1 karl 1.19 //%2004////////////////////////////////////////////////////////////////////////
|
2 mike 1.2 //
|
3 karl 1.19 // Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development
4 // Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems.
5 // Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.;
|
6 karl 1.18 // IBM Corp.; EMC Corporation, The Open Group.
|
7 karl 1.19 // Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.;
8 // IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group.
|
9 mike 1.2 //
|
10 kumpf 1.9 // Permission is hereby granted, free of charge, to any person obtaining a copy
11 // of this software and associated documentation files (the "Software"), to
12 // deal in the Software without restriction, including without limitation the
13 // rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
14 // sell copies of the Software, and to permit persons to whom the Software is
15 // furnished to do so, subject to the following conditions:
16 //
17 // THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN
18 // ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED
19 // "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
20 // LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
21 // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
22 // HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
23 // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
24 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
25 mike 1.2 //
26 //==============================================================================
27 //
28 // Author: Nag Boranna, Hewlett-Packard Company(nagaraja_boranna@hp.com)
29 //
|
30 david 1.11 // Modified By: Dave Rosckes (rosckes@us.ibm.com)
|
31 a.arora 1.20 // Josephine Eskaline Joyce (jojustin@in.ibm.com) for PEP#101
|
32 mike 1.2 //
33 //%/////////////////////////////////////////////////////////////////////////////
34
35 #include <Pegasus/Common/System.h>
36 #include <Pegasus/Common/XmlWriter.h>
|
37 kumpf 1.3 #include <Pegasus/Common/Tracer.h>
|
38 kumpf 1.7 #include <Pegasus/Common/PegasusVersion.h>
39
|
40 mike 1.2 #include <Pegasus/Config/ConfigManager.h>
|
41 kumpf 1.6
42 #include "LocalAuthenticationHandler.h"
43 #include "BasicAuthenticationHandler.h"
|
44 mike 1.2 #include "AuthenticationManager.h"
45
|
46 a.arora 1.20 #include <Pegasus/Common/AutoPtr.h>
47
|
48 gerarda 1.12 #ifdef PEGASUS_KERBEROS_AUTHENTICATION
|
49 gerarda 1.16 #include "KerberosAuthenticationHandler.h"
|
50 gerarda 1.12 #endif
51
52
|
53 mike 1.2 PEGASUS_USING_STD;
54
55 PEGASUS_NAMESPACE_BEGIN
56
57 //
58 // Constructor
59 //
60 AuthenticationManager::AuthenticationManager()
61 {
|
62 kumpf 1.6 PEG_METHOD_ENTER(
63 TRC_AUTHENTICATION, "AuthenticationManager::AuthenticationManager()");
|
64 kumpf 1.3
|
65 mike 1.2 //
|
66 kumpf 1.6 // get authentication handlers
|
67 mike 1.2 //
68 _localAuthHandler = _getLocalAuthHandler();
69
70 _httpAuthHandler = _getHttpAuthHandler();
71
|
72 kumpf 1.6 PEG_METHOD_EXIT();
|
73 mike 1.2 }
74
75 //
76 // Destructor
77 //
78 AuthenticationManager::~AuthenticationManager()
79 {
|
80 kumpf 1.6 PEG_METHOD_ENTER(
81 TRC_AUTHENTICATION, "AuthenticationManager::~AuthenticationManager()");
|
82 kumpf 1.3
|
83 mike 1.2 //
|
84 kumpf 1.6 // delete authentication handlers
|
85 mike 1.2 //
|
86 kumpf 1.6 if ( _localAuthHandler )
|
87 mike 1.2 {
88 delete _localAuthHandler;
89 }
|
90 kumpf 1.6 if ( _httpAuthHandler )
|
91 mike 1.2 {
92 delete _httpAuthHandler;
93 }
|
94 kumpf 1.3
|
95 kumpf 1.6 PEG_METHOD_EXIT();
|
96 mike 1.2 }
97
98 //
99 // Perform http authentication
100 //
101 Boolean AuthenticationManager::performHttpAuthentication
102 (
|
103 kumpf 1.3 const String& authHeader,
|
104 mike 1.2 AuthenticationInfo* authInfo
105 )
106 {
|
107 kumpf 1.6 PEG_METHOD_ENTER(
108 TRC_AUTHENTICATION, "AuthenticationManager::performHttpAuthentication()");
|
109 kumpf 1.3
|
110 kumpf 1.6 String authType = String::EMPTY;
|
111 kumpf 1.3
|
112 mike 1.2 String cookie = String::EMPTY;
113
|
114 david 1.11 Logger::put(Logger::STANDARD_LOG, System::CIMSERVER, Logger::TRACE,
115 "AuthenticationManager:: performHttpAuthentication - Authority Header: $0", authHeader);
116
|
117 mike 1.2 //
|
118 kumpf 1.6 // Parse the HTTP authentication header for authentication information
|
119 mike 1.2 //
|
120 kumpf 1.6 if ( !_parseHttpAuthHeader(authHeader, authType, cookie) )
|
121 mike 1.2 {
|
122 kumpf 1.6 PEG_METHOD_EXIT();
|
123 kumpf 1.5 return false;
|
124 mike 1.2 }
125
|
126 kumpf 1.6 Boolean authenticated = false;
|
127 mike 1.2
128 //
|
129 kumpf 1.6 // Check the authenticationinformation and do the authentication
|
130 mike 1.2 //
|
131 kumpf 1.6 if ( String::equalNoCase(authType, "Basic") &&
132 String::equalNoCase(_httpAuthType, "Basic") )
|
133 mike 1.2 {
134 authenticated = _httpAuthHandler->authenticate(cookie, authInfo);
135 }
|
136 gerarda 1.12 #ifdef PEGASUS_KERBEROS_AUTHENTICATION
137 else if ( String::equalNoCase(authType, "Negotiate") &&
138 String::equalNoCase(_httpAuthType, "Kerberos") )
139 {
140 authenticated = _httpAuthHandler->authenticate(cookie, authInfo);
141 }
142 #endif
|
143 kumpf 1.8 // FUTURE: Add code to check for "Digest" when digest
|
144 kumpf 1.6 // authentication is implemented.
|
145 mike 1.2
|
146 kumpf 1.6 if ( authenticated )
|
147 mike 1.2 {
|
148 kumpf 1.6 authInfo->setAuthStatus(AuthenticationInfoRep::AUTHENTICATED);
|
149 kumpf 1.4
|
150 kumpf 1.6 authInfo->setAuthType(authType);
|
151 mike 1.2 }
152
|
153 kumpf 1.6 PEG_METHOD_EXIT();
|
154 kumpf 1.3
|
155 mike 1.2 return ( authenticated );
156 }
157
158 //
159 // Perform pegasus sepcific local authentication
160 //
161 Boolean AuthenticationManager::performPegasusAuthentication
162 (
|
163 kumpf 1.3 const String& authHeader,
|
164 mike 1.2 AuthenticationInfo* authInfo
165 )
166 {
|
167 kumpf 1.6 PEG_METHOD_ENTER(
168 TRC_AUTHENTICATION, "AuthenticationManager::performPegasusAuthentication()");
|
169 kumpf 1.3
|
170 mike 1.2 Boolean authenticated = false;
171
172 String authType = String::EMPTY;
173 String userName = String::EMPTY;
174 String cookie = String::EMPTY;
|
175 david 1.11
176 Logger::put(Logger::STANDARD_LOG, System::CIMSERVER, Logger::TRACE,
177 "AuthenticationManager:: performPegasusAuthentication - Authority Header: $0",
178 authHeader);
|
179 mike 1.2
180 //
|
181 kumpf 1.6 // Parse the pegasus authentication header authentication information
|
182 mike 1.2 //
|
183 kumpf 1.6 if ( !_parseLocalAuthHeader(authHeader, authType, userName, cookie) )
184 {
185 PEG_METHOD_EXIT();
186 return false;
187 }
|
188 mike 1.2
|
189 kumpf 1.6 //
190 // Note: Pegasus LocalPrivileged authentication is not being used, but the
191 // code is kept here so that we can use it in the future if needed.
192 //
193 #if defined(PEGASUS_LOCAL_PRIVILEGED_AUTHENTICATION)
|
194 kumpf 1.5 if ( String::equalNoCase(authType, "LocalPrivileged") )
195 {
196 if (authInfo->isAuthenticated() && authInfo->isPrivileged() &&
197 String::equal(userName, authInfo->getAuthenticatedUser()))
198 {
|
199 kumpf 1.6 PEG_METHOD_EXIT();
|
200 kumpf 1.5 return true;
201 }
202 }
|
203 kumpf 1.6 #endif
204
205 if ( String::equalNoCase(authType, "Local") )
|
206 kumpf 1.5 {
207 if (authInfo->isAuthenticated() &&
208 String::equal(userName, authInfo->getAuthenticatedUser()))
209 {
|
210 kumpf 1.6 PEG_METHOD_EXIT();
|
211 kumpf 1.5 return true;
212 }
213 }
214 else
|
215 mike 1.2 {
|
216 kumpf 1.6 PEG_METHOD_EXIT();
|
217 kumpf 1.5 return false;
|
218 mike 1.2 }
219
220 //
221 // Check if the authentication information is present
222 //
|
223 kumpf 1.6 if ( String::equal(cookie, String::EMPTY) )
|
224 mike 1.2 {
|
225 kumpf 1.6 PEG_METHOD_EXIT();
|
226 mike 1.2 return false;
227 }
228
229 authenticated =
230 _localAuthHandler->authenticate(cookie, authInfo);
231
|
232 kumpf 1.6 if ( authenticated )
|
233 mike 1.2 {
|
234 kumpf 1.6 authInfo->setAuthStatus(AuthenticationInfoRep::AUTHENTICATED);
|
235 mike 1.2
|
236 kumpf 1.6 #if defined(PEGASUS_LOCAL_PRIVILEGED_AUTHENTICATION)
|
237 mike 1.2 if ( String::equal(authType, "LocalPrivileged") )
238 {
239 authInfo->setPrivileged(true);
240 }
241 else
242 {
243 authInfo->setPrivileged(false);
244 }
|
245 kumpf 1.6 #endif
|
246 kumpf 1.4
247 authInfo->setAuthType(authType);
|
248 mike 1.2 }
249
|
250 kumpf 1.6 PEG_METHOD_EXIT();
|
251 kumpf 1.3
|
252 mike 1.2 return ( authenticated );
253 }
254
255 //
256 // Get pegasus/local authentication response header
257 //
258 String AuthenticationManager::getPegasusAuthResponseHeader
259 (
|
260 kumpf 1.3 const String& authHeader,
|
261 mike 1.2 AuthenticationInfo* authInfo
262 )
263 {
|
264 kumpf 1.6 PEG_METHOD_ENTER(
265 TRC_AUTHENTICATION, "AuthenticationManager::getPegasusAuthResponseHeader()");
|
266 kumpf 1.3
|
267 kumpf 1.6 String respHeader = String::EMPTY;
|
268 kumpf 1.3
|
269 mike 1.2 String authType = String::EMPTY;
270 String userName = String::EMPTY;
271 String cookie = String::EMPTY;
272
273 //
|
274 kumpf 1.6 // Parse the pegasus authentication header authentication information
|
275 mike 1.2 //
|
276 kumpf 1.6 if ( !_parseLocalAuthHeader(authHeader, authType, userName, cookie) )
277 {
278 PEG_METHOD_EXIT();
279 return (respHeader);
280 }
|
281 mike 1.2
282 //
|
283 kumpf 1.6 // User name can not be empty
|
284 mike 1.2 //
|
285 kumpf 1.6 if ( String::equal(userName, String::EMPTY) )
|
286 mike 1.2 {
|
287 kumpf 1.6 PEG_METHOD_EXIT();
288 return (respHeader);
|
289 mike 1.2 }
290
|
291 kumpf 1.6 respHeader =
292 _localAuthHandler->getAuthResponseHeader(authType, userName, authInfo);
293
294 PEG_METHOD_EXIT();
295
296 return (respHeader);
|
297 kumpf 1.3
|
298 mike 1.2 }
299
300 //
301 // Get HTTP authentication response header
302 //
|
303 gerarda 1.12 #ifdef PEGASUS_KERBEROS_AUTHENTICATION
304 String AuthenticationManager::getHttpAuthResponseHeader( AuthenticationInfo* authInfo )
305 #else
|
306 mike 1.2 String AuthenticationManager::getHttpAuthResponseHeader()
|
307 gerarda 1.12 #endif
|
308 mike 1.2 {
|
309 kumpf 1.6 PEG_METHOD_ENTER(
310 TRC_AUTHENTICATION, "AuthenticationManager::getHttpAuthResponseHeader()");
|
311 kumpf 1.3
|
312 gerarda 1.12 #ifdef PEGASUS_KERBEROS_AUTHENTICATION
313 String respHeader = _httpAuthHandler->getAuthResponseHeader(
314 String::EMPTY, String::EMPTY, authInfo);
315 #else
|
316 kumpf 1.6 String respHeader = _httpAuthHandler->getAuthResponseHeader();
|
317 gerarda 1.12 #endif
|
318 kumpf 1.3
|
319 kumpf 1.6 PEG_METHOD_EXIT();
|
320 kumpf 1.3
|
321 kumpf 1.6 return (respHeader);
|
322 mike 1.2 }
323
324 //
|
325 kumpf 1.6 // parse the local authentication header
|
326 mike 1.2 //
|
327 kumpf 1.6 Boolean AuthenticationManager::_parseLocalAuthHeader(
|
328 kumpf 1.3 const String& authHeader, String& authType, String& userName, String& cookie)
|
329 mike 1.2 {
|
330 kumpf 1.6 PEG_METHOD_ENTER(
331 TRC_AUTHENTICATION, "AuthenticationManager::_parseLocalAuthHeader()");
|
332 kumpf 1.3
|
333 kumpf 1.6 //
334 // Extract the authentication type:
335 //
336 Uint32 space = authHeader.find(' ');
|
337 kumpf 1.3
|
338 kumpf 1.10 if ( space == PEG_NOT_FOUND )
|
339 mike 1.2 {
|
340 kumpf 1.6 PEG_METHOD_EXIT();
341 return false;
|
342 mike 1.2 }
343
|
344 kumpf 1.6 authType = authHeader.subString(0, space);
345
346 Uint32 startQuote = authHeader.find(space, '"');
347
348 if ( startQuote == PEG_NOT_FOUND )
|
349 mike 1.2 {
|
350 kumpf 1.6 PEG_METHOD_EXIT();
351 return false;
|
352 mike 1.2 }
353
354 Uint32 endQuote = authHeader.find(startQuote + 1, '"');
|
355 kumpf 1.6
356 if ( endQuote == PEG_NOT_FOUND )
|
357 mike 1.2 {
|
358 kumpf 1.6 PEG_METHOD_EXIT();
359 return false;
|
360 mike 1.2 }
361
362 String temp = authHeader.subString(
363 startQuote + 1, (endQuote - startQuote - 1));
364
|
365 kumpf 1.6 //
366 // Extract the user name and cookie:
367 //
368 Uint32 colon = temp.find(0, ':');
|
369 mike 1.2
|
370 kumpf 1.6 if ( colon == PEG_NOT_FOUND )
|
371 mike 1.2 {
372 userName = temp;
373 }
374 else
375 {
|
376 kumpf 1.6 userName = temp.subString(0, colon);
|
377 mike 1.2 cookie = temp;
378 }
|
379 kumpf 1.3
|
380 kumpf 1.6 PEG_METHOD_EXIT();
381
382 return true;
|
383 mike 1.2 }
384
385 //
|
386 kumpf 1.6 // parse the HTTP authentication header
387 //
388 Boolean AuthenticationManager::_parseHttpAuthHeader(
389 const String& authHeader, String& authType, String& cookie)
390 {
391 PEG_METHOD_ENTER(
392 TRC_AUTHENTICATION, "AuthenticationManager::_parseHttpAuthHeader()");
393
394 //
395 // Extract the authentication type:
396 //
397 Uint32 space = authHeader.find(' ');
398
|
399 kumpf 1.10 if ( space == PEG_NOT_FOUND )
|
400 kumpf 1.6 {
401 PEG_METHOD_EXIT();
402 return false;
403 }
404
405 authType = authHeader.subString(0, space);
406
407 //
408 // Extract the cookie:
409 //
410 cookie = authHeader.subString(space + 1);
411
412 PEG_METHOD_EXIT();
413
414 return true;
415 }
416 //
|
417 mike 1.2 // Get local authentication handler
418 //
419 Authenticator* AuthenticationManager::_getLocalAuthHandler()
420 {
|
421 kumpf 1.6 PEG_METHOD_ENTER(
422 TRC_AUTHENTICATION, "AuthenticationManager::_getLocalAuthHandler()");
|
423 kumpf 1.3
|
424 kumpf 1.6 PEG_METHOD_EXIT();
|
425 mike 1.2 //
426 // create and return a local authentication handler.
427 //
428 return (new LocalAuthenticationHandler());
429 }
430
431
432 //
433 // Get Http authentication handler
434 //
435 Authenticator* AuthenticationManager::_getHttpAuthHandler()
436 {
|
437 kumpf 1.6 PEG_METHOD_ENTER(
438 TRC_AUTHENTICATION, "AuthenticationManager::_getHttpAuthHandler()");
|
439 a.arora 1.20 AutoPtr<Authenticator> handler;
|
440 mike 1.2
441 //
|
442 kumpf 1.6 // get the configured authentication type
|
443 mike 1.2 //
|
444 a.arora 1.20 AutoPtr<ConfigManager> configManager(ConfigManager::getInstance());
|
445 mike 1.2
|
446 kumpf 1.6 _httpAuthType = configManager->getCurrentValue("httpAuthType");
|
447 a.arora 1.20 configManager.release();
|
448 mike 1.2 //
|
449 kumpf 1.6 // create a authentication handler.
|
450 mike 1.2 //
|
451 kumpf 1.6 if ( String::equalNoCase(_httpAuthType, "Basic") )
|
452 mike 1.2 {
|
453 a.arora 1.20 handler.reset((Authenticator* ) new BasicAuthenticationHandler( ));
|
454 mike 1.2 }
|
455 gerarda 1.12 #ifdef PEGASUS_KERBEROS_AUTHENTICATION
456 else if ( String::equalNoCase(_httpAuthType, "Kerberos") )
457 {
|
458 a.arora 1.20 handler.reset((Authenticator* ) new KerberosAuthenticationHandler( ));
459 AutoPtr<KerberosAuthenticationHandler> kerberosHandler((KerberosAuthenticationHandler *)handler.get());
|
460 gerarda 1.12 int itFailed = kerberosHandler->initialize();
|
461 a.arora 1.20 kerberosHandler.release();
|
462 gerarda 1.12 if (itFailed)
463 {
|
464 a.arora 1.20 if (handler.get())
|
465 gerarda 1.12 {
|
466 a.arora 1.20 handler.reset(0);
|
467 gerarda 1.12 }
|
468 humberto 1.15 // L10N TODO DONE
469 //Logger::put(Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE,
470 //"CIMOM server authentication handler for Kerberos failed to initialize properly. The CIMOM server is not started.");
471 Logger::put_l(Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE,
472 "Security.Authentication.AuthenticationManager.AUTHENTICATION_HANDLER_KERBEROS_FAILED_TO_INITIALIZE",
|
473 gerarda 1.13 "CIMOM server authentication handler for Kerberos failed to initialize properly. The CIMOM server is not started.");
|
474 gerarda 1.17 // end the server because Kerberos could not initialized.
475 MessageLoaderParms parms( "Security.Authentication.AuthenticationManager.AUTHENTICATION_HANDLER_KERBEROS_FAILED_TO_INITIALIZE",
476 "CIMOM server authentication handler for Kerberos failed to initialize properly. The CIMOM server is not started.");
477 throw Exception(parms);
|
478 gerarda 1.12 }
479 }
480 #endif
|
481 kumpf 1.8 // FUTURE: uncomment these line when Digest authentication
|
482 kumpf 1.6 // is implemented.
483 //
484 //else if (String::equalNoCase(_httpAuthType, "Digest"))
|
485 mike 1.2 //{
486 // handler = (Authenticator* ) new DigestAuthenticationHandler( );
487 //}
|
488 kumpf 1.6 else
489 {
490 //
491 // This should never happen. Gets here only if Security Config
492 // property owner has not validated the configured http auth type.
493 //
494 PEGASUS_ASSERT(0);
495 }
|
496 mike 1.2
|
497 kumpf 1.6 PEG_METHOD_EXIT();
|
498 a.arora 1.20 return ( handler.release() );
|
499 mike 1.2 }
500
501
502 PEGASUS_NAMESPACE_END
503
|