1 karl 1.54 //%2006////////////////////////////////////////////////////////////////////////
|
2 mike 1.2 //
|
3 karl 1.44 // Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development
4 // Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems.
5 // Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.;
|
6 karl 1.24 // IBM Corp.; EMC Corporation, The Open Group.
|
7 karl 1.44 // Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.;
8 // IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group.
|
9 karl 1.47 // Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.;
10 // EMC Corporation; VERITAS Software Corporation; The Open Group.
|
11 karl 1.54 // Copyright (c) 2006 Hewlett-Packard Development Company, L.P.; IBM Corp.;
12 // EMC Corporation; Symantec Corporation; The Open Group.
|
13 mike 1.2 //
14 // Permission is hereby granted, free of charge, to any person obtaining a copy
15 // of this software and associated documentation files (the "Software"), to
16 // deal in the Software without restriction, including without limitation the
17 // rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
18 // sell copies of the Software, and to permit persons to whom the Software is
19 // furnished to do so, subject to the following conditions:
|
20 kumpf 1.11 //
|
21 mike 1.2 // THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN
22 // ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED
23 // "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
24 // LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
25 // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
26 // HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
27 // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
28 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
29 //
30 //==============================================================================
31 //
32 //%/////////////////////////////////////////////////////////////////////////////
33
34
35 ///////////////////////////////////////////////////////////////////////////////
|
36 kumpf 1.59 //
|
37 mike 1.2 // This file has implementation for the security property owner class.
38 //
39 ///////////////////////////////////////////////////////////////////////////////
40
|
41 kumpf 1.4 #include "ConfigManager.h"
|
42 mike 1.2 #include "SecurityPropertyOwner.h"
|
43 kumpf 1.3 #include <Pegasus/Common/FileSystem.h>
|
44 h.sterling 1.31 #include <Pegasus/Common/System.h>
|
45 mike 1.2
46
47 PEGASUS_USING_STD;
48
49 PEGASUS_NAMESPACE_BEGIN
50
51 ///////////////////////////////////////////////////////////////////////////////
52 // SecurityPropertyOwner
53 ///////////////////////////////////////////////////////////////////////////////
54
55 static struct ConfigPropertyRow properties[] =
56 {
|
57 thilo.boehm 1.57 ///////////////////////////////////////////////////////////////////////////////
|
58 kumpf 1.59 // For z/OS, the follwing securtiy properties are fixed properties due to
59 // listed in the FixedPropertyTablezOS.h . Because they are fixed, they
|
60 thilo.boehm 1.57 // are hidden also:
|
61 kumpf 1.59 //
62 // enableAuthentication
63 // passwordFilePath
64 // sslCertificateFilePath
65 // sslKeyFilePath
66 // sslTrustStore
67 // crlStore
68 // sslClientVerificationMode
69 // sslTrustStoreUserName
70 // enableNamespaceAuthorization
71 // kerberosServiceName
72 // enableSubscriptionsForNonprivilegedUsers
73 // authorizedUserGroups
|
74 thilo.boehm 1.57 ///////////////////////////////////////////////////////////////////////////////
75
|
76 david 1.25 #ifdef PEGASUS_OS_OS400
|
77 konrad.r 1.46 {"enableAuthentication", "true", IS_STATIC, 0, 0, IS_VISIBLE},
|
78 david 1.25 #else
|
79 konrad.r 1.46 {"enableAuthentication", "false", IS_STATIC, 0, 0, IS_VISIBLE},
|
80 david 1.25 #endif
|
81 humberto 1.49 //#if defined(PEGASUS_OS_OS400) && defined(PEGASUS_KERBEROS_AUTHENTICATION)
82 // {"httpAuthType", "Kerberos", IS_STATIC, 0, 0, IS_VISIBLE},
83 //#else
|
84 konrad.r 1.46 {"httpAuthType", "Basic", IS_STATIC, 0, 0, IS_VISIBLE},
|
85 humberto 1.49 //#endif
|
86 konrad.r 1.46 {"passwordFilePath", "cimserver.passwd", IS_STATIC, 0, 0, IS_VISIBLE},
|
87 kumpf 1.21 #ifdef PEGASUS_OS_HPUX
|
88 humberto 1.49 {"sslCertificateFilePath", "cert.pem", IS_STATIC, 0, 0, IS_VISIBLE},
|
89 kumpf 1.21 #else
|
90 humberto 1.49 # ifdef PEGASUS_OS_OS400
|
91 kumpf 1.59 {"sslCertificateFilePath",
92 "ssl/keystore/servercert.pem", IS_STATIC, 0, 0, IS_VISIBLE},
|
93 humberto 1.49 # else
|
94 kumpf 1.59 {"sslCertificateFilePath", "server.pem", IS_STATIC, 0, 0, IS_VISIBLE},
|
95 humberto 1.49 # endif
96 #endif
97 #ifdef PEGASUS_OS_OS400
|
98 kumpf 1.59 {"sslKeyFilePath",
99 "ssl/keystore/serverkey.pem", IS_STATIC, 0, 0, IS_VISIBLE},
|
100 humberto 1.49 #else
101 {"sslKeyFilePath", "file.pem", IS_STATIC, 0, 0, IS_VISIBLE},
102 #endif
103 #ifdef PEGASUS_OS_OS400
104 {"sslTrustStore", "ssl/truststore/", IS_STATIC, 0, 0, IS_VISIBLE},
105 #else
106 {"sslTrustStore", "cimserver_trust", IS_STATIC, 0, 0, IS_VISIBLE},
|
107 kumpf 1.21 #endif
|
108 sushma.fernandes 1.55 #ifdef PEGASUS_ENABLE_SSL_CRL_VERIFICATION
|
109 kumpf 1.59 # ifdef PEGASUS_OS_OS400
|
110 humberto 1.49 {"crlStore", "ssl/crlstore/", IS_STATIC, 0, 0, IS_VISIBLE},
|
111 kumpf 1.59 # else
|
112 nag.boranna 1.48 {"crlStore", "crl", IS_STATIC, 0, 0, IS_VISIBLE},
|
113 kumpf 1.59 # endif
|
114 sushma.fernandes 1.55 #endif
|
115 humberto 1.49 #ifdef PEGASUS_OS_OS400
116 {"sslClientVerificationMode", "optional", IS_STATIC, 0, 0, IS_VISIBLE},
117 #else
|
118 konrad.r 1.46 {"sslClientVerificationMode", "disabled", IS_STATIC, 0, 0, IS_VISIBLE},
|
119 humberto 1.49 #endif
|
120 nag.boranna 1.48 {"sslTrustStoreUserName", "", IS_STATIC, 0, 0, IS_VISIBLE},
|
121 david 1.25 #ifdef PEGASUS_OS_OS400
|
122 konrad.r 1.46 {"enableNamespaceAuthorization", "true", IS_STATIC, 0, 0, IS_VISIBLE},
|
123 david 1.25 #else
|
124 konrad.r 1.46 {"enableNamespaceAuthorization", "false", IS_STATIC, 0, 0, IS_VISIBLE},
|
125 david 1.25 #endif
|
126 gerarda 1.20 #ifdef PEGASUS_KERBEROS_AUTHENTICATION
|
127 konrad.r 1.46 {"kerberosServiceName", "cimom", IS_STATIC, 0, 0, IS_VISIBLE},
|
128 gerarda 1.20 #endif
|
129 denise.eckstein 1.43 #if defined(PEGASUS_OS_HPUX) || defined(PEGASUS_OS_LINUX)
|
130 kumpf 1.40 # ifdef PEGASUS_USE_RELEASE_CONFIG_OPTIONS
|
131 kumpf 1.59 {"enableSubscriptionsForNonprivilegedUsers",
132 "false", IS_STATIC, 0, 0, IS_VISIBLE},
|
133 kumpf 1.40 # else
|
134 kumpf 1.59 {"enableSubscriptionsForNonprivilegedUsers",
135 "true", IS_STATIC, 0, 0, IS_VISIBLE},
|
136 kumpf 1.40 # endif
137 #else
|
138 humberto 1.49 # ifdef PEGASUS_OS_OS400
|
139 kumpf 1.59 {"enableSubscriptionsForNonprivilegedUsers",
140 "false", IS_STATIC, 0, 0, IS_VISIBLE},
|
141 humberto 1.49 # else
|
142 kumpf 1.59 {"enableSubscriptionsForNonprivilegedUsers",
143 "true", IS_STATIC, 0, 0, IS_HIDDEN},
|
144 humberto 1.49 # endif
|
145 kumpf 1.40 #endif
|
146 marek 1.56 #ifdef PEGASUS_OS_ZOS
147 {"enableRemotePrivilegedUserAccess", "false", IS_STATIC, 0, 0, IS_VISIBLE},
148 #else
|
149 konrad.r 1.46 {"enableRemotePrivilegedUserAccess", "true", IS_STATIC, 0, 0, IS_VISIBLE},
|
150 marek 1.56 #endif
|
151 kumpf 1.33 #ifdef PEGASUS_ENABLE_USERGROUP_AUTHORIZATION
|
152 konrad.r 1.46 {"authorizedUserGroups", "", IS_STATIC, 0, 0, IS_VISIBLE},
|
153 kumpf 1.33 #endif
|
154 mike 1.2 };
155
156 const Uint32 NUM_PROPERTIES = sizeof(properties) / sizeof(properties[0]);
157
158
159 /** Constructors */
160 SecurityPropertyOwner::SecurityPropertyOwner()
161 {
|
162 a.arora 1.34 _enableAuthentication.reset(new ConfigProperty());
163 _enableNamespaceAuthorization.reset(new ConfigProperty());
164 _httpAuthType.reset(new ConfigProperty());
165 _passwordFilePath.reset(new ConfigProperty());
166 _certificateFilePath.reset(new ConfigProperty());
167 _keyFilePath.reset(new ConfigProperty());
168 _trustStore.reset(new ConfigProperty());
|
169 sushma.fernandes 1.55 #ifdef PEGASUS_ENABLE_SSL_CRL_VERIFICATION
|
170 kumpf 1.59 _crlStore.reset(new ConfigProperty());
|
171 sushma.fernandes 1.55 #endif
|
172 a.arora 1.34 _sslClientVerificationMode.reset(new ConfigProperty());
|
173 h.sterling 1.38 _sslTrustStoreUserName.reset(new ConfigProperty());
|
174 a.arora 1.34 _enableRemotePrivilegedUserAccess.reset(new ConfigProperty());
175 _enableSubscriptionsForNonprivilegedUsers.reset(new ConfigProperty());
|
176 kumpf 1.33 #ifdef PEGASUS_ENABLE_USERGROUP_AUTHORIZATION
|
177 a.arora 1.34 _authorizedUserGroups.reset(new ConfigProperty());
|
178 kumpf 1.33 #endif
|
179 gerarda 1.20 #ifdef PEGASUS_KERBEROS_AUTHENTICATION
|
180 kumpf 1.59 _kerberosServiceName.reset(new ConfigProperty());
|
181 gerarda 1.20 #endif
|
182 mike 1.2 }
183
184
185 /**
|
186 kumpf 1.59 Initialize the config properties.
|
187 mike 1.2 */
188 void SecurityPropertyOwner::initialize()
189 {
190 for (Uint32 i = 0; i < NUM_PROPERTIES; i++)
191 {
192 //
193 // Initialize the properties with default values
194 //
195 if (String::equalNoCase(
|
196 kumpf 1.9 properties[i].propertyName, "enableAuthentication"))
|
197 mike 1.2 {
|
198 kumpf 1.9 _enableAuthentication->propertyName = properties[i].propertyName;
199 _enableAuthentication->defaultValue = properties[i].defaultValue;
200 _enableAuthentication->currentValue = properties[i].defaultValue;
201 _enableAuthentication->plannedValue = properties[i].defaultValue;
202 _enableAuthentication->dynamic = properties[i].dynamic;
203 _enableAuthentication->domain = properties[i].domain;
204 _enableAuthentication->domainSize = properties[i].domainSize;
|
205 kumpf 1.59 _enableAuthentication->externallyVisible =
206 properties[i].externallyVisible;
|
207 mike 1.2 }
208 else if (String::equalNoCase(
|
209 kumpf 1.9 properties[i].propertyName, "enableNamespaceAuthorization"))
|
210 mike 1.2 {
|
211 kumpf 1.59 _enableNamespaceAuthorization->propertyName =
212 properties[i].propertyName;
213 _enableNamespaceAuthorization->defaultValue =
214 properties[i].defaultValue;
215 _enableNamespaceAuthorization->currentValue =
216 properties[i].defaultValue;
217 _enableNamespaceAuthorization->plannedValue =
218 properties[i].defaultValue;
|
219 kumpf 1.9 _enableNamespaceAuthorization->dynamic = properties[i].dynamic;
220 _enableNamespaceAuthorization->domain = properties[i].domain;
|
221 kumpf 1.59 _enableNamespaceAuthorization->domainSize =
222 properties[i].domainSize;
223 _enableNamespaceAuthorization->externallyVisible =
224 properties[i].externallyVisible;
|
225 mike 1.2 }
|
226 kumpf 1.59 else if (String::equalNoCase(
227 properties[i].propertyName, "httpAuthType"))
|
228 mike 1.2 {
229 _httpAuthType->propertyName = properties[i].propertyName;
230 _httpAuthType->defaultValue = properties[i].defaultValue;
231 _httpAuthType->currentValue = properties[i].defaultValue;
232 _httpAuthType->plannedValue = properties[i].defaultValue;
233 _httpAuthType->dynamic = properties[i].dynamic;
234 _httpAuthType->domain = properties[i].domain;
235 _httpAuthType->domainSize = properties[i].domainSize;
|
236 kumpf 1.19 _httpAuthType->externallyVisible = properties[i].externallyVisible;
|
237 mike 1.2 }
|
238 kumpf 1.3 else if (String::equalNoCase(
|
239 kumpf 1.59 properties[i].propertyName, "passwordFilePath"))
|
240 kumpf 1.3 {
241 _passwordFilePath->propertyName = properties[i].propertyName;
242 _passwordFilePath->defaultValue = properties[i].defaultValue;
|
243 kumpf 1.36 _passwordFilePath->currentValue = properties[i].defaultValue;
|
244 kumpf 1.3 _passwordFilePath->plannedValue = properties[i].defaultValue;
245 _passwordFilePath->dynamic = properties[i].dynamic;
246 _passwordFilePath->domain = properties[i].domain;
247 _passwordFilePath->domainSize = properties[i].domainSize;
|
248 kumpf 1.59 _passwordFilePath->externallyVisible =
249 properties[i].externallyVisible;
|
250 kumpf 1.3 }
|
251 kumpf 1.5 else if (String::equalNoCase(
|
252 kumpf 1.59 properties[i].propertyName, "sslCertificateFilePath"))
253 {
|
254 kumpf 1.10 _certificateFilePath->propertyName = properties[i].propertyName;
255 _certificateFilePath->defaultValue = properties[i].defaultValue;
|
256 kumpf 1.36 _certificateFilePath->currentValue = properties[i].defaultValue;
|
257 kumpf 1.10 _certificateFilePath->plannedValue = properties[i].defaultValue;
258 _certificateFilePath->dynamic = properties[i].dynamic;
259 _certificateFilePath->domain = properties[i].domain;
260 _certificateFilePath->domainSize = properties[i].domainSize;
|
261 kumpf 1.59 _certificateFilePath->externallyVisible =
262 properties[i].externallyVisible;
263 }
|
264 kumpf 1.10 else if (String::equalNoCase(
|
265 kumpf 1.59 properties[i].propertyName, "sslKeyFilePath"))
266 {
|
267 kumpf 1.17 _keyFilePath->propertyName = properties[i].propertyName;
268 _keyFilePath->defaultValue = properties[i].defaultValue;
|
269 kumpf 1.36 _keyFilePath->currentValue = properties[i].defaultValue;
|
270 kumpf 1.17 _keyFilePath->plannedValue = properties[i].defaultValue;
271 _keyFilePath->dynamic = properties[i].dynamic;
272 _keyFilePath->domain = properties[i].domain;
273 _keyFilePath->domainSize = properties[i].domainSize;
|
274 kumpf 1.19 _keyFilePath->externallyVisible = properties[i].externallyVisible;
|
275 kumpf 1.59 }
|
276 kumpf 1.17 else if (String::equalNoCase(
|
277 kumpf 1.59 properties[i].propertyName, "sslTrustStore"))
278 {
|
279 h.sterling 1.31 _trustStore->propertyName = properties[i].propertyName;
280 _trustStore->defaultValue = properties[i].defaultValue;
|
281 kumpf 1.35 _trustStore->currentValue = properties[i].defaultValue;
|
282 h.sterling 1.31 _trustStore->plannedValue = properties[i].defaultValue;
283 _trustStore->dynamic = properties[i].dynamic;
284 _trustStore->domain = properties[i].domain;
285 _trustStore->domainSize = properties[i].domainSize;
286 _trustStore->externallyVisible = properties[i].externallyVisible;
|
287 kumpf 1.18
|
288 kumpf 1.59 // do not initialize trustpath; a truststore is not required
289 // for SSL handshakes a server may wish to connect on HTTPS
290 // but not verify clients
291 }
|
292 sushma.fernandes 1.55 #ifdef PEGASUS_ENABLE_SSL_CRL_VERIFICATION
|
293 h.sterling 1.31 else if (String::equalNoCase(
|
294 kumpf 1.59 properties[i].propertyName, "crlStore"))
295 {
|
296 h.sterling 1.45 _crlStore->propertyName = properties[i].propertyName;
297 _crlStore->defaultValue = properties[i].defaultValue;
298 _crlStore->currentValue = properties[i].defaultValue;
299 _crlStore->plannedValue = properties[i].defaultValue;
300 _crlStore->dynamic = properties[i].dynamic;
301 _crlStore->domain = properties[i].domain;
302 _crlStore->domainSize = properties[i].domainSize;
303 _crlStore->externallyVisible = properties[i].externallyVisible;
304
|
305 kumpf 1.59 }
|
306 sushma.fernandes 1.55 #endif
|
307 h.sterling 1.45 else if (String::equalNoCase(
|
308 kumpf 1.59 properties[i].propertyName, "sslClientVerificationMode"))
|
309 h.sterling 1.31 {
|
310 kumpf 1.59 _sslClientVerificationMode->propertyName =
311 properties[i].propertyName;
312 _sslClientVerificationMode->defaultValue =
313 properties[i].defaultValue;
314 _sslClientVerificationMode->currentValue =
315 properties[i].defaultValue;
316 _sslClientVerificationMode->plannedValue =
317 properties[i].defaultValue;
|
318 h.sterling 1.31 _sslClientVerificationMode->dynamic = properties[i].dynamic;
319 _sslClientVerificationMode->domain = properties[i].domain;
320 _sslClientVerificationMode->domainSize = properties[i].domainSize;
|
321 kumpf 1.59 _sslClientVerificationMode->externallyVisible =
322 properties[i].externallyVisible;
|
323 h.sterling 1.31 }
324 else if (String::equalNoCase(
|
325 kumpf 1.59 properties[i].propertyName, "sslTrustStoreUserName"))
|
326 h.sterling 1.38 {
327 _sslTrustStoreUserName->propertyName = properties[i].propertyName;
328 _sslTrustStoreUserName->defaultValue = properties[i].defaultValue;
329 _sslTrustStoreUserName->currentValue = properties[i].defaultValue;
330 _sslTrustStoreUserName->plannedValue = properties[i].defaultValue;
331 _sslTrustStoreUserName->dynamic = properties[i].dynamic;
332 _sslTrustStoreUserName->domain = properties[i].domain;
333 _sslTrustStoreUserName->domainSize = properties[i].domainSize;
|
334 kumpf 1.59 _sslTrustStoreUserName->externallyVisible =
335 properties[i].externallyVisible;
|
336 h.sterling 1.38 }
|
337 kumpf 1.18 else if (String::equalNoCase(
|
338 kumpf 1.5 properties[i].propertyName, "enableRemotePrivilegedUserAccess"))
339 {
|
340 kumpf 1.59 _enableRemotePrivilegedUserAccess->propertyName =
341 properties[i].propertyName;
342 _enableRemotePrivilegedUserAccess->defaultValue =
343 properties[i].defaultValue;
344 _enableRemotePrivilegedUserAccess->currentValue =
345 properties[i].defaultValue;
346 _enableRemotePrivilegedUserAccess->plannedValue =
347 properties[i].defaultValue;
|
348 kumpf 1.5 _enableRemotePrivilegedUserAccess->dynamic = properties[i].dynamic;
349 _enableRemotePrivilegedUserAccess->domain = properties[i].domain;
|
350 kumpf 1.59 _enableRemotePrivilegedUserAccess->domainSize =
351 properties[i].domainSize;
352 _enableRemotePrivilegedUserAccess->externallyVisible =
353 properties[i].externallyVisible;
354 }
355 else if (String::equalNoCase(properties[i].propertyName,
356 "enableSubscriptionsForNonprivilegedUsers"))
357 {
358 _enableSubscriptionsForNonprivilegedUsers->propertyName =
359 properties[i].propertyName;
360 _enableSubscriptionsForNonprivilegedUsers->defaultValue =
361 properties[i].defaultValue;
362 _enableSubscriptionsForNonprivilegedUsers->currentValue =
363 properties[i].defaultValue;
364 _enableSubscriptionsForNonprivilegedUsers->plannedValue =
365 properties[i].defaultValue;
366 _enableSubscriptionsForNonprivilegedUsers->dynamic =
367 properties[i].dynamic;
368 _enableSubscriptionsForNonprivilegedUsers->domain =
369 properties[i].domain;
370 _enableSubscriptionsForNonprivilegedUsers->domainSize =
371 kumpf 1.59 properties[i].domainSize;
372 _enableSubscriptionsForNonprivilegedUsers->externallyVisible =
373 properties[i].externallyVisible;
|
374 kumpf 1.5 }
|
375 kumpf 1.59 #ifdef PEGASUS_ENABLE_USERGROUP_AUTHORIZATION
|
376 kumpf 1.22 else if (String::equalNoCase(
|
377 kumpf 1.59 properties[i].propertyName, "authorizedUserGroups"))
|
378 kumpf 1.33 {
379 _authorizedUserGroups->propertyName = properties[i].propertyName;
380 _authorizedUserGroups->defaultValue = properties[i].defaultValue;
381 _authorizedUserGroups->currentValue = properties[i].defaultValue;
382 _authorizedUserGroups->plannedValue = properties[i].defaultValue;
383 _authorizedUserGroups->dynamic = properties[i].dynamic;
384 _authorizedUserGroups->domain = properties[i].domain;
385 _authorizedUserGroups->domainSize = properties[i].domainSize;
|
386 kumpf 1.59 _authorizedUserGroups->externallyVisible =
387 properties[i].externallyVisible;
|
388 kumpf 1.33 }
389 #endif
|
390 gerarda 1.20 #ifdef PEGASUS_KERBEROS_AUTHENTICATION
|
391 kumpf 1.59 else if (String::equalNoCase(
392 properties[i].propertyName, "kerberosServiceName"))
|
393 gerarda 1.20 {
394 _kerberosServiceName->propertyName = properties[i].propertyName;
395 _kerberosServiceName->defaultValue = properties[i].defaultValue;
396 _kerberosServiceName->currentValue = properties[i].defaultValue;
397 _kerberosServiceName->plannedValue = properties[i].defaultValue;
398 _kerberosServiceName->dynamic = properties[i].dynamic;
399 _kerberosServiceName->domain = properties[i].domain;
400 _kerberosServiceName->domainSize = properties[i].domainSize;
|
401 kumpf 1.59 _kerberosServiceName->externallyVisible =
402 properties[i].externallyVisible;
|
403 gerarda 1.20 }
404 #endif
|
405 mike 1.2 }
|
406 kumpf 1.3
|
407 mike 1.2 }
408
|
409 kumpf 1.7 struct ConfigProperty* SecurityPropertyOwner::_lookupConfigProperty(
|
410 aruran.ms 1.53 const String& name) const
|
411 mike 1.2 {
|
412 kumpf 1.9 if (String::equalNoCase(_enableAuthentication->propertyName, name))
|
413 mike 1.2 {
|
414 a.arora 1.34 return _enableAuthentication.get();
|
415 mike 1.2 }
|
416 kumpf 1.59 else if (String::equalNoCase(
417 _enableNamespaceAuthorization->propertyName, name))
|
418 mike 1.2 {
|
419 a.arora 1.34 return _enableNamespaceAuthorization.get();
|
420 mike 1.2 }
421 else if (String::equalNoCase(_httpAuthType->propertyName, name))
422 {
|
423 a.arora 1.34 return _httpAuthType.get();
|
424 mike 1.2 }
|
425 kumpf 1.3 else if (String::equalNoCase(_passwordFilePath->propertyName, name))
426 {
|
427 a.arora 1.34 return _passwordFilePath.get();
|
428 kumpf 1.3 }
|
429 kumpf 1.10 else if (String::equalNoCase(_certificateFilePath->propertyName, name))
|
430 kumpf 1.59 {
|
431 a.arora 1.34 return _certificateFilePath.get();
|
432 kumpf 1.10 }
|
433 kumpf 1.17 else if (String::equalNoCase(_keyFilePath->propertyName, name))
|
434 kumpf 1.59 {
|
435 a.arora 1.34 return _keyFilePath.get();
|
436 kumpf 1.17 }
|
437 h.sterling 1.31 else if (String::equalNoCase(_trustStore->propertyName, name))
|
438 kumpf 1.59 {
|
439 a.arora 1.34 return _trustStore.get();
|
440 h.sterling 1.31 }
|
441 sushma.fernandes 1.55 #ifdef PEGASUS_ENABLE_SSL_CRL_VERIFICATION
|
442 kumpf 1.59 else if (String::equalNoCase(_crlStore->propertyName, name))
|
443 h.sterling 1.45 {
444 return _crlStore.get();
445 }
|
446 sushma.fernandes 1.55 #endif
|
447 h.sterling 1.31 else if (String::equalNoCase(
448 _sslClientVerificationMode->propertyName, name))
449 {
|
450 a.arora 1.34 return _sslClientVerificationMode.get();
|
451 h.sterling 1.31 }
452 else if (String::equalNoCase(
|
453 h.sterling 1.38 _sslTrustStoreUserName->propertyName, name))
|
454 h.sterling 1.31 {
|
455 h.sterling 1.38 return _sslTrustStoreUserName.get();
|
456 kumpf 1.18 }
|
457 h.sterling 1.31 else if (String::equalNoCase(
|
458 kumpf 1.7 _enableRemotePrivilegedUserAccess->propertyName, name))
|
459 kumpf 1.5 {
|
460 a.arora 1.34 return _enableRemotePrivilegedUserAccess.get();
|
461 kumpf 1.5 }
|
462 kumpf 1.22 else if (String::equalNoCase(
463 _enableSubscriptionsForNonprivilegedUsers->propertyName, name))
464 {
|
465 a.arora 1.34 return _enableSubscriptionsForNonprivilegedUsers.get();
|
466 kumpf 1.22 }
|
467 kumpf 1.33 #ifdef PEGASUS_ENABLE_USERGROUP_AUTHORIZATION
468 else if (String::equalNoCase(_authorizedUserGroups->propertyName, name))
469 {
|
470 a.arora 1.34 return _authorizedUserGroups.get();
|
471 kumpf 1.33 }
472 #endif
|
473 gerarda 1.20 #ifdef PEGASUS_KERBEROS_AUTHENTICATION
474 else if (String::equalNoCase(_kerberosServiceName->propertyName, name))
475 {
|
476 a.arora 1.34 return _kerberosServiceName.get();
|
477 gerarda 1.20 }
478 #endif
|
479 mike 1.2 else
480 {
481 throw UnrecognizedConfigProperty(name);
482 }
483 }
484
|
485 kumpf 1.59 /**
486 Get information about the specified property.
|
487 mike 1.2 */
|
488 kumpf 1.7 void SecurityPropertyOwner::getPropertyInfo(
|
489 kumpf 1.59 const String& name,
|
490 vijay.eli 1.52 Array<String>& propertyInfo) const
|
491 mike 1.2 {
|
492 kumpf 1.7 propertyInfo.clear();
|
493 aruran.ms 1.53 struct ConfigProperty * configProperty = _lookupConfigProperty(name);
|
494 kumpf 1.7
495 propertyInfo.append(configProperty->propertyName);
496 propertyInfo.append(configProperty->defaultValue);
497 propertyInfo.append(configProperty->currentValue);
498 propertyInfo.append(configProperty->plannedValue);
499 if (configProperty->dynamic)
|
500 kumpf 1.19 {
501 propertyInfo.append(STRING_TRUE);
502 }
503 else
504 {
505 propertyInfo.append(STRING_FALSE);
506 }
507 if (configProperty->externallyVisible)
|
508 mike 1.2 {
|
509 kumpf 1.7 propertyInfo.append(STRING_TRUE);
|
510 kumpf 1.5 }
|
511 mike 1.2 else
512 {
|
513 kumpf 1.7 propertyInfo.append(STRING_FALSE);
|
514 mike 1.2 }
515 }
516
|
517 kumpf 1.59 /**
518 Get default value of the specified property.
|
519 kumpf 1.7 */
|
520 vijay.eli 1.52 String SecurityPropertyOwner::getDefaultValue(const String& name) const
|
521 kumpf 1.7 {
|
522 aruran.ms 1.53 struct ConfigProperty * configProperty = _lookupConfigProperty(name);
|
523 kumpf 1.7 return configProperty->defaultValue;
524 }
525
|
526 kumpf 1.59 /**
527 Get current value of the specified property.
|
528 mike 1.2 */
|
529 vijay.eli 1.52 String SecurityPropertyOwner::getCurrentValue(const String& name) const
|
530 mike 1.2 {
|
531 aruran.ms 1.53 struct ConfigProperty * configProperty = _lookupConfigProperty(name);
|
532 kumpf 1.7 return configProperty->currentValue;
|
533 mike 1.2 }
534
|
535 kumpf 1.59 /**
536 Get planned value of the specified property.
|
537 mike 1.2 */
|
538 vijay.eli 1.52 String SecurityPropertyOwner::getPlannedValue(const String& name) const
|
539 mike 1.2 {
|
540 aruran.ms 1.53 struct ConfigProperty * configProperty = _lookupConfigProperty(name);
|
541 kumpf 1.7 return configProperty->plannedValue;
|
542 mike 1.2 }
543
544
|
545 kumpf 1.59 /**
546 Init current value of the specified property to the specified value.
|
547 mike 1.2 */
548 void SecurityPropertyOwner::initCurrentValue(
|
549 kumpf 1.59 const String& name,
|
550 mike 1.2 const String& value)
551 {
|
552 kumpf 1.7 struct ConfigProperty* configProperty = _lookupConfigProperty(name);
553 configProperty->currentValue = value;
|
554 mike 1.2 }
555
556
|
557 kumpf 1.59 /**
558 Init planned value of the specified property to the specified value.
|
559 mike 1.2 */
560 void SecurityPropertyOwner::initPlannedValue(
|
561 kumpf 1.59 const String& name,
|
562 mike 1.2 const String& value)
563 {
|
564 kumpf 1.7 struct ConfigProperty* configProperty = _lookupConfigProperty(name);
565 configProperty->plannedValue = value;
|
566 mike 1.2 }
567
|
568 kumpf 1.59 /**
569 Update current value of the specified property to the specified value.
|
570 mike 1.2 */
571 void SecurityPropertyOwner::updateCurrentValue(
|
572 kumpf 1.59 const String& name,
573 const String& value)
|
574 mike 1.2 {
575 //
576 // make sure the property is dynamic before updating the value.
577 //
578 if (!isDynamic(name))
579 {
|
580 kumpf 1.59 throw NonDynamicConfigProperty(name);
|
581 mike 1.2 }
582
|
583 kumpf 1.7 struct ConfigProperty* configProperty = _lookupConfigProperty(name);
584 configProperty->currentValue = value;
|
585 mike 1.2 }
586
587
|
588 kumpf 1.59 /**
589 Update planned value of the specified property to the specified value.
|
590 mike 1.2 */
591 void SecurityPropertyOwner::updatePlannedValue(
|
592 kumpf 1.59 const String& name,
|
593 mike 1.2 const String& value)
594 {
|
595 kumpf 1.7 struct ConfigProperty* configProperty = _lookupConfigProperty(name);
596 configProperty->plannedValue = value;
|
597 mike 1.2 }
598
|
599 kumpf 1.59 /**
600 Checks to see if the given value is valid or not.
|
601 mike 1.2 */
|
602 kumpf 1.59 Boolean SecurityPropertyOwner::isValid(
603 const String& name,
604 const String& value) const
|
605 mike 1.2 {
606 Boolean retVal = false;
|
607 kumpf 1.3
|
608 mike 1.2 //
609 // Validate the specified value
610 //
|
611 kumpf 1.9 if (String::equalNoCase(_enableAuthentication->propertyName, name))
|
612 mike 1.2 {
|
613 kumpf 1.59 if (String::equal(value, "true") || String::equal(value, "false"))
|
614 mike 1.2 {
615 retVal = true;
616 }
617 }
|
618 kumpf 1.59 else if (String::equalNoCase(
619 _enableNamespaceAuthorization->propertyName, name))
|
620 mike 1.2 {
|
621 kumpf 1.59 if (String::equal(value, "true") || String::equal(value, "false"))
|
622 mike 1.2 {
623 retVal = true;
624 }
625 }
626 else if (String::equalNoCase(_httpAuthType->propertyName, name))
627 {
|
628 gerarda 1.26 #ifdef PEGASUS_OS_OS400
|
629 kumpf 1.59 if (String::equal(value, "Basic")
|
630 gerarda 1.26 #else
|
631 kumpf 1.59 if (String::equal(value, "Basic") || String::equal(value, "Digest")
|
632 gerarda 1.26 #endif
|
633 gerarda 1.20 #ifdef PEGASUS_KERBEROS_AUTHENTICATION
|
634 kumpf 1.59 || String::equal(value, "Kerberos")
|
635 gerarda 1.20 #endif
636 )
|
637 mike 1.2 {
638 retVal = true;
639 }
640 }
|
641 kumpf 1.3 else if (String::equalNoCase(_passwordFilePath->propertyName, name))
642 {
|
643 kumpf 1.59 String fileName(value);
|
644 kumpf 1.3
|
645 kumpf 1.8 //
646 // Check if the file path is empty
647 //
|
648 kumpf 1.36 if (fileName == String::EMPTY)
|
649 kumpf 1.8 {
650 return false;
651 }
652
|
653 kumpf 1.59 fileName = ConfigManager::getHomedPath(fileName);
|
654 h.sterling 1.41
|
655 kumpf 1.59 //
|
656 kumpf 1.3 // Check if the file path is a directory
|
657 kumpf 1.59 //
|
658 kumpf 1.3 FileSystem::translateSlashes(fileName);
659 if (FileSystem::isDirectory(fileName))
660 {
661 return false;
662 }
663
|
664 kumpf 1.59 //
|
665 kumpf 1.3 // Check if the file exists and is writable
|
666 kumpf 1.59 //
|
667 kumpf 1.3 if (FileSystem::exists(fileName))
668 {
669 if (!FileSystem::canWrite(fileName))
670 {
671 return false;
672 }
673 else
674 {
675 return true;
676 }
677 }
678 else
679 {
|
680 kumpf 1.59 //
|
681 kumpf 1.3 // Check if directory is writable
|
682 kumpf 1.59 //
|
683 kumpf 1.12 Uint32 pos = fileName.reverseFind('/');
|
684 kumpf 1.3
685 if (pos != PEG_NOT_FOUND)
686 {
687 String dirName = fileName.subString(0,pos);
688 if (!FileSystem::isDirectory(dirName))
689 {
690 return false;
691 }
692 if (!FileSystem::canWrite(dirName) )
693 {
694 return false;
695 }
696 else
697 {
698 return true;
699 }
700 }
701 else
702 {
703 String currentDir;
704
|
705 kumpf 1.59 //
706 // Check if there is permission to write in the
|
707 kumpf 1.3 // current working directory
|
708 kumpf 1.59 //
|
709 kumpf 1.3 FileSystem::getCurrentDirectory(currentDir);
710
711 if (!FileSystem::canWrite(currentDir))
712 {
713 return false;
714 }
715 else
716 {
717 return true;
718 }
719 }
720 }
|
721 kumpf 1.10 }
|
722 kumpf 1.17 else if (String::equalNoCase(_certificateFilePath->propertyName, name) ||
|
723 kumpf 1.32 String::equalNoCase(_keyFilePath->propertyName, name))
724 {
725 //
726 // Check if the file path is empty
727 //
|
728 h.sterling 1.42 if (value == String::EMPTY)
|
729 kumpf 1.32 {
730 return false;
731 }
732
|
733 kumpf 1.59 String fileName = ConfigManager::getHomedPath(value);
|
734 h.sterling 1.41
|
735 kumpf 1.32 //
736 // Check if the file path is a directory
737 //
738 FileSystem::translateSlashes(fileName);
739 if (FileSystem::isDirectory(fileName))
740 {
741 return false;
742 }
743
744 //
745 // Check if the file exists and is readable and is not empty.
746 //
747 if (FileSystem::exists(fileName) && FileSystem::canRead(fileName))
748 {
749 Uint32 size;
750 if (FileSystem::getFileSize(fileName, size))
751 {
752 if (size > 0)
753 {
754 return true;
755 }
756 kumpf 1.32 }
757 }
758
759 return false;
760 }
|
761 kumpf 1.59 else if (String::equalNoCase(_trustStore->propertyName, name)
|
762 sushma.fernandes 1.55 #ifdef PEGASUS_ENABLE_SSL_CRL_VERIFICATION
|
763 kumpf 1.59 || String::equalNoCase(_crlStore->propertyName, name)
|
764 sushma.fernandes 1.55 #endif
765 )
|
766 h.sterling 1.31 {
|
767 kumpf 1.10 //
|
768 sushma.fernandes 1.58 // Allow the file path to be empty
|
769 kumpf 1.10 //
|
770 h.sterling 1.42 if (value == String::EMPTY)
|
771 kumpf 1.10 {
|
772 kumpf 1.35 return true;
|
773 kumpf 1.10 }
774
|
775 kumpf 1.59 String fileName = ConfigManager::getHomedPath(value);
|
776 h.sterling 1.41
|
777 kumpf 1.32 //
|
778 kumpf 1.10 // Check if the file path is a directory
|
779 kumpf 1.32 //
|
780 kumpf 1.10 FileSystem::translateSlashes(fileName);
781 if (FileSystem::isDirectory(fileName))
782 {
|
783 h.sterling 1.31 //
784 // Truststore can be a directory, congruent with OpenSSL standards
|
785 kumpf 1.32 // Check if the directoy has read and write permissions
|
786 h.sterling 1.31 //
|
787 kumpf 1.59 if (FileSystem::canRead(fileName) && FileSystem::canWrite(fileName))
|
788 h.sterling 1.31 {
|
789 kumpf 1.59 return true;
790 }
|
791 kumpf 1.10 }
|
792 kumpf 1.32 //
|
793 kumpf 1.35 // Check if the file exists and is readable
|
794 kumpf 1.32 //
795 else if (FileSystem::exists(fileName) && FileSystem::canRead(fileName))
|
796 kumpf 1.10 {
|
797 kumpf 1.35 return true;
|
798 h.sterling 1.31 }
|
799 kumpf 1.10
|
800 kumpf 1.32 return false;
|
801 kumpf 1.3 }
|
802 kumpf 1.59 else if (String::equalNoCase(
803 _sslClientVerificationMode->propertyName, name))
|
804 h.sterling 1.31 {
|
805 kumpf 1.59 if (String::equal(value, "disabled") ||
806 String::equal(value, "required") ||
807 String::equal(value, "optional"))
|
808 h.sterling 1.31 {
809 retVal = true;
810 }
811 }
|
812 kumpf 1.59 else if (String::equalNoCase(_sslTrustStoreUserName->propertyName, name))
|
813 h.sterling 1.31 {
|
814 h.sterling 1.38 if (System::isSystemUser((const char*)value.getCString()))
|
815 h.sterling 1.31 {
|
816 h.sterling 1.38 return true;
|
817 h.sterling 1.31 }
818 }
|
819 kumpf 1.59 else if (String::equalNoCase(
820 _enableRemotePrivilegedUserAccess->propertyName, name))
|
821 kumpf 1.22 {
|
822 kumpf 1.59 if (String::equal(value, "true") || String::equal(value, "false"))
|
823 kumpf 1.22 {
824 retVal = true;
825 }
826 }
|
827 kumpf 1.59 else if (String::equalNoCase(
828 _enableSubscriptionsForNonprivilegedUsers->propertyName, name))
|
829 kumpf 1.5 {
|
830 kumpf 1.59 if (String::equal(value, "true") || String::equal(value, "false"))
|
831 kumpf 1.5 {
832 retVal = true;
833 }
834 }
|
835 kumpf 1.33 #ifdef PEGASUS_ENABLE_USERGROUP_AUTHORIZATION
836 else if (String::equalNoCase(_authorizedUserGroups->propertyName, name))
837 {
838 retVal = true;
839 }
840 #endif
|
841 gerarda 1.20 #ifdef PEGASUS_KERBEROS_AUTHENTICATION
842 else if (String::equalNoCase(_kerberosServiceName->propertyName, name))
843 {
844 String serviceName(value);
845
846 //
847 // Check if the service name is empty
848 //
849 if (serviceName == String::EMPTY || serviceName== "")
850 {
851 retVal = false;
852 }
|
853 kumpf 1.59 else
|
854 gerarda 1.20 {
855 retVal = true;
856 }
857 }
858 #endif
|
859 mike 1.2 else
860 {
861 throw UnrecognizedConfigProperty(name);
862 }
863 return retVal;
864 }
865
|
866 kumpf 1.59 /**
867 Checks to see if the specified property is dynamic or not.
|
868 mike 1.2 */
|
869 vijay.eli 1.52 Boolean SecurityPropertyOwner::isDynamic(const String& name) const
|
870 mike 1.2 {
|
871 kumpf 1.59 struct ConfigProperty* configProperty =_lookupConfigProperty(name);
|
872 vijay.eli 1.52
|
873 kumpf 1.59 return (configProperty->dynamic == IS_DYNAMIC);
|
874 mike 1.2 }
875
876
877 PEGASUS_NAMESPACE_END
|