version 1.23.2.1, 2007/04/03 19:01:45
|
version 1.27, 2007/03/16 17:16:58
|
|
|
// | // |
//============================================================================== | //============================================================================== |
// | // |
// Author: Nag Boranna, Hewlett-Packard Company(nagaraja_boranna@hp.com) |
|
// |
|
// Modified By: Dave Rosckes (rosckes@us.ibm.com) |
|
// Josephine Eskaline Joyce (jojustin@in.ibm.com) for PEP#101 |
|
// Sushma Fernandes, Hewlett-Packard Company(sushma_fernandes@hp.com) |
|
// |
|
//%///////////////////////////////////////////////////////////////////////////// | //%///////////////////////////////////////////////////////////////////////////// |
| |
#include <Pegasus/Common/System.h> | #include <Pegasus/Common/System.h> |
|
|
// | // |
// delete authentication handlers | // delete authentication handlers |
// | // |
if ( _localAuthHandler ) |
|
{ |
|
delete _localAuthHandler; | delete _localAuthHandler; |
} |
|
if ( _httpAuthHandler ) |
|
{ |
|
delete _httpAuthHandler; | delete _httpAuthHandler; |
} |
|
| |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
} | } |
| |
|
Boolean AuthenticationManager::isRemotePrivilegedUserAccessAllowed( |
|
String & userName) |
|
{ |
|
// |
|
// Reject access if the user is privileged and remote privileged user |
|
// access is not enabled. |
|
// |
|
if (!ConfigManager::parseBooleanValue(ConfigManager::getInstance()-> |
|
getCurrentValue("enableRemotePrivilegedUserAccess")) |
|
&& System::isPrivilegedUser(userName)) |
|
{ |
|
PEG_TRACE((TRC_AUTHENTICATION, Tracer::LEVEL2, |
|
"Authentication failed for user '%s' because " |
|
"enableRemotePrivilegedUserAccess is not set to 'true'.", |
|
(const char*) userName.getCString())); |
|
Logger::put_l( |
|
Logger::STANDARD_LOG, System::CIMSERVER, Logger::INFORMATION, |
|
"Security.Authentication.BasicAuthenticationHandler." |
|
"PRIVILEGED_ACCESS_DISABLED", |
|
"Authentication failed for user '$0' because " |
|
"enableRemotePrivilegedUserAccess is not set to 'true'.", |
|
userName); |
|
return false; |
|
} |
|
return true; |
|
} |
|
|
// | // |
// Perform http authentication | // Perform http authentication |
// | // |
|
|
| |
if ( authenticated ) | if ( authenticated ) |
{ | { |
|
authInfo->setAuthStatus(AuthenticationInfoRep::AUTHENTICATED); |
|
|
authInfo->setAuthType(authType); | authInfo->setAuthType(authType); |
} | } |
| |
|
|
String cookie = String::EMPTY; | String cookie = String::EMPTY; |
| |
Logger::put(Logger::STANDARD_LOG, System::CIMSERVER, Logger::TRACE, | Logger::put(Logger::STANDARD_LOG, System::CIMSERVER, Logger::TRACE, |
"AuthenticationManager:: performPegasusAuthentication " |
"AuthenticationManager:: performPegasusAuthentication - Authority Header: $0", |
"- Authority Header: $0", authHeader); |
authHeader); |
| |
// | // |
// Parse the pegasus authentication header authentication information | // Parse the pegasus authentication header authentication information |
|
|
return false; | return false; |
} | } |
| |
// |
if ( String::equalNoCase(authType, "Local") ) |
// Note: Pegasus LocalPrivileged authentication is not being used, but the |
|
// code is kept here so that we can use it in the future if needed. |
|
// |
|
#if defined(PEGASUS_LOCAL_PRIVILEGED_AUTHENTICATION) |
|
if ( String::equalNoCase(authType, "LocalPrivileged") ) |
|
{ | { |
if (authInfo->isAuthenticated() && authInfo->isPrivileged() && |
if (authInfo->isAuthenticated() && |
String::equal(userName, authInfo->getAuthenticatedUser())) | String::equal(userName, authInfo->getAuthenticatedUser())) |
{ | { |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
return true; | return true; |
} | } |
} | } |
#endif |
else |
|
{ |
|
PEG_METHOD_EXIT(); |
|
return false; |
|
} |
| |
// The HTTPAuthenticatorDelegator ensures only local authentication |
// |
// requests get here. |
// Check if the authentication information is present |
PEGASUS_ASSERT(authType == "Local"); |
// |
|
if ( String::equal(cookie, String::EMPTY) ) |
|
{ |
|
PEG_METHOD_EXIT(); |
|
return false; |
|
} |
| |
authenticated = | authenticated = |
_localAuthHandler->authenticate(cookie, authInfo); | _localAuthHandler->authenticate(cookie, authInfo); |
| |
if ( authenticated ) | if ( authenticated ) |
{ | { |
#if defined(PEGASUS_LOCAL_PRIVILEGED_AUTHENTICATION) |
authInfo->setAuthStatus(AuthenticationInfoRep::AUTHENTICATED); |
if ( String::equal(authType, "LocalPrivileged") ) |
|
{ |
|
authInfo->setPrivileged(true); |
|
} |
|
else |
|
{ |
|
authInfo->setPrivileged(false); |
|
} |
|
#endif |
|
|
|
authInfo->setAuthType(authType); | authInfo->setAuthType(authType); |
} | } |
| |