|
version 1.7, 2002/04/20 21:15:31
|
version 1.25.4.1, 2007/03/23 17:36:55
|
|
|
|
| //%///////////////////////////////////////////////////////////////////////////// |
//%2006//////////////////////////////////////////////////////////////////////// |
| // |
|
| // Copyright (c) 2000, 2001 BMC Software, Hewlett-Packard Company, IBM, |
|
| // The Open Group, Tivoli Systems |
|
| // | // |
| // Permission is hereby granted, free of charge, to any person obtaining a |
// Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development |
| // copy of this software and associated documentation files (the "Software"), |
// Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems. |
| // to deal in the Software without restriction, including without limitation |
// Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.; |
| // the rights to use, copy, modify, merge, publish, distribute, sublicense, |
// IBM Corp.; EMC Corporation, The Open Group. |
| // and/or sell copies of the Software, and to permit persons to whom the |
// Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.; |
| // Software is furnished to do so, subject to the following conditions: |
// IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group. |
| // |
// Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.; |
| // The above copyright notice and this permission notice shall be included in |
// EMC Corporation; VERITAS Software Corporation; The Open Group. |
| // all copies of substantial portions of this software. |
// Copyright (c) 2006 Hewlett-Packard Development Company, L.P.; IBM Corp.; |
| // |
// EMC Corporation; Symantec Corporation; The Open Group. |
| // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
// |
| // IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
// Permission is hereby granted, free of charge, to any person obtaining a copy |
| // FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL |
// of this software and associated documentation files (the "Software"), to |
| // THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
// deal in the Software without restriction, including without limitation the |
| // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING |
// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or |
| // FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER |
// sell copies of the Software, and to permit persons to whom the Software is |
| // DEALINGS IN THE SOFTWARE. |
// furnished to do so, subject to the following conditions: |
| |
// |
| |
// THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN |
| |
// ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED |
| |
// "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT |
| |
// LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR |
| |
// PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT |
| |
// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN |
| |
// ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION |
| |
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
| // | // |
| //============================================================================== | //============================================================================== |
| // | // |
| // Author: Nag Boranna, Hewlett-Packard Company(nagaraja_boranna@hp.com) |
|
| // |
|
| // Modified By: |
|
| // |
|
| //%///////////////////////////////////////////////////////////////////////////// | //%///////////////////////////////////////////////////////////////////////////// |
| | |
| #include <Pegasus/Common/System.h> | #include <Pegasus/Common/System.h> |
| #include <Pegasus/Common/XmlWriter.h> | #include <Pegasus/Common/XmlWriter.h> |
| #include <Pegasus/Common/Destroyer.h> |
|
| #include <Pegasus/Common/Tracer.h> | #include <Pegasus/Common/Tracer.h> |
| #include <Pegasus/Common/PegasusVersion.h> | #include <Pegasus/Common/PegasusVersion.h> |
| | |
|
|
|
| #include "BasicAuthenticationHandler.h" | #include "BasicAuthenticationHandler.h" |
| #include "AuthenticationManager.h" | #include "AuthenticationManager.h" |
| | |
| |
#include <Pegasus/Common/AutoPtr.h> |
| |
|
| |
#ifdef PEGASUS_KERBEROS_AUTHENTICATION |
| |
#include "KerberosAuthenticationHandler.h" |
| |
#endif |
| |
|
| |
|
| PEGASUS_USING_STD; | PEGASUS_USING_STD; |
| | |
| PEGASUS_NAMESPACE_BEGIN | PEGASUS_NAMESPACE_BEGIN |
|
|
|
| // | // |
| // delete authentication handlers | // delete authentication handlers |
| // | // |
| if ( _localAuthHandler ) |
|
| { |
|
| delete _localAuthHandler; | delete _localAuthHandler; |
| } |
|
| if ( _httpAuthHandler ) |
|
| { |
|
| delete _httpAuthHandler; | delete _httpAuthHandler; |
| } |
|
| | |
| PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| } | } |
| | |
| |
Boolean AuthenticationManager::isRemotePrivilegedUserAccessAllowed( |
| |
String & userName) |
| |
{ |
| |
// |
| |
// Reject access if the user is privileged and remote privileged user |
| |
// access is not enabled. |
| |
// |
| |
if (!ConfigManager::parseBooleanValue(ConfigManager::getInstance()-> |
| |
getCurrentValue("enableRemotePrivilegedUserAccess")) |
| |
&& System::isPrivilegedUser(userName)) |
| |
{ |
| |
Tracer::trace(TRC_AUTHENTICATION, Tracer::LEVEL2, |
| |
"Authentication failed for user '%s' because " |
| |
"enableRemotePrivilegedUserAccess is not set to 'true'.", |
| |
(const char*) userName.getCString()); |
| |
Logger::put_l( |
| |
Logger::STANDARD_LOG, System::CIMSERVER, Logger::INFORMATION, |
| |
"Security.Authentication.BasicAuthenticationHandler." |
| |
"PRIVILEGED_ACCESS_DISABLED", |
| |
"Authentication failed for user '$0' because " |
| |
"enableRemotePrivilegedUserAccess is not set to 'true'.", |
| |
userName); |
| |
return false; |
| |
} |
| |
return true; |
| |
} |
| |
|
| // | // |
| // Perform http authentication | // Perform http authentication |
| // | // |
|
|
|
| | |
| String cookie = String::EMPTY; | String cookie = String::EMPTY; |
| | |
| |
Logger::put(Logger::STANDARD_LOG, System::CIMSERVER, Logger::TRACE, |
| |
"AuthenticationManager:: performHttpAuthentication - Authority Header: $0", authHeader); |
| |
|
| // | // |
| // Parse the HTTP authentication header for authentication information | // Parse the HTTP authentication header for authentication information |
| // | // |
|
|
|
| { | { |
| authenticated = _httpAuthHandler->authenticate(cookie, authInfo); | authenticated = _httpAuthHandler->authenticate(cookie, authInfo); |
| } | } |
| // ATTN-NB-03-20000318: Add code to check for "Digest" when digest |
#ifdef PEGASUS_KERBEROS_AUTHENTICATION |
| |
else if ( String::equalNoCase(authType, "Negotiate") && |
| |
String::equalNoCase(_httpAuthType, "Kerberos") ) |
| |
{ |
| |
authenticated = _httpAuthHandler->authenticate(cookie, authInfo); |
| |
} |
| |
#endif |
| |
// FUTURE: Add code to check for "Digest" when digest |
| // authentication is implemented. | // authentication is implemented. |
| | |
| if ( authenticated ) | if ( authenticated ) |
| { | { |
| authInfo->setAuthStatus(AuthenticationInfoRep::AUTHENTICATED); |
|
| |
|
| authInfo->setAuthType(authType); | authInfo->setAuthType(authType); |
| } | } |
| | |
|
|
|
| String userName = String::EMPTY; | String userName = String::EMPTY; |
| String cookie = String::EMPTY; | String cookie = String::EMPTY; |
| | |
| |
Logger::put(Logger::STANDARD_LOG, System::CIMSERVER, Logger::TRACE, |
| |
"AuthenticationManager:: performPegasusAuthentication " |
| |
"- Authority Header: $0", authHeader); |
| |
|
| // | // |
| // Parse the pegasus authentication header authentication information | // Parse the pegasus authentication header authentication information |
| // | // |
|
|
|
| } | } |
| #endif | #endif |
| | |
| if ( String::equalNoCase(authType, "Local") ) |
// The HTTPAuthenticatorDelegator ensures only local authentication |
| { |
// requests get here. |
| if (authInfo->isAuthenticated() && |
PEGASUS_ASSERT(authType == "Local"); |
| String::equal(userName, authInfo->getAuthenticatedUser())) |
|
| { |
|
| PEG_METHOD_EXIT(); |
|
| return true; |
|
| } |
|
| } |
|
| else |
|
| { |
|
| PEG_METHOD_EXIT(); |
|
| return false; |
|
| } |
|
| |
|
| // |
|
| // Check if the authentication information is present |
|
| // |
|
| if ( String::equal(cookie, String::EMPTY) ) |
|
| { |
|
| PEG_METHOD_EXIT(); |
|
| return false; |
|
| } |
|
| | |
| authenticated = | authenticated = |
| _localAuthHandler->authenticate(cookie, authInfo); | _localAuthHandler->authenticate(cookie, authInfo); |
| | |
| if ( authenticated ) | if ( authenticated ) |
| { | { |
| authInfo->setAuthStatus(AuthenticationInfoRep::AUTHENTICATED); |
|
| |
|
| #if defined(PEGASUS_LOCAL_PRIVILEGED_AUTHENTICATION) | #if defined(PEGASUS_LOCAL_PRIVILEGED_AUTHENTICATION) |
| if ( String::equal(authType, "LocalPrivileged") ) | if ( String::equal(authType, "LocalPrivileged") ) |
| { | { |
|
|
|
| } | } |
| | |
| // | // |
| |
// Validate user. |
| |
// |
| |
Boolean AuthenticationManager::validateUserForHttpAuth (const String& userName) |
| |
{ |
| |
return _httpAuthHandler->validateUser(userName); |
| |
} |
| |
|
| |
// |
| // Get pegasus/local authentication response header | // Get pegasus/local authentication response header |
| // | // |
| String AuthenticationManager::getPegasusAuthResponseHeader | String AuthenticationManager::getPegasusAuthResponseHeader |
|
|
|
| // | // |
| // Get HTTP authentication response header | // Get HTTP authentication response header |
| // | // |
| |
#ifdef PEGASUS_KERBEROS_AUTHENTICATION |
| |
String AuthenticationManager::getHttpAuthResponseHeader( AuthenticationInfo* authInfo ) |
| |
#else |
| String AuthenticationManager::getHttpAuthResponseHeader() | String AuthenticationManager::getHttpAuthResponseHeader() |
| |
#endif |
| { | { |
| PEG_METHOD_ENTER( | PEG_METHOD_ENTER( |
| TRC_AUTHENTICATION, "AuthenticationManager::getHttpAuthResponseHeader()"); | TRC_AUTHENTICATION, "AuthenticationManager::getHttpAuthResponseHeader()"); |
| | |
| |
#ifdef PEGASUS_KERBEROS_AUTHENTICATION |
| |
String respHeader = _httpAuthHandler->getAuthResponseHeader( |
| |
String::EMPTY, String::EMPTY, authInfo); |
| |
#else |
| String respHeader = _httpAuthHandler->getAuthResponseHeader(); | String respHeader = _httpAuthHandler->getAuthResponseHeader(); |
| |
#endif |
| | |
| PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| | |
|
|
|
| // | // |
| Uint32 space = authHeader.find(' '); | Uint32 space = authHeader.find(' '); |
| | |
| if ( space == PEGASUS_NOT_FOUND ) |
if ( space == PEG_NOT_FOUND ) |
| { | { |
| PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| return false; | return false; |
|
|
|
| // | // |
| Uint32 space = authHeader.find(' '); | Uint32 space = authHeader.find(' '); |
| | |
| if ( space == PEGASUS_NOT_FOUND ) |
if ( space == PEG_NOT_FOUND ) |
| { | { |
| PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| return false; | return false; |
|
|
|
| { | { |
| PEG_METHOD_ENTER( | PEG_METHOD_ENTER( |
| TRC_AUTHENTICATION, "AuthenticationManager::_getHttpAuthHandler()"); | TRC_AUTHENTICATION, "AuthenticationManager::_getHttpAuthHandler()"); |
| |
AutoPtr<Authenticator> handler; |
| Authenticator* handler = 0; |
|
| | |
| // | // |
| // get the configured authentication type | // get the configured authentication type |
| // | // |
| ConfigManager* configManager = ConfigManager::getInstance(); |
AutoPtr<ConfigManager> configManager(ConfigManager::getInstance()); |
| | |
| _httpAuthType = configManager->getCurrentValue("httpAuthType"); | _httpAuthType = configManager->getCurrentValue("httpAuthType"); |
| |
configManager.release(); |
| // | // |
| // create a authentication handler. | // create a authentication handler. |
| // | // |
| if ( String::equalNoCase(_httpAuthType, "Basic") ) | if ( String::equalNoCase(_httpAuthType, "Basic") ) |
| { | { |
| handler = (Authenticator* ) new BasicAuthenticationHandler( ); |
handler.reset((Authenticator* ) new BasicAuthenticationHandler( )); |
| |
} |
| |
#ifdef PEGASUS_KERBEROS_AUTHENTICATION |
| |
else if ( String::equalNoCase(_httpAuthType, "Kerberos") ) |
| |
{ |
| |
handler.reset((Authenticator* ) new KerberosAuthenticationHandler( )); |
| |
AutoPtr<KerberosAuthenticationHandler> kerberosHandler((KerberosAuthenticationHandler *)handler.get()); |
| |
int itFailed = kerberosHandler->initialize(); |
| |
kerberosHandler.release(); |
| |
if (itFailed) |
| |
{ |
| |
if (handler.get()) |
| |
{ |
| |
handler.reset(0); |
| |
} |
| |
// L10N TODO DONE |
| |
//Logger::put(Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE, |
| |
//"CIMOM server authentication handler for Kerberos failed to initialize properly. The CIMOM server is not started."); |
| |
Logger::put_l(Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE, |
| |
"Security.Authentication.AuthenticationManager.AUTHENTICATION_HANDLER_KERBEROS_FAILED_TO_INITIALIZE", |
| |
"CIMOM server authentication handler for Kerberos failed to initialize properly. The CIMOM server is not started."); |
| |
// end the server because Kerberos could not initialized. |
| |
MessageLoaderParms parms( "Security.Authentication.AuthenticationManager.AUTHENTICATION_HANDLER_KERBEROS_FAILED_TO_INITIALIZE", |
| |
"CIMOM server authentication handler for Kerberos failed to initialize properly. The CIMOM server is not started."); |
| |
throw Exception(parms); |
| } | } |
| // ATTN-NB-03-20000318: uncomment these line when Digest authentication |
} |
| |
#endif |
| |
// FUTURE: uncomment these line when Digest authentication |
| // is implemented. | // is implemented. |
| // | // |
| //else if (String::equalNoCase(_httpAuthType, "Digest")) | //else if (String::equalNoCase(_httpAuthType, "Digest")) |
|
|
|
| } | } |
| | |
| PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| |
return ( handler.release() ); |
| return ( handler ); |
|
| } | } |
| | |
| | |
Return to
AuthenticationManager.cpp
CVS log
Up to [Pegasus] / pegasus / src / Pegasus / Security / Authentication