version 1.33, 2008/05/12 09:14:56
|
version 1.44, 2013/06/05 14:09:26
|
|
|
//%2006//////////////////////////////////////////////////////////////////////// |
//%LICENSE//////////////////////////////////////////////////////////////// |
// | // |
// Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development |
// Licensed to The Open Group (TOG) under one or more contributor license |
// Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems. |
// agreements. Refer to the OpenPegasusNOTICE.txt file distributed with |
// Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.; |
// this work for additional information regarding copyright ownership. |
// IBM Corp.; EMC Corporation, The Open Group. |
// Each contributor licenses this file to you under the OpenPegasus Open |
// Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.; |
// Source License; you may not use this file except in compliance with the |
// IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group. |
// License. |
// Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.; |
// |
// EMC Corporation; VERITAS Software Corporation; The Open Group. |
// Permission is hereby granted, free of charge, to any person obtaining a |
// Copyright (c) 2006 Hewlett-Packard Development Company, L.P.; IBM Corp.; |
// copy of this software and associated documentation files (the "Software"), |
// EMC Corporation; Symantec Corporation; The Open Group. |
// to deal in the Software without restriction, including without limitation |
// |
// the rights to use, copy, modify, merge, publish, distribute, sublicense, |
// Permission is hereby granted, free of charge, to any person obtaining a copy |
// and/or sell copies of the Software, and to permit persons to whom the |
// of this software and associated documentation files (the "Software"), to |
// Software is furnished to do so, subject to the following conditions: |
// deal in the Software without restriction, including without limitation the |
// |
// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or |
// The above copyright notice and this permission notice shall be included |
// sell copies of the Software, and to permit persons to whom the Software is |
// in all copies or substantial portions of the Software. |
// furnished to do so, subject to the following conditions: |
// |
// |
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS |
// THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN |
// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF |
// ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED |
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. |
// "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT |
// IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY |
// LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR |
// CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, |
// PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT |
// TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE |
// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN |
// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
// ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION |
|
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
|
// | // |
//============================================================================== |
////////////////////////////////////////////////////////////////////////// |
// | // |
//%///////////////////////////////////////////////////////////////////////////// | //%///////////////////////////////////////////////////////////////////////////// |
| |
|
|
getCurrentValue("enableRemotePrivilegedUserAccess")) | getCurrentValue("enableRemotePrivilegedUserAccess")) |
&& System::isPrivilegedUser(userName)) | && System::isPrivilegedUser(userName)) |
{ | { |
PEG_TRACE((TRC_AUTHENTICATION, Tracer::LEVEL2, |
|
"Authentication failed for user '%s' because " |
|
"enableRemotePrivilegedUserAccess is not set to 'true'.", |
|
(const char*) userName.getCString())); |
|
Logger::put_l( | Logger::put_l( |
Logger::STANDARD_LOG, System::CIMSERVER, Logger::INFORMATION, | Logger::STANDARD_LOG, System::CIMSERVER, Logger::INFORMATION, |
|
MessageLoaderParms( |
"Security.Authentication.BasicAuthenticationHandler." | "Security.Authentication.BasicAuthenticationHandler." |
"PRIVILEGED_ACCESS_DISABLED", | "PRIVILEGED_ACCESS_DISABLED", |
"Authentication failed for user '$0' because " | "Authentication failed for user '$0' because " |
"enableRemotePrivilegedUserAccess is not set to 'true'.", | "enableRemotePrivilegedUserAccess is not set to 'true'.", |
userName); |
userName)); |
return false; | return false; |
} | } |
return true; | return true; |
|
|
// | // |
// Perform http authentication | // Perform http authentication |
// | // |
Boolean AuthenticationManager::performHttpAuthentication( |
AuthenticationStatus AuthenticationManager::performHttpAuthentication( |
const String& authHeader, | const String& authHeader, |
AuthenticationInfo* authInfo) | AuthenticationInfo* authInfo) |
{ | { |
|
|
{ | { |
PEG_TRACE(( | PEG_TRACE(( |
TRC_DISCARDED_DATA, | TRC_DISCARDED_DATA, |
Tracer::LEVEL2, |
Tracer::LEVEL1, |
"HTTPAuthentication failed. " | "HTTPAuthentication failed. " |
"Malformed HTTP authentication header: %s", | "Malformed HTTP authentication header: %s", |
(const char*)authHeader.getCString())); | (const char*)authHeader.getCString())); |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
return false; |
return AuthenticationStatus(AUTHSC_UNAUTHORIZED); |
} | } |
| |
Boolean authenticated = false; |
AuthenticationStatus authStatus(AUTHSC_UNAUTHORIZED); |
| |
// | // |
// Check the authenticationinformation and do the authentication | // Check the authenticationinformation and do the authentication |
// | // |
if ( String::equalNoCase(authType, "Basic") && | if ( String::equalNoCase(authType, "Basic") && |
String::equalNoCase(_httpAuthType, "Basic") ) |
String::equal(_httpAuthType, "Basic") ) |
{ | { |
authenticated = _httpAuthHandler->authenticate(cookie, authInfo); |
authStatus = _httpAuthHandler->authenticate(cookie, authInfo); |
} | } |
#ifdef PEGASUS_KERBEROS_AUTHENTICATION | #ifdef PEGASUS_KERBEROS_AUTHENTICATION |
else if ( String::equalNoCase(authType, "Negotiate") && | else if ( String::equalNoCase(authType, "Negotiate") && |
String::equalNoCase(_httpAuthType, "Kerberos") ) |
String::equal(_httpAuthType, "Kerberos") ) |
{ | { |
authenticated = _httpAuthHandler->authenticate(cookie, authInfo); |
authStatus = _httpAuthHandler->authenticate(cookie, authInfo); |
} | } |
#endif | #endif |
// FUTURE: Add code to check for "Digest" when digest | // FUTURE: Add code to check for "Digest" when digest |
// authentication is implemented. | // authentication is implemented. |
| |
if ( authenticated ) |
if ( authStatus.isSuccess() ) |
{ | { |
authInfo->setAuthType(authType); | authInfo->setAuthType(authType); |
} | } |
| |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| |
return authenticated; |
return authStatus; |
} | } |
| |
// | // |
// Perform pegasus sepcific local authentication | // Perform pegasus sepcific local authentication |
// | // |
Boolean AuthenticationManager::performPegasusAuthentication( |
AuthenticationStatus AuthenticationManager::performPegasusAuthentication( |
const String& authHeader, | const String& authHeader, |
AuthenticationInfo* authInfo) | AuthenticationInfo* authInfo) |
{ | { |
PEG_METHOD_ENTER(TRC_AUTHENTICATION, | PEG_METHOD_ENTER(TRC_AUTHENTICATION, |
"AuthenticationManager::performPegasusAuthentication()"); | "AuthenticationManager::performPegasusAuthentication()"); |
| |
Boolean authenticated = false; |
AuthenticationStatus authStatus(AUTHSC_UNAUTHORIZED); |
| |
String authType; | String authType; |
String userName; | String userName; |
|
|
{ | { |
PEG_TRACE(( | PEG_TRACE(( |
TRC_DISCARDED_DATA, | TRC_DISCARDED_DATA, |
Tracer::LEVEL2, |
Tracer::LEVEL1, |
"PegasusAuthentication failed. " | "PegasusAuthentication failed. " |
"Malformed Pegasus authentication header: %s", | "Malformed Pegasus authentication header: %s", |
(const char*)authHeader.getCString())); | (const char*)authHeader.getCString())); |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
return false; |
return AuthenticationStatus(AUTHSC_UNAUTHORIZED); |
} | } |
| |
// The HTTPAuthenticatorDelegator ensures only local authentication | // The HTTPAuthenticatorDelegator ensures only local authentication |
// requests get here. | // requests get here. |
PEGASUS_ASSERT(authType == "Local"); | PEGASUS_ASSERT(authType == "Local"); |
| |
authenticated = |
authStatus = _localAuthHandler->authenticate(cookie, authInfo); |
_localAuthHandler->authenticate(cookie, authInfo); |
|
| |
if ( authenticated ) |
if ( authStatus.isSuccess() ) |
{ | { |
authInfo->setAuthType(authType); | authInfo->setAuthType(authType); |
} | } |
| |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| |
return authenticated; |
return authStatus; |
} | } |
| |
// | // |
// Validate user. | // Validate user. |
// | // |
Boolean AuthenticationManager::validateUserForHttpAuth (const String& userName) |
AuthenticationStatus AuthenticationManager::validateUserForHttpAuth( |
|
const String& userName, |
|
AuthenticationInfo* authInfo) |
{ | { |
return _httpAuthHandler->validateUser(userName); |
return _httpAuthHandler->validateUser(userName,authInfo); |
} | } |
| |
// | // |
|
|
_localAuthHandler->getAuthResponseHeader(authType, userName, authInfo); | _localAuthHandler->getAuthResponseHeader(authType, userName, authInfo); |
| |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
|
|
return respHeader; | return respHeader; |
| |
} | } |
|
|
#endif | #endif |
| |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
|
|
return respHeader; | return respHeader; |
} | } |
| |
|
|
// | // |
// create a authentication handler. | // create a authentication handler. |
// | // |
if ( String::equalNoCase(_httpAuthType, "Basic") ) |
if ( String::equal(_httpAuthType, "Basic") ) |
{ | { |
handler.reset((Authenticator* ) new BasicAuthenticationHandler( )); | handler.reset((Authenticator* ) new BasicAuthenticationHandler( )); |
} | } |
#ifdef PEGASUS_KERBEROS_AUTHENTICATION | #ifdef PEGASUS_KERBEROS_AUTHENTICATION |
else if ( String::equalNoCase(_httpAuthType, "Kerberos") ) |
else if ( String::equal(_httpAuthType, "Kerberos") ) |
{ | { |
handler.reset((Authenticator*) new KerberosAuthenticationHandler()); | handler.reset((Authenticator*) new KerberosAuthenticationHandler()); |
AutoPtr<KerberosAuthenticationHandler> kerberosHandler( | AutoPtr<KerberosAuthenticationHandler> kerberosHandler( |
|
|
{ | { |
handler.reset(0); | handler.reset(0); |
} | } |
Logger::put_l(Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE, |
|
"Security.Authentication.AuthenticationManager." |
|
"AUTHENTICATION_HANDLER_KERBEROS_FAILED_TO_INITIALIZE", |
|
"CIMOM server authentication handler for Kerberos failed to " |
|
"initialize properly."); |
|
MessageLoaderParms parms( | MessageLoaderParms parms( |
"Security.Authentication.AuthenticationManager." | "Security.Authentication.AuthenticationManager." |
"AUTHENTICATION_HANDLER_KERBEROS_FAILED_TO_INITIALIZE", | "AUTHENTICATION_HANDLER_KERBEROS_FAILED_TO_INITIALIZE", |
"CIMOM server authentication handler for Kerberos failed to " | "CIMOM server authentication handler for Kerberos failed to " |
"initialize properly."); | "initialize properly."); |
|
Logger::put_l(Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE, |
|
parms); |
throw Exception(parms); | throw Exception(parms); |
} | } |
} | } |
|
|
// FUTURE: uncomment these line when Digest authentication | // FUTURE: uncomment these line when Digest authentication |
// is implemented. | // is implemented. |
// | // |
//else if (String::equalNoCase(_httpAuthType, "Digest")) |
//else if (String::equal(_httpAuthType, "Digest")) |
//{ | //{ |
// handler = (Authenticator* ) new DigestAuthenticationHandler( ); | // handler = (Authenticator* ) new DigestAuthenticationHandler( ); |
//} | //} |
|
|
// This should never happen. Gets here only if Security Config | // This should never happen. Gets here only if Security Config |
// property owner has not validated the configured http auth type. | // property owner has not validated the configured http auth type. |
// | // |
PEGASUS_ASSERT(0); |
PEGASUS_UNREACHABLE(PEGASUS_ASSERT(0);) |
} | } |
| |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |