[gomd-devel] <DAEMON> first release for complete SCX.

[Gian Paolo Ghilardi]

Hi all

Here we go.
First full SCX release.

Some small bugs to be fixed, but the stuff does work.
In next release current node will be postponed to be the last one as discussed
in previous mail.

Check the CVS notes below for detailed infos and extra infos. :)

Try with launching gomd with the "-s" option, then request:
cmd ls                         should be refused because command not listed
cmd nmap                   should be refused because command is blacklisted
cmd ls /usr                  should be excuted
cwc ls                          should be refused because command not listed
cwc nmap                    should be refused because command is blacklisted
cwc ls /usr                   should be excuted

I hope you like the stuff. :)
I need comments.

Byez.

<rejected>

<< CVS NOTES >>

NOTE: first release for the full SCX facility (with 2 security layers).
- added cluster-wide support
- linked to SCX command-check facility (1 security layer)
- linked to updated checks of security class (2 security layer => require strict
security mode enabled)

The request processing sequence:
- request is parsed, analyzed, splitted and finally executed (connHandler class)
- if the security is set to strict mode, the parsed command is checked to see if
it is blacklisted (security class)
- the parsed command is checked to see if it is a valid, listed command
(scxCmdsbook class).

IN chSupport.h/chSupport.cpp
(N) this new class ("ch" stands for "connHandler") contains 3 functions moved
from the "official"
      connHandler class. These functions are not important for the life of
connHandler and they
      are thread-safe by nature because they can be only read.
      The object (just one!) is created in csCollector (the global "service
provider" for gomd) so each
      connHandler object shares it and can use it.
(+) added 3 functions:
      - chSupport() => (was fillRulesArray()
      - showHelp()
      - showErrorCodes()

IN connHandler.h/connHandler.cpp
(+) added support for the full SCX mode.
(+) huge cleanups
(+) added string securityChecks() to perform common checks.
(-) moved fillRulesArray(), showHelp() and showErrorCodes() to new chSupport 
class.
(f) fixed huge bug while requesting node list with oM not started!
      
IN constants.h
(+) added SEC_FAKE_DIR constant used in security class.

IN csCollector.h/csCollector.cpp
(+) added support for chSupport.

IN main.cpp
(-) moved security class stuff to csCollector

IN security.h/security.cpp
(N) the updated security class includes some new security checks.
      To enable them, launch gomd with the -s/--security option.
(+) added 3 new functions:
      - changeCurrWorkingDir() =>change the current working directory for gomd
to a fake
                                                directory defined in constants.h
(so commands executed by SCX
                                                are banished in this fake 
directory)
      - isOMEnabled() => check if oM is enabled and/or the node is properly
configured
      - setStrictSecurity() => do perform all the checks
(+) updated

PS: I've just notice some small bugs => they will be corrected ASAP.
PS#2: this is an huge update => the new stuff needs lots of tests. ASAP I'll
provide an extended stress test (something like an test unit).