version 1.19, 2006/10/20 18:06:02
|
version 1.38, 2014/11/10 16:14:05
|
|
|
//%2006//////////////////////////////////////////////////////////////////////// |
//%LICENSE//////////////////////////////////////////////////////////////// |
// | // |
// Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development |
// Licensed to The Open Group (TOG) under one or more contributor license |
// Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems. |
// agreements. Refer to the OpenPegasusNOTICE.txt file distributed with |
// Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.; |
// this work for additional information regarding copyright ownership. |
// IBM Corp.; EMC Corporation, The Open Group. |
// Each contributor licenses this file to you under the OpenPegasus Open |
// Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.; |
// Source License; you may not use this file except in compliance with the |
// IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group. |
// License. |
// Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.; |
|
// EMC Corporation; VERITAS Software Corporation; The Open Group. |
|
// Copyright (c) 2006 Hewlett-Packard Development Company, L.P.; IBM Corp.; |
|
// EMC Corporation; Symantec Corporation; The Open Group. |
|
// |
|
// Permission is hereby granted, free of charge, to any person obtaining a copy |
|
// of this software and associated documentation files (the "Software"), to |
|
// deal in the Software without restriction, including without limitation the |
|
// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or |
|
// sell copies of the Software, and to permit persons to whom the Software is |
|
// furnished to do so, subject to the following conditions: |
|
// |
|
// THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN |
|
// ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED |
|
// "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT |
|
// LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR |
|
// PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT |
|
// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN |
|
// ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION |
|
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
|
// | // |
//============================================================================== |
// Permission is hereby granted, free of charge, to any person obtaining a |
|
// copy of this software and associated documentation files (the "Software"), |
|
// to deal in the Software without restriction, including without limitation |
|
// the rights to use, copy, modify, merge, publish, distribute, sublicense, |
|
// and/or sell copies of the Software, and to permit persons to whom the |
|
// Software is furnished to do so, subject to the following conditions: |
|
// |
|
// The above copyright notice and this permission notice shall be included |
|
// in all copies or substantial portions of the Software. |
|
// |
|
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS |
|
// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF |
|
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. |
|
// IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY |
|
// CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, |
|
// TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE |
|
// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
|
// |
|
////////////////////////////////////////////////////////////////////////// |
// | // |
//%///////////////////////////////////////////////////////////////////////////// | //%///////////////////////////////////////////////////////////////////////////// |
| |
|
|
#include <Pegasus/Common/Sharable.h> | #include <Pegasus/Common/Sharable.h> |
#include <Pegasus/Common/Linkage.h> | #include <Pegasus/Common/Linkage.h> |
#include <Pegasus/Common/SSLContext.h> | #include <Pegasus/Common/SSLContext.h> |
|
#include <Pegasus/Common/AuthHandle.h> |
| |
#ifdef PEGASUS_KERBEROS_AUTHENTICATION |
|
#include <Pegasus/Common/CIMKerberosSecurityAssociation.h> |
#ifdef PEGASUS_NEGOTIATE_AUTHENTICATION |
#endif |
#include <Pegasus/Common/Negotiate.h> |
|
#endif //PEGASUS_NEGOTIATE_AUTHENTICATION |
| |
PEGASUS_NAMESPACE_BEGIN | PEGASUS_NAMESPACE_BEGIN |
| |
|
|
class PEGASUS_COMMON_LINKAGE AuthenticationInfoRep : public Sharable | class PEGASUS_COMMON_LINKAGE AuthenticationInfoRep : public Sharable |
{ | { |
public: | public: |
enum AuthStatus { NEW_REQUEST, CHALLENGE_SENT, AUTHENTICATED }; |
|
| |
//ATTN: we should be using an enumeration for the authtype instead of a string. |
//ATTN: we should be using an enumeration for the authtype instead of a |
|
//string. |
//In the AuthenticationManager, the authtype is set to Basic, Digest, etc | //In the AuthenticationManager, the authtype is set to Basic, Digest, etc |
//We also need to be able to check whether the type is SSL, so I'm adding a | //We also need to be able to check whether the type is SSL, so I'm adding a |
//string here to make it less arbitrary. PEP165 | //string here to make it less arbitrary. PEP165 |
static const String AUTH_TYPE_SSL; | static const String AUTH_TYPE_SSL; |
|
static const String AUTH_TYPE_ZOS_LOCAL_DOMIAN_SOCKET; |
|
static const String AUTH_TYPE_ZOS_ATTLS; |
|
static const String AUTH_TYPE_COOKIE; |
| |
AuthenticationInfoRep(Boolean flag); |
AuthenticationInfoRep(); |
| |
~AuthenticationInfoRep(); | ~AuthenticationInfoRep(); |
| |
AuthStatus getAuthStatus() const |
void setConnectionAuthenticated(Boolean connectionAuthenticated); |
{ |
|
return _authStatus; |
|
} |
|
|
|
void setAuthStatus(AuthStatus status); |
|
| |
String getAuthenticatedUser() const | String getAuthenticatedUser() const |
{ | { |
|
|
| |
void setAuthenticatedUser(const String& userName); | void setAuthenticatedUser(const String& userName); |
| |
String getAuthenticatedPassword() const |
#ifdef PEGASUS_OS_ZOS |
{ |
|
return _authPassword; |
// The connection user is for z/OS only. |
|
// On z/OS Unix Local Domain Sockets and sockets |
|
// protected by AT-TLS are able to get the user ID of |
|
// the connected user. |
|
// This information is needed for later authentication |
|
// steps. |
|
|
|
String getConnectionUser() const |
|
{ return _connectionUser; |
} | } |
| |
void setAuthenticatedPassword(const String& password); |
void setConnectionUser(const String& userName); |
| |
String getAuthChallenge() const |
#endif |
|
|
|
String getAuthenticatedPassword() const |
{ | { |
return _authChallenge; |
return _authPassword; |
} | } |
| |
void setAuthChallenge(const String& challenge); |
void setAuthenticatedPassword(const String& password); |
| |
String getAuthSecret() const |
String getLocalAuthFilePath() const |
{ | { |
return _authSecret; |
return _localAuthFilePath; |
} | } |
| |
void setAuthSecret(const String& secret); |
void setLocalAuthFilePath(const String& filePath); |
| |
Boolean isPrivileged() const |
String getLocalAuthSecret() const |
{ | { |
return _privileged; |
return _localAuthSecret; |
} | } |
| |
void setPrivileged(Boolean privileged); |
void setLocalAuthSecret(const String& secret); |
| |
Boolean isAuthenticated() const |
Boolean isConnectionAuthenticated() const |
{ | { |
return (_authStatus == AUTHENTICATED) ? true : false; |
return _connectionAuthenticated; |
} | } |
| |
String getAuthType() const | String getAuthType() const |
|
|
return _ipAddress; | return _ipAddress; |
} | } |
| |
#ifdef PEGASUS_KERBEROS_AUTHENTICATION |
#ifdef PEGASUS_NEGOTIATE_AUTHENTICATION |
CIMKerberosSecurityAssociation* getSecurityAssociation() const |
/** Get GSSAPI context for this connection. */ |
|
SharedPtr<NegotiateServerSession> getNegotiateSession() |
{ | { |
return _securityAssoc.get(); |
return _session; |
} | } |
|
#endif //PEGASUS_NEGOTIATE_AUTHENTICATION |
| |
void setSecurityAssociation(); |
|
#endif |
|
|
|
//PEP187 |
|
Array<SSLCertificateInfo*> getClientCertificateChain() | Array<SSLCertificateInfo*> getClientCertificateChain() |
{ | { |
return _clientCertificate; | return _clientCertificate; |
} | } |
| |
//PEP187 |
void setClientCertificateChain( |
void setClientCertificateChain(Array<SSLCertificateInfo*> |
Array<SSLCertificateInfo*> clientCertificate); |
clientCertificate); |
|
| |
private: |
void setRemotePrivilegedUserAccessChecked() |
|
{ |
|
_wasRemotePrivilegedUserAccessChecked = true; |
|
} |
| |
/** Constructors */ |
Boolean getRemotePrivilegedUserAccessChecked() |
AuthenticationInfoRep(); |
{ |
|
return _wasRemotePrivilegedUserAccessChecked; |
|
} |
| |
AuthenticationInfoRep(const AuthenticationInfoRep& x); |
void setAuthHandle(const AuthHandle& authHandle) |
|
{ |
|
_authHandle = authHandle; |
|
} |
| |
|
AuthHandle getAuthHandle() |
|
{ |
|
return _authHandle; |
|
} |
|
|
|
void setUserRole(const String& userRole) |
|
{ |
|
_userRole = userRole; |
|
} |
|
|
|
String getUserRole() |
|
{ |
|
return _userRole; |
|
} |
|
|
|
void setExpiredPassword(Boolean status) |
|
{ |
|
_isExpiredPassword = status; |
|
} |
|
|
|
Boolean isExpiredPassword() const |
|
{ |
|
return _isExpiredPassword; |
|
} |
|
|
|
#ifdef PEGASUS_ENABLE_SESSION_COOKIES |
|
void setCookie(const String &value) |
|
{ |
|
_cookie = value; |
|
} |
|
|
|
String getCookie() const |
|
{ |
|
return _cookie; |
|
} |
|
#endif |
|
|
|
private: |
|
|
|
/** Default Copy Constructor and assignment operator */ |
|
AuthenticationInfoRep(const AuthenticationInfoRep& x); |
AuthenticationInfoRep& operator=(const AuthenticationInfoRep& x); | AuthenticationInfoRep& operator=(const AuthenticationInfoRep& x); |
| |
String _authUser; | String _authUser; |
String _authPassword; | String _authPassword; |
String _authChallenge; |
String _localAuthSecret; |
String _authSecret; |
String _localAuthFilePath; |
Boolean _privileged; |
#ifdef PEGASUS_OS_ZOS |
|
String _connectionUser; |
|
#endif |
String _authType; | String _authType; |
AuthStatus _authStatus; |
Boolean _connectionAuthenticated; |
String _ipAddress; | String _ipAddress; |
#ifdef PEGASUS_KERBEROS_AUTHENTICATION |
|
AutoPtr<CIMKerberosSecurityAssociation> _securityAssoc;//PEP101 |
#ifdef PEGASUS_NEGOTIATE_AUTHENTICATION |
#endif |
SharedPtr<NegotiateServerSession> _session; |
|
#endif //PEGASUS_NEGOTIATE_AUTHENTICATION |
|
|
|
Boolean _wasRemotePrivilegedUserAccessChecked; |
| |
Array<SSLCertificateInfo*> _clientCertificate; | Array<SSLCertificateInfo*> _clientCertificate; |
|
|
|
AuthHandle _authHandle; |
|
String _userRole; |
|
Boolean _isExpiredPassword; |
|
#ifdef PEGASUS_ENABLE_SESSION_COOKIES |
|
String _cookie; |
|
#endif |
}; | }; |
| |
PEGASUS_NAMESPACE_END | PEGASUS_NAMESPACE_END |