1 karl 1.54 //%2006////////////////////////////////////////////////////////////////////////
|
2 mike 1.2 //
|
3 karl 1.44 // Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development
4 // Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems.
5 // Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.;
|
6 karl 1.24 // IBM Corp.; EMC Corporation, The Open Group.
|
7 karl 1.44 // Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.;
8 // IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group.
|
9 karl 1.47 // Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.;
10 // EMC Corporation; VERITAS Software Corporation; The Open Group.
|
11 karl 1.54 // Copyright (c) 2006 Hewlett-Packard Development Company, L.P.; IBM Corp.;
12 // EMC Corporation; Symantec Corporation; The Open Group.
|
13 mike 1.2 //
14 // Permission is hereby granted, free of charge, to any person obtaining a copy
15 // of this software and associated documentation files (the "Software"), to
16 // deal in the Software without restriction, including without limitation the
17 // rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
18 // sell copies of the Software, and to permit persons to whom the Software is
19 // furnished to do so, subject to the following conditions:
|
20 kumpf 1.11 //
|
21 mike 1.2 // THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN
22 // ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED
23 // "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
24 // LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
25 // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
26 // HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
27 // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
28 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
29 //
30 //==============================================================================
31 //
32 //%/////////////////////////////////////////////////////////////////////////////
33
34
35 ///////////////////////////////////////////////////////////////////////////////
36 //
37 // This file has implementation for the security property owner class.
38 //
39 ///////////////////////////////////////////////////////////////////////////////
40
|
41 kumpf 1.4 #include "ConfigManager.h"
|
42 mike 1.2 #include "SecurityPropertyOwner.h"
|
43 kumpf 1.3 #include <Pegasus/Common/FileSystem.h>
|
44 h.sterling 1.31 #include <Pegasus/Common/System.h>
|
45 mike 1.2
46
47 PEGASUS_USING_STD;
48
49 PEGASUS_NAMESPACE_BEGIN
50
51 ///////////////////////////////////////////////////////////////////////////////
52 // SecurityPropertyOwner
53 ///////////////////////////////////////////////////////////////////////////////
54
55 static struct ConfigPropertyRow properties[] =
56 {
|
57 thilo.boehm 1.57 ///////////////////////////////////////////////////////////////////////////////
58 // For z/OS, the follwing securtiy properties are fixed properties dueto
59 // listed in the FixedPropertyTablezOS.h . Because they are fixed, they
60 // are hidden also:
61 //
62 // enableAuthentication
63 // passwordFilePath
64 // sslCertificateFilePath
65 // sslKeyFilePath
66 // sslTrustStore
67 // crlStore
68 // sslClientVerificationMode
69 // sslTrustStoreUserName
70 // enableNamespaceAuthorization
71 // kerberosServiceName
72 // enableSubscriptionsForNonprivilegedUsers
73 // authorizedUserGroups
74 ///////////////////////////////////////////////////////////////////////////////
75
|
76 david 1.25 #ifdef PEGASUS_OS_OS400
|
77 konrad.r 1.46 {"enableAuthentication", "true", IS_STATIC, 0, 0, IS_VISIBLE},
|
78 david 1.25 #else
|
79 konrad.r 1.46 {"enableAuthentication", "false", IS_STATIC, 0, 0, IS_VISIBLE},
|
80 david 1.25 #endif
|
81 humberto 1.49 //#if defined(PEGASUS_OS_OS400) && defined(PEGASUS_KERBEROS_AUTHENTICATION)
82 // {"httpAuthType", "Kerberos", IS_STATIC, 0, 0, IS_VISIBLE},
83 //#else
|
84 konrad.r 1.46 {"httpAuthType", "Basic", IS_STATIC, 0, 0, IS_VISIBLE},
|
85 humberto 1.49 //#endif
|
86 konrad.r 1.46 {"passwordFilePath", "cimserver.passwd", IS_STATIC, 0, 0, IS_VISIBLE},
|
87 kumpf 1.21 #ifdef PEGASUS_OS_HPUX
|
88 humberto 1.49 {"sslCertificateFilePath", "cert.pem", IS_STATIC, 0, 0, IS_VISIBLE},
|
89 kumpf 1.21 #else
|
90 humberto 1.49 # ifdef PEGASUS_OS_OS400
91 {"sslCertificateFilePath", "ssl/keystore/servercert.pem", IS_STATIC, 0, 0, IS_VISIBLE},
92 # else
|
93 konrad.r 1.46 {"sslCertificateFilePath", "server.pem", IS_STATIC, 0, 0, IS_VISIBLE},
|
94 humberto 1.49 # endif
95 #endif
96 #ifdef PEGASUS_OS_OS400
97 {"sslKeyFilePath", "ssl/keystore/serverkey.pem", IS_STATIC, 0, 0, IS_VISIBLE},
98 #else
99 {"sslKeyFilePath", "file.pem", IS_STATIC, 0, 0, IS_VISIBLE},
100 #endif
101 #ifdef PEGASUS_OS_OS400
102 {"sslTrustStore", "ssl/truststore/", IS_STATIC, 0, 0, IS_VISIBLE},
103 #else
104 {"sslTrustStore", "cimserver_trust", IS_STATIC, 0, 0, IS_VISIBLE},
|
105 kumpf 1.21 #endif
|
106 sushma.fernandes 1.55 #ifdef PEGASUS_ENABLE_SSL_CRL_VERIFICATION
|
107 humberto 1.49 #ifdef PEGASUS_OS_OS400
108 {"crlStore", "ssl/crlstore/", IS_STATIC, 0, 0, IS_VISIBLE},
109 #else
|
110 nag.boranna 1.48 {"crlStore", "crl", IS_STATIC, 0, 0, IS_VISIBLE},
|
111 humberto 1.49 #endif
|
112 sushma.fernandes 1.55 #endif
|
113 humberto 1.49 #ifdef PEGASUS_OS_OS400
114 {"sslClientVerificationMode", "optional", IS_STATIC, 0, 0, IS_VISIBLE},
115 #else
|
116 konrad.r 1.46 {"sslClientVerificationMode", "disabled", IS_STATIC, 0, 0, IS_VISIBLE},
|
117 humberto 1.49 #endif
|
118 nag.boranna 1.48 {"sslTrustStoreUserName", "", IS_STATIC, 0, 0, IS_VISIBLE},
|
119 david 1.25 #ifdef PEGASUS_OS_OS400
|
120 konrad.r 1.46 {"enableNamespaceAuthorization", "true", IS_STATIC, 0, 0, IS_VISIBLE},
|
121 david 1.25 #else
|
122 konrad.r 1.46 {"enableNamespaceAuthorization", "false", IS_STATIC, 0, 0, IS_VISIBLE},
|
123 david 1.25 #endif
|
124 gerarda 1.20 #ifdef PEGASUS_KERBEROS_AUTHENTICATION
|
125 konrad.r 1.46 {"kerberosServiceName", "cimom", IS_STATIC, 0, 0, IS_VISIBLE},
|
126 gerarda 1.20 #endif
|
127 denise.eckstein 1.43 #if defined(PEGASUS_OS_HPUX) || defined(PEGASUS_OS_LINUX)
|
128 kumpf 1.40 # ifdef PEGASUS_USE_RELEASE_CONFIG_OPTIONS
|
129 konrad.r 1.46 {"enableSubscriptionsForNonprivilegedUsers", "false", IS_STATIC, 0, 0, IS_VISIBLE},
|
130 kumpf 1.40 # else
|
131 konrad.r 1.46 {"enableSubscriptionsForNonprivilegedUsers", "true", IS_STATIC, 0, 0, IS_VISIBLE},
|
132 kumpf 1.40 # endif
133 #else
|
134 humberto 1.49 # ifdef PEGASUS_OS_OS400
|
135 humberto 1.50 {"enableSubscriptionsForNonprivilegedUsers", "false", IS_STATIC, 0, 0, IS_VISIBLE},
|
136 humberto 1.49 # else
|
137 konrad.r 1.46 {"enableSubscriptionsForNonprivilegedUsers", "true", IS_STATIC, 0, 0, IS_HIDDEN},
|
138 humberto 1.49 # endif
|
139 kumpf 1.40 #endif
|
140 marek 1.56 #ifdef PEGASUS_OS_ZOS
141 {"enableRemotePrivilegedUserAccess", "false", IS_STATIC, 0, 0, IS_VISIBLE},
142 #else
|
143 konrad.r 1.46 {"enableRemotePrivilegedUserAccess", "true", IS_STATIC, 0, 0, IS_VISIBLE},
|
144 marek 1.56 #endif
|
145 kumpf 1.33 #ifdef PEGASUS_ENABLE_USERGROUP_AUTHORIZATION
|
146 konrad.r 1.46 {"authorizedUserGroups", "", IS_STATIC, 0, 0, IS_VISIBLE},
|
147 kumpf 1.33 #endif
|
148 mike 1.2 };
149
150 const Uint32 NUM_PROPERTIES = sizeof(properties) / sizeof(properties[0]);
151
152
153 /** Constructors */
154 SecurityPropertyOwner::SecurityPropertyOwner()
155 {
|
156 a.arora 1.34 _enableAuthentication.reset(new ConfigProperty());
157 _enableNamespaceAuthorization.reset(new ConfigProperty());
158 _httpAuthType.reset(new ConfigProperty());
159 _passwordFilePath.reset(new ConfigProperty());
160 _certificateFilePath.reset(new ConfigProperty());
161 _keyFilePath.reset(new ConfigProperty());
162 _trustStore.reset(new ConfigProperty());
|
163 sushma.fernandes 1.55 #ifdef PEGASUS_ENABLE_SSL_CRL_VERIFICATION
|
164 h.sterling 1.45 _crlStore.reset(new ConfigProperty());
|
165 sushma.fernandes 1.55 #endif
|
166 a.arora 1.34 _sslClientVerificationMode.reset(new ConfigProperty());
|
167 h.sterling 1.38 _sslTrustStoreUserName.reset(new ConfigProperty());
|
168 a.arora 1.34 _enableRemotePrivilegedUserAccess.reset(new ConfigProperty());
169 _enableSubscriptionsForNonprivilegedUsers.reset(new ConfigProperty());
|
170 kumpf 1.33 #ifdef PEGASUS_ENABLE_USERGROUP_AUTHORIZATION
|
171 a.arora 1.34 _authorizedUserGroups.reset(new ConfigProperty());
|
172 kumpf 1.33 #endif
|
173 gerarda 1.20 #ifdef PEGASUS_KERBEROS_AUTHENTICATION
|
174 a.arora 1.34 _kerberosServiceName.reset(new ConfigProperty());
|
175 gerarda 1.20 #endif
|
176 mike 1.2 }
177
178
179 /**
180 Initialize the config properties.
181 */
182 void SecurityPropertyOwner::initialize()
183 {
184 for (Uint32 i = 0; i < NUM_PROPERTIES; i++)
185 {
186 //
187 // Initialize the properties with default values
188 //
189 if (String::equalNoCase(
|
190 kumpf 1.9 properties[i].propertyName, "enableAuthentication"))
|
191 mike 1.2 {
|
192 kumpf 1.9 _enableAuthentication->propertyName = properties[i].propertyName;
193 _enableAuthentication->defaultValue = properties[i].defaultValue;
194 _enableAuthentication->currentValue = properties[i].defaultValue;
195 _enableAuthentication->plannedValue = properties[i].defaultValue;
196 _enableAuthentication->dynamic = properties[i].dynamic;
197 _enableAuthentication->domain = properties[i].domain;
198 _enableAuthentication->domainSize = properties[i].domainSize;
|
199 kumpf 1.19 _enableAuthentication->externallyVisible = properties[i].externallyVisible;
|
200 mike 1.2 }
201 else if (String::equalNoCase(
|
202 kumpf 1.9 properties[i].propertyName, "enableNamespaceAuthorization"))
|
203 mike 1.2 {
|
204 kumpf 1.9 _enableNamespaceAuthorization->propertyName = properties[i].propertyName;
205 _enableNamespaceAuthorization->defaultValue = properties[i].defaultValue;
206 _enableNamespaceAuthorization->currentValue = properties[i].defaultValue;
207 _enableNamespaceAuthorization->plannedValue = properties[i].defaultValue;
208 _enableNamespaceAuthorization->dynamic = properties[i].dynamic;
209 _enableNamespaceAuthorization->domain = properties[i].domain;
210 _enableNamespaceAuthorization->domainSize = properties[i].domainSize;
|
211 kumpf 1.19 _enableNamespaceAuthorization->externallyVisible = properties[i].externallyVisible;
|
212 mike 1.2 }
213 else if (String::equalNoCase(properties[i].propertyName, "httpAuthType"))
214 {
215 _httpAuthType->propertyName = properties[i].propertyName;
216 _httpAuthType->defaultValue = properties[i].defaultValue;
217 _httpAuthType->currentValue = properties[i].defaultValue;
218 _httpAuthType->plannedValue = properties[i].defaultValue;
219 _httpAuthType->dynamic = properties[i].dynamic;
220 _httpAuthType->domain = properties[i].domain;
221 _httpAuthType->domainSize = properties[i].domainSize;
|
222 kumpf 1.19 _httpAuthType->externallyVisible = properties[i].externallyVisible;
|
223 mike 1.2 }
|
224 kumpf 1.3 else if (String::equalNoCase(
225 properties[i].propertyName,
226 "passwordFilePath"))
227 {
228 _passwordFilePath->propertyName = properties[i].propertyName;
229 _passwordFilePath->defaultValue = properties[i].defaultValue;
|
230 kumpf 1.36 _passwordFilePath->currentValue = properties[i].defaultValue;
|
231 kumpf 1.3 _passwordFilePath->plannedValue = properties[i].defaultValue;
232 _passwordFilePath->dynamic = properties[i].dynamic;
233 _passwordFilePath->domain = properties[i].domain;
234 _passwordFilePath->domainSize = properties[i].domainSize;
|
235 kumpf 1.19 _passwordFilePath->externallyVisible = properties[i].externallyVisible;
|
236 kumpf 1.3 }
|
237 kumpf 1.5 else if (String::equalNoCase(
|
238 kumpf 1.10 properties[i].propertyName,
239 "sslCertificateFilePath"))
240 {
241 _certificateFilePath->propertyName = properties[i].propertyName;
242 _certificateFilePath->defaultValue = properties[i].defaultValue;
|
243 kumpf 1.36 _certificateFilePath->currentValue = properties[i].defaultValue;
|
244 kumpf 1.10 _certificateFilePath->plannedValue = properties[i].defaultValue;
245 _certificateFilePath->dynamic = properties[i].dynamic;
246 _certificateFilePath->domain = properties[i].domain;
247 _certificateFilePath->domainSize = properties[i].domainSize;
|
248 kumpf 1.19 _certificateFilePath->externallyVisible = properties[i].externallyVisible;
|
249 kumpf 1.10 }
250 else if (String::equalNoCase(
|
251 kumpf 1.17 properties[i].propertyName,
|
252 kumpf 1.18 "sslKeyFilePath"))
|
253 kumpf 1.17 {
254 _keyFilePath->propertyName = properties[i].propertyName;
255 _keyFilePath->defaultValue = properties[i].defaultValue;
|
256 kumpf 1.36 _keyFilePath->currentValue = properties[i].defaultValue;
|
257 kumpf 1.17 _keyFilePath->plannedValue = properties[i].defaultValue;
258 _keyFilePath->dynamic = properties[i].dynamic;
259 _keyFilePath->domain = properties[i].domain;
260 _keyFilePath->domainSize = properties[i].domainSize;
|
261 kumpf 1.19 _keyFilePath->externallyVisible = properties[i].externallyVisible;
|
262 kumpf 1.17 }
263 else if (String::equalNoCase(
|
264 kumpf 1.18 properties[i].propertyName,
|
265 h.sterling 1.31 "sslTrustStore"))
|
266 kumpf 1.18 {
|
267 h.sterling 1.31 _trustStore->propertyName = properties[i].propertyName;
268 _trustStore->defaultValue = properties[i].defaultValue;
|
269 kumpf 1.35 _trustStore->currentValue = properties[i].defaultValue;
|
270 h.sterling 1.31 _trustStore->plannedValue = properties[i].defaultValue;
271 _trustStore->dynamic = properties[i].dynamic;
272 _trustStore->domain = properties[i].domain;
273 _trustStore->domainSize = properties[i].domainSize;
274 _trustStore->externallyVisible = properties[i].externallyVisible;
|
275 kumpf 1.18
|
276 h.sterling 1.31 // do not initialize trustpath; a truststore is not required for SSL handshakes
277 // a server may wish to connect on HTTPS but not verify clients
|
278 kumpf 1.18 }
|
279 sushma.fernandes 1.55 #ifdef PEGASUS_ENABLE_SSL_CRL_VERIFICATION
|
280 h.sterling 1.31 else if (String::equalNoCase(
|
281 h.sterling 1.45 properties[i].propertyName,
282 "crlStore"))
283 {
284 _crlStore->propertyName = properties[i].propertyName;
285 _crlStore->defaultValue = properties[i].defaultValue;
286 _crlStore->currentValue = properties[i].defaultValue;
287 _crlStore->plannedValue = properties[i].defaultValue;
288 _crlStore->dynamic = properties[i].dynamic;
289 _crlStore->domain = properties[i].domain;
290 _crlStore->domainSize = properties[i].domainSize;
291 _crlStore->externallyVisible = properties[i].externallyVisible;
292
293 }
|
294 sushma.fernandes 1.55 #endif
|
295 h.sterling 1.45 else if (String::equalNoCase(
|
296 h.sterling 1.31 properties[i].propertyName, "sslClientVerificationMode"))
297 {
298 _sslClientVerificationMode->propertyName = properties[i].propertyName;
299 _sslClientVerificationMode->defaultValue = properties[i].defaultValue;
300 _sslClientVerificationMode->currentValue = properties[i].defaultValue;
301 _sslClientVerificationMode->plannedValue = properties[i].defaultValue;
302 _sslClientVerificationMode->dynamic = properties[i].dynamic;
303 _sslClientVerificationMode->domain = properties[i].domain;
304 _sslClientVerificationMode->domainSize = properties[i].domainSize;
305 _sslClientVerificationMode->externallyVisible = properties[i].externallyVisible;
306 }
307 else if (String::equalNoCase(
|
308 h.sterling 1.38 properties[i].propertyName, "sslTrustStoreUserName"))
309 {
310 _sslTrustStoreUserName->propertyName = properties[i].propertyName;
311 _sslTrustStoreUserName->defaultValue = properties[i].defaultValue;
312 _sslTrustStoreUserName->currentValue = properties[i].defaultValue;
313 _sslTrustStoreUserName->plannedValue = properties[i].defaultValue;
314 _sslTrustStoreUserName->dynamic = properties[i].dynamic;
315 _sslTrustStoreUserName->domain = properties[i].domain;
316 _sslTrustStoreUserName->domainSize = properties[i].domainSize;
317 _sslTrustStoreUserName->externallyVisible = properties[i].externallyVisible;
318 }
|
319 kumpf 1.18 else if (String::equalNoCase(
|
320 kumpf 1.5 properties[i].propertyName, "enableRemotePrivilegedUserAccess"))
321 {
322 _enableRemotePrivilegedUserAccess->propertyName = properties[i].propertyName;
323 _enableRemotePrivilegedUserAccess->defaultValue = properties[i].defaultValue;
324 _enableRemotePrivilegedUserAccess->currentValue = properties[i].defaultValue;
325 _enableRemotePrivilegedUserAccess->plannedValue = properties[i].defaultValue;
326 _enableRemotePrivilegedUserAccess->dynamic = properties[i].dynamic;
327 _enableRemotePrivilegedUserAccess->domain = properties[i].domain;
328 _enableRemotePrivilegedUserAccess->domainSize = properties[i].domainSize;
|
329 kumpf 1.19 _enableRemotePrivilegedUserAccess->externallyVisible = properties[i].externallyVisible;
|
330 kumpf 1.5 }
|
331 kumpf 1.22 else if (String::equalNoCase(
332 properties[i].propertyName, "enableSubscriptionsForNonprivilegedUsers"))
333 {
334 _enableSubscriptionsForNonprivilegedUsers->propertyName = properties[i].propertyName;
335 _enableSubscriptionsForNonprivilegedUsers->defaultValue = properties[i].defaultValue;
336 _enableSubscriptionsForNonprivilegedUsers->currentValue = properties[i].defaultValue;
337 _enableSubscriptionsForNonprivilegedUsers->plannedValue = properties[i].defaultValue;
338 _enableSubscriptionsForNonprivilegedUsers->dynamic = properties[i].dynamic;
339 _enableSubscriptionsForNonprivilegedUsers->domain = properties[i].domain;
340 _enableSubscriptionsForNonprivilegedUsers->domainSize = properties[i].domainSize;
341 _enableSubscriptionsForNonprivilegedUsers->externallyVisible = properties[i].externallyVisible;
342 }
|
343 kumpf 1.33 #ifdef PEGASUS_ENABLE_USERGROUP_AUTHORIZATION
344 else if (String::equalNoCase(properties[i].propertyName, "authorizedUserGroups"))
345 {
346 _authorizedUserGroups->propertyName = properties[i].propertyName;
347 _authorizedUserGroups->defaultValue = properties[i].defaultValue;
348 _authorizedUserGroups->currentValue = properties[i].defaultValue;
349 _authorizedUserGroups->plannedValue = properties[i].defaultValue;
350 _authorizedUserGroups->dynamic = properties[i].dynamic;
351 _authorizedUserGroups->domain = properties[i].domain;
352 _authorizedUserGroups->domainSize = properties[i].domainSize;
353 _authorizedUserGroups->externallyVisible = properties[i].externallyVisible;
354 }
355 #endif
|
356 gerarda 1.20 #ifdef PEGASUS_KERBEROS_AUTHENTICATION
357 else if (String::equalNoCase(properties[i].propertyName, "kerberosServiceName"))
358 {
359 _kerberosServiceName->propertyName = properties[i].propertyName;
360 _kerberosServiceName->defaultValue = properties[i].defaultValue;
361 _kerberosServiceName->currentValue = properties[i].defaultValue;
362 _kerberosServiceName->plannedValue = properties[i].defaultValue;
363 _kerberosServiceName->dynamic = properties[i].dynamic;
364 _kerberosServiceName->domain = properties[i].domain;
365 _kerberosServiceName->domainSize = properties[i].domainSize;
366 _kerberosServiceName->externallyVisible = properties[i].externallyVisible;
367 }
368 #endif
|
369 mike 1.2 }
|
370 kumpf 1.3
|
371 mike 1.2 }
372
|
373 kumpf 1.7 struct ConfigProperty* SecurityPropertyOwner::_lookupConfigProperty(
|
374 aruran.ms 1.53 const String& name) const
|
375 mike 1.2 {
|
376 kumpf 1.9 if (String::equalNoCase(_enableAuthentication->propertyName, name))
|
377 mike 1.2 {
|
378 a.arora 1.34 return _enableAuthentication.get();
|
379 mike 1.2 }
|
380 kumpf 1.9 else if (String::equalNoCase(_enableNamespaceAuthorization->propertyName, name))
|
381 mike 1.2 {
|
382 a.arora 1.34 return _enableNamespaceAuthorization.get();
|
383 mike 1.2 }
384 else if (String::equalNoCase(_httpAuthType->propertyName, name))
385 {
|
386 a.arora 1.34 return _httpAuthType.get();
|
387 mike 1.2 }
|
388 kumpf 1.3 else if (String::equalNoCase(_passwordFilePath->propertyName, name))
389 {
|
390 a.arora 1.34 return _passwordFilePath.get();
|
391 kumpf 1.3 }
|
392 kumpf 1.10 else if (String::equalNoCase(_certificateFilePath->propertyName, name))
393 {
|
394 a.arora 1.34 return _certificateFilePath.get();
|
395 kumpf 1.10 }
|
396 kumpf 1.17 else if (String::equalNoCase(_keyFilePath->propertyName, name))
397 {
|
398 a.arora 1.34 return _keyFilePath.get();
|
399 kumpf 1.17 }
|
400 h.sterling 1.31 else if (String::equalNoCase(_trustStore->propertyName, name))
|
401 kumpf 1.18 {
|
402 a.arora 1.34 return _trustStore.get();
|
403 h.sterling 1.31 }
|
404 sushma.fernandes 1.55 #ifdef PEGASUS_ENABLE_SSL_CRL_VERIFICATION
|
405 h.sterling 1.45 else if (String::equalNoCase(_crlStore->propertyName, name))
406 {
407 return _crlStore.get();
408 }
|
409 sushma.fernandes 1.55 #endif
|
410 h.sterling 1.31 else if (String::equalNoCase(
411 _sslClientVerificationMode->propertyName, name))
412 {
|
413 a.arora 1.34 return _sslClientVerificationMode.get();
|
414 h.sterling 1.31 }
415 else if (String::equalNoCase(
|
416 h.sterling 1.38 _sslTrustStoreUserName->propertyName, name))
|
417 h.sterling 1.31 {
|
418 h.sterling 1.38 return _sslTrustStoreUserName.get();
|
419 kumpf 1.18 }
|
420 h.sterling 1.31 else if (String::equalNoCase(
|
421 kumpf 1.7 _enableRemotePrivilegedUserAccess->propertyName, name))
|
422 kumpf 1.5 {
|
423 a.arora 1.34 return _enableRemotePrivilegedUserAccess.get();
|
424 kumpf 1.5 }
|
425 kumpf 1.22 else if (String::equalNoCase(
426 _enableSubscriptionsForNonprivilegedUsers->propertyName, name))
427 {
|
428 a.arora 1.34 return _enableSubscriptionsForNonprivilegedUsers.get();
|
429 kumpf 1.22 }
|
430 kumpf 1.33 #ifdef PEGASUS_ENABLE_USERGROUP_AUTHORIZATION
431 else if (String::equalNoCase(_authorizedUserGroups->propertyName, name))
432 {
|
433 a.arora 1.34 return _authorizedUserGroups.get();
|
434 kumpf 1.33 }
435 #endif
|
436 gerarda 1.20 #ifdef PEGASUS_KERBEROS_AUTHENTICATION
437 else if (String::equalNoCase(_kerberosServiceName->propertyName, name))
438 {
|
439 a.arora 1.34 return _kerberosServiceName.get();
|
440 gerarda 1.20 }
441 #endif
|
442 mike 1.2 else
443 {
444 throw UnrecognizedConfigProperty(name);
445 }
446 }
447
448 /**
|
449 kumpf 1.7 Get information about the specified property.
|
450 mike 1.2 */
|
451 kumpf 1.7 void SecurityPropertyOwner::getPropertyInfo(
452 const String& name,
|
453 vijay.eli 1.52 Array<String>& propertyInfo) const
|
454 mike 1.2 {
|
455 kumpf 1.7 propertyInfo.clear();
|
456 aruran.ms 1.53 struct ConfigProperty * configProperty = _lookupConfigProperty(name);
|
457 kumpf 1.7
458 propertyInfo.append(configProperty->propertyName);
459 propertyInfo.append(configProperty->defaultValue);
460 propertyInfo.append(configProperty->currentValue);
461 propertyInfo.append(configProperty->plannedValue);
462 if (configProperty->dynamic)
|
463 kumpf 1.19 {
464 propertyInfo.append(STRING_TRUE);
465 }
466 else
467 {
468 propertyInfo.append(STRING_FALSE);
469 }
470 if (configProperty->externallyVisible)
|
471 mike 1.2 {
|
472 kumpf 1.7 propertyInfo.append(STRING_TRUE);
|
473 kumpf 1.5 }
|
474 mike 1.2 else
475 {
|
476 kumpf 1.7 propertyInfo.append(STRING_FALSE);
|
477 mike 1.2 }
478 }
479
480 /**
|
481 kumpf 1.7 Get default value of the specified property.
482 */
|
483 vijay.eli 1.52 String SecurityPropertyOwner::getDefaultValue(const String& name) const
|
484 kumpf 1.7 {
|
485 aruran.ms 1.53 struct ConfigProperty * configProperty = _lookupConfigProperty(name);
|
486 kumpf 1.7 return configProperty->defaultValue;
487 }
488
489 /**
|
490 mike 1.2 Get current value of the specified property.
491 */
|
492 vijay.eli 1.52 String SecurityPropertyOwner::getCurrentValue(const String& name) const
|
493 mike 1.2 {
|
494 aruran.ms 1.53 struct ConfigProperty * configProperty = _lookupConfigProperty(name);
|
495 kumpf 1.7 return configProperty->currentValue;
|
496 mike 1.2 }
497
498 /**
499 Get planned value of the specified property.
500 */
|
501 vijay.eli 1.52 String SecurityPropertyOwner::getPlannedValue(const String& name) const
|
502 mike 1.2 {
|
503 aruran.ms 1.53 struct ConfigProperty * configProperty = _lookupConfigProperty(name);
|
504 kumpf 1.7 return configProperty->plannedValue;
|
505 mike 1.2 }
506
507
508 /**
509 Init current value of the specified property to the specified value.
510 */
511 void SecurityPropertyOwner::initCurrentValue(
512 const String& name,
513 const String& value)
514 {
|
515 kumpf 1.7 struct ConfigProperty* configProperty = _lookupConfigProperty(name);
516 configProperty->currentValue = value;
|
517 mike 1.2 }
518
519
520 /**
521 Init planned value of the specified property to the specified value.
522 */
523 void SecurityPropertyOwner::initPlannedValue(
524 const String& name,
525 const String& value)
526 {
|
527 kumpf 1.7 struct ConfigProperty* configProperty = _lookupConfigProperty(name);
528 configProperty->plannedValue = value;
|
529 mike 1.2 }
530
531 /**
532 Update current value of the specified property to the specified value.
533 */
534 void SecurityPropertyOwner::updateCurrentValue(
535 const String& name,
536 const String& value)
537 {
538 //
539 // make sure the property is dynamic before updating the value.
540 //
541 if (!isDynamic(name))
542 {
543 throw NonDynamicConfigProperty(name);
544 }
545
|
546 kumpf 1.7 struct ConfigProperty* configProperty = _lookupConfigProperty(name);
547 configProperty->currentValue = value;
|
548 mike 1.2 }
549
550
551 /**
552 Update planned value of the specified property to the specified value.
553 */
554 void SecurityPropertyOwner::updatePlannedValue(
555 const String& name,
556 const String& value)
557 {
|
558 kumpf 1.7 struct ConfigProperty* configProperty = _lookupConfigProperty(name);
559 configProperty->plannedValue = value;
|
560 mike 1.2 }
561
562 /**
563 Checks to see if the given value is valid or not.
564 */
|
565 vijay.eli 1.52 Boolean SecurityPropertyOwner::isValid(const String& name,
566 const String& value) const
|
567 mike 1.2 {
568 Boolean retVal = false;
|
569 kumpf 1.3
|
570 mike 1.2 //
571 // Validate the specified value
572 //
|
573 kumpf 1.9 if (String::equalNoCase(_enableAuthentication->propertyName, name))
|
574 mike 1.2 {
575 if(String::equal(value, "true") || String::equal(value, "false"))
576 {
577 retVal = true;
578 }
579 }
|
580 kumpf 1.9 else if (String::equalNoCase(_enableNamespaceAuthorization->propertyName, name))
|
581 mike 1.2 {
582 if(String::equal(value, "true") || String::equal(value, "false"))
583 {
584 retVal = true;
585 }
586 }
587 else if (String::equalNoCase(_httpAuthType->propertyName, name))
588 {
|
589 gerarda 1.26 #ifdef PEGASUS_OS_OS400
590 if(String::equal(value, "Basic")
591 #else
|
592 gerarda 1.20 if(String::equal(value, "Basic") || String::equal(value, "Digest")
|
593 gerarda 1.26 #endif
|
594 gerarda 1.20 #ifdef PEGASUS_KERBEROS_AUTHENTICATION
595 || String::equal(value, "Kerberos")
596 #endif
597 )
|
598 mike 1.2 {
599 retVal = true;
600 }
601 }
|
602 kumpf 1.3 else if (String::equalNoCase(_passwordFilePath->propertyName, name))
603 {
604 String fileName(value);
605
|
606 kumpf 1.8 //
607 // Check if the file path is empty
608 //
|
609 kumpf 1.36 if (fileName == String::EMPTY)
|
610 kumpf 1.8 {
611 return false;
612 }
613
|
614 h.sterling 1.41 fileName = ConfigManager::getHomedPath(fileName);
615
|
616 h.sterling 1.42 //
|
617 kumpf 1.3 // Check if the file path is a directory
|
618 h.sterling 1.42 //
|
619 kumpf 1.3 FileSystem::translateSlashes(fileName);
620 if (FileSystem::isDirectory(fileName))
621 {
622 return false;
623 }
624
|
625 h.sterling 1.42 //
|
626 kumpf 1.3 // Check if the file exists and is writable
|
627 h.sterling 1.42 //
|
628 kumpf 1.3 if (FileSystem::exists(fileName))
629 {
630 if (!FileSystem::canWrite(fileName))
631 {
632 return false;
633 }
634 else
635 {
636 return true;
637 }
638 }
639 else
640 {
|
641 h.sterling 1.42 //
|
642 kumpf 1.3 // Check if directory is writable
|
643 h.sterling 1.42 //
|
644 kumpf 1.12 Uint32 pos = fileName.reverseFind('/');
|
645 kumpf 1.3
646 if (pos != PEG_NOT_FOUND)
647 {
648 String dirName = fileName.subString(0,pos);
649 if (!FileSystem::isDirectory(dirName))
650 {
651 return false;
652 }
653 if (!FileSystem::canWrite(dirName) )
654 {
655 return false;
656 }
657 else
658 {
659 return true;
660 }
661 }
662 else
663 {
664 String currentDir;
665
|
666 h.sterling 1.42 //
|
667 kumpf 1.3 // Check if there is permission to write in the
668 // current working directory
|
669 h.sterling 1.42 //
|
670 kumpf 1.3 FileSystem::getCurrentDirectory(currentDir);
671
672 if (!FileSystem::canWrite(currentDir))
673 {
674 return false;
675 }
676 else
677 {
678 return true;
679 }
680 }
681 }
|
682 kumpf 1.10 }
|
683 kumpf 1.17 else if (String::equalNoCase(_certificateFilePath->propertyName, name) ||
|
684 kumpf 1.32 String::equalNoCase(_keyFilePath->propertyName, name))
685 {
686 //
687 // Check if the file path is empty
688 //
|
689 h.sterling 1.42 if (value == String::EMPTY)
|
690 kumpf 1.32 {
691 return false;
692 }
693
|
694 h.sterling 1.42 String fileName = ConfigManager::getHomedPath(value);
|
695 h.sterling 1.41
|
696 kumpf 1.32 //
697 // Check if the file path is a directory
698 //
699 FileSystem::translateSlashes(fileName);
700 if (FileSystem::isDirectory(fileName))
701 {
702 return false;
703 }
704
705 //
706 // Check if the file exists and is readable and is not empty.
707 //
708 if (FileSystem::exists(fileName) && FileSystem::canRead(fileName))
709 {
710 Uint32 size;
711 if (FileSystem::getFileSize(fileName, size))
712 {
713 if (size > 0)
714 {
715 return true;
716 }
717 kumpf 1.32 }
718 }
719
720 return false;
721 }
|
722 sushma.fernandes 1.58 else if (String::equalNoCase(_trustStore->propertyName, name)
|
723 sushma.fernandes 1.55 #ifdef PEGASUS_ENABLE_SSL_CRL_VERIFICATION
724 || String::equalNoCase(_crlStore->propertyName, name)
725 #endif
726 )
|
727 h.sterling 1.31 {
|
728 kumpf 1.10 //
|
729 sushma.fernandes 1.58 // Allow the file path to be empty
|
730 kumpf 1.10 //
|
731 h.sterling 1.42 if (value == String::EMPTY)
|
732 kumpf 1.10 {
|
733 kumpf 1.35 return true;
|
734 kumpf 1.10 }
735
|
736 sushma.fernandes 1.58 String fileName = ConfigManager::getHomedPath(value);
|
737 h.sterling 1.41
|
738 kumpf 1.32 //
|
739 kumpf 1.10 // Check if the file path is a directory
|
740 kumpf 1.32 //
|
741 kumpf 1.10 FileSystem::translateSlashes(fileName);
742 if (FileSystem::isDirectory(fileName))
743 {
|
744 h.sterling 1.31 //
745 // Truststore can be a directory, congruent with OpenSSL standards
|
746 kumpf 1.32 // Check if the directoy has read and write permissions
|
747 h.sterling 1.31 //
|
748 kumpf 1.32 if (FileSystem::canRead(fileName) && FileSystem::canWrite(fileName))
|
749 h.sterling 1.31 {
750 return true;
751 }
|
752 kumpf 1.10 }
|
753 kumpf 1.32 //
|
754 kumpf 1.35 // Check if the file exists and is readable
|
755 kumpf 1.32 //
756 else if (FileSystem::exists(fileName) && FileSystem::canRead(fileName))
|
757 kumpf 1.10 {
|
758 kumpf 1.35 return true;
|
759 h.sterling 1.31 }
|
760 kumpf 1.10
|
761 kumpf 1.32 return false;
|
762 kumpf 1.3 }
|
763 h.sterling 1.31 else if (String::equalNoCase(_sslClientVerificationMode->propertyName, name))
764 {
765 if(String::equal(value, "disabled") || String::equal(value, "required") || String::equal(value, "optional"))
766 {
767 retVal = true;
768 }
769 }
|
770 h.sterling 1.38 else if (String::equalNoCase(_sslTrustStoreUserName->propertyName, name))
|
771 h.sterling 1.31 {
|
772 h.sterling 1.38 if (System::isSystemUser((const char*)value.getCString()))
|
773 h.sterling 1.31 {
|
774 h.sterling 1.38 return true;
|
775 h.sterling 1.31 }
776 }
|
777 kumpf 1.5 else if (String::equalNoCase(_enableRemotePrivilegedUserAccess->propertyName, name))
|
778 kumpf 1.22 {
779 if(String::equal(value, "true") || String::equal(value, "false"))
780 {
781 retVal = true;
782 }
783 }
784 else if (String::equalNoCase(_enableSubscriptionsForNonprivilegedUsers->propertyName, name))
|
785 kumpf 1.5 {
786 if(String::equal(value, "true") || String::equal(value, "false"))
787 {
788 retVal = true;
789 }
790 }
|
791 kumpf 1.33 #ifdef PEGASUS_ENABLE_USERGROUP_AUTHORIZATION
792 else if (String::equalNoCase(_authorizedUserGroups->propertyName, name))
793 {
794 retVal = true;
795 }
796 #endif
|
797 gerarda 1.20 #ifdef PEGASUS_KERBEROS_AUTHENTICATION
798 else if (String::equalNoCase(_kerberosServiceName->propertyName, name))
799 {
800 String serviceName(value);
801
802 //
803 // Check if the service name is empty
804 //
805 if (serviceName == String::EMPTY || serviceName== "")
806 {
807 retVal = false;
808 }
809 else
810 {
811 retVal = true;
812 }
813 }
814 #endif
|
815 mike 1.2 else
816 {
817 throw UnrecognizedConfigProperty(name);
818 }
819 return retVal;
820 }
821
822 /**
823 Checks to see if the specified property is dynamic or not.
824 */
|
825 vijay.eli 1.52 Boolean SecurityPropertyOwner::isDynamic(const String& name) const
|
826 mike 1.2 {
|
827 aruran.ms 1.53 struct ConfigProperty * configProperty =_lookupConfigProperty(name);
|
828 vijay.eli 1.52
|
829 konrad.r 1.46 return (configProperty->dynamic==IS_DYNAMIC);
|
830 mike 1.2 }
831
832
833 PEGASUS_NAMESPACE_END
|
Return to
SecurityPropertyOwner.cpp
CVS log
Up to [Pegasus] / pegasus / src / Pegasus / Config