutex;
-
-
-
-ClientInstance::ClientInstance(ClientSocket sock,
- DBusController& dbus_controller) :
- _ssl(sock),
- _dbus_controller(dbus_controller),
- _done(false)
-{
- bool max_reached = false;
- if (true) {
- MutexLocker l(counter_mutex);
- if (counter > MAXIMUM_CLIENTS)
- max_reached = true;
- else {
- max_reached = false;
- counter++;
- }
- }
- if (max_reached) {
- // socket is non-blocking, couple bytes should be able to go out, if not, who cares
- sock.send("overload - come back later");
- throw String("maximum number of clients reached");
- }
+#define ACCEPT_TIMEOUT 30 // seconds
+#define SEND_TIMEOUT 120 // seconds
+#define RECEIVE_TIMEOUT 120 // seconds
+
+#define MAXIMUM_CLIENTS 10
+
+static int counter = 0;
+static Mutex counter_mutex;
+
+
+ClientInstance::ClientInstance( ClientSocket sock,
+ DBusController& dbus_controller) :
+ _ssl(sock),
+ _dbus_controller(dbus_controller),
+ _done(false)
+{
+ bool max_reached = false;
+
+ if (true) {
+ MutexLocker l(counter_mutex);
+ if (counter > MAXIMUM_CLIENTS)
+ max_reached = true;
+ else {
+ max_reached = false;
+ counter++;
+ }
+ }
+
+ if (max_reached) {
+ // socket is non-blocking, couple bytes should be able
+ // to go out, if not, who cares
+ sock.send("overload - come back later");
+ throw String("maximum number of clients reached");
+ }
}
ClientInstance::~ClientInstance()
{
- if (true) {
- MutexLocker l(counter_mutex);
- counter--;
- }
-
- stop(); // stop the thread, if running
+ if (true) {
+ MutexLocker l(counter_mutex);
+ counter--;
+ }
+
+ stop(); // stop the thread, if running
}
-bool
+bool
ClientInstance::done()
{
- MutexLocker l(_mutex);
- return _done;
+ MutexLocker l(_mutex);
+ return _done;
}
-void
+void
ClientInstance::run()
{
- int beg_mil = int(time_mil());
- try {
- // get dispatcher
- Ricci ricci(_dbus_controller);
-
- // begin encryption
- encrypt_begin();
-
- // client needs to present certificate
- if (!_ssl.client_has_cert()) {
- try {
- send(XMLObject("Clients_SSL_certificate_required"));
- } catch ( ... ) {}
- throw String("client hasn't presented certificate");
- }
-
- bool authed = _ssl.client_cert_authed();
-
- // send hello
- send(ricci.hello(authed));
-
- // process requests
- bool done = false;
- while (!done && !shouldStop()) {
- bool save_cert = false;
- bool remove_cert = false;
- XMLObject request;
- try {
- request = receive();
- } catch ( ... ) {
+ int beg_mil = int(time_mil());
try {
- String out = "Timeout_reached_without_valid_XML_request";
- send(XMLObject(out));
- } catch ( ... ) {}
- throw;
- }
- XMLObject response = ricci.request(request,
- authed,
- save_cert,
- remove_cert,
- done);
- if (!authed && save_cert) {
- _ssl.save_client_cert();
- authed = true;
- }
- if (authed && remove_cert) {
- _ssl.remove_client_cert();
- authed = false;
- }
- send(response);
- }
- send(XMLObject("bye"));
- } catch ( String e ) {
- cout << "exception: " << e << endl;
- } catch ( ... ) {
- cout << "unknown exception" << endl;
- }
-
- cout << "request completed in " << time_mil() - beg_mil << " milliseconds" << endl;
-
- {
- MutexLocker l(_mutex);
- _done = true;
- }
+ // get dispatcher
+ Ricci ricci(_dbus_controller);
+
+ // begin encryption
+ encrypt_begin();
+
+ // client needs to present certificate
+ if (!_ssl.client_has_cert()) {
+ try {
+ send(XMLObject("Clients_SSL_certificate_required"));
+ } catch ( ... ) {}
+ throw String("client hasn't presented certificate");
+ }
+
+ bool authed = _ssl.client_cert_authed();
+
+ // send hello
+ send(ricci.hello(authed));
+
+ // process requests
+ bool done = false;
+ while (!done && !shouldStop()) {
+ bool save_cert = false;
+ bool remove_cert = false;
+ XMLObject request;
+
+ try {
+ request = receive();
+ } catch ( ... ) {
+ try {
+ String out = "Timeout_reached_without_valid_XML_request";
+ send(XMLObject(out));
+ } catch ( ... ) {}
+ throw;
+ }
+
+ XMLObject response = ricci.request(request, authed,
+ save_cert, remove_cert, done);
+
+ if (!authed && save_cert) {
+ _ssl.save_client_cert();
+ authed = true;
+ }
+
+ if (authed && remove_cert) {
+ _ssl.remove_client_cert();
+ authed = false;
+ }
+ send(response);
+ }
+ send(XMLObject("bye"));
+ } catch ( String e ) {
+ cout << "exception: " << e << endl;
+ } catch ( ... ) {
+ cout << "unknown exception" << endl;
+ }
+
+ cout << "request completed in " << time_mil() - beg_mil
+ << " milliseconds" << endl;
+
+ {
+ MutexLocker l(_mutex);
+ _done = true;
+ }
}
-XMLObject
+XMLObject
ClientInstance::receive()
{
- int beg = int(time_sec());
- String xml_in;
- while (true) {
- if (shouldStop())
- throw String("thread exiting");
- else if (int(time_sec()) > beg + RECEIVE_TIMEOUT)
- throw String("Receive timeout");
- else
- xml_in += _ssl.recv(500);
- try {
- return parseXML(xml_in);
- } catch ( ... ) {}
- }
+ int beg = int(time_sec());
+ String xml_in;
+
+ while (true) {
+ if (shouldStop())
+ throw String("thread exiting");
+ else if (int(time_sec()) > beg + RECEIVE_TIMEOUT)
+ throw String("Receive timeout");
+ else
+ xml_in += _ssl.recv(500);
+
+ try {
+ return parseXML(xml_in);
+ } catch ( ... ) {}
+ }
}
-void
+void
ClientInstance::send(const XMLObject& msg)
{
- int beg = int(time_sec());
- String out(generateXML(msg));
- while (true) {
- if (shouldStop())
- throw String("thread exiting");
- else if (int(time_sec()) > beg + SEND_TIMEOUT)
- throw String("Send timeout");
- else
- if ((out = _ssl.send(out, 500)).empty())
- break;
- }
+ int beg = int(time_sec());
+ String out(generateXML(msg));
+
+ while (true) {
+ if (shouldStop())
+ throw String("thread exiting");
+ else if (int(time_sec()) > beg + SEND_TIMEOUT)
+ throw String("Send timeout");
+ else
+ if ((out = _ssl.send(out, 500)).empty())
+ break;
+ }
}
void
ClientInstance::encrypt_begin()
{
- try {
- int beg = int(time_sec());
- while (true) {
- if (shouldStop())
- throw String("thread exiting");
- else if (int(time_sec()) > beg + ACCEPT_TIMEOUT)
- throw String("Accept timeout");
- else
- if (_ssl.accept(500))
- break;
- }
- } catch ( ... ) {
- int beg = int(time_sec());
- String out(generateXML(XMLObject("SSL_required")));
- while (true) {
- if (shouldStop())
- throw String("thread exiting");
- else if (int(time_sec()) > beg + SEND_TIMEOUT)
- throw String("Send timeout");
- else {
- bool read = false, write = true;
- _ssl.socket().ready(read, write, 500);
- if (write)
- if ((out = _ssl.socket().send(out)).empty())
- break;
- }
- }
- throw;
- }
+ try {
+ int beg = int(time_sec());
+ while (true) {
+ if (shouldStop())
+ throw String("thread exiting");
+ else if (int(time_sec()) > beg + ACCEPT_TIMEOUT)
+ throw String("Accept timeout");
+ else {
+ if (_ssl.accept(500))
+ break;
+ }
+ }
+ } catch ( ... ) {
+ int beg = int(time_sec());
+ String out(generateXML(XMLObject("SSL_required")));
+
+ while (true) {
+ if (shouldStop())
+ throw String("thread exiting");
+ else if (int(time_sec()) > beg + SEND_TIMEOUT)
+ throw String("Send timeout");
+ else {
+ bool read = false, write = true;
+
+ _ssl.socket().ready(read, write, 500);
+ if (write) {
+ if ((out = _ssl.socket().send(out)).empty())
+ break;
+ }
+ }
+ }
+ throw;
+ }
}
--- conga/ricci/ricci/ClientInstance.h 2006/04/03 14:50:57 1.2
+++ conga/ricci/ricci/ClientInstance.h 2007/08/30 17:07:14 1.3
@@ -1,5 +1,5 @@
/*
- Copyright Red Hat, Inc. 2005
+ Copyright Red Hat, Inc. 2005-2007
This program is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the
@@ -13,7 +13,7 @@
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
- Free Software Foundation, Inc., 675 Mass Ave, Cambridge,
+ Free Software Foundation, Inc., 675 Mass Ave, Cambridge,
MA 02139, USA.
*/
/*
@@ -31,36 +31,25 @@
#include "SSLInstance.h"
#include "XML.h"
-
class ClientInstance : public Thread
{
- public:
- ClientInstance(ClientSocket sock,
- DBusController& dbus_controller);
- virtual ~ClientInstance();
-
- virtual bool done();
-
-
- protected:
- virtual void run();
-
- private:
-
- SSLInstance _ssl;
-
- DBusController& _dbus_controller;
-
- Mutex _mutex;
- bool _done;
-
-
- XMLObject receive();
- void send(const XMLObject& msg);
-
- void encrypt_begin();
-
+ public:
+ ClientInstance(ClientSocket sock, DBusController& dbus_controller);
+ virtual ~ClientInstance();
+ virtual bool done();
+
+ protected:
+ virtual void run();
+
+ private:
+ SSLInstance _ssl;
+ DBusController& _dbus_controller;
+ Mutex _mutex;
+ bool _done;
+
+ XMLObject receive();
+ void send(const XMLObject& msg);
+ void encrypt_begin();
};
-
-#endif // ClientInstance_h
+#endif // ClientInstance_h
--- conga/ricci/ricci/DBusController.cpp 2006/08/10 22:53:09 1.15
+++ conga/ricci/ricci/DBusController.cpp 2007/08/30 17:07:14 1.16
@@ -1,5 +1,5 @@
/*
- Copyright Red Hat, Inc. 2005
+ Copyright Red Hat, Inc. 2005-2007
This program is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the
@@ -13,7 +13,7 @@
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
- Free Software Foundation, Inc., 675 Mass Ave, Cambridge,
+ Free Software Foundation, Inc., 675 Mass Ave, Cambridge,
MA 02139, USA.
*/
/*
@@ -28,7 +28,6 @@
#include "String.h"
#include <fstream>
-
#define DBUS_API_SUBJECT_TO_CHANGE
#include <dbus/dbus.h>
@@ -36,160 +35,156 @@
using namespace std;
-#define DBUS_TIMEOUT 2147483647 // milliseconds
-
-
-
-static DBusConnection* _dbus_conn = 0;
-static Mutex _dbus_mutex;
-static int _object_counter = 0;
-
+#define DBUS_TIMEOUT 2147483647 // milliseconds
+static DBusConnection *_dbus_conn = NULL;
+static Mutex _dbus_mutex;
+static int _object_counter = 0;
DBusController::DBusController()
{
- // TODO: dynamically determine,
- // currently, rpm requires storage and cluster modules
- _mod_map["storage"] = "modstorage_rw";
- _mod_map["cluster"] = "modcluster_rw";
- _mod_map["rpm"] = "modrpm_rw";
- _mod_map["log"] = "modlog_rw";
- _mod_map["service"] = "modservice_rw";
- _mod_map["reboot"] = "reboot";
-
-
- MutexLocker lock(_dbus_mutex);
- if (_dbus_conn == 0) {
- DBusError error;
- dbus_error_init (&error);
- _dbus_conn = dbus_bus_get(DBUS_BUS_SYSTEM,
- &error);
- if (dbus_error_is_set(&error) || !_dbus_conn) {
- dbus_error_free(&error);
- _dbus_conn = 0;
- throw String("failed to get system bus connection");
- } else
- dbus_error_free(&error);
- }
-
- _object_counter++;
-
+ // TODO: dynamically determine,
+ // currently, rpm requires storage and cluster modules
+ _mod_map["storage"] = "modstorage_rw";
+ _mod_map["cluster"] = "modcluster_rw";
+ _mod_map["rpm"] = "modrpm_rw";
+ _mod_map["log"] = "modlog_rw";
+ _mod_map["service"] = "modservice_rw";
+ _mod_map["reboot"] = "reboot";
+
+ MutexLocker lock(_dbus_mutex);
+ if (_dbus_conn == NULL) {
+ DBusError error;
+ dbus_error_init(&error);
+ _dbus_conn = dbus_bus_get(DBUS_BUS_SYSTEM, &error);
+ if (dbus_error_is_set(&error) || !_dbus_conn) {
+ dbus_error_free(&error);
+ _dbus_conn = NULL;
+ throw String("failed to get system bus connection");
+ } else
+ dbus_error_free(&error);
+ }
+ _object_counter++;
}
DBusController::~DBusController()
{
- MutexLocker lock(_dbus_mutex);
-
- if (--_object_counter == 0) {
+ MutexLocker lock(_dbus_mutex);
+
+ if (--_object_counter == 0) {
#if (DBUS_MAJOR_VERSION == 1) || (DBUS_MAJOR_VERSION == 0 && DBUS_MINOR_VERSION >= 90)
- dbus_connection_close(_dbus_conn);
+ dbus_connection_close(_dbus_conn);
#elif DBUS_MAJOR_VERSION == 0 && DBUS_MINOR_VERSION < 90
- dbus_connection_disconnect(_dbus_conn);
+ dbus_connection_disconnect(_dbus_conn);
#else
-#error "unrecognized major DBUS number"
+# error "unrecognized major DBUS number"
#endif
- dbus_connection_unref(_dbus_conn);
- _dbus_conn = 0;
- }
+ dbus_connection_unref(_dbus_conn);
+ _dbus_conn = NULL;
+ }
}
-
static String
remove_chars(const String& str, char c)
{
- String s(str);
- String::size_type pos;
- while ((pos = s.find(c)) != s.npos)
- s.erase(pos, 1);
- return s;
+ String s(str);
+
+ String::size_type pos;
+ while ((pos = s.find(c)) != s.npos)
+ s.erase(pos, 1);
+ return s;
}
String
-DBusController::process(const String& message,
- const String& module_name)
+DBusController::process(const String& message, const String& module_name)
{
- MutexLocker l(_dbus_mutex);
-
- if (_mod_map.find(module_name) == _mod_map.end())
- throw String("module not supported");
-
- // prepare msg
- DBusMessage* msg = dbus_message_new_method_call("com.redhat.ricci",
- "/com/redhat/ricci",
- "com.redhat.ricci",
- _mod_map[module_name].c_str());
- if (!msg)
- throw String("not enough memory to create message");
- if (message.size()) {
- String msg_clean(remove_chars(message, '\n'));
- const char* msg_clean_c_str = msg_clean.c_str();
-
- const void* message_dbus_ready = 0;
+ MutexLocker l(_dbus_mutex);
+
+ if (_mod_map.find(module_name) == _mod_map.end())
+ throw String("module not supported");
+
+ // prepare msg
+ DBusMessage *msg = dbus_message_new_method_call("com.redhat.ricci",
+ "/com/redhat/ricci",
+ "com.redhat.ricci",
+ _mod_map[module_name].c_str());
+
+ if (!msg)
+ throw String("not enough memory to create message");
+
+ if (message.size()) {
+ String msg_clean(remove_chars(message, '\n'));
+ const char *msg_clean_c_str = msg_clean.c_str();
+ const void *message_dbus_ready = NULL;
#if (DBUS_MAJOR_VERSION == 1) || (DBUS_MAJOR_VERSION == 0 && DBUS_MINOR_VERSION >= 60)
- message_dbus_ready = &msg_clean_c_str;
+ message_dbus_ready = &msg_clean_c_str;
#elif DBUS_MAJOR_VERSION == 0 && DBUS_MINOR_VERSION < 60
- message_dbus_ready = msg_clean_c_str;
+ message_dbus_ready = msg_clean_c_str;
#else
-#error "unrecognized major DBUS number"
+# error "unrecognized major DBUS number"
#endif
-
- if (!dbus_message_append_args(msg,
- DBUS_TYPE_STRING, message_dbus_ready,
- DBUS_TYPE_INVALID))
- throw String("error appending argument to message");
- }
-
-
- DBusError error;
- dbus_error_init (&error);
- DBusMessage *resp = dbus_connection_send_with_reply_and_block(_dbus_conn,
- msg,
- DBUS_TIMEOUT,
- &error);
- dbus_message_unref(msg);
-
- // process response
- if (resp) {
- try {
- dbus_error_free(&error);
-
- int status;
- char* out;
- char* err;
- dbus_message_get_args(resp,
- NULL,
- DBUS_TYPE_INT32, &status,
- DBUS_TYPE_STRING, &out,
- DBUS_TYPE_STRING, &err,
- DBUS_TYPE_INVALID);
-
- if (status) {
- String e("module returned error code: ");
- e += err;
- throw e;
- }
- String ret(out);
- dbus_message_unref(resp);
- return ret;
- } catch ( ... ) {
- dbus_message_unref(resp);
- throw;
- }
- } else {
- String error_msg(error.message);
- dbus_error_free(&error);
- throw String("response msg error: ") + error_msg;
- }
+
+ if (!dbus_message_append_args(msg,
+ DBUS_TYPE_STRING,
+ message_dbus_ready,
+ DBUS_TYPE_INVALID))
+ {
+ throw String("error appending argument to message");
+ }
+ }
+
+ DBusError error;
+ dbus_error_init(&error);
+
+ DBusMessage *resp = dbus_connection_send_with_reply_and_block(_dbus_conn,
+ msg,
+ DBUS_TIMEOUT,
+ &error);
+ dbus_message_unref(msg);
+
+ // process response
+ if (resp) {
+ try {
+ dbus_error_free(&error);
+
+ int status;
+ char *out;
+ char *err;
+
+ dbus_message_get_args(resp, NULL,
+ DBUS_TYPE_INT32, &status,
+ DBUS_TYPE_STRING, &out,
+ DBUS_TYPE_STRING, &err,
+ DBUS_TYPE_INVALID);
+
+ if (status)
+ throw String("module returned error code: ") + String(err);
+ String ret(out);
+ dbus_message_unref(resp);
+ return ret;
+ } catch ( ... ) {
+ dbus_message_unref(resp);
+ throw;
+ }
+ } else {
+ String error_msg(error.message);
+ dbus_error_free(&error);
+ throw String("system bus response msg error: ") + error_msg;
+ }
}
-list<String>
+list<String>
DBusController::modules()
{
- list<String> mods;
- for (map<String, String>::const_iterator iter = _mod_map.begin();
- iter != _mod_map.end();
- iter++)
- mods.push_back(iter->first);
- return mods;
+ list<String> mods;
+
+ for (map<String, String>::const_iterator
+ iter = _mod_map.begin() ;
+ iter != _mod_map.end() ;
+ iter++)
+ {
+ mods.push_back(iter->first);
+ }
+ return mods;
}
--- conga/ricci/ricci/DBusController.h 2006/08/10 22:53:09 1.6
+++ conga/ricci/ricci/DBusController.h 2007/08/30 17:07:14 1.7
@@ -1,5 +1,5 @@
/*
- Copyright Red Hat, Inc. 2005
+ Copyright Red Hat, Inc. 2005-2007
This program is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the
@@ -13,7 +13,7 @@
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
- Free Software Foundation, Inc., 675 Mass Ave, Cambridge,
+ Free Software Foundation, Inc., 675 Mass Ave, Cambridge,
MA 02139, USA.
*/
/*
@@ -27,28 +27,21 @@
#include "XML.h"
#include "String.h"
-
// thread safe
// currently: requests, waiting for response, are serialized per PROCESS
// FIXME: d-bus supports processing of multiple messages at the same time
-
class DBusController
{
- public:
- DBusController();
- virtual ~DBusController();
-
- String process(const String& message,
- const String& module_name);
-
- std::list<String> modules(); // available modules
-
- private:
- std::map<String, String> _mod_map;
-
-};
+ public:
+ DBusController();
+ virtual ~DBusController();
+ String process(const String& message, const String& module_name);
+ std::list<String> modules(); // available modules
+ private:
+ std::map<String, String> _mod_map;
+};
-#endif // DBusController_h
+#endif // DBusController_h
--- conga/ricci/ricci/Makefile 2007/01/04 00:20:42 1.19
+++ conga/ricci/ricci/Makefile 2007/08/30 17:07:14 1.20
@@ -1,6 +1,6 @@
################################################################################################################################################################
##
-## Copyright (C) 2005 Red Hat, Inc. All rights reserved.
+## Copyright (C) 2005-2007 Red Hat, Inc. All rights reserved.
##
## This copyrighted material is made available to anyone wishing to use,
## modify, copy, or redistribute it subject to the terms and conditions
@@ -14,7 +14,6 @@
include ${top_srcdir}/make/defines.mk
TARGET = ricci
-TARGET_AUTH = ricci-auth
TARGET_WORKER = ricci-worker
OBJECTS = main.o \
@@ -26,8 +25,6 @@
Auth.o \
QueueLocker.o
-TARGET_AUTH_OBJECTS = auth_helper.o
-
TARGET_WORKER_OBJECTS = RicciWorker.o \
DBusController.o \
QueueLocker.o \
@@ -38,30 +35,28 @@
#OBJECTS = ssl_test.o
-INCLUDE += `pkg-config --cflags dbus-1`
-CFLAGS +=
-CXXFLAGS += -DDBUS_MAJOR_VERSION="${dbus_major_version}" -DDBUS_MINOR_VERSION="${dbus_minor_version}"
-LDFLAGS += `pkg-config --libs dbus-1`
+INCLUDE += `pkg-config --cflags dbus-1`
+CFLAGS += -O2 -Wall -Wextra
+CXXFLAGS += -DDBUS_MAJOR_VERSION="${dbus_major_version}" -DDBUS_MINOR_VERSION="${dbus_minor_version}" -O2 -Wall -Wextra
+LDFLAGS += `pkg-config --libs dbus-1`
-#all: ${TARGET} ${TARGET_AUTH} ${TARGET_WORKER}
all: ${TARGET} ${TARGET_WORKER}
*.o: *.h ../include/*.h
install:
- $(INSTALL_DIR) ${sbindir}
- $(INSTALL_BIN) ${TARGET} ${sbindir}
- $(INSTALL_DIR) ${libexecdir}/ricci
- #install -m 4755 ${TARGET_AUTH} ${libexecdir}/ricci
- $(INSTALL_BIN) ${TARGET_WORKER} ${libexecdir}/ricci
- $(INSTALL_DIR) ${localstatedir}/lib/ricci/queue
- $(INSTALL_DIR) ${localstatedir}/lib/ricci/certs
+ $(INSTALL_DIR) ${sbindir}
+ $(INSTALL_BIN) ${TARGET} ${sbindir}
+ $(INSTALL_DIR) ${libexecdir}/ricci
+ $(INSTALL_BIN) ${TARGET_WORKER} ${libexecdir}/ricci
+ $(INSTALL_DIR) ${localstatedir}/lib/ricci/queue
+ $(INSTALL_DIR) ${localstatedir}/lib/ricci/certs
$(INSTALL_FILE) cacert.config ${localstatedir}/lib/ricci/certs/
- $(INSTALL_DIR) ${localstatedir}/lib/ricci/certs/clients
- $(INSTALL_DIR) ${sysconfdir}/oddjobd.conf.d
+ $(INSTALL_DIR) ${localstatedir}/lib/ricci/certs/clients
+ $(INSTALL_DIR) ${sysconfdir}/oddjobd.conf.d
$(INSTALL_FILE) d-bus/ricci.oddjob.conf ${sysconfdir}/oddjobd.conf.d
- $(INSTALL_DIR) ${sysconfdir}/dbus-1/system.d
+ $(INSTALL_DIR) ${sysconfdir}/dbus-1/system.d
$(INSTALL_FILE) d-bus/ricci.systembus.conf ${sysconfdir}/dbus-1/system.d
@@ -69,23 +64,14 @@
clean:
rm -f $(TARGET) $(OBJECTS)
- rm -f $(TARGET_AUTH) $(TARGET_AUTH_OBJECTS)
rm -f $(TARGET_WORKER) $(TARGET_WORKER_OBJECTS)
check:
rebuild: clean all
-
$(TARGET): $(OBJECTS)
$(CXX) -o $(TARGET) $(OBJECTS) $(LDFLAGS) -lsasl2
-${TARGET_AUTH}: $(TARGET_AUTH_OBJECTS)
- $(CXX) -o ${TARGET_AUTH} $(TARGET_AUTH_OBJECTS) ${LDFLAGS} -lpam
-
${TARGET_WORKER}: ${TARGET_WORKER_OBJECTS}
$(CXX) -o ${TARGET_WORKER} ${TARGET_WORKER_OBJECTS} ${LDFLAGS}
-
-
-Auth_test: Auth_test.o Auth.o
- $(CXX) -o Auth_test Auth_test.o Auth.o ${LDFLAGS} -lsasl2
--- conga/ricci/ricci/QueueLocker.cpp 2006/08/10 22:53:09 1.3
+++ conga/ricci/ricci/QueueLocker.cpp 2007/08/30 17:07:14 1.4
@@ -1,5 +1,5 @@
/*
- Copyright Red Hat, Inc. 2005
+ Copyright Red Hat, Inc. 2005-2007
This program is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the
@@ -13,7 +13,7 @@
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
- Free Software Foundation, Inc., 675 Mass Ave, Cambridge,
+ Free Software Foundation, Inc., 675 Mass Ave, Cambridge,
MA 02139, USA.
*/
/*
@@ -37,47 +37,54 @@
static int q_counter = 0;
static int fd;
-
QueueLocker::QueueLocker() :
- MutexLocker(q_lock)
+ MutexLocker(q_lock)
{
- if (q_counter++)
- return;
-
- try {
- fd = open(QUEUE_LOCK_PATH,
- O_RDONLY|O_CREAT,
- S_IRUSR|S_IWUSR|S_IRGRP);
-
- if (fd == -1)
- throw String("unable to open queue lock file");
-
- // acquire flock
- int res;
- while ((res = flock(fd, LOCK_EX)))
- if (errno != EINTR) {
- while ((res = close(fd)))
- if (errno != EINTR)
- throw String("unable to close the queue lock file");
- throw String("unable to lock the queue");
- }
- } catch ( ... ) {
- q_counter--;
- throw;
- }
+ if (q_counter++)
+ return;
+
+ try {
+ fd = open(QUEUE_LOCK_PATH, O_RDONLY | O_CREAT, 0640);
+ if (fd == -1) {
+ throw String("unable to open queue lock file: ")
+ + String(strerror(errno));
+ }
+
+ // acquire flock
+ int res;
+ while ((res = flock(fd, LOCK_EX))) {
+ if (errno != EINTR) {
+ int err = errno;
+ while ((res = close(fd))) {
+ if (errno != EINTR) {
+ throw String("unable to close the queue lock file: ") +
+ String(strerror(errno));
+ }
+ }
+ throw String("unable to lock the queue: ") +
+ String(strerror(err));
+ }
+ }
+ } catch ( ... ) {
+ q_counter--;
+ throw;
+ }
}
QueueLocker::~QueueLocker()
{
- if (!--q_counter) {
- // release flock
- int res;
- while ((res = close(fd)))
- if (errno != EINTR) {
- while ((res = flock(fd, LOCK_UN)))
- if (errno != EINTR)
- break; // throw String("unable to unlock the queue");
- break; // throw String("unable to close the queue lock file");
- }
- }
+ if (!--q_counter) {
+ // release flock
+
+ int res;
+ while ((res = close(fd))) {
+ if (errno != EINTR) {
+ while ((res = flock(fd, LOCK_UN))) {
+ if (errno != EINTR)
+ break; // throw String("unable to unlock the queue");
+ break; // throw String("unable to close the queue lock file");
+ }
+ }
+ }
+ }
}
--- conga/ricci/ricci/QueueLocker.h 2006/03/23 16:29:37 1.1
+++ conga/ricci/ricci/QueueLocker.h 2007/08/30 17:07:14 1.2
@@ -1,5 +1,5 @@
/*
- Copyright Red Hat, Inc. 2005
+ Copyright Red Hat, Inc. 2005-2007
This program is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the
@@ -13,7 +13,7 @@
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
- Free Software Foundation, Inc., 675 Mass Ave, Cambridge,
+ Free Software Foundation, Inc., 675 Mass Ave, Cambridge,
MA 02139, USA.
*/
/*
@@ -29,10 +29,10 @@
class QueueLocker : public MutexLocker
{
-public:
- QueueLocker();
- virtual ~QueueLocker();
+ public:
+ QueueLocker();
+ virtual ~QueueLocker();
};
-#endif // QueueLocker_h
+#endif // QueueLocker_h
--- conga/ricci/ricci/RebootModule.cpp 2006/04/12 15:47:09 1.1
+++ conga/ricci/ricci/RebootModule.cpp 2007/08/30 17:07:14 1.2
@@ -1,5 +1,5 @@
/*
- Copyright Red Hat, Inc. 2006
+ Copyright Red Hat, Inc. 2006-2007
This program is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the
@@ -13,7 +13,7 @@
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
- Free Software Foundation, Inc., 675 Mass Ave, Cambridge,
+ Free Software Foundation, Inc., 675 Mass Ave, Cambridge,
MA 02139, USA.
*/
/*
@@ -26,9 +26,8 @@
using namespace std;
-
// potential bug, if there are two different dbuss in use
-static DBusController* dbus = 0;
+static DBusController* dbus = NULL;
static bool block = false;
@@ -38,48 +37,44 @@
RebootModule::RebootModule(DBusController& dbus) :
- Module(build_fcn_map()),
- _dbus(dbus)
+ Module(build_fcn_map()),
+ _dbus(dbus)
{
- ::dbus = &_dbus;
+ ::dbus = &_dbus;
}
RebootModule::~RebootModule()
{}
-
-XMLObject
+XMLObject
RebootModule::process(const XMLObject& request)
{
- return this->Module::process(request);
+ return this->Module::process(request);
}
bool
RebootModule::block()
{
- return ::block;
+ return ::block;
}
-
ApiFcnMap
build_fcn_map()
{
- FcnMap api_1_0;
- api_1_0["reboot_now"] = reboot;
-
- ApiFcnMap api_fcn_map;
- api_fcn_map["1.0"] = api_1_0;
-
- return api_fcn_map;
-}
+ FcnMap api_1_0;
+ api_1_0["reboot_now"] = reboot;
+ ApiFcnMap api_fcn_map;
+ api_fcn_map["1.0"] = api_1_0;
-VarMap
+ return api_fcn_map;
+}
+
+VarMap
reboot(const VarMap& args)
{
- dbus->process("", "reboot");
-
- block = true;
-
- return VarMap();
+ dbus->process("", "reboot");
+ block = true;
+
+ return VarMap();
}
--- conga/ricci/ricci/RebootModule.h 2006/04/12 15:47:09 1.1
+++ conga/ricci/ricci/RebootModule.h 2007/08/30 17:07:14 1.2
@@ -1,5 +1,5 @@
/*
- Copyright Red Hat, Inc. 2006
+ Copyright Red Hat, Inc. 2006-2007
This program is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the
@@ -13,7 +13,7 @@
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
- Free Software Foundation, Inc., 675 Mass Ave, Cambridge,
+ Free Software Foundation, Inc., 675 Mass Ave, Cambridge,
MA 02139, USA.
*/
/*
@@ -30,18 +30,15 @@
class RebootModule : public Module
{
- public:
- RebootModule(DBusController& dbus);
- virtual ~RebootModule();
-
- virtual XMLObject process(const XMLObject& request);
-
- bool block();
-
- private:
- DBusController& _dbus;
-
+ public:
+ RebootModule(DBusController& dbus);
+ virtual ~RebootModule();
+ virtual XMLObject process(const XMLObject& request);
+ bool block();
+
+ private:
+ DBusController& _dbus;
};
-#endif // RebootModule_h
+#endif // RebootModule_h
--- conga/ricci/ricci/Ricci.cpp 2007/03/23 17:25:13 1.25
+++ conga/ricci/ricci/Ricci.cpp 2007/08/30 17:07:14 1.26
@@ -1,5 +1,5 @@
/*
- Copyright Red Hat, Inc. 2005
+ Copyright Red Hat, Inc. 2005-2007
This program is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the
@@ -13,7 +13,7 @@
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
- Free Software Foundation, Inc., 675 Mass Ave, Cambridge,
+ Free Software Foundation, Inc., 675 Mass Ave, Cambridge,
MA 02139, USA.
*/
/*
@@ -43,464 +43,450 @@
#include <fstream>
using namespace std;
-
static bool dom0();
static pair<String, String> clusterinfo();
static String os_release();
-
+extern bool advertise_cluster;
Ricci::Ricci(DBusController& dbus) :
- _dbus(dbus),
- _fail_auth_attempt(0)
+ _dbus(dbus),
+ _fail_auth_attempt(0)
{}
Ricci::~Ricci()
{}
-
-XMLObject
+XMLObject
Ricci::ricci_header(bool authed, bool full) const
{
- XMLObject header("ricci");
- header.set_attr("version", "1.0");
- if (authed)
- header.set_attr("authenticated", "true");
- else
- header.set_attr("authenticated", "false");
-
- if (full) {
- String name = Network::localhost();
- if (name.size())
- header.set_attr("hostname", name);
-
- pair<String, String> c_info = clusterinfo();
- if (c_info.first.size())
- header.set_attr("clustername", c_info.first);
- if (c_info.second.size())
- header.set_attr("clusteralias", c_info.second);
-
- if (authed) {
- String os = os_release();
- if (os.size())
- header.set_attr("os", os);
-
- header.set_attr("xen_host",
- dom0() ? "true" : "false");
- }
- }
-
- return header;
+ XMLObject header("ricci");
+ header.set_attr("version", "1.0");
+
+ if (authed)
+ header.set_attr("authenticated", "true");
+ else
+ header.set_attr("authenticated", "false");
+
+ if (full || advertise_cluster) {
+ String name = Network::localhost();
+ if (name.size())
+ header.set_attr("hostname", name);
+
+ pair<String, String> c_info = clusterinfo();
+ if (c_info.first.size())
+ header.set_attr("clustername", c_info.first);
+ if (c_info.second.size())
+ header.set_attr("clusteralias", c_info.second);
+
+ if (authed) {
+ String os = os_release();
+ if (os.size())
+ header.set_attr("os", os);
+
+ header.set_attr("xen_host", dom0() ? "true" : "false");
+ }
+ }
+
+ return header;
}
-XMLObject
+XMLObject
Ricci::hello(bool authed) const
{
- return ricci_header(authed, true);
+ return ricci_header(authed, true);
}
-
XMLObject
-Ricci::request(const XMLObject& req,
- bool authenticated,
- bool& save_cert,
- bool& remove_cert,
- bool& done)
-{
- save_cert = false;
- remove_cert = false;
- done = false;
-
- if (req.tag() != "ricci") {
- done = true;
- return XMLObject("not_ricci_message");
- }
-
- XMLObject resp = ricci_header(authenticated);
-
- // version check
- String version = req.get_attr("version");
- if (version.empty()) {
- resp.set_attr("success", utils::to_string(RRC_MISSING_VERSION));
- return resp;
- } else if (req.get_attr("version") != "1.0") {
- resp.set_attr("success", utils::to_string(RRC_MISSING_VERSION));
- return resp;
- }
-
-
- RicciRetCode success = RRC_INTERNAL_ERROR;
- String function = req.get_attr("function");
- if (function == "") {
- success = RRC_MISSING_FUNCTION;
- } else if (function == "authenticate") {
- String passwd = req.get_attr("password");
- bool passwd_ok = false;
- if (passwd.size()) {
- try {
- passwd_ok = Auth().authenticate(passwd);
- } catch ( ... ) {}
- }
-
- if (passwd_ok) {
- resp = ricci_header(true, true);
- success = RRC_SUCCESS;
- save_cert = true;
- } else {
- if (_fail_auth_attempt++ == 3)
- done = true;
- success = RRC_AUTH_FAIL;
- }
-
- } else if (function == "unauthenticate") {
- if (!authenticated) {
- // not authenticated
- // success = RRC_NEED_AUTH;
- // unauthenticate should always succeed
- success = RRC_SUCCESS;
- } else {
- // authenticated
- resp = ricci_header(false);
- success = RRC_SUCCESS;
- remove_cert = true;
- }
-
- } else if (function == "list_modules") {
- // available modules
- if (!authenticated) {
- // not authenticated
- success = RRC_NEED_AUTH;
- } else {
- // authenticated
- list<String> modules = _dbus.modules();
- for (list<String>::const_iterator iter = modules.begin();
- iter != modules.end();
- iter++) {
- XMLObject x("module");
- x.set_attr("name", *iter);
- resp.add_child(x);
- }
- success = RRC_SUCCESS;
- }
-
- } else if (function == "process_batch") {
-
- if (!authenticated) {
- // not authenticated
- success = RRC_NEED_AUTH;
- } else {
- // authenticated
-
- bool async = (req.get_attr("async") == "true");
-
- const XMLObject* batch_xml = NULL;
- for (list<XMLObject>::const_iterator iter = req.children().begin();
- iter != req.children().end();
- iter++)
- if (iter->tag() == "batch") {
- batch_xml = &(*iter);
- break;
+Ricci::request( const XMLObject& req,
+ bool& authenticated,
+ bool& save_cert,
+ bool& remove_cert,
+ bool& done)
+{
+ save_cert = false;
+ remove_cert = false;
+ done = false;
+
+ if (req.tag() != "ricci") {
+ done = true;
+ return XMLObject("not_ricci_message");
}
- if (batch_xml) {
- try {
- long long id;
- if (true) {
- Batch batch(*batch_xml);
- id = batch.id();
- if (async) {
- resp.add_child(batch.report());
- success = RRC_SUCCESS;
- }
- }
- if (!async) {
- bool batch_done;
- do {
- sleep_mil(100);
- Batch batch(id);
- if (batch_done = batch.done()) {
- resp.add_child(batch.report());
- success = RRC_SUCCESS;
- }
- } while (!batch_done);
- }
- } catch ( ... ) {
- success = RRC_INTERNAL_ERROR;
- }
- } else
- success = RRC_MISSING_BATCH;
- }
-
- } else if (function == "batch_report") {
- // get report
-
- if (!authenticated) {
- // not authenticated
- success = RRC_NEED_AUTH;
- } else {
- // authenticated
-
- long long id = utils::to_long(req.get_attr("batch_id"));
- if (id == 0)
- success = RRC_INVALID_BATCH_ID;
- else {
- try {
- Batch batch(id);
- resp.add_child(batch.report());
- success = RRC_SUCCESS;
- } catch ( ... ) {
- success = RRC_INVALID_BATCH_ID;
- }
- }
- }
-
- } else {
- // invalid function name
- success = RRC_INVALID_FUNCTION;
- }
-
- resp.set_attr("success", utils::to_string(success));
- return resp;
-}
+ XMLObject resp = ricci_header(authenticated);
+ // version check
+ String version = req.get_attr("version");
+ if (version.empty()) {
+ resp.set_attr("success", utils::to_string(RRC_MISSING_VERSION));
+ return resp;
+ } else if (req.get_attr("version") != "1.0") {
+ resp.set_attr("success", utils::to_string(RRC_MISSING_VERSION));
+ return resp;
+ }
+ RicciRetCode success = RRC_INTERNAL_ERROR;
+ String function = req.get_attr("function");
+ if (function == "") {
+ success = RRC_MISSING_FUNCTION;
+ } else if (function == "authenticate") {
+ String passwd = req.get_attr("password");
+ bool passwd_ok = false;
+ if (passwd.size()) {
+ try {
+ passwd_ok = Auth().authenticate(passwd);
+ } catch ( ... ) {}
+ }
+
+ if (passwd_ok) {
+ resp = ricci_header(true, true);
+ success = RRC_SUCCESS;
+ save_cert = true;
+ authenticated = true;
+ } else {
+ if (_fail_auth_attempt++ == 3)
+ done = true;
+ success = RRC_AUTH_FAIL;
+ }
+ } else if (function == "unauthenticate") {
+ if (!authenticated) {
+ success = RRC_SUCCESS;
+ } else {
+ resp = ricci_header(false);
+ success = RRC_SUCCESS;
+ remove_cert = true;
+ }
+ } else if (function == "list_modules") {
+ // available modules
+ if (!authenticated) {
+ success = RRC_NEED_AUTH;
+ } else {
+ list<String> modules = _dbus.modules();
+ for (list<String>::const_iterator
+ iter = modules.begin() ;
+ iter != modules.end() ;
+ iter++)
+ {
+ XMLObject x("module");
+ x.set_attr("name", *iter);
+ resp.add_child(x);
+ }
+ success = RRC_SUCCESS;
+ }
+ } else if (function == "process_batch") {
+ if (!authenticated) {
+ success = RRC_NEED_AUTH;
+ } else {
+ bool async = (req.get_attr("async") == "true");
+
+ const XMLObject* batch_xml = NULL;
+ for (list<XMLObject>::const_iterator
+ iter = req.children().begin() ;
+ iter != req.children().end() ;
+ iter++)
+ {
+ if (iter->tag() == "batch") {
+ batch_xml = &(*iter);
+ break;
+ }
+ }
+
+ if (batch_xml) {
+ try {
+ long long id;
+
+ if (true) {
+ Batch batch(*batch_xml);
+ id = batch.id();
+
+ if (async) {
+ resp.add_child(batch.report());
+ success = RRC_SUCCESS;
+ }
+ }
+
+ if (!async) {
+ bool batch_done;
+ do {
+ sleep_mil(100);
+ Batch batch(id);
+ if (batch_done = batch.done()) {
+ resp.add_child(batch.report());
+ success = RRC_SUCCESS;
+ }
+ } while (!batch_done);
+ }
+ } catch ( ... ) {
+ success = RRC_INTERNAL_ERROR;
+ }
+ } else
+ success = RRC_MISSING_BATCH;
+ }
+ } else if (function == "batch_report") {
+ // get report
+ if (!authenticated) {
+ success = RRC_NEED_AUTH;
+ } else {
+ long long id = utils::to_long(req.get_attr("batch_id"));
+ if (id == 0)
+ success = RRC_INVALID_BATCH_ID;
+ else {
+ try {
+ Batch batch(id);
+ resp.add_child(batch.report());
+ success = RRC_SUCCESS;
+ } catch ( ... ) {
+ success = RRC_INVALID_BATCH_ID;
+ }
+ }
+ }
+ } else {
+ // invalid function name
+ success = RRC_INVALID_FUNCTION;
+ }
+ resp.set_attr("success", utils::to_string(success));
+ return resp;
+}
Batch::Batch(const XMLObject& xml) :
- _report(xml.tag()),
- _state(ProcessWorker::st_sched)
+ _report(xml.tag()),
+ _state(ProcessWorker::st_sched)
{
- QueueLocker lock;
-
- // id
- String path_tmp;
- do {
- _id = random_generator(1, 2147483647);
- _path = String(QUEUE_DIR_PATH) + utils::to_string(_id);
- path_tmp = _path + ".tmp";
- if (access(_path.c_str(), F_OK))
- break;
- } while (true);
-
- // generate request
- for (map<String, String>::const_iterator iter = xml.attrs().begin();
- iter != xml.attrs().end();
- iter++)
- _report.set_attr(iter->first, iter->second);
- _report.set_attr("batch_id", utils::to_string(_id));
- _report.set_attr("status", utils::to_string(_state));
- for (list<XMLObject>::const_iterator iter = xml.children().begin();
- iter != xml.children().end();
- iter++) {
- XMLObject child(*iter);
- if (iter->tag() == "module")
- child.set_attr("status", utils::to_string(_state));
- _report.add_child(child);
- }
-
- // create file
- int res, fd = open(path_tmp.c_str(),
- O_RDONLY|O_CREAT,
- S_IRUSR|S_IWUSR|S_IRGRP);
- if (fd == -1)
- throw String("unable to create batch file");
- while ((res = close(fd)))
- if (errno != EINTR)
- throw String("unable to close batch fd");
-
- // write file
- FILE* file = fopen(path_tmp.c_str(), "w+");
- if (!file)
- throw String("unable to open batch file");
- try {
- // save request
- String xml_str(generateXML(_report));
- if (fwrite(xml_str.c_str(),
- xml_str.size(),
- 1,
- file) != 1)
- throw String("unable to write batch request");
- fclose(file);
- if (rename(path_tmp.c_str(), _path.c_str()))
- throw String("failed to rename batch file");
- } catch ( ... ) {
- fclose(file);
- unlink(path_tmp.c_str());
- throw;
- }
-
- try {
- start_worker(_path);
- } catch ( ... ) {
- unlink(_path.c_str());
- throw;
- }
+ QueueLocker lock;
+
+ // id
+ String path_tmp;
+ do {
+ _id = random_generator(1, 2147483647);
+ _path = String(QUEUE_DIR_PATH) + utils::to_string(_id);
+ path_tmp = _path + ".tmp";
+ if (access(_path.c_str(), F_OK))
+ break;
+ } while (true);
+
+ // generate request
+ for (map<String, String>::const_iterator
+ iter = xml.attrs().begin() ;
+ iter != xml.attrs().end() ;
+ iter++)
+ {
+ _report.set_attr(iter->first, iter->second);
+ }
+
+ _report.set_attr("batch_id", utils::to_string(_id));
+ _report.set_attr("status", utils::to_string(_state));
+
+ for (list<XMLObject>::const_iterator
+ iter = xml.children().begin() ;
+ iter != xml.children().end() ;
+ iter++)
+ {
+ XMLObject child(*iter);
+
+ if (iter->tag() == "module")
+ child.set_attr("status", utils::to_string(_state));
+ _report.add_child(child);
+ }
+
+ // create file
+ int fd = open(path_tmp.c_str(), O_RDONLY | O_CREAT | O_EXCL, 0640);
+ if (fd == -1)
+ throw String("unable to create batch file: ") + String(strerror(errno));
+
+ // write file
+ FILE *file = fdopen(fd, "w+");
+ if (!file)
+ throw String("unable to open batch file: ") + String(strerror(errno));
+
+ try {
+ // save request
+ String xml_str(generateXML(_report));
+ if (fwrite(xml_str.c_str(), xml_str.size(), 1, file) != 1) {
+ throw String("unable to write batch request: ")
+ + String(strerror(errno));
+ }
+ fclose(file);
+ if (rename(path_tmp.c_str(), _path.c_str())) {
+ throw String("failed to rename batch file: ")
+ + String(strerror(errno));
+ }
+ } catch ( ... ) {
+ fclose(file);
+ unlink(path_tmp.c_str());
+ throw;
+ }
+
+ try {
+ start_worker(_path);
+ } catch ( ... ) {
+ unlink(_path.c_str());
+ throw;
+ }
}
Batch::Batch(long long id) :
- _id(id)
+ _id(id)
{
- QueueLocker lock;
-
- String batch;
-
- // read file
- _path = String(QUEUE_DIR_PATH) + utils::to_string(_id);
- FILE* file = fopen(_path.c_str(), "r");
- if (!file)
- throw String("unable to open batch file, either invalid ID or access denied");
- try {
- do {
- char buff[1024];
- unsigned int res = fread(buff, 1, sizeof(buff), file);
- batch.append(buff, res);
- shred(buff, sizeof(buff));
- if (res < sizeof(buff)) {
- if (ferror(file))
- throw String("unable to read batch file");
- else
- break;
- }
- } while (true);
- fclose(file);
- } catch ( ... ) {
- fclose(file);
- throw;
- }
-
- _report = parseXML(batch);
- if (utils::to_long(_report.get_attr("batch_id")) != _id)
- throw String("ID doesn't match");
- _state = utils::to_long(_report.get_attr("status"));
+ QueueLocker lock;
+ String batch;
+
+ // read file
+ _path = String(QUEUE_DIR_PATH) + utils::to_string(_id);
+ FILE *file = fopen(_path.c_str(), "r");
+ if (!file)
+ throw String("unable to open batch file: ") + String(strerror(errno));
+
+ try {
+ do {
+ char buff[4096];
+ size_t res = fread(buff, 1, sizeof(buff), file);
+ int err = errno;
+ batch.append(buff, res);
+ shred(buff, sizeof(buff));
+
+ if (res < sizeof(buff)) {
+ if (ferror(file)) {
+ throw String("unable to read batch file: ")
+ + String(strerror(err));
+ } else
+ break;
+ }
+ } while (true);
+ fclose(file);
+ } catch ( ... ) {
+ fclose(file);
+ throw;
+ }
+
+ _report = parseXML(batch);
+ if (utils::to_long(_report.get_attr("batch_id")) != _id)
+ throw String("ID doesn't match");
+ _state = utils::to_long(_report.get_attr("status"));
}
Batch::~Batch()
{
- QueueLocker lock;
- if (_state != ProcessWorker::st_sched &&
- _state != ProcessWorker::st_prog) {
- try {
- File f(File::open(_path, true));
- f.shred();
- f.unlink();
- } catch ( ... ) {}
- }
+ QueueLocker lock;
+
+ if (_state != ProcessWorker::st_sched &&
+ _state != ProcessWorker::st_prog)
+ {
+ try {
+ File f(File::open(_path, true));
+ f.shred();
+ f.unlink();
+ } catch ( ... ) {}
+ }
}
long long
Batch::id() const
{
- return _id;
+ return _id;
}
bool
Batch::done() const
{
- bool done = ((_state != ProcessWorker::st_sched) &&
- (_state != ProcessWorker::st_prog));
- return done;
+ bool done = ((_state != ProcessWorker::st_sched) &&
+ (_state != ProcessWorker::st_prog));
+ return done;
}
-XMLObject
+XMLObject
Batch::report() const
{
- if (done())
- return _report;
-
- XMLObject rep = _report;
-
- // TODO: clean-up modules if st_sched || st_prog
-
- return rep;
-}
+ if (done())
+ return _report;
+ XMLObject rep = _report;
-void
-Batch::start_worker(const String& path)
-{
- String out, err;
- int status;
- vector<String> args;
- args.push_back("-f");
- args.push_back(path);
- if (utils::execute(RICCI_WORKER_PATH,
- args,
- out,
- err,
- status,
- false))
- throw command_not_found_error_msg(RICCI_WORKER_PATH);
- if (status)
- throw String("execution of ricci-worker failed");
+ // TODO: clean-up modules if st_sched || st_prog
+ return rep;
}
-void
-Batch::restart_batches()
+void
+Batch::start_worker(const String& path)
{
- QueueLocker lock;
- DIR* dir = opendir(QUEUE_DIR_PATH);
- if (!dir)
- throw String("unable to open queue directory");
- struct dirent* file_entry;
- while ((file_entry = readdir(dir)))
- try {
- String name(file_entry->d_name);
- // check name
- if (name.find_first_not_of("0123456789") == name.npos)
- // start worker
- start_worker(String(QUEUE_DIR_PATH) + name);
- } catch ( ... ) {}
- closedir(dir);
-}
+ String out, err;
+ int status;
+ vector<String> args;
+ args.push_back("-f");
+ args.push_back(path);
+ if (utils::execute(RICCI_WORKER_PATH, args, out, err, status, false))
+ throw command_not_found_error_msg(RICCI_WORKER_PATH);
+ if (status)
+ throw String("execution of ricci-worker failed: " + err);
+}
+void
+Batch::restart_batches()
+{
+ QueueLocker lock;
+ DIR *dir = opendir(QUEUE_DIR_PATH);
+ if (!dir) {
+ throw String("unable to open queue directory: ")
+ + String(strerror(errno));
+ }
+ struct dirent *file_entry;
+ while ((file_entry = readdir(dir))) {
+ try {
+ String name(file_entry->d_name);
+ // check name
+ if (name.find_first_not_of("0123456789") == name.npos) {
+ // start worker
+ start_worker(String(QUEUE_DIR_PATH) + name);
+ }
+ } catch ( ... ) {}
+ }
+ closedir(dir);
+}
-pair<String, String>
+pair<String, String>
clusterinfo()
{
- try {
- XMLObject xml(readXML("/etc/cluster/cluster.conf"));
- String name = xml.get_attr("name");
- String alias = xml.get_attr("alias");
- if (utils::strip(alias).empty())
- alias = name;
- return pair<String, String>(name, alias);
- } catch ( ... ) {
- return pair<String, String>("", "");
- }
+ try {
+ XMLObject xml(readXML("/etc/cluster/cluster.conf"));
+ String name = xml.get_attr("name");
+ String alias = xml.get_attr("alias");
+
+ if (utils::strip(alias).empty())
+ alias = name;
+ return pair<String, String>(name, alias);
+ } catch ( ... ) {
+ return pair<String, String>("", "");
+ }
}
-String
+String
os_release()
{
- try {
- return utils::strip(File::open("/etc/redhat-release"));
- } catch ( ... ) {
- return "";
- }
+ try {
+ return utils::strip(File::open("/etc/redhat-release"));
+ } catch ( ... ) {
+ return "";
+ }
}
-bool
+bool
dom0()
{
- try {
- String out, err;
- int status;
- vector<String> args;
- args.push_back("nodeinfo");
- if (utils::execute("/usr/bin/virsh",
- args,
- out,
- err,
- status,
- false))
- throw command_not_found_error_msg("/usr/bin/virsh");
- if (status == 0)
- return true;
- } catch ( ... ) {}
-
- return false;
+ try {
+ String out, err;
+ int status;
+ vector<String> args;
+
+ args.push_back("nodeinfo");
+ if (utils::execute("/usr/bin/virsh", args, out, err, status, false))
+ throw command_not_found_error_msg("/usr/bin/virsh");
+ if (status == 0)
+ return true;
+ } catch ( ... ) {}
+
+ return false;
}
--- conga/ricci/ricci/Ricci.h 2006/08/10 22:53:09 1.8
+++ conga/ricci/ricci/Ricci.h 2007/08/30 17:07:14 1.9
@@ -1,5 +1,5 @@
/*
- Copyright Red Hat, Inc. 2005
+ Copyright Red Hat, Inc. 2005-2007
This program is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the
@@ -13,7 +13,7 @@
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
- Free Software Foundation, Inc., 675 Mass Ave, Cambridge,
+ Free Software Foundation, Inc., 675 Mass Ave, Cambridge,
MA 02139, USA.
*/
/*
@@ -27,82 +27,64 @@
#include "DBusController.h"
#include "XML.h"
-
-enum RicciRetCode {RRC_SUCCESS = 0,
-
- RRC_MISSING_VERSION = 1,
- RRC_UNSUPPORTED_VERSION = 2,
-
- RRC_MISSING_FUNCTION = 3,
- RRC_INVALID_FUNCTION = 4,
-
- RRC_NEED_AUTH = 5,
-
- RRC_INTERNAL_ERROR = 6,
-
- RRC_AUTH_FAIL = 10,
-
- RRC_MISSING_BATCH = 11,
- RRC_INVALID_BATCH_ID = 12,
-
- RRC_MISSING_MODULE = 13, // remove
- RRC_MODULE_FAILURE = 14}; // remove
-
+enum RicciRetCode {
+ RRC_SUCCESS = 0,
+ RRC_MISSING_VERSION = 1,
+ RRC_UNSUPPORTED_VERSION = 2,
+ RRC_MISSING_FUNCTION = 3,
+ RRC_INVALID_FUNCTION = 4,
+ RRC_NEED_AUTH = 5,
+ RRC_INTERNAL_ERROR = 6,
+ RRC_AUTH_FAIL = 10,
+ RRC_MISSING_BATCH = 11,
+ RRC_INVALID_BATCH_ID = 12,
+ RRC_MISSING_MODULE = 13, // remove
+ RRC_MODULE_FAILURE = 14 // remove
+};
class Ricci
{
- public:
- Ricci(DBusController& dbus);
- virtual ~Ricci();
-
- XMLObject hello(bool authed) const;
-
- XMLObject request(const XMLObject& req,
- bool authenticated,
- bool& save_cert,
- bool& remove_cert,
- bool& done);
-
- private:
- DBusController& _dbus;
-
- int _fail_auth_attempt;
-
- XMLObject ricci_header(bool authed, bool full=false) const;
-
-}; // class Ricci
+ public:
+ Ricci(DBusController& dbus);
+ virtual ~Ricci();
+ XMLObject hello(bool authed) const;
+
+ XMLObject request(const XMLObject& req,
+ bool& authenticated,
+ bool& save_cert,
+ bool& remove_cert,
+ bool& done);
+
+ private:
+ DBusController& _dbus;
+ int _fail_auth_attempt;
+ XMLObject ricci_header(bool authed, bool full=false) const;
+}; // class Ricci
class Batch
{
- public:
- Batch(const XMLObject&);
- Batch(long long id);
- virtual ~Batch();
-
- virtual long long id() const;
-
- virtual bool done() const;
-
- virtual XMLObject report() const;
-
- static void restart_batches(); // start workers on existing batch files
-
- private:
-
- XMLObject _report;
-
- String _path;
-
- long long _id;
- long long _state;
-
- static void start_worker(const String& path);
-
- Batch(const Batch&);
- Batch& operator=(const Batch&);
-
-}; // class Batch
-
+ public:
+ Batch(const XMLObject&);
+ Batch(long long id);
+
+ virtual ~Batch();
+ virtual long long id() const;
+ virtual bool done() const;
+ virtual XMLObject report() const;
+
+ static void restart_batches(); // start workers on existing batch files
+
+ private:
+ XMLObject _report;
+ String _path;
+ long long _id;
+ long long _state;
+
+ static void start_worker(const String& path);
+
+ Batch(const Batch&);
+ Batch& operator=(const Batch&);
+}; // class Batch
-#endif // Ricci_h
+#endif // Ricci_h
--- conga/ricci/ricci/RicciWorker.cpp 2006/09/26 04:56:52 1.11
+++ conga/ricci/ricci/RicciWorker.cpp 2007/08/30 17:07:14 1.12
@@ -1,5 +1,5 @@
/*
- Copyright Red Hat, Inc. 2005
+ Copyright Red Hat, Inc. 2005-2007
This program is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the
@@ -13,7 +13,7 @@
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
- Free Software Foundation, Inc., 675 Mass Ave, Cambridge,
+ Free Software Foundation, Inc., 675 Mass Ave, Cambridge,
MA 02139, USA.
*/
/*
@@ -41,378 +41,402 @@
void
-usage()
+usage(const char *progname)
{
- cout << "invalid usage" << endl;
+ cerr << "Usage: " << progname << " -f <path to batch file>" << endl;
}
-
-int
-main(int argc, char** argv)
+int
+main(int argc, char **argv)
{
- if (argc != 3) {
- usage();
- return 1;
- }
- if (String(argv[1]) != "-f") {
- usage();
- return 1;
- }
- String path(argv[2]);
-
- if (daemon(0, 0)) {
- cout << "daemon() failed" << endl;
- return 1;
- }
-
- try {
- DBusController dbus;
- BatchWorker batch(dbus, path);
- batch.process();
- return 0;
- } catch (String e) {
- cout << "exception: " << e << endl;
- } catch ( ... ) {
- cout << "unknown exception" << endl;
- }
- return 2;
-}
+ if (argc != 3) {
+ usage(argv[0]);
+ exit(1);
+ }
+ if (String(argv[1]) != "-f") {
+ usage(argv[0]);
+ exit(1);
+ }
+ String path(argv[2]);
+ if (daemon(0, 0)) {
+ cerr << "daemon() failed" << endl;
+ exit(1);
+ }
+ try {
+ DBusController dbus;
+ BatchWorker batch(dbus, path);
+ batch.process();
+ exit(0);
+ } catch (String e) {
+ cout << "exception: " << e << endl;
+ } catch ( ... ) {
+ cout << "unknown exception" << endl;
+ }
+ exit(2);
+}
// ############ ProcessWorker ##############
-
-
-
-ProcessWorker::ProcessWorker(DBusController& dbus,
- const XMLObject& xml,
- BatchWorker& batch,
- RebootModule& rm) :
- _dbus(dbus),
- _rm(rm),
- _report(xml),
- _batch(batch)
-{
- String state_str = _report.get_attr("status");
- if (state_str.empty())
- _state = st_sched;
- else
- _state = (state) utils::to_long(state_str);
+ProcessWorker::ProcessWorker( DBusController& dbus,
+ const XMLObject& xml,
+ BatchWorker& batch,
+ RebootModule& rm) :
+ _dbus(dbus),
+ _rm(rm),
+ _report(xml),
+ _batch(batch)
+{
+ String state_str = _report.get_attr("status");
+ if (state_str.empty())
+ _state = st_sched;
+ else
+ _state = (state) utils::to_long(state_str);
}
ProcessWorker::~ProcessWorker()
{}
-bool
+bool
ProcessWorker::scheduled() const
{
- return _state == st_sched;
+ return _state == st_sched;
}
-bool
+bool
ProcessWorker::in_progress() const
{
- return _state == st_prog;
+ return _state == st_prog;
}
-bool
+bool
ProcessWorker::done() const
{
- return _state == st_done;
+ return _state == st_done;
}
-bool
+bool
ProcessWorker::completed() const
{
- return (_state != st_sched && _state != st_prog);
+ return (_state != st_sched && _state != st_prog);
}
-bool
+bool
ProcessWorker::failed() const
{
- return _state == st_req_fail || _state == st_mod_fail;
+ return _state == st_req_fail || _state == st_mod_fail;
}
-bool
+bool
ProcessWorker::removed() const
{
- return _state == st_removed;
+ return _state == st_removed;
}
-void
+void
ProcessWorker::remove()
{
- if (_state == st_sched)
- _state = st_removed;
+ if (_state == st_sched)
+ _state = st_removed;
}
-XMLObject
+XMLObject
ProcessWorker::report() const
{
- _report.set_attr("status", utils::to_string(_state));
- return _report;
+ _report.set_attr("status", utils::to_string(_state));
+ return _report;
}
void
ProcessWorker::process()
{
- if (completed())
- return;
- else
- _state = st_prog;
-
- if (_report.children().empty()) {
- _state = st_done;
- return;
- }
-
- String module_name(_report.get_attr("name"));
-
- XMLObject module_header("module");
- module_header.set_attr("name", module_name);
- try {
- XMLObject request = _report.children().front();
- XMLObject mod_resp;
-
- if (module_name == "reboot") {
- mod_resp = _rm.process(request);
- if (_rm.block() && check_response(mod_resp)) {
- if (mod_resp.tag() == "internal_error")
- throw int();
- module_header.add_child(mod_resp);
+ if (completed())
+ return;
+ else
+ _state = st_prog;
+
+ if (_report.children().empty()) {
+ _state = st_done;
+ return;
+ }
+
+ String module_name(_report.get_attr("name"));
+ XMLObject module_header("module");
+ module_header.set_attr("name", module_name);
+
+ try {
+ XMLObject request = _report.children().front();
+ XMLObject mod_resp;
+
+ if (module_name == "reboot") {
+ mod_resp = _rm.process(request);
+ if (_rm.block() && check_response(mod_resp)) {
+ if (mod_resp.tag() == "internal_error")
+ throw int();
+ module_header.add_child(mod_resp);
+ _report = module_header;
+ _state = st_done;
+ _batch.save();
+
+ // sleep while the machine reboots
+ // ricci will start a new worker thread after the reboot
+ // that will pickup where it left off
+ select(0, NULL, NULL, NULL, NULL);
+ return;
+ }
+ } else {
+ String message = generateXML(request);
+ String ret = _dbus.process(message, module_name);
+ mod_resp = parseXML(ret);
+ }
+
+ if (mod_resp.tag() == "internal_error")
+ throw int();
+ module_header.add_child(mod_resp);
+ } catch ( ... ) {
+ _state = st_mod_fail;
+ return;
+ }
+
+ // check status within response
+ bool funcs_succeeded = check_response(module_header.children().front());
+
+ if (funcs_succeeded)
+ _state = st_done;
+ else
+ _state = st_req_fail;
_report = module_header;
- _state = st_done;
- _batch.save();
- // wait until rebooted,
- // ricci will start new worker (after reboot) to pickup where I left
- while (true)
- sleep_sec(255);
- return;
- }
- } else {
- String message = generateXML(request);
- String ret = _dbus.process(message, module_name);
- mod_resp = parseXML(ret);
- }
- if (mod_resp.tag() == "internal_error")
- throw int();
- module_header.add_child(mod_resp);
- } catch ( ... ) {
- _state = st_mod_fail;
- return;
- }
-
- // check status within response
- bool funcs_succeeded = check_response(module_header.children().front());
-
- if (funcs_succeeded)
- _state = st_done;
- else
- _state = st_req_fail;
- _report = module_header;
}
-bool
+bool
ProcessWorker::check_response(const XMLObject& resp)
{
- bool funcs_succeeded = true;
- if (resp.tag() == "API_error")
- funcs_succeeded = false;
- else {
- for (list<XMLObject>::const_iterator func_iter = resp.children().begin();
- func_iter != resp.children().end();
- func_iter++) {
- const XMLObject& func = *func_iter;
- if (func.tag() == FUNC_RESPONSE_TAG) {
- for (list<XMLObject>::const_iterator var_iter = func.children().begin();
- var_iter != func.children().end();
- var_iter++) {
- const XMLObject& var = *var_iter;
- if (var.tag() == VARIABLE_TAG)
- if (var.get_attr("name") == "success" &&
- var.get_attr("value") == "false")
- funcs_succeeded = false;
- }
- }
- }
- }
- return funcs_succeeded;
-}
-
-
-
-
+ bool funcs_succeeded = true;
+ if (resp.tag() == "API_error")
+ funcs_succeeded = false;
+ else {
+ for (list<XMLObject>::const_iterator
+ func_iter = resp.children().begin() ;
+ func_iter != resp.children().end() ;
+ func_iter++)
+ {
+ const XMLObject& func = *func_iter;
+ if (func.tag() == FUNC_RESPONSE_TAG) {
+ for (list<XMLObject>::const_iterator
+ var_iter = func.children().begin() ;
+ var_iter != func.children().end() ;
+ var_iter++)
+ {
+ const XMLObject& var = *var_iter;
+ if (var.tag() == VARIABLE_TAG) {
+ if (var.get_attr("name") == "success" &&
+ var.get_attr("value") == "false")
+ {
+ funcs_succeeded = false;
+ }
+ }
+ }
+ }
+ }
+ }
+ return funcs_succeeded;
+}
// ############ BatchWorker ##############
-
-
-
-
-
-BatchWorker::BatchWorker(DBusController& dbus,
- const String& path) :
- _rm(dbus),
- _path(path)
-{
- QueueLocker lock;
-
- _fd = open(_path.c_str(), O_RDONLY);
- if (_fd == -1)
- throw String("unable to open batch file");
- try {
- // lock file
- while (flock(_fd, LOCK_EX|LOCK_NB)) {
- if (errno == EINTR)
- continue;
- else if (errno == EWOULDBLOCK)
- throw String("file is in use by other worker");
- else
- throw String("unable to acquire flock");
- }
-
- // read file
- String xml_str;
- char buff[1024];
- int res;
- while ((res = read(_fd, buff, sizeof(buff))) != 0) {
- if (res > 0)
- xml_str.append(buff, res);
- else
- if (errno != EINTR)
- throw String("failure reading batch file");
- }
- shred(buff, sizeof(buff));
-
- // _xml
- _xml = parseXML(xml_str);
- if (_xml.tag() != "batch")
- throw String("not a batch file");
- String state_str = _xml.get_attr("status");
- if (state_str.empty())
- throw String("missing status attr");
- _state = (ProcessWorker::state) utils::to_long(state_str);
-
- // parse xml and generate subprocesses
- for (list<XMLObject>::const_iterator iter = _xml.children().begin();
- iter != _xml.children().end();
- iter++)
- if (iter->tag() == "module")
- _procs.push_back(counting_auto_ptr<ProcessWorker>(new ProcessWorker(dbus, *iter, *this, _rm)));
- } catch ( ... ) {
- close_fd(_fd);
- throw;
- }
+BatchWorker::BatchWorker(DBusController& dbus, const String& path) :
+ _rm(dbus),
+ _path(path)
+{
+ QueueLocker lock;
+
+ _fd = open(_path.c_str(), O_RDONLY);
+ if (_fd == -1)
+ throw String("unable to open batch file: ") + String(strerror(errno));
+
+ try {
+ // lock file
+ while (flock(_fd, LOCK_EX | LOCK_NB)) {
+ if (errno == EINTR)
+ continue;
+ else if (errno == EWOULDBLOCK)
+ throw String("file is in use by other worker");
+ else {
+ throw String("unable to acquire flock: ")
+ + String(strerror(errno));
+ }
+ }
+
+ // read file
+ String xml_str;
+ char buff[4096];
+ int res;
+
+ while ((res = read(_fd, buff, sizeof(buff))) != 0) {
+ if (res > 0)
+ xml_str.append(buff, res);
+ else {
+ if (errno != EINTR) {
+ throw String("failure reading batch file: ")
+ + String(strerror(errno));
+ }
+ }
+ }
+ shred(buff, sizeof(buff));
+
+ // _xml
+ _xml = parseXML(xml_str);
+ if (_xml.tag() != "batch")
+ throw String("not a batch file: opening tag is ") + _xml.tag();
+
+ String state_str = _xml.get_attr("status");
+ if (state_str.empty())
+ throw String("missing status attr");
+ _state = (ProcessWorker::state) utils::to_long(state_str);
+
+ // parse xml and generate subprocesses
+ for (list<XMLObject>::const_iterator
+ iter = _xml.children().begin() ;
+ iter != _xml.children().end() ;
+ iter++)
+ {
+ if (iter->tag() == "module")
+ _procs.push_back(counting_auto_ptr<ProcessWorker>(new ProcessWorker(dbus, *iter, *this, _rm)));
+ }
+ } catch ( ... ) {
+ close_fd(_fd);
+ throw;
+ }
}
BatchWorker::~BatchWorker()
{
- QueueLocker lock;
-
- close_fd(_fd);
-}
+ QueueLocker lock;
+ close_fd(_fd);
+}
void
BatchWorker::close_fd(int fd)
{
- if (fd)
- while (close(fd))
- if (errno != EINTR)
- break;
+ if (fd >= 0) {
+ while (close(fd)) {
+ if (errno != EINTR)
+ break;
+ }
+ }
}
-void
+void
BatchWorker::process()
{
- if (_state == ProcessWorker::st_sched || _state == ProcessWorker::st_prog)
- _state = ProcessWorker::st_prog;
- else
- return;
-
- // process subprocesses
- for (list<counting_auto_ptr<ProcessWorker> >::iterator iter = _procs.begin();
- iter != _procs.end();
- iter++) {
- save();
- ProcessWorker& proc = **iter;
- proc.process();
- if (proc.failed()) {
- for (iter++;
- iter != _procs.end();
- iter++)
- (*iter)->remove();
- _state = ProcessWorker::st_req_fail;
- save();
- return;
- }
- }
- _state = ProcessWorker::st_done;
- save();
+ if (_state == ProcessWorker::st_sched || _state == ProcessWorker::st_prog)
+ _state = ProcessWorker::st_prog;
+ else
+ return;
+
+ // process subprocesses
+ for (list<counting_auto_ptr<ProcessWorker> >::iterator
+ iter = _procs.begin() ;
+ iter != _procs.end() ;
+ iter++)
+ {
+ save();
+
+ ProcessWorker& proc = **iter;
+ proc.process();
+
+ if (proc.failed()) {
+ for (iter++ ; iter != _procs.end() ; iter++)
+ (*iter)->remove();
+ _state = ProcessWorker::st_req_fail;
+ save();
+ return;
+ }
+ }
+
+ _state = ProcessWorker::st_done;
+ save();
}
-XMLObject
+XMLObject
BatchWorker::report() const
{
- XMLObject result(_xml.tag());
- for (map<String, String>::const_iterator iter = _xml.attrs().begin();
- iter != _xml.attrs().end();
- iter++)
- result.set_attr(iter->first, iter->second);
- for (list<counting_auto_ptr<ProcessWorker> >::const_iterator iter = _procs.begin();
- iter != _procs.end();
- iter++)
- result.add_child((*iter)->report());
- result.set_attr("status", utils::to_string(_state));
- return result;
+ XMLObject result(_xml.tag());
+
+ for (map<String, String>::const_iterator
+ iter = _xml.attrs().begin() ;
+ iter != _xml.attrs().end() ;
+ iter++)
+ {
+ result.set_attr(iter->first, iter->second);
+ }
+
+ for (list<counting_auto_ptr<ProcessWorker> >::const_iterator
+ iter = _procs.begin() ;
+ iter != _procs.end() ;
+ iter++)
+ {
+ result.add_child((*iter)->report());
+ }
+
+ result.set_attr("status", utils::to_string(_state));
+ return result;
}
void
BatchWorker::save()
{
- QueueLocker lock;
-
- String path_tmp(_path + ".tmp");
- int fd_tmp = open(path_tmp.c_str(),
- O_WRONLY|O_CREAT,
- S_IRUSR|S_IWUSR|S_IRGRP);
- if (fd_tmp == -1)
- throw String("unable to create tmp batch file");
-
- try {
- // lock path_tmp
- while (flock(fd_tmp, LOCK_EX))
- if (errno != EINTR)
- throw String("unable to lock the tmp batch file");
-
- // write to tmp file
- String out(generateXML(report()));
- do {
- int res = write(fd_tmp, out.c_str(), out.size());
- if (res == -1) {
- if (errno != EINTR)
- throw String("unable to write batch file");
- } else
- out = out.substr(res);
- } while (out.size());
-
- // rename path_tmp to _path
- if (rename(path_tmp.c_str(), _path.c_str()))
- throw String("unable to rename batch file");
-
- // close _fd, and replace it with fd_tmp
- close_fd(_fd);
- _fd = fd_tmp;
- } catch ( ... ) {
- close_fd(fd_tmp);
- unlink(path_tmp.c_str());
- throw;
- }
+ QueueLocker lock;
+
+ String path_tmp(_path + ".tmp");
+ int fd_tmp = open(path_tmp.c_str(), O_WRONLY | O_CREAT | O_EXCL, 0640);
+ if (fd_tmp == -1) {
+ throw String("unable to create tmp batch file: ")
+ + String(strerror(errno));
+ }
+
+ try {
+ // lock path_tmp
+ while (flock(fd_tmp, LOCK_EX)) {
+ if (errno != EINTR) {
+ throw String("unable to lock the tmp batch file: ")
+ + String(strerror(errno));
+ }
+ }
+
+ // write to tmp file
+ String out(generateXML(report()));
+ do {
+ int res = write(fd_tmp, out.c_str(), out.size());
+ if (res == -1) {
+ if (errno != EINTR) {
+ throw String("unable to write batch file: ")
+ + String(strerror(errno));
+ }
+ } else
+ out = out.substr(res);
+ } while (out.size());
+
+ // rename path_tmp to _path
+ if (rename(path_tmp.c_str(), _path.c_str())) {
+ throw String("unable to rename batch file: ")
+ + String(strerror(errno));
+ }
+
+ // close _fd, and replace it with fd_tmp
+ close_fd(_fd);
+ _fd = fd_tmp;
+ } catch ( ... ) {
+ close_fd(fd_tmp);
+ unlink(path_tmp.c_str());
+ throw;
+ }
}
--- conga/ricci/ricci/RicciWorker.h 2006/08/10 22:53:09 1.6
+++ conga/ricci/ricci/RicciWorker.h 2007/08/30 17:07:14 1.7
@@ -1,5 +1,5 @@
/*
- Copyright Red Hat, Inc. 2005
+ Copyright Red Hat, Inc. 2005-2007
This program is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the
@@ -13,7 +13,7 @@
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
- Free Software Foundation, Inc., 675 Mass Ave, Cambridge,
+ Free Software Foundation, Inc., 675 Mass Ave, Cambridge,
MA 02139, USA.
*/
/*
@@ -35,86 +35,73 @@
class ProcessWorker
{
- public:
- ProcessWorker(DBusController& dbus,
- const XMLObject&,
- BatchWorker& batch,
- RebootModule& rm);
- virtual ~ProcessWorker();
-
- virtual bool done() const;
- virtual bool completed() const;
- virtual bool scheduled() const;
- virtual bool in_progress() const;
- virtual bool failed() const;
- virtual bool removed() const;
- virtual void remove();
-
- virtual XMLObject report() const;
-
- virtual void process();
-
-
- enum state {st_done = 0, // completed successfully
- st_sched = 1, // scheduled
- st_prog = 2, // in progress
- st_mod_fail = 3, // module failure
- st_req_fail = 4, // request failure, module succeeded
- st_removed = 5}; // removed from scheduler
-
-
- protected:
-
- DBusController& _dbus;
- RebootModule& _rm;
-
- mutable XMLObject _report;
-
- state _state;
-
- BatchWorker& _batch;
-
- private:
- bool check_response(const XMLObject& resp);
-
- ProcessWorker(const ProcessWorker&);
- ProcessWorker& operator=(const ProcessWorker&);
-
-};
+ public:
+ ProcessWorker( DBusController& dbus,
+ const XMLObject&,
+ BatchWorker& batch,
+ RebootModule& rm);
+ virtual ~ProcessWorker();
+
+ virtual bool done() const;
+ virtual bool completed() const;
+ virtual bool scheduled() const;
+ virtual bool in_progress() const;
+ virtual bool failed() const;
+ virtual bool removed() const;
+ virtual void remove();
+
+ virtual XMLObject report() const;
+
+ virtual void process();
+
+ enum state {
+ st_done = 0, // completed successfully
+ st_sched = 1, // scheduled
+ st_prog = 2, // in progress
+ st_mod_fail = 3, // module failure
+ st_req_fail = 4, // request failure, module succeeded
+ st_removed = 5 // removed from scheduler
+ };
+
+ protected:
+ DBusController& _dbus;
+ RebootModule& _rm;
+ mutable XMLObject _report;
+ state _state;
+ BatchWorker& _batch;
+ private:
+ bool check_response(const XMLObject& resp);
+ ProcessWorker(const ProcessWorker&);
+ ProcessWorker& operator=(const ProcessWorker&);
+};
class BatchWorker
{
- public:
- BatchWorker(DBusController& dbus,
- const String& path);
- virtual ~BatchWorker();
-
- virtual XMLObject report() const;
-
- virtual void process();
-
- private:
-
- RebootModule _rm;
-
- std::list<counting_auto_ptr<ProcessWorker> > _procs;
-
- XMLObject _xml;
- ProcessWorker::state _state;
- String _path;
-
- int _fd;
- void close_fd(int fd);
- void save();
-
- BatchWorker(const BatchWorker&);
- BatchWorker& operator=(const BatchWorker&);
-
- friend class ProcessWorker;
-
-};
+ public:
+ BatchWorker(DBusController& dbus, const String& path);
+ virtual ~BatchWorker();
+
+ virtual XMLObject report() const;
+ virtual void process();
+
+ private:
+ RebootModule _rm;
+ std::list<counting_auto_ptr<ProcessWorker> > _procs;
+ XMLObject _xml;
+ ProcessWorker::state _state;
+ String _path;
+
+ int _fd;
+ void close_fd(int fd);
+ void save();
+
+ BatchWorker(const BatchWorker&);
+ BatchWorker& operator=(const BatchWorker&);
+
+ friend class ProcessWorker;
+};
-#endif // RicciWorker_h
+#endif // RicciWorker_h
--- conga/ricci/ricci/SSLInstance.cpp 2007/06/25 16:03:44 1.8
+++ conga/ricci/ricci/SSLInstance.cpp 2007/08/30 17:07:14 1.9
@@ -13,7 +13,7 @@
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
- Free Software Foundation, Inc., 675 Mass Ave, Cambridge,
+ Free Software Foundation, Inc., 675 Mass Ave, Cambridge,
MA 02139, USA.
*/
/*
@@ -51,426 +51,453 @@
class file_cert
{
-public:
- file_cert(const String& file, const String& cert) :
- file(file),
- cert(cert) {}
-
- String file;
- String cert;
-};
-static list<file_cert> authorized_certs;
-
+ public:
+ file_cert(const String& file, const String& cert) :
+ file(file),
+ cert(cert) {}
+ String file;
+ String cert;
+};
+static list<file_cert> authorized_certs;
-static int
+static int
verify_cert_callback(int preverify_ok, X509_STORE_CTX *ctx)
{
- return 1;
+ return 1;
}
-static void
+
+static void
load_client_certs()
{
- MutexLocker l(global_lock);
-
- // load authorized CAs
- if (!SSL_CTX_load_verify_locations(ctx, CLIENT_AUTH_CAs_PATH, NULL))
- cout << "failed to load authorized CAs" << endl;
-
- STACK_OF(X509_NAME) *cert_names =
- SSL_load_client_CA_file(CLIENT_AUTH_CAs_PATH);
- if (cert_names)
- SSL_CTX_set_client_CA_list(ctx, cert_names);
- else
- cout << "failed to load authorized CAs" << endl;
-
- // load saved certs
-
- set<String> files;
- String dir_path(CLIENT_CERTS_DIR_PATH);
- DIR* d = opendir(dir_path.c_str());
- if (d == NULL)
- throw String("unable to open directory ") + dir_path;
- try {
- while (true) {
- struct dirent* ent = readdir(d);
- if (ent == NULL) {
- closedir(d);
- break;
- }
- String kid_path = ent->d_name;
- if (kid_path == "." || kid_path == "..")
- continue;
- kid_path = dir_path + "/" + kid_path;
- struct stat st;
- if (stat(kid_path.c_str(), &st))
- continue;
- if (S_ISREG(st.st_mode))
- files.insert(kid_path);
- }
- } catch ( ... ) {
- closedir(d);
- throw;
- }
-
- authorized_certs.clear();
-
- for (set<String>::const_iterator iter = files.begin();
- iter != files.end();
- iter++) {
- try {
- String cert(File::open(*iter).read());
- if (cert.size() && cert.size() < 10 * 1024)
- authorized_certs.push_back(file_cert(*iter, cert));
- } catch ( ... ) {}
- }
-}
-static void
-ssl_mutex_callback(int mode,
- int n,
- const char *file,
- int line)
-{
- if (mode & CRYPTO_LOCK)
- ssl_locks[n]->lock();
- else
- ssl_locks[n]->unlock();
+ MutexLocker l(global_lock);
+
+ // load authorized CAs
+ if (!SSL_CTX_load_verify_locations(ctx, CLIENT_AUTH_CAs_PATH, NULL))
+ cerr << "failed to load authorized CAs" << endl;
+
+ STACK_OF(X509_NAME) *cert_names =
+ SSL_load_client_CA_file(CLIENT_AUTH_CAs_PATH);
+
+ if (cert_names)
+ SSL_CTX_set_client_CA_list(ctx, cert_names);
+ else
+ cerr << "failed to load authorized CAs" << endl;
+
+ // load saved certs
+
+ set<String> files;
+ String dir_path(CLIENT_CERTS_DIR_PATH);
+ DIR* d = opendir(dir_path.c_str());
+ if (d == NULL)
+ throw String("unable to open directory ") + dir_path;
+ try {
+ while (true) {
+ struct dirent* ent = readdir(d);
+ if (ent == NULL) {
+ closedir(d);
+ break;
+ }
+
+ String kid_path = ent->d_name;
+ if (kid_path == "." || kid_path == "..")
+ continue;
+ kid_path = dir_path + "/" + kid_path;
+
+ struct stat st;
+ if (stat(kid_path.c_str(), &st))
+ continue;
+ if (S_ISREG(st.st_mode))
+ files.insert(kid_path);
+ }
+ } catch ( ... ) {
+ closedir(d);
+ throw;
+ }
+
+ authorized_certs.clear();
+
+ for (set<String>::const_iterator
+ iter = files.begin() ;
+ iter != files.end() ;
+ iter++)
+ {
+ try {
+ String cert(File::open(*iter).read());
+ if (cert.size() && cert.size() < 10 * 1024)
+ authorized_certs.push_back(file_cert(*iter, cert));
+ } catch ( ... ) {}
+ }
}
+
+static void
+ssl_mutex_callback(int mode, int n, const char *file, int line)
+{
+ if (mode & CRYPTO_LOCK)
+ ssl_locks[n]->lock();
+ else
+ ssl_locks[n]->unlock();
+}
+
static pthread_t
ssl_id_callback(void)
{
- return pthread_self();
+ return pthread_self();
}
-
-
-
// ##### class SSLInstance #####
SSLInstance::SSLInstance(ClientSocket sock) :
- _sock(sock),
- _accepted(false)
+ _sock(sock),
+ _accepted(false)
{
- {
- MutexLocker l(global_lock);
- if (!ssl_inited) {
- // init library
-
- SSL_library_init();
- // TODO: random number generator,
- // not on systems with /dev/urandom (eg. Linux)
-
- // thread support
- ssl_locks.clear();
- for (int i=0; i<CRYPTO_num_locks()+1; i++)
- ssl_locks.push_back(counting_auto_ptr<Mutex>(new Mutex()));
- CRYPTO_set_locking_callback(ssl_mutex_callback);
- CRYPTO_set_id_callback(ssl_id_callback);
-
- // create context
- if (!ctx)
- ctx = SSL_CTX_new(SSLv23_server_method());
- if (!ctx)
- throw String("SSL context creation failed");
- // set verify_callback() function
- SSL_CTX_set_verify(ctx,
- SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,
- verify_cert_callback);
- // set mode
- SSL_CTX_set_mode(ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
- SSL_CTX_set_mode(ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
-
- // load key
- if (!SSL_CTX_use_PrivateKey_file(ctx,
- SERVER_KEY_PATH,
- SSL_FILETYPE_PEM))
- throw String("error importing server's cert key file");
- // load server cert
- if (!SSL_CTX_use_certificate_file(ctx,
- SERVER_CERT_PATH,
- SSL_FILETYPE_PEM))
- throw String("error importing server's cert file");
- // load client certs
- load_client_certs();
-
- ssl_inited = true;
- }
-
- // create SSL object, giving it context
- _ssl = SSL_new(ctx);
- if (!_ssl)
- throw String("creation of ssl object failed");
- }
-
- // make socket non-blocking
- try {
- _sock.nonblocking(true);
- } catch ( ... ) {
- SSL_free(_ssl);
- throw;
- }
-
- // assign fd to _ssl
- if (!SSL_set_fd(_ssl, _sock.get_sock())) {
- SSL_free(_ssl);
- throw String("fd assignment to ssl_obj failed");
- }
+ {
+ MutexLocker l(global_lock);
+ if (!ssl_inited) {
+ // init library
+
+ SSL_library_init();
+ // TODO: random number generator,
+ // not on systems with /dev/urandom (eg. Linux)
+
+ // thread support
+ ssl_locks.clear();
+ for (int i = 0; i < CRYPTO_num_locks() + 1 ; i++)
+ ssl_locks.push_back(counting_auto_ptr<Mutex>(new Mutex()));
+
+ CRYPTO_set_locking_callback(ssl_mutex_callback);
+ CRYPTO_set_id_callback(ssl_id_callback);
+
+ // create context
+ if (!ctx)
+ ctx = SSL_CTX_new(SSLv23_server_method());
+ if (!ctx)
+ throw String("SSL context creation failed");
+
+ // set verify_callback() function
+ SSL_CTX_set_verify(ctx,
+ SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE,
+ verify_cert_callback);
+
+ // set mode
+ SSL_CTX_set_mode(ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
+ SSL_CTX_set_mode(ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
+
+ // load key
+ if (!SSL_CTX_use_PrivateKey_file(ctx,
+ SERVER_KEY_PATH, SSL_FILETYPE_PEM))
+ {
+ throw String("error importing server's cert key file");
+ }
+
+ // load server cert
+ if (!SSL_CTX_use_certificate_file(ctx,
+ SERVER_CERT_PATH, SSL_FILETYPE_PEM))
+ {
+ throw String("error importing server's cert file");
+ }
+
+ // load client certs
+ load_client_certs();
+
+ ssl_inited = true;
+ }
+
+ // create SSL object, giving it context
+ _ssl = SSL_new(ctx);
+ if (!_ssl)
+ throw String("creation of ssl object failed");
+ }
+
+ // make socket non-blocking
+ try {
+ _sock.nonblocking(true);
+ } catch ( ... ) {
+ SSL_free(_ssl);
+ throw;
+ }
+
+ // assign fd to _ssl
+ if (!SSL_set_fd(_ssl, _sock.get_sock())) {
+ SSL_free(_ssl);
+ throw String("fd assignment to ssl_obj failed");
+ }
}
SSLInstance::~SSLInstance()
{
- SSL_shutdown(_ssl);
- SSL_free(_ssl);
+ SSL_shutdown(_ssl);
+ SSL_free(_ssl);
}
-
-bool
+bool
SSLInstance::accept(unsigned int timeout)
{
- if (_accepted)
- return _accepted;
-
- unsigned int beg = time_mil();
- while (time_mil() < beg + timeout) {
- int ret = SSL_accept(_ssl);
- if (ret == 1) {
- _accepted = true;
- break;
- } else {
- bool want_read, want_write;
- check_error(ret, want_read, want_write);
- socket().ready(want_read, want_write, 250);
- }
- }
-
- return _accepted;
-}
-
-String
-SSLInstance::send(const String& msg,
- unsigned int timeout)
-{
- if (!_accepted)
- throw String("cannot send, yet: SSL connection not accepted");
-
- if (msg.empty())
- return msg;
-
- unsigned int beg = time_mil();
- while (time_mil() < beg + timeout) {
- int ret = SSL_write(_ssl, msg.c_str(), msg.size());
- if (ret > 0) {
- return msg.substr(ret);
- } else {
- bool want_read, want_write;
- check_error(ret, want_read, want_write);
- socket().ready(want_read, want_write, 250);
- }
- }
-
- return msg;
+ if (_accepted)
+ return _accepted;
+
+ unsigned int beg = time_mil();
+ while (time_mil() < beg + timeout) {
+ int ret = SSL_accept(_ssl);
+ if (ret == 1) {
+ _accepted = true;
+ break;
+ } else {
+ bool want_read, want_write;
+ check_error(ret, want_read, want_write);
+ socket().ready(want_read, want_write, 250);
+ }
+ }
+
+ return _accepted;
+}
+
+String
+SSLInstance::send(const String& msg, unsigned int timeout)
+{
+ if (!_accepted)
+ throw String("cannot send, yet: SSL connection not accepted");
+
+ if (msg.empty())
+ return msg;
+
+ unsigned int beg = time_mil();
+ while (time_mil() < beg + timeout) {
+ int ret = SSL_write(_ssl, msg.c_str(), msg.size());
+ if (ret > 0) {
+ return msg.substr(ret);
+ } else {
+ bool want_read, want_write;
+ check_error(ret, want_read, want_write);
+ socket().ready(want_read, want_write, 250);
+ }
+ }
+
+ return msg;
}
-String
+String
SSLInstance::recv(unsigned int timeout)
{
- if (!_accepted)
- throw String("cannot receive, yet: SSL connection not accepted");
-
- char buff[4096];
-
- unsigned int beg = time_mil();
- while (time_mil() < beg + timeout) {
- int ret = SSL_read(_ssl, buff, sizeof(buff));
- if (ret > 0) {
- String data(buff, ret);
- shred(buff, sizeof(buff));
- return data;
- } else {
- bool want_read, want_write;
- check_error(ret, want_read, want_write);
- socket().ready(want_read, want_write, 250);
- }
- }
-
- return "";
+ if (!_accepted)
+ throw String("cannot receive, yet: SSL connection not accepted");
+
+ char buff[4096];
+ unsigned int beg = time_mil();
+ while (time_mil() < beg + timeout) {
+ int ret = SSL_read(_ssl, buff, sizeof(buff));
+ if (ret > 0) {
+ String data(buff, ret);
+ shred(buff, sizeof(buff));
+ return data;
+ } else {
+ bool want_read, want_write;
+ check_error(ret, want_read, want_write);
+ socket().ready(want_read, want_write, 250);
+ }
+ }
+
+ return "";
}
-bool
+bool
SSLInstance::client_has_cert()
{
- if (!_accepted)
- throw String("cannot determine if client has certificate: SSL connection not accepted");
-
- if (_cert_pem.size())
- return true;
-
- X509* cert = SSL_get_peer_certificate(_ssl);
- if (!cert)
- return false;
-
- // load cert into _cert_pem
- FILE* f = NULL;
- try {
- if (!(f = tmpfile()))
- throw String("unable to open temp file");
- if (!PEM_write_X509(f, cert))
- throw String("unable to write cert to tmp file");
- X509_free(cert); cert = NULL;
-
- // read cert
- rewind(f);
- while (true) {
- char buff[1024];
- size_t i = fread(buff, sizeof(char), sizeof(buff), f);
- _cert_pem.append(buff, i);
- if (i == 0) {
- if (feof(f))
- break;
- else
- throw String("error while reading certificate from temp file");
- }
- }
- fclose(f); f = NULL;
- } catch ( ... ) {
- if (cert)
- X509_free(cert);
- if (f)
- fclose(f);
- _cert_pem.clear();
- throw;
- }
-
- return true;
+ if (!_accepted)
+ throw String("cannot determine if client has certificate: SSL connection not accepted");
+
+ if (_cert_pem.size())
+ return true;
+
+ X509 *cert = SSL_get_peer_certificate(_ssl);
+ if (!cert)
+ return false;
+
+ // load cert into _cert_pem
+ FILE* f = NULL;
+ try {
+ if (!(f = tmpfile()))
+ throw String("unable to open temp file");
+
+ if (!PEM_write_X509(f, cert))
+ throw String("unable to write cert to tmp file");
+ X509_free(cert);
+ cert = NULL;
+
+ // read cert
+ rewind(f);
+
+ while (true) {
+ /*
+ ** By default, certificate files are usually about 1400 bytes long.
+ */
+ char buff[2048];
+
+ size_t i = fread(buff, sizeof(char), sizeof(buff), f);
+ _cert_pem.append(buff, i);
+ if (i == 0) {
+ if (feof(f))
+ break;
+ else
+ throw String("error while reading certificate from temp file");
+ }
+ }
+ fclose(f);
+ f = NULL;
+ } catch ( ... ) {
+ if (cert)
+ X509_free(cert);
+
+ if (f)
+ fclose(f);
+ _cert_pem.clear();
+ throw;
+ }
+
+ return true;
}
-bool
+bool
SSLInstance::client_cert_authed()
{
- // signed by authorized CAs?
- X509* cert = SSL_get_peer_certificate(_ssl);
- if (!cert)
- return false;
- X509_free(cert);
- if (SSL_get_verify_result(_ssl) == X509_V_OK)
- return true;
-
- // cert present among saved certs?
- client_has_cert(); // make sure cert is saved in _cert_pem
- MutexLocker l(global_lock);
- for (list<file_cert>::const_iterator iter = authorized_certs.begin();
- iter != authorized_certs.end();
- iter++)
- if (iter->cert == _cert_pem)
- return true;
- return false;
+ // signed by authorized CAs?
+ X509* cert = SSL_get_peer_certificate(_ssl);
+ if (!cert)
+ return false;
+
+ X509_free(cert);
+ if (SSL_get_verify_result(_ssl) == X509_V_OK)
+ return true;
+
+ // cert present among saved certs?
+ client_has_cert(); // make sure cert is saved in _cert_pem
+ MutexLocker l(global_lock);
+ for (list<file_cert>::const_iterator
+ iter = authorized_certs.begin() ;
+ iter != authorized_certs.end() ;
+ iter++)
+ {
+ if (iter->cert == _cert_pem)
+ return true;
+ }
+
+ return false;
}
-bool
+bool
SSLInstance::save_client_cert()
{
- MutexLocker l(global_lock);
-
- if (!client_has_cert())
- throw String("client did not present cert");
-
- String f_name(CLIENT_CERTS_DIR_PATH);
- f_name += "/client_cert_XXXXXX";
- int fd = -1;
- char* buff = new char[f_name.size() + 1];
- try {
- // pick a filename
- strcpy(buff, f_name.c_str());
- if ((fd = mkstemp(buff)) == -1)
- throw String("unable to generate random file");
- f_name = buff;
- delete[] buff; buff = 0;
-
- String data(_cert_pem);
- while (data.size()) {
- ssize_t i = write(fd, data.c_str(), data.size());
- if (i == -1) {
- if (errno != EINTR)
- throw String("error writing certificate");
- } else
- data = data.substr(i);
- }
- while (close(fd) && errno == EINTR)
- ;
- } catch ( ... ) {
- delete[] buff;
- if (fd != -1)
- while (close(fd) && errno == EINTR)
- ;
- unlink(f_name.c_str());
- return false;
- }
-
- load_client_certs();
-
- return true;
+ MutexLocker l(global_lock);
+
+ if (!client_has_cert())
+ throw String("client did not present cert");
+
+ String f_name(CLIENT_CERTS_DIR_PATH);
+ f_name += "/client_cert_XXXXXX";
+
+ int fd = -1;
+ char* buff = new char[f_name.size() + 1];
+
+ try {
+ // pick a filename
+ strcpy(buff, f_name.c_str());
+ if ((fd = mkstemp(buff)) == -1)
+ throw String("unable to generate random file");
+ f_name = buff;
+
+ delete[] buff;
+ buff = NULL;
+
+ String data(_cert_pem);
+ while (data.size()) {
+ ssize_t i = write(fd, data.c_str(), data.size());
+ if (i == -1) {
+ if (errno != EINTR)
+ throw String("error writing certificate");
+ } else
+ data = data.substr(i);
+ }
+ while (close(fd) && errno == EINTR)
+ ;
+ } catch ( ... ) {
+ if (buff)
+ delete[] buff;
+
+ if (fd != -1) {
+ while (close(fd) && errno == EINTR)
+ ;
+ }
+ unlink(f_name.c_str());
+ return false;
+ }
+
+ load_client_certs();
+ return true;
}
-bool
+bool
SSLInstance::remove_client_cert()
{
- MutexLocker l(global_lock);
-
- if (!client_has_cert())
- throw String("client did not present cert");
-
- for (list<file_cert>::const_iterator iter = authorized_certs.begin();
- iter != authorized_certs.end();
- iter++)
- if (iter->cert == _cert_pem)
- unlink(iter->file.c_str());
-
- load_client_certs();
- return true;
+ MutexLocker l(global_lock);
+
+ if (!client_has_cert())
+ throw String("client did not present cert");
+
+ for (list<file_cert>::const_iterator
+ iter = authorized_certs.begin() ;
+ iter != authorized_certs.end() ;
+ iter++)
+ {
+ if (iter->cert == _cert_pem)
+ unlink(iter->file.c_str());
+ }
+
+ load_client_certs();
+ return true;
}
ClientSocket&
SSLInstance::socket()
{
- return _sock;
+ return _sock;
}
void
SSLInstance::check_error(int value, bool& want_read, bool& want_write)
{
- want_read = want_write = false;
-
- String e;
- switch (SSL_get_error(_ssl, value)) {
- case SSL_ERROR_NONE:
- e = "SSL_ERROR_NONE";
- break;
- case SSL_ERROR_ZERO_RETURN:
- e = "SSL_ERROR_ZERO_RETURN";
- break;
- case SSL_ERROR_WANT_READ:
- want_read = true;
- return;
- case SSL_ERROR_WANT_WRITE:
- want_write = true;
- return;
- case SSL_ERROR_WANT_CONNECT:
- e = "SSL_ERROR_WANT_CONNECT";
- break;
- case SSL_ERROR_WANT_ACCEPT:
- e = "SSL_ERROR_WANT_ACCEPT";
- break;
- case SSL_ERROR_WANT_X509_LOOKUP:
- e = "SSL_ERROR_WANT_X509_LOOKUP";
- break;
- case SSL_ERROR_SYSCALL:
- e = "SSL_ERROR_SYSCALL";
- break;
- case SSL_ERROR_SSL:
- e = "SSL_ERROR_SSL";
- break;
- }
- throw String("SSL_read() error: ") + e;
+ want_read = want_write = false;
+
+ String e;
+ switch (SSL_get_error(_ssl, value)) {
+ case SSL_ERROR_NONE:
+ e = "SSL_ERROR_NONE";
+ break;
+ case SSL_ERROR_ZERO_RETURN:
+ e = "SSL_ERROR_ZERO_RETURN";
+ break;
+ case SSL_ERROR_WANT_READ:
+ want_read = true;
+ return;
+ case SSL_ERROR_WANT_WRITE:
+ want_write = true;
+ return;
+ case SSL_ERROR_WANT_CONNECT:
+ e = "SSL_ERROR_WANT_CONNECT";
+ break;
+ case SSL_ERROR_WANT_ACCEPT:
+ e = "SSL_ERROR_WANT_ACCEPT";
+ break;
+ case SSL_ERROR_WANT_X509_LOOKUP:
+ e = "SSL_ERROR_WANT_X509_LOOKUP";
+ break;
+ case SSL_ERROR_SYSCALL:
+ e = "SSL_ERROR_SYSCALL";
+ break;
+ case SSL_ERROR_SSL:
+ e = "SSL_ERROR_SSL";
+ break;
+ }
+ throw String("SSL_read() error: ") + e;
}
--- conga/ricci/ricci/SSLInstance.h 2006/08/10 22:53:09 1.5
+++ conga/ricci/ricci/SSLInstance.h 2007/08/30 17:07:14 1.6
@@ -1,5 +1,5 @@
/*
- Copyright Red Hat, Inc. 2005
+ Copyright Red Hat, Inc. 2005-2007
This program is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the
@@ -13,7 +13,7 @@
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
- Free Software Foundation, Inc., 675 Mass Ave, Cambridge,
+ Free Software Foundation, Inc., 675 Mass Ave, Cambridge,
MA 02139, USA.
*/
/*
@@ -35,38 +35,35 @@
class SSLInstance
{
- public:
- SSLInstance(ClientSocket sock);
- virtual ~SSLInstance();
-
- bool accept(unsigned int timeout);
-
- String send(const String& msg, unsigned int timeout);
- String recv(unsigned int timeout);
-
-
- bool client_has_cert();
- bool client_cert_authed(); // return true if peer's cert authenticated (either thru CA chain, or cert present)
-
- bool save_client_cert();
- bool remove_client_cert();
-
- ClientSocket& socket();
-
- private:
- SSLInstance(const SSLInstance&);
- SSLInstance operator=(const SSLInstance&);
-
- ClientSocket _sock;
- SSL* _ssl;
- String _cert_pem;
-
- bool _accepted;
-
- void check_error(int value, bool& want_read, bool& want_write);
-
-
-}; // class SSLInstance
+ public:
+ SSLInstance(ClientSocket sock);
+ virtual ~SSLInstance();
+ bool accept(unsigned int timeout);
-#endif // SSLInstance_h
+ String send(const String& msg, unsigned int timeout);
+ String recv(unsigned int timeout);
+
+ // return true if peer's cert authenticated
+ // (either thru CA chain, or cert present)
+ bool client_cert_authed();
+
+ bool client_has_cert();
+ bool save_client_cert();
+ bool remove_client_cert();
+
+ ClientSocket& socket();
+
+ private:
+ SSLInstance(const SSLInstance&);
+ SSLInstance operator=(const SSLInstance&);
+
+ ClientSocket _sock;
+ SSL *_ssl;
+ String _cert_pem;
+
+ bool _accepted;
+ void check_error(int value, bool& want_read, bool& want_write);
+}; // class SSLInstance
+
+#endif // SSLInstance_h
--- conga/ricci/ricci/Server.cpp 2007/08/21 21:26:49 1.6
+++ conga/ricci/ricci/Server.cpp 2007/08/30 17:07:14 1.7
@@ -1,5 +1,5 @@
/*
- Copyright Red Hat, Inc. 2005
+ Copyright Red Hat, Inc. 2005-2007
This program is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the
@@ -13,7 +13,7 @@
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
- Free Software Foundation, Inc., 675 Mass Ave, Cambridge,
+ Free Software Foundation, Inc., 675 Mass Ave, Cambridge,
MA 02139, USA.
*/
/*
@@ -43,102 +43,100 @@
#include <list>
#include <iostream>
-
using namespace std;
-
-
static time_t last_purge = 0;
static bool shutdown_pending = false;
static void shutdown(int);
-
-
-
-
Server::Server(const ServerSocket& serv_sock) :
- _server(serv_sock)
+ _server(serv_sock)
{
- _server.nonblocking(true);
+ _server.nonblocking(true);
}
Server::~Server()
{}
-
-void
+void
Server::run()
{
- // restart unfinished jobs
- Batch::restart_batches();
-
- // handle clients
- list<counting_auto_ptr<ClientInstance> > clients;
-
- setup_signal(SIGINT, shutdown);
- setup_signal(SIGTERM, shutdown);
- setup_signal(SIGPIPE, SIG_IGN);
- unblock_signal(SIGSEGV);
-
- while (!shutdown_pending) {
- poll_fd poll_data;
- poll_data.fd = _server.get_sock();
- poll_data.events = POLLIN;
- poll_data.revents = 0;
-
- // wait for events
- int ret = poll(&poll_data, 1, 1000);
- time_t cur_time = time(NULL);
- if (ret == 0 || cur_time - last_purge >= 2) {
- last_purge = cur_time;
- // clean up clients
- list<list<counting_auto_ptr<ClientInstance> >::iterator> remove_us;
- for (list<counting_auto_ptr<ClientInstance> >::iterator iter = clients.begin();
- iter != clients.end();
- iter++)
- if ((*iter)->done())
- remove_us.push_back(iter);
- for (list<list<counting_auto_ptr<ClientInstance> >::iterator>::iterator
- iter = remove_us.begin();
- iter != remove_us.end();
- iter++) {
- clients.erase(*iter);
- cout << "client removed" << endl;
- }
- }
-
- if (ret == 0) {
- // continue waiting
- continue;
- } else if (ret == -1) {
- if (errno == EINTR)
- continue;
- else
- throw String("poll() error: " + String(strerror(errno)));
- }
-
- // process events
- if (poll_data.revents & POLLIN) {
- try {
- ClientSocket sock = _server.accept();
- counting_auto_ptr<ClientInstance>
- client(new ClientInstance(sock, _dbus_controller));
- client->start();
- clients.push_back(client);
- cout << "client added" << endl;
- } catch ( String e ) {
- cout << "exception: " << e << endl;
- } catch ( ... ) {}
- }
- if (poll_data.revents & (POLLERR | POLLHUP | POLLNVAL))
- throw String("server socket error????");
-
- } // while
-}
+ // restart unfinished jobs
+ Batch::restart_batches();
+
+ // handle clients
+ list<counting_auto_ptr<ClientInstance> > clients;
+ setup_signal(SIGINT, shutdown);
+ setup_signal(SIGTERM, shutdown);
+ setup_signal(SIGPIPE, SIG_IGN);
+ unblock_signal(SIGSEGV);
+
+ while (!shutdown_pending) {
+ poll_fd poll_data;
+ poll_data.fd = _server.get_sock();
+ poll_data.events = POLLIN;
+ poll_data.revents = 0;
+
+ // wait for events
+ int ret = poll(&poll_data, 1, 1000);
+ time_t cur_time = time(NULL);
+
+ if (ret == 0 || cur_time - last_purge >= 2) {
+ last_purge = cur_time;
+ // clean up clients
+
+ list<list<counting_auto_ptr<ClientInstance> >::iterator> remove_us;
+ for (list<counting_auto_ptr<ClientInstance> >::iterator
+ iter = clients.begin() ;
+ iter != clients.end() ;
+ iter++)
+ {
+ if ((*iter)->done())
+ remove_us.push_back(iter);
+ }
+
+ for (list<list<counting_auto_ptr<ClientInstance> >::iterator>::iterator
+ iter = remove_us.begin() ;
+ iter != remove_us.end() ;
+ iter++)
+ {
+ clients.erase(*iter);
+ cerr << "client removed" << endl;
+ }
+ }
+
+ if (ret == 0) {
+ // continue waiting
+ continue;
+ } else if (ret == -1) {
+ if (errno == EINTR)
+ continue;
+ else
+ throw String("poll() error: " + String(strerror(errno)));
+ }
+
+ // process events
+ if (poll_data.revents & POLLIN) {
+ try {
+ ClientSocket sock = _server.accept();
+ counting_auto_ptr<ClientInstance> client(new ClientInstance(sock, _dbus_controller));
+
+ client->start();
+ clients.push_back(client);
+ cerr << "client added" << endl;
+ } catch ( String e ) {
+ cerr << "exception: " << e << endl;
+ } catch ( ... ) {}
+ }
+
+ if (poll_data.revents & (POLLERR | POLLHUP | POLLNVAL))
+ throw String("server socket error????");
+ } // while
+}
void
shutdown(int)
{
- shutdown_pending = true;
+ shutdown_pending = true;
}
--- conga/ricci/ricci/Server.h 2006/04/03 14:45:41 1.2
+++ conga/ricci/ricci/Server.h 2007/08/30 17:07:14 1.3
@@ -1,5 +1,5 @@
/*
- Copyright Red Hat, Inc. 2005
+ Copyright Red Hat, Inc. 2005-2007
This program is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the
@@ -13,7 +13,7 @@
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
- Free Software Foundation, Inc., 675 Mass Ave, Cambridge,
+ Free Software Foundation, Inc., 675 Mass Ave, Cambridge,
MA 02139, USA.
*/
/*
@@ -27,20 +27,17 @@
#include "Socket.h"
#include "DBusController.h"
-
class Server
{
- public:
- Server(const ServerSocket& serv_sock);
- virtual ~Server();
-
- void run();
-
- private:
- ServerSocket _server;
- DBusController _dbus_controller;
-
+ public:
+ Server(const ServerSocket& serv_sock);
+ virtual ~Server();
+
+ void run();
+
+ private:
+ ServerSocket _server;
+ DBusController _dbus_controller;
};
-
-#endif // Server_h
+#endif // Server_h
--- conga/ricci/ricci/dbus_test.cpp 2006/08/10 22:53:09 1.4
+++ conga/ricci/ricci/dbus_test.cpp 2007/08/30 17:07:14 1.5
@@ -10,27 +10,27 @@
int main(int argc, char **argv)
{
- DBusConnection* conn = dbus_bus_get(DBUS_BUS_SYSTEM,
+ DBusConnection* conn = dbus_bus_get(DBUS_BUS_SYSTEM,
NULL);
-
+
DBusMessage* msg = dbus_message_new_method_call("com.redhat.ricci",
- "/com/redhat/ricci",
- "com.redhat.ricci",
+ "/com/redhat/ricci",
+ "com.redhat.ricci",
"modlog_rw");
-
+
cout << "max msg size: " << dbus_connection_get_max_message_size(conn) << endl;
-
+
// construct xml request
String xml = "<?xml version=\"1.0\" ?>";
xml += "<request sequence=\"1254\">";
xml += "<function_call name=\"get_cluster.conf\">";
xml += "</function_call>";
xml += "</request>";
-
+
dbus_message_append_args(msg,
DBUS_TYPE_STRING, xml.c_str(),
DBUS_TYPE_INVALID);
-
+
DBusError error;
dbus_error_init (&error);
DBusMessage *resp = dbus_connection_send_with_reply_and_block(conn,
@@ -38,24 +38,24 @@
100000,
&error);
dbus_message_unref(msg);
-
+
if (resp) {
int status;
char* out;
char* err;
dbus_message_get_args(resp,
NULL,
- DBUS_TYPE_INT32, &status,
- DBUS_TYPE_STRING, &out,
+ DBUS_TYPE_INT32, &status,
+ DBUS_TYPE_STRING, &out,
DBUS_TYPE_STRING, &err);
-
+
cout << "status: " << status << endl;
cout << "out: " << out << endl;
cout << "out size: " << String(out).size() << endl;
cout << "err: " << err << endl;
-
+
dbus_message_unref(resp);
- } else
+ } else
cout << "error: " << error.message << endl;
-
+
}
--- conga/ricci/ricci/main.cpp 2006/08/10 22:53:09 1.4
+++ conga/ricci/ricci/main.cpp 2007/08/30 17:07:14 1.5
@@ -1,5 +1,5 @@
/*
- Copyright Red Hat, Inc. 2005
+ Copyright Red Hat, Inc. 2005-2007
This program is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the
@@ -13,7 +13,7 @@
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
- Free Software Foundation, Inc., 675 Mass Ave, Cambridge,
+ Free Software Foundation, Inc., 675 Mass Ave, Cambridge,
MA 02139, USA.
*/
/*
@@ -24,64 +24,104 @@
#include "Server.h"
#include "ricci_defines.h"
-#include <sys/types.h>
+#include <stdio.h>
#include <unistd.h>
+#include <stdlib.h>
+#include <sys/types.h>
+#include <errno.h>
+
extern "C" {
- void daemon_init(char *prog);
+ void daemon_init(char *prog);
}
-
-
#include <iostream>
using namespace std;
+bool foreground = false;
+bool debug = false;
+bool advertise_cluster = false;
int main(int argc, char** argv)
{
- bool foreground=false, debug=false;
- unsigned int uid = 0;
-
- int rv;
- while ((rv = getopt(argc, argv, "fdu:")) != EOF)
- switch (rv) {
- case 'd':
- debug = true;
- break;
- case 'f':
- foreground = true;
- break;
- case 'u':
- sscanf(optarg, "%d", &uid);
- break;
- default:
- break;
- }
-
- if (geteuid() != 0) {
- cout << "Only root can run this" << endl;
- return 1;
- }
-
- try {
- ServerSocket serv_sock(RICCI_SERVER_PORT);
-
- if (!foreground)
- daemon_init(argv[0]);
-
- if (uid != 0)
- // change user
- if (setreuid(uid, uid)) {
- cout << "unable to change uid to " << uid << endl;
- return 1;
- }
-
- Server server(serv_sock);
- server.run();
- } catch ( String e ) {
- cout << "exception: " << e << endl;
- return 1;
- }
- return 0;
+ uint32_t uid = 0;
+ int32_t ricci_port = RICCI_SERVER_PORT;
+
+ int rv;
+ while ((rv = getopt(argc, argv, "cdfu:p:")) != EOF) {
+ switch (rv) {
+ case 'c':
+ advertise_cluster = true;
+ break;
+
+ case 'd':
+ debug = true;
+ break;
+
+ case 'f':
+ foreground = true;
+ break;
+
+ case 'p':
+ if (optarg != NULL) {
+ uint32_t port;
+ char *e = NULL;
+
+ port = strtoul(optarg, &e, 10);
+ if (*e != '\0' || !port || (port & 0xffff) != port) {
+ fprintf(stderr, "Invalid port: %s\n", optarg);
+ exit(1);
+ }
+ ricci_port = port;
+ }
+ break;
+
+ case 'u':
+ if (optarg != NULL) {
+ char *e = NULL;
+ uid = strtoul(optarg, &e, 10);
+ if (*e != '\0') {
+ fprintf(stderr, "Invalid uid: %s\n", optarg);
+ exit(1);
+ }
+ }
+ break;
+
+ default:
+ break;
+ }
+ }
+
+ if (geteuid() != 0) {
+ fprintf(stderr, "You must be root to run this program.\n");
+ exit(1);
+ }
+
+ try {
+ ServerSocket serv_sock(RICCI_SERVER_PORT);
+
+ if (!foreground)
+ daemon_init(argv[0]);
+
+ if (uid != getuid()) {
+ // change user
+ if (setreuid(uid, uid)) {
+ fprintf(stderr, "Error changing uid to %u: %s\n",
+ uid, strerror(errno));
+ exit(1);
+ }
+ }
+
+ Server server(serv_sock);
+ server.run();
+ } catch ( String e ) {
+ cerr << "exception: " << e << endl;
+ exit(1);
+ } catch ( ... ) {
+ cerr << "exception caught" << endl;
+ exit(1);
+ }
+
+ exit(0);
}
--- conga/ricci/ricci/ricci_defines.h 2006/08/16 06:34:20 1.8
+++ conga/ricci/ricci/ricci_defines.h 2007/08/30 17:07:14 1.9
@@ -1,5 +1,5 @@
/*
- Copyright Red Hat, Inc. 2005
+ Copyright Red Hat, Inc. 2005-2007
This program is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the
@@ -13,7 +13,7 @@
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
- Free Software Foundation, Inc., 675 Mass Ave, Cambridge,
+ Free Software Foundation, Inc., 675 Mass Ave, Cambridge,
MA 02139, USA.
*/
/*
@@ -25,19 +25,17 @@
#define ricci_defines_h
+#define RICCI_SERVER_PORT 11111
-#define RICCI_SERVER_PORT 11111
+#define SERVER_CERT_PATH "/var/lib/ricci/certs/cacert.pem"
+#define SERVER_KEY_PATH "/var/lib/ricci/certs/privkey.pem"
+#define CLIENT_AUTH_CAs_PATH "/var/lib/ricci/certs/auth_CAs.pem"
+#define CLIENT_CERTS_DIR_PATH "/var/lib/ricci/certs/clients/"
-#define SERVER_CERT_PATH "/var/lib/ricci/certs/cacert.pem"
-#define SERVER_KEY_PATH "/var/lib/ricci/certs/privkey.pem"
-#define CLIENT_AUTH_CAs_PATH "/var/lib/ricci/certs/auth_CAs.pem"
-#define CLIENT_CERTS_DIR_PATH "/var/lib/ricci/certs/clients/"
+#define QUEUE_DIR_PATH "/var/lib/ricci/queue/"
+#define QUEUE_LOCK_PATH "/var/lib/ricci/queue/lock"
-#define QUEUE_DIR_PATH "/var/lib/ricci/queue/"
-#define QUEUE_LOCK_PATH "/var/lib/ricci/queue/lock"
+#define AUTH_HELPER_PATH "/usr/libexec/ricci/ricci-auth"
+#define RICCI_WORKER_PATH "/usr/libexec/ricci/ricci-worker"
-#define AUTH_HELPER_PATH "/usr/libexec/ricci/ricci-auth"
-#define RICCI_WORKER_PATH "/usr/libexec/ricci/ricci-worker"
-
-
-#endif // ricci_defines_h
+#endif // ricci_defines_h
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2007-08-30 17:07 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-08-30 17:07 [Cluster-devel] conga/ricci/ricci Auth.cpp Auth.h ClientInstan rmccabe
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).