|
version 1.25.4.1, 2007/03/23 17:36:55
|
version 1.41, 2013/04/25 13:00:27
|
|
|
|
| //%2006//////////////////////////////////////////////////////////////////////// |
//%LICENSE//////////////////////////////////////////////////////////////// |
| // | // |
| // Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development |
// Licensed to The Open Group (TOG) under one or more contributor license |
| // Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems. |
// agreements. Refer to the OpenPegasusNOTICE.txt file distributed with |
| // Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.; |
// this work for additional information regarding copyright ownership. |
| // IBM Corp.; EMC Corporation, The Open Group. |
// Each contributor licenses this file to you under the OpenPegasus Open |
| // Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.; |
// Source License; you may not use this file except in compliance with the |
| // IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group. |
// License. |
| // Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.; |
// |
| // EMC Corporation; VERITAS Software Corporation; The Open Group. |
// Permission is hereby granted, free of charge, to any person obtaining a |
| // Copyright (c) 2006 Hewlett-Packard Development Company, L.P.; IBM Corp.; |
// copy of this software and associated documentation files (the "Software"), |
| // EMC Corporation; Symantec Corporation; The Open Group. |
// to deal in the Software without restriction, including without limitation |
| // |
// the rights to use, copy, modify, merge, publish, distribute, sublicense, |
| // Permission is hereby granted, free of charge, to any person obtaining a copy |
// and/or sell copies of the Software, and to permit persons to whom the |
| // of this software and associated documentation files (the "Software"), to |
// Software is furnished to do so, subject to the following conditions: |
| // deal in the Software without restriction, including without limitation the |
// |
| // rights to use, copy, modify, merge, publish, distribute, sublicense, and/or |
// The above copyright notice and this permission notice shall be included |
| // sell copies of the Software, and to permit persons to whom the Software is |
// in all copies or substantial portions of the Software. |
| // furnished to do so, subject to the following conditions: |
// |
| // |
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS |
| // THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN |
// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF |
| // ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED |
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. |
| // "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT |
// IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY |
| // LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR |
// CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, |
| // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT |
// TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE |
| // HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN |
// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
| // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION |
|
| // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
|
| // | // |
| //============================================================================== |
////////////////////////////////////////////////////////////////////////// |
| // | // |
| //%///////////////////////////////////////////////////////////////////////////// | //%///////////////////////////////////////////////////////////////////////////// |
| | |
|
|
|
| #include <Pegasus/Common/XmlWriter.h> | #include <Pegasus/Common/XmlWriter.h> |
| #include <Pegasus/Common/Tracer.h> | #include <Pegasus/Common/Tracer.h> |
| #include <Pegasus/Common/PegasusVersion.h> | #include <Pegasus/Common/PegasusVersion.h> |
| |
#include <Pegasus/Common/HTTPMessage.h> |
| | |
| #include <Pegasus/Config/ConfigManager.h> | #include <Pegasus/Config/ConfigManager.h> |
| | |
|
|
|
| getCurrentValue("enableRemotePrivilegedUserAccess")) | getCurrentValue("enableRemotePrivilegedUserAccess")) |
| && System::isPrivilegedUser(userName)) | && System::isPrivilegedUser(userName)) |
| { | { |
| Tracer::trace(TRC_AUTHENTICATION, Tracer::LEVEL2, |
|
| "Authentication failed for user '%s' because " |
|
| "enableRemotePrivilegedUserAccess is not set to 'true'.", |
|
| (const char*) userName.getCString()); |
|
| Logger::put_l( | Logger::put_l( |
| Logger::STANDARD_LOG, System::CIMSERVER, Logger::INFORMATION, | Logger::STANDARD_LOG, System::CIMSERVER, Logger::INFORMATION, |
| |
MessageLoaderParms( |
| "Security.Authentication.BasicAuthenticationHandler." | "Security.Authentication.BasicAuthenticationHandler." |
| "PRIVILEGED_ACCESS_DISABLED", | "PRIVILEGED_ACCESS_DISABLED", |
| "Authentication failed for user '$0' because " | "Authentication failed for user '$0' because " |
| "enableRemotePrivilegedUserAccess is not set to 'true'.", | "enableRemotePrivilegedUserAccess is not set to 'true'.", |
| userName); |
userName)); |
| return false; | return false; |
| } | } |
| return true; | return true; |
|
|
|
| // | // |
| // Perform http authentication | // Perform http authentication |
| // | // |
| Boolean AuthenticationManager::performHttpAuthentication |
Boolean AuthenticationManager::performHttpAuthentication( |
| ( |
|
| const String& authHeader, | const String& authHeader, |
| AuthenticationInfo* authInfo |
AuthenticationInfo* authInfo) |
| ) |
|
| { | { |
| PEG_METHOD_ENTER( |
PEG_METHOD_ENTER(TRC_AUTHENTICATION, |
| TRC_AUTHENTICATION, "AuthenticationManager::performHttpAuthentication()"); |
"AuthenticationManager::performHttpAuthentication()"); |
| |
|
| String authType = String::EMPTY; |
|
| | |
| String cookie = String::EMPTY; |
String authType; |
| |
String cookie; |
| Logger::put(Logger::STANDARD_LOG, System::CIMSERVER, Logger::TRACE, |
|
| "AuthenticationManager:: performHttpAuthentication - Authority Header: $0", authHeader); |
|
| | |
| // | // |
| // Parse the HTTP authentication header for authentication information | // Parse the HTTP authentication header for authentication information |
| // | // |
| if ( !_parseHttpAuthHeader(authHeader, authType, cookie) ) |
if ( !HTTPMessage::parseHttpAuthHeader(authHeader, authType, cookie) ) |
| { | { |
| |
PEG_TRACE(( |
| |
TRC_DISCARDED_DATA, |
| |
Tracer::LEVEL1, |
| |
"HTTPAuthentication failed. " |
| |
"Malformed HTTP authentication header: %s", |
| |
(const char*)authHeader.getCString())); |
| PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| return false; | return false; |
| } | } |
|
|
|
| // Check the authenticationinformation and do the authentication | // Check the authenticationinformation and do the authentication |
| // | // |
| if ( String::equalNoCase(authType, "Basic") && | if ( String::equalNoCase(authType, "Basic") && |
| String::equalNoCase(_httpAuthType, "Basic") ) |
String::equal(_httpAuthType, "Basic") ) |
| { | { |
| authenticated = _httpAuthHandler->authenticate(cookie, authInfo); | authenticated = _httpAuthHandler->authenticate(cookie, authInfo); |
| } | } |
| #ifdef PEGASUS_KERBEROS_AUTHENTICATION | #ifdef PEGASUS_KERBEROS_AUTHENTICATION |
| else if ( String::equalNoCase(authType, "Negotiate") && | else if ( String::equalNoCase(authType, "Negotiate") && |
| String::equalNoCase(_httpAuthType, "Kerberos") ) |
String::equal(_httpAuthType, "Kerberos") ) |
| { | { |
| authenticated = _httpAuthHandler->authenticate(cookie, authInfo); | authenticated = _httpAuthHandler->authenticate(cookie, authInfo); |
| } | } |
|
|
|
| | |
| PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| | |
| return ( authenticated ); |
return authenticated; |
| } | } |
| | |
| // | // |
| // Perform pegasus sepcific local authentication | // Perform pegasus sepcific local authentication |
| // | // |
| Boolean AuthenticationManager::performPegasusAuthentication |
Boolean AuthenticationManager::performPegasusAuthentication( |
| ( |
|
| const String& authHeader, | const String& authHeader, |
| AuthenticationInfo* authInfo |
AuthenticationInfo* authInfo) |
| ) |
|
| { | { |
| PEG_METHOD_ENTER( |
PEG_METHOD_ENTER(TRC_AUTHENTICATION, |
| TRC_AUTHENTICATION, "AuthenticationManager::performPegasusAuthentication()"); |
"AuthenticationManager::performPegasusAuthentication()"); |
| | |
| Boolean authenticated = false; | Boolean authenticated = false; |
| | |
| String authType = String::EMPTY; |
String authType; |
| String userName = String::EMPTY; |
String userName; |
| String cookie = String::EMPTY; |
String cookie; |
| |
|
| Logger::put(Logger::STANDARD_LOG, System::CIMSERVER, Logger::TRACE, |
|
| "AuthenticationManager:: performPegasusAuthentication " |
|
| "- Authority Header: $0", authHeader); |
|
| | |
| // | // |
| // Parse the pegasus authentication header authentication information | // Parse the pegasus authentication header authentication information |
| // | // |
| if ( !_parseLocalAuthHeader(authHeader, authType, userName, cookie) ) |
if ( !HTTPMessage::parseLocalAuthHeader(authHeader, |
| |
authType, userName, cookie) ) |
| { | { |
| |
PEG_TRACE(( |
| |
TRC_DISCARDED_DATA, |
| |
Tracer::LEVEL1, |
| |
"PegasusAuthentication failed. " |
| |
"Malformed Pegasus authentication header: %s", |
| |
(const char*)authHeader.getCString())); |
| PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| return false; | return false; |
| } | } |
| | |
| // |
|
| // Note: Pegasus LocalPrivileged authentication is not being used, but the |
|
| // code is kept here so that we can use it in the future if needed. |
|
| // |
|
| #if defined(PEGASUS_LOCAL_PRIVILEGED_AUTHENTICATION) |
|
| if ( String::equalNoCase(authType, "LocalPrivileged") ) |
|
| { |
|
| if (authInfo->isAuthenticated() && authInfo->isPrivileged() && |
|
| String::equal(userName, authInfo->getAuthenticatedUser())) |
|
| { |
|
| PEG_METHOD_EXIT(); |
|
| return true; |
|
| } |
|
| } |
|
| #endif |
|
| |
|
| // The HTTPAuthenticatorDelegator ensures only local authentication | // The HTTPAuthenticatorDelegator ensures only local authentication |
| // requests get here. | // requests get here. |
| PEGASUS_ASSERT(authType == "Local"); | PEGASUS_ASSERT(authType == "Local"); |
|
|
|
| | |
| if ( authenticated ) | if ( authenticated ) |
| { | { |
| #if defined(PEGASUS_LOCAL_PRIVILEGED_AUTHENTICATION) |
|
| if ( String::equal(authType, "LocalPrivileged") ) |
|
| { |
|
| authInfo->setPrivileged(true); |
|
| } |
|
| else |
|
| { |
|
| authInfo->setPrivileged(false); |
|
| } |
|
| #endif |
|
| |
|
| authInfo->setAuthType(authType); | authInfo->setAuthType(authType); |
| } | } |
| | |
| PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| | |
| return ( authenticated ); |
return authenticated; |
| } | } |
| | |
| // | // |
|
|
|
| // | // |
| // Get pegasus/local authentication response header | // Get pegasus/local authentication response header |
| // | // |
| String AuthenticationManager::getPegasusAuthResponseHeader |
String AuthenticationManager::getPegasusAuthResponseHeader( |
| ( |
|
| const String& authHeader, | const String& authHeader, |
| AuthenticationInfo* authInfo |
AuthenticationInfo* authInfo) |
| ) |
|
| { | { |
| PEG_METHOD_ENTER( |
PEG_METHOD_ENTER(TRC_AUTHENTICATION, |
| TRC_AUTHENTICATION, "AuthenticationManager::getPegasusAuthResponseHeader()"); |
"AuthenticationManager::getPegasusAuthResponseHeader()"); |
| | |
| String respHeader = String::EMPTY; |
String respHeader; |
| | |
| String authType = String::EMPTY; |
String authType; |
| String userName = String::EMPTY; |
String userName; |
| String cookie = String::EMPTY; |
String cookie; |
| | |
| // | // |
| // Parse the pegasus authentication header authentication information | // Parse the pegasus authentication header authentication information |
| // | // |
| if ( !_parseLocalAuthHeader(authHeader, authType, userName, cookie) ) |
if ( !HTTPMessage::parseLocalAuthHeader(authHeader, |
| |
authType, userName, cookie) ) |
| { | { |
| PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| return (respHeader); |
return respHeader; |
| } | } |
| | |
| // | // |
|
|
|
| if ( String::equal(userName, String::EMPTY) ) | if ( String::equal(userName, String::EMPTY) ) |
| { | { |
| PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| return (respHeader); |
return respHeader; |
| } | } |
| | |
| respHeader = | respHeader = |
|
|
|
| | |
| PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| | |
| return (respHeader); |
return respHeader; |
| | |
| } | } |
| | |
|
|
|
| // Get HTTP authentication response header | // Get HTTP authentication response header |
| // | // |
| #ifdef PEGASUS_KERBEROS_AUTHENTICATION | #ifdef PEGASUS_KERBEROS_AUTHENTICATION |
| String AuthenticationManager::getHttpAuthResponseHeader( AuthenticationInfo* authInfo ) |
String AuthenticationManager::getHttpAuthResponseHeader( |
| |
AuthenticationInfo* authInfo) |
| #else | #else |
| String AuthenticationManager::getHttpAuthResponseHeader() | String AuthenticationManager::getHttpAuthResponseHeader() |
| #endif | #endif |
| { | { |
| PEG_METHOD_ENTER( |
PEG_METHOD_ENTER(TRC_AUTHENTICATION, |
| TRC_AUTHENTICATION, "AuthenticationManager::getHttpAuthResponseHeader()"); |
"AuthenticationManager::getHttpAuthResponseHeader()"); |
| | |
| #ifdef PEGASUS_KERBEROS_AUTHENTICATION | #ifdef PEGASUS_KERBEROS_AUTHENTICATION |
| String respHeader = _httpAuthHandler->getAuthResponseHeader( | String respHeader = _httpAuthHandler->getAuthResponseHeader( |
|
|
|
| | |
| PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| | |
| return (respHeader); |
return respHeader; |
| } |
|
| |
|
| // |
|
| // parse the local authentication header |
|
| // |
|
| Boolean AuthenticationManager::_parseLocalAuthHeader( |
|
| const String& authHeader, String& authType, String& userName, String& cookie) |
|
| { |
|
| PEG_METHOD_ENTER( |
|
| TRC_AUTHENTICATION, "AuthenticationManager::_parseLocalAuthHeader()"); |
|
| |
|
| // |
|
| // Extract the authentication type: |
|
| // |
|
| Uint32 space = authHeader.find(' '); |
|
| |
|
| if ( space == PEG_NOT_FOUND ) |
|
| { |
|
| PEG_METHOD_EXIT(); |
|
| return false; |
|
| } |
|
| |
|
| authType = authHeader.subString(0, space); |
|
| |
|
| Uint32 startQuote = authHeader.find(space, '"'); |
|
| |
|
| if ( startQuote == PEG_NOT_FOUND ) |
|
| { |
|
| PEG_METHOD_EXIT(); |
|
| return false; |
|
| } |
|
| |
|
| Uint32 endQuote = authHeader.find(startQuote + 1, '"'); |
|
| |
|
| if ( endQuote == PEG_NOT_FOUND ) |
|
| { |
|
| PEG_METHOD_EXIT(); |
|
| return false; |
|
| } |
|
| |
|
| String temp = authHeader.subString( |
|
| startQuote + 1, (endQuote - startQuote - 1)); |
|
| |
|
| // |
|
| // Extract the user name and cookie: |
|
| // |
|
| Uint32 colon = temp.find(0, ':'); |
|
| |
|
| if ( colon == PEG_NOT_FOUND ) |
|
| { |
|
| userName = temp; |
|
| } |
|
| else |
|
| { |
|
| userName = temp.subString(0, colon); |
|
| cookie = temp; |
|
| } |
|
| |
|
| PEG_METHOD_EXIT(); |
|
| |
|
| return true; |
|
| } |
|
| |
|
| // |
|
| // parse the HTTP authentication header |
|
| // |
|
| Boolean AuthenticationManager::_parseHttpAuthHeader( |
|
| const String& authHeader, String& authType, String& cookie) |
|
| { |
|
| PEG_METHOD_ENTER( |
|
| TRC_AUTHENTICATION, "AuthenticationManager::_parseHttpAuthHeader()"); |
|
| |
|
| // |
|
| // Extract the authentication type: |
|
| // |
|
| Uint32 space = authHeader.find(' '); |
|
| |
|
| if ( space == PEG_NOT_FOUND ) |
|
| { |
|
| PEG_METHOD_EXIT(); |
|
| return false; |
|
| } | } |
| | |
| authType = authHeader.subString(0, space); |
|
| |
|
| // |
|
| // Extract the cookie: |
|
| // |
|
| cookie = authHeader.subString(space + 1); |
|
| |
|
| PEG_METHOD_EXIT(); |
|
| |
|
| return true; |
|
| } |
|
| // | // |
| // Get local authentication handler | // Get local authentication handler |
| // | // |
|
|
|
| // | // |
| // create and return a local authentication handler. | // create and return a local authentication handler. |
| // | // |
| return (new LocalAuthenticationHandler()); |
return new LocalAuthenticationHandler(); |
| } | } |
| | |
| | |
|
|
|
| // | // |
| // create a authentication handler. | // create a authentication handler. |
| // | // |
| if ( String::equalNoCase(_httpAuthType, "Basic") ) |
if ( String::equal(_httpAuthType, "Basic") ) |
| { | { |
| handler.reset((Authenticator* ) new BasicAuthenticationHandler( )); | handler.reset((Authenticator* ) new BasicAuthenticationHandler( )); |
| } | } |
| #ifdef PEGASUS_KERBEROS_AUTHENTICATION | #ifdef PEGASUS_KERBEROS_AUTHENTICATION |
| else if ( String::equalNoCase(_httpAuthType, "Kerberos") ) |
else if ( String::equal(_httpAuthType, "Kerberos") ) |
| { | { |
| handler.reset((Authenticator* ) new KerberosAuthenticationHandler( )); | handler.reset((Authenticator* ) new KerberosAuthenticationHandler( )); |
| AutoPtr<KerberosAuthenticationHandler> kerberosHandler((KerberosAuthenticationHandler *)handler.get()); |
AutoPtr<KerberosAuthenticationHandler> kerberosHandler( |
| |
(KerberosAuthenticationHandler *)handler.get()); |
| int itFailed = kerberosHandler->initialize(); | int itFailed = kerberosHandler->initialize(); |
| kerberosHandler.release(); | kerberosHandler.release(); |
| if (itFailed) | if (itFailed) |
|
|
|
| { | { |
| handler.reset(0); | handler.reset(0); |
| } | } |
| // L10N TODO DONE |
MessageLoaderParms parms( |
| //Logger::put(Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE, |
"Security.Authentication.AuthenticationManager." |
| //"CIMOM server authentication handler for Kerberos failed to initialize properly. The CIMOM server is not started."); |
"AUTHENTICATION_HANDLER_KERBEROS_FAILED_TO_INITIALIZE", |
| |
"CIMOM server authentication handler for Kerberos failed to " |
| |
"initialize properly."); |
| Logger::put_l(Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE, | Logger::put_l(Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE, |
| "Security.Authentication.AuthenticationManager.AUTHENTICATION_HANDLER_KERBEROS_FAILED_TO_INITIALIZE", |
parms); |
| "CIMOM server authentication handler for Kerberos failed to initialize properly. The CIMOM server is not started."); |
|
| // end the server because Kerberos could not initialized. |
|
| MessageLoaderParms parms( "Security.Authentication.AuthenticationManager.AUTHENTICATION_HANDLER_KERBEROS_FAILED_TO_INITIALIZE", |
|
| "CIMOM server authentication handler for Kerberos failed to initialize properly. The CIMOM server is not started."); |
|
| throw Exception(parms); | throw Exception(parms); |
| } | } |
| } | } |
|
|
|
| // FUTURE: uncomment these line when Digest authentication | // FUTURE: uncomment these line when Digest authentication |
| // is implemented. | // is implemented. |
| // | // |
| //else if (String::equalNoCase(_httpAuthType, "Digest")) |
//else if (String::equal(_httpAuthType, "Digest")) |
| //{ | //{ |
| // handler = (Authenticator* ) new DigestAuthenticationHandler( ); | // handler = (Authenticator* ) new DigestAuthenticationHandler( ); |
| //} | //} |
|
|
|
| // This should never happen. Gets here only if Security Config | // This should never happen. Gets here only if Security Config |
| // property owner has not validated the configured http auth type. | // property owner has not validated the configured http auth type. |
| // | // |
| PEGASUS_ASSERT(0); |
PEGASUS_UNREACHABLE(PEGASUS_ASSERT(0);) |
| } | } |
| | |
| PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| return ( handler.release() ); |
return handler.release(); |
| } | } |
| | |
| |
|
| PEGASUS_NAMESPACE_END | PEGASUS_NAMESPACE_END |
| |
|
Return to
AuthenticationManager.cpp
CVS log
Up to [Pegasus] / pegasus / src / Pegasus / Security / Authentication