1 martin 1.39 //%LICENSE////////////////////////////////////////////////////////////////
|
2 martin 1.40 //
|
3 martin 1.39 // Licensed to The Open Group (TOG) under one or more contributor license
4 // agreements. Refer to the OpenPegasusNOTICE.txt file distributed with
5 // this work for additional information regarding copyright ownership.
6 // Each contributor licenses this file to you under the OpenPegasus Open
7 // Source License; you may not use this file except in compliance with the
8 // License.
|
9 martin 1.40 //
|
10 martin 1.39 // Permission is hereby granted, free of charge, to any person obtaining a
11 // copy of this software and associated documentation files (the "Software"),
12 // to deal in the Software without restriction, including without limitation
13 // the rights to use, copy, modify, merge, publish, distribute, sublicense,
14 // and/or sell copies of the Software, and to permit persons to whom the
15 // Software is furnished to do so, subject to the following conditions:
|
16 martin 1.40 //
|
17 martin 1.39 // The above copyright notice and this permission notice shall be included
18 // in all copies or substantial portions of the Software.
|
19 martin 1.40 //
|
20 martin 1.39 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
|
21 martin 1.40 // OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
22 martin 1.39 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
23 // IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
24 // CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
25 // TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
26 // SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
27 martin 1.40 //
|
28 martin 1.39 //////////////////////////////////////////////////////////////////////////
|
29 mike 1.2 //
30 //%/////////////////////////////////////////////////////////////////////////////
31
32 #ifndef Pegasus_AuthenticationInfo_h
33 #define Pegasus_AuthenticationInfo_h
34
35 #include <Pegasus/Common/Config.h>
|
36 kumpf 1.10 #include <Pegasus/Common/InternalException.h>
|
37 kumpf 1.5 #include <Pegasus/Common/Tracer.h>
38 #include <Pegasus/Common/AuthenticationInfoRep.h>
|
39 kumpf 1.8 #include <Pegasus/Common/Linkage.h>
|
40 h.sterling 1.19 #include <Pegasus/Common/SSLContext.h>
|
41 mike 1.2
|
42 gerarda 1.13 #ifdef PEGASUS_KERBEROS_AUTHENTICATION
|
43 gerarda 1.15 #include <Pegasus/Common/CIMKerberosSecurityAssociation.h>
|
44 gerarda 1.13 #endif
|
45 mike 1.2
46 PEGASUS_NAMESPACE_BEGIN
47
|
48 kumpf 1.5
|
49 mike 1.2 /**
|
50 kumpf 1.29 This class keeps the authentication information of a connection
51 persistent until the connection is destroyed.
|
52 mike 1.3
|
53 kumpf 1.29 The HTTPConnection object creates a AuthenticationInfo object on a new
54 socket connection and includes this object reference in the HTTPMessage
|
55 kumpf 1.5 that gets passed to the Delegator and in turn to the AuthenticationManager.
|
56 kumpf 1.29 The AuthenticationManager and the related authentication classes use the
57 AuthenticationInfo to store and access the persistent authentication
|
58 kumpf 1.5 information for a connection.
|
59 mike 1.2 */
60 class PEGASUS_COMMON_LINKAGE AuthenticationInfo
61 {
62 public:
63
|
64 sushma.fernandes 1.34 /** Constructor - Creates an uninitialized new AuthenticationInfo
65 object representing an AuthenticationInfo class. The class object
|
66 kumpf 1.5 created by this constructor can only be used in an operation such as the
|
67 sushma.fernandes 1.34 copy constructor. It cannot be used to do method calls such as
68 getAuthType, since it is uninitialized.
|
69 kumpf 1.5
|
70 kumpf 1.29 Use one of the other constructors to create an initiated new
71 AuthenticationInfo class object. Throws an exception
72 "unitialized handle" if this unitialized handle is used for
|
73 kumpf 1.5 method calls.
74 */
75 AuthenticationInfo() : _rep(0)
76 {
77 PEG_METHOD_ENTER(
78 TRC_AUTHENTICATION, "AuthenticationInfo::AuthenticationInfo");
79
80
81 PEG_METHOD_EXIT();
82 }
83
|
84 kumpf 1.29 /** Creates and instantiates a AuthenticationInfo from another
|
85 kumpf 1.5 AuthenticationInfo instance
86 @return pointer to the new AuthenticationInfo instance
87 */
88 AuthenticationInfo(const AuthenticationInfo& x)
89 {
90 PEG_METHOD_ENTER(
91 TRC_AUTHENTICATION, "AuthenticationInfo::AuthenticationInfo");
92
93 Inc(_rep = x._rep);
94
95 PEG_METHOD_EXIT();
96 }
97
98 /** Assignment operator */
99 AuthenticationInfo& operator=(const AuthenticationInfo& x)
100 {
101 PEG_METHOD_ENTER(
102 TRC_AUTHENTICATION, "AuthenticationInfo::AuthenticationInfo");
103
104 if (x._rep != _rep)
105 {
106 kumpf 1.5 Dec(_rep);
107 Inc(_rep = x._rep);
108 }
109
110 PEG_METHOD_EXIT();
111 return *this;
112 }
113
|
114 kumpf 1.29 /** Constructor - Instantiates a AuthenticationInfo object.
|
115 kumpf 1.5 @param flag - used only to distinguish from the default constructor.
116 */
117 AuthenticationInfo(Boolean flag)
118 {
119 PEG_METHOD_ENTER(
120 TRC_AUTHENTICATION, "AuthenticationInfo::AuthenticationInfo");
|
121 mike 1.2
|
122 kumpf 1.5 _rep = new AuthenticationInfoRep(flag);
123
124 PEG_METHOD_EXIT();
125 }
|
126 mike 1.2
127 /** Destructor */
|
128 kumpf 1.5 ~AuthenticationInfo()
129 {
130 PEG_METHOD_ENTER(
131 TRC_AUTHENTICATION, "AuthenticationInfo::~AuthenticationInfo");
132
133 Dec(_rep);
134
135 PEG_METHOD_EXIT();
136 }
137
|
138 kumpf 1.41 /** Sets the connection authentication status of the request to the
|
139 sushma.fernandes 1.34 status specified.
|
140 kumpf 1.5 @param status - the new authentication status
141 */
|
142 sushma.fernandes 1.34 void setConnectionAuthenticated(Boolean status)
|
143 kumpf 1.29 {
|
144 marek 1.37 CheckRep(_rep);
|
145 sushma.fernandes 1.34 _rep->setConnectionAuthenticated(status);
|
146 kumpf 1.5 }
147
148 /** Get the previously authenticated user name
149 @return the authenticated user name
150 */
|
151 kumpf 1.29 String getAuthenticatedUser() const
152 {
|
153 marek 1.37 CheckRep(_rep);
|
154 kumpf 1.29 return _rep->getAuthenticatedUser();
|
155 kumpf 1.5 }
156
157 /** Sets the authenticated user name
158 @param userName - string containing the authenticated user name
159 */
160 void setAuthenticatedUser(const String& userName)
|
161 kumpf 1.29 {
|
162 marek 1.37 CheckRep(_rep);
|
163 kumpf 1.29 _rep->setAuthenticatedUser(userName);
|
164 kumpf 1.5 }
165
|
166 thilo.boehm 1.36 #ifdef PEGASUS_OS_ZOS
167
168 /** The connection user is for z/OS only.
169 On z/OS Unix Local Domain Sockets and sockets
170 protected by AT-TLS are able to get the user ID of
171 the connected user.
|
172 kumpf 1.41 This information is needed for later authentication
|
173 thilo.boehm 1.36 steps.
174 */
175
176 /** Get the connection user name
177 @return the connection user name
178 */
179 String getConnectionUser() const
180 {
|
181 marek 1.37 CheckRep(_rep);
|
182 thilo.boehm 1.36 return _rep->getConnectionUser();
183 }
184
185 /** Sets the connection user name
|
186 kumpf 1.41 @param userName - string containing the user name
|
187 thilo.boehm 1.36 provided by the connection
188 */
189 void setConnectionUser(const String& userName)
190 {
|
191 marek 1.37 CheckRep(_rep);
|
192 thilo.boehm 1.36 _rep->setConnectionUser(userName);
193 }
194
195 #endif
196
|
197 kumpf 1.16 /** Get the previously authenticated password
198 @return the authenticated password
199 */
|
200 kumpf 1.29 String getAuthenticatedPassword() const
201 {
|
202 marek 1.37 CheckRep(_rep);
|
203 kumpf 1.29 return _rep->getAuthenticatedPassword();
|
204 kumpf 1.16 }
205
206 /** Sets the authenticated password
207 @param password - string containing the authenticated password
208 */
209 void setAuthenticatedPassword(const String& password)
|
210 kumpf 1.29 {
|
211 marek 1.37 CheckRep(_rep);
|
212 kumpf 1.29 _rep->setAuthenticatedPassword(password);
|
213 kumpf 1.16 }
|
214 kumpf 1.29
|
215 kumpf 1.35 /** Get the local authentication file path that was sent to client
216 @return string containing the authentication file path
217 */
218 String getLocalAuthFilePath() const
219 {
|
220 marek 1.37 CheckRep(_rep);
|
221 kumpf 1.35 return _rep->getLocalAuthFilePath();
222 }
223
224 /** Set the local authentication file path to the specified file path
225 @param filePath String containing the authentication file path
226 */
227 void setLocalAuthFilePath(const String& filePath)
228 {
|
229 marek 1.37 CheckRep(_rep);
|
230 kumpf 1.35 _rep->setLocalAuthFilePath(filePath);
231 }
232
|
233 sushma.fernandes 1.33 /** Get the local authentication secret that was sent to client
|
234 kumpf 1.5 @return string containing the authentication secret
235 */
|
236 sushma.fernandes 1.33 String getLocalAuthSecret() const
|
237 kumpf 1.29 {
|
238 marek 1.37 CheckRep(_rep);
|
239 sushma.fernandes 1.33 return _rep->getLocalAuthSecret();
|
240 kumpf 1.5 }
241
|
242 sushma.fernandes 1.33 /** Set the local authentication secret to the specified secret
|
243 kumpf 1.5 @param secret - string containing the authentication secret
244 */
|
245 sushma.fernandes 1.33 void setLocalAuthSecret(const String& secret)
|
246 kumpf 1.29 {
|
247 marek 1.37 CheckRep(_rep);
|
248 sushma.fernandes 1.33 _rep->setLocalAuthSecret(secret);
|
249 kumpf 1.5 }
250
251 /** Is the request authenticated
252 */
253 /** Returns the authentication status of the current connection.
254 @return true if the connection was authenticated, false otherwise
255 */
|
256 sushma.fernandes 1.34 Boolean isConnectionAuthenticated() const
|
257 kumpf 1.29 {
|
258 marek 1.37 CheckRep(_rep);
|
259 sushma.fernandes 1.34 return _rep->isConnectionAuthenticated();
|
260 kumpf 1.5 }
261
262 /** Set the authentication type to the specified type
263 @param string containing the authentication type
264 */
265 void setAuthType(const String& authType)
|
266 kumpf 1.29 {
|
267 marek 1.37 CheckRep(_rep);
|
268 kumpf 1.5 _rep->setAuthType(authType);
269 }
270
271 /** Get the authentication type of the connection
272 @return string containing the authentication type
273 */
|
274 kumpf 1.29 String getAuthType() const
275 {
|
276 marek 1.37 CheckRep(_rep);
|
277 kumpf 1.5 return _rep->getAuthType();
278 }
|
279 gerarda 1.13
|
280 kumpf 1.29 /**
|
281 sushma.fernandes 1.28 Set the IP address to the specified IP address
282 @param string containing the IP address
283 */
284 void setIpAddress(const String& ipAddress)
285 {
|
286 marek 1.37 CheckRep(_rep);
|
287 sushma.fernandes 1.28 _rep->setIpAddress(ipAddress);
288 }
289
|
290 kumpf 1.29 /**
|
291 sushma.fernandes 1.28 Get the IP address of the connection
292
|
293 kumpf 1.29 NOTE: The IP address is for debug use only.
|
294 sushma.fernandes 1.28 It should not be used for authentication purposes.
295
296 @return string containing the IP address
297 */
298 String getIpAddress() const
299 {
|
300 marek 1.37 CheckRep(_rep);
|
301 sushma.fernandes 1.28 return _rep->getIpAddress();
302 }
303
304
|
305 gerarda 1.13 #ifdef PEGASUS_KERBEROS_AUTHENTICATION
|
306 kumpf 1.29 /** Get the CIM Security Association
|
307 gerarda 1.14 @return a pointer to the CIM Security Association
|
308 gerarda 1.13 */
|
309 kumpf 1.29 CIMKerberosSecurityAssociation* getSecurityAssociation() const
310 {
|
311 marek 1.37 CheckRep(_rep);
|
312 kumpf 1.29 return _rep->getSecurityAssociation();
|
313 gerarda 1.14 }
314
|
315 kumpf 1.29 /** Set the CIM Security Association
|
316 gerarda 1.14 The pointer will only be set once. If it is already set it will
317 not reset it.
318 */
319 void setSecurityAssociation()
|
320 kumpf 1.29 {
|
321 marek 1.37 CheckRep(_rep);
|
322 kumpf 1.29 _rep->setSecurityAssociation();
|
323 gerarda 1.13 }
324 #endif
|
325 h.sterling 1.19
|
326 h.sterling 1.25 Array<SSLCertificateInfo*> getClientCertificateChain()
|
327 kumpf 1.29 {
|
328 marek 1.37 CheckRep(_rep);
|
329 h.sterling 1.25 return _rep->getClientCertificateChain();
|
330 kumpf 1.29 }
|
331 h.sterling 1.23
|
332 kumpf 1.29 void setClientCertificateChain(Array<SSLCertificateInfo*> clientCertificate)
333 {
|
334 marek 1.37 CheckRep(_rep);
|
335 h.sterling 1.25 _rep->setClientCertificateChain(clientCertificate);
|
336 kumpf 1.29 }
|
337 h.sterling 1.23
|
338 marek 1.30 /** Set flag to show that isRemotePrivilegedUserAccess check has been done
339 this function should only be used by OpenPegasus AuthenticationHandlers
340 */
341 void setRemotePrivilegedUserAccessChecked()
342 {
|
343 marek 1.37 CheckRep(_rep);
|
344 marek 1.30 _rep->setRemotePrivilegedUserAccessChecked();
345 }
346
|
347 kumpf 1.31 /** Indicates whether the isRemotePrivilegedUserAccess check has been
348 performed. This method should only be used by OpenPegasus
349 AuthenticationHandlers
|
350 marek 1.30 */
351 Boolean getRemotePrivilegedUserAccessChecked()
352 {
|
353 marek 1.37 CheckRep(_rep);
|
354 marek 1.30 return _rep->getRemotePrivilegedUserAccessChecked();
355 }
356
|
357 mike 1.2 private:
358
|
359 kumpf 1.5 AuthenticationInfo(AuthenticationInfoRep* rep) : _rep(rep)
360 {
|
361 mike 1.2
|
362 kumpf 1.5 }
|
363 kumpf 1.41
|
364 kumpf 1.5 AuthenticationInfoRep* _rep;
|
365 mike 1.2 };
366
367 PEGASUS_NAMESPACE_END
368
369 #endif /* Pegasus_AuthenticationInfo_h*/
|