//%///////////////////////////////////////////////////////////////////////////// // // Copyright (c) 2000, 2001 BMC Software, Hewlett-Packard Company, IBM, // The Open Group, Tivoli Systems // // Permission is hereby granted, free of charge, to any person obtaining a // copy of this software and associated documentation files (the "Software"), // to deal in the Software without restriction, including without limitation // the rights to use, copy, modify, merge, publish, distribute, sublicense, // and/or sell copies of the Software, and to permit persons to whom the // Software is furnished to do so, subject to the following conditions: // // The above copyright notice and this permission notice shall be included in // all copies of substantial portions of this software. // // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR // IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, // FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL // THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING // FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER // DEALINGS IN THE SOFTWARE. // //============================================================================== // // Author: Nag Boranna, Hewlett-Packard Company(nagaraja_boranna@hp.com) // // Modified By: // //%///////////////////////////////////////////////////////////////////////////// #include #include #include #include #include #include "LocalAuthenticationHandler.h" #include "BasicAuthenticationHandler.h" #include "AuthenticationManager.h" PEGASUS_USING_STD; PEGASUS_NAMESPACE_BEGIN // // Constructor // AuthenticationManager::AuthenticationManager() { PEG_METHOD_ENTER( TRC_AUTHENTICATION, "AuthenticationManager::AuthenticationManager()"); // // get authentication handlers // _localAuthHandler = _getLocalAuthHandler(); _httpAuthHandler = _getHttpAuthHandler(); PEG_METHOD_EXIT(); } // // Destructor // AuthenticationManager::~AuthenticationManager() { PEG_METHOD_ENTER( TRC_AUTHENTICATION, "AuthenticationManager::~AuthenticationManager()"); // // delete authentication handlers // if ( _localAuthHandler ) { delete _localAuthHandler; } if ( _httpAuthHandler ) { delete _httpAuthHandler; } PEG_METHOD_EXIT(); } // // Perform http authentication // Boolean AuthenticationManager::performHttpAuthentication ( const String& authHeader, AuthenticationInfo* authInfo ) { PEG_METHOD_ENTER( TRC_AUTHENTICATION, "AuthenticationManager::performHttpAuthentication()"); String authType = String::EMPTY; String cookie = String::EMPTY; // // Parse the HTTP authentication header for authentication information // if ( !_parseHttpAuthHeader(authHeader, authType, cookie) ) { PEG_METHOD_EXIT(); return false; } Boolean authenticated = false; // // Check the authenticationinformation and do the authentication // if ( String::equalNoCase(authType, "Basic") && String::equalNoCase(_httpAuthType, "Basic") ) { authenticated = _httpAuthHandler->authenticate(cookie, authInfo); } // ATTN-NB-03-20000318: Add code to check for "Digest" when digest // authentication is implemented. if ( authenticated ) { authInfo->setAuthStatus(AuthenticationInfoRep::AUTHENTICATED); authInfo->setAuthType(authType); } PEG_METHOD_EXIT(); return ( authenticated ); } // // Perform pegasus sepcific local authentication // Boolean AuthenticationManager::performPegasusAuthentication ( const String& authHeader, AuthenticationInfo* authInfo ) { PEG_METHOD_ENTER( TRC_AUTHENTICATION, "AuthenticationManager::performPegasusAuthentication()"); Boolean authenticated = false; String authType = String::EMPTY; String userName = String::EMPTY; String cookie = String::EMPTY; // // Parse the pegasus authentication header authentication information // if ( !_parseLocalAuthHeader(authHeader, authType, userName, cookie) ) { PEG_METHOD_EXIT(); return false; } // // Note: Pegasus LocalPrivileged authentication is not being used, but the // code is kept here so that we can use it in the future if needed. // #if defined(PEGASUS_LOCAL_PRIVILEGED_AUTHENTICATION) if ( String::equalNoCase(authType, "LocalPrivileged") ) { if (authInfo->isAuthenticated() && authInfo->isPrivileged() && String::equal(userName, authInfo->getAuthenticatedUser())) { PEG_METHOD_EXIT(); return true; } } #endif if ( String::equalNoCase(authType, "Local") ) { if (authInfo->isAuthenticated() && String::equal(userName, authInfo->getAuthenticatedUser())) { PEG_METHOD_EXIT(); return true; } } else { PEG_METHOD_EXIT(); return false; } // // Check if the authentication information is present // if ( String::equal(cookie, String::EMPTY) ) { PEG_METHOD_EXIT(); return false; } authenticated = _localAuthHandler->authenticate(cookie, authInfo); if ( authenticated ) { authInfo->setAuthStatus(AuthenticationInfoRep::AUTHENTICATED); #if defined(PEGASUS_LOCAL_PRIVILEGED_AUTHENTICATION) if ( String::equal(authType, "LocalPrivileged") ) { authInfo->setPrivileged(true); } else { authInfo->setPrivileged(false); } #endif authInfo->setAuthType(authType); } PEG_METHOD_EXIT(); return ( authenticated ); } // // Get pegasus/local authentication response header // String AuthenticationManager::getPegasusAuthResponseHeader ( const String& authHeader, AuthenticationInfo* authInfo ) { PEG_METHOD_ENTER( TRC_AUTHENTICATION, "AuthenticationManager::getPegasusAuthResponseHeader()"); String respHeader = String::EMPTY; String authType = String::EMPTY; String userName = String::EMPTY; String cookie = String::EMPTY; // // Parse the pegasus authentication header authentication information // if ( !_parseLocalAuthHeader(authHeader, authType, userName, cookie) ) { PEG_METHOD_EXIT(); return (respHeader); } // // User name can not be empty // if ( String::equal(userName, String::EMPTY) ) { PEG_METHOD_EXIT(); return (respHeader); } respHeader = _localAuthHandler->getAuthResponseHeader(authType, userName, authInfo); PEG_METHOD_EXIT(); return (respHeader); } // // Get HTTP authentication response header // String AuthenticationManager::getHttpAuthResponseHeader() { PEG_METHOD_ENTER( TRC_AUTHENTICATION, "AuthenticationManager::getHttpAuthResponseHeader()"); String respHeader = _httpAuthHandler->getAuthResponseHeader(); PEG_METHOD_EXIT(); return (respHeader); } // // parse the local authentication header // Boolean AuthenticationManager::_parseLocalAuthHeader( const String& authHeader, String& authType, String& userName, String& cookie) { PEG_METHOD_ENTER( TRC_AUTHENTICATION, "AuthenticationManager::_parseLocalAuthHeader()"); // // Extract the authentication type: // Uint32 space = authHeader.find(' '); if ( space == PEGASUS_NOT_FOUND ) { PEG_METHOD_EXIT(); return false; } authType = authHeader.subString(0, space); Uint32 startQuote = authHeader.find(space, '"'); if ( startQuote == PEG_NOT_FOUND ) { PEG_METHOD_EXIT(); return false; } Uint32 endQuote = authHeader.find(startQuote + 1, '"'); if ( endQuote == PEG_NOT_FOUND ) { PEG_METHOD_EXIT(); return false; } String temp = authHeader.subString( startQuote + 1, (endQuote - startQuote - 1)); // // Extract the user name and cookie: // Uint32 colon = temp.find(0, ':'); if ( colon == PEG_NOT_FOUND ) { userName = temp; } else { userName = temp.subString(0, colon); cookie = temp; } PEG_METHOD_EXIT(); return true; } // // parse the HTTP authentication header // Boolean AuthenticationManager::_parseHttpAuthHeader( const String& authHeader, String& authType, String& cookie) { PEG_METHOD_ENTER( TRC_AUTHENTICATION, "AuthenticationManager::_parseHttpAuthHeader()"); // // Extract the authentication type: // Uint32 space = authHeader.find(' '); if ( space == PEGASUS_NOT_FOUND ) { PEG_METHOD_EXIT(); return false; } authType = authHeader.subString(0, space); // // Extract the cookie: // cookie = authHeader.subString(space + 1); PEG_METHOD_EXIT(); return true; } // // Get local authentication handler // Authenticator* AuthenticationManager::_getLocalAuthHandler() { PEG_METHOD_ENTER( TRC_AUTHENTICATION, "AuthenticationManager::_getLocalAuthHandler()"); PEG_METHOD_EXIT(); // // create and return a local authentication handler. // return (new LocalAuthenticationHandler()); } // // Get Http authentication handler // Authenticator* AuthenticationManager::_getHttpAuthHandler() { PEG_METHOD_ENTER( TRC_AUTHENTICATION, "AuthenticationManager::_getHttpAuthHandler()"); Authenticator* handler = 0; // // get the configured authentication type // ConfigManager* configManager = ConfigManager::getInstance(); _httpAuthType = configManager->getCurrentValue("httpAuthType"); // // create a authentication handler. // if ( String::equalNoCase(_httpAuthType, "Basic") ) { handler = (Authenticator* ) new BasicAuthenticationHandler( ); } // ATTN-NB-03-20000318: uncomment these line when Digest authentication // is implemented. // //else if (String::equalNoCase(_httpAuthType, "Digest")) //{ // handler = (Authenticator* ) new DigestAuthenticationHandler( ); //} else { // // This should never happen. Gets here only if Security Config // property owner has not validated the configured http auth type. // PEGASUS_ASSERT(0); } PEG_METHOD_EXIT(); return ( handler ); } PEGASUS_NAMESPACE_END