📄 rfc3179.txt
字号:
Network Working Group J. Schoenwaelder
Request for Comments: 3179 TU Braunschweig
Obsoletes: 2593 J. Quittek
Category: Experimental NEC Europe Ltd.
October 2001
Script MIB Extensibility Protocol Version 1.1
Status of this Memo
This memo defines an Experimental Protocol for the Internet
community. It does not specify an Internet standard of any kind.
Discussion and suggestions for improvement are requested.
Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2001). All Rights Reserved.
Abstract
The Script MIB extensibility protocol (SMX) defined in this memo
separates language specific runtime systems from language independent
Script MIB implementations. The IETF Script MIB defines an interface
for the delegation of management functions based on the Internet
management framework. A management script is a set of instructions
that are executed by a language specific runtime system.
Table of Contents
1 Introduction ................................................. 2
2 Process Model and Communication Model ........................ 3
3 Security Profiles ............................................ 4
4 Start of Runtime Systems and Connection Establishment ........ 4
5 SMX Messages ................................................. 5
5.1 Common Definitions ......................................... 5
5.2 Commands ................................................... 7
5.3 Replies .................................................... 7
6 Elements of Procedure ........................................ 9
6.1 SMX Message Processing on the Runtime Systems .............. 9
6.1.1 Processing the `hello' Command ........................... 10
6.1.2 Processing the `start' Command ........................... 10
6.1.3 Processing the `suspend' Command ......................... 11
6.1.4 Processing the `resume' Command .......................... 12
6.1.5 Processing the `abort' Command ........................... 12
6.1.6 Processing the `status' Command .......................... 12
6.1.7 Generation of Asynchronous Notifications ................. 13
Schoenwaelder & Quittek Experimental [Page 1]
RFC 3179 SMX Protocol 1.1 October 2001
6.2 SMX Message Processing on the SNMP Agent ................... 13
6.2.1 Creating a Runtime System ................................ 14
6.2.2 Generating the `hello' Command ........................... 14
6.2.3 Generating the `start' Command ........................... 15
6.2.4 Generating the `suspend' Command ......................... 16
6.2.5 Generating the `resume' Command .......................... 16
6.2.6 Generating the `abort' Command ........................... 17
6.2.7 Generating the `status' Command .......................... 18
6.2.8 Processing Asynchronous Notifications .................... 19
7 Example SMX Message Flow ..................................... 20
8 Transport Mappings ........................................... 20
8.1 SMX over Bi-directional Pipes .............................. 21
8.2 SMX over TCP ............................................... 21
9 Security Considerations ...................................... 21
10 Changes from RFC 2593 ....................................... 22
11 Acknowledgments ............................................. 23
12 References .................................................. 23
13 Authors' Addresses .......................................... 24
14 Full Copyright Statement .................................... 25
1. Introduction
The Script MIB [1] defines a standard interface for the delegation of
management functions based on the Internet management framework. In
particular, it provides the following capabilities:
1. Transfer of management scripts to a distributed manager.
2. Initiating, suspending, resuming and terminating management
scripts.
3. Transfer of arguments for management scripts.
4. Monitoring and control of running management scripts.
5. Transfer of results produced by management scripts.
A management script is a set of instructions executed by a language
specific runtime system. The Script MIB does not prescribe a
specific language. Instead, it allows to control scripts written in
different languages that are executing concurrently.
The Script MIB Extensibility protocol (SMX) defined in this memo can
be used to separate language specific runtime systems from the
runtime system independent Script MIB implementations. The
lightweight SMX protocol can be used to support different runtime
systems without any changes to the language neutral part of a Script
MIB implementation.
Schoenwaelder & Quittek Experimental [Page 2]
RFC 3179 SMX Protocol 1.1 October 2001
Examples of languages and runtime systems considered during the
design of the SMX protocol are the Java virtual machine [2] and the
Tool Command Language (Tcl) [3]. Other languages with comparable
features should be easy to integrate as well.
2. Process Model and Communication Model
Figure 1 shows the process and communication model underlying the SMX
protocol. The language and runtime system independent SNMP agent
implementing the Script MIB communicates with one ore more runtime
systems via the SMX protocol. A runtime system may be able to
execute one or multiple scripts simultaneously (multi-threading).
The SMX protocol supports multi-threading, but it does not require
multi-threaded runtime systems.
The SMX protocol uses a local storage device (usually implemented on
top of the local file system) to transfer scripts from the SNMP agent
to the runtime systems. The SNMP agent has read and write access to
the script storage device while the runtime systems only need read
access. The SMX protocol passes the location of a script in the
local storage device to the runtime engines. It is then the
responsibility of the runtime engines to load the script from the
specified location.
runtime 1
+--------------+ SMX +---------+
| |<-------------->| O O O |<-+
SNMP | Script MIB | +---------+ |
<---------->| | |
| SNMP Agent | runtime 2 |
| | SMX +---------+ |
| |<-------------->| O | |
+--------------+ +---------+ |
^ ^ |
| +---------+ | |
| | script |----------+ |
+------>| storage |------------------+
+---------+
Figure 1: SMX process and communication model
Schoenwaelder & Quittek Experimental [Page 3]
RFC 3179 SMX Protocol 1.1 October 2001
3. Security Profiles
Security profiles control what a running script is allowed to do. It
is useful to distinguish two different classes of security profiles:
- The operating system security profile specifies the set of
operating system services that can be used by the operating system
level process which executes a script. Under UNIX, this maps to
the effective user and group identity for the running process. In
addition, many UNIX versions allow to set other resource limits,
such as the number of open files or the maximum stack sizes.
Another mechanism in UNIX is the chroot() system call which
changes the file system root for a process. The chroot()
mechanism can be used to prevent runtime systems from accessing
any system files. It is suggested to make use of all applicable
operating system security mechanism in order to protect the
operating system from malicious scripts or runtime systems.
- Secure runtime systems provide fine grained control over the set
of services that can be used by a running script at a particular
point during script execution. A runtime security profile
specifying fine grained access control is runtime system
dependent. For a Java virtual machine, the runtime security
profile is interpreted by the SecurityManager and ClassLoader
classes[4]. For Tcl, the runtime security profile maps to the
interpreter's security profile [5].
The SMX protocol allows to execute scripts under different operating
system profiles and runtime system profiles. Multiple operating
system security profiles are realized by using multiple runtime
systems which execute in operating system processes with different
security profiles. Multiple runtime security profiles are supported
by passing a security profile name to a runtime system during script
invocation.
The Script MIB does not define how operating system or runtime system
security profiles are identified. This memo suggests that the
smLaunchOwner is mapped to an operating system security profile and a
runtime system security profile when a script is started.
4. Start of Runtime Systems and Connection Establishment
The SNMP agent starts runtime systems based on the static properties
of the runtime system (multi-threaded or single-threaded) and the
operating system security profiles. Starting a new runtime system
requires to create a process environment which matches the operating
system security profile.
Schoenwaelder & Quittek Experimental [Page 4]
RFC 3179 SMX Protocol 1.1 October 2001
In order to prevent SMX communication from untrusted peers the SNMP
agent has to choose a secure SMX transport. This memo defines two
transports in Section 8: (a) a bi-directional pipe using standard
input/output streams on the runtime engine side, and (b) a TCP
connection where the SNMP agent acts as a listening server that
accepts only connections from local runtime engines that authenticate
themselves with a secret shared between the agent and the runtime
engine.
5. SMX Messages
The message formats described below are defined using the Augmented
BNF (ABNF) defined in RFC 2234 [6]. The definitions for `ALPHA',
`DIGIT', `HEXDIG', `WSP', `CRLF', `CR', `LF', `HTAB', `VCHAR' and
`DQUOTE' are imported from appendix A of RFC 2234 and not repeated
here.
5.1. Common Definitions
The following ABNF definitions are used in subsequent sections to
define the SMX protocol messages.
Zero = %x30 ; the ASCII character '0'
ProfileChars = DIGIT / ALPHA / %x2D-2F / %x3A / %x5F
; digits, alphas, and the characters
; '-', '.', '/', ':', '_'
QuotedString = DQUOTE *(VCHAR / WSP) DQUOTE
HexString = 1*(HEXDIG HEXDIG)
Id = 1*DIGIT ; identifier for an SMX transaction
Script = QuotedString ; script file name
RunId = 1*DIGIT ; globally unique identifier for a
; running script (note, smRunIndex
; is only unique for a smLaunchOwner,
; smLaunchName pair)
Profile = 1*ProfileChars ; security profile name
RunState = "1" ; smRunState `initializing'
RunState =/ "2" ; smRunState `executing'
RunState =/ "3" ; smRunState `suspending'
RunState =/ "4" ; smRunState `suspended'
RunState =/ "5" ; smRunState `resuming'
Schoenwaelder & Quittek Experimental [Page 5]
RFC 3179 SMX Protocol 1.1 October 2001
RunState =/ "6" ; smRunState `aborting'
RunState =/ "7" ; smRunState `terminated'
ExitCode = "1" ; smRunExitCode `noError'
ExitCode =/ "2" ; smRunExitCode `halted'
ExitCode =/ "3" ; smRunExitCode `lifeTimeExceeded'
ExitCode =/ "4" ; smRunExitCode `noResourcesLeft'
ExitCode =/ "5" ; smRunExitCode `languageError'
ExitCode =/ "6" ; smRunExitCode `runtimeError'
ExitCode =/ "7" ; smRunExitCode `invalidArgument'
ExitCode =/ "8" ; smRunExitCode `securityViolation'
ExitCode =/ "9" ; smRunExitCode `genericError'
Authenticator = HexString ; authentication cookie
Version = "SMX/1.1" ; current version of the SMX protocol
Argument = HexString / QuotedString ; see smRunArgument
Result = HexString / QuotedString ; see smRunResult
ErrorMsg = HexString / QuotedString ; see smRunError
The definition of QuotedString requires further explanation. A
quoted string may contain special character sequences, all starting
with the backslash character (%x5C). The interpretation of these
sequences is as follows:
`\\' backslash character (`%x5C')
`\t' tab character (`HTAB')
`\n' newline character (`LF')
`\r' carriage-return character (`CR')
`\"' quote character (`DQUOTE')
In all other cases not listed above, the backslash is dropped and the
following character is treated as an ordinary character.
`Argument' and `Result' is either a QuotedString or a HexString. The
Script MIB defines script arguments and results as arbitrary octet
strings. The SMX protocol supports a binary and a human readable
representation since it is likely that printable argument and result
strings will be used frequently. However, an implementation must be
able to handle both formats in order to be compliant with the Script
MIB.
The `Authenticator' is a HexString which does not carry any semantics
other than being a random sequence of bytes. It is therefore not
necessary to have a human readable representation.
Schoenwaelder & Quittek Experimental [Page 6]
RFC 3179 SMX Protocol 1.1 October 2001
5.2. Commands
The following ABNF definitions define the set of SMX commands which
can be sent from the SNMP agent to a runtime system.
Command = "hello" WSP Id CRLF
Command =/ "start" WSP Id WSP RunId WSP Script WSP Profile
WSP Argument CRLF
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -