MRCI/docs/modules.md
Maurice ONeal 4c1d13f8f8 Password and account security updates
security updates:

various commands that change or create account passwords now disallow
the user name, display name or email from being contained in it. this
will force users to not use public information inside the password,
hardening password security a little.

the root user name is now changeable and required to be changed on
initial login. this harden security a little by giving host admins the
option to not have a well known user name attached to a high privileged
account.

users can no longer re-use the old password and/or user name when
required to change. however, this does not actually implement full
password history because the user can then later change the password
back to the old password after the required change.

the host can longer block by ip addresses and the auto block threshold
setting has been removed. something like this is best left up to
firewalls, routers, switches or any other networking infrastructure. in
the future i can consider adding event triggering that run certain
admin defined external or internal commands when the host detects
certain event thresholds.

minor changes/bug fixes:

all commands that change or create user names now no longer accept
user names that looks like an mail address. this works out better for
clients when differentiating logging in via user name or email address.

the recover_acct command now also have cancel on blank text options
making it more consistent with all other commands that take text input.

resetting the root user's account password via command line now also
unlocks it if locked.

the -help and -about command line options no longer display the
default password. a new -default_pw option was added for this purpose.

the -status -addr or -stop command line options require super user
privileges to run properly depending on how the host is installed.
an error message like "permission denied" was addded on failure to
make this requirement clear to the end user.

fs_copy and fs_move now does implicit skip on error instead of stop on
error.

the IDLE frame type id now carry an integer return code that can be
interpreted by clients to determine the result of the command that was
sent to the host.

house keeping:

all documentation was updated to reflect the changes made in this commit.
the module tester example is no longer relevant to this project so it
was deleted.
2020-01-29 12:29:01 -05:00

4.6 KiB

2.1 Modules

Modules in this project are independent applications that communicate with the host application's session objects via named pipes and/or shared memory segments. The host will call multiple instances of these modules if needed using the command line options described in section 2.3 depending on session activity. The format for data transport between the session and module via the named pipe is a modified version of the MRCI frame described in section 2.2 called the IPC frame.

Basically the module's main job is to input and output IPC frames with the session object with the option to read session data from shared memory. The MRCI host have internal commands that are loaded using the module interface so the MRCI host project itself is a good example of a module. See the following classes and source files to understand how the internal module works and to understand how to make an external module based on it.

int main()      - main.cpp
class Module    - module.h, module.cpp
class MemShare  - mem_share.h, mem_share.cpp
class CmdObject - cmd_object.h, cmd_object.cpp
class IPCWorker - cmd_object.h, cmd_object.cpp

2.2 IPC Frame

[type_id][data_len][payload]

type_id  - 1byte    - 8bit little endian integer type id of the payload.
data_len - 3bytes   - 24bit little endian integer size of the payload.
payload  - variable - the actual data to be processed.

A full description of the type id's can be found in the Type_IDs.md document.

2.3 Module Command Line Options

The host will call the module with just one of these options:

 -public_cmds            : send a NEW_CMD frame for all public commands the module can run.
 -exempt_cmds            : send a NEW_CMD frame all rank exempt commands the module can run.
 -user_cmds              : send a NEW_CMD frame for all user rank enforced commands the module can run.
 -run_cmd {command_name} : run a module command based on the command name.
 
The host will include all 3 of these options with the above option:

 -pipe {pipe_name/path} : the named pipe used to establish a data connection with the session.
 -mem_ses {key_name}    : the shared memory key for the session object.
 -mem_host {key_name}   : the shared memory key for the host main process.

notes:

  • When the session calls the module in list mode (-public_cmds, -exempt_cmds or -user_cmds), it will only respond to frame type ids: NEW_CMD or ERR from the module; all other data types are ignored. Modules called in run mode (-run_cmd) on the other hand will open up all frame type ids.

  • When the session detects that the module successfully established a pipe connection, it will send a HOST_VER frame to the module so the module can decide if it supports the host. If the host is not compatible or the module fails for what ever other reason, the module can send a useful error message ERR and then terminate if needed. The error message will be added to the host debug log where it can be used by host admins to find out what went wrong. The HOST_VER frame is sent only when the module is called with the -public_cmds, -exempt_cmds or -user_cmds options.

  • When the module sends a NEW_CMD frame, the 16bit command id is needed but does not need to be valid, it just needs to be there as a place holder. The session will auto fill a valid command id before sending the data to the client. A valid NEW_CMD frame must have a minimum of 259 bytes and a valid command name. the session will ignore all NEW_CMD frames the doesn't meet these requirements. See section 6.3 for what would be considered a valid command name.

  • The session will call all modules with the -public_cmds when created for the first time or when the user logout so it doesn't matter if the command names returned to the session overlap with -exempt_cmd or -user_cmds. When a user is logged in, it will then call 2 instances of each module with the -exempt_cmds and -user_cmds options so the command names should not overlap when these options are active.

  • Modules called with -run_cmd does not need to terminate after running the requested command, instead it must send an IDLE frame to indicate that the command is finished. This is desired because not only it tells the client that the command is finished but it also makes it so the session doesn't need to recreate the module process on every subsequent call to the module.

  • The session will send a KILL_CMD to the module after 2 mins of being idle (all modes) to give the module a chance to terminate gracefully; The module will have 3 seconds to do this before it is force killed.