rfc2593.txt
来自「著名的RFC文档,其中有一些文档是已经翻译成中文的的.」· 文本 代码 · 共 1,236 行 · 第 1/4 页
TXT
1,236 行
Network Working Group J. SchoenwaelderRequest for Comments: 2593 TU BraunschweigCategory: Experimental J. Quittek NEC Europe Ltd. May 1999 Script MIB Extensibility Protocol Version 1.0Status of this Memo This memo defines an Experimental Protocol for the Internet community. It does not specify an Internet standard of any kind. Discussion and suggestions for improvement are requested. Distribution of this memo is unlimited.Copyright Notice Copyright (C) The Internet Society (1999). All Rights Reserved.Abstract The IETF Script MIB defines an interface for the delegation of management functions based on the Internet management framework. A management script is a set of instructions that are executed by a language specific runtime system. The Script MIB extensibility protocol (SMX) defined in this memo separates language specific runtime systems from language independent Script MIB implementations.Table of Contents 1. Introduction ................................................ 2 2. Process Model and Communication Model ....................... 3 3. Security Profiles ........................................... 3 4. Start of Runtime Systems and Connection Establishment ....... 4 5. SMX Messages ................................................ 5 5.1 Common Definitions ......................................... 5 5.2 Commands ................................................... 7 5.3 Replies .................................................... 8 6. Elements of Procedure ....................................... 9 6.1 SMX Message Processing on the Runtime Systems .............. 9 6.1.1 Processing the `hello' Command ........................... 10 6.1.2 Processing the `start' Command ........................... 10 6.1.3 Processing the `suspend' Command ......................... 11 6.1.4 Processing the `resume' Command .......................... 12 6.1.5 Processing the `abort' Command ........................... 12 6.1.6 Processing the `status' Command .......................... 12 6.1.7 Generation of Asynchronous Notifications ................. 13Schoenwaelder & Quittek Experimental [Page 1]
RFC 2593 SMX Protocol 1.0 May 1999 6.2 SMX Message Processing on the SNMP Agent ................... 13 6.2.1 Creating a Runtime System ................................ 13 6.2.2 Generating the `hello' Command ........................... 13 6.2.3 Generating the `start' Command ........................... 14 6.2.4 Generating the `suspend' Command ......................... 15 6.2.5 Generating the `resume' Command .......................... 16 6.2.6 Generating the `abort' Command ........................... 16 6.2.7 Generating the `status' Command .......................... 17 6.2.8 Processing Asynchronous Notifications .................... 18 7. An Example SMX Message Flow ................................. 19 8. Security Considerations ..................................... 19 9. Acknowledgments ............................................. 20 10. References ................................................. 20 11. Authors' Addresses ......................................... 21 12. Full Copyright Statement ................................... 221. Introduction The Script MIB [1] defines a standard interface for the delegation of management functions based on the Internet management framework. In particular, it provides the following capabilities: 1. Transfer of management scripts to a distributed manager. 2. Initiating, suspending, resuming and terminating management scripts. 3. Transfer of arguments for management scripts. 4. Monitoring and control of running management scripts. 5. Transfer of results produced by management scripts. A management script is a set of instructions executed by a language specific runtime system. The Script MIB does not prescribe a specific language. Instead, it allows to control scripts written in different languages that are executing concurrently. The Script MIB Extensibility protocol (SMX) defined in this memo can be used to separate language specific runtime systems from the runtime system independent Script MIB implementations. The lightweight SMX protocol can be used to support different runtime systems without any changes to the language neutral part of a Script MIB implementation. Examples of languages and runtime systems considered during the design of the SMX protocol are the Java virtual machine [2] and the Tool Command Language (Tcl) [3]. Other languages with comparableSchoenwaelder & Quittek Experimental [Page 2]
RFC 2593 SMX Protocol 1.0 May 1999 features should be easy to integrate as well.2. Process Model and Communication Model Figure 1 shows the process and communication model underlying the SMX protocol. The language and runtime system independent SNMP agent implementing the Script MIB communicates with one ore more runtime systems via the SMX protocol. A runtime system may be able to execute one or multiple scripts simultaneously (multi-threading). The SMX protocol supports multi-threading, but it does not require multi- threaded runtime systems. The SMX protocol uses a local storage device (usually implemented on top of the local file system) to transfer scripts from the SNMP agent to the runtime systems. The SNMP agent has read and write access to the script storage device while the runtime systems only need read access. The SMX protocol passes the location of a script in the local storage device to the runtime engines. It is then the responsibility of the runtime engines to load the script from the specified location. runtime 1 +--------------+ SMX +---------+ | |<-------------->| O O O |<-+ SNMP | Script MIB | +---------+ | <---------->| | | | SNMP Agent | runtime 2 | | | SMX +---------+ | | |<-------------->| O | | +--------------+ +---------+ | ^ ^ | | +---------+ | | | | script |----------+ | +------>| storage |------------------+ +---------+ Figure 1: SMX process and communication model3. Security Profiles Security profiles control what a running script is allowed to do. It is useful to distinguish two different classes of security profiles: - The operating system security profile specifies the set of operating system services that can be used by the operating system level process which executes a script. Under UNIX, this maps to the effective user and group identity for the runningSchoenwaelder & Quittek Experimental [Page 3]
RFC 2593 SMX Protocol 1.0 May 1999 process. In addition, many UNIX versions allow to set other resource limits, such as the number of open files or the maximum stack sizes. Another mechanism in UNIX is the chroot() system call which changes the file system root for a process. The chroot() mechanism can be used to prevent runtime systems from accessing any system files. It is suggested to make use of all applicable operating system security mechanism in order to protect the operating system from malicious scripts or runtime systems. - Secure runtime systems provide fine grained control over the set of services that can be used by a running script at a particular point during script execution. A runtime security profile specifying fine grained access control is runtime system dependent. For a Java virtual machine, the runtime security profile is interpreted by the SecurityManager and ClassLoader classes[4]. For Tcl, the runtime security profile maps to the interpreter's security profile [5]. The SMX protocol allows to execute scripts under different operating system profiles and runtime system profiles. Multiple operating system security profiles are realized by using multiple runtime systems which execute in operating system processes with different security profiles. Multiple runtime security profiles are supported by passing a security profile name to a runtime system during script invocation. The Script MIB does not define how operating system or runtime system security profiles are identified. This memo suggests that the smLaunchOwner is mapped to an operating system security profile and a runtime system security profile when a script is started.4. Start of Runtime Systems and Connection Establishment The SNMP agent starts runtime systems based on the static properties of the runtime system (multi-threaded or single-threaded) and the operating system security profiles. Starting a new runtime system requires to create a process environment which matches the operating system security profile. The SNMP agent initially passes information to the runtime system by means of environment variables. The information is needed to establish a trusted communication channel between the SNMP agent and a runtime system. The SNMP agent first creates a listening TCP socket which accepts connections from runtime systems. It is the responsibility of the runtime system to establish a connection to this TCP socket once itSchoenwaelder & Quittek Experimental [Page 4]
RFC 2593 SMX Protocol 1.0 May 1999 has been started. The port number of the listening TCP socket is passed from the SNMP agent to the runtime system in the environment variable SMX_PORT. The SNMP agent must ensure that only authorized runtime systems establish a connection to the listening TCP socket. The following rules are used for this purpose: - The TCP connection must originate from the local host. - The SNMP agent queries the runtime system for a security cookie and closes the TCP connection if no valid response is received within a given time interval. The security cookie is a random number generated by the SNMP agent and passed to the runtime system as part of its environment. The cookie is found in the environment variable SMX_COOKIE. The security assumption here is that access to the process environment is protected by the operating system. Alternate transports (e.g. UNIX domain sockets) are possible but not defined at this point in time. The reason to choose TCP as the transport protocol for SMX was that TCP is supported by all potential runtime systems, while other transports are not universally available.5. SMX Messages The message formats described below are defined using the Augmented BNF (ABNF) defined in RFC 2234 [6]. The definitions for `ALPHA', `DIGIT', `HEXDIG', `WSP', `CRLF', `CR', `LF', `HTAB', `VCHAR' and `DQUOTE' are imported from appendix A of RFC 2234 and not repeated here.5.1. Common Definitions The following ABNF definitions are used in subsequent sections to define the SMX protocol messages. Zero = %x30 ; the ASCII character '0' AlNum = DIGIT / ALPHA / %x2D-2F ; digits, alphas plus '-', '.', '/' QuotedString = DQUOTE *(VCHAR / WSP) DQUOTE HexString = 1*(HEXDIG HEXDIG)Schoenwaelder & Quittek Experimental [Page 5]
RFC 2593 SMX Protocol 1.0 May 1999 Id = 1*DIGIT ; identifier for an SMX transaction Script = QuotedString ; script file name RunId = 1*DIGIT ; globally unique identifier for a ; running script (note, smRunIndex ; is only unique for a smLaunchOwner, ; smLaunchName pair) Profile = 1*AlNum ; security profile name RunState = "1" ; smRunState `initializing' RunState =/ "2" ; smRunState `executing' RunState =/ "3" ; smRunState `suspending' RunState =/ "4" ; smRunState `suspended' RunState =/ "5" ; smRunState `resuming' RunState =/ "6" ; smRunState `aborting' RunState =/ "7" ; smRunState `terminated' ExitCode = "1" ; smRunExitCode `noError' ExitCode =/ "2" ; smRunExitCode `halted' ExitCode =/ "3" ; smRunExitCode `lifeTimeExceeded' ExitCode =/ "4" ; smRunExitCode `noResourcesLeft'⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?