pegasus/src/Pegasus/Security/Authentication/AuthenticationManager.cpp - diff

Return to AuthenticationManager.cpp CVS log

Up to [Pegasus] / pegasus / src / Pegasus / Security / Authentication

Diff for /pegasus/src/Pegasus/Security/Authentication/AuthenticationManager.cpp between version 1.33 and 1.44

version 1.33, 2008/05/12 09:14:56

version 1.44, 2013/06/05 14:09:26

Line 1

//%2006////////////////////////////////////////////////////////////////////////

//%LICENSE////////////////////////////////////////////////////////////////

// Licensed to The Open Group (TOG) under one or more contributor license

// Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems.

// agreements. Refer to the OpenPegasusNOTICE.txt file distributed with

// this work for additional information regarding copyright ownership.

// IBM Corp.; EMC Corporation, The Open Group.

// Each contributor licenses this file to you under the OpenPegasus Open

// Source License; you may not use this file except in compliance with the

// IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group.

// License.

// EMC Corporation; VERITAS Software Corporation; The Open Group.

// Permission is hereby granted, free of charge, to any person obtaining a

// copy of this software and associated documentation files (the "Software"),

// EMC Corporation; Symantec Corporation; The Open Group.

// to deal in the Software without restriction, including without limitation

// the rights to use, copy, modify, merge, publish, distribute, sublicense,

// Permission is hereby granted, free of charge, to any person obtaining a copy

// and/or sell copies of the Software, and to permit persons to whom the

// of this software and associated documentation files (the "Software"), to

// Software is furnished to do so, subject to the following conditions:

// deal in the Software without restriction, including without limitation the

// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or

// The above copyright notice and this permission notice shall be included

// sell copies of the Software, and to permit persons to whom the Software is

// in all copies or substantial portions of the Software.

// furnished to do so, subject to the following conditions:

// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS

// THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN

// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF

// ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED

// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.

// "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT

// IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY

// LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR

// CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,

// PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT

// TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE

// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN

// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

// ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION

// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

//==============================================================================

//////////////////////////////////////////////////////////////////////////

//%/////////////////////////////////////////////////////////////////////////////

Line 100

Line 98

getCurrentValue("enableRemotePrivilegedUserAccess"))

&& System::isPrivilegedUser(userName))

{

PEG_TRACE((TRC_AUTHENTICATION, Tracer::LEVEL2,

"Authentication failed for user '%s' because "

"enableRemotePrivilegedUserAccess is not set to 'true'.",

(const char*) userName.getCString()));

Logger::put_l(

Logger::STANDARD_LOG, System::CIMSERVER, Logger::INFORMATION,

MessageLoaderParms(

"Security.Authentication.BasicAuthenticationHandler."

"PRIVILEGED_ACCESS_DISABLED",

"Authentication failed for user '$0' because "

"enableRemotePrivilegedUserAccess is not set to 'true'.",

userName);

userName));

return false;

}

return true;

Line 119

Line 114

// Perform http authentication

Boolean AuthenticationManager::performHttpAuthentication(

AuthenticationStatus AuthenticationManager::performHttpAuthentication(

const String& authHeader,

AuthenticationInfo* authInfo)

{

Line 136

Line 131

{

PEG_TRACE((

TRC_DISCARDED_DATA,

Tracer::LEVEL2,

Tracer::LEVEL1,

"HTTPAuthentication failed. "

"Malformed HTTP authentication header: %s",

(const char*)authHeader.getCString()));

PEG_METHOD_EXIT();

return false;

return AuthenticationStatus(AUTHSC_UNAUTHORIZED);

}

Boolean authenticated = false;

AuthenticationStatus authStatus(AUTHSC_UNAUTHORIZED);

// Check the authenticationinformation and do the authentication

if ( String::equalNoCase(authType, "Basic") &&

String::equalNoCase(_httpAuthType, "Basic") )

String::equal(_httpAuthType, "Basic") )

{

authenticated = _httpAuthHandler->authenticate(cookie, authInfo);

authStatus = _httpAuthHandler->authenticate(cookie, authInfo);

}

#ifdef PEGASUS_KERBEROS_AUTHENTICATION

else if ( String::equalNoCase(authType, "Negotiate") &&

String::equalNoCase(_httpAuthType, "Kerberos") )

String::equal(_httpAuthType, "Kerberos") )

{

authenticated = _httpAuthHandler->authenticate(cookie, authInfo);

authStatus = _httpAuthHandler->authenticate(cookie, authInfo);

}

#endif

// FUTURE: Add code to check for "Digest" when digest

// authentication is implemented.

if ( authenticated )

if ( authStatus.isSuccess() )

{

authInfo->setAuthType(authType);

}

PEG_METHOD_EXIT();

return authenticated;

return authStatus;

}

// Perform pegasus sepcific local authentication

Boolean AuthenticationManager::performPegasusAuthentication(

AuthenticationStatus AuthenticationManager::performPegasusAuthentication(

const String& authHeader,

AuthenticationInfo* authInfo)

{

PEG_METHOD_ENTER(TRC_AUTHENTICATION,

"AuthenticationManager::performPegasusAuthentication()");

Boolean authenticated = false;

AuthenticationStatus authStatus(AUTHSC_UNAUTHORIZED);

String authType;

String userName;

Line 198

Line 193

{

PEG_TRACE((

TRC_DISCARDED_DATA,

Tracer::LEVEL2,

Tracer::LEVEL1,

"PegasusAuthentication failed. "

"Malformed Pegasus authentication header: %s",

(const char*)authHeader.getCString()));

PEG_METHOD_EXIT();

return false;

return AuthenticationStatus(AUTHSC_UNAUTHORIZED);

}

// The HTTPAuthenticatorDelegator ensures only local authentication

// requests get here.

PEGASUS_ASSERT(authType == "Local");

authenticated =

authStatus = _localAuthHandler->authenticate(cookie, authInfo);

_localAuthHandler->authenticate(cookie, authInfo);

if ( authenticated )

if ( authStatus.isSuccess() )

{

authInfo->setAuthType(authType);

}

PEG_METHOD_EXIT();

return authenticated;

return authStatus;

}

// Validate user.

Boolean AuthenticationManager::validateUserForHttpAuth (const String& userName)

AuthenticationStatus AuthenticationManager::validateUserForHttpAuth(

const String& userName,

AuthenticationInfo* authInfo)

{

return _httpAuthHandler->validateUser(userName);

return _httpAuthHandler->validateUser(userName,authInfo);

}

Line 270

Line 266

_localAuthHandler->getAuthResponseHeader(authType, userName, authInfo);

PEG_METHOD_EXIT();

return respHeader;

}

Line 296

Line 291

#endif

PEG_METHOD_EXIT();

return respHeader;

}

Line 335

Line 329

// create a authentication handler.

if ( String::equalNoCase(_httpAuthType, "Basic") )

if ( String::equal(_httpAuthType, "Basic") )

{

handler.reset((Authenticator* ) new BasicAuthenticationHandler( ));

}

#ifdef PEGASUS_KERBEROS_AUTHENTICATION

else if ( String::equalNoCase(_httpAuthType, "Kerberos") )

else if ( String::equal(_httpAuthType, "Kerberos") )

{

handler.reset((Authenticator*) new KerberosAuthenticationHandler());

AutoPtr<KerberosAuthenticationHandler> kerberosHandler(

Line 353

Line 347

{

handler.reset(0);

}

Logger::put_l(Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE,

"Security.Authentication.AuthenticationManager."

"AUTHENTICATION_HANDLER_KERBEROS_FAILED_TO_INITIALIZE",

"CIMOM server authentication handler for Kerberos failed to "

"initialize properly.");

MessageLoaderParms parms(

"Security.Authentication.AuthenticationManager."

"AUTHENTICATION_HANDLER_KERBEROS_FAILED_TO_INITIALIZE",

"CIMOM server authentication handler for Kerberos failed to "

"initialize properly.");

Logger::put_l(Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE,

parms);

throw Exception(parms);

}

Line 370

Line 361

// FUTURE: uncomment these line when Digest authentication

// is implemented.

//else if (String::equalNoCase(_httpAuthType, "Digest"))

//else if (String::equal(_httpAuthType, "Digest"))

//{

// handler = (Authenticator* ) new DigestAuthenticationHandler( );

//}

Line 380

Line 371

// This should never happen. Gets here only if Security Config

// property owner has not validated the configured http auth type.

PEGASUS_ASSERT(0);

PEGASUS_UNREACHABLE(PEGASUS_ASSERT(0);)

}

PEG_METHOD_EXIT();

Legend:

Removed from v.1.33
changed lines
	Added in v.1.44

No CVS admin address has been configured