version 1.10, 2002/08/17 00:59:36
|
version 1.42, 2012/12/13 14:38:54
|
|
|
//%///////////////////////////////////////////////////////////////////////////// |
//%LICENSE//////////////////////////////////////////////////////////////// |
// |
|
// Copyright (c) 2000, 2001, 2002 BMC Software, Hewlett-Packard Company, IBM, |
|
// The Open Group, Tivoli Systems |
|
// | // |
// Permission is hereby granted, free of charge, to any person obtaining a copy |
// Licensed to The Open Group (TOG) under one or more contributor license |
// of this software and associated documentation files (the "Software"), to |
// agreements. Refer to the OpenPegasusNOTICE.txt file distributed with |
// deal in the Software without restriction, including without limitation the |
// this work for additional information regarding copyright ownership. |
// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or |
// Each contributor licenses this file to you under the OpenPegasus Open |
// sell copies of the Software, and to permit persons to whom the Software is |
// Source License; you may not use this file except in compliance with the |
// furnished to do so, subject to the following conditions: |
// License. |
// | // |
// THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN |
// Permission is hereby granted, free of charge, to any person obtaining a |
// ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED |
// copy of this software and associated documentation files (the "Software"), |
// "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT |
// to deal in the Software without restriction, including without limitation |
// LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR |
// the rights to use, copy, modify, merge, publish, distribute, sublicense, |
// PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT |
// and/or sell copies of the Software, and to permit persons to whom the |
// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN |
// Software is furnished to do so, subject to the following conditions: |
// ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION |
|
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
|
// | // |
//============================================================================== |
// The above copyright notice and this permission notice shall be included |
|
// in all copies or substantial portions of the Software. |
// | // |
// Author: Nag Boranna, Hewlett-Packard Company(nagaraja_boranna@hp.com) |
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS |
|
// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF |
|
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. |
|
// IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY |
|
// CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, |
|
// TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE |
|
// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
// | // |
// Modified By: |
////////////////////////////////////////////////////////////////////////// |
// | // |
//%///////////////////////////////////////////////////////////////////////////// | //%///////////////////////////////////////////////////////////////////////////// |
| |
|
|
#include <Pegasus/Common/Tracer.h> | #include <Pegasus/Common/Tracer.h> |
#include <Pegasus/Common/AuthenticationInfoRep.h> | #include <Pegasus/Common/AuthenticationInfoRep.h> |
#include <Pegasus/Common/Linkage.h> | #include <Pegasus/Common/Linkage.h> |
|
#include <Pegasus/Common/SSLContext.h> |
| |
|
#ifdef PEGASUS_KERBEROS_AUTHENTICATION |
|
#include <Pegasus/Common/CIMKerberosSecurityAssociation.h> |
|
#endif |
| |
PEGASUS_NAMESPACE_BEGIN | PEGASUS_NAMESPACE_BEGIN |
| |
|
|
{ | { |
public: | public: |
| |
/** Constructor - Creates an uninitiated new AuthenticationInfo |
/** Constructor - Creates an uninitialized new AuthenticationInfo |
object reprenting a AuthenticationInfo class. The class object |
object representing an AuthenticationInfo class. The class object |
created by this constructor can only be used in an operation such as the | created by this constructor can only be used in an operation such as the |
copy constructor. It cannot be used to do method calls like |
copy constructor. It cannot be used to do method calls such as |
setAuthStatus, getAuthType, etc. since it is unitiated. |
getAuthType, since it is uninitialized. |
| |
Use one of the other constructors to create an initiated new | Use one of the other constructors to create an initiated new |
AuthenticationInfo class object. Throws an exception | AuthenticationInfo class object. Throws an exception |
|
|
/** Constructor - Instantiates a AuthenticationInfo object. | /** Constructor - Instantiates a AuthenticationInfo object. |
@param flag - used only to distinguish from the default constructor. | @param flag - used only to distinguish from the default constructor. |
*/ | */ |
AuthenticationInfo(Boolean flag) |
AuthenticationInfo(Boolean) |
{ | { |
PEG_METHOD_ENTER( | PEG_METHOD_ENTER( |
TRC_AUTHENTICATION, "AuthenticationInfo::AuthenticationInfo"); | TRC_AUTHENTICATION, "AuthenticationInfo::AuthenticationInfo"); |
| |
_rep = new AuthenticationInfoRep(flag); |
_rep = new AuthenticationInfoRep(); |
| |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
} | } |
|
|
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
} | } |
| |
/** Get the authentication status of the request |
/** Sets the connection authentication status of the request to the |
@return the current authentication status |
status specified. |
*/ |
|
AuthenticationInfoRep::AuthStatus getAuthStatus() const |
|
{ |
|
_checkRep(); |
|
return _rep->getAuthStatus(); |
|
} |
|
|
|
/** Sets the authentication status of the request to the status |
|
specified. |
|
@param status - the new authentication status | @param status - the new authentication status |
*/ | */ |
void setAuthStatus(AuthenticationInfoRep::AuthStatus status) |
void setConnectionAuthenticated(Boolean status) |
{ | { |
_checkRep(); |
CheckRep(_rep); |
_rep->setAuthStatus(status); |
_rep->setConnectionAuthenticated(status); |
} | } |
| |
/** Get the previously authenticated user name | /** Get the previously authenticated user name |
|
|
*/ | */ |
String getAuthenticatedUser() const | String getAuthenticatedUser() const |
{ | { |
_checkRep(); |
CheckRep(_rep); |
return _rep->getAuthenticatedUser(); | return _rep->getAuthenticatedUser(); |
} | } |
| |
|
|
*/ | */ |
void setAuthenticatedUser(const String& userName) | void setAuthenticatedUser(const String& userName) |
{ | { |
_checkRep(); |
CheckRep(_rep); |
_rep->setAuthenticatedUser(userName); | _rep->setAuthenticatedUser(userName); |
} | } |
| |
/** Get the authentication challenge that was sent to the client |
#ifdef PEGASUS_OS_ZOS |
@return string containing the authentication challenge |
|
|
/** The connection user is for z/OS only. |
|
On z/OS Unix Local Domain Sockets and sockets |
|
protected by AT-TLS are able to get the user ID of |
|
the connected user. |
|
This information is needed for later authentication |
|
steps. |
*/ | */ |
String getAuthChallenge() const |
|
|
/** Get the connection user name |
|
@return the connection user name |
|
*/ |
|
String getConnectionUser() const |
{ | { |
_checkRep(); |
CheckRep(_rep); |
return _rep->getAuthChallenge(); |
return _rep->getConnectionUser(); |
} | } |
| |
/** Sets the authentication challenge to the specified challenge |
/** Sets the connection user name |
@param challenge - string containing the authentication challenge |
@param userName - string containing the user name |
|
provided by the connection |
*/ | */ |
void setAuthChallenge(const String& challenge) |
void setConnectionUser(const String& userName) |
{ | { |
_checkRep(); |
CheckRep(_rep); |
_rep->setAuthChallenge(challenge); |
_rep->setConnectionUser(userName); |
} | } |
| |
/** Get the authentication secret that was sent to client |
#endif |
@return string containing the authentication secret |
|
|
/** Get the previously authenticated password |
|
@return the authenticated password |
*/ | */ |
String getAuthSecret() const |
String getAuthenticatedPassword() const |
{ | { |
_checkRep(); |
CheckRep(_rep); |
return _rep->getAuthSecret(); |
return _rep->getAuthenticatedPassword(); |
} | } |
| |
/** Set the authentication secret to the specified secret |
/** Sets the authenticated password |
@param secret - string containing the authentication secret |
@param password - string containing the authenticated password |
*/ | */ |
void setAuthSecret(const String& secret) |
void setAuthenticatedPassword(const String& password) |
{ | { |
_checkRep(); |
CheckRep(_rep); |
_rep->setAuthSecret(secret); |
_rep->setAuthenticatedPassword(password); |
} | } |
| |
/** Returns the connection type of the previous authenticated request |
/** Get the local authentication file path that was sent to client |
@return true if the connection is privileged, false otherwise |
@return string containing the authentication file path |
*/ | */ |
Boolean isPrivileged() const |
String getLocalAuthFilePath() const |
{ | { |
_checkRep(); |
CheckRep(_rep); |
return _rep->isPrivileged(); |
return _rep->getLocalAuthFilePath(); |
} | } |
| |
/** Set the privileged flag to the specified value |
/** Set the local authentication file path to the specified file path |
@param privileged - boolean flag indicating the connection type |
@param filePath String containing the authentication file path |
*/ | */ |
void setPrivileged(Boolean privileged) |
void setLocalAuthFilePath(const String& filePath) |
{ | { |
_checkRep(); |
CheckRep(_rep); |
_rep->setPrivileged(privileged); |
_rep->setLocalAuthFilePath(filePath); |
|
} |
|
|
|
/** Get the local authentication secret that was sent to client |
|
@return string containing the authentication secret |
|
*/ |
|
String getLocalAuthSecret() const |
|
{ |
|
CheckRep(_rep); |
|
return _rep->getLocalAuthSecret(); |
|
} |
|
|
|
/** Set the local authentication secret to the specified secret |
|
@param secret - string containing the authentication secret |
|
*/ |
|
void setLocalAuthSecret(const String& secret) |
|
{ |
|
CheckRep(_rep); |
|
_rep->setLocalAuthSecret(secret); |
} | } |
| |
/** Is the request authenticated | /** Is the request authenticated |
|
|
/** Returns the authentication status of the current connection. | /** Returns the authentication status of the current connection. |
@return true if the connection was authenticated, false otherwise | @return true if the connection was authenticated, false otherwise |
*/ | */ |
Boolean isAuthenticated() const |
Boolean isConnectionAuthenticated() const |
{ | { |
_checkRep(); |
CheckRep(_rep); |
return _rep->isAuthenticated(); |
return _rep->isConnectionAuthenticated(); |
} | } |
| |
/** Set the authentication type to the specified type | /** Set the authentication type to the specified type |
|
|
*/ | */ |
void setAuthType(const String& authType) | void setAuthType(const String& authType) |
{ | { |
_checkRep(); |
CheckRep(_rep); |
_rep->setAuthType(authType); | _rep->setAuthType(authType); |
} | } |
| |
|
|
*/ | */ |
String getAuthType() const | String getAuthType() const |
{ | { |
_checkRep(); |
CheckRep(_rep); |
return _rep->getAuthType(); | return _rep->getAuthType(); |
} | } |
| |
private: |
/** |
|
Set the IP address to the specified IP address |
|
@param string containing the IP address |
|
*/ |
|
void setIpAddress(const String& ipAddress) |
|
{ |
|
CheckRep(_rep); |
|
_rep->setIpAddress(ipAddress); |
|
} |
| |
AuthenticationInfo(AuthenticationInfoRep* rep) : _rep(rep) |
/** |
|
Get the IP address of the connection |
|
|
|
NOTE: The IP address is for debug use only. |
|
It should not be used for authentication purposes. |
|
|
|
@return string containing the IP address |
|
*/ |
|
String getIpAddress() const |
{ | { |
|
CheckRep(_rep); |
|
return _rep->getIpAddress(); |
|
} |
| |
|
|
|
#ifdef PEGASUS_KERBEROS_AUTHENTICATION |
|
/** Get the CIM Security Association |
|
@return a pointer to the CIM Security Association |
|
*/ |
|
CIMKerberosSecurityAssociation* getSecurityAssociation() const |
|
{ |
|
CheckRep(_rep); |
|
return _rep->getSecurityAssociation(); |
} | } |
| |
void _checkRep() const |
/** Set the CIM Security Association |
|
The pointer will only be set once. If it is already set it will |
|
not reset it. |
|
*/ |
|
void setSecurityAssociation() |
{ | { |
if (!_rep) |
CheckRep(_rep); |
throw UninitializedHandle (); |
_rep->setSecurityAssociation(); |
|
} |
|
#endif |
|
|
|
Array<SSLCertificateInfo*> getClientCertificateChain() |
|
{ |
|
CheckRep(_rep); |
|
return _rep->getClientCertificateChain(); |
|
} |
|
|
|
void setClientCertificateChain(Array<SSLCertificateInfo*> clientCertificate) |
|
{ |
|
CheckRep(_rep); |
|
_rep->setClientCertificateChain(clientCertificate); |
|
} |
|
|
|
/** Set flag to show that isRemotePrivilegedUserAccess check has been done |
|
this function should only be used by OpenPegasus AuthenticationHandlers |
|
*/ |
|
void setRemotePrivilegedUserAccessChecked() |
|
{ |
|
CheckRep(_rep); |
|
_rep->setRemotePrivilegedUserAccessChecked(); |
|
} |
|
|
|
/** Indicates whether the isRemotePrivilegedUserAccess check has been |
|
performed. This method should only be used by OpenPegasus |
|
AuthenticationHandlers |
|
*/ |
|
Boolean getRemotePrivilegedUserAccessChecked() |
|
{ |
|
CheckRep(_rep); |
|
return _rep->getRemotePrivilegedUserAccessChecked(); |
|
} |
|
|
|
private: |
|
|
|
AuthenticationInfo(AuthenticationInfoRep* rep) : _rep(rep) |
|
{ |
|
|
} | } |
| |
AuthenticationInfoRep* _rep; | AuthenticationInfoRep* _rep; |