1 karl 1.54 //%2006////////////////////////////////////////////////////////////////////////
|
2 mike 1.2 //
|
3 karl 1.44 // Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development
4 // Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems.
5 // Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.;
|
6 karl 1.24 // IBM Corp.; EMC Corporation, The Open Group.
|
7 karl 1.44 // Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.;
8 // IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group.
|
9 karl 1.47 // Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.;
10 // EMC Corporation; VERITAS Software Corporation; The Open Group.
|
11 karl 1.54 // Copyright (c) 2006 Hewlett-Packard Development Company, L.P.; IBM Corp.;
12 // EMC Corporation; Symantec Corporation; The Open Group.
|
13 mike 1.2 //
14 // Permission is hereby granted, free of charge, to any person obtaining a copy
15 // of this software and associated documentation files (the "Software"), to
16 // deal in the Software without restriction, including without limitation the
17 // rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
18 // sell copies of the Software, and to permit persons to whom the Software is
19 // furnished to do so, subject to the following conditions:
|
20 kumpf 1.11 //
|
21 mike 1.2 // THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN
22 // ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED
23 // "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
24 // LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
25 // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
26 // HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
27 // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
28 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
29 //
30 //==============================================================================
31 //
32 //%/////////////////////////////////////////////////////////////////////////////
33
34
35 ///////////////////////////////////////////////////////////////////////////////
|
36 kumpf 1.59 //
|
37 mike 1.2 // This file has implementation for the security property owner class.
38 //
39 ///////////////////////////////////////////////////////////////////////////////
40
|
41 kumpf 1.4 #include "ConfigManager.h"
|
42 mike 1.2 #include "SecurityPropertyOwner.h"
|
43 kumpf 1.3 #include <Pegasus/Common/FileSystem.h>
|
44 h.sterling 1.31 #include <Pegasus/Common/System.h>
|
45 mike 1.2
46
47 PEGASUS_USING_STD;
48
49 PEGASUS_NAMESPACE_BEGIN
50
51 ///////////////////////////////////////////////////////////////////////////////
52 // SecurityPropertyOwner
53 ///////////////////////////////////////////////////////////////////////////////
54
55 static struct ConfigPropertyRow properties[] =
56 {
|
57 thilo.boehm 1.57 ///////////////////////////////////////////////////////////////////////////////
|
58 kumpf 1.59 // For z/OS, the follwing securtiy properties are fixed properties due to
59 // listed in the FixedPropertyTablezOS.h . Because they are fixed, they
|
60 thilo.boehm 1.57 // are hidden also:
|
61 kumpf 1.59 //
62 // enableAuthentication
63 // passwordFilePath
64 // sslCertificateFilePath
65 // sslKeyFilePath
66 // sslTrustStore
67 // crlStore
68 // sslClientVerificationMode
69 // sslTrustStoreUserName
70 // enableNamespaceAuthorization
71 // kerberosServiceName
72 // enableSubscriptionsForNonprivilegedUsers
73 // authorizedUserGroups
|
74 thilo.boehm 1.57 ///////////////////////////////////////////////////////////////////////////////
|
75 ouyang.jian 1.61 #ifdef PEGASUS_OS_PASE
76 {"enableAuthentication", "true", IS_STATIC, 0, 0, IS_VISIBLE},
77 {"httpAuthType", "Basic", IS_STATIC, 0, 0, IS_VISIBLE},
78 {"passwordFilePath", "cimserver.passwd", IS_STATIC, 0, 0, IS_VISIBLE},
79 {"sslCertificateFilePath", "ssl/keystore/servercert.pem", IS_STATIC,
80 0, 0, IS_VISIBLE},
81 {"sslKeyFilePath", "ssl/keystore/serverkey.pem", IS_STATIC,
82 0, 0, IS_VISIBLE},
83 {"sslTrustStore", "ssl/truststore/", IS_STATIC, 0, 0, IS_VISIBLE},
84 # ifdef PEGASUS_ENABLE_SSL_CRL_VERIFICATION
85 {"crlStore", "ssl/crlstore/", IS_STATIC, 0, 0, IS_VISIBLE},
86 # endif
87 {"sslClientVerificationMode", "optional", IS_STATIC, 0, 0, IS_VISIBLE},
88 {"sslTrustStoreUserName", "", IS_STATIC, 0, 0, IS_VISIBLE},
89 {"enableNamespaceAuthorization", "true", IS_STATIC, 0, 0, IS_VISIBLE},
90 # ifdef PEGASUS_KERBEROS_AUTHENTICATION
91 {"kerberosServiceName", "cimom", IS_STATIC, 0, 0, IS_VISIBLE},
92 # endif
93 {"enableSubscriptionsForNonprivilegedUsers", "false", IS_STATIC,
94 0, 0, IS_VISIBLE},
95 {"enableRemotePrivilegedUserAccess", "true", IS_STATIC, 0, 0, IS_VISIBLE},
96 ouyang.jian 1.61 {"authorizedUserGroups", "", IS_STATIC, 0, 0, IS_VISIBLE},
97 #else // PEGASUS_OS_PASE
|
98 konrad.r 1.46 {"enableAuthentication", "false", IS_STATIC, 0, 0, IS_VISIBLE},
99 {"httpAuthType", "Basic", IS_STATIC, 0, 0, IS_VISIBLE},
100 {"passwordFilePath", "cimserver.passwd", IS_STATIC, 0, 0, IS_VISIBLE},
|
101 kumpf 1.21 #ifdef PEGASUS_OS_HPUX
|
102 humberto 1.49 {"sslCertificateFilePath", "cert.pem", IS_STATIC, 0, 0, IS_VISIBLE},
|
103 kumpf 1.21 #else
|
104 kumpf 1.59 {"sslCertificateFilePath", "server.pem", IS_STATIC, 0, 0, IS_VISIBLE},
|
105 humberto 1.49 #endif
106 {"sslKeyFilePath", "file.pem", IS_STATIC, 0, 0, IS_VISIBLE},
107 {"sslTrustStore", "cimserver_trust", IS_STATIC, 0, 0, IS_VISIBLE},
|
108 sushma.fernandes 1.55 #ifdef PEGASUS_ENABLE_SSL_CRL_VERIFICATION
|
109 nag.boranna 1.48 {"crlStore", "crl", IS_STATIC, 0, 0, IS_VISIBLE},
|
110 sushma.fernandes 1.55 #endif
|
111 konrad.r 1.46 {"sslClientVerificationMode", "disabled", IS_STATIC, 0, 0, IS_VISIBLE},
|
112 nag.boranna 1.48 {"sslTrustStoreUserName", "", IS_STATIC, 0, 0, IS_VISIBLE},
|
113 konrad.r 1.46 {"enableNamespaceAuthorization", "false", IS_STATIC, 0, 0, IS_VISIBLE},
|
114 gerarda 1.20 #ifdef PEGASUS_KERBEROS_AUTHENTICATION
|
115 konrad.r 1.46 {"kerberosServiceName", "cimom", IS_STATIC, 0, 0, IS_VISIBLE},
|
116 gerarda 1.20 #endif
|
117 denise.eckstein 1.43 #if defined(PEGASUS_OS_HPUX) || defined(PEGASUS_OS_LINUX)
|
118 kumpf 1.40 # ifdef PEGASUS_USE_RELEASE_CONFIG_OPTIONS
|
119 kumpf 1.59 {"enableSubscriptionsForNonprivilegedUsers",
120 "false", IS_STATIC, 0, 0, IS_VISIBLE},
|
121 kumpf 1.40 # else
|
122 kumpf 1.59 {"enableSubscriptionsForNonprivilegedUsers",
123 "true", IS_STATIC, 0, 0, IS_VISIBLE},
|
124 kumpf 1.40 # endif
125 #else
|
126 kumpf 1.59 {"enableSubscriptionsForNonprivilegedUsers",
127 "true", IS_STATIC, 0, 0, IS_HIDDEN},
|
128 kumpf 1.40 #endif
|
129 marek 1.56 #ifdef PEGASUS_OS_ZOS
130 {"enableRemotePrivilegedUserAccess", "false", IS_STATIC, 0, 0, IS_VISIBLE},
|
131 thilo.boehm 1.64 {"enableCFZAPPLID", "true", IS_STATIC, 0, 0, IS_VISIBLE},
|
132 marek 1.56 #else
|
133 konrad.r 1.46 {"enableRemotePrivilegedUserAccess", "true", IS_STATIC, 0, 0, IS_VISIBLE},
|
134 marek 1.56 #endif
|
135 kumpf 1.33 #ifdef PEGASUS_ENABLE_USERGROUP_AUTHORIZATION
|
136 konrad.r 1.46 {"authorizedUserGroups", "", IS_STATIC, 0, 0, IS_VISIBLE},
|
137 kumpf 1.33 #endif
|
138 ouyang.jian 1.61 #endif
|
139 mike 1.2 };
140
141 const Uint32 NUM_PROPERTIES = sizeof(properties) / sizeof(properties[0]);
142
143
144 /** Constructors */
145 SecurityPropertyOwner::SecurityPropertyOwner()
146 {
|
147 a.arora 1.34 _enableAuthentication.reset(new ConfigProperty());
148 _enableNamespaceAuthorization.reset(new ConfigProperty());
149 _httpAuthType.reset(new ConfigProperty());
150 _passwordFilePath.reset(new ConfigProperty());
151 _certificateFilePath.reset(new ConfigProperty());
152 _keyFilePath.reset(new ConfigProperty());
153 _trustStore.reset(new ConfigProperty());
|
154 sushma.fernandes 1.55 #ifdef PEGASUS_ENABLE_SSL_CRL_VERIFICATION
|
155 kumpf 1.59 _crlStore.reset(new ConfigProperty());
|
156 sushma.fernandes 1.55 #endif
|
157 a.arora 1.34 _sslClientVerificationMode.reset(new ConfigProperty());
|
158 h.sterling 1.38 _sslTrustStoreUserName.reset(new ConfigProperty());
|
159 a.arora 1.34 _enableRemotePrivilegedUserAccess.reset(new ConfigProperty());
160 _enableSubscriptionsForNonprivilegedUsers.reset(new ConfigProperty());
|
161 kumpf 1.33 #ifdef PEGASUS_ENABLE_USERGROUP_AUTHORIZATION
|
162 a.arora 1.34 _authorizedUserGroups.reset(new ConfigProperty());
|
163 kumpf 1.33 #endif
|
164 gerarda 1.20 #ifdef PEGASUS_KERBEROS_AUTHENTICATION
|
165 kumpf 1.59 _kerberosServiceName.reset(new ConfigProperty());
|
166 gerarda 1.20 #endif
|
167 thilo.boehm 1.64 #ifdef PEGASUS_OS_ZOS
168 _enableCFZAPPLID.reset(new ConfigProperty());
169 #endif
170
|
171 mike 1.2 }
172
173
174 /**
|
175 kumpf 1.59 Initialize the config properties.
|
176 mike 1.2 */
177 void SecurityPropertyOwner::initialize()
178 {
179 for (Uint32 i = 0; i < NUM_PROPERTIES; i++)
180 {
181 //
182 // Initialize the properties with default values
183 //
184 if (String::equalNoCase(
|
185 kumpf 1.9 properties[i].propertyName, "enableAuthentication"))
|
186 mike 1.2 {
|
187 kumpf 1.9 _enableAuthentication->propertyName = properties[i].propertyName;
188 _enableAuthentication->defaultValue = properties[i].defaultValue;
189 _enableAuthentication->currentValue = properties[i].defaultValue;
190 _enableAuthentication->plannedValue = properties[i].defaultValue;
191 _enableAuthentication->dynamic = properties[i].dynamic;
192 _enableAuthentication->domain = properties[i].domain;
193 _enableAuthentication->domainSize = properties[i].domainSize;
|
194 kumpf 1.59 _enableAuthentication->externallyVisible =
195 properties[i].externallyVisible;
|
196 mike 1.2 }
197 else if (String::equalNoCase(
|
198 kumpf 1.9 properties[i].propertyName, "enableNamespaceAuthorization"))
|
199 mike 1.2 {
|
200 kumpf 1.59 _enableNamespaceAuthorization->propertyName =
201 properties[i].propertyName;
202 _enableNamespaceAuthorization->defaultValue =
203 properties[i].defaultValue;
204 _enableNamespaceAuthorization->currentValue =
205 properties[i].defaultValue;
206 _enableNamespaceAuthorization->plannedValue =
207 properties[i].defaultValue;
|
208 kumpf 1.9 _enableNamespaceAuthorization->dynamic = properties[i].dynamic;
209 _enableNamespaceAuthorization->domain = properties[i].domain;
|
210 kumpf 1.59 _enableNamespaceAuthorization->domainSize =
211 properties[i].domainSize;
212 _enableNamespaceAuthorization->externallyVisible =
213 properties[i].externallyVisible;
|
214 mike 1.2 }
|
215 kumpf 1.59 else if (String::equalNoCase(
216 properties[i].propertyName, "httpAuthType"))
|
217 mike 1.2 {
218 _httpAuthType->propertyName = properties[i].propertyName;
219 _httpAuthType->defaultValue = properties[i].defaultValue;
220 _httpAuthType->currentValue = properties[i].defaultValue;
221 _httpAuthType->plannedValue = properties[i].defaultValue;
222 _httpAuthType->dynamic = properties[i].dynamic;
223 _httpAuthType->domain = properties[i].domain;
224 _httpAuthType->domainSize = properties[i].domainSize;
|
225 kumpf 1.19 _httpAuthType->externallyVisible = properties[i].externallyVisible;
|
226 mike 1.2 }
|
227 kumpf 1.3 else if (String::equalNoCase(
|
228 kumpf 1.59 properties[i].propertyName, "passwordFilePath"))
|
229 kumpf 1.3 {
230 _passwordFilePath->propertyName = properties[i].propertyName;
231 _passwordFilePath->defaultValue = properties[i].defaultValue;
|
232 kumpf 1.36 _passwordFilePath->currentValue = properties[i].defaultValue;
|
233 kumpf 1.3 _passwordFilePath->plannedValue = properties[i].defaultValue;
234 _passwordFilePath->dynamic = properties[i].dynamic;
235 _passwordFilePath->domain = properties[i].domain;
236 _passwordFilePath->domainSize = properties[i].domainSize;
|
237 kumpf 1.59 _passwordFilePath->externallyVisible =
238 properties[i].externallyVisible;
|
239 kumpf 1.3 }
|
240 kumpf 1.5 else if (String::equalNoCase(
|
241 kumpf 1.59 properties[i].propertyName, "sslCertificateFilePath"))
242 {
|
243 kumpf 1.10 _certificateFilePath->propertyName = properties[i].propertyName;
244 _certificateFilePath->defaultValue = properties[i].defaultValue;
|
245 kumpf 1.36 _certificateFilePath->currentValue = properties[i].defaultValue;
|
246 kumpf 1.10 _certificateFilePath->plannedValue = properties[i].defaultValue;
247 _certificateFilePath->dynamic = properties[i].dynamic;
248 _certificateFilePath->domain = properties[i].domain;
249 _certificateFilePath->domainSize = properties[i].domainSize;
|
250 kumpf 1.59 _certificateFilePath->externallyVisible =
251 properties[i].externallyVisible;
252 }
|
253 kumpf 1.10 else if (String::equalNoCase(
|
254 kumpf 1.59 properties[i].propertyName, "sslKeyFilePath"))
255 {
|
256 kumpf 1.17 _keyFilePath->propertyName = properties[i].propertyName;
257 _keyFilePath->defaultValue = properties[i].defaultValue;
|
258 kumpf 1.36 _keyFilePath->currentValue = properties[i].defaultValue;
|
259 kumpf 1.17 _keyFilePath->plannedValue = properties[i].defaultValue;
260 _keyFilePath->dynamic = properties[i].dynamic;
261 _keyFilePath->domain = properties[i].domain;
262 _keyFilePath->domainSize = properties[i].domainSize;
|
263 kumpf 1.19 _keyFilePath->externallyVisible = properties[i].externallyVisible;
|
264 kumpf 1.59 }
|
265 kumpf 1.17 else if (String::equalNoCase(
|
266 kumpf 1.59 properties[i].propertyName, "sslTrustStore"))
267 {
|
268 h.sterling 1.31 _trustStore->propertyName = properties[i].propertyName;
269 _trustStore->defaultValue = properties[i].defaultValue;
|
270 kumpf 1.35 _trustStore->currentValue = properties[i].defaultValue;
|
271 h.sterling 1.31 _trustStore->plannedValue = properties[i].defaultValue;
272 _trustStore->dynamic = properties[i].dynamic;
273 _trustStore->domain = properties[i].domain;
274 _trustStore->domainSize = properties[i].domainSize;
275 _trustStore->externallyVisible = properties[i].externallyVisible;
|
276 kumpf 1.18
|
277 kumpf 1.59 // do not initialize trustpath; a truststore is not required
278 // for SSL handshakes a server may wish to connect on HTTPS
279 // but not verify clients
280 }
|
281 sushma.fernandes 1.55 #ifdef PEGASUS_ENABLE_SSL_CRL_VERIFICATION
|
282 h.sterling 1.31 else if (String::equalNoCase(
|
283 kumpf 1.59 properties[i].propertyName, "crlStore"))
284 {
|
285 h.sterling 1.45 _crlStore->propertyName = properties[i].propertyName;
286 _crlStore->defaultValue = properties[i].defaultValue;
287 _crlStore->currentValue = properties[i].defaultValue;
288 _crlStore->plannedValue = properties[i].defaultValue;
289 _crlStore->dynamic = properties[i].dynamic;
290 _crlStore->domain = properties[i].domain;
291 _crlStore->domainSize = properties[i].domainSize;
292 _crlStore->externallyVisible = properties[i].externallyVisible;
293
|
294 kumpf 1.59 }
|
295 sushma.fernandes 1.55 #endif
|
296 h.sterling 1.45 else if (String::equalNoCase(
|
297 kumpf 1.59 properties[i].propertyName, "sslClientVerificationMode"))
|
298 h.sterling 1.31 {
|
299 kumpf 1.59 _sslClientVerificationMode->propertyName =
300 properties[i].propertyName;
301 _sslClientVerificationMode->defaultValue =
302 properties[i].defaultValue;
303 _sslClientVerificationMode->currentValue =
304 properties[i].defaultValue;
305 _sslClientVerificationMode->plannedValue =
306 properties[i].defaultValue;
|
307 h.sterling 1.31 _sslClientVerificationMode->dynamic = properties[i].dynamic;
308 _sslClientVerificationMode->domain = properties[i].domain;
309 _sslClientVerificationMode->domainSize = properties[i].domainSize;
|
310 kumpf 1.59 _sslClientVerificationMode->externallyVisible =
311 properties[i].externallyVisible;
|
312 h.sterling 1.31 }
313 else if (String::equalNoCase(
|
314 kumpf 1.59 properties[i].propertyName, "sslTrustStoreUserName"))
|
315 h.sterling 1.38 {
316 _sslTrustStoreUserName->propertyName = properties[i].propertyName;
317 _sslTrustStoreUserName->defaultValue = properties[i].defaultValue;
318 _sslTrustStoreUserName->currentValue = properties[i].defaultValue;
319 _sslTrustStoreUserName->plannedValue = properties[i].defaultValue;
320 _sslTrustStoreUserName->dynamic = properties[i].dynamic;
321 _sslTrustStoreUserName->domain = properties[i].domain;
322 _sslTrustStoreUserName->domainSize = properties[i].domainSize;
|
323 kumpf 1.59 _sslTrustStoreUserName->externallyVisible =
324 properties[i].externallyVisible;
|
325 h.sterling 1.38 }
|
326 kumpf 1.18 else if (String::equalNoCase(
|
327 kumpf 1.5 properties[i].propertyName, "enableRemotePrivilegedUserAccess"))
328 {
|
329 kumpf 1.59 _enableRemotePrivilegedUserAccess->propertyName =
330 properties[i].propertyName;
331 _enableRemotePrivilegedUserAccess->defaultValue =
332 properties[i].defaultValue;
333 _enableRemotePrivilegedUserAccess->currentValue =
334 properties[i].defaultValue;
335 _enableRemotePrivilegedUserAccess->plannedValue =
336 properties[i].defaultValue;
|
337 kumpf 1.5 _enableRemotePrivilegedUserAccess->dynamic = properties[i].dynamic;
338 _enableRemotePrivilegedUserAccess->domain = properties[i].domain;
|
339 kumpf 1.59 _enableRemotePrivilegedUserAccess->domainSize =
340 properties[i].domainSize;
341 _enableRemotePrivilegedUserAccess->externallyVisible =
342 properties[i].externallyVisible;
343 }
344 else if (String::equalNoCase(properties[i].propertyName,
345 "enableSubscriptionsForNonprivilegedUsers"))
346 {
347 _enableSubscriptionsForNonprivilegedUsers->propertyName =
348 properties[i].propertyName;
349 _enableSubscriptionsForNonprivilegedUsers->defaultValue =
350 properties[i].defaultValue;
351 _enableSubscriptionsForNonprivilegedUsers->currentValue =
352 properties[i].defaultValue;
353 _enableSubscriptionsForNonprivilegedUsers->plannedValue =
354 properties[i].defaultValue;
355 _enableSubscriptionsForNonprivilegedUsers->dynamic =
356 properties[i].dynamic;
357 _enableSubscriptionsForNonprivilegedUsers->domain =
358 properties[i].domain;
359 _enableSubscriptionsForNonprivilegedUsers->domainSize =
360 kumpf 1.59 properties[i].domainSize;
361 _enableSubscriptionsForNonprivilegedUsers->externallyVisible =
362 properties[i].externallyVisible;
|
363 kumpf 1.5 }
|
364 kumpf 1.59 #ifdef PEGASUS_ENABLE_USERGROUP_AUTHORIZATION
|
365 kumpf 1.22 else if (String::equalNoCase(
|
366 kumpf 1.59 properties[i].propertyName, "authorizedUserGroups"))
|
367 kumpf 1.33 {
368 _authorizedUserGroups->propertyName = properties[i].propertyName;
369 _authorizedUserGroups->defaultValue = properties[i].defaultValue;
370 _authorizedUserGroups->currentValue = properties[i].defaultValue;
371 _authorizedUserGroups->plannedValue = properties[i].defaultValue;
372 _authorizedUserGroups->dynamic = properties[i].dynamic;
373 _authorizedUserGroups->domain = properties[i].domain;
374 _authorizedUserGroups->domainSize = properties[i].domainSize;
|
375 kumpf 1.59 _authorizedUserGroups->externallyVisible =
376 properties[i].externallyVisible;
|
377 kumpf 1.33 }
378 #endif
|
379 gerarda 1.20 #ifdef PEGASUS_KERBEROS_AUTHENTICATION
|
380 kumpf 1.59 else if (String::equalNoCase(
381 properties[i].propertyName, "kerberosServiceName"))
|
382 gerarda 1.20 {
383 _kerberosServiceName->propertyName = properties[i].propertyName;
384 _kerberosServiceName->defaultValue = properties[i].defaultValue;
385 _kerberosServiceName->currentValue = properties[i].defaultValue;
386 _kerberosServiceName->plannedValue = properties[i].defaultValue;
387 _kerberosServiceName->dynamic = properties[i].dynamic;
388 _kerberosServiceName->domain = properties[i].domain;
389 _kerberosServiceName->domainSize = properties[i].domainSize;
|
390 kumpf 1.59 _kerberosServiceName->externallyVisible =
391 properties[i].externallyVisible;
|
392 gerarda 1.20 }
393 #endif
|
394 thilo.boehm 1.64 #ifdef PEGASUS_OS_ZOS
395 else if (String::equalNoCase(
396 properties[i].propertyName, "enableCFZAPPLID"))
397 {
398 _enableCFZAPPLID->propertyName = properties[i].propertyName;
399 _enableCFZAPPLID->defaultValue = properties[i].defaultValue;
400 _enableCFZAPPLID->currentValue = properties[i].defaultValue;
401 _enableCFZAPPLID->plannedValue = properties[i].defaultValue;
402 _enableCFZAPPLID->dynamic = properties[i].dynamic;
403 _enableCFZAPPLID->domain = properties[i].domain;
404 _enableCFZAPPLID->domainSize = properties[i].domainSize;
405 _enableCFZAPPLID->externallyVisible =
406 properties[i].externallyVisible;
407 }
408 #endif
|
409 mike 1.2 }
|
410 kumpf 1.3
|
411 mike 1.2 }
412
|
413 kumpf 1.7 struct ConfigProperty* SecurityPropertyOwner::_lookupConfigProperty(
|
414 aruran.ms 1.53 const String& name) const
|
415 mike 1.2 {
|
416 kumpf 1.9 if (String::equalNoCase(_enableAuthentication->propertyName, name))
|
417 mike 1.2 {
|
418 a.arora 1.34 return _enableAuthentication.get();
|
419 mike 1.2 }
|
420 kumpf 1.59 else if (String::equalNoCase(
421 _enableNamespaceAuthorization->propertyName, name))
|
422 mike 1.2 {
|
423 a.arora 1.34 return _enableNamespaceAuthorization.get();
|
424 mike 1.2 }
425 else if (String::equalNoCase(_httpAuthType->propertyName, name))
426 {
|
427 a.arora 1.34 return _httpAuthType.get();
|
428 mike 1.2 }
|
429 kumpf 1.3 else if (String::equalNoCase(_passwordFilePath->propertyName, name))
430 {
|
431 a.arora 1.34 return _passwordFilePath.get();
|
432 kumpf 1.3 }
|
433 kumpf 1.10 else if (String::equalNoCase(_certificateFilePath->propertyName, name))
|
434 kumpf 1.59 {
|
435 a.arora 1.34 return _certificateFilePath.get();
|
436 kumpf 1.10 }
|
437 kumpf 1.17 else if (String::equalNoCase(_keyFilePath->propertyName, name))
|
438 kumpf 1.59 {
|
439 a.arora 1.34 return _keyFilePath.get();
|
440 kumpf 1.17 }
|
441 h.sterling 1.31 else if (String::equalNoCase(_trustStore->propertyName, name))
|
442 kumpf 1.59 {
|
443 a.arora 1.34 return _trustStore.get();
|
444 h.sterling 1.31 }
|
445 sushma.fernandes 1.55 #ifdef PEGASUS_ENABLE_SSL_CRL_VERIFICATION
|
446 kumpf 1.59 else if (String::equalNoCase(_crlStore->propertyName, name))
|
447 h.sterling 1.45 {
448 return _crlStore.get();
449 }
|
450 sushma.fernandes 1.55 #endif
|
451 h.sterling 1.31 else if (String::equalNoCase(
452 _sslClientVerificationMode->propertyName, name))
453 {
|
454 a.arora 1.34 return _sslClientVerificationMode.get();
|
455 h.sterling 1.31 }
456 else if (String::equalNoCase(
|
457 h.sterling 1.38 _sslTrustStoreUserName->propertyName, name))
|
458 h.sterling 1.31 {
|
459 h.sterling 1.38 return _sslTrustStoreUserName.get();
|
460 kumpf 1.18 }
|
461 h.sterling 1.31 else if (String::equalNoCase(
|
462 kumpf 1.7 _enableRemotePrivilegedUserAccess->propertyName, name))
|
463 kumpf 1.5 {
|
464 a.arora 1.34 return _enableRemotePrivilegedUserAccess.get();
|
465 kumpf 1.5 }
|
466 kumpf 1.22 else if (String::equalNoCase(
467 _enableSubscriptionsForNonprivilegedUsers->propertyName, name))
468 {
|
469 a.arora 1.34 return _enableSubscriptionsForNonprivilegedUsers.get();
|
470 kumpf 1.22 }
|
471 kumpf 1.33 #ifdef PEGASUS_ENABLE_USERGROUP_AUTHORIZATION
472 else if (String::equalNoCase(_authorizedUserGroups->propertyName, name))
473 {
|
474 a.arora 1.34 return _authorizedUserGroups.get();
|
475 kumpf 1.33 }
476 #endif
|
477 gerarda 1.20 #ifdef PEGASUS_KERBEROS_AUTHENTICATION
478 else if (String::equalNoCase(_kerberosServiceName->propertyName, name))
479 {
|
480 a.arora 1.34 return _kerberosServiceName.get();
|
481 gerarda 1.20 }
482 #endif
|
483 thilo.boehm 1.64 #ifdef PEGASUS_OS_ZOS
484 else if (String::equalNoCase(_enableCFZAPPLID->propertyName, name))
485 {
486 return _enableCFZAPPLID.get();
487 }
488 #endif
|
489 mike 1.2 else
490 {
491 throw UnrecognizedConfigProperty(name);
492 }
493 }
494
|
495 kumpf 1.59 /**
496 Get information about the specified property.
|
497 mike 1.2 */
|
498 kumpf 1.7 void SecurityPropertyOwner::getPropertyInfo(
|
499 kumpf 1.59 const String& name,
|
500 vijay.eli 1.52 Array<String>& propertyInfo) const
|
501 mike 1.2 {
|
502 kumpf 1.7 propertyInfo.clear();
|
503 aruran.ms 1.53 struct ConfigProperty * configProperty = _lookupConfigProperty(name);
|
504 kumpf 1.7
505 propertyInfo.append(configProperty->propertyName);
506 propertyInfo.append(configProperty->defaultValue);
507 propertyInfo.append(configProperty->currentValue);
508 propertyInfo.append(configProperty->plannedValue);
509 if (configProperty->dynamic)
|
510 kumpf 1.19 {
511 propertyInfo.append(STRING_TRUE);
512 }
513 else
514 {
515 propertyInfo.append(STRING_FALSE);
516 }
517 if (configProperty->externallyVisible)
|
518 mike 1.2 {
|
519 kumpf 1.7 propertyInfo.append(STRING_TRUE);
|
520 kumpf 1.5 }
|
521 mike 1.2 else
522 {
|
523 kumpf 1.7 propertyInfo.append(STRING_FALSE);
|
524 mike 1.2 }
525 }
526
|
527 kumpf 1.59 /**
528 Get default value of the specified property.
|
529 kumpf 1.7 */
|
530 vijay.eli 1.52 String SecurityPropertyOwner::getDefaultValue(const String& name) const
|
531 kumpf 1.7 {
|
532 aruran.ms 1.53 struct ConfigProperty * configProperty = _lookupConfigProperty(name);
|
533 kumpf 1.7 return configProperty->defaultValue;
534 }
535
|
536 kumpf 1.59 /**
537 Get current value of the specified property.
|
538 mike 1.2 */
|
539 vijay.eli 1.52 String SecurityPropertyOwner::getCurrentValue(const String& name) const
|
540 mike 1.2 {
|
541 aruran.ms 1.53 struct ConfigProperty * configProperty = _lookupConfigProperty(name);
|
542 kumpf 1.7 return configProperty->currentValue;
|
543 mike 1.2 }
544
|
545 kumpf 1.59 /**
546 Get planned value of the specified property.
|
547 mike 1.2 */
|
548 vijay.eli 1.52 String SecurityPropertyOwner::getPlannedValue(const String& name) const
|
549 mike 1.2 {
|
550 aruran.ms 1.53 struct ConfigProperty * configProperty = _lookupConfigProperty(name);
|
551 kumpf 1.7 return configProperty->plannedValue;
|
552 mike 1.2 }
553
554
|
555 kumpf 1.59 /**
556 Init current value of the specified property to the specified value.
|
557 mike 1.2 */
558 void SecurityPropertyOwner::initCurrentValue(
|
559 kumpf 1.59 const String& name,
|
560 mike 1.2 const String& value)
561 {
|
562 kumpf 1.7 struct ConfigProperty* configProperty = _lookupConfigProperty(name);
563 configProperty->currentValue = value;
|
564 mike 1.2 }
565
566
|
567 kumpf 1.59 /**
568 Init planned value of the specified property to the specified value.
|
569 mike 1.2 */
570 void SecurityPropertyOwner::initPlannedValue(
|
571 kumpf 1.59 const String& name,
|
572 mike 1.2 const String& value)
573 {
|
574 kumpf 1.7 struct ConfigProperty* configProperty = _lookupConfigProperty(name);
575 configProperty->plannedValue = value;
|
576 mike 1.2 }
577
|
578 kumpf 1.59 /**
579 Update current value of the specified property to the specified value.
|
580 mike 1.2 */
581 void SecurityPropertyOwner::updateCurrentValue(
|
582 kumpf 1.59 const String& name,
583 const String& value)
|
584 mike 1.2 {
585 //
586 // make sure the property is dynamic before updating the value.
587 //
588 if (!isDynamic(name))
589 {
|
590 kumpf 1.59 throw NonDynamicConfigProperty(name);
|
591 mike 1.2 }
592
|
593 kumpf 1.7 struct ConfigProperty* configProperty = _lookupConfigProperty(name);
594 configProperty->currentValue = value;
|
595 mike 1.2 }
596
597
|
598 kumpf 1.59 /**
599 Update planned value of the specified property to the specified value.
|
600 mike 1.2 */
601 void SecurityPropertyOwner::updatePlannedValue(
|
602 kumpf 1.59 const String& name,
|
603 mike 1.2 const String& value)
604 {
|
605 kumpf 1.7 struct ConfigProperty* configProperty = _lookupConfigProperty(name);
606 configProperty->plannedValue = value;
|
607 mike 1.2 }
608
|
609 kumpf 1.59 /**
610 Checks to see if the given value is valid or not.
|
611 mike 1.2 */
|
612 kumpf 1.59 Boolean SecurityPropertyOwner::isValid(
613 const String& name,
614 const String& value) const
|
615 mike 1.2 {
616 Boolean retVal = false;
|
617 kumpf 1.3
|
618 mike 1.2 //
619 // Validate the specified value
620 //
|
621 kumpf 1.9 if (String::equalNoCase(_enableAuthentication->propertyName, name))
|
622 mike 1.2 {
|
623 kumpf 1.59 if (String::equal(value, "true") || String::equal(value, "false"))
|
624 mike 1.2 {
625 retVal = true;
626 }
627 }
|
628 kumpf 1.59 else if (String::equalNoCase(
629 _enableNamespaceAuthorization->propertyName, name))
|
630 mike 1.2 {
|
631 kumpf 1.59 if (String::equal(value, "true") || String::equal(value, "false"))
|
632 mike 1.2 {
633 retVal = true;
634 }
635 }
636 else if (String::equalNoCase(_httpAuthType->propertyName, name))
637 {
|
638 kumpf 1.59 if (String::equal(value, "Basic") || String::equal(value, "Digest")
|
639 gerarda 1.20 #ifdef PEGASUS_KERBEROS_AUTHENTICATION
|
640 kumpf 1.59 || String::equal(value, "Kerberos")
|
641 gerarda 1.20 #endif
642 )
|
643 mike 1.2 {
644 retVal = true;
645 }
646 }
|
647 kumpf 1.3 else if (String::equalNoCase(_passwordFilePath->propertyName, name))
648 {
|
649 kumpf 1.59 String fileName(value);
|
650 kumpf 1.3
|
651 kumpf 1.8 //
652 // Check if the file path is empty
653 //
|
654 kumpf 1.36 if (fileName == String::EMPTY)
|
655 kumpf 1.8 {
656 return false;
657 }
658
|
659 kumpf 1.59 fileName = ConfigManager::getHomedPath(fileName);
|
660 h.sterling 1.41
|
661 kumpf 1.59 //
|
662 kumpf 1.3 // Check if the file path is a directory
|
663 kumpf 1.59 //
|
664 kumpf 1.3 FileSystem::translateSlashes(fileName);
665 if (FileSystem::isDirectory(fileName))
666 {
667 return false;
668 }
669
|
670 kumpf 1.59 //
|
671 kumpf 1.3 // Check if the file exists and is writable
|
672 kumpf 1.59 //
|
673 kumpf 1.3 if (FileSystem::exists(fileName))
674 {
675 if (!FileSystem::canWrite(fileName))
676 {
677 return false;
678 }
679 else
680 {
681 return true;
682 }
683 }
684 else
685 {
|
686 kumpf 1.59 //
|
687 kumpf 1.3 // Check if directory is writable
|
688 kumpf 1.59 //
|
689 kumpf 1.12 Uint32 pos = fileName.reverseFind('/');
|
690 kumpf 1.3
691 if (pos != PEG_NOT_FOUND)
692 {
693 String dirName = fileName.subString(0,pos);
694 if (!FileSystem::isDirectory(dirName))
695 {
696 return false;
697 }
698 if (!FileSystem::canWrite(dirName) )
699 {
700 return false;
701 }
702 else
703 {
704 return true;
705 }
706 }
707 else
708 {
709 String currentDir;
710
|
711 kumpf 1.59 //
712 // Check if there is permission to write in the
|
713 kumpf 1.3 // current working directory
|
714 kumpf 1.59 //
|
715 kumpf 1.3 FileSystem::getCurrentDirectory(currentDir);
716
717 if (!FileSystem::canWrite(currentDir))
718 {
719 return false;
720 }
721 else
722 {
723 return true;
724 }
725 }
726 }
|
727 kumpf 1.10 }
|
728 kumpf 1.17 else if (String::equalNoCase(_certificateFilePath->propertyName, name) ||
|
729 kumpf 1.32 String::equalNoCase(_keyFilePath->propertyName, name))
730 {
731 //
732 // Check if the file path is empty
733 //
|
734 h.sterling 1.42 if (value == String::EMPTY)
|
735 kumpf 1.32 {
736 return false;
737 }
738
|
739 kumpf 1.59 String fileName = ConfigManager::getHomedPath(value);
|
740 h.sterling 1.41
|
741 kumpf 1.32 //
742 // Check if the file path is a directory
743 //
744 FileSystem::translateSlashes(fileName);
745 if (FileSystem::isDirectory(fileName))
746 {
747 return false;
748 }
749
750 //
751 // Check if the file exists and is readable and is not empty.
752 //
753 if (FileSystem::exists(fileName) && FileSystem::canRead(fileName))
754 {
755 Uint32 size;
756 if (FileSystem::getFileSize(fileName, size))
757 {
758 if (size > 0)
759 {
760 return true;
761 }
762 kumpf 1.32 }
763 }
764
765 return false;
766 }
|
767 kumpf 1.59 else if (String::equalNoCase(_trustStore->propertyName, name)
|
768 sushma.fernandes 1.55 #ifdef PEGASUS_ENABLE_SSL_CRL_VERIFICATION
|
769 kumpf 1.59 || String::equalNoCase(_crlStore->propertyName, name)
|
770 sushma.fernandes 1.55 #endif
771 )
|
772 h.sterling 1.31 {
|
773 kumpf 1.10 //
|
774 sushma.fernandes 1.58 // Allow the file path to be empty
|
775 kumpf 1.10 //
|
776 h.sterling 1.42 if (value == String::EMPTY)
|
777 kumpf 1.10 {
|
778 kumpf 1.35 return true;
|
779 kumpf 1.10 }
780
|
781 kumpf 1.59 String fileName = ConfigManager::getHomedPath(value);
|
782 h.sterling 1.41
|
783 kumpf 1.32 //
|
784 kumpf 1.10 // Check if the file path is a directory
|
785 kumpf 1.32 //
|
786 kumpf 1.10 FileSystem::translateSlashes(fileName);
787 if (FileSystem::isDirectory(fileName))
788 {
|
789 h.sterling 1.31 //
790 // Truststore can be a directory, congruent with OpenSSL standards
|
791 kumpf 1.32 // Check if the directoy has read and write permissions
|
792 h.sterling 1.31 //
|
793 kumpf 1.59 if (FileSystem::canRead(fileName) && FileSystem::canWrite(fileName))
|
794 h.sterling 1.31 {
|
795 kumpf 1.59 return true;
796 }
|
797 kumpf 1.10 }
|
798 kumpf 1.32 //
|
799 kumpf 1.35 // Check if the file exists and is readable
|
800 kumpf 1.32 //
801 else if (FileSystem::exists(fileName) && FileSystem::canRead(fileName))
|
802 kumpf 1.10 {
|
803 kumpf 1.35 return true;
|
804 h.sterling 1.31 }
|
805 kumpf 1.10
|
806 kumpf 1.32 return false;
|
807 kumpf 1.3 }
|
808 kumpf 1.59 else if (String::equalNoCase(
809 _sslClientVerificationMode->propertyName, name))
|
810 h.sterling 1.31 {
|
811 kumpf 1.59 if (String::equal(value, "disabled") ||
812 String::equal(value, "required") ||
813 String::equal(value, "optional"))
|
814 h.sterling 1.31 {
815 retVal = true;
816 }
817 }
|
818 kumpf 1.59 else if (String::equalNoCase(_sslTrustStoreUserName->propertyName, name))
|
819 h.sterling 1.31 {
|
820 h.sterling 1.38 if (System::isSystemUser((const char*)value.getCString()))
|
821 h.sterling 1.31 {
|
822 h.sterling 1.38 return true;
|
823 h.sterling 1.31 }
824 }
|
825 kumpf 1.59 else if (String::equalNoCase(
826 _enableRemotePrivilegedUserAccess->propertyName, name))
|
827 kumpf 1.22 {
|
828 kumpf 1.59 if (String::equal(value, "true") || String::equal(value, "false"))
|
829 kumpf 1.22 {
830 retVal = true;
831 }
832 }
|
833 kumpf 1.59 else if (String::equalNoCase(
834 _enableSubscriptionsForNonprivilegedUsers->propertyName, name))
|
835 kumpf 1.5 {
|
836 kumpf 1.59 if (String::equal(value, "true") || String::equal(value, "false"))
|
837 kumpf 1.5 {
838 retVal = true;
839 }
840 }
|
841 kumpf 1.33 #ifdef PEGASUS_ENABLE_USERGROUP_AUTHORIZATION
842 else if (String::equalNoCase(_authorizedUserGroups->propertyName, name))
843 {
844 retVal = true;
845 }
846 #endif
|
847 gerarda 1.20 #ifdef PEGASUS_KERBEROS_AUTHENTICATION
848 else if (String::equalNoCase(_kerberosServiceName->propertyName, name))
849 {
850 String serviceName(value);
851
852 //
853 // Check if the service name is empty
854 //
855 if (serviceName == String::EMPTY || serviceName== "")
856 {
857 retVal = false;
858 }
|
859 kumpf 1.59 else
|
860 gerarda 1.20 {
861 retVal = true;
862 }
863 }
864 #endif
|
865 thilo.boehm 1.64 #ifdef PEGASUS_OS_ZOS
866 else if (String::equalNoCase(_enableCFZAPPLID->propertyName, name))
867 {
868 if (String::equalNoCase(value, "true")
869 || String::equalNoCase(value, "false"))
870 {
871 retVal = true;
872 }
873 }
874 #endif
|
875 mike 1.2 else
876 {
877 throw UnrecognizedConfigProperty(name);
878 }
879 return retVal;
880 }
881
|
882 kumpf 1.59 /**
883 Checks to see if the specified property is dynamic or not.
|
884 mike 1.2 */
|
885 vijay.eli 1.52 Boolean SecurityPropertyOwner::isDynamic(const String& name) const
|
886 mike 1.2 {
|
887 kumpf 1.59 struct ConfigProperty* configProperty =_lookupConfigProperty(name);
|
888 vijay.eli 1.52
|
889 kumpf 1.59 return (configProperty->dynamic == IS_DYNAMIC);
|
890 mike 1.2 }
891
892
893 PEGASUS_NAMESPACE_END
|