1 martin 1.66 //%LICENSE////////////////////////////////////////////////////////////////
|
2 martin 1.67 //
|
3 martin 1.66 // Licensed to The Open Group (TOG) under one or more contributor license
4 // agreements. Refer to the OpenPegasusNOTICE.txt file distributed with
5 // this work for additional information regarding copyright ownership.
6 // Each contributor licenses this file to you under the OpenPegasus Open
7 // Source License; you may not use this file except in compliance with the
8 // License.
|
9 martin 1.67 //
|
10 martin 1.66 // Permission is hereby granted, free of charge, to any person obtaining a
11 // copy of this software and associated documentation files (the "Software"),
12 // to deal in the Software without restriction, including without limitation
13 // the rights to use, copy, modify, merge, publish, distribute, sublicense,
14 // and/or sell copies of the Software, and to permit persons to whom the
15 // Software is furnished to do so, subject to the following conditions:
|
16 martin 1.67 //
|
17 martin 1.66 // The above copyright notice and this permission notice shall be included
18 // in all copies or substantial portions of the Software.
|
19 martin 1.67 //
|
20 martin 1.66 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
|
21 martin 1.67 // OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
22 martin 1.66 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
23 // IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
24 // CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
25 // TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
26 // SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
27 martin 1.67 //
|
28 martin 1.66 //////////////////////////////////////////////////////////////////////////
|
29 mike 1.2 //
30 //%/////////////////////////////////////////////////////////////////////////////
31
32
33 ///////////////////////////////////////////////////////////////////////////////
|
34 kumpf 1.59 //
|
35 mike 1.2 // This file has implementation for the security property owner class.
36 //
37 ///////////////////////////////////////////////////////////////////////////////
38
|
39 kumpf 1.4 #include "ConfigManager.h"
|
40 mike 1.2 #include "SecurityPropertyOwner.h"
|
41 kumpf 1.3 #include <Pegasus/Common/FileSystem.h>
|
42 h.sterling 1.31 #include <Pegasus/Common/System.h>
|
43 mike 1.2
44
45 PEGASUS_USING_STD;
46
47 PEGASUS_NAMESPACE_BEGIN
48
49 ///////////////////////////////////////////////////////////////////////////////
50 // SecurityPropertyOwner
51 ///////////////////////////////////////////////////////////////////////////////
52
53 static struct ConfigPropertyRow properties[] =
54 {
|
55 thilo.boehm 1.57 ///////////////////////////////////////////////////////////////////////////////
|
56 kumpf 1.59 // For z/OS, the follwing securtiy properties are fixed properties due to
57 // listed in the FixedPropertyTablezOS.h . Because they are fixed, they
|
58 thilo.boehm 1.57 // are hidden also:
|
59 kumpf 1.59 //
60 // enableAuthentication
61 // passwordFilePath
62 // sslCertificateFilePath
63 // sslKeyFilePath
64 // sslTrustStore
65 // crlStore
66 // sslClientVerificationMode
67 // sslTrustStoreUserName
68 // enableNamespaceAuthorization
69 // kerberosServiceName
70 // enableSubscriptionsForNonprivilegedUsers
71 // authorizedUserGroups
|
72 thilo.boehm 1.57 ///////////////////////////////////////////////////////////////////////////////
|
73 ouyang.jian 1.61 #ifdef PEGASUS_OS_PASE
|
74 kumpf 1.69 {"enableAuthentication", "true", IS_STATIC, IS_VISIBLE},
75 {"httpAuthType", "Basic", IS_STATIC, IS_VISIBLE},
76 {"passwordFilePath", "cimserver.passwd", IS_STATIC, IS_VISIBLE},
|
77 kumpf 1.68 {"sslCertificateFilePath", "ssl/keystore/servercert.pem", IS_STATIC,
|
78 kumpf 1.69 IS_VISIBLE},
79 {"sslKeyFilePath", "ssl/keystore/serverkey.pem", IS_STATIC, IS_VISIBLE},
80 {"sslTrustStore", "ssl/truststore/", IS_STATIC, IS_VISIBLE},
|
81 ouyang.jian 1.61 # ifdef PEGASUS_ENABLE_SSL_CRL_VERIFICATION
|
82 kumpf 1.69 {"crlStore", "ssl/crlstore/", IS_STATIC, IS_VISIBLE},
|
83 kumpf 1.68 # endif
|
84 kumpf 1.69 {"sslClientVerificationMode", "optional", IS_STATIC, IS_VISIBLE},
85 {"sslTrustStoreUserName", "QYCMCIMOM", IS_STATIC, IS_VISIBLE},
|
86 venkat.puvvada 1.73 {"enableNamespaceAuthorization", "false", IS_STATIC, IS_VISIBLE},
|
87 ouyang.jian 1.61 # ifdef PEGASUS_KERBEROS_AUTHENTICATION
|
88 kumpf 1.69 {"kerberosServiceName", "cimom", IS_STATIC, IS_VISIBLE},
|
89 kumpf 1.68 # endif
90 {"enableSubscriptionsForNonprivilegedUsers", "false", IS_STATIC,
|
91 kumpf 1.69 IS_VISIBLE},
92 {"enableRemotePrivilegedUserAccess", "true", IS_STATIC, IS_VISIBLE},
93 {"authorizedUserGroups", "", IS_STATIC, IS_VISIBLE},
|
94 ouyang.jian 1.61 #else // PEGASUS_OS_PASE
|
95 kumpf 1.69 {"enableAuthentication", "false", IS_STATIC, IS_VISIBLE},
96 {"httpAuthType", "Basic", IS_STATIC, IS_VISIBLE},
97 {"passwordFilePath", "cimserver.passwd", IS_STATIC, IS_VISIBLE},
|
98 kumpf 1.21 #ifdef PEGASUS_OS_HPUX
|
99 kumpf 1.69 {"sslCertificateFilePath", "cert.pem", IS_STATIC, IS_VISIBLE},
|
100 kumpf 1.21 #else
|
101 kumpf 1.69 {"sslCertificateFilePath", "server.pem", IS_STATIC, IS_VISIBLE},
|
102 humberto 1.49 #endif
|
103 kumpf 1.69 {"sslKeyFilePath", "file.pem", IS_STATIC, IS_VISIBLE},
104 {"sslTrustStore", "cimserver_trust", IS_STATIC, IS_VISIBLE},
|
105 sushma.fernandes 1.55 #ifdef PEGASUS_ENABLE_SSL_CRL_VERIFICATION
|
106 kumpf 1.69 {"crlStore", "crl", IS_STATIC, IS_VISIBLE},
|
107 sushma.fernandes 1.55 #endif
|
108 kumpf 1.69 {"sslClientVerificationMode", "disabled", IS_STATIC, IS_VISIBLE},
109 {"sslTrustStoreUserName", "", IS_STATIC, IS_VISIBLE},
110 {"enableNamespaceAuthorization", "false", IS_STATIC, IS_VISIBLE},
|
111 gerarda 1.20 #ifdef PEGASUS_KERBEROS_AUTHENTICATION
|
112 kumpf 1.69 {"kerberosServiceName", "cimom", IS_STATIC, IS_VISIBLE},
|
113 gerarda 1.20 #endif
|
114 denise.eckstein 1.43 #if defined(PEGASUS_OS_HPUX) || defined(PEGASUS_OS_LINUX)
|
115 kumpf 1.40 # ifdef PEGASUS_USE_RELEASE_CONFIG_OPTIONS
|
116 kumpf 1.59 {"enableSubscriptionsForNonprivilegedUsers",
|
117 kumpf 1.69 "false", IS_STATIC, IS_VISIBLE},
|
118 kumpf 1.40 # else
|
119 kumpf 1.69 {"enableSubscriptionsForNonprivilegedUsers", "true", IS_STATIC, IS_VISIBLE},
|
120 kumpf 1.40 # endif
121 #else
|
122 kumpf 1.69 {"enableSubscriptionsForNonprivilegedUsers", "true", IS_STATIC, IS_HIDDEN},
|
123 kumpf 1.40 #endif
|
124 marek 1.56 #ifdef PEGASUS_OS_ZOS
|
125 kumpf 1.69 {"enableRemotePrivilegedUserAccess", "false", IS_STATIC, IS_VISIBLE},
126 {"enableCFZAPPLID", "true", IS_STATIC, IS_VISIBLE},
|
127 marek 1.56 #else
|
128 kumpf 1.69 {"enableRemotePrivilegedUserAccess", "true", IS_STATIC, IS_VISIBLE},
|
129 marek 1.56 #endif
|
130 kumpf 1.33 #ifdef PEGASUS_ENABLE_USERGROUP_AUTHORIZATION
|
131 kumpf 1.69 {"authorizedUserGroups", "", IS_STATIC, IS_VISIBLE},
|
132 kumpf 1.33 #endif
|
133 ouyang.jian 1.61 #endif
|
134 mike 1.2 };
135
136 const Uint32 NUM_PROPERTIES = sizeof(properties) / sizeof(properties[0]);
137
138
139 /** Constructors */
140 SecurityPropertyOwner::SecurityPropertyOwner()
141 {
|
142 a.arora 1.34 _enableAuthentication.reset(new ConfigProperty());
143 _enableNamespaceAuthorization.reset(new ConfigProperty());
144 _httpAuthType.reset(new ConfigProperty());
145 _passwordFilePath.reset(new ConfigProperty());
146 _certificateFilePath.reset(new ConfigProperty());
147 _keyFilePath.reset(new ConfigProperty());
148 _trustStore.reset(new ConfigProperty());
|
149 sushma.fernandes 1.55 #ifdef PEGASUS_ENABLE_SSL_CRL_VERIFICATION
|
150 kumpf 1.59 _crlStore.reset(new ConfigProperty());
|
151 sushma.fernandes 1.55 #endif
|
152 a.arora 1.34 _sslClientVerificationMode.reset(new ConfigProperty());
|
153 h.sterling 1.38 _sslTrustStoreUserName.reset(new ConfigProperty());
|
154 a.arora 1.34 _enableRemotePrivilegedUserAccess.reset(new ConfigProperty());
155 _enableSubscriptionsForNonprivilegedUsers.reset(new ConfigProperty());
|
156 kumpf 1.33 #ifdef PEGASUS_ENABLE_USERGROUP_AUTHORIZATION
|
157 a.arora 1.34 _authorizedUserGroups.reset(new ConfigProperty());
|
158 kumpf 1.33 #endif
|
159 gerarda 1.20 #ifdef PEGASUS_KERBEROS_AUTHENTICATION
|
160 kumpf 1.59 _kerberosServiceName.reset(new ConfigProperty());
|
161 gerarda 1.20 #endif
|
162 thilo.boehm 1.64 #ifdef PEGASUS_OS_ZOS
163 _enableCFZAPPLID.reset(new ConfigProperty());
164 #endif
165
|
166 mike 1.2 }
167
168
169 /**
|
170 kumpf 1.59 Initialize the config properties.
|
171 mike 1.2 */
172 void SecurityPropertyOwner::initialize()
173 {
174 for (Uint32 i = 0; i < NUM_PROPERTIES; i++)
175 {
176 //
177 // Initialize the properties with default values
178 //
|
179 kavita.gupta 1.70 if (String::equal(
|
180 kumpf 1.9 properties[i].propertyName, "enableAuthentication"))
|
181 mike 1.2 {
|
182 kumpf 1.9 _enableAuthentication->propertyName = properties[i].propertyName;
183 _enableAuthentication->defaultValue = properties[i].defaultValue;
184 _enableAuthentication->currentValue = properties[i].defaultValue;
185 _enableAuthentication->plannedValue = properties[i].defaultValue;
186 _enableAuthentication->dynamic = properties[i].dynamic;
|
187 kumpf 1.59 _enableAuthentication->externallyVisible =
188 properties[i].externallyVisible;
|
189 mike 1.2 }
|
190 kavita.gupta 1.70 else if (String::equal(
|
191 kumpf 1.9 properties[i].propertyName, "enableNamespaceAuthorization"))
|
192 mike 1.2 {
|
193 kumpf 1.59 _enableNamespaceAuthorization->propertyName =
194 properties[i].propertyName;
195 _enableNamespaceAuthorization->defaultValue =
196 properties[i].defaultValue;
197 _enableNamespaceAuthorization->currentValue =
198 properties[i].defaultValue;
199 _enableNamespaceAuthorization->plannedValue =
200 properties[i].defaultValue;
|
201 kumpf 1.9 _enableNamespaceAuthorization->dynamic = properties[i].dynamic;
|
202 kumpf 1.59 _enableNamespaceAuthorization->externallyVisible =
203 properties[i].externallyVisible;
|
204 mike 1.2 }
|
205 kavita.gupta 1.70 else if (String::equal(
|
206 kumpf 1.59 properties[i].propertyName, "httpAuthType"))
|
207 mike 1.2 {
208 _httpAuthType->propertyName = properties[i].propertyName;
209 _httpAuthType->defaultValue = properties[i].defaultValue;
210 _httpAuthType->currentValue = properties[i].defaultValue;
211 _httpAuthType->plannedValue = properties[i].defaultValue;
212 _httpAuthType->dynamic = properties[i].dynamic;
|
213 kumpf 1.19 _httpAuthType->externallyVisible = properties[i].externallyVisible;
|
214 mike 1.2 }
|
215 kavita.gupta 1.70 else if (String::equal(
|
216 kumpf 1.59 properties[i].propertyName, "passwordFilePath"))
|
217 kumpf 1.3 {
218 _passwordFilePath->propertyName = properties[i].propertyName;
219 _passwordFilePath->defaultValue = properties[i].defaultValue;
|
220 kumpf 1.36 _passwordFilePath->currentValue = properties[i].defaultValue;
|
221 kumpf 1.3 _passwordFilePath->plannedValue = properties[i].defaultValue;
222 _passwordFilePath->dynamic = properties[i].dynamic;
|
223 kumpf 1.59 _passwordFilePath->externallyVisible =
224 properties[i].externallyVisible;
|
225 kumpf 1.3 }
|
226 kavita.gupta 1.70 else if (String::equal(
|
227 kumpf 1.59 properties[i].propertyName, "sslCertificateFilePath"))
228 {
|
229 kumpf 1.10 _certificateFilePath->propertyName = properties[i].propertyName;
230 _certificateFilePath->defaultValue = properties[i].defaultValue;
|
231 kumpf 1.36 _certificateFilePath->currentValue = properties[i].defaultValue;
|
232 kumpf 1.10 _certificateFilePath->plannedValue = properties[i].defaultValue;
233 _certificateFilePath->dynamic = properties[i].dynamic;
|
234 kumpf 1.59 _certificateFilePath->externallyVisible =
235 properties[i].externallyVisible;
236 }
|
237 kavita.gupta 1.70 else if (String::equal(
|
238 kumpf 1.59 properties[i].propertyName, "sslKeyFilePath"))
239 {
|
240 kumpf 1.17 _keyFilePath->propertyName = properties[i].propertyName;
241 _keyFilePath->defaultValue = properties[i].defaultValue;
|
242 kumpf 1.36 _keyFilePath->currentValue = properties[i].defaultValue;
|
243 kumpf 1.17 _keyFilePath->plannedValue = properties[i].defaultValue;
244 _keyFilePath->dynamic = properties[i].dynamic;
|
245 kumpf 1.19 _keyFilePath->externallyVisible = properties[i].externallyVisible;
|
246 kumpf 1.59 }
|
247 kavita.gupta 1.70 else if (String::equal(
|
248 kumpf 1.59 properties[i].propertyName, "sslTrustStore"))
249 {
|
250 h.sterling 1.31 _trustStore->propertyName = properties[i].propertyName;
251 _trustStore->defaultValue = properties[i].defaultValue;
|
252 kumpf 1.35 _trustStore->currentValue = properties[i].defaultValue;
|
253 h.sterling 1.31 _trustStore->plannedValue = properties[i].defaultValue;
254 _trustStore->dynamic = properties[i].dynamic;
255 _trustStore->externallyVisible = properties[i].externallyVisible;
|
256 kumpf 1.18
|
257 kumpf 1.59 // do not initialize trustpath; a truststore is not required
258 // for SSL handshakes a server may wish to connect on HTTPS
259 // but not verify clients
260 }
|
261 sushma.fernandes 1.55 #ifdef PEGASUS_ENABLE_SSL_CRL_VERIFICATION
|
262 kavita.gupta 1.70 else if (String::equal(
|
263 kumpf 1.59 properties[i].propertyName, "crlStore"))
264 {
|
265 h.sterling 1.45 _crlStore->propertyName = properties[i].propertyName;
266 _crlStore->defaultValue = properties[i].defaultValue;
267 _crlStore->currentValue = properties[i].defaultValue;
268 _crlStore->plannedValue = properties[i].defaultValue;
269 _crlStore->dynamic = properties[i].dynamic;
270 _crlStore->externallyVisible = properties[i].externallyVisible;
271
|
272 kumpf 1.59 }
|
273 sushma.fernandes 1.55 #endif
|
274 kavita.gupta 1.70 else if (String::equal(
|
275 kumpf 1.59 properties[i].propertyName, "sslClientVerificationMode"))
|
276 h.sterling 1.31 {
|
277 kumpf 1.59 _sslClientVerificationMode->propertyName =
278 properties[i].propertyName;
279 _sslClientVerificationMode->defaultValue =
280 properties[i].defaultValue;
281 _sslClientVerificationMode->currentValue =
282 properties[i].defaultValue;
283 _sslClientVerificationMode->plannedValue =
284 properties[i].defaultValue;
|
285 h.sterling 1.31 _sslClientVerificationMode->dynamic = properties[i].dynamic;
|
286 kumpf 1.59 _sslClientVerificationMode->externallyVisible =
287 properties[i].externallyVisible;
|
288 h.sterling 1.31 }
|
289 kavita.gupta 1.70 else if (String::equal(
|
290 kumpf 1.59 properties[i].propertyName, "sslTrustStoreUserName"))
|
291 h.sterling 1.38 {
292 _sslTrustStoreUserName->propertyName = properties[i].propertyName;
293 _sslTrustStoreUserName->defaultValue = properties[i].defaultValue;
294 _sslTrustStoreUserName->currentValue = properties[i].defaultValue;
295 _sslTrustStoreUserName->plannedValue = properties[i].defaultValue;
296 _sslTrustStoreUserName->dynamic = properties[i].dynamic;
|
297 kumpf 1.59 _sslTrustStoreUserName->externallyVisible =
298 properties[i].externallyVisible;
|
299 h.sterling 1.38 }
|
300 kavita.gupta 1.70 else if (String::equal(
|
301 kumpf 1.5 properties[i].propertyName, "enableRemotePrivilegedUserAccess"))
302 {
|
303 kumpf 1.59 _enableRemotePrivilegedUserAccess->propertyName =
304 properties[i].propertyName;
305 _enableRemotePrivilegedUserAccess->defaultValue =
306 properties[i].defaultValue;
307 _enableRemotePrivilegedUserAccess->currentValue =
308 properties[i].defaultValue;
309 _enableRemotePrivilegedUserAccess->plannedValue =
310 properties[i].defaultValue;
|
311 kumpf 1.5 _enableRemotePrivilegedUserAccess->dynamic = properties[i].dynamic;
|
312 kumpf 1.59 _enableRemotePrivilegedUserAccess->externallyVisible =
313 properties[i].externallyVisible;
314 }
|
315 kavita.gupta 1.70 else if (String::equal(properties[i].propertyName,
|
316 kumpf 1.59 "enableSubscriptionsForNonprivilegedUsers"))
317 {
318 _enableSubscriptionsForNonprivilegedUsers->propertyName =
319 properties[i].propertyName;
320 _enableSubscriptionsForNonprivilegedUsers->defaultValue =
321 properties[i].defaultValue;
322 _enableSubscriptionsForNonprivilegedUsers->currentValue =
323 properties[i].defaultValue;
324 _enableSubscriptionsForNonprivilegedUsers->plannedValue =
325 properties[i].defaultValue;
326 _enableSubscriptionsForNonprivilegedUsers->dynamic =
327 properties[i].dynamic;
328 _enableSubscriptionsForNonprivilegedUsers->externallyVisible =
329 properties[i].externallyVisible;
|
330 kumpf 1.5 }
|
331 kumpf 1.59 #ifdef PEGASUS_ENABLE_USERGROUP_AUTHORIZATION
|
332 kavita.gupta 1.70 else if (String::equal(
|
333 kumpf 1.59 properties[i].propertyName, "authorizedUserGroups"))
|
334 kumpf 1.33 {
335 _authorizedUserGroups->propertyName = properties[i].propertyName;
336 _authorizedUserGroups->defaultValue = properties[i].defaultValue;
337 _authorizedUserGroups->currentValue = properties[i].defaultValue;
338 _authorizedUserGroups->plannedValue = properties[i].defaultValue;
339 _authorizedUserGroups->dynamic = properties[i].dynamic;
|
340 kumpf 1.59 _authorizedUserGroups->externallyVisible =
341 properties[i].externallyVisible;
|
342 kumpf 1.33 }
343 #endif
|
344 gerarda 1.20 #ifdef PEGASUS_KERBEROS_AUTHENTICATION
|
345 kavita.gupta 1.70 else if (String::equal(
|
346 kumpf 1.59 properties[i].propertyName, "kerberosServiceName"))
|
347 gerarda 1.20 {
348 _kerberosServiceName->propertyName = properties[i].propertyName;
349 _kerberosServiceName->defaultValue = properties[i].defaultValue;
350 _kerberosServiceName->currentValue = properties[i].defaultValue;
351 _kerberosServiceName->plannedValue = properties[i].defaultValue;
352 _kerberosServiceName->dynamic = properties[i].dynamic;
|
353 kumpf 1.59 _kerberosServiceName->externallyVisible =
354 properties[i].externallyVisible;
|
355 gerarda 1.20 }
356 #endif
|
357 thilo.boehm 1.64 #ifdef PEGASUS_OS_ZOS
|
358 kavita.gupta 1.70 else if (String::equal(
|
359 thilo.boehm 1.64 properties[i].propertyName, "enableCFZAPPLID"))
360 {
361 _enableCFZAPPLID->propertyName = properties[i].propertyName;
362 _enableCFZAPPLID->defaultValue = properties[i].defaultValue;
363 _enableCFZAPPLID->currentValue = properties[i].defaultValue;
364 _enableCFZAPPLID->plannedValue = properties[i].defaultValue;
365 _enableCFZAPPLID->dynamic = properties[i].dynamic;
366 _enableCFZAPPLID->externallyVisible =
367 properties[i].externallyVisible;
368 }
369 #endif
|
370 mike 1.2 }
|
371 kumpf 1.3
|
372 mike 1.2 }
373
|
374 kumpf 1.7 struct ConfigProperty* SecurityPropertyOwner::_lookupConfigProperty(
|
375 aruran.ms 1.53 const String& name) const
|
376 mike 1.2 {
|
377 kavita.gupta 1.70 if (String::equal(_enableAuthentication->propertyName, name))
|
378 mike 1.2 {
|
379 a.arora 1.34 return _enableAuthentication.get();
|
380 mike 1.2 }
|
381 kavita.gupta 1.70 else if (String::equal(
|
382 kumpf 1.59 _enableNamespaceAuthorization->propertyName, name))
|
383 mike 1.2 {
|
384 a.arora 1.34 return _enableNamespaceAuthorization.get();
|
385 mike 1.2 }
|
386 kavita.gupta 1.70 else if (String::equal(_httpAuthType->propertyName, name))
|
387 mike 1.2 {
|
388 a.arora 1.34 return _httpAuthType.get();
|
389 mike 1.2 }
|
390 kavita.gupta 1.70 else if (String::equal(_passwordFilePath->propertyName, name))
|
391 kumpf 1.3 {
|
392 a.arora 1.34 return _passwordFilePath.get();
|
393 kumpf 1.3 }
|
394 kavita.gupta 1.70 else if (String::equal(_certificateFilePath->propertyName, name))
|
395 kumpf 1.59 {
|
396 a.arora 1.34 return _certificateFilePath.get();
|
397 kumpf 1.10 }
|
398 kavita.gupta 1.70 else if (String::equal(_keyFilePath->propertyName, name))
|
399 kumpf 1.59 {
|
400 a.arora 1.34 return _keyFilePath.get();
|
401 kumpf 1.17 }
|
402 kavita.gupta 1.70 else if (String::equal(_trustStore->propertyName, name))
|
403 kumpf 1.59 {
|
404 a.arora 1.34 return _trustStore.get();
|
405 h.sterling 1.31 }
|
406 sushma.fernandes 1.55 #ifdef PEGASUS_ENABLE_SSL_CRL_VERIFICATION
|
407 kavita.gupta 1.70 else if (String::equal(_crlStore->propertyName, name))
|
408 h.sterling 1.45 {
409 return _crlStore.get();
410 }
|
411 sushma.fernandes 1.55 #endif
|
412 kavita.gupta 1.70 else if (String::equal(
|
413 h.sterling 1.31 _sslClientVerificationMode->propertyName, name))
414 {
|
415 a.arora 1.34 return _sslClientVerificationMode.get();
|
416 h.sterling 1.31 }
|
417 kavita.gupta 1.70 else if (String::equal(
|
418 h.sterling 1.38 _sslTrustStoreUserName->propertyName, name))
|
419 h.sterling 1.31 {
|
420 h.sterling 1.38 return _sslTrustStoreUserName.get();
|
421 kumpf 1.18 }
|
422 kavita.gupta 1.70 else if (String::equal(
|
423 kumpf 1.7 _enableRemotePrivilegedUserAccess->propertyName, name))
|
424 kumpf 1.5 {
|
425 a.arora 1.34 return _enableRemotePrivilegedUserAccess.get();
|
426 kumpf 1.5 }
|
427 kavita.gupta 1.70 else if (String::equal(
|
428 kumpf 1.22 _enableSubscriptionsForNonprivilegedUsers->propertyName, name))
429 {
|
430 a.arora 1.34 return _enableSubscriptionsForNonprivilegedUsers.get();
|
431 kumpf 1.22 }
|
432 kumpf 1.33 #ifdef PEGASUS_ENABLE_USERGROUP_AUTHORIZATION
|
433 kavita.gupta 1.70 else if (String::equal(_authorizedUserGroups->propertyName, name))
|
434 kumpf 1.33 {
|
435 a.arora 1.34 return _authorizedUserGroups.get();
|
436 kumpf 1.33 }
437 #endif
|
438 gerarda 1.20 #ifdef PEGASUS_KERBEROS_AUTHENTICATION
|
439 kavita.gupta 1.70 else if (String::equal(_kerberosServiceName->propertyName, name))
|
440 gerarda 1.20 {
|
441 a.arora 1.34 return _kerberosServiceName.get();
|
442 gerarda 1.20 }
443 #endif
|
444 thilo.boehm 1.64 #ifdef PEGASUS_OS_ZOS
|
445 kavita.gupta 1.70 else if (String::equal(_enableCFZAPPLID->propertyName, name))
|
446 thilo.boehm 1.64 {
447 return _enableCFZAPPLID.get();
448 }
449 #endif
|
450 mike 1.2 else
451 {
452 throw UnrecognizedConfigProperty(name);
453 }
454 }
455
|
456 kumpf 1.59 /**
457 Get information about the specified property.
|
458 mike 1.2 */
|
459 kumpf 1.7 void SecurityPropertyOwner::getPropertyInfo(
|
460 kumpf 1.59 const String& name,
|
461 vijay.eli 1.52 Array<String>& propertyInfo) const
|
462 mike 1.2 {
|
463 kumpf 1.7 propertyInfo.clear();
|
464 aruran.ms 1.53 struct ConfigProperty * configProperty = _lookupConfigProperty(name);
|
465 kumpf 1.7
466 propertyInfo.append(configProperty->propertyName);
467 propertyInfo.append(configProperty->defaultValue);
468 propertyInfo.append(configProperty->currentValue);
469 propertyInfo.append(configProperty->plannedValue);
470 if (configProperty->dynamic)
|
471 kumpf 1.19 {
472 propertyInfo.append(STRING_TRUE);
473 }
474 else
475 {
476 propertyInfo.append(STRING_FALSE);
477 }
478 if (configProperty->externallyVisible)
|
479 mike 1.2 {
|
480 kumpf 1.7 propertyInfo.append(STRING_TRUE);
|
481 kumpf 1.5 }
|
482 mike 1.2 else
483 {
|
484 kumpf 1.7 propertyInfo.append(STRING_FALSE);
|
485 mike 1.2 }
486 }
487
|
488 kumpf 1.59 /**
489 Get default value of the specified property.
|
490 kumpf 1.7 */
|
491 vijay.eli 1.52 String SecurityPropertyOwner::getDefaultValue(const String& name) const
|
492 kumpf 1.7 {
|
493 aruran.ms 1.53 struct ConfigProperty * configProperty = _lookupConfigProperty(name);
|
494 kumpf 1.7 return configProperty->defaultValue;
495 }
496
|
497 kumpf 1.59 /**
498 Get current value of the specified property.
|
499 mike 1.2 */
|
500 vijay.eli 1.52 String SecurityPropertyOwner::getCurrentValue(const String& name) const
|
501 mike 1.2 {
|
502 aruran.ms 1.53 struct ConfigProperty * configProperty = _lookupConfigProperty(name);
|
503 kumpf 1.7 return configProperty->currentValue;
|
504 mike 1.2 }
505
|
506 kumpf 1.59 /**
507 Get planned value of the specified property.
|
508 mike 1.2 */
|
509 vijay.eli 1.52 String SecurityPropertyOwner::getPlannedValue(const String& name) const
|
510 mike 1.2 {
|
511 aruran.ms 1.53 struct ConfigProperty * configProperty = _lookupConfigProperty(name);
|
512 kumpf 1.7 return configProperty->plannedValue;
|
513 mike 1.2 }
514
515
|
516 kumpf 1.59 /**
517 Init current value of the specified property to the specified value.
|
518 mike 1.2 */
519 void SecurityPropertyOwner::initCurrentValue(
|
520 kumpf 1.59 const String& name,
|
521 mike 1.2 const String& value)
522 {
|
523 kumpf 1.7 struct ConfigProperty* configProperty = _lookupConfigProperty(name);
524 configProperty->currentValue = value;
|
525 mike 1.2 }
526
527
|
528 kumpf 1.59 /**
529 Init planned value of the specified property to the specified value.
|
530 mike 1.2 */
531 void SecurityPropertyOwner::initPlannedValue(
|
532 kumpf 1.59 const String& name,
|
533 mike 1.2 const String& value)
534 {
|
535 kumpf 1.7 struct ConfigProperty* configProperty = _lookupConfigProperty(name);
536 configProperty->plannedValue = value;
|
537 mike 1.2 }
538
|
539 kumpf 1.59 /**
540 Update current value of the specified property to the specified value.
|
541 mike 1.2 */
542 void SecurityPropertyOwner::updateCurrentValue(
|
543 kumpf 1.59 const String& name,
|
544 venkat.puvvada 1.71 const String& value,
|
545 venkat.puvvada 1.72 const String& userName,
546 Uint32 timeoutSeconds)
|
547 mike 1.2 {
548 //
549 // make sure the property is dynamic before updating the value.
550 //
551 if (!isDynamic(name))
552 {
|
553 kumpf 1.59 throw NonDynamicConfigProperty(name);
|
554 mike 1.2 }
555
|
556 kumpf 1.7 struct ConfigProperty* configProperty = _lookupConfigProperty(name);
557 configProperty->currentValue = value;
|
558 mike 1.2 }
559
560
|
561 kumpf 1.59 /**
562 Update planned value of the specified property to the specified value.
|
563 mike 1.2 */
564 void SecurityPropertyOwner::updatePlannedValue(
|
565 kumpf 1.59 const String& name,
|
566 mike 1.2 const String& value)
567 {
|
568 kumpf 1.7 struct ConfigProperty* configProperty = _lookupConfigProperty(name);
569 configProperty->plannedValue = value;
|
570 mike 1.2 }
571
|
572 kumpf 1.59 /**
573 Checks to see if the given value is valid or not.
|
574 mike 1.2 */
|
575 kumpf 1.59 Boolean SecurityPropertyOwner::isValid(
576 const String& name,
577 const String& value) const
|
578 mike 1.2 {
579 Boolean retVal = false;
|
580 kumpf 1.3
|
581 mike 1.2 //
582 // Validate the specified value
583 //
|
584 kavita.gupta 1.70 if (String::equal(_enableAuthentication->propertyName, name) ||
585 String::equal(
586 _enableNamespaceAuthorization->propertyName, name) ||
587 String::equal(
588 _enableRemotePrivilegedUserAccess->propertyName, name) ||
589 String::equal(
590 _enableSubscriptionsForNonprivilegedUsers->propertyName, name)
591 #ifdef PEGASUS_OS_ZOS
592 || String::equal(_enableCFZAPPLID->propertyName, name)
593 #endif
594 )
|
595 mike 1.2 {
|
596 kavita.gupta 1.70 retVal = ConfigManager::isValidBooleanValue(value);
|
597 mike 1.2 }
|
598 kavita.gupta 1.70 else if (String::equal(_httpAuthType->propertyName, name))
|
599 mike 1.2 {
|
600 kumpf 1.59 if (String::equal(value, "Basic") || String::equal(value, "Digest")
|
601 gerarda 1.20 #ifdef PEGASUS_KERBEROS_AUTHENTICATION
|
602 kumpf 1.59 || String::equal(value, "Kerberos")
|
603 gerarda 1.20 #endif
604 )
|
605 mike 1.2 {
606 retVal = true;
607 }
608 }
|
609 kavita.gupta 1.70 else if (String::equal(_passwordFilePath->propertyName, name))
|
610 kumpf 1.3 {
|
611 kumpf 1.59 String fileName(value);
|
612 kumpf 1.3
|
613 kumpf 1.8 //
614 // Check if the file path is empty
615 //
|
616 kumpf 1.36 if (fileName == String::EMPTY)
|
617 kumpf 1.8 {
618 return false;
619 }
620
|
621 kumpf 1.59 fileName = ConfigManager::getHomedPath(fileName);
|
622 h.sterling 1.41
|
623 kumpf 1.59 //
|
624 kumpf 1.3 // Check if the file path is a directory
|
625 kumpf 1.59 //
|
626 kumpf 1.3 FileSystem::translateSlashes(fileName);
627 if (FileSystem::isDirectory(fileName))
628 {
629 return false;
630 }
631
|
632 kumpf 1.59 //
|
633 kumpf 1.3 // Check if the file exists and is writable
|
634 kumpf 1.59 //
|
635 kumpf 1.3 if (FileSystem::exists(fileName))
636 {
637 if (!FileSystem::canWrite(fileName))
638 {
639 return false;
640 }
641 else
642 {
643 return true;
644 }
645 }
646 else
647 {
|
648 kumpf 1.59 //
|
649 kumpf 1.3 // Check if directory is writable
|
650 kumpf 1.59 //
|
651 kumpf 1.12 Uint32 pos = fileName.reverseFind('/');
|
652 kumpf 1.3
653 if (pos != PEG_NOT_FOUND)
654 {
655 String dirName = fileName.subString(0,pos);
656 if (!FileSystem::isDirectory(dirName))
657 {
658 return false;
659 }
660 if (!FileSystem::canWrite(dirName) )
661 {
662 return false;
663 }
664 else
665 {
666 return true;
667 }
668 }
669 else
670 {
671 String currentDir;
672
|
673 kumpf 1.59 //
674 // Check if there is permission to write in the
|
675 kumpf 1.3 // current working directory
|
676 kumpf 1.59 //
|
677 kumpf 1.3 FileSystem::getCurrentDirectory(currentDir);
678
679 if (!FileSystem::canWrite(currentDir))
680 {
681 return false;
682 }
683 else
684 {
685 return true;
686 }
687 }
688 }
|
689 kumpf 1.10 }
|
690 kavita.gupta 1.70 else if (String::equal(_certificateFilePath->propertyName, name) ||
691 String::equal(_keyFilePath->propertyName, name))
|
692 kumpf 1.32 {
693 //
694 // Check if the file path is empty
695 //
|
696 h.sterling 1.42 if (value == String::EMPTY)
|
697 kumpf 1.32 {
698 return false;
699 }
700
|
701 kumpf 1.59 String fileName = ConfigManager::getHomedPath(value);
|
702 h.sterling 1.41
|
703 kumpf 1.32 //
704 // Check if the file path is a directory
705 //
706 FileSystem::translateSlashes(fileName);
707 if (FileSystem::isDirectory(fileName))
708 {
709 return false;
710 }
711
712 //
713 // Check if the file exists and is readable and is not empty.
714 //
715 if (FileSystem::exists(fileName) && FileSystem::canRead(fileName))
716 {
717 Uint32 size;
718 if (FileSystem::getFileSize(fileName, size))
719 {
720 if (size > 0)
721 {
722 return true;
723 }
724 kumpf 1.32 }
725 }
726
727 return false;
728 }
|
729 kavita.gupta 1.70 else if (String::equal(_trustStore->propertyName, name)
|
730 sushma.fernandes 1.55 #ifdef PEGASUS_ENABLE_SSL_CRL_VERIFICATION
|
731 kavita.gupta 1.70 || String::equal(_crlStore->propertyName, name)
|
732 sushma.fernandes 1.55 #endif
733 )
|
734 h.sterling 1.31 {
|
735 kumpf 1.10 //
|
736 sushma.fernandes 1.58 // Allow the file path to be empty
|
737 kumpf 1.10 //
|
738 h.sterling 1.42 if (value == String::EMPTY)
|
739 kumpf 1.10 {
|
740 kumpf 1.35 return true;
|
741 kumpf 1.10 }
742
|
743 kumpf 1.59 String fileName = ConfigManager::getHomedPath(value);
|
744 h.sterling 1.41
|
745 kumpf 1.32 //
|
746 kumpf 1.10 // Check if the file path is a directory
|
747 kumpf 1.32 //
|
748 kumpf 1.10 FileSystem::translateSlashes(fileName);
749 if (FileSystem::isDirectory(fileName))
750 {
|
751 h.sterling 1.31 //
752 // Truststore can be a directory, congruent with OpenSSL standards
|
753 kumpf 1.32 // Check if the directoy has read and write permissions
|
754 h.sterling 1.31 //
|
755 kumpf 1.59 if (FileSystem::canRead(fileName) && FileSystem::canWrite(fileName))
|
756 h.sterling 1.31 {
|
757 kumpf 1.59 return true;
758 }
|
759 kumpf 1.10 }
|
760 kumpf 1.32 //
|
761 kumpf 1.35 // Check if the file exists and is readable
|
762 kumpf 1.32 //
763 else if (FileSystem::exists(fileName) && FileSystem::canRead(fileName))
|
764 kumpf 1.10 {
|
765 kumpf 1.35 return true;
|
766 h.sterling 1.31 }
|
767 kumpf 1.10
|
768 kumpf 1.32 return false;
|
769 kumpf 1.3 }
|
770 kavita.gupta 1.70 else if (String::equal(
|
771 kumpf 1.59 _sslClientVerificationMode->propertyName, name))
|
772 h.sterling 1.31 {
|
773 kumpf 1.59 if (String::equal(value, "disabled") ||
774 String::equal(value, "required") ||
775 String::equal(value, "optional"))
|
776 h.sterling 1.31 {
777 retVal = true;
778 }
779 }
|
780 kavita.gupta 1.70 else if (String::equal(_sslTrustStoreUserName->propertyName, name))
|
781 h.sterling 1.31 {
|
782 h.sterling 1.38 if (System::isSystemUser((const char*)value.getCString()))
|
783 h.sterling 1.31 {
|
784 h.sterling 1.38 return true;
|
785 h.sterling 1.31 }
786 }
|
787 kumpf 1.33 #ifdef PEGASUS_ENABLE_USERGROUP_AUTHORIZATION
|
788 kavita.gupta 1.70 else if (String::equal(_authorizedUserGroups->propertyName, name))
|
789 kumpf 1.33 {
790 retVal = true;
791 }
792 #endif
|
793 gerarda 1.20 #ifdef PEGASUS_KERBEROS_AUTHENTICATION
|
794 kavita.gupta 1.70 else if (String::equal(_kerberosServiceName->propertyName, name))
|
795 gerarda 1.20 {
796 String serviceName(value);
797
798 //
799 // Check if the service name is empty
800 //
801 if (serviceName == String::EMPTY || serviceName== "")
802 {
803 retVal = false;
804 }
|
805 kumpf 1.59 else
|
806 gerarda 1.20 {
807 retVal = true;
808 }
809 }
810 #endif
|
811 mike 1.2 else
812 {
813 throw UnrecognizedConfigProperty(name);
814 }
815 return retVal;
816 }
817
|
818 kumpf 1.59 /**
819 Checks to see if the specified property is dynamic or not.
|
820 mike 1.2 */
|
821 vijay.eli 1.52 Boolean SecurityPropertyOwner::isDynamic(const String& name) const
|
822 mike 1.2 {
|
823 kumpf 1.59 struct ConfigProperty* configProperty =_lookupConfigProperty(name);
|
824 vijay.eli 1.52
|
825 kumpf 1.59 return (configProperty->dynamic == IS_DYNAMIC);
|
826 mike 1.2 }
827
828
829 PEGASUS_NAMESPACE_END
|