diff --git a/.github/workflows/build_test.yml b/.github/workflows/build_test.yml index 657753538..efbf62879 100644 --- a/.github/workflows/build_test.yml +++ b/.github/workflows/build_test.yml @@ -2,7 +2,8 @@ name: Build and Test Workflow on: push: branches: - - v2.x/staging + - v3.x/staging + - v3.x/rc pull_request: types: [opened, reopened, synchronize] workflow_dispatch: diff --git a/CHANGELOG.md b/CHANGELOG.md index 4312ecf1a..92650925c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,26 @@ All notable changes to the ZSS package will be documented in this file. -## Recent Changes +## `3.0.0` +- Enhancement: if no `zowe.logDirectory` is defined in config, logging is disabled. (#726) + +## `2.18.0` +- Change log level for setting default value of 'httpRequestHeapMaxBlocks' to DEBUG instead of INFO.(#719) + +## `2.17.0` +- Code to configure the SLH block size of the http server through 'httpRequestHeapMaxBlocks' in the yaml.(#701) + +## `2.16.0` +- Bugfix: AUX should take leap seconds into account in their log messages' timestamp (#690, #691) + +## `2.14.0` +- Bugfix: ZSS would not use zowe.cookieIdentifier when an HA config was used. + +## `2.13.0` +- Enhancement: Added support for using "zowe.network" and "components.zss.zowe.network" to set listener IP and TLS version properties. (#659) +- Enhancement: Added support for using "zowe.network" and "components.zss.zowe.network" to set cipher suites. +- Enhancement: Change pattern matching for keyrings to allow more types of keyrings in the future (#581) +- Enhancement: Consolidate JWK warnings into improved ZWES1606W message (#663) - Bugfix: Corrected build environment file's use of IP address to github.com (#660) ## `2.10.0` diff --git a/Jenkinsfile b/Jenkinsfile deleted file mode 100644 index fd4bc6b6a..000000000 --- a/Jenkinsfile +++ /dev/null @@ -1,46 +0,0 @@ -#!groovy - -/** - * This program and the accompanying materials are - * made available under the terms of the Eclipse Public License v2.0 which accompanies - * this distribution, and is available at https://www.eclipse.org/legal/epl-v20.html - * - * SPDX-License-Identifier: EPL-2.0 - * - * Copyright Contributors to the Zowe Project. - */ - -node("zowe-jenkins-agent") { - - def lib = library("jenkins-library").org.zowe.jenkins_shared_library - def pipeline = lib.pipelines.generic.GenericPipeline.new(this) - - pipeline.admins.add("dnikolaev", "sgrady") - - pipeline.setup( - packageName: 'org.zowe.zss', - extraInit: { - pipeline.setVersion(sh(script: "cat version.txt", returnStdout: true).trim()) - } - ) - - pipeline.build( - operation: { - echo "Build will happen in pre-packaging" - } - ) - - // define we need packaging stage, which processed in .pax folder - pipeline.packaging(name: 'zss', paxOptions: '-x os390') - - // define we need publish stage - pipeline.publish( - allowPublishWithoutTest: true, - artifacts: [ - '.pax/zss.pax', - ] - ) - - pipeline.end() - -} diff --git a/README.md b/README.md index 7a1facfdc..cfaefbb0b 100644 --- a/README.md +++ b/README.md @@ -35,7 +35,7 @@ export ZWE_zowe_runtimeDirectory=/path/to/zowe-install-packaging ZWE_CLI_PARAMETER_CONFIG="FILE(/my/zowe.yaml)" ./zssServer.sh ``` -Note: ZSS defaults are in [defaults.yaml](https://github.com/zowe/zss/blob/v2.x/staging/defaults.yaml) so you only need to provide customizations in your own zowe.yaml. +Note: ZSS defaults are in [defaults.yaml](https://github.com/zowe/zss/blob/v3.x/staging/defaults.yaml) so you only need to provide customizations in your own zowe.yaml. ## How to submit a pull request @@ -57,7 +57,7 @@ git add deps/zowe-common-c/ When using ZSS as the agent to host files and folders, for example: for the Zowe Editor Desktop app by the App server, may lead to '401 Impersonator Error' Fix: Make sure the program-controlled bit is set for your ZSS binary `extattr +p zssServer` -ZSS in V2 takes advantage of V2 by using schemas and the Zowe configuration YAML. If you're running `zssServer` accidentally, instead of `zssServer.sh` or your `zssServer.sh` is out of date, you may see an error on start like `ZSS 2.x requires schemas and config` +ZSS in V3 takes advantage of V3 by using schemas and the Zowe configuration YAML. If you're running `zssServer` accidentally, instead of `zssServer.sh` or your `zssServer.sh` is out of date, you may see an error on start like `ZSS 2.x requires schemas and config` When starting ZSS, you may encounter a schema validation issue i.e. `Configuration has validity exceptions: Schema at '' invalid [...]`. Fix: To read these errors, consult: https://docs.zowe.org/stable/user-guide/configmgr-using/#validation-error-reporting @@ -65,7 +65,7 @@ Note: ZSS has a default schema in `$ZWES_COMPONENT_HOME/schemas` and default con ## Mock server -If you don't have access to z/OS, or want to help expand the Mock server, find it at: https://github.com/zowe/zss/tree/v2.x/staging/mock +If you don't have access to z/OS, or want to help expand the Mock server, find it at: https://github.com/zowe/zss/tree/v3.x/staging/mock This program and the accompanying materials are made available under the terms of the Eclipse Public License v2.0 which accompanies diff --git a/bin/configure.sh b/bin/configure.sh index 38367d234..61af36b10 100755 --- a/bin/configure.sh +++ b/bin/configure.sh @@ -25,6 +25,6 @@ if [ -n "${ZWE_components_zss_pluginsDir}" ]; then fi if [ "${ZWE_components_app_server_enabled}" != "true" ]; then - _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/components/zss/bin/plugins-init.js" + _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF),HEAPPOOLS64(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/components/zss/bin/plugins-init.js" fi diff --git a/bin/start.sh b/bin/start.sh index 0a1df3986..6f4a6e5c8 100755 --- a/bin/start.sh +++ b/bin/start.sh @@ -74,7 +74,13 @@ if [[ "${OSNAME}" == "OS/390" ]]; then then ZWES_LOG_DIR=${ZWE_zowe_logDirectory} else - ZWES_LOG_DIR="../log" + if [ -z "${ZWE_zowe_runtimeDirectory}" ]; then + ZWES_LOG_DIR="../log" + else + echo "No log directory. Logging disabled." + ZWES_LOG_DIR= + ZWES_LOG_FILE=/dev/null + fi fi fi if [ -f "$ZWES_LOG_DIR" ] @@ -82,12 +88,13 @@ if [[ "${OSNAME}" == "OS/390" ]]; then ZWES_LOG_FILE=$ZWES_LOG_DIR elif [ ! -d "$ZWES_LOG_DIR" ] then - echo "Will make log directory $ZWES_LOG_DIR" - mkdir -p $ZWES_LOG_DIR - if [ $? -ne 0 ] - then - echo "Cannot make log directory. Logging disabled." - ZWES_LOG_FILE=/dev/null + if [ -n "${ZWES_LOG_DIR}" ]; then + echo "Will make log directory $ZWES_LOG_DIR" + mkdir -p $ZWES_LOG_DIR + if [ $? -ne 0 ]; then + echo "Cannot make log directory. Logging disabled." + ZWES_LOG_FILE=/dev/null + fi fi fi ZWES_ROTATE_LOGS=0 @@ -168,7 +175,7 @@ if [[ "${OSNAME}" == "OS/390" ]]; then ZSS_SERVER_31="./zssServer" ZSS_SERVER_64="./zssServer64" - if [ "$ZWE_components_zss_agent_64bit" = "true" ] && [ -x "${ZSS_SERVER_64}" ]; then + if [ "$ZWE_components_zss_agent_64bit" != "false" ] && [ -x "${ZSS_SERVER_64}" ]; then ZSS_SERVER="${ZSS_SERVER_64}" else ZSS_SERVER="${ZSS_SERVER_31}" diff --git a/build/build_dynamic.sh b/build/build_dynamic.sh index bf0f7e047..4167e7491 100755 --- a/build/build_dynamic.sh +++ b/build/build_dynamic.sh @@ -146,7 +146,7 @@ do done -ld -V -b ac=1 -b rent -b case=mixed -b map -b xref -b reus -e getPluginDescriptor \ +ld -V -b rent -b case=mixed -b map -b xref -b reus -e getPluginDescriptor \ -o "//'${USER}.DEV.LOADLIB(ZWESISDL)'" \ zisdynamic.o \ server-api.o \ diff --git a/build/build_env.sh b/build/build_env.sh index f33c68456..bb2030900 100644 --- a/build/build_env.sh +++ b/build/build_env.sh @@ -40,7 +40,6 @@ c89 \ -DHTTPSERVER_BPX_IMPERSONATION=1 \ -DAPF_AUTHORIZED=0 \ -Wc,dll,expo,langlvl\(extc99\),gonum,goff,hgpr,roconst,ASM,asmlib\('CEE.SCEEMAC','SYS1.MACLIB','SYS1.MODGEN'\) \ - -Wl,ac=1 \ -I ${COMMON}/h \ -I ${ZSS}/h \ -o ${ZSS}/bin/envService \ diff --git a/build/build_zss.sh b/build/build_zss.sh index bd1b35950..394123121 100755 --- a/build/build_zss.sh +++ b/build/build_zss.sh @@ -151,7 +151,6 @@ xlc \ -DNEW_CAA_LOCATIONS=1 \ -Wc,dll,expo,langlvl\(extc99\),gonum,goff,hgpr,roconst,ASM,asmlib\('CEE.SCEEMAC','SYS1.MACLIB','SYS1.MODGEN'\) \ -Wc,xplink,agg,exp,list,so\(\),off,xref \ - -Wl,ac=1 \ -I ${COMMON}/h \ -I ${COMMON}/platform/posix \ -I ${COMMON}/jwt/jwt \ diff --git a/build/build_zss64.sh b/build/build_zss64.sh index e6fd32324..f07d63221 100755 --- a/build/build_zss64.sh +++ b/build/build_zss64.sh @@ -148,7 +148,7 @@ if ! c89 \ -DNEW_CAA_LOCATIONS=1 \ -Wc,lp64,dll,expo,langlvl\(extc99\),gonum,goff,hgpr,roconst,ASM,asmlib\('CEE.SCEEMAC','SYS1.MACLIB','SYS1.MODGEN'\) \ -Wc,agg,exp,list,so\(\),off,xref \ - -Wl,lp64,ac=1 \ + -Wl,lp64 \ -I ${COMMON}/h \ -I ${COMMON}/platform/posix \ -I ${COMMON}/jwt/jwt \ diff --git a/build/zis.proj.env b/build/zis.proj.env index 66a847fbe..2000fa510 100644 --- a/build/zis.proj.env +++ b/build/zis.proj.env @@ -1,4 +1,4 @@ PROJECT="zis" -VERSION=2.12.0 -DYNLINK_PLUGIN_VERSION=5 +VERSION=3.0.0 +DYNLINK_PLUGIN_VERSION=11 DEPS="" diff --git a/build/zss.proj.env b/build/zss.proj.env index cded01474..b30671c6b 100644 --- a/build/zss.proj.env +++ b/build/zss.proj.env @@ -1,5 +1,5 @@ PROJECT="zss" -VERSION=2.12.0 +VERSION=3.0.0 DEPS="QUICKJS LIBYAML" QUICKJS="quickjs" diff --git a/c/datasetjson.c b/c/datasetjson.c index 7601500c8..7f50ca41f 100644 --- a/c/datasetjson.c +++ b/c/datasetjson.c @@ -1575,7 +1575,7 @@ void updateDataset(HttpResponse* response, char* absolutePath, int jsonMode) { if(returnCode == 0) { int blockSize = 0x10000; - int maxBlockCount = (translationLength*2)/blockSize; + int maxBlockCount = (translationLength*4)/blockSize; if (!maxBlockCount){ maxBlockCount = 0x10; } diff --git a/c/jwk.c b/c/jwk.c index a90824856..520cae2a2 100644 --- a/c/jwk.c +++ b/c/jwk.c @@ -1,4 +1,3 @@ - /* This program and the accompanying materials are made available under the terms of the Eclipse Public License v2.0 which accompanies @@ -41,12 +40,13 @@ #include "jwk.h" static Json *receiveResponse(ShortLivedHeap *slh, HttpClientContext *httpClientContext, HttpClientSession *session, int *statusOut); -static Json *doRequest(ShortLivedHeap *slh, HttpClientSettings *clientSettings, TlsEnvironment *tlsEnv, char *path, int *statusOut); +static Json *doRequest(ShortLivedHeap *slh, HttpClientSettings *clientSettings, TlsEnvironment *tlsEnv, char *path, int *rc, int *rsn); static void getPublicKey(Json *jwk, x509_public_key_info *publicKeyOut, int *statusOut); -static int getJwk(JwkContext *context); +static void getJwk(JwkContext *context, int *rc, int *rsn); static int checkJwtSignature(JwsAlgorithm algorithm, int sigLen, const uint8_t *signature, int msgLen, const uint8_t *message, void *userData); static bool decodeBase64Url(const char *data, char *resultBuf, int *lenOut); static int jwkTaskMain(RLETask *task); +static const char *jwkHttpClientGetStrStatus(int status); void configureJwt(HttpServer *server, JwkSettings *settings) { int rc = 0; @@ -86,26 +86,33 @@ static int jwkTaskMain(RLETask *task) { JwkSettings *settings = context->settings; const int maxAttempts = 1000; const int retryIntervalSeconds = settings->retryIntervalSeconds; + const int warnInterval = 10; bool success = false; + int rc = 0; + int rsn = 0; + for (int i = 0; i < maxAttempts; i++) { - int status = getJwk(context); - if (status == JWK_STATUS_OK) { + getJwk(context, &rc, &rsn); + if (rc == JWK_STATUS_OK) { success = true; context->isPublicKeyInitialized = true; break; - } else if (status == JWK_STATUS_UNRECOGNIZED_FMT_ERROR) { + } else if (rc == JWK_STATUS_UNRECOGNIZED_FMT_ERROR) { zowelog(NULL, LOG_COMP_ID_JWK, ZOWE_LOG_WARNING, ZSS_LOG_JWK_UNRECOGNIZED_MSG); break; - } else if (status == JWK_STATUS_PUBLIC_KEY_ERROR) { + } else if (rc == JWK_STATUS_PUBLIC_KEY_ERROR) { zowelog(NULL, LOG_COMP_ID_JWK, ZOWE_LOG_WARNING, ZSS_LOG_JWK_PUBLIC_KEY_ERROR_MSG); break; - } else if (status == JWK_STATUS_HTTP_CONTEXT_ERROR) { + } else if (rc == JWK_STATUS_HTTP_CONTEXT_ERROR) { zowelog(NULL, LOG_COMP_ID_JWK, ZOWE_LOG_WARNING, ZSS_LOG_JWK_HTTP_CTX_ERROR_MSG); break; } else { - zowelog(NULL, LOG_COMP_ID_JWK, ZOWE_LOG_WARNING, ZSS_LOG_JWK_RETRY_MSG, - jwkGetStrStatus(status), retryIntervalSeconds); + //+1 to skip first round, with good timing message may be skipped entirely. + if ((i+1) % warnInterval == 0) { + zowelog(NULL, LOG_COMP_ID_JWK, ZOWE_LOG_WARNING, ZSS_LOG_JWK_RETRY_MSG, + jwkGetStrStatus(rc), rc, jwkHttpClientGetStrStatus(rsn), rsn, retryIntervalSeconds); + } sleep(retryIntervalSeconds); } } @@ -117,9 +124,8 @@ static int jwkTaskMain(RLETask *task) { fflush(stdout); } -static int getJwk(JwkContext *context) { +static void getJwk(JwkContext *context, int *rc, int *rsn) { JwkSettings *settings = context->settings; - int status = 0; ShortLivedHeap *slh = makeShortLivedHeap(0x40000, 0x40); HttpClientSettings clientSettings = {0}; @@ -127,22 +133,19 @@ static int getJwk(JwkContext *context) { clientSettings.port = settings->port; clientSettings.recvTimeoutSeconds = (settings->timeoutSeconds > 0) ? settings->timeoutSeconds : 10; - Json *jwkJson = doRequest(slh, &clientSettings, settings->tlsEnv, settings->path, &status); - if (status) { - zowelog(NULL, LOG_COMP_ID_JWK, ZOWE_LOG_WARNING, "failed to obtain JWK, status = %d\n", status); - } else { + Json *jwkJson = doRequest(slh, &clientSettings, settings->tlsEnv, settings->path, rc, rsn); + if (*rc == 0) { x509_public_key_info publicKey; - getPublicKey(jwkJson, &publicKey, &status); - if (status == 0) { + getPublicKey(jwkJson, &publicKey, rc); + if (*rc == 0) { context->publicKey = publicKey; } } SLHFree(slh); - return status; } -static Json *doRequest(ShortLivedHeap *slh, HttpClientSettings *clientSettings, TlsEnvironment *tlsEnv, char *path, int *statusOut) { - int status = 0; +static Json *doRequest(ShortLivedHeap *slh, HttpClientSettings *clientSettings, TlsEnvironment *tlsEnv, char *path, int *rc, int *rsn) { + *rsn = 0; HttpClientContext *httpClientContext = NULL; HttpClientSession *session = NULL; LoggingContext *loggingContext = makeLoggingContext(); @@ -151,40 +154,35 @@ static Json *doRequest(ShortLivedHeap *slh, HttpClientSettings *clientSettings, do { zowelog(NULL, LOG_COMP_ID_JWK, ZOWE_LOG_DEBUG, "JWK request to https://%s:%d%s\n", clientSettings->host, clientSettings->port, path); - status = httpClientContextInitSecure(clientSettings, loggingContext, tlsEnv, &httpClientContext); - if (status) { - zowelog(NULL, LOG_COMP_ID_JWK, ZOWE_LOG_WARNING, "error in httpcb ctx init: %d\n", status); - *statusOut = JWK_STATUS_HTTP_CONTEXT_ERROR; + *rsn = httpClientContextInitSecure(clientSettings, loggingContext, tlsEnv, &httpClientContext); + if (*rsn) { + *rc = JWK_STATUS_HTTP_CONTEXT_ERROR; break; } - status = httpClientSessionInit(httpClientContext, &session); - if (status) { - zowelog(NULL, LOG_COMP_ID_JWK, ZOWE_LOG_WARNING, "error initing session: %d\n", status); - *statusOut = JWK_STATUS_HTTP_REQUEST_ERROR; + *rsn = httpClientSessionInit(httpClientContext, &session); + if (*rsn) { + *rc = JWK_STATUS_HTTP_REQ_INIT_ERROR; break; } - status = httpClientSessionStageRequest(httpClientContext, session, "GET", path, NULL, NULL, NULL, 0); - if (status) { - zowelog(NULL, LOG_COMP_ID_JWK, ZOWE_LOG_WARNING, "error staging request: %d\n", status); - *statusOut = JWK_STATUS_HTTP_REQUEST_ERROR; + *rsn = httpClientSessionStageRequest(httpClientContext, session, "GET", path, NULL, NULL, NULL, 0); + if (*rsn) { + *rc = JWK_STATUS_HTTP_REQ_STAGING_ERROR; break; } requestStringHeader(session->request, TRUE, "accept", "application/json"); - status = httpClientSessionSend(httpClientContext, session); - if (status) { - zowelog(NULL, LOG_COMP_ID_JWK, ZOWE_LOG_WARNING, "error sending request: %d\n", status); - *statusOut = JWK_STATUS_HTTP_REQUEST_ERROR; + *rsn = httpClientSessionSend(httpClientContext, session); + if (*rsn) { + *rc = JWK_STATUS_HTTP_REQ_SEND_ERROR; break; } - jsonBody = receiveResponse(slh, httpClientContext, session, &status); - if (status) { - *statusOut = status; + jsonBody = receiveResponse(slh, httpClientContext, session, rc); + if (*rc) { + *rsn = *rc; break; } int statusCode = session->response->statusCode; if (statusCode != 200) { - zowelog(NULL, LOG_COMP_ID_JWK, ZOWE_LOG_WARNING, "HTTP status %d\n", statusCode); - *statusOut = JWK_STATUS_RESPONSE_ERROR; + *rc = JWK_STATUS_RESPONSE_ERROR; break; } } while (0); @@ -372,18 +370,53 @@ static const char *MESSAGES[] = { [JWK_STATUS_UNRECOGNIZED_FMT_ERROR] = "JWK is in unrecognized format", [JWK_STATUS_PUBLIC_KEY_ERROR] = "failed to create public key", [JWK_STATUS_HTTP_CONTEXT_ERROR] = "failed to init HTTP context", - [JWK_STATUS_HTTP_REQUEST_ERROR] = "failed to send HTTP request" + [JWK_STATUS_HTTP_REQ_INIT_ERROR] = "failed to init HTTP request", + [JWK_STATUS_HTTP_REQ_STAGING_ERROR] = "failed on staging HTTP request", + [JWK_STATUS_HTTP_REQ_SEND_ERROR] = "failed to send HTTP request" +}; + +static const char *HTTP_CLIENT_MESSAGES[] = { + [HTTP_CLIENT_INVALID_ARGUMENT] = "Invalid argument to client", + [HTTP_CLIENT_OUTPUT_WOULD_OVERFLOW] = "Output would overflow", + [HTTP_CLIENT_INVALID_PORT] = "Invalid port", + [HTTP_CLIENT_REQDSETTING_MISSING] = "Required setting missing", + [HTTP_CLIENT_LOOKUP_FAILED] = "Lookup failed", + [HTTP_CLIENT_CONNECT_FAILED] = "Connect failed", + [HTTP_CLIENT_SESSION_ERR] = "Client session error", + [HTTP_CLIENT_ADDRBYNAME_ERR] = "Hostname to IP error", + [HTTP_CLIENT_SEND_ERROR] = "Failed to send", + [HTTP_CLIENT_SOCK_UNREGISTERED] = "Socket unregistered", + [HTTP_CLIENT_SXREAD_ERROR] = "SelectX Read Error", + [HTTP_CLIENT_NO_REQUEST] = "No request", + [HTTP_CLIENT_NO_SOCKET] = "No Socket", + [HTTP_CLIENT_RESP_PARSE_FAILED] = "Response parsing failed", + [HTTP_CLIENT_READ_ERROR] = "Read error", + [HTTP_CLIENT_RESPONSE_ZEROLEN] = "Response is zero length", + [HTTP_CLIENT_TLS_ERROR] = "TLS error", + [HTTP_CLIENT_TLS_NOT_CONFIGURED] = "TLS not configured", }; + #define MESSAGE_COUNT sizeof(MESSAGES)/sizeof(MESSAGES[0]) const char *jwkGetStrStatus(int status) { if (status >= MESSAGE_COUNT || status < 0) { - return "Unknown status code"; + return "Unknown rc"; } const char *message = MESSAGES[status]; if (!message) { - return "Unknown status code"; + return "Unknown rc"; + } + return message; +} + +static const char *jwkHttpClientGetStrStatus(int status) { + if (status >= HTTP_CLIENT_TLS_NOT_CONFIGURED || status < 0) { + return "Unknown reason"; + } + const char *message = HTTP_CLIENT_MESSAGES[status]; + if (!message) { + return "Unknown reason"; } return message; } diff --git a/c/storageApiml.c b/c/storageApiml.c index 40fec1c77..c9760221f 100644 --- a/c/storageApiml.c +++ b/c/storageApiml.c @@ -557,7 +557,7 @@ c89 \ -DAPF_AUTHORIZED=0 \ -Wc,dll,langlvl\(extc99\),gonum,goff,hgpr,roconst,ASM,asmlib\('CEE.SCEEMAC','SYS1.MACLIB','SYS1.MODGEN'\) \ -Wc,agg,exp,list\(\),so\(\),off,xref \ - -Wl,ac=1,dll \ + -Wl,dll \ -I../h \ -I../deps/zowe-common-c/h \ -I/usr/lpp/gskssl/include \ diff --git a/c/zis/build.sh b/c/zis/build.sh deleted file mode 100644 index e253d40f9..000000000 --- a/c/zis/build.sh +++ /dev/null @@ -1,134 +0,0 @@ -# This program and the accompanying materials are -# made available under the terms of the Eclipse Public License v2.0 which accompanies -# this distribution, and is available at https://www.eclipse.org/legal/epl-v20.html -# -# SPDX-License-Identifier: EPL-2.0 -# -# Copyright Contributors to the Zowe Project. - -COMMON=../../../zowe-common-c - -CFLAGS=(-S -M -qmetal -q64 -DSUBPOOL=132 -DMETTLE=1 -DMSGPREFIX='"IDX"' --DRADMIN_XMEM_MODE --DCMS_LPA_DEV_MODE --qreserved_reg=r12 --Wc,"arch(8),agg,exp,list(),so(),off,xref,roconst,longname,lp64" -I ../../h --I $COMMON/h) - -ASFLAGS=(-mgoff -mobject -mflag=nocont --TERM --RENT) - -LDFLAGS=(-V -b ac=1 -b rent -b case=mixed -b map -b xref -b reus) - -xlc "${CFLAGS[@]}" \ -$COMMON/c/alloc.c \ -$COMMON/c/cmutils.c \ -$COMMON/c/collections.c \ -$COMMON/c/crossmemory.c \ -$COMMON/c/isgenq.c \ -$COMMON/c/le.c \ -$COMMON/c/logging.c \ -$COMMON/c/lpa.c -DLPA_LOG_DEBUG_MSG_ID='"ZIS00100I"' \ -$COMMON/c/metalio.c \ -$COMMON/c/mtlskt.c \ -$COMMON/c/nametoken.c \ -$COMMON/c/zos.c \ -$COMMON/c/qsam.c \ -$COMMON/c/radmin.c \ -$COMMON/c/recovery.c \ -$COMMON/c/resmgr.c \ -$COMMON/c/scheduling.c \ -$COMMON/c/stcbase.c \ -$COMMON/c/timeutls.c \ -$COMMON/c/utils.c \ -$COMMON/c/xlate.c \ -$COMMON/c/zvt.c \ -parm.c \ -plugin.c \ -server.c \ -service.c \ -services/auth.c \ -services/nwm.c \ -services/secmgmt.c \ -services/snarfer.c - -as "${ASFLAGS[@]}" -aegimrsx=alloc.asm alloc.s -as "${ASFLAGS[@]}" -aegimrsx=cmutils.asm cmutils.s -as "${ASFLAGS[@]}" -aegimrsx=collections.asm collections.s -as "${ASFLAGS[@]}" -aegimrsx=crossmemory.asm crossmemory.s -as "${ASFLAGS[@]}" -aegimrsx=isgenq.asm isgenq.s -as "${ASFLAGS[@]}" -aegimrsx=le.asm le.s -as "${ASFLAGS[@]}" -aegimrsx=logging.asm logging.s -as "${ASFLAGS[@]}" -aegimrsx=lpa.asm lpa.s -as "${ASFLAGS[@]}" -aegimrsx=metalio.asm metalio.s -as "${ASFLAGS[@]}" -aegimrsx=mtlskt.asm mtlskt.s -as "${ASFLAGS[@]}" -aegimrsx=nametoken.asm nametoken.s -as "${ASFLAGS[@]}" -aegimrsx=zos.asm zos.s -as "${ASFLAGS[@]}" -aegimrsx=qsam.asm qsam.s -as "${ASFLAGS[@]}" -aegimrsx=radmin.asm radmin.s -as "${ASFLAGS[@]}" -aegimrsx=recovery.asm recovery.s -as "${ASFLAGS[@]}" -aegimrsx=resmgr.asm resmgr.s -as "${ASFLAGS[@]}" -aegimrsx=scheduling.asm scheduling.s -as "${ASFLAGS[@]}" -aegimrsx=stcbase.asm stcbase.s -as "${ASFLAGS[@]}" -aegimrsx=timeutls.asm timeutls.s -as "${ASFLAGS[@]}" -aegimrsx=utils.asm utils.s -as "${ASFLAGS[@]}" -aegimrsx=xlate.asm xlate.s -as "${ASFLAGS[@]}" -aegimrsx=zvt.asm zvt.s - -as "${ASFLAGS[@]}" -aegimrsx=parm.asm parm.s -as "${ASFLAGS[@]}" -aegimrsx=plugin.asm plugin.s -as "${ASFLAGS[@]}" -aegimrsx=server.asm server.s -as "${ASFLAGS[@]}" -aegimrsx=service.asm service.s - -as "${ASFLAGS[@]}" -aegimrsx=auth.asm auth.s -as "${ASFLAGS[@]}" -aegimrsx=nwm.asm nwm.s -as "${ASFLAGS[@]}" -aegimrsx=snarfer.asm snarfer.s - -as "${ASFLAGS[@]}" -aegimrsx=auth.asm auth.s -as "${ASFLAGS[@]}" -aegimrsx=nwm.asm nwm.s -as "${ASFLAGS[@]}" -aegimrsx=secmgmt.asm secmgmt.s -as "${ASFLAGS[@]}" -aegimrsx=snarfer.asm snarfer.s - -export _LD_SYSLIB="//'SYS1.CSSLIB'://'CEE.SCEELKEX'://'CEE.SCEELKED'://'CEE.SCEERUN'://'CEE.SCEERUN2'://'CSF.SCSFMOD0'" - -ld "${LDFLAGS[@]}" -e main \ --o "//'$USER.DEV.LOADLIB(ZWESIS01)'" \ -alloc.o \ -cmutils.o \ -collections.o \ -crossmemory.o \ -isgenq.o \ -le.o \ -logging.o \ -lpa.o \ -metalio.o \ -mtlskt.o \ -nametoken.o \ -zos.o \ -qsam.o \ -radmin.o \ -recovery.o \ -resmgr.o \ -scheduling.o \ -stcbase.o \ -timeutls.o \ -utils.o \ -xlate.o \ -zvt.o \ -parm.o \ -plugin.o \ -server.o \ -service.o \ -auth.o \ -nwm.o \ -secmgmt.o \ -snarfer.o \ -> ZISSRV01.link - - -# This program and the accompanying materials are -# made available under the terms of the Eclipse Public License v2.0 which accompanies -# this distribution, and is available at https://www.eclipse.org/legal/epl-v20.html -# -# SPDX-License-Identifier: EPL-2.0 -# -# Copyright Contributors to the Zowe Project. diff --git a/c/zss.c b/c/zss.c index bce8aa91b..cb81a3812 100644 --- a/c/zss.c +++ b/c/zss.c @@ -355,6 +355,27 @@ static void setPrivilegedServerName(HttpServer *server, JsonObject *mvdSettings, } #endif /* __ZOWE_OS_ZOS */ +static void setHttpRequestHeapMaxBlocks(HttpServer *server, ConfigManager *configmgr){ + + int maxBlocks = 0; + int getStatus = cfgGetIntC(configmgr,ZSS_CFGNAME,&maxBlocks,3,"components","zss","httpHeapMaxBlocks"); + + if (getStatus == ZCFG_SUCCESS){ + if (maxBlocks > HTTP_REQUEST_HEAP_MAX_BLOCKS){ + zowelog(NULL, LOG_COMP_ID_MVD_SERVER, ZOWE_LOG_INFO, "httpHeapMaxBlocks out of range, max value is %d\n",HTTP_REQUEST_HEAP_MAX_BLOCKS); + maxBlocks = HTTP_REQUEST_HEAP_MAX_BLOCKS; + } else if (maxBlocks < HTTP_REQUEST_HEAP_MIN_BLOCKS){ + zowelog(NULL, LOG_COMP_ID_MVD_SERVER, ZOWE_LOG_INFO, "httpHeapMaxBlocks out of range, min value is %d\n",HTTP_REQUEST_HEAP_MIN_BLOCKS); + maxBlocks = HTTP_REQUEST_HEAP_MIN_BLOCKS; + } + zowelog(NULL, LOG_COMP_ID_MVD_SERVER, ZOWE_LOG_INFO, "httpHeapMaxBlocks should be between %d and %d\n",HTTP_REQUEST_HEAP_MIN_BLOCKS,HTTP_REQUEST_HEAP_MAX_BLOCKS); + } else{ + zowelog(NULL, LOG_COMP_ID_MVD_SERVER, ZOWE_LOG_DEBUG, "fallback to default server settings\n"); + maxBlocks = HTTP_REQUEST_HEAP_DEFAULT_BLOCKS; + } + server->config->httpRequestHeapMaxBlocks = (unsigned int)maxBlocks; +} + static void loadWebServerConfigV2(HttpServer *server, ConfigManager *configmgr, hashtable *htUsers, @@ -370,6 +391,7 @@ static void loadWebServerConfigV2(HttpServer *server, server->config->userTimeouts = htUsers; server->config->groupTimeouts = htGroups; server->config->defaultTimeout = defaultSessionTimeout; + setHttpRequestHeapMaxBlocks(server, configmgr); registerHttpServiceOfLastResort(server,NULL); #ifdef __ZOWE_OS_ZOS setPrivilegedServerNameV2(server, configmgr); @@ -1108,26 +1130,27 @@ static void readAgentAddressAndPortV2(ConfigManager *configmgr, char **addressHa static char* generateCookieNameV2(ConfigManager *configmgr, int port) { int cookieLength=256; char *cookieName = safeMalloc(cookieLength+1, "CookieName"); - char *zoweInstanceId = getenv("ZOWE_INSTANCE"); - char *haInstanceCountStr = getenv("ZWE_HA_INSTANCES_COUNT"); + int haInstanceCount=0; - if (haInstanceCountStr != NULL) { - haInstanceCount = atoi(haInstanceCountStr); - } - if (haInstanceCount > 1 && zoweInstanceId != NULL) { - snprintf(cookieName, cookieLength, "%s.%s", SESSION_TOKEN_COOKIE_NAME, zoweInstanceId); - } else { - snprintf(cookieName, cookieLength, "%s.%d", SESSION_TOKEN_COOKIE_NAME, port); + Json *result = NULL; + int rc = cfgGetAnyC(configmgr, ZSS_CFGNAME, &result, 1, "haInstances"); + if (jsonIsObject(result)){ + JsonObject *resultObj = jsonAsObject(result); + JsonProperty *prop = resultObj->firstProperty; + while (prop!=NULL){ + haInstanceCount++; + prop = prop->next; + } } - zowelog(NULL, LOG_COMP_ID_MVD_SERVER, ZOWE_LOG_DEBUG, "Cookie name set as %s\n",cookieName); - return cookieName; -} -static char* generateCookieName(JsonObject *envConfig, int port) { - int cookieLength=256; - char *cookieName = safeMalloc(cookieLength+1, "CookieName"); - char *zoweInstanceId = getenv("ZWE_zowe_cookieIdentifier"); - if (zoweInstanceId != NULL) { + zowelog(NULL, LOG_COMP_ID_MVD_SERVER, ZOWE_LOG_DEBUG, "instance count = %d\n", haInstanceCount); + + char *zoweInstanceId = NULL; + cfgGetStringC(configmgr, ZSS_CFGNAME, &zoweInstanceId, 2, "zowe", "cookieIdentifier"); + + zowelog(NULL, LOG_COMP_ID_MVD_SERVER, ZOWE_LOG_DEBUG, "cookieId = %s\n", zoweInstanceId); + + if (haInstanceCount > 1 && zoweInstanceId != NULL) { snprintf(cookieName, cookieLength, "%s.%s", SESSION_TOKEN_COOKIE_NAME, zoweInstanceId); } else { snprintf(cookieName, cookieLength, "%s.%d", SESSION_TOKEN_COOKIE_NAME, port); @@ -1147,6 +1170,8 @@ static char* generateCookieName(JsonObject *envConfig, int port) { #define AGENT_HTTPS_PREFIX "ZWED_agent_https_" #define ENV_AGENT_HTTPS_KEY(key) AGENT_HTTPS_PREFIX key +TLS_IANA_CIPHER_MAP(ianaCipherMap) + static bool readAgentHttpsSettingsV2(ShortLivedHeap *slh, ConfigManager *configmgr, char **outAddress, @@ -1161,13 +1186,46 @@ static bool readAgentHttpsSettingsV2(ShortLivedHeap *slh, JsonObject *httpsConfigObject = jsonAsObject(httpsConfig); TlsSettings *settings = (TlsSettings*)SLHAlloc(slh, sizeof(*settings)); settings->maxTls = jsonObjectGetString(httpsConfigObject, "maxTls"); - char *ciphers = jsonObjectGetString(httpsConfigObject, "ciphers"); + settings->minTls = jsonObjectGetString(httpsConfigObject, "minTls"); + + Json *cipherJson = jsonObjectGetPropertyValue(httpsConfigObject, "ciphers"); + char *ciphers = NULL; + if (jsonIsString(cipherJson)) { /* - * Takes a string of ciphers. This isn't ideal, but any other methods are - * going to be fairly complicated. - * + * Takes a string of ciphers. * ciphers: 13021303003500380039002F00320033 */ + ciphers = jsonObjectGetString(httpsConfigObject, "ciphers"); + zowelog(NULL, LOG_COMP_ID_MVD_SERVER, ZOWE_LOG_DEBUG, "Cipher string override to %s\n", ciphers); + } else { + JsonArray *cipherArray = jsonObjectGetArray(httpsConfigObject, "ciphers"); + int count = jsonArrayGetCount(cipherArray); + + int cipherCharLength = 4; + ciphers = (char *)safeMalloc((sizeof(char) * cipherCharLength * count)+1, "cipher list"); + + for (int i = 0; i < count; i++) { + char *ianaName = jsonArrayGetString(cipherArray, i); + zowelog(NULL, LOG_COMP_ID_MVD_SERVER, ZOWE_LOG_DEBUG, "Cipher request=%s\n", ianaName); + CipherMap *cipher = (CipherMap *)ianaCipherMap; + bool found = false; + while (cipher->suiteId != NULL) { + if (!strcmp(ianaName, cipher->name)) { + strcat(ciphers, cipher->suiteId); + zowelog(NULL, LOG_COMP_ID_MVD_SERVER, ZOWE_LOG_DEBUG, "Cipher match=%s\n", cipher->suiteId); + found = true; + break; + } + ++cipher; + } + if (!found) { + zowelog(NULL, LOG_COMP_ID_MVD_SERVER, ZOWE_LOG_WARNING, ZSS_LOG_CIPHER_INVALID_MSG, ianaName); + } + } + zowelog(NULL, LOG_COMP_ID_MVD_SERVER, ZOWE_LOG_DEBUG, "Cipher array override to %s\n", ciphers); + + } + ECVT *ecvt = getECVT(); /* 2.3 (1020300) no tls 1.3 diff --git a/defaults.yaml b/defaults.yaml index c3d872d34..71c340569 100644 --- a/defaults.yaml +++ b/defaults.yaml @@ -2,7 +2,7 @@ components: zss: port: 7557 crossMemoryServerName: ${{ ()=> { if (zowe.environments?.ZWED_privilegedServerName) { return zowe.environments.ZWED_privilegedServerName } else { if (zowe.environments?.ZWES_XMEM_SERVER_NAME) { return zowe.environments.ZWES_XMEM_SERVER_NAME } else { return "ZWESIS_STD" } } }() }} - tls: true + tls: "${{ ()=> { if (components.zss.zowe?.network?.server?.tls?.attls) { return false } else if (zowe.network?.server?.tls?.attls) { return false } else { return true } }() }}" productDir: ${{ zowe.runtimeDirectory }}/components/zss/defaults pluginsDir: ${{ zowe.workspaceDirectory }}/app-server/plugins instanceDir: ${{ zowe.workspaceDirectory }}/zss @@ -14,14 +14,17 @@ components: fallback: true retryIntervalSeconds: 10 https: - keyring: ${{ ()=> { if (components.zss.tls) { if (zowe.certificate.keystore.type == "JCERACFKS") { return zowe.certificate.keystore.file.replace(/safkeyring:\/+/,"") } else { return zowe.certificate.keystore.file } } else { return null } }() }} - password: ${{ ()=> { if (components.zss.tls) { if (zowe.certificate.keystore.type == "JCERACFKS") { return null } else { return zowe.certificate.keystore.password } } else { return null } }() }} + keyring: ${{ ()=> { if (components.zss.tls) { if (zowe.certificate.keystore.type.match(/JCE.*KS/)) { return zowe.certificate.keystore.file.replace(/safkeyring.*:\/+/,"") } else { return zowe.certificate.keystore.file } } else { return null } }() }} + password: ${{ ()=> { if (components.zss.tls) { if (zowe.certificate.keystore.type.match(/JCE.*KS/)) { return null } else { return zowe.certificate.keystore.password } } else { return null } }() }} label: ${{ ()=> { if (components.zss.tls) { return zowe.certificate.keystore.alias } else { return null } }() }} port: ${{ ()=> { if (components.zss.tls) { return components.zss.port } else { return null } }() }} - ipAddresses: ${{ ()=> { if (components.zss.tls){ if (zowe.environments?.ZWED_agent_https_ipAddresses){ return zowe.environments.ZWED_agent_https_ipAddresses.split(',') } else { return [ '0.0.0.0' ] } } else { return null } }() }} + ipAddresses: "${{ ()=> { if (components.zss.tls){ if (zowe.environments?.ZWED_agent_https_ipAddresses){ return zowe.environments.ZWED_agent_https_ipAddresses.split(',') } else if (components.zss.zowe?.network?.server?.listenAddresses) { return components.zss.zowe.network.server.listenAddresses } else if (zowe.network?.server?.listenAddresses) { return zowe.network.server.listenAddresses } else { return [ '0.0.0.0' ] } } else { return null } }() }}" + maxTls: "${{ ()=> { let maxTls = components.zss.zowe?.network?.server?.tls?.maxTls || zowe.network?.server?.tls?.maxTls; return maxTls ? maxTls : 'TLSv1.3'; }() }}" + minTls: "${{ ()=> { let minTls = components.zss.zowe?.network?.server?.tls?.minTls || zowe.network?.server?.tls?.minTls; return minTls ? minTls : 'TLSv1.2'; }() }}" + ciphers: "${{ ()=> { let ciphers = components.zss.zowe?.network?.server?.tls?.ciphers || zowe.network?.server?.tls?.ciphers; if (typeof ciphers == 'string') { return ciphers; } else if (Array.isArray(ciphers)) { return ciphers.map(cipher => cipher.toUpperCase()); } else { return [ 'TLS_AES_256_GCM_SHA384', 'TLS_AES_128_GCM_SHA256', 'TLS_CHACHA20_POLY1305_SHA256', 'TLS_DHE_RSA_WITH_AES_128_GCM_SHA256', 'TLS_DHE_RSA_WITH_AES_256_GCM_SHA384', 'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256', 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384', 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256', 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384' ]; } }() }}" http: port: ${{ ()=> { if (components.zss.tls) { return null } else { return components.zss.port } }() }} - ipAddresses: ${{ () => { if (components.zss.tls) { return null } else { if (zowe.environments?.ZWED_agent_http_ipAddresses) { return zowe.environments.ZWED_agent_http_ipAddresses.split(',') } else { return [ '127.0.0.1' ] } } }() }} + ipAddresses: "${{ () => { if (components.zss.tls) { return null } else { if (zowe.environments?.ZWED_agent_http_ipAddresses) { return zowe.environments.ZWED_agent_http_ipAddresses.split(',') } else if (components.zss.zowe?.network?.server?.listenAddresses) { return components.zss.zowe.network.server.listenAddresses } else if (zowe.network?.server?.listenAddresses) { return zowe.network.server.listenAddresses } else { return [ '127.0.0.1' ] } } }() }}" mediationLayer: server: isHttps: true diff --git a/deps/zowe-common-c b/deps/zowe-common-c index 0d55d4724..48c55b68b 160000 --- a/deps/zowe-common-c +++ b/deps/zowe-common-c @@ -1 +1 @@ -Subproject commit 0d55d47244d37b77bd156fc0376cc0c90e9592a2 +Subproject commit 48c55b68bfdf4bb2067367f18e80724b1d114199 diff --git a/h/jwk.h b/h/jwk.h index 8d1e9b236..04d8240b0 100644 --- a/h/jwk.h +++ b/h/jwk.h @@ -41,7 +41,9 @@ struct JwkContext_tag { #define JWK_STATUS_UNRECOGNIZED_FMT_ERROR 4 #define JWK_STATUS_PUBLIC_KEY_ERROR 7 #define JWK_STATUS_HTTP_CONTEXT_ERROR 8 -#define JWK_STATUS_HTTP_REQUEST_ERROR 9 +#define JWK_STATUS_HTTP_REQ_INIT_ERROR 9 +#define JWK_STATUS_HTTP_REQ_STAGING_ERROR 10 +#define JWK_STATUS_HTTP_REQ_SEND_ERROR 11 void configureJwt(HttpServer *server, JwkSettings *jwkSettings); const char *jwkGetStrStatus(int status); diff --git a/h/zis/message.h b/h/zis/message.h index 5d4e5e9e5..277a90f43 100644 --- a/h/zis/message.h +++ b/h/zis/message.h @@ -250,34 +250,34 @@ #define ZISAUX_LOG_LEGACY_API_MSG_TEXT "Legacy API has been detected, some functionality may be limited" #define ZISAUX_LOG_LEGACY_API_MSG ZISAUX_LOG_LEGACY_API_MSG_ID" "ZISAUX_LOG_LEGACY_API_MSG_TEXT -/* ZIS dynamic linkage plugin messages */ +/* ZIS dynamic linkage plug-in messages */ #define ZISDYN_LOG_STARTUP_MSG_ID ZIS_MSG_PRFX"0700I" -#define ZISDYN_LOG_STARTUP_MSG_TEXT "ZIS Dynamic Base plugin starting, version %d.%d.%d+%d, stub version %d" +#define ZISDYN_LOG_STARTUP_MSG_TEXT "ZIS Dynamic Base plug-in starting, version %d.%d.%d+%d, stub version %d" #define ZISDYN_LOG_STARTUP_MSG ZISDYN_LOG_STARTUP_MSG_ID" "ZISDYN_LOG_STARTUP_MSG_TEXT #define ZISDYN_LOG_STARTED_MSG_ID ZIS_MSG_PRFX"0701I" -#define ZISDYN_LOG_STARTED_MSG_TEXT "ZIS Dynamic Base plugin successfully started" +#define ZISDYN_LOG_STARTED_MSG_TEXT "ZIS Dynamic Base plug-in successfully started" #define ZISDYN_LOG_STARTED_MSG ZISDYN_LOG_STARTED_MSG_ID" "ZISDYN_LOG_STARTED_MSG_TEXT #define ZISDYN_LOG_STARTUP_FAILED_MSG_ID ZIS_MSG_PRFX"0702E" -#define ZISDYN_LOG_STARTUP_FAILED_MSG_TEXT "ZIS Dynamic Base plugin startup failed, status = %d" +#define ZISDYN_LOG_STARTUP_FAILED_MSG_TEXT "ZIS Dynamic Base plug-in startup failed, status = %d" #define ZISDYN_LOG_STARTUP_FAILED_MSG ZISDYN_LOG_STARTUP_FAILED_MSG_ID" "ZISDYN_LOG_STARTUP_FAILED_MSG_TEXT #define ZISDYN_LOG_INIT_ERROR_MSG_ID ZIS_MSG_PRFX"0703E" -#define ZISDYN_LOG_INIT_ERROR_MSG_TEXT "ZIS Dynamic Base plugin init error -" +#define ZISDYN_LOG_INIT_ERROR_MSG_TEXT "ZIS Dynamic Base plug-in init error -" #define ZISDYN_LOG_INIT_ERROR_MSG ZISDYN_LOG_INIT_ERROR_MSG_ID" "ZISDYN_LOG_INIT_ERROR_MSG_TEXT #define ZISDYN_LOG_TERM_MSG_ID ZIS_MSG_PRFX"0704I" -#define ZISDYN_LOG_TERM_MSG_TEXT "ZIS Dynamic Base plugin terminating" +#define ZISDYN_LOG_TERM_MSG_TEXT "ZIS Dynamic Base plug-in terminating" #define ZISDYN_LOG_TERM_MSG ZISDYN_LOG_TERM_MSG_ID" "ZISDYN_LOG_TERM_MSG_TEXT #define ZISDYN_LOG_TERMED_MSG_ID ZIS_MSG_PRFX"0705I" -#define ZISDYN_LOG_TERMED_MSG_TEXT "ZIS Dynamic Base plugin successfully terminated" +#define ZISDYN_LOG_TERMED_MSG_TEXT "ZIS Dynamic Base plug-in successfully terminated" #define ZISDYN_LOG_TERMED_MSG ZISDYN_LOG_TERMED_MSG_ID" "ZISDYN_LOG_TERMED_MSG_TEXT #define ZISDYN_LOG_TERM_FAILED_MSG_ID ZIS_MSG_PRFX"0706E" -#define ZISDYN_LOG_TERM_FAILED_MSG_TEXT "ZIS Dynamic Base plugin terminated with error" +#define ZISDYN_LOG_TERM_FAILED_MSG_TEXT "ZIS Dynamic Base plug-in terminated with error" #define ZISDYN_LOG_TERM_FAILED_MSG ZISDYN_LOG_TERM_FAILED_MSG_ID" "ZISDYN_LOG_TERM_FAILED_MSG_TEXT #define ZISDYN_LOG_CMD_RESP_MSG_ID ZIS_MSG_PRFX"0707I" @@ -301,7 +301,7 @@ #define ZISDYN_LOG_STUB_DISCARDED_MSG ZISDYN_LOG_STUB_DISCARDED_MSG_ID" "ZISDYN_LOG_STUB_DISCARDED_MSG_TEXT #define ZISDYN_LOG_DEV_MODE_MSG_ID ZIS_MSG_PRFX"0713W" -#define ZISDYN_LOG_DEV_MODE_MSG_TEXT "ZIS Dynamic base plugin development mode is enabled" +#define ZISDYN_LOG_DEV_MODE_MSG_TEXT "ZIS Dynamic base plug-in development mode is enabled" #define ZISDYN_LOG_DEV_MODE_MSG ZISDYN_LOG_DEV_MODE_MSG_ID" "ZISDYN_LOG_DEV_MODE_MSG_TEXT #define ZISDYN_LOG_BAD_ZIS_VERSION_MSG_ID ZIS_MSG_PRFX"0714E" diff --git a/h/zssLogging.h b/h/zssLogging.h index de5381f5e..0f954b56f 100644 --- a/h/zssLogging.h +++ b/h/zssLogging.h @@ -297,6 +297,13 @@ bool isLogLevelValid(int level); #define ZSS_LOG_HTTPS_INVALID_MSG_TEXT "Failed to configure https server, check agent https settings\n" #define ZSS_LOG_HTTPS_INVALID_MSG ZSS_LOG_HTTPS_INVALID_MSG_ID" "ZSS_LOG_HTTPS_INVALID_MSG_TEXT +#ifndef ZSS_LOG_CIPHER_INVALID_MSG_ID +#define ZSS_LOG_CIPHER_INVALID_MSG_ID ZSS_LOG_MSG_PRFX"1066W" +#endif +#define ZSS_LOG_CIPHER_INVALID_MSG_TEXT "Requested cipher '%s' not available.\n" +#define ZSS_LOG_CIPHER_INVALID_MSG ZSS_LOG_CIPHER_INVALID_MSG_ID" "ZSS_LOG_CIPHER_INVALID_MSG_TEXT + + /* registerProduct */ #ifndef ZSS_LOG_PROD_REG_ENABLED_MSG_ID @@ -515,7 +522,7 @@ bool isLogLevelValid(int level); #ifndef ZSS_LOG_JWK_RETRY_MSG_ID #define ZSS_LOG_JWK_RETRY_MSG_ID ZSS_LOG_MSG_PRFX"1606W" #endif -#define ZSS_LOG_JWK_RETRY_MSG_TEXT "Failed to get JWK - %s, retry in %d seconds\n" +#define ZSS_LOG_JWK_RETRY_MSG_TEXT "Failed to get JWK. rc=%s (%d), rsn=%s (%d). Retry in %d seconds\n" #define ZSS_LOG_JWK_RETRY_MSG ZSS_LOG_JWK_RETRY_MSG_ID" "ZSS_LOG_JWK_RETRY_MSG_TEXT #endif /* MVD_H_ZSSLOGGING_H_ */ diff --git a/manifest.template.yaml b/manifest.template.yaml index 3ad2a24e0..7a5305cd9 100644 --- a/manifest.template.yaml +++ b/manifest.template.yaml @@ -3,7 +3,7 @@ name: zss # Component identifier. This identifier matches artifact path in Zowe Artifactory https://zowe.jfrog.io/. id: org.zowe.zss # Without the v -version: 2.12.0 +version: 3.0.0 # Component version is defined in gradle.properties for Gradle project # Human readable component name title: Zowe System Services (ZSS) diff --git a/plugins/zis/README.md b/plugins/zis/README.md index f00153be4..6a9698d07 100644 --- a/plugins/zis/README.md +++ b/plugins/zis/README.md @@ -114,7 +114,7 @@ Refer to that source for the full plugin sample. A ZIS plugin is a load module with the following characteristics: * AMODE 64 * Reentrant -* The result of call a ZIS plugin lod module is a plugin descriptor data +* The result of a call to a ZIS plugin load module is a plugin descriptor data structure mapped by the C struct [`ZISPlugin`](https://github.com/zowe/zss/blob/82c6f2d30951d64fb1bb6487c2dde92700b91552/h/zis/plugin.h#L81-L112) ### Services diff --git a/plugins/zis/echo/build.sh b/plugins/zis/echo/build.sh index 56e2a2a36..2a069a6f9 100755 --- a/plugins/zis/echo/build.sh +++ b/plugins/zis/echo/build.sh @@ -16,7 +16,7 @@ CFLAGS=(-S -M -qmetal -q64 -DSUBPOOL=132 -DMETTLE=1 -DMSGPREFIX='"IDX"' ASFLAGS=(-mgoff -mobject -mflag=nocont --TERM --RENT) -LDFLAGS=(-V -b ac=1 -b rent -b case=mixed -b map -b xref -b reus) +LDFLAGS=(-V -b rent -b case=mixed -b map -b xref -b reus) xlc "${CFLAGS[@]}" -DCMS_CLIENT \ $COMMON/c/alloc.c \ diff --git a/plugins/zis/magic-number/build.sh b/plugins/zis/magic-number/build.sh index 049749db2..9f733723c 100644 --- a/plugins/zis/magic-number/build.sh +++ b/plugins/zis/magic-number/build.sh @@ -16,7 +16,7 @@ CFLAGS=(-S -M -qmetal -q64 -DSUBPOOL=132 -DMETTLE=1 -DMSGPREFIX='"IDX"' ASFLAGS=(-mgoff -mobject -mflag=nocont --TERM --RENT) -LDFLAGS=(-V -b ac=1 -b rent -b case=mixed -b map -b xref -b reus) +LDFLAGS=(-V -b rent -b case=mixed -b map -b xref -b reus) xlc "${CFLAGS[@]}" -DCMS_CLIENT \ $COMMON/c/alloc.c \ diff --git a/schemas/zss-config.json b/schemas/zss-config.json index aa2091e00..75f32f60a 100644 --- a/schemas/zss-config.json +++ b/schemas/zss-config.json @@ -124,8 +124,17 @@ "description": "The password to the keyring" }, "ciphers": { - "type": [ "string", "null" ], - "description": "The list of ciphers in order of priority" + "oneOf": [ + { "type": "string", + "description": "A set of cipher suite IDs as a number string without separators. The numbers are in order of priority." + }, + { "type": "array", + "description": "A set of IANA names for cipher suites, in order of priority", + "items": { + "type": "string" + } + } + ] }, "keyshares": { "type": [ "string", "null" ], @@ -133,10 +142,17 @@ }, "maxTls": { "type": [ "string", "null" ], - "enum": ["TLSv1.0", "TLSv1.1", "TLSv1.2", "TLSv1.3"], + "enum": ["TLSv1.2", "TLSv1.3"], "default": "TLSv1.3", "description": "Maximum tls version allowed." + }, + "minTls": { + "type": [ "string", "null" ], + "enum": ["TLSv1.2", "TLSv1.3"], + "default": "TLSv1.2", + "description": "Minimum tls version allowed." } + } }, "http": { diff --git a/tests/build_zisdl.sh b/tests/build_zisdl.sh index 4264eabf1..9c5969ccb 100755 --- a/tests/build_zisdl.sh +++ b/tests/build_zisdl.sh @@ -37,7 +37,7 @@ do done -ld -V -b ac=1 -b rent -b case=mixed -b map -b xref -b reus -e main \ +ld -V -b rent -b case=mixed -b map -b xref -b reus -e main \ -o "//'$USER.DEV.LOADLIB(ZISDLTST)'" \ zisdl.o \ stubs.o \ diff --git a/zis-aux/src/aux-utils.c b/zis-aux/src/aux-utils.c index db2210163..b2386d606 100644 --- a/zis-aux/src/aux-utils.c +++ b/zis-aux/src/aux-utils.c @@ -199,19 +199,27 @@ static void getSTCK(uint64 *stckValue) { __asm(" STCK 0(%0)" : : "r"(stckValue)); } -static int64 getLocalTimeOffset() { +static int64 getLocalTimeOffset(void) { CVT * __ptr32 cvt = *(void * __ptr32 * __ptr32)0x10; void * __ptr32 cvtext2 = cvt->cvtext2; int64 *cvtldto = (int64 * __ptr32)(cvtext2 + 0x38); return *cvtldto; } +static int64 getLeapSecondsOffset(void) { + CVT * __ptr32 cvt = *(void * __ptr32 * __ptr32)0x10; + void * __ptr32 cvtext2 = cvt->cvtext2; + int64 *cvtlso = (int64 * __ptr32)(cvtext2 + 0x50); + return *cvtlso; +} + static void getCurrentLogTimestamp(LogTimestamp *timestamp) { uint64 stck = 0; getSTCK(&stck); stck += getLocalTimeOffset(); + stck -= getLeapSecondsOffset(); stckToLogTimestamp(stck, timestamp); diff --git a/zis-aux/test/aux-guest/build/build.sh b/zis-aux/test/aux-guest/build/build.sh index 60dc0a3f9..f92dc212d 100644 --- a/zis-aux/test/aux-guest/build/build.sh +++ b/zis-aux/test/aux-guest/build/build.sh @@ -17,7 +17,7 @@ CFLAGS=(-S -M -qmetal -q64 -DSUBPOOL=132 -DMETTLE=1 -DMSGPREFIX='"IDX"' ASFLAGS=(-mgoff -mobject -mflag=nocont --TERM --RENT) -LDFLAGS=(-V -b ac=1 -b rent -b case=mixed -b map -b xref -b reus) +LDFLAGS=(-V -b rent -b case=mixed -b map -b xref -b reus) xlc "${CFLAGS[@]}" \ $COMMON/c/alloc.c \ diff --git a/zis-aux/test/utils/build/build.sh b/zis-aux/test/utils/build/build.sh index 0e790b171..d5d9bd493 100644 --- a/zis-aux/test/utils/build/build.sh +++ b/zis-aux/test/utils/build/build.sh @@ -40,7 +40,7 @@ $COMMON/c/zos.c ; extattr +a ../bin/shrmem64-target-test xlc "-Wa,goff" -DAS_TEST \ "-Wc,LANGLVL(EXTC99),FLOAT(HEX),agg,exp,list(),so(),goff,xref,gonum,roconst,gonum,ASM,ASMLIB('SYS1.MACLIB'),LP64,XPLINK" \ -"-Wl,ac=1" -I $COMMON/h -I $ZSSAUX/src -I $ZSSAUX/include \ +-I $COMMON/h -I $ZSSAUX/src -I $ZSSAUX/include \ -o ../bin/pe-test \ $ZSSAUX/test/utils/src/pe-test.c \ $COMMON/c/alloc.c \