version 1.11.6.2, 2003/08/14 11:55:43
|
version 1.27, 2007/03/16 17:16:58
|
|
|
//%///////////////////////////////////////////////////////////////////////////// |
//%2006//////////////////////////////////////////////////////////////////////// |
// | // |
// Copyright (c) 2000, 2001, 2002 BMC Software, Hewlett-Packard Company, IBM, |
// Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development |
// The Open Group, Tivoli Systems |
// Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems. |
|
// Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.; |
|
// IBM Corp.; EMC Corporation, The Open Group. |
|
// Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.; |
|
// IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group. |
|
// Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.; |
|
// EMC Corporation; VERITAS Software Corporation; The Open Group. |
|
// Copyright (c) 2006 Hewlett-Packard Development Company, L.P.; IBM Corp.; |
|
// EMC Corporation; Symantec Corporation; The Open Group. |
// | // |
// Permission is hereby granted, free of charge, to any person obtaining a copy | // Permission is hereby granted, free of charge, to any person obtaining a copy |
// of this software and associated documentation files (the "Software"), to | // of this software and associated documentation files (the "Software"), to |
|
|
// | // |
//============================================================================== | //============================================================================== |
// | // |
// Author: Nag Boranna, Hewlett-Packard Company(nagaraja_boranna@hp.com) |
|
// |
|
// Modified By: Dave Rosckes (rosckes@us.ibm.com) |
|
// |
|
//%///////////////////////////////////////////////////////////////////////////// | //%///////////////////////////////////////////////////////////////////////////// |
| |
#include <Pegasus/Common/System.h> | #include <Pegasus/Common/System.h> |
#include <Pegasus/Common/XmlWriter.h> | #include <Pegasus/Common/XmlWriter.h> |
#include <Pegasus/Common/Destroyer.h> |
|
#include <Pegasus/Common/Tracer.h> | #include <Pegasus/Common/Tracer.h> |
#include <Pegasus/Common/PegasusVersion.h> | #include <Pegasus/Common/PegasusVersion.h> |
| |
|
|
#include "BasicAuthenticationHandler.h" | #include "BasicAuthenticationHandler.h" |
#include "AuthenticationManager.h" | #include "AuthenticationManager.h" |
| |
|
#include <Pegasus/Common/AutoPtr.h> |
|
|
#ifdef PEGASUS_KERBEROS_AUTHENTICATION | #ifdef PEGASUS_KERBEROS_AUTHENTICATION |
#include <Pegasus/Security/Authentication/KerberosAuthenticationHandler.h> |
#include "KerberosAuthenticationHandler.h" |
#endif | #endif |
| |
|
|
PEGASUS_USING_STD; | PEGASUS_USING_STD; |
| |
PEGASUS_NAMESPACE_BEGIN | PEGASUS_NAMESPACE_BEGIN |
|
|
// | // |
// delete authentication handlers | // delete authentication handlers |
// | // |
if ( _localAuthHandler ) |
|
{ |
|
delete _localAuthHandler; | delete _localAuthHandler; |
} |
|
if ( _httpAuthHandler ) |
|
{ |
|
delete _httpAuthHandler; | delete _httpAuthHandler; |
} |
|
| |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
} | } |
| |
|
Boolean AuthenticationManager::isRemotePrivilegedUserAccessAllowed( |
|
String & userName) |
|
{ |
|
// |
|
// Reject access if the user is privileged and remote privileged user |
|
// access is not enabled. |
|
// |
|
if (!ConfigManager::parseBooleanValue(ConfigManager::getInstance()-> |
|
getCurrentValue("enableRemotePrivilegedUserAccess")) |
|
&& System::isPrivilegedUser(userName)) |
|
{ |
|
PEG_TRACE((TRC_AUTHENTICATION, Tracer::LEVEL2, |
|
"Authentication failed for user '%s' because " |
|
"enableRemotePrivilegedUserAccess is not set to 'true'.", |
|
(const char*) userName.getCString())); |
|
Logger::put_l( |
|
Logger::STANDARD_LOG, System::CIMSERVER, Logger::INFORMATION, |
|
"Security.Authentication.BasicAuthenticationHandler." |
|
"PRIVILEGED_ACCESS_DISABLED", |
|
"Authentication failed for user '$0' because " |
|
"enableRemotePrivilegedUserAccess is not set to 'true'.", |
|
userName); |
|
return false; |
|
} |
|
return true; |
|
} |
|
|
// | // |
// Perform http authentication | // Perform http authentication |
// | // |
|
|
return false; | return false; |
} | } |
| |
// |
|
// Note: Pegasus LocalPrivileged authentication is not being used, but the |
|
// code is kept here so that we can use it in the future if needed. |
|
// |
|
#if defined(PEGASUS_LOCAL_PRIVILEGED_AUTHENTICATION) |
|
if ( String::equalNoCase(authType, "LocalPrivileged") ) |
|
{ |
|
if (authInfo->isAuthenticated() && authInfo->isPrivileged() && |
|
String::equal(userName, authInfo->getAuthenticatedUser())) |
|
{ |
|
PEG_METHOD_EXIT(); |
|
return true; |
|
} |
|
} |
|
#endif |
|
|
|
if ( String::equalNoCase(authType, "Local") ) | if ( String::equalNoCase(authType, "Local") ) |
{ | { |
if (authInfo->isAuthenticated() && | if (authInfo->isAuthenticated() && |
|
|
if ( authenticated ) | if ( authenticated ) |
{ | { |
authInfo->setAuthStatus(AuthenticationInfoRep::AUTHENTICATED); | authInfo->setAuthStatus(AuthenticationInfoRep::AUTHENTICATED); |
|
|
#if defined(PEGASUS_LOCAL_PRIVILEGED_AUTHENTICATION) |
|
if ( String::equal(authType, "LocalPrivileged") ) |
|
{ |
|
authInfo->setPrivileged(true); |
|
} |
|
else |
|
{ |
|
authInfo->setPrivileged(false); |
|
} |
|
#endif |
|
|
|
authInfo->setAuthType(authType); | authInfo->setAuthType(authType); |
} | } |
| |
|
|
} | } |
| |
// | // |
|
// Validate user. |
|
// |
|
Boolean AuthenticationManager::validateUserForHttpAuth (const String& userName) |
|
{ |
|
return _httpAuthHandler->validateUser(userName); |
|
} |
|
|
|
// |
// Get pegasus/local authentication response header | // Get pegasus/local authentication response header |
// | // |
String AuthenticationManager::getPegasusAuthResponseHeader | String AuthenticationManager::getPegasusAuthResponseHeader |
|
|
{ | { |
PEG_METHOD_ENTER( | PEG_METHOD_ENTER( |
TRC_AUTHENTICATION, "AuthenticationManager::_getHttpAuthHandler()"); | TRC_AUTHENTICATION, "AuthenticationManager::_getHttpAuthHandler()"); |
|
AutoPtr<Authenticator> handler; |
Authenticator* handler = 0; |
|
| |
// | // |
// get the configured authentication type | // get the configured authentication type |
// | // |
ConfigManager* configManager = ConfigManager::getInstance(); |
AutoPtr<ConfigManager> configManager(ConfigManager::getInstance()); |
| |
_httpAuthType = configManager->getCurrentValue("httpAuthType"); | _httpAuthType = configManager->getCurrentValue("httpAuthType"); |
|
configManager.release(); |
// | // |
// create a authentication handler. | // create a authentication handler. |
// | // |
if ( String::equalNoCase(_httpAuthType, "Basic") ) | if ( String::equalNoCase(_httpAuthType, "Basic") ) |
{ | { |
handler = (Authenticator* ) new BasicAuthenticationHandler( ); |
handler.reset((Authenticator* ) new BasicAuthenticationHandler( )); |
} | } |
#ifdef PEGASUS_KERBEROS_AUTHENTICATION | #ifdef PEGASUS_KERBEROS_AUTHENTICATION |
else if ( String::equalNoCase(_httpAuthType, "Kerberos") ) | else if ( String::equalNoCase(_httpAuthType, "Kerberos") ) |
{ | { |
handler = (Authenticator* ) new KerberosAuthenticationHandler( ); |
handler.reset((Authenticator* ) new KerberosAuthenticationHandler( )); |
KerberosAuthenticationHandler* kerberosHandler = (KerberosAuthenticationHandler *)handler; |
AutoPtr<KerberosAuthenticationHandler> kerberosHandler((KerberosAuthenticationHandler *)handler.get()); |
int itFailed = kerberosHandler->initialize(); | int itFailed = kerberosHandler->initialize(); |
|
kerberosHandler.release(); |
if (itFailed) | if (itFailed) |
{ | { |
if (handler) |
if (handler.get()) |
{ | { |
delete handler; // cleanup |
handler.reset(0); |
handler = 0; |
|
} | } |
// TODO::KERBEROS localization |
// L10N TODO DONE |
// L10N TODO |
//Logger::put(Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE, |
Logger::put(Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE, |
//"CIMOM server authentication handler for Kerberos failed to initialize properly. The CIMOM server is not started."); |
|
Logger::put_l(Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE, |
|
"Security.Authentication.AuthenticationManager.AUTHENTICATION_HANDLER_KERBEROS_FAILED_TO_INITIALIZE", |
"CIMOM server authentication handler for Kerberos failed to initialize properly. The CIMOM server is not started."); | "CIMOM server authentication handler for Kerberos failed to initialize properly. The CIMOM server is not started."); |
PEGASUS_ASSERT(0); // end the server because Kerberos could not |
// end the server because Kerberos could not initialized. |
// initialized. will this really end the server? |
MessageLoaderParms parms( "Security.Authentication.AuthenticationManager.AUTHENTICATION_HANDLER_KERBEROS_FAILED_TO_INITIALIZE", |
|
"CIMOM server authentication handler for Kerberos failed to initialize properly. The CIMOM server is not started."); |
|
throw Exception(parms); |
} | } |
} | } |
#endif | #endif |
|
|
} | } |
| |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
|
return ( handler.release() ); |
return ( handler ); |
|
} | } |
| |
| |