1 karl 1.54 //%2006////////////////////////////////////////////////////////////////////////
|
2 mike 1.2 //
|
3 karl 1.44 // Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development
4 // Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems.
5 // Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.;
|
6 karl 1.24 // IBM Corp.; EMC Corporation, The Open Group.
|
7 karl 1.44 // Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.;
8 // IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group.
|
9 karl 1.47 // Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.;
10 // EMC Corporation; VERITAS Software Corporation; The Open Group.
|
11 karl 1.54 // Copyright (c) 2006 Hewlett-Packard Development Company, L.P.; IBM Corp.;
12 // EMC Corporation; Symantec Corporation; The Open Group.
|
13 mike 1.2 //
14 // Permission is hereby granted, free of charge, to any person obtaining a copy
15 // of this software and associated documentation files (the "Software"), to
16 // deal in the Software without restriction, including without limitation the
17 // rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
18 // sell copies of the Software, and to permit persons to whom the Software is
19 // furnished to do so, subject to the following conditions:
|
20 kumpf 1.11 //
|
21 mike 1.2 // THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN
22 // ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED
23 // "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
24 // LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
25 // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
26 // HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
27 // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
28 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
29 //
30 //==============================================================================
31 //
32 // Author: Nag Boranna, Hewlett-Packard Company(nagaraja_boranna@hp.com)
33 //
|
34 kumpf 1.3 // Modified By:
35 // Sushma Fernandes, Hewlett-Packard Company(sushma_fernandes@hp.com)
|
36 kumpf 1.10 // Bapu Patil, Hewlett-Packard Company (bapu_patil@hp.com)
|
37 kumpf 1.14 // Yi Zhou, Hewlett-Packard Company (yi_zhou@hp.com)
|
38 h.sterling 1.31 // Heather Sterling, IBM (hsterl@us.ibm.com)
|
39 aruran.ms 1.51 // Aruran, IBM (ashanmug@in.ibm.com) for Bug# 3614
|
40 vijay.eli 1.52 // Vijay Eli, IBM, (vijayeli@in.ibm.com) for Bug# 3613
|
41 aruran.ms 1.53 // Aruran, IBM (ashanmug@in.ibm.com) for Bug# 3613
|
42 mike 1.2 //
43 //%/////////////////////////////////////////////////////////////////////////////
44
45
46 ///////////////////////////////////////////////////////////////////////////////
47 //
48 // This file has implementation for the security property owner class.
49 //
50 ///////////////////////////////////////////////////////////////////////////////
51
|
52 kumpf 1.4 #include "ConfigManager.h"
|
53 mike 1.2 #include "SecurityPropertyOwner.h"
|
54 kumpf 1.3 #include <Pegasus/Common/FileSystem.h>
|
55 h.sterling 1.31 #include <Pegasus/Common/System.h>
|
56 mike 1.2
57
58 PEGASUS_USING_STD;
59
60 PEGASUS_NAMESPACE_BEGIN
61
62 ///////////////////////////////////////////////////////////////////////////////
63 // SecurityPropertyOwner
64 ///////////////////////////////////////////////////////////////////////////////
65
66 static struct ConfigPropertyRow properties[] =
67 {
|
68 david 1.25 #ifdef PEGASUS_OS_OS400
|
69 konrad.r 1.46 {"enableAuthentication", "true", IS_STATIC, 0, 0, IS_VISIBLE},
|
70 david 1.25 #else
|
71 konrad.r 1.46 {"enableAuthentication", "false", IS_STATIC, 0, 0, IS_VISIBLE},
|
72 david 1.25 #endif
|
73 humberto 1.49 //#if defined(PEGASUS_OS_OS400) && defined(PEGASUS_KERBEROS_AUTHENTICATION)
74 // {"httpAuthType", "Kerberos", IS_STATIC, 0, 0, IS_VISIBLE},
75 //#else
|
76 konrad.r 1.46 {"httpAuthType", "Basic", IS_STATIC, 0, 0, IS_VISIBLE},
|
77 humberto 1.49 //#endif
|
78 konrad.r 1.46 {"passwordFilePath", "cimserver.passwd", IS_STATIC, 0, 0, IS_VISIBLE},
|
79 kumpf 1.21 #ifdef PEGASUS_OS_HPUX
|
80 humberto 1.49 {"sslCertificateFilePath", "cert.pem", IS_STATIC, 0, 0, IS_VISIBLE},
|
81 kumpf 1.21 #else
|
82 humberto 1.49 # ifdef PEGASUS_OS_OS400
83 {"sslCertificateFilePath", "ssl/keystore/servercert.pem", IS_STATIC, 0, 0, IS_VISIBLE},
84 # else
|
85 konrad.r 1.46 {"sslCertificateFilePath", "server.pem", IS_STATIC, 0, 0, IS_VISIBLE},
|
86 humberto 1.49 # endif
87 #endif
88 #ifdef PEGASUS_OS_OS400
89 {"sslKeyFilePath", "ssl/keystore/serverkey.pem", IS_STATIC, 0, 0, IS_VISIBLE},
90 #else
91 {"sslKeyFilePath", "file.pem", IS_STATIC, 0, 0, IS_VISIBLE},
92 #endif
93 #ifdef PEGASUS_OS_OS400
94 {"sslTrustStore", "ssl/truststore/", IS_STATIC, 0, 0, IS_VISIBLE},
95 #else
96 {"sslTrustStore", "cimserver_trust", IS_STATIC, 0, 0, IS_VISIBLE},
|
97 kumpf 1.21 #endif
|
98 humberto 1.49 #ifdef PEGASUS_OS_OS400
99 {"exportSSLTrustStore", "ssl/exporttruststore/", IS_STATIC, 0, 0, IS_VISIBLE},
100 #else
|
101 nag.boranna 1.48 {"exportSSLTrustStore", "indication_trust", IS_STATIC, 0, 0, IS_VISIBLE},
|
102 humberto 1.49 #endif
|
103 sushma.fernandes 1.54.2.1 #ifdef PEGASUS_ENABLE_SSL_CRL_VERIFICATION
|
104 humberto 1.49 #ifdef PEGASUS_OS_OS400
105 {"crlStore", "ssl/crlstore/", IS_STATIC, 0, 0, IS_VISIBLE},
106 #else
|
107 nag.boranna 1.48 {"crlStore", "crl", IS_STATIC, 0, 0, IS_VISIBLE},
|
108 humberto 1.49 #endif
|
109 sushma.fernandes 1.54.2.1 #endif
|
110 humberto 1.49 #ifdef PEGASUS_OS_OS400
111 {"sslClientVerificationMode", "optional", IS_STATIC, 0, 0, IS_VISIBLE},
112 #else
|
113 konrad.r 1.46 {"sslClientVerificationMode", "disabled", IS_STATIC, 0, 0, IS_VISIBLE},
|
114 humberto 1.49 #endif
|
115 nag.boranna 1.48 {"sslTrustStoreUserName", "", IS_STATIC, 0, 0, IS_VISIBLE},
|
116 david 1.25 #ifdef PEGASUS_OS_OS400
|
117 konrad.r 1.46 {"enableNamespaceAuthorization", "true", IS_STATIC, 0, 0, IS_VISIBLE},
|
118 david 1.25 #else
|
119 konrad.r 1.46 {"enableNamespaceAuthorization", "false", IS_STATIC, 0, 0, IS_VISIBLE},
|
120 david 1.25 #endif
|
121 gerarda 1.20 #ifdef PEGASUS_KERBEROS_AUTHENTICATION
|
122 konrad.r 1.46 {"kerberosServiceName", "cimom", IS_STATIC, 0, 0, IS_VISIBLE},
|
123 gerarda 1.20 #endif
|
124 denise.eckstein 1.43 #if defined(PEGASUS_OS_HPUX) || defined(PEGASUS_OS_LINUX)
|
125 kumpf 1.40 # ifdef PEGASUS_USE_RELEASE_CONFIG_OPTIONS
|
126 konrad.r 1.46 {"enableSubscriptionsForNonprivilegedUsers", "false", IS_STATIC, 0, 0, IS_VISIBLE},
|
127 kumpf 1.40 # else
|
128 konrad.r 1.46 {"enableSubscriptionsForNonprivilegedUsers", "true", IS_STATIC, 0, 0, IS_VISIBLE},
|
129 kumpf 1.40 # endif
130 #else
|
131 humberto 1.49 # ifdef PEGASUS_OS_OS400
|
132 humberto 1.50 {"enableSubscriptionsForNonprivilegedUsers", "false", IS_STATIC, 0, 0, IS_VISIBLE},
|
133 humberto 1.49 # else
|
134 konrad.r 1.46 {"enableSubscriptionsForNonprivilegedUsers", "true", IS_STATIC, 0, 0, IS_HIDDEN},
|
135 humberto 1.49 # endif
|
136 kumpf 1.40 #endif
|
137 konrad.r 1.46 {"enableRemotePrivilegedUserAccess", "true", IS_STATIC, 0, 0, IS_VISIBLE},
|
138 kumpf 1.33 #ifdef PEGASUS_ENABLE_USERGROUP_AUTHORIZATION
|
139 konrad.r 1.46 {"authorizedUserGroups", "", IS_STATIC, 0, 0, IS_VISIBLE},
|
140 kumpf 1.33 #endif
|
141 humberto 1.49 #ifdef PEGASUS_OS_OS400
142 {"enableSSLExportClientVerification", "true", IS_STATIC, 0, 0, IS_VISIBLE}
143 #else
|
144 konrad.r 1.46 {"enableSSLExportClientVerification", "false", IS_STATIC, 0, 0, IS_VISIBLE}
|
145 humberto 1.49 #endif
|
146 mike 1.2 };
147
148 const Uint32 NUM_PROPERTIES = sizeof(properties) / sizeof(properties[0]);
149
150
151 /** Constructors */
152 SecurityPropertyOwner::SecurityPropertyOwner()
153 {
|
154 a.arora 1.34 _enableAuthentication.reset(new ConfigProperty());
155 _enableNamespaceAuthorization.reset(new ConfigProperty());
156 _httpAuthType.reset(new ConfigProperty());
157 _passwordFilePath.reset(new ConfigProperty());
158 _certificateFilePath.reset(new ConfigProperty());
159 _keyFilePath.reset(new ConfigProperty());
160 _trustStore.reset(new ConfigProperty());
161 _exportSSLTrustStore.reset(new ConfigProperty());
|
162 sushma.fernandes 1.54.2.1 #ifdef PEGASUS_ENABLE_SSL_CRL_VERIFICATION
|
163 h.sterling 1.45 _crlStore.reset(new ConfigProperty());
|
164 sushma.fernandes 1.54.2.1 #endif
|
165 a.arora 1.34 _sslClientVerificationMode.reset(new ConfigProperty());
|
166 h.sterling 1.38 _sslTrustStoreUserName.reset(new ConfigProperty());
|
167 a.arora 1.34 _enableRemotePrivilegedUserAccess.reset(new ConfigProperty());
168 _enableSubscriptionsForNonprivilegedUsers.reset(new ConfigProperty());
|
169 kumpf 1.33 #ifdef PEGASUS_ENABLE_USERGROUP_AUTHORIZATION
|
170 a.arora 1.34 _authorizedUserGroups.reset(new ConfigProperty());
|
171 kumpf 1.33 #endif
|
172 a.arora 1.34 _enableSSLExportClientVerification.reset(new ConfigProperty());
|
173 gerarda 1.20 #ifdef PEGASUS_KERBEROS_AUTHENTICATION
|
174 a.arora 1.34 _kerberosServiceName.reset(new ConfigProperty());
|
175 gerarda 1.20 #endif
|
176 mike 1.2 }
177
178
179 /**
180 Initialize the config properties.
181 */
182 void SecurityPropertyOwner::initialize()
183 {
184 for (Uint32 i = 0; i < NUM_PROPERTIES; i++)
185 {
186 //
187 // Initialize the properties with default values
188 //
189 if (String::equalNoCase(
|
190 kumpf 1.9 properties[i].propertyName, "enableAuthentication"))
|
191 mike 1.2 {
|
192 kumpf 1.9 _enableAuthentication->propertyName = properties[i].propertyName;
193 _enableAuthentication->defaultValue = properties[i].defaultValue;
194 _enableAuthentication->currentValue = properties[i].defaultValue;
195 _enableAuthentication->plannedValue = properties[i].defaultValue;
196 _enableAuthentication->dynamic = properties[i].dynamic;
197 _enableAuthentication->domain = properties[i].domain;
198 _enableAuthentication->domainSize = properties[i].domainSize;
|
199 kumpf 1.19 _enableAuthentication->externallyVisible = properties[i].externallyVisible;
|
200 mike 1.2 }
201 else if (String::equalNoCase(
|
202 kumpf 1.9 properties[i].propertyName, "enableNamespaceAuthorization"))
|
203 mike 1.2 {
|
204 kumpf 1.9 _enableNamespaceAuthorization->propertyName = properties[i].propertyName;
205 _enableNamespaceAuthorization->defaultValue = properties[i].defaultValue;
206 _enableNamespaceAuthorization->currentValue = properties[i].defaultValue;
207 _enableNamespaceAuthorization->plannedValue = properties[i].defaultValue;
208 _enableNamespaceAuthorization->dynamic = properties[i].dynamic;
209 _enableNamespaceAuthorization->domain = properties[i].domain;
210 _enableNamespaceAuthorization->domainSize = properties[i].domainSize;
|
211 kumpf 1.19 _enableNamespaceAuthorization->externallyVisible = properties[i].externallyVisible;
|
212 mike 1.2 }
213 else if (String::equalNoCase(properties[i].propertyName, "httpAuthType"))
214 {
215 _httpAuthType->propertyName = properties[i].propertyName;
216 _httpAuthType->defaultValue = properties[i].defaultValue;
217 _httpAuthType->currentValue = properties[i].defaultValue;
218 _httpAuthType->plannedValue = properties[i].defaultValue;
219 _httpAuthType->dynamic = properties[i].dynamic;
220 _httpAuthType->domain = properties[i].domain;
221 _httpAuthType->domainSize = properties[i].domainSize;
|
222 kumpf 1.19 _httpAuthType->externallyVisible = properties[i].externallyVisible;
|
223 mike 1.2 }
|
224 kumpf 1.3 else if (String::equalNoCase(
225 properties[i].propertyName,
226 "passwordFilePath"))
227 {
228 _passwordFilePath->propertyName = properties[i].propertyName;
229 _passwordFilePath->defaultValue = properties[i].defaultValue;
|
230 kumpf 1.36 _passwordFilePath->currentValue = properties[i].defaultValue;
|
231 kumpf 1.3 _passwordFilePath->plannedValue = properties[i].defaultValue;
232 _passwordFilePath->dynamic = properties[i].dynamic;
233 _passwordFilePath->domain = properties[i].domain;
234 _passwordFilePath->domainSize = properties[i].domainSize;
|
235 kumpf 1.19 _passwordFilePath->externallyVisible = properties[i].externallyVisible;
|
236 kumpf 1.3 }
|
237 kumpf 1.5 else if (String::equalNoCase(
|
238 kumpf 1.10 properties[i].propertyName,
239 "sslCertificateFilePath"))
240 {
241 _certificateFilePath->propertyName = properties[i].propertyName;
242 _certificateFilePath->defaultValue = properties[i].defaultValue;
|
243 kumpf 1.36 _certificateFilePath->currentValue = properties[i].defaultValue;
|
244 kumpf 1.10 _certificateFilePath->plannedValue = properties[i].defaultValue;
245 _certificateFilePath->dynamic = properties[i].dynamic;
246 _certificateFilePath->domain = properties[i].domain;
247 _certificateFilePath->domainSize = properties[i].domainSize;
|
248 kumpf 1.19 _certificateFilePath->externallyVisible = properties[i].externallyVisible;
|
249 kumpf 1.10 }
250 else if (String::equalNoCase(
|
251 kumpf 1.17 properties[i].propertyName,
|
252 kumpf 1.18 "sslKeyFilePath"))
|
253 kumpf 1.17 {
254 _keyFilePath->propertyName = properties[i].propertyName;
255 _keyFilePath->defaultValue = properties[i].defaultValue;
|
256 kumpf 1.36 _keyFilePath->currentValue = properties[i].defaultValue;
|
257 kumpf 1.17 _keyFilePath->plannedValue = properties[i].defaultValue;
258 _keyFilePath->dynamic = properties[i].dynamic;
259 _keyFilePath->domain = properties[i].domain;
260 _keyFilePath->domainSize = properties[i].domainSize;
|
261 kumpf 1.19 _keyFilePath->externallyVisible = properties[i].externallyVisible;
|
262 kumpf 1.17 }
263 else if (String::equalNoCase(
|
264 kumpf 1.18 properties[i].propertyName,
|
265 h.sterling 1.31 "sslTrustStore"))
|
266 kumpf 1.18 {
|
267 h.sterling 1.31 _trustStore->propertyName = properties[i].propertyName;
268 _trustStore->defaultValue = properties[i].defaultValue;
|
269 kumpf 1.35 _trustStore->currentValue = properties[i].defaultValue;
|
270 h.sterling 1.31 _trustStore->plannedValue = properties[i].defaultValue;
271 _trustStore->dynamic = properties[i].dynamic;
272 _trustStore->domain = properties[i].domain;
273 _trustStore->domainSize = properties[i].domainSize;
274 _trustStore->externallyVisible = properties[i].externallyVisible;
|
275 kumpf 1.18
|
276 h.sterling 1.31 // do not initialize trustpath; a truststore is not required for SSL handshakes
277 // a server may wish to connect on HTTPS but not verify clients
|
278 kumpf 1.18 }
|
279 kumpf 1.32 else if (String::equalNoCase(
280 properties[i].propertyName,
281 "exportSSLTrustStore"))
282 {
283 _exportSSLTrustStore->propertyName = properties[i].propertyName;
284 _exportSSLTrustStore->defaultValue = properties[i].defaultValue;
|
285 kumpf 1.35 _exportSSLTrustStore->currentValue = properties[i].defaultValue;
|
286 kumpf 1.32 _exportSSLTrustStore->plannedValue = properties[i].defaultValue;
287 _exportSSLTrustStore->dynamic = properties[i].dynamic;
288 _exportSSLTrustStore->domain = properties[i].domain;
289 _exportSSLTrustStore->domainSize = properties[i].domainSize;
290 _exportSSLTrustStore->externallyVisible = properties[i].externallyVisible;
291 }
|
292 sushma.fernandes 1.54.2.1 #ifdef PEGASUS_ENABLE_SSL_CRL_VERIFICATION
|
293 h.sterling 1.31 else if (String::equalNoCase(
|
294 h.sterling 1.45 properties[i].propertyName,
295 "crlStore"))
296 {
297 _crlStore->propertyName = properties[i].propertyName;
298 _crlStore->defaultValue = properties[i].defaultValue;
299 _crlStore->currentValue = properties[i].defaultValue;
300 _crlStore->plannedValue = properties[i].defaultValue;
301 _crlStore->dynamic = properties[i].dynamic;
302 _crlStore->domain = properties[i].domain;
303 _crlStore->domainSize = properties[i].domainSize;
304 _crlStore->externallyVisible = properties[i].externallyVisible;
305
306 }
|
307 sushma.fernandes 1.54.2.1 #endif
|
308 h.sterling 1.45 else if (String::equalNoCase(
|
309 h.sterling 1.31 properties[i].propertyName, "sslClientVerificationMode"))
310 {
311 _sslClientVerificationMode->propertyName = properties[i].propertyName;
312 _sslClientVerificationMode->defaultValue = properties[i].defaultValue;
313 _sslClientVerificationMode->currentValue = properties[i].defaultValue;
314 _sslClientVerificationMode->plannedValue = properties[i].defaultValue;
315 _sslClientVerificationMode->dynamic = properties[i].dynamic;
316 _sslClientVerificationMode->domain = properties[i].domain;
317 _sslClientVerificationMode->domainSize = properties[i].domainSize;
318 _sslClientVerificationMode->externallyVisible = properties[i].externallyVisible;
319 }
320 else if (String::equalNoCase(
|
321 h.sterling 1.38 properties[i].propertyName, "sslTrustStoreUserName"))
322 {
323 _sslTrustStoreUserName->propertyName = properties[i].propertyName;
324 _sslTrustStoreUserName->defaultValue = properties[i].defaultValue;
325 _sslTrustStoreUserName->currentValue = properties[i].defaultValue;
326 _sslTrustStoreUserName->plannedValue = properties[i].defaultValue;
327 _sslTrustStoreUserName->dynamic = properties[i].dynamic;
328 _sslTrustStoreUserName->domain = properties[i].domain;
329 _sslTrustStoreUserName->domainSize = properties[i].domainSize;
330 _sslTrustStoreUserName->externallyVisible = properties[i].externallyVisible;
331 }
|
332 kumpf 1.18 else if (String::equalNoCase(
|
333 kumpf 1.5 properties[i].propertyName, "enableRemotePrivilegedUserAccess"))
334 {
335 _enableRemotePrivilegedUserAccess->propertyName = properties[i].propertyName;
336 _enableRemotePrivilegedUserAccess->defaultValue = properties[i].defaultValue;
337 _enableRemotePrivilegedUserAccess->currentValue = properties[i].defaultValue;
338 _enableRemotePrivilegedUserAccess->plannedValue = properties[i].defaultValue;
339 _enableRemotePrivilegedUserAccess->dynamic = properties[i].dynamic;
340 _enableRemotePrivilegedUserAccess->domain = properties[i].domain;
341 _enableRemotePrivilegedUserAccess->domainSize = properties[i].domainSize;
|
342 kumpf 1.19 _enableRemotePrivilegedUserAccess->externallyVisible = properties[i].externallyVisible;
|
343 kumpf 1.5 }
|
344 kumpf 1.22 else if (String::equalNoCase(
345 properties[i].propertyName, "enableSubscriptionsForNonprivilegedUsers"))
346 {
347 _enableSubscriptionsForNonprivilegedUsers->propertyName = properties[i].propertyName;
348 _enableSubscriptionsForNonprivilegedUsers->defaultValue = properties[i].defaultValue;
349 _enableSubscriptionsForNonprivilegedUsers->currentValue = properties[i].defaultValue;
350 _enableSubscriptionsForNonprivilegedUsers->plannedValue = properties[i].defaultValue;
351 _enableSubscriptionsForNonprivilegedUsers->dynamic = properties[i].dynamic;
352 _enableSubscriptionsForNonprivilegedUsers->domain = properties[i].domain;
353 _enableSubscriptionsForNonprivilegedUsers->domainSize = properties[i].domainSize;
354 _enableSubscriptionsForNonprivilegedUsers->externallyVisible = properties[i].externallyVisible;
355 }
|
356 kumpf 1.33 #ifdef PEGASUS_ENABLE_USERGROUP_AUTHORIZATION
357 else if (String::equalNoCase(properties[i].propertyName, "authorizedUserGroups"))
358 {
359 _authorizedUserGroups->propertyName = properties[i].propertyName;
360 _authorizedUserGroups->defaultValue = properties[i].defaultValue;
361 _authorizedUserGroups->currentValue = properties[i].defaultValue;
362 _authorizedUserGroups->plannedValue = properties[i].defaultValue;
363 _authorizedUserGroups->dynamic = properties[i].dynamic;
364 _authorizedUserGroups->domain = properties[i].domain;
365 _authorizedUserGroups->domainSize = properties[i].domainSize;
366 _authorizedUserGroups->externallyVisible = properties[i].externallyVisible;
367 }
368 #endif
|
369 kumpf 1.32 else if (String::equalNoCase(
370 properties[i].propertyName, "enableSSLExportClientVerification"))
371 {
372 _enableSSLExportClientVerification->propertyName = properties[i].propertyName;
373 _enableSSLExportClientVerification->defaultValue = properties[i].defaultValue;
374 _enableSSLExportClientVerification->currentValue = properties[i].defaultValue;
375 _enableSSLExportClientVerification->plannedValue = properties[i].defaultValue;
376 _enableSSLExportClientVerification->dynamic = properties[i].dynamic;
377 _enableSSLExportClientVerification->domain = properties[i].domain;
378 _enableSSLExportClientVerification->domainSize = properties[i].domainSize;
379 _enableSSLExportClientVerification->externallyVisible = properties[i].externallyVisible;
380 }
|
381 gerarda 1.20 #ifdef PEGASUS_KERBEROS_AUTHENTICATION
382 else if (String::equalNoCase(properties[i].propertyName, "kerberosServiceName"))
383 {
384 _kerberosServiceName->propertyName = properties[i].propertyName;
385 _kerberosServiceName->defaultValue = properties[i].defaultValue;
386 _kerberosServiceName->currentValue = properties[i].defaultValue;
387 _kerberosServiceName->plannedValue = properties[i].defaultValue;
388 _kerberosServiceName->dynamic = properties[i].dynamic;
389 _kerberosServiceName->domain = properties[i].domain;
390 _kerberosServiceName->domainSize = properties[i].domainSize;
391 _kerberosServiceName->externallyVisible = properties[i].externallyVisible;
392 }
393 #endif
|
394 mike 1.2 }
|
395 kumpf 1.3
|
396 mike 1.2 }
397
|
398 kumpf 1.7 struct ConfigProperty* SecurityPropertyOwner::_lookupConfigProperty(
|
399 aruran.ms 1.53 const String& name) const
|
400 mike 1.2 {
|
401 kumpf 1.9 if (String::equalNoCase(_enableAuthentication->propertyName, name))
|
402 mike 1.2 {
|
403 a.arora 1.34 return _enableAuthentication.get();
|
404 mike 1.2 }
|
405 kumpf 1.9 else if (String::equalNoCase(_enableNamespaceAuthorization->propertyName, name))
|
406 mike 1.2 {
|
407 a.arora 1.34 return _enableNamespaceAuthorization.get();
|
408 mike 1.2 }
409 else if (String::equalNoCase(_httpAuthType->propertyName, name))
410 {
|
411 a.arora 1.34 return _httpAuthType.get();
|
412 mike 1.2 }
|
413 kumpf 1.3 else if (String::equalNoCase(_passwordFilePath->propertyName, name))
414 {
|
415 a.arora 1.34 return _passwordFilePath.get();
|
416 kumpf 1.3 }
|
417 kumpf 1.10 else if (String::equalNoCase(_certificateFilePath->propertyName, name))
418 {
|
419 a.arora 1.34 return _certificateFilePath.get();
|
420 kumpf 1.10 }
|
421 kumpf 1.17 else if (String::equalNoCase(_keyFilePath->propertyName, name))
422 {
|
423 a.arora 1.34 return _keyFilePath.get();
|
424 kumpf 1.17 }
|
425 h.sterling 1.31 else if (String::equalNoCase(_trustStore->propertyName, name))
|
426 kumpf 1.18 {
|
427 a.arora 1.34 return _trustStore.get();
|
428 h.sterling 1.31 }
|
429 kumpf 1.32 else if (String::equalNoCase(_exportSSLTrustStore->propertyName, name))
430 {
|
431 a.arora 1.34 return _exportSSLTrustStore.get();
|
432 kumpf 1.32 }
|
433 sushma.fernandes 1.54.2.1 #ifdef PEGASUS_ENABLE_SSL_CRL_VERIFICATION
|
434 h.sterling 1.45 else if (String::equalNoCase(_crlStore->propertyName, name))
435 {
436 return _crlStore.get();
437 }
|
438 sushma.fernandes 1.54.2.1 #endif
|
439 h.sterling 1.31 else if (String::equalNoCase(
440 _sslClientVerificationMode->propertyName, name))
441 {
|
442 a.arora 1.34 return _sslClientVerificationMode.get();
|
443 h.sterling 1.31 }
444 else if (String::equalNoCase(
|
445 h.sterling 1.38 _sslTrustStoreUserName->propertyName, name))
|
446 h.sterling 1.31 {
|
447 h.sterling 1.38 return _sslTrustStoreUserName.get();
|
448 kumpf 1.18 }
|
449 h.sterling 1.31 else if (String::equalNoCase(
|
450 kumpf 1.7 _enableRemotePrivilegedUserAccess->propertyName, name))
|
451 kumpf 1.5 {
|
452 a.arora 1.34 return _enableRemotePrivilegedUserAccess.get();
|
453 kumpf 1.5 }
|
454 kumpf 1.22 else if (String::equalNoCase(
455 _enableSubscriptionsForNonprivilegedUsers->propertyName, name))
456 {
|
457 a.arora 1.34 return _enableSubscriptionsForNonprivilegedUsers.get();
|
458 kumpf 1.22 }
|
459 kumpf 1.33 #ifdef PEGASUS_ENABLE_USERGROUP_AUTHORIZATION
460 else if (String::equalNoCase(_authorizedUserGroups->propertyName, name))
461 {
|
462 a.arora 1.34 return _authorizedUserGroups.get();
|
463 kumpf 1.33 }
464 #endif
|
465 kumpf 1.32 else if (String::equalNoCase(
466 _enableSSLExportClientVerification->propertyName, name))
467 {
|
468 a.arora 1.34 return _enableSSLExportClientVerification.get();
|
469 kumpf 1.32 }
|
470 gerarda 1.20 #ifdef PEGASUS_KERBEROS_AUTHENTICATION
471 else if (String::equalNoCase(_kerberosServiceName->propertyName, name))
472 {
|
473 a.arora 1.34 return _kerberosServiceName.get();
|
474 gerarda 1.20 }
475 #endif
|
476 mike 1.2 else
477 {
478 throw UnrecognizedConfigProperty(name);
479 }
480 }
481
482 /**
|
483 kumpf 1.7 Get information about the specified property.
|
484 mike 1.2 */
|
485 kumpf 1.7 void SecurityPropertyOwner::getPropertyInfo(
486 const String& name,
|
487 vijay.eli 1.52 Array<String>& propertyInfo) const
|
488 mike 1.2 {
|
489 kumpf 1.7 propertyInfo.clear();
|
490 aruran.ms 1.53 struct ConfigProperty * configProperty = _lookupConfigProperty(name);
|
491 kumpf 1.7
492 propertyInfo.append(configProperty->propertyName);
493 propertyInfo.append(configProperty->defaultValue);
494 propertyInfo.append(configProperty->currentValue);
495 propertyInfo.append(configProperty->plannedValue);
496 if (configProperty->dynamic)
|
497 kumpf 1.19 {
498 propertyInfo.append(STRING_TRUE);
499 }
500 else
501 {
502 propertyInfo.append(STRING_FALSE);
503 }
504 if (configProperty->externallyVisible)
|
505 mike 1.2 {
|
506 kumpf 1.7 propertyInfo.append(STRING_TRUE);
|
507 kumpf 1.5 }
|
508 mike 1.2 else
509 {
|
510 kumpf 1.7 propertyInfo.append(STRING_FALSE);
|
511 mike 1.2 }
512 }
513
514 /**
|
515 kumpf 1.7 Get default value of the specified property.
516 */
|
517 vijay.eli 1.52 String SecurityPropertyOwner::getDefaultValue(const String& name) const
|
518 kumpf 1.7 {
|
519 aruran.ms 1.53 struct ConfigProperty * configProperty = _lookupConfigProperty(name);
|
520 kumpf 1.7 return configProperty->defaultValue;
521 }
522
523 /**
|
524 mike 1.2 Get current value of the specified property.
525 */
|
526 vijay.eli 1.52 String SecurityPropertyOwner::getCurrentValue(const String& name) const
|
527 mike 1.2 {
|
528 aruran.ms 1.53 struct ConfigProperty * configProperty = _lookupConfigProperty(name);
|
529 kumpf 1.7 return configProperty->currentValue;
|
530 mike 1.2 }
531
532 /**
533 Get planned value of the specified property.
534 */
|
535 vijay.eli 1.52 String SecurityPropertyOwner::getPlannedValue(const String& name) const
|
536 mike 1.2 {
|
537 aruran.ms 1.53 struct ConfigProperty * configProperty = _lookupConfigProperty(name);
|
538 kumpf 1.7 return configProperty->plannedValue;
|
539 mike 1.2 }
540
541
542 /**
543 Init current value of the specified property to the specified value.
544 */
545 void SecurityPropertyOwner::initCurrentValue(
546 const String& name,
547 const String& value)
548 {
|
549 kumpf 1.7 struct ConfigProperty* configProperty = _lookupConfigProperty(name);
550 configProperty->currentValue = value;
|
551 mike 1.2 }
552
553
554 /**
555 Init planned value of the specified property to the specified value.
556 */
557 void SecurityPropertyOwner::initPlannedValue(
558 const String& name,
559 const String& value)
560 {
|
561 kumpf 1.7 struct ConfigProperty* configProperty = _lookupConfigProperty(name);
562 configProperty->plannedValue = value;
|
563 mike 1.2 }
564
565 /**
566 Update current value of the specified property to the specified value.
567 */
568 void SecurityPropertyOwner::updateCurrentValue(
569 const String& name,
570 const String& value)
571 {
572 //
573 // make sure the property is dynamic before updating the value.
574 //
575 if (!isDynamic(name))
576 {
577 throw NonDynamicConfigProperty(name);
578 }
579
|
580 kumpf 1.7 struct ConfigProperty* configProperty = _lookupConfigProperty(name);
581 configProperty->currentValue = value;
|
582 mike 1.2 }
583
584
585 /**
586 Update planned value of the specified property to the specified value.
587 */
588 void SecurityPropertyOwner::updatePlannedValue(
589 const String& name,
590 const String& value)
591 {
|
592 kumpf 1.7 struct ConfigProperty* configProperty = _lookupConfigProperty(name);
593 configProperty->plannedValue = value;
|
594 mike 1.2 }
595
596 /**
597 Checks to see if the given value is valid or not.
598 */
|
599 vijay.eli 1.52 Boolean SecurityPropertyOwner::isValid(const String& name,
600 const String& value) const
|
601 mike 1.2 {
602 Boolean retVal = false;
|
603 kumpf 1.3
|
604 mike 1.2 //
605 // Validate the specified value
606 //
|
607 kumpf 1.9 if (String::equalNoCase(_enableAuthentication->propertyName, name))
|
608 mike 1.2 {
609 if(String::equal(value, "true") || String::equal(value, "false"))
610 {
611 retVal = true;
612 }
613 }
|
614 kumpf 1.9 else if (String::equalNoCase(_enableNamespaceAuthorization->propertyName, name))
|
615 mike 1.2 {
616 if(String::equal(value, "true") || String::equal(value, "false"))
617 {
618 retVal = true;
619 }
620 }
621 else if (String::equalNoCase(_httpAuthType->propertyName, name))
622 {
|
623 gerarda 1.26 #ifdef PEGASUS_OS_OS400
624 if(String::equal(value, "Basic")
625 #else
|
626 gerarda 1.20 if(String::equal(value, "Basic") || String::equal(value, "Digest")
|
627 gerarda 1.26 #endif
|
628 gerarda 1.20 #ifdef PEGASUS_KERBEROS_AUTHENTICATION
629 || String::equal(value, "Kerberos")
630 #endif
631 )
|
632 mike 1.2 {
633 retVal = true;
634 }
635 }
|
636 kumpf 1.3 else if (String::equalNoCase(_passwordFilePath->propertyName, name))
637 {
638 String fileName(value);
639
|
640 kumpf 1.8 //
641 // Check if the file path is empty
642 //
|
643 kumpf 1.36 if (fileName == String::EMPTY)
|
644 kumpf 1.8 {
645 return false;
646 }
647
|
648 h.sterling 1.41 fileName = ConfigManager::getHomedPath(fileName);
649
|
650 h.sterling 1.42 //
|
651 kumpf 1.3 // Check if the file path is a directory
|
652 h.sterling 1.42 //
|
653 kumpf 1.3 FileSystem::translateSlashes(fileName);
654 if (FileSystem::isDirectory(fileName))
655 {
656 return false;
657 }
658
|
659 h.sterling 1.42 //
|
660 kumpf 1.3 // Check if the file exists and is writable
|
661 h.sterling 1.42 //
|
662 kumpf 1.3 if (FileSystem::exists(fileName))
663 {
664 if (!FileSystem::canWrite(fileName))
665 {
666 return false;
667 }
668 else
669 {
670 return true;
671 }
672 }
673 else
674 {
|
675 h.sterling 1.42 //
|
676 kumpf 1.3 // Check if directory is writable
|
677 h.sterling 1.42 //
|
678 kumpf 1.12 Uint32 pos = fileName.reverseFind('/');
|
679 kumpf 1.3
680 if (pos != PEG_NOT_FOUND)
681 {
682 String dirName = fileName.subString(0,pos);
683 if (!FileSystem::isDirectory(dirName))
684 {
685 return false;
686 }
687 if (!FileSystem::canWrite(dirName) )
688 {
689 return false;
690 }
691 else
692 {
693 return true;
694 }
695 }
696 else
697 {
698 String currentDir;
699
|
700 h.sterling 1.42 //
|
701 kumpf 1.3 // Check if there is permission to write in the
702 // current working directory
|
703 h.sterling 1.42 //
|
704 kumpf 1.3 FileSystem::getCurrentDirectory(currentDir);
705
706 if (!FileSystem::canWrite(currentDir))
707 {
708 return false;
709 }
710 else
711 {
712 return true;
713 }
714 }
715 }
|
716 kumpf 1.10 }
|
717 kumpf 1.17 else if (String::equalNoCase(_certificateFilePath->propertyName, name) ||
|
718 kumpf 1.32 String::equalNoCase(_keyFilePath->propertyName, name))
719 {
720 //
721 // Check if the file path is empty
722 //
|
723 h.sterling 1.42 if (value == String::EMPTY)
|
724 kumpf 1.32 {
725 return false;
726 }
727
|
728 h.sterling 1.42 String fileName = ConfigManager::getHomedPath(value);
|
729 h.sterling 1.41
|
730 kumpf 1.32 //
731 // Check if the file path is a directory
732 //
733 FileSystem::translateSlashes(fileName);
734 if (FileSystem::isDirectory(fileName))
735 {
736 return false;
737 }
738
739 //
740 // Check if the file exists and is readable and is not empty.
741 //
742 if (FileSystem::exists(fileName) && FileSystem::canRead(fileName))
743 {
744 Uint32 size;
745 if (FileSystem::getFileSize(fileName, size))
746 {
747 if (size > 0)
748 {
749 return true;
750 }
751 kumpf 1.32 }
752 }
753
754 return false;
755 }
756 else if (String::equalNoCase(_trustStore->propertyName, name) ||
|
757 sushma.fernandes 1.54.2.1 String::equalNoCase(_exportSSLTrustStore->propertyName, name)
758 #ifdef PEGASUS_ENABLE_SSL_CRL_VERIFICATION
759 || String::equalNoCase(_crlStore->propertyName, name)
760 #endif
761 )
|
762 h.sterling 1.31 {
|
763 kumpf 1.10 //
|
764 h.sterling 1.37 // Allow the exportSSLTrustStore and sslTrustStore file paths to be empty
|
765 kumpf 1.10 //
|
766 h.sterling 1.42 if (value == String::EMPTY)
|
767 kumpf 1.10 {
|
768 kumpf 1.35 return true;
|
769 kumpf 1.10 }
770
|
771 h.sterling 1.42 String fileName = ConfigManager::getHomedPath(value);
|
772 h.sterling 1.41
|
773 kumpf 1.32 //
|
774 kumpf 1.10 // Check if the file path is a directory
|
775 kumpf 1.32 //
|
776 kumpf 1.10 FileSystem::translateSlashes(fileName);
777 if (FileSystem::isDirectory(fileName))
778 {
|
779 h.sterling 1.31 //
780 // Truststore can be a directory, congruent with OpenSSL standards
|
781 kumpf 1.32 // Check if the directoy has read and write permissions
|
782 h.sterling 1.31 //
|
783 kumpf 1.32 if (FileSystem::canRead(fileName) && FileSystem::canWrite(fileName))
|
784 h.sterling 1.31 {
785 return true;
786 }
|
787 kumpf 1.10 }
|
788 kumpf 1.32 //
|
789 kumpf 1.35 // Check if the file exists and is readable
|
790 kumpf 1.32 //
791 else if (FileSystem::exists(fileName) && FileSystem::canRead(fileName))
|
792 kumpf 1.10 {
|
793 kumpf 1.35 return true;
|
794 h.sterling 1.31 }
|
795 kumpf 1.10
|
796 kumpf 1.32 return false;
|
797 kumpf 1.3 }
|
798 h.sterling 1.31 else if (String::equalNoCase(_sslClientVerificationMode->propertyName, name))
799 {
800 if(String::equal(value, "disabled") || String::equal(value, "required") || String::equal(value, "optional"))
801 {
802 retVal = true;
803 }
804 }
|
805 h.sterling 1.38 else if (String::equalNoCase(_sslTrustStoreUserName->propertyName, name))
|
806 h.sterling 1.31 {
|
807 h.sterling 1.38 if (System::isSystemUser((const char*)value.getCString()))
|
808 h.sterling 1.31 {
|
809 h.sterling 1.38 return true;
|
810 h.sterling 1.31 }
811 }
|
812 kumpf 1.5 else if (String::equalNoCase(_enableRemotePrivilegedUserAccess->propertyName, name))
|
813 kumpf 1.22 {
814 if(String::equal(value, "true") || String::equal(value, "false"))
815 {
816 retVal = true;
817 }
818 }
819 else if (String::equalNoCase(_enableSubscriptionsForNonprivilegedUsers->propertyName, name))
|
820 kumpf 1.5 {
821 if(String::equal(value, "true") || String::equal(value, "false"))
822 {
823 retVal = true;
824 }
825 }
|
826 kumpf 1.33 #ifdef PEGASUS_ENABLE_USERGROUP_AUTHORIZATION
827 else if (String::equalNoCase(_authorizedUserGroups->propertyName, name))
828 {
829 retVal = true;
830 }
831 #endif
|
832 kumpf 1.32 else if (String::equalNoCase(_enableSSLExportClientVerification->propertyName, name))
833 {
834 if(String::equal(value, "true") || String::equal(value, "false"))
835 {
836 retVal = true;
837 }
838 }
|
839 gerarda 1.20 #ifdef PEGASUS_KERBEROS_AUTHENTICATION
840 else if (String::equalNoCase(_kerberosServiceName->propertyName, name))
841 {
842 String serviceName(value);
843
844 //
845 // Check if the service name is empty
846 //
847 if (serviceName == String::EMPTY || serviceName== "")
848 {
849 retVal = false;
850 }
851 else
852 {
853 retVal = true;
854 }
855 }
856 #endif
|
857 mike 1.2 else
858 {
859 throw UnrecognizedConfigProperty(name);
860 }
861 return retVal;
862 }
863
864 /**
865 Checks to see if the specified property is dynamic or not.
866 */
|
867 vijay.eli 1.52 Boolean SecurityPropertyOwner::isDynamic(const String& name) const
|
868 mike 1.2 {
|
869 aruran.ms 1.53 struct ConfigProperty * configProperty =_lookupConfigProperty(name);
|
870 vijay.eli 1.52
|
871 konrad.r 1.46 return (configProperty->dynamic==IS_DYNAMIC);
|
872 mike 1.2 }
873
874
875 PEGASUS_NAMESPACE_END
|
Return to
SecurityPropertyOwner.cpp
CVS log
Up to [Pegasus] / pegasus / src / Pegasus / Config