pegasus/src/Pegasus/Security/Authentication/AuthenticationManager.cpp - diff

Return to AuthenticationManager.cpp CVS log

Up to [Pegasus] / pegasus / src / Pegasus / Security / Authentication

Diff for /pegasus/src/Pegasus/Security/Authentication/AuthenticationManager.cpp between version 1.1.2.1 and 1.1.2.2

version 1.1.2.1, 2001/10/06 00:33:10

version 1.1.2.2, 2001/11/20 22:21:45

Line 29

//%/////////////////////////////////////////////////////////////////////////////

#include <Pegasus/Common/System.h>

#include <Pegasus/Common/XmlWriter.h>

#include <Pegasus/Common/Destroyer.h>

#include <Pegasus/Config/ConfigManager.h>

#include <Pegasus/Security/Authentication/LocalAuthenticationHandler.h>

#include <Pegasus/Security/Authentication/BasicAuthenticationHandler.h>

#include "AuthenticationManager.h"

Line 41

PEGASUS_NAMESPACE_BEGIN

AuthenticationManager::AuthenticationManager(

MessageQueue* outputQueue,

// Constructor

Uint32 returnQueueId)

AuthenticationManager::AuthenticationManager()

_outputQueue(outputQueue),

_returnQueueId(returnQueueId)

{

// ATTN: Specify the right realm ?

_realm.assign("hostname:5589"); //"hostname" + ":" + "portNo";

_authChallenge = String::EMPTY;

// ATTN: We will do Basic for now..

_authHandler = _getAuthHandler("Basic");

}

AuthenticationManager::~AuthenticationManager()

{

// get authentication handler

_localAuthHandler = _getLocalAuthHandler();

}

_httpAuthHandler = _getHttpAuthHandler();

void AuthenticationManager::sendResponse(

Uint32 queueId,

Array<Sint8>& message)

{

MessageQueue* queue = MessageQueue::lookup(queueId);

if (queue)

_realm.assign(System::getHostName());

{

HTTPMessage* httpMessage = new HTTPMessage(message);

// ATTN: Add this once integrated in to the build

//httpMessage->authChallenge = _authChallenge;

queue->enqueue(httpMessage);

}

void AuthenticationManager::sendChallenge(

Uint32 queueId,

// get the configured authentication type

const String& authResponse)

{

ConfigManager* configManager = ConfigManager::getInstance();

// build unauthorized (401) response message

Array<Sint8> message;

String port = configManager->getCurrentValue("port");

//message =

// XmlWriter::formatUnauthorizedResponseHeader(authResponse);

sendResponse(queueId, message);

_realm.append(":");

}

_realm.append(port);

void AuthenticationManager::sendError(

//_realm.append("hostname:5589"); //"hostname" + ":" + "portNo";

Uint32 queueId,

const String& messageId,

const String& cimMethodName,

CIMStatusCode code,

const String& description)

{

//ATTN: TBD

}

void AuthenticationManager::handleEnqueue()

// Destructor

AuthenticationManager::~AuthenticationManager()

{

Message* message = dequeue();

// delete authentication handler

if (!message)

if (_localAuthHandler)

{

return;

delete _localAuthHandler;

}

if (_httpAuthHandler)

switch (message->getType())

{

case HTTP_MESSAGE:

delete _httpAuthHandler;

handleHTTPMessage((HTTPMessage*)message);

break;

}

delete message;

}

const char* AuthenticationManager::getQueueName() const

{

return "AuthenticationManager";

}

//------------------------------------------------------------------------------

// Perform http authentication

void AuthenticationManager::handleHTTPMessage(HTTPMessage* httpMessage)

Boolean AuthenticationManager::performHttpAuthentication

(

String authHeader,

AuthenticationInfo* authInfo

)

{

Boolean authenticated = false;

// Save queueId:

String type = String::EMPTY;

Uint32 queueId = httpMessage->queueId;

String userName = String::EMPTY;

String cookie = String::EMPTY;

// ATTN: Add this once integrated in to the build

//_authenticationInfo = httpMessage->authInfo;

_authenticationInfo = String::EMPTY;

// Parse the HTTP message:

String startLine;

Array<HTTPHeader> headers;

Sint8* content;

Uint32 contentLength;

httpMessage->parse(startLine, headers, content, contentLength);

// Parse the request line:

String methodName;

String requestUri;

String httpVersion;

HTTPMessage::parseRequestLine(

startLine, methodName, requestUri, httpVersion);

// Process M-POST and POST messages:

if (methodName == "M-POST" || methodName == "POST")

{

// Search for "Authorization" or "PegasusAuthorization" header:

String authorization;

if (HTTPMessage::lookupHeader(

headers, "Authorization", authorization, false))

{

// Do Http authentication

authenticated = _performHttpAuthentication(queueId, authorization);

}

else if (HTTPMessage::lookupHeader(

headers, "PegasusAuthorization", authorization, false))

{

// Do Local authentication

authenticated = _performLocalAuthentication(queueId, authorization);

}

// get the configured authentication flag

// Check whether the auth header has the authentication

// information or not and call authentication handlers

// authenticate method.

ConfigManager* configManager;

_parseAuthHeader(authHeader, type, userName, cookie);

configManager = ConfigManager::getInstance();

String requireAuthentication =

configManager->getCurrentValue("requireAuthentication");

if (!authenticated && String::equal(requireAuthentication, "true"))

// Check if the user is already authenticated

if (authInfo->isAuthenticated() &&

String::equal(userName, authInfo->getAuthenticatedUser()))

{

// ATTN: Send authentication challenge

return true;

String authResp =

_authHandler->getAuthResponseHeader(_realm, _authChallenge);

sendChallenge(queueId, authResp);

}

Boolean AuthenticationManager::_performHttpAuthentication(

Uint32 queueId,

String authHeader)

{

// get the configured authentication type

ConfigManager* configManager;

ConfigManager* configManager = ConfigManager::getInstance();

configManager = ConfigManager::getInstance();

String authType = configManager->getCurrentValue("HttpAuthType");

String authType = configManager->getCurrentValue("httpAuthType");

// Check whether the auth header has the authentication

Line 219

Line 135

if (!String::equalNoCase(authType, "Basic"))

{

// ATTN: Log basic authentication not supported

// ATTN: Log basic authentication not supported message

return( false );

return ( authenticated );

}

Uint32 pos = authHeader.find(authType);

Uint32 pos = authHeader.find("Basic");

String cookie = authHeader.subString(pos + 6);

if (authHeader.size() > (pos + 5))

{

cookie = authHeader.subString(pos + 6);

}

return (_authHandler->authenticate(cookie, _authenticationInfo));

authenticated = _httpAuthHandler->authenticate(cookie, authInfo);

}

// else ATTN: add support for digest authentication

// else ATTN: add code for digest authentication

// else ATTN: Log authentication type not supported message

return ( false );

if (authenticated)

{

authInfo->setAuthStatus(AuthenticationInfo::AUTHENTICATED);

}

return ( authenticated );

}

Boolean AuthenticationManager::_performLocalAuthentication(

Uint32 queueId,

// Perform pegasus sepcific local authentication

String authHeader)

Boolean AuthenticationManager::performPegasusAuthentication

(

String authHeader,

AuthenticationInfo* authInfo

)

{

Boolean authenticated = false;

Authenticator* localAuthenticator;

String authType = String::EMPTY;

String userName = String::EMPTY;

String cookie = String::EMPTY;

// Check whether the auth header has the authentication

// information or not.

// information or not and call authentication handlers

// authenticate method.

if (String::equalNoCase(authHeader, "Local"))

_parseAuthHeader(authHeader, authType, userName, cookie);

{

Uint32 pos = authHeader.find("Local");

String cookie = authHeader.subString(pos + 6);

localAuthenticator = (Authenticator* ) new LocalAuthenticationHandler();

// Check if the user is already authenticated

if (authInfo->isAuthenticated() &&

String::equal(userName, authInfo->getAuthenticatedUser()))

{

return true;

}

// Check if the authentication information is present

if (String::equal(cookie, String::EMPTY))

{

return false;

}

authenticated =

localAuthenticator->authenticate(cookie, _authenticationInfo);

_localAuthHandler->authenticate(cookie, authInfo);

if (!authenticated)

if (authenticated)

{

// ATTN: Make sure we does not send unlimited

authInfo->setAuthStatus(AuthenticationInfo::AUTHENTICATED);

// authentication challenges on the same connection and for the

}

// same user.

return ( authenticated );

}

// Get pegasus/local authentication response header

String challenge = String::EMPTY;

String AuthenticationManager::getPegasusAuthResponseHeader

(

String authHeader,

AuthenticationInfo* authInfo

)

{

String authType = String::EMPTY;

String userName = String::EMPTY;

String cookie = String::EMPTY;

String authResp =

localAuthenticator->getAuthResponseHeader(cookie, challenge);

// Check whether the auth header has the authentication

_authChallenge = challenge;

// information or not and call authentication handlers

// authenticate method.

_parseAuthHeader(authHeader, authType, userName, cookie);

sendChallenge(queueId, authResp);

}

// Check if the authentication information is present

}

else if (String::equalNoCase(authHeader, "LocalPrivileged"))

if (String::equal(userName, String::EMPTY))

{

String privillegedUser = "root";

// User name can not be empty

// ATTN: throw an exception

return (String::EMPTY);

}

Uint32 pos = authHeader.find("LocalPrivileged");

return(_localAuthHandler->getAuthResponseHeader(userName, authInfo));

}

String cookie = authHeader.subString(pos + 16);

// Get HTTP authentication response header

String AuthenticationManager::getHttpAuthResponseHeader()

{

return (_httpAuthHandler->getAuthResponseHeader(_realm));

}

localAuthenticator = (Authenticator* ) new LocalAuthenticationHandler();

// parse the authentication header

void AuthenticationManager::_parseAuthHeader(

String authHeader, String& authType, String& userName, String& cookie)

{

Uint32 pos;

authenticated =

if ( (pos = authHeader.find("LocalPrivileged")) == PEG_NOT_FOUND )

localAuthenticator->authenticate(cookie, _authenticationInfo);

{

if ( (pos = authHeader.find("Local")) == PEG_NOT_FOUND )

{

//Invalid authorization header

//ATTN: throw exception

return;

}

if (!authenticated)

Uint32 startQuote = authHeader.find(pos, '"');

if (startQuote == PEG_NOT_FOUND)

{

// ATTN: Make sure we does not send unlimited

// authentication challenges on the same connection and for the

// same user.

String challenge = String::EMPTY;

//Invalid authorization header

//ATTN: throw exception

return;

}

Uint32 endQuote = authHeader.find(startQuote + 1, '"');

if (endQuote == PEG_NOT_FOUND)

{

// root user is the only privileged user

//Invalid authorization header

// ATTN: Can the privileged user taken from configuration?

cookie.assign("root");

//ATTN: throw exception

return;

}

String authResp =

authType = authHeader.subString(pos, (startQuote - pos) - 1);

localAuthenticator->getAuthResponseHeader(cookie, challenge);

_authChallenge = challenge;

sendChallenge(queueId, authResp);

String temp = authHeader.subString(

startQuote + 1, (endQuote - startQuote - 1));

Uint32 colonPos;

if ((colonPos = temp.find(0, ':')) == PEG_NOT_FOUND)

{

userName = temp;

return;

}

else

{

userName = temp.subString(0, colonPos);

cookie = temp;

}

return ( authenticated );

}

/**

Get an instance of an authentication handler module.

// Get local authentication handler

Authenticator* AuthenticationManager::_getAuthHandler(String type)

Authenticator* AuthenticationManager::_getLocalAuthHandler()

{

Authenticator* handler;

// create and return a local authentication handler.

return (new LocalAuthenticationHandler());

}

if ( String::equalNoCase(type, "Local") ||

String::equalNoCase(type, "LocalPrivileged") )

// Get Http authentication handler

Authenticator* AuthenticationManager::_getHttpAuthHandler()

{

handler = (Authenticator*) new LocalAuthenticationHandler( );

Authenticator* handler = 0;

return ( handler );

}

// get the configured/default authentication type

ConfigManager* configManager;

ConfigManager* configManager = ConfigManager::getInstance();

configManager = ConfigManager::getInstance();

String authType = configManager->getCurrentValue("HttpAuthType");

String authType = configManager->getCurrentValue("httpAuthType");

// If Basic authentication is configured then

// create a basic auth handler.

// create a basic authentication handler.

if (String::equal(authType, "Basic"))

{

Legend:

Removed from v.1.1.2.1
changed lines
	Added in v.1.1.2.2

No CVS admin address has been configured