version 1.4, 2002/02/23 00:27:20
|
version 1.33, 2008/05/12 09:14:56
|
|
|
//%///////////////////////////////////////////////////////////////////////////// |
//%2006//////////////////////////////////////////////////////////////////////// |
// |
|
// Copyright (c) 2000, 2001 BMC Software, Hewlett-Packard Company, IBM, |
|
// The Open Group, Tivoli Systems |
|
// | // |
// Permission is hereby granted, free of charge, to any person obtaining a |
// Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development |
// copy of this software and associated documentation files (the "Software"), |
// Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems. |
// to deal in the Software without restriction, including without limitation |
// Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.; |
// the rights to use, copy, modify, merge, publish, distribute, sublicense, |
// IBM Corp.; EMC Corporation, The Open Group. |
// and/or sell copies of the Software, and to permit persons to whom the |
// Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.; |
// Software is furnished to do so, subject to the following conditions: |
// IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group. |
// |
// Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.; |
// The above copyright notice and this permission notice shall be included in |
// EMC Corporation; VERITAS Software Corporation; The Open Group. |
// all copies of substantial portions of this software. |
// Copyright (c) 2006 Hewlett-Packard Development Company, L.P.; IBM Corp.; |
// |
// EMC Corporation; Symantec Corporation; The Open Group. |
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
// |
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
// Permission is hereby granted, free of charge, to any person obtaining a copy |
// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL |
// of this software and associated documentation files (the "Software"), to |
// THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
// deal in the Software without restriction, including without limitation the |
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING |
// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or |
// FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER |
// sell copies of the Software, and to permit persons to whom the Software is |
// DEALINGS IN THE SOFTWARE. |
// furnished to do so, subject to the following conditions: |
|
// |
|
// THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN |
|
// ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED |
|
// "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT |
|
// LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR |
|
// PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT |
|
// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN |
|
// ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION |
|
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
// | // |
//============================================================================== | //============================================================================== |
// | // |
// Author: Nag Boranna, Hewlett-Packard Company(nagaraja_boranna@hp.com) |
|
// |
|
// Modified By: |
|
// |
|
//%///////////////////////////////////////////////////////////////////////////// | //%///////////////////////////////////////////////////////////////////////////// |
| |
#include <Pegasus/Common/System.h> | #include <Pegasus/Common/System.h> |
#include <Pegasus/Common/XmlWriter.h> | #include <Pegasus/Common/XmlWriter.h> |
#include <Pegasus/Common/Destroyer.h> |
|
#include <Pegasus/Common/Tracer.h> | #include <Pegasus/Common/Tracer.h> |
|
#include <Pegasus/Common/PegasusVersion.h> |
|
#include <Pegasus/Common/HTTPMessage.h> |
|
|
#include <Pegasus/Config/ConfigManager.h> | #include <Pegasus/Config/ConfigManager.h> |
#include <Pegasus/Security/Authentication/LocalAuthenticationHandler.h> |
|
#include <Pegasus/Security/Authentication/BasicAuthenticationHandler.h> |
#include "LocalAuthenticationHandler.h" |
|
#include "BasicAuthenticationHandler.h" |
#include "AuthenticationManager.h" | #include "AuthenticationManager.h" |
| |
|
#include <Pegasus/Common/AutoPtr.h> |
|
|
|
#ifdef PEGASUS_KERBEROS_AUTHENTICATION |
|
#include "KerberosAuthenticationHandler.h" |
|
#endif |
|
|
|
|
PEGASUS_USING_STD; | PEGASUS_USING_STD; |
| |
PEGASUS_NAMESPACE_BEGIN | PEGASUS_NAMESPACE_BEGIN |
|
|
// | // |
AuthenticationManager::AuthenticationManager() | AuthenticationManager::AuthenticationManager() |
{ | { |
const char METHOD_NAME[] = "AuthenticationManager::AuthenticationManager()"; |
PEG_METHOD_ENTER( |
|
TRC_AUTHENTICATION, "AuthenticationManager::AuthenticationManager()"); |
PEG_FUNC_ENTER(TRC_AUTHENTICATION, METHOD_NAME); |
|
| |
// | // |
// get authentication handler |
// get authentication handlers |
// | // |
_localAuthHandler = _getLocalAuthHandler(); | _localAuthHandler = _getLocalAuthHandler(); |
| |
_httpAuthHandler = _getHttpAuthHandler(); | _httpAuthHandler = _getHttpAuthHandler(); |
| |
// |
PEG_METHOD_EXIT(); |
// Build the Basic authentication challenge header |
|
// "hostname" + ":" + "portNo" using the hostname and port number |
|
// |
|
|
|
// |
|
// get the local system name |
|
// |
|
_realm.assign(System::getHostName()); |
|
|
|
// |
|
// get the configured port number |
|
// |
|
ConfigManager* configManager = ConfigManager::getInstance(); |
|
|
|
String port = configManager->getCurrentValue("port"); |
|
|
|
_realm.append(":"); |
|
_realm.append(port); |
|
|
|
PEG_FUNC_EXIT(TRC_AUTHENTICATION, METHOD_NAME); |
|
} | } |
| |
// | // |
|
|
// | // |
AuthenticationManager::~AuthenticationManager() | AuthenticationManager::~AuthenticationManager() |
{ | { |
const char METHOD_NAME[] = "AuthenticationManager::~AuthenticationManager()"; |
PEG_METHOD_ENTER( |
|
TRC_AUTHENTICATION, "AuthenticationManager::~AuthenticationManager()"); |
PEG_FUNC_ENTER(TRC_AUTHENTICATION, METHOD_NAME); |
|
| |
// | // |
// delete authentication handler |
// delete authentication handlers |
// | // |
if (_localAuthHandler) |
|
{ |
|
delete _localAuthHandler; | delete _localAuthHandler; |
} |
|
if (_httpAuthHandler) |
|
{ |
|
delete _httpAuthHandler; | delete _httpAuthHandler; |
|
|
|
PEG_METHOD_EXIT(); |
} | } |
| |
PEG_FUNC_EXIT(TRC_AUTHENTICATION, METHOD_NAME); |
Boolean AuthenticationManager::isRemotePrivilegedUserAccessAllowed( |
|
String & userName) |
|
{ |
|
// |
|
// Reject access if the user is privileged and remote privileged user |
|
// access is not enabled. |
|
// |
|
if (!ConfigManager::parseBooleanValue(ConfigManager::getInstance()-> |
|
getCurrentValue("enableRemotePrivilegedUserAccess")) |
|
&& System::isPrivilegedUser(userName)) |
|
{ |
|
PEG_TRACE((TRC_AUTHENTICATION, Tracer::LEVEL2, |
|
"Authentication failed for user '%s' because " |
|
"enableRemotePrivilegedUserAccess is not set to 'true'.", |
|
(const char*) userName.getCString())); |
|
Logger::put_l( |
|
Logger::STANDARD_LOG, System::CIMSERVER, Logger::INFORMATION, |
|
"Security.Authentication.BasicAuthenticationHandler." |
|
"PRIVILEGED_ACCESS_DISABLED", |
|
"Authentication failed for user '$0' because " |
|
"enableRemotePrivilegedUserAccess is not set to 'true'.", |
|
userName); |
|
return false; |
|
} |
|
return true; |
} | } |
| |
// | // |
// Perform http authentication | // Perform http authentication |
// | // |
Boolean AuthenticationManager::performHttpAuthentication |
Boolean AuthenticationManager::performHttpAuthentication( |
( |
|
const String& authHeader, | const String& authHeader, |
AuthenticationInfo* authInfo |
AuthenticationInfo* authInfo) |
) |
|
{ | { |
const char METHOD_NAME[] = "AuthenticationManager::performHttpAuthentication()"; |
PEG_METHOD_ENTER(TRC_AUTHENTICATION, |
|
"AuthenticationManager::performHttpAuthentication()"); |
PEG_FUNC_ENTER(TRC_AUTHENTICATION, METHOD_NAME); |
|
| |
Boolean authenticated = false; |
String authType; |
|
String cookie; |
String type = String::EMPTY; |
|
String userName = String::EMPTY; |
|
String cookie = String::EMPTY; |
|
|
|
// |
|
// Check whether the auth header has the authentication |
|
// information or not and call authentication handlers |
|
// authenticate method. |
|
// |
|
_parseAuthHeader(authHeader, type, userName, cookie); |
|
| |
// | // |
// Check if the user is already authenticated |
// Parse the HTTP authentication header for authentication information |
// | // |
if (authInfo->isAuthenticated() && authInfo->isPrivileged() && |
if ( !HTTPMessage::parseHttpAuthHeader(authHeader, authType, cookie) ) |
String::equal(userName, authInfo->getAuthenticatedUser())) |
|
{ | { |
PEG_FUNC_EXIT(TRC_AUTHENTICATION, METHOD_NAME); |
PEG_TRACE(( |
return true; |
TRC_DISCARDED_DATA, |
|
Tracer::LEVEL2, |
|
"HTTPAuthentication failed. " |
|
"Malformed HTTP authentication header: %s", |
|
(const char*)authHeader.getCString())); |
|
PEG_METHOD_EXIT(); |
|
return false; |
} | } |
| |
// |
Boolean authenticated = false; |
// get the configured authentication type |
|
// |
|
ConfigManager* configManager = ConfigManager::getInstance(); |
|
|
|
String authType = configManager->getCurrentValue("httpAuthType"); |
|
| |
// | // |
// Check whether the auth header has the authentication |
// Check the authenticationinformation and do the authentication |
// information or not. |
|
// |
|
if (String::equalNoCase(authHeader, "Basic")) |
|
{ |
|
// |
|
// Check if Basic authentication is supported or not. |
|
// | // |
if (!String::equalNoCase(authType, "Basic")) |
if ( String::equalNoCase(authType, "Basic") && |
|
String::equalNoCase(_httpAuthType, "Basic") ) |
{ | { |
// ATTN: Log basic authentication not supported message |
authenticated = _httpAuthHandler->authenticate(cookie, authInfo); |
PEG_FUNC_EXIT(TRC_AUTHENTICATION, METHOD_NAME); |
|
return ( authenticated ); |
|
} | } |
|
#ifdef PEGASUS_KERBEROS_AUTHENTICATION |
Uint32 pos = authHeader.find("Basic"); |
else if ( String::equalNoCase(authType, "Negotiate") && |
|
String::equalNoCase(_httpAuthType, "Kerberos") ) |
if (authHeader.size() > (pos + 5)) |
|
{ | { |
cookie = authHeader.subString(pos + 6); |
|
} |
|
|
|
authenticated = _httpAuthHandler->authenticate(cookie, authInfo); | authenticated = _httpAuthHandler->authenticate(cookie, authInfo); |
} | } |
// else ATTN: add code for digest authentication |
#endif |
|
// FUTURE: Add code to check for "Digest" when digest |
// else ATTN: Log authentication type not supported message |
// authentication is implemented. |
| |
if (authenticated) | if (authenticated) |
{ | { |
authInfo->setAuthStatus(AuthenticationInfo::AUTHENTICATED); |
authInfo->setAuthType(authType); |
|
|
authInfo->setAuthType(type); |
|
} | } |
| |
PEG_FUNC_EXIT(TRC_AUTHENTICATION, METHOD_NAME); |
PEG_METHOD_EXIT(); |
| |
return ( authenticated ); |
return authenticated; |
} | } |
| |
// | // |
// Perform pegasus sepcific local authentication | // Perform pegasus sepcific local authentication |
// | // |
Boolean AuthenticationManager::performPegasusAuthentication |
Boolean AuthenticationManager::performPegasusAuthentication( |
( |
|
const String& authHeader, | const String& authHeader, |
AuthenticationInfo* authInfo |
AuthenticationInfo* authInfo) |
) |
|
{ | { |
const char METHOD_NAME[] = "AuthenticationManager::performPegasusAuthentication()"; |
PEG_METHOD_ENTER(TRC_AUTHENTICATION, |
|
"AuthenticationManager::performPegasusAuthentication()"); |
PEG_FUNC_ENTER(TRC_AUTHENTICATION, METHOD_NAME); |
|
| |
Boolean authenticated = false; | Boolean authenticated = false; |
| |
String authType = String::EMPTY; |
String authType; |
String userName = String::EMPTY; |
String userName; |
String cookie = String::EMPTY; |
String cookie; |
|
|
// |
// |
// Check whether the auth header has the authentication |
// Parse the pegasus authentication header authentication information |
// information or not and call authentication handlers |
// |
// authenticate method. |
if ( !HTTPMessage::parseLocalAuthHeader(authHeader, |
// |
authType, userName, cookie) ) |
_parseAuthHeader(authHeader, authType, userName, cookie); |
{ |
|
PEG_TRACE(( |
|
TRC_DISCARDED_DATA, |
// |
Tracer::LEVEL2, |
// Check if the user is already authenticated |
"PegasusAuthentication failed. " |
// |
"Malformed Pegasus authentication header: %s", |
if (authInfo->isAuthenticated() && authInfo->isPrivileged() && |
(const char*)authHeader.getCString())); |
String::equal(userName, authInfo->getAuthenticatedUser())) |
PEG_METHOD_EXIT(); |
{ |
|
PEG_FUNC_EXIT(TRC_AUTHENTICATION, METHOD_NAME); |
|
return true; |
|
} |
|
|
|
// |
|
// Check if the authentication information is present |
|
// |
|
if (String::equal(cookie, String::EMPTY)) |
|
{ |
|
PEG_FUNC_EXIT(TRC_AUTHENTICATION, METHOD_NAME); |
|
return false; | return false; |
} | } |
| |
|
// The HTTPAuthenticatorDelegator ensures only local authentication |
|
// requests get here. |
|
PEGASUS_ASSERT(authType == "Local"); |
|
|
authenticated = | authenticated = |
_localAuthHandler->authenticate(cookie, authInfo); | _localAuthHandler->authenticate(cookie, authInfo); |
| |
if (authenticated) | if (authenticated) |
{ | { |
authInfo->setAuthStatus(AuthenticationInfo::AUTHENTICATED); |
|
|
|
if ( String::equal(authType, "LocalPrivileged") ) |
|
{ |
|
authInfo->setPrivileged(true); |
|
} |
|
else |
|
{ |
|
authInfo->setPrivileged(false); |
|
} |
|
|
|
authInfo->setAuthType(authType); | authInfo->setAuthType(authType); |
} | } |
| |
PEG_FUNC_EXIT(TRC_AUTHENTICATION, METHOD_NAME); |
PEG_METHOD_EXIT(); |
| |
return ( authenticated ); |
return authenticated; |
} | } |
| |
// | // |
// Get pegasus/local authentication response header |
// Validate user. |
// | // |
String AuthenticationManager::getPegasusAuthResponseHeader |
Boolean AuthenticationManager::validateUserForHttpAuth (const String& userName) |
( |
|
const String& authHeader, |
|
AuthenticationInfo* authInfo |
|
) |
|
{ | { |
const char METHOD_NAME[] = "AuthenticationManager::getPegasusAuthResponseHeader()"; |
return _httpAuthHandler->validateUser(userName); |
|
} |
PEG_FUNC_ENTER(TRC_AUTHENTICATION, METHOD_NAME); |
|
|
|
String authType = String::EMPTY; |
|
String userName = String::EMPTY; |
|
String cookie = String::EMPTY; |
|
|
|
// |
|
// Check whether the auth header has the authentication |
|
// information or not and call authentication handlers |
|
// authenticate method. |
|
// |
|
_parseAuthHeader(authHeader, authType, userName, cookie); |
|
| |
// | // |
// Check if the authentication information is present |
// Get pegasus/local authentication response header |
// | // |
if (String::equal(userName, String::EMPTY)) |
String AuthenticationManager::getPegasusAuthResponseHeader( |
|
const String& authHeader, |
|
AuthenticationInfo* authInfo) |
{ | { |
// |
PEG_METHOD_ENTER(TRC_AUTHENTICATION, |
// User name can not be empty |
"AuthenticationManager::getPegasusAuthResponseHeader()"); |
// |
|
// ATTN: throw an exception |
|
PEG_FUNC_EXIT(TRC_AUTHENTICATION, METHOD_NAME); |
|
return (String::EMPTY); |
|
} |
|
| |
PEG_FUNC_EXIT(TRC_AUTHENTICATION, METHOD_NAME); |
String respHeader; |
| |
return(_localAuthHandler->getAuthResponseHeader(authType, userName, authInfo)); |
String authType; |
} |
String userName; |
|
String cookie; |
| |
// | // |
// Get HTTP authentication response header |
// Parse the pegasus authentication header authentication information |
// | // |
String AuthenticationManager::getHttpAuthResponseHeader() |
if ( !HTTPMessage::parseLocalAuthHeader(authHeader, |
|
authType, userName, cookie) ) |
{ | { |
const char METHOD_NAME[] = "AuthenticationManager::getHttpAuthResponseHeader()"; |
PEG_METHOD_EXIT(); |
|
return respHeader; |
PEG_FUNC_ENTER(TRC_AUTHENTICATION, METHOD_NAME); |
|
|
|
PEG_FUNC_EXIT(TRC_AUTHENTICATION, METHOD_NAME); |
|
|
|
return (_httpAuthHandler->getAuthResponseHeader(_realm)); |
|
} | } |
| |
// | // |
// parse the authentication header |
// User name can not be empty |
// | // |
void AuthenticationManager::_parseAuthHeader( |
if (String::equal(userName, String::EMPTY)) |
const String& authHeader, String& authType, String& userName, String& cookie) |
|
{ | { |
const char METHOD_NAME[] = "AuthenticationManager::_parseAuthHeader()"; |
PEG_METHOD_EXIT(); |
|
return respHeader; |
|
} |
| |
PEG_FUNC_ENTER(TRC_AUTHENTICATION, METHOD_NAME); |
respHeader = |
|
_localAuthHandler->getAuthResponseHeader(authType, userName, authInfo); |
| |
Uint32 pos; |
PEG_METHOD_EXIT(); |
| |
if ( (pos = authHeader.find("LocalPrivileged")) == PEG_NOT_FOUND ) |
return respHeader; |
{ |
|
if ( (pos = authHeader.find("Local")) == PEG_NOT_FOUND ) |
|
{ |
|
// |
|
//Invalid authorization header |
|
// |
|
//ATTN: throw exception |
|
PEG_FUNC_EXIT(TRC_AUTHENTICATION, METHOD_NAME); |
|
return; |
|
} |
|
} |
|
| |
Uint32 startQuote = authHeader.find(pos, '"'); |
|
if (startQuote == PEG_NOT_FOUND) |
|
{ |
|
// |
|
//Invalid authorization header |
|
// |
|
//ATTN: throw exception |
|
PEG_FUNC_EXIT(TRC_AUTHENTICATION, METHOD_NAME); |
|
return; |
|
} | } |
| |
Uint32 endQuote = authHeader.find(startQuote + 1, '"'); |
|
if (endQuote == PEG_NOT_FOUND) |
|
{ |
|
// | // |
//Invalid authorization header |
// Get HTTP authentication response header |
// | // |
//ATTN: throw exception |
#ifdef PEGASUS_KERBEROS_AUTHENTICATION |
PEG_FUNC_EXIT(TRC_AUTHENTICATION, METHOD_NAME); |
String AuthenticationManager::getHttpAuthResponseHeader( |
return; |
AuthenticationInfo* authInfo) |
} |
#else |
|
String AuthenticationManager::getHttpAuthResponseHeader() |
authType = authHeader.subString(pos, (startQuote - pos) - 1); |
#endif |
|
{ |
String temp = authHeader.subString( |
PEG_METHOD_ENTER(TRC_AUTHENTICATION, |
startQuote + 1, (endQuote - startQuote - 1)); |
"AuthenticationManager::getHttpAuthResponseHeader()"); |
| |
Uint32 colonPos; |
#ifdef PEGASUS_KERBEROS_AUTHENTICATION |
|
String respHeader = _httpAuthHandler->getAuthResponseHeader( |
|
String::EMPTY, String::EMPTY, authInfo); |
|
#else |
|
String respHeader = _httpAuthHandler->getAuthResponseHeader(); |
|
#endif |
| |
if ((colonPos = temp.find(0, ':')) == PEG_NOT_FOUND) |
PEG_METHOD_EXIT(); |
{ |
|
userName = temp; |
|
PEG_FUNC_EXIT(TRC_AUTHENTICATION, METHOD_NAME); |
|
return; |
|
} |
|
else |
|
{ |
|
userName = temp.subString(0, colonPos); |
|
cookie = temp; |
|
} |
|
| |
PEG_FUNC_EXIT(TRC_AUTHENTICATION, METHOD_NAME); |
return respHeader; |
} | } |
| |
// | // |
|
|
// | // |
Authenticator* AuthenticationManager::_getLocalAuthHandler() | Authenticator* AuthenticationManager::_getLocalAuthHandler() |
{ | { |
const char METHOD_NAME[] = "AuthenticationManager::_getLocalAuthHandler()"; |
PEG_METHOD_ENTER( |
|
TRC_AUTHENTICATION, "AuthenticationManager::_getLocalAuthHandler()"); |
PEG_FUNC_ENTER(TRC_AUTHENTICATION, METHOD_NAME); |
|
| |
PEG_FUNC_EXIT(TRC_AUTHENTICATION, METHOD_NAME); |
PEG_METHOD_EXIT(); |
// | // |
// create and return a local authentication handler. | // create and return a local authentication handler. |
// | // |
return (new LocalAuthenticationHandler()); |
return new LocalAuthenticationHandler(); |
} | } |
| |
| |
|
|
// | // |
Authenticator* AuthenticationManager::_getHttpAuthHandler() | Authenticator* AuthenticationManager::_getHttpAuthHandler() |
{ | { |
const char METHOD_NAME[] = "AuthenticationManager::_getHttpAuthHandler()"; |
PEG_METHOD_ENTER( |
|
TRC_AUTHENTICATION, "AuthenticationManager::_getHttpAuthHandler()"); |
PEG_FUNC_ENTER(TRC_AUTHENTICATION, METHOD_NAME); |
AutoPtr<Authenticator> handler; |
|
|
Authenticator* handler = 0; |
|
| |
// | // |
// get the configured/default authentication type |
// get the configured authentication type |
// | // |
ConfigManager* configManager = ConfigManager::getInstance(); |
AutoPtr<ConfigManager> configManager(ConfigManager::getInstance()); |
|
|
String authType = configManager->getCurrentValue("httpAuthType"); |
|
| |
|
_httpAuthType = configManager->getCurrentValue("httpAuthType"); |
|
configManager.release(); |
// | // |
// If Basic authentication is configured then |
// create a authentication handler. |
// create a basic authentication handler. |
|
// | // |
if (String::equal(authType, "Basic")) |
if ( String::equalNoCase(_httpAuthType, "Basic") ) |
{ | { |
handler = (Authenticator* ) new BasicAuthenticationHandler( ); |
handler.reset((Authenticator* ) new BasicAuthenticationHandler( )); |
} | } |
|
#ifdef PEGASUS_KERBEROS_AUTHENTICATION |
//ATTN: add support for Digest authentication. |
else if ( String::equalNoCase(_httpAuthType, "Kerberos") ) |
//else if (authType.equalNoCase("Digest")) |
{ |
|
handler.reset((Authenticator*) new KerberosAuthenticationHandler()); |
|
AutoPtr<KerberosAuthenticationHandler> kerberosHandler( |
|
(KerberosAuthenticationHandler *)handler.get()); |
|
int itFailed = kerberosHandler->initialize(); |
|
kerberosHandler.release(); |
|
if (itFailed) |
|
{ |
|
if (handler.get()) |
|
{ |
|
handler.reset(0); |
|
} |
|
Logger::put_l(Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE, |
|
"Security.Authentication.AuthenticationManager." |
|
"AUTHENTICATION_HANDLER_KERBEROS_FAILED_TO_INITIALIZE", |
|
"CIMOM server authentication handler for Kerberos failed to " |
|
"initialize properly."); |
|
MessageLoaderParms parms( |
|
"Security.Authentication.AuthenticationManager." |
|
"AUTHENTICATION_HANDLER_KERBEROS_FAILED_TO_INITIALIZE", |
|
"CIMOM server authentication handler for Kerberos failed to " |
|
"initialize properly."); |
|
throw Exception(parms); |
|
} |
|
} |
|
#endif |
|
// FUTURE: uncomment these line when Digest authentication |
|
// is implemented. |
|
// |
|
//else if (String::equalNoCase(_httpAuthType, "Digest")) |
//{ | //{ |
// handler = (Authenticator* ) new DigestAuthenticationHandler( ); | // handler = (Authenticator* ) new DigestAuthenticationHandler( ); |
//} | //} |
|
else |
PEG_FUNC_EXIT(TRC_AUTHENTICATION, METHOD_NAME); |
{ |
|
// |
return ( handler ); |
// This should never happen. Gets here only if Security Config |
|
// property owner has not validated the configured http auth type. |
|
// |
|
PEGASUS_ASSERT(0); |
} | } |
| |
|
PEG_METHOD_EXIT(); |
|
return handler.release(); |
|
} |
| |
PEGASUS_NAMESPACE_END | PEGASUS_NAMESPACE_END |
|
|