version 1.23, 2006/01/30 16:18:28
|
version 1.33, 2008/05/12 09:14:56
|
|
|
// | // |
//============================================================================== | //============================================================================== |
// | // |
// Author: Nag Boranna, Hewlett-Packard Company(nagaraja_boranna@hp.com) |
|
// |
|
// Modified By: Dave Rosckes (rosckes@us.ibm.com) |
|
// Josephine Eskaline Joyce (jojustin@in.ibm.com) for PEP#101 |
|
// Sushma Fernandes, Hewlett-Packard Company(sushma_fernandes@hp.com) |
|
// |
|
//%///////////////////////////////////////////////////////////////////////////// | //%///////////////////////////////////////////////////////////////////////////// |
| |
#include <Pegasus/Common/System.h> | #include <Pegasus/Common/System.h> |
#include <Pegasus/Common/XmlWriter.h> | #include <Pegasus/Common/XmlWriter.h> |
#include <Pegasus/Common/Tracer.h> | #include <Pegasus/Common/Tracer.h> |
#include <Pegasus/Common/PegasusVersion.h> | #include <Pegasus/Common/PegasusVersion.h> |
|
#include <Pegasus/Common/HTTPMessage.h> |
| |
#include <Pegasus/Config/ConfigManager.h> | #include <Pegasus/Config/ConfigManager.h> |
| |
|
|
// | // |
// delete authentication handlers | // delete authentication handlers |
// | // |
if ( _localAuthHandler ) |
|
{ |
|
delete _localAuthHandler; | delete _localAuthHandler; |
} |
|
if ( _httpAuthHandler ) |
|
{ |
|
delete _httpAuthHandler; | delete _httpAuthHandler; |
} |
|
| |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
} | } |
| |
|
Boolean AuthenticationManager::isRemotePrivilegedUserAccessAllowed( |
|
String & userName) |
|
{ |
|
// |
|
// Reject access if the user is privileged and remote privileged user |
|
// access is not enabled. |
|
// |
|
if (!ConfigManager::parseBooleanValue(ConfigManager::getInstance()-> |
|
getCurrentValue("enableRemotePrivilegedUserAccess")) |
|
&& System::isPrivilegedUser(userName)) |
|
{ |
|
PEG_TRACE((TRC_AUTHENTICATION, Tracer::LEVEL2, |
|
"Authentication failed for user '%s' because " |
|
"enableRemotePrivilegedUserAccess is not set to 'true'.", |
|
(const char*) userName.getCString())); |
|
Logger::put_l( |
|
Logger::STANDARD_LOG, System::CIMSERVER, Logger::INFORMATION, |
|
"Security.Authentication.BasicAuthenticationHandler." |
|
"PRIVILEGED_ACCESS_DISABLED", |
|
"Authentication failed for user '$0' because " |
|
"enableRemotePrivilegedUserAccess is not set to 'true'.", |
|
userName); |
|
return false; |
|
} |
|
return true; |
|
} |
|
|
// | // |
// Perform http authentication | // Perform http authentication |
// | // |
Boolean AuthenticationManager::performHttpAuthentication |
Boolean AuthenticationManager::performHttpAuthentication( |
( |
|
const String& authHeader, | const String& authHeader, |
AuthenticationInfo* authInfo |
AuthenticationInfo* authInfo) |
) |
|
{ | { |
PEG_METHOD_ENTER( |
PEG_METHOD_ENTER(TRC_AUTHENTICATION, |
TRC_AUTHENTICATION, "AuthenticationManager::performHttpAuthentication()"); |
"AuthenticationManager::performHttpAuthentication()"); |
|
|
String authType = String::EMPTY; |
|
| |
String cookie = String::EMPTY; |
String authType; |
|
String cookie; |
Logger::put(Logger::STANDARD_LOG, System::CIMSERVER, Logger::TRACE, |
|
"AuthenticationManager:: performHttpAuthentication - Authority Header: $0", authHeader); |
|
| |
// | // |
// Parse the HTTP authentication header for authentication information | // Parse the HTTP authentication header for authentication information |
// | // |
if ( !_parseHttpAuthHeader(authHeader, authType, cookie) ) |
if ( !HTTPMessage::parseHttpAuthHeader(authHeader, authType, cookie) ) |
{ | { |
|
PEG_TRACE(( |
|
TRC_DISCARDED_DATA, |
|
Tracer::LEVEL2, |
|
"HTTPAuthentication failed. " |
|
"Malformed HTTP authentication header: %s", |
|
(const char*)authHeader.getCString())); |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
return false; | return false; |
} | } |
|
|
| |
if ( authenticated ) | if ( authenticated ) |
{ | { |
authInfo->setAuthStatus(AuthenticationInfoRep::AUTHENTICATED); |
|
|
|
authInfo->setAuthType(authType); | authInfo->setAuthType(authType); |
} | } |
| |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| |
return ( authenticated ); |
return authenticated; |
} | } |
| |
// | // |
// Perform pegasus sepcific local authentication | // Perform pegasus sepcific local authentication |
// | // |
Boolean AuthenticationManager::performPegasusAuthentication |
Boolean AuthenticationManager::performPegasusAuthentication( |
( |
|
const String& authHeader, | const String& authHeader, |
AuthenticationInfo* authInfo |
AuthenticationInfo* authInfo) |
) |
|
{ | { |
PEG_METHOD_ENTER( |
PEG_METHOD_ENTER(TRC_AUTHENTICATION, |
TRC_AUTHENTICATION, "AuthenticationManager::performPegasusAuthentication()"); |
"AuthenticationManager::performPegasusAuthentication()"); |
| |
Boolean authenticated = false; | Boolean authenticated = false; |
| |
String authType = String::EMPTY; |
String authType; |
String userName = String::EMPTY; |
String userName; |
String cookie = String::EMPTY; |
String cookie; |
|
|
Logger::put(Logger::STANDARD_LOG, System::CIMSERVER, Logger::TRACE, |
|
"AuthenticationManager:: performPegasusAuthentication - Authority Header: $0", |
|
authHeader); |
|
| |
// | // |
// Parse the pegasus authentication header authentication information | // Parse the pegasus authentication header authentication information |
// | // |
if ( !_parseLocalAuthHeader(authHeader, authType, userName, cookie) ) |
if ( !HTTPMessage::parseLocalAuthHeader(authHeader, |
|
authType, userName, cookie) ) |
{ | { |
|
PEG_TRACE(( |
|
TRC_DISCARDED_DATA, |
|
Tracer::LEVEL2, |
|
"PegasusAuthentication failed. " |
|
"Malformed Pegasus authentication header: %s", |
|
(const char*)authHeader.getCString())); |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
return false; | return false; |
} | } |
| |
// |
// The HTTPAuthenticatorDelegator ensures only local authentication |
// Note: Pegasus LocalPrivileged authentication is not being used, but the |
// requests get here. |
// code is kept here so that we can use it in the future if needed. |
PEGASUS_ASSERT(authType == "Local"); |
// |
|
#if defined(PEGASUS_LOCAL_PRIVILEGED_AUTHENTICATION) |
|
if ( String::equalNoCase(authType, "LocalPrivileged") ) |
|
{ |
|
if (authInfo->isAuthenticated() && authInfo->isPrivileged() && |
|
String::equal(userName, authInfo->getAuthenticatedUser())) |
|
{ |
|
PEG_METHOD_EXIT(); |
|
return true; |
|
} |
|
} |
|
#endif |
|
|
|
if ( String::equalNoCase(authType, "Local") ) |
|
{ |
|
if (authInfo->isAuthenticated() && |
|
String::equal(userName, authInfo->getAuthenticatedUser())) |
|
{ |
|
PEG_METHOD_EXIT(); |
|
return true; |
|
} |
|
} |
|
else |
|
{ |
|
PEG_METHOD_EXIT(); |
|
return false; |
|
} |
|
|
|
// |
|
// Check if the authentication information is present |
|
// |
|
if ( String::equal(cookie, String::EMPTY) ) |
|
{ |
|
PEG_METHOD_EXIT(); |
|
return false; |
|
} |
|
| |
authenticated = | authenticated = |
_localAuthHandler->authenticate(cookie, authInfo); | _localAuthHandler->authenticate(cookie, authInfo); |
| |
if ( authenticated ) | if ( authenticated ) |
{ | { |
authInfo->setAuthStatus(AuthenticationInfoRep::AUTHENTICATED); |
|
|
|
#if defined(PEGASUS_LOCAL_PRIVILEGED_AUTHENTICATION) |
|
if ( String::equal(authType, "LocalPrivileged") ) |
|
{ |
|
authInfo->setPrivileged(true); |
|
} |
|
else |
|
{ |
|
authInfo->setPrivileged(false); |
|
} |
|
#endif |
|
|
|
authInfo->setAuthType(authType); | authInfo->setAuthType(authType); |
} | } |
| |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| |
return ( authenticated ); |
return authenticated; |
} | } |
| |
// | // |
|
|
// | // |
// Get pegasus/local authentication response header | // Get pegasus/local authentication response header |
// | // |
String AuthenticationManager::getPegasusAuthResponseHeader |
String AuthenticationManager::getPegasusAuthResponseHeader( |
( |
|
const String& authHeader, | const String& authHeader, |
AuthenticationInfo* authInfo |
AuthenticationInfo* authInfo) |
) |
|
{ | { |
PEG_METHOD_ENTER( |
PEG_METHOD_ENTER(TRC_AUTHENTICATION, |
TRC_AUTHENTICATION, "AuthenticationManager::getPegasusAuthResponseHeader()"); |
"AuthenticationManager::getPegasusAuthResponseHeader()"); |
| |
String respHeader = String::EMPTY; |
String respHeader; |
| |
String authType = String::EMPTY; |
String authType; |
String userName = String::EMPTY; |
String userName; |
String cookie = String::EMPTY; |
String cookie; |
| |
// | // |
// Parse the pegasus authentication header authentication information | // Parse the pegasus authentication header authentication information |
// | // |
if ( !_parseLocalAuthHeader(authHeader, authType, userName, cookie) ) |
if ( !HTTPMessage::parseLocalAuthHeader(authHeader, |
|
authType, userName, cookie) ) |
{ | { |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
return (respHeader); |
return respHeader; |
} | } |
| |
// | // |
|
|
if ( String::equal(userName, String::EMPTY) ) | if ( String::equal(userName, String::EMPTY) ) |
{ | { |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
return (respHeader); |
return respHeader; |
} | } |
| |
respHeader = | respHeader = |
|
|
| |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| |
return (respHeader); |
return respHeader; |
| |
} | } |
| |
|
|
// Get HTTP authentication response header | // Get HTTP authentication response header |
// | // |
#ifdef PEGASUS_KERBEROS_AUTHENTICATION | #ifdef PEGASUS_KERBEROS_AUTHENTICATION |
String AuthenticationManager::getHttpAuthResponseHeader( AuthenticationInfo* authInfo ) |
String AuthenticationManager::getHttpAuthResponseHeader( |
|
AuthenticationInfo* authInfo) |
#else | #else |
String AuthenticationManager::getHttpAuthResponseHeader() | String AuthenticationManager::getHttpAuthResponseHeader() |
#endif | #endif |
{ | { |
PEG_METHOD_ENTER( |
PEG_METHOD_ENTER(TRC_AUTHENTICATION, |
TRC_AUTHENTICATION, "AuthenticationManager::getHttpAuthResponseHeader()"); |
"AuthenticationManager::getHttpAuthResponseHeader()"); |
| |
#ifdef PEGASUS_KERBEROS_AUTHENTICATION | #ifdef PEGASUS_KERBEROS_AUTHENTICATION |
String respHeader = _httpAuthHandler->getAuthResponseHeader( | String respHeader = _httpAuthHandler->getAuthResponseHeader( |
|
|
| |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| |
return (respHeader); |
return respHeader; |
} | } |
| |
// | // |
// parse the local authentication header |
|
// |
|
Boolean AuthenticationManager::_parseLocalAuthHeader( |
|
const String& authHeader, String& authType, String& userName, String& cookie) |
|
{ |
|
PEG_METHOD_ENTER( |
|
TRC_AUTHENTICATION, "AuthenticationManager::_parseLocalAuthHeader()"); |
|
|
|
// |
|
// Extract the authentication type: |
|
// |
|
Uint32 space = authHeader.find(' '); |
|
|
|
if ( space == PEG_NOT_FOUND ) |
|
{ |
|
PEG_METHOD_EXIT(); |
|
return false; |
|
} |
|
|
|
authType = authHeader.subString(0, space); |
|
|
|
Uint32 startQuote = authHeader.find(space, '"'); |
|
|
|
if ( startQuote == PEG_NOT_FOUND ) |
|
{ |
|
PEG_METHOD_EXIT(); |
|
return false; |
|
} |
|
|
|
Uint32 endQuote = authHeader.find(startQuote + 1, '"'); |
|
|
|
if ( endQuote == PEG_NOT_FOUND ) |
|
{ |
|
PEG_METHOD_EXIT(); |
|
return false; |
|
} |
|
|
|
String temp = authHeader.subString( |
|
startQuote + 1, (endQuote - startQuote - 1)); |
|
|
|
// |
|
// Extract the user name and cookie: |
|
// |
|
Uint32 colon = temp.find(0, ':'); |
|
|
|
if ( colon == PEG_NOT_FOUND ) |
|
{ |
|
userName = temp; |
|
} |
|
else |
|
{ |
|
userName = temp.subString(0, colon); |
|
cookie = temp; |
|
} |
|
|
|
PEG_METHOD_EXIT(); |
|
|
|
return true; |
|
} |
|
|
|
// |
|
// parse the HTTP authentication header |
|
// |
|
Boolean AuthenticationManager::_parseHttpAuthHeader( |
|
const String& authHeader, String& authType, String& cookie) |
|
{ |
|
PEG_METHOD_ENTER( |
|
TRC_AUTHENTICATION, "AuthenticationManager::_parseHttpAuthHeader()"); |
|
|
|
// |
|
// Extract the authentication type: |
|
// |
|
Uint32 space = authHeader.find(' '); |
|
|
|
if ( space == PEG_NOT_FOUND ) |
|
{ |
|
PEG_METHOD_EXIT(); |
|
return false; |
|
} |
|
|
|
authType = authHeader.subString(0, space); |
|
|
|
// |
|
// Extract the cookie: |
|
// |
|
cookie = authHeader.subString(space + 1); |
|
|
|
PEG_METHOD_EXIT(); |
|
|
|
return true; |
|
} |
|
// |
|
// Get local authentication handler | // Get local authentication handler |
// | // |
Authenticator* AuthenticationManager::_getLocalAuthHandler() | Authenticator* AuthenticationManager::_getLocalAuthHandler() |
|
|
// | // |
// create and return a local authentication handler. | // create and return a local authentication handler. |
// | // |
return (new LocalAuthenticationHandler()); |
return new LocalAuthenticationHandler(); |
} | } |
| |
| |
|
|
else if ( String::equalNoCase(_httpAuthType, "Kerberos") ) | else if ( String::equalNoCase(_httpAuthType, "Kerberos") ) |
{ | { |
handler.reset((Authenticator* ) new KerberosAuthenticationHandler( )); | handler.reset((Authenticator* ) new KerberosAuthenticationHandler( )); |
AutoPtr<KerberosAuthenticationHandler> kerberosHandler((KerberosAuthenticationHandler *)handler.get()); |
AutoPtr<KerberosAuthenticationHandler> kerberosHandler( |
|
(KerberosAuthenticationHandler *)handler.get()); |
int itFailed = kerberosHandler->initialize(); | int itFailed = kerberosHandler->initialize(); |
kerberosHandler.release(); | kerberosHandler.release(); |
if (itFailed) | if (itFailed) |
|
|
{ | { |
handler.reset(0); | handler.reset(0); |
} | } |
// L10N TODO DONE |
|
//Logger::put(Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE, |
|
//"CIMOM server authentication handler for Kerberos failed to initialize properly. The CIMOM server is not started."); |
|
Logger::put_l(Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE, | Logger::put_l(Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE, |
"Security.Authentication.AuthenticationManager.AUTHENTICATION_HANDLER_KERBEROS_FAILED_TO_INITIALIZE", |
"Security.Authentication.AuthenticationManager." |
"CIMOM server authentication handler for Kerberos failed to initialize properly. The CIMOM server is not started."); |
"AUTHENTICATION_HANDLER_KERBEROS_FAILED_TO_INITIALIZE", |
// end the server because Kerberos could not initialized. |
"CIMOM server authentication handler for Kerberos failed to " |
MessageLoaderParms parms( "Security.Authentication.AuthenticationManager.AUTHENTICATION_HANDLER_KERBEROS_FAILED_TO_INITIALIZE", |
"initialize properly."); |
"CIMOM server authentication handler for Kerberos failed to initialize properly. The CIMOM server is not started."); |
MessageLoaderParms parms( |
|
"Security.Authentication.AuthenticationManager." |
|
"AUTHENTICATION_HANDLER_KERBEROS_FAILED_TO_INITIALIZE", |
|
"CIMOM server authentication handler for Kerberos failed to " |
|
"initialize properly."); |
throw Exception(parms); | throw Exception(parms); |
} | } |
} | } |
|
|
} | } |
| |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
return ( handler.release() ); |
return handler.release(); |
} | } |
| |
|
|
PEGASUS_NAMESPACE_END | PEGASUS_NAMESPACE_END |
|
|