pegasus/src/Pegasus/Security/Authentication/AuthenticationManager.cpp - diff

Return to AuthenticationManager.cpp CVS log

Up to [Pegasus] / pegasus / src / Pegasus / Security / Authentication

Diff for /pegasus/src/Pegasus/Security/Authentication/AuthenticationManager.cpp between version 1.11.6.2 and 1.25.4.1

version 1.11.6.2, 2003/08/14 11:55:43

version 1.25.4.1, 2007/03/23 17:36:55

Line 1

//%/////////////////////////////////////////////////////////////////////////////

//%2006////////////////////////////////////////////////////////////////////////

// The Open Group, Tivoli Systems

// Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems.

// IBM Corp.; EMC Corporation, The Open Group.

// IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group.

// EMC Corporation; VERITAS Software Corporation; The Open Group.

// EMC Corporation; Symantec Corporation; The Open Group.

// Permission is hereby granted, free of charge, to any person obtaining a copy

// of this software and associated documentation files (the "Software"), to

Line 21

Line 29

//==============================================================================

// Author: Nag Boranna, Hewlett-Packard Company(nagaraja_boranna@hp.com)

// Modified By: Dave Rosckes (rosckes@us.ibm.com)

//%/////////////////////////////////////////////////////////////////////////////

#include <Pegasus/Common/System.h>

#include <Pegasus/Common/XmlWriter.h>

#include <Pegasus/Common/Destroyer.h>

#include <Pegasus/Common/Tracer.h>

#include <Pegasus/Common/PegasusVersion.h>

Line 39

Line 42

#include "BasicAuthenticationHandler.h"

#include "AuthenticationManager.h"

#include <Pegasus/Common/AutoPtr.h>

#ifdef PEGASUS_KERBEROS_AUTHENTICATION

#include <Pegasus/Security/Authentication/KerberosAuthenticationHandler.h>

#include "KerberosAuthenticationHandler.h"

#endif

PEGASUS_USING_STD;

PEGASUS_NAMESPACE_BEGIN

Line 76

Line 82

// delete authentication handlers

if ( _localAuthHandler )

{

delete _localAuthHandler;

}

if ( _httpAuthHandler )

{

delete _httpAuthHandler;

}

PEG_METHOD_EXIT();

}

Boolean AuthenticationManager::isRemotePrivilegedUserAccessAllowed(

String & userName)

{

// Reject access if the user is privileged and remote privileged user

// access is not enabled.

if (!ConfigManager::parseBooleanValue(ConfigManager::getInstance()->

getCurrentValue("enableRemotePrivilegedUserAccess"))

&& System::isPrivilegedUser(userName))

{

Tracer::trace(TRC_AUTHENTICATION, Tracer::LEVEL2,

"Authentication failed for user '%s' because "

"enableRemotePrivilegedUserAccess is not set to 'true'.",

(const char*) userName.getCString());

Logger::put_l(

Logger::STANDARD_LOG, System::CIMSERVER, Logger::INFORMATION,

"Security.Authentication.BasicAuthenticationHandler."

"PRIVILEGED_ACCESS_DISABLED",

"Authentication failed for user '$0' because "

"enableRemotePrivilegedUserAccess is not set to 'true'.",

userName);

return false;

}

return true;

}

// Perform http authentication

Line 138

Line 165

if ( authenticated )

{

authInfo->setAuthStatus(AuthenticationInfoRep::AUTHENTICATED);

authInfo->setAuthType(authType);

}

Line 167

Line 192

String cookie = String::EMPTY;

Logger::put(Logger::STANDARD_LOG, System::CIMSERVER, Logger::TRACE,

"AuthenticationManager:: performPegasusAuthentication - Authority Header: $0",

"AuthenticationManager:: performPegasusAuthentication "

authHeader);

"- Authority Header: $0", authHeader);

// Parse the pegasus authentication header authentication information

Line 195

Line 220

}

#endif

if ( String::equalNoCase(authType, "Local") )

// The HTTPAuthenticatorDelegator ensures only local authentication

{

// requests get here.

if (authInfo->isAuthenticated() &&

PEGASUS_ASSERT(authType == "Local");

String::equal(userName, authInfo->getAuthenticatedUser()))

{

PEG_METHOD_EXIT();

return true;

}

else

{

PEG_METHOD_EXIT();

return false;

}

// Check if the authentication information is present

if ( String::equal(cookie, String::EMPTY) )

{

PEG_METHOD_EXIT();

return false;

}

authenticated =

_localAuthHandler->authenticate(cookie, authInfo);

if ( authenticated )

{

authInfo->setAuthStatus(AuthenticationInfoRep::AUTHENTICATED);

#if defined(PEGASUS_LOCAL_PRIVILEGED_AUTHENTICATION)

if ( String::equal(authType, "LocalPrivileged") )

{

Line 246

Line 249

}

// Validate user.

Boolean AuthenticationManager::validateUserForHttpAuth (const String& userName)

{

return _httpAuthHandler->validateUser(userName);

}

// Get pegasus/local authentication response header

String AuthenticationManager::getPegasusAuthResponseHeader

Line 429

Line 440

{

PEG_METHOD_ENTER(

TRC_AUTHENTICATION, "AuthenticationManager::_getHttpAuthHandler()");

AutoPtr<Authenticator> handler;

Authenticator* handler = 0;

// get the configured authentication type

ConfigManager* configManager = ConfigManager::getInstance();

AutoPtr<ConfigManager> configManager(ConfigManager::getInstance());

_httpAuthType = configManager->getCurrentValue("httpAuthType");

configManager.release();

// create a authentication handler.

if ( String::equalNoCase(_httpAuthType, "Basic") )

{

handler = (Authenticator* ) new BasicAuthenticationHandler( );

handler.reset((Authenticator* ) new BasicAuthenticationHandler( ));

}

#ifdef PEGASUS_KERBEROS_AUTHENTICATION

else if ( String::equalNoCase(_httpAuthType, "Kerberos") )

{

handler = (Authenticator* ) new KerberosAuthenticationHandler( );

handler.reset((Authenticator* ) new KerberosAuthenticationHandler( ));

KerberosAuthenticationHandler* kerberosHandler = (KerberosAuthenticationHandler *)handler;

AutoPtr<KerberosAuthenticationHandler> kerberosHandler((KerberosAuthenticationHandler *)handler.get());

int itFailed = kerberosHandler->initialize();

kerberosHandler.release();

if (itFailed)

{

if (handler)

if (handler.get())

{

delete handler; // cleanup

handler.reset(0);

handler = 0;

}

// TODO::KERBEROS localization

// L10N TODO DONE

// L10N TODO

//Logger::put(Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE,

Logger::put(Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE,

//"CIMOM server authentication handler for Kerberos failed to initialize properly. The CIMOM server is not started.");

Logger::put_l(Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE,

"Security.Authentication.AuthenticationManager.AUTHENTICATION_HANDLER_KERBEROS_FAILED_TO_INITIALIZE",

"CIMOM server authentication handler for Kerberos failed to initialize properly. The CIMOM server is not started.");

PEGASUS_ASSERT(0); // end the server because Kerberos could not

// end the server because Kerberos could not initialized.

// initialized. will this really end the server?

MessageLoaderParms parms( "Security.Authentication.AuthenticationManager.AUTHENTICATION_HANDLER_KERBEROS_FAILED_TO_INITIALIZE",

"CIMOM server authentication handler for Kerberos failed to initialize properly. The CIMOM server is not started.");

throw Exception(parms);

}

#endif

Line 485

Line 499

}

PEG_METHOD_EXIT();

return ( handler.release() );

return ( handler );

}

Legend:

Removed from v.1.11.6.2
changed lines
	Added in v.1.25.4.1

No CVS admin address has been configured