version 1.1.2.1, 2001/10/06 00:33:10
|
version 1.1.2.2, 2001/11/20 22:21:45
|
|
|
// | // |
//%///////////////////////////////////////////////////////////////////////////// | //%///////////////////////////////////////////////////////////////////////////// |
| |
|
#include <Pegasus/Common/System.h> |
#include <Pegasus/Common/XmlWriter.h> | #include <Pegasus/Common/XmlWriter.h> |
#include <Pegasus/Common/Destroyer.h> | #include <Pegasus/Common/Destroyer.h> |
#include <Pegasus/Config/ConfigManager.h> | #include <Pegasus/Config/ConfigManager.h> |
|
|
#include <Pegasus/Security/Authentication/LocalAuthenticationHandler.h> | #include <Pegasus/Security/Authentication/LocalAuthenticationHandler.h> |
#include <Pegasus/Security/Authentication/BasicAuthenticationHandler.h> | #include <Pegasus/Security/Authentication/BasicAuthenticationHandler.h> |
#include "AuthenticationManager.h" | #include "AuthenticationManager.h" |
|
|
| |
PEGASUS_NAMESPACE_BEGIN | PEGASUS_NAMESPACE_BEGIN |
| |
AuthenticationManager::AuthenticationManager( |
// |
MessageQueue* outputQueue, |
// Constructor |
Uint32 returnQueueId) |
// |
: |
AuthenticationManager::AuthenticationManager() |
_outputQueue(outputQueue), |
|
_returnQueueId(returnQueueId) |
|
{ |
|
// ATTN: Specify the right realm ? |
|
_realm.assign("hostname:5589"); //"hostname" + ":" + "portNo"; |
|
|
|
_authChallenge = String::EMPTY; |
|
|
|
// ATTN: We will do Basic for now.. |
|
_authHandler = _getAuthHandler("Basic"); |
|
} |
|
|
|
AuthenticationManager::~AuthenticationManager() |
|
{ | { |
|
// |
|
// get authentication handler |
|
// |
|
_localAuthHandler = _getLocalAuthHandler(); |
| |
} |
_httpAuthHandler = _getHttpAuthHandler(); |
|
|
void AuthenticationManager::sendResponse( |
|
Uint32 queueId, |
|
Array<Sint8>& message) |
|
{ |
|
MessageQueue* queue = MessageQueue::lookup(queueId); |
|
| |
if (queue) |
_realm.assign(System::getHostName()); |
{ |
|
HTTPMessage* httpMessage = new HTTPMessage(message); |
|
// ATTN: Add this once integrated in to the build |
|
//httpMessage->authChallenge = _authChallenge; |
|
queue->enqueue(httpMessage); |
|
} |
|
} |
|
| |
void AuthenticationManager::sendChallenge( |
// |
Uint32 queueId, |
// get the configured authentication type |
const String& authResponse) |
// |
{ |
ConfigManager* configManager = ConfigManager::getInstance(); |
// build unauthorized (401) response message |
|
| |
Array<Sint8> message; |
String port = configManager->getCurrentValue("port"); |
//message = |
|
// XmlWriter::formatUnauthorizedResponseHeader(authResponse); |
|
| |
sendResponse(queueId, message); |
_realm.append(":"); |
} |
_realm.append(port); |
| |
void AuthenticationManager::sendError( |
//_realm.append("hostname:5589"); //"hostname" + ":" + "portNo"; |
Uint32 queueId, |
|
const String& messageId, |
|
const String& cimMethodName, |
|
CIMStatusCode code, |
|
const String& description) |
|
{ |
|
//ATTN: TBD |
|
} | } |
| |
void AuthenticationManager::handleEnqueue() |
// |
|
// Destructor |
|
// |
|
AuthenticationManager::~AuthenticationManager() |
{ | { |
Message* message = dequeue(); |
// |
|
// delete authentication handler |
if (!message) |
// |
|
if (_localAuthHandler) |
{ | { |
return; |
delete _localAuthHandler; |
} | } |
|
if (_httpAuthHandler) |
switch (message->getType()) |
|
{ | { |
case HTTP_MESSAGE: |
delete _httpAuthHandler; |
handleHTTPMessage((HTTPMessage*)message); |
|
break; |
|
} |
|
|
|
delete message; |
|
} | } |
|
|
const char* AuthenticationManager::getQueueName() const |
|
{ |
|
return "AuthenticationManager"; |
|
} | } |
| |
// | // |
//------------------------------------------------------------------------------ |
// Perform http authentication |
|
// |
void AuthenticationManager::handleHTTPMessage(HTTPMessage* httpMessage) |
Boolean AuthenticationManager::performHttpAuthentication |
|
( |
|
String authHeader, |
|
AuthenticationInfo* authInfo |
|
) |
{ | { |
Boolean authenticated = false; | Boolean authenticated = false; |
| |
// Save queueId: |
String type = String::EMPTY; |
Uint32 queueId = httpMessage->queueId; |
String userName = String::EMPTY; |
|
String cookie = String::EMPTY; |
// ATTN: Add this once integrated in to the build |
|
//_authenticationInfo = httpMessage->authInfo; |
|
_authenticationInfo = String::EMPTY; |
|
|
|
// Parse the HTTP message: |
|
String startLine; |
|
Array<HTTPHeader> headers; |
|
Sint8* content; |
|
Uint32 contentLength; |
|
|
|
httpMessage->parse(startLine, headers, content, contentLength); |
|
|
|
// Parse the request line: |
|
String methodName; |
|
String requestUri; |
|
String httpVersion; |
|
|
|
HTTPMessage::parseRequestLine( |
|
startLine, methodName, requestUri, httpVersion); |
|
|
|
// Process M-POST and POST messages: |
|
|
|
if (methodName == "M-POST" || methodName == "POST") |
|
{ |
|
// Search for "Authorization" or "PegasusAuthorization" header: |
|
|
|
String authorization; |
|
|
|
if (HTTPMessage::lookupHeader( |
|
headers, "Authorization", authorization, false)) |
|
{ |
|
// Do Http authentication |
|
authenticated = _performHttpAuthentication(queueId, authorization); |
|
} |
|
else if (HTTPMessage::lookupHeader( |
|
headers, "PegasusAuthorization", authorization, false)) |
|
{ |
|
// Do Local authentication |
|
authenticated = _performLocalAuthentication(queueId, authorization); |
|
} |
|
| |
// | // |
// get the configured authentication flag |
// Check whether the auth header has the authentication |
|
// information or not and call authentication handlers |
|
// authenticate method. |
// | // |
ConfigManager* configManager; |
_parseAuthHeader(authHeader, type, userName, cookie); |
configManager = ConfigManager::getInstance(); |
|
|
|
String requireAuthentication = |
|
configManager->getCurrentValue("requireAuthentication"); |
|
|
|
| |
if (!authenticated && String::equal(requireAuthentication, "true")) |
// |
|
// Check if the user is already authenticated |
|
// |
|
if (authInfo->isAuthenticated() && |
|
String::equal(userName, authInfo->getAuthenticatedUser())) |
{ | { |
// ATTN: Send authentication challenge |
return true; |
String authResp = |
|
_authHandler->getAuthResponseHeader(_realm, _authChallenge); |
|
sendChallenge(queueId, authResp); |
|
} |
|
} |
|
} | } |
| |
|
|
Boolean AuthenticationManager::_performHttpAuthentication( |
|
Uint32 queueId, |
|
String authHeader) |
|
{ |
|
// | // |
// get the configured authentication type | // get the configured authentication type |
// | // |
ConfigManager* configManager; |
ConfigManager* configManager = ConfigManager::getInstance(); |
configManager = ConfigManager::getInstance(); |
|
| |
String authType = configManager->getCurrentValue("HttpAuthType"); |
String authType = configManager->getCurrentValue("httpAuthType"); |
| |
// | // |
// Check whether the auth header has the authentication | // Check whether the auth header has the authentication |
|
|
// | // |
if (!String::equalNoCase(authType, "Basic")) | if (!String::equalNoCase(authType, "Basic")) |
{ | { |
// ATTN: Log basic authentication not supported |
// ATTN: Log basic authentication not supported message |
return( false ); |
return ( authenticated ); |
} | } |
| |
Uint32 pos = authHeader.find(authType); |
Uint32 pos = authHeader.find("Basic"); |
| |
String cookie = authHeader.subString(pos + 6); |
if (authHeader.size() > (pos + 5)) |
|
{ |
|
cookie = authHeader.subString(pos + 6); |
|
} |
| |
return (_authHandler->authenticate(cookie, _authenticationInfo)); |
authenticated = _httpAuthHandler->authenticate(cookie, authInfo); |
} | } |
// else ATTN: add support for digest authentication |
// else ATTN: add code for digest authentication |
| |
// else ATTN: Log authentication type not supported message | // else ATTN: Log authentication type not supported message |
| |
return ( false ); |
if (authenticated) |
|
{ |
|
authInfo->setAuthStatus(AuthenticationInfo::AUTHENTICATED); |
|
} |
|
|
|
return ( authenticated ); |
} | } |
| |
Boolean AuthenticationManager::_performLocalAuthentication( |
// |
Uint32 queueId, |
// Perform pegasus sepcific local authentication |
String authHeader) |
// |
|
Boolean AuthenticationManager::performPegasusAuthentication |
|
( |
|
String authHeader, |
|
AuthenticationInfo* authInfo |
|
) |
{ | { |
Boolean authenticated = false; | Boolean authenticated = false; |
Authenticator* localAuthenticator; |
|
|
String authType = String::EMPTY; |
|
String userName = String::EMPTY; |
|
String cookie = String::EMPTY; |
| |
// | // |
// Check whether the auth header has the authentication | // Check whether the auth header has the authentication |
// information or not. |
// information or not and call authentication handlers |
|
// authenticate method. |
// | // |
if (String::equalNoCase(authHeader, "Local")) |
_parseAuthHeader(authHeader, authType, userName, cookie); |
{ |
|
Uint32 pos = authHeader.find("Local"); |
|
| |
String cookie = authHeader.subString(pos + 6); |
|
| |
localAuthenticator = (Authenticator* ) new LocalAuthenticationHandler(); |
// |
|
// Check if the user is already authenticated |
|
// |
|
if (authInfo->isAuthenticated() && |
|
String::equal(userName, authInfo->getAuthenticatedUser())) |
|
{ |
|
return true; |
|
} |
|
|
|
// |
|
// Check if the authentication information is present |
|
// |
|
if (String::equal(cookie, String::EMPTY)) |
|
{ |
|
return false; |
|
} |
| |
authenticated = | authenticated = |
localAuthenticator->authenticate(cookie, _authenticationInfo); |
_localAuthHandler->authenticate(cookie, authInfo); |
| |
if (!authenticated) |
if (authenticated) |
{ | { |
// ATTN: Make sure we does not send unlimited |
authInfo->setAuthStatus(AuthenticationInfo::AUTHENTICATED); |
// authentication challenges on the same connection and for the |
} |
// same user. |
|
|
return ( authenticated ); |
|
} |
|
|
|
// |
|
// Get pegasus/local authentication response header |
// | // |
String challenge = String::EMPTY; |
String AuthenticationManager::getPegasusAuthResponseHeader |
|
( |
|
String authHeader, |
|
AuthenticationInfo* authInfo |
|
) |
|
{ |
|
String authType = String::EMPTY; |
|
String userName = String::EMPTY; |
|
String cookie = String::EMPTY; |
| |
String authResp = |
// |
localAuthenticator->getAuthResponseHeader(cookie, challenge); |
// Check whether the auth header has the authentication |
_authChallenge = challenge; |
// information or not and call authentication handlers |
|
// authenticate method. |
|
// |
|
_parseAuthHeader(authHeader, authType, userName, cookie); |
| |
sendChallenge(queueId, authResp); |
// |
} |
// Check if the authentication information is present |
} |
// |
else if (String::equalNoCase(authHeader, "LocalPrivileged")) |
if (String::equal(userName, String::EMPTY)) |
{ | { |
String privillegedUser = "root"; |
// |
|
// User name can not be empty |
|
// |
|
// ATTN: throw an exception |
|
return (String::EMPTY); |
|
} |
| |
Uint32 pos = authHeader.find("LocalPrivileged"); |
return(_localAuthHandler->getAuthResponseHeader(userName, authInfo)); |
|
} |
| |
String cookie = authHeader.subString(pos + 16); |
// |
|
// Get HTTP authentication response header |
|
// |
|
String AuthenticationManager::getHttpAuthResponseHeader() |
|
{ |
|
return (_httpAuthHandler->getAuthResponseHeader(_realm)); |
|
} |
| |
localAuthenticator = (Authenticator* ) new LocalAuthenticationHandler(); |
// |
|
// parse the authentication header |
|
// |
|
void AuthenticationManager::_parseAuthHeader( |
|
String authHeader, String& authType, String& userName, String& cookie) |
|
{ |
|
Uint32 pos; |
| |
authenticated = |
if ( (pos = authHeader.find("LocalPrivileged")) == PEG_NOT_FOUND ) |
localAuthenticator->authenticate(cookie, _authenticationInfo); |
{ |
|
if ( (pos = authHeader.find("Local")) == PEG_NOT_FOUND ) |
|
{ |
|
// |
|
//Invalid authorization header |
|
// |
|
//ATTN: throw exception |
|
return; |
|
} |
|
} |
| |
if (!authenticated) |
Uint32 startQuote = authHeader.find(pos, '"'); |
|
if (startQuote == PEG_NOT_FOUND) |
{ | { |
// ATTN: Make sure we does not send unlimited |
|
// authentication challenges on the same connection and for the |
|
// same user. |
|
// | // |
String challenge = String::EMPTY; |
//Invalid authorization header |
|
// |
|
//ATTN: throw exception |
|
return; |
|
} |
| |
|
Uint32 endQuote = authHeader.find(startQuote + 1, '"'); |
|
if (endQuote == PEG_NOT_FOUND) |
|
{ |
// | // |
// root user is the only privileged user |
//Invalid authorization header |
// ATTN: Can the privileged user taken from configuration? |
|
// | // |
cookie.assign("root"); |
//ATTN: throw exception |
|
return; |
|
} |
| |
String authResp = |
authType = authHeader.subString(pos, (startQuote - pos) - 1); |
localAuthenticator->getAuthResponseHeader(cookie, challenge); |
|
_authChallenge = challenge; |
|
| |
sendChallenge(queueId, authResp); |
String temp = authHeader.subString( |
|
startQuote + 1, (endQuote - startQuote - 1)); |
|
|
|
Uint32 colonPos; |
|
|
|
if ((colonPos = temp.find(0, ':')) == PEG_NOT_FOUND) |
|
{ |
|
userName = temp; |
|
return; |
} | } |
|
else |
|
{ |
|
userName = temp.subString(0, colonPos); |
|
cookie = temp; |
} | } |
|
|
return ( authenticated ); |
|
} | } |
| |
/** |
// |
Get an instance of an authentication handler module. |
// Get local authentication handler |
*/ |
// |
Authenticator* AuthenticationManager::_getAuthHandler(String type) |
Authenticator* AuthenticationManager::_getLocalAuthHandler() |
{ | { |
Authenticator* handler; |
// |
|
// create and return a local authentication handler. |
|
// |
|
return (new LocalAuthenticationHandler()); |
|
} |
|
|
| |
if ( String::equalNoCase(type, "Local") || |
// |
String::equalNoCase(type, "LocalPrivileged") ) |
// Get Http authentication handler |
|
// |
|
Authenticator* AuthenticationManager::_getHttpAuthHandler() |
{ | { |
handler = (Authenticator*) new LocalAuthenticationHandler( ); |
Authenticator* handler = 0; |
return ( handler ); |
|
} |
|
| |
// | // |
// get the configured/default authentication type | // get the configured/default authentication type |
// | // |
ConfigManager* configManager; |
ConfigManager* configManager = ConfigManager::getInstance(); |
configManager = ConfigManager::getInstance(); |
|
| |
String authType = configManager->getCurrentValue("HttpAuthType"); |
String authType = configManager->getCurrentValue("httpAuthType"); |
| |
// | // |
// If Basic authentication is configured then | // If Basic authentication is configured then |
// create a basic auth handler. |
// create a basic authentication handler. |
// | // |
if (String::equal(authType, "Basic")) | if (String::equal(authType, "Basic")) |
{ | { |