pegasus/src/Pegasus/Security/Authentication/AuthenticationManager.cpp - annotate

Return to AuthenticationManager.cpp CVS log

Up to [Pegasus] / pegasus / src / Pegasus / Security / Authentication

1 karl 1.19 //%2004////////////////////////////////////////////////////////////////////////
2 mike 1.2 //
3 karl 1.19 // Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development 4 // Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems. 5 // Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.;
6 karl 1.18 // IBM Corp.; EMC Corporation, The Open Group.
7 karl 1.19 // Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.; 8 // IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group.
9 mike 1.2 //
10 kumpf 1.9 // Permission is hereby granted, free of charge, to any person obtaining a copy 11 // of this software and associated documentation files (the "Software"), to 12 // deal in the Software without restriction, including without limitation the 13 // rights to use, copy, modify, merge, publish, distribute, sublicense, and/or 14 // sell copies of the Software, and to permit persons to whom the Software is 15 // furnished to do so, subject to the following conditions: 16 // 17 // THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN 18 // ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED 19 // "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT 20 // LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR 21 // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 22 // HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN 23 // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION 24 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
25 mike 1.2 // 26 //============================================================================== 27 // 28 // Author: Nag Boranna, Hewlett-Packard Company(nagaraja_boranna@hp.com) 29 //
30 david 1.11 // Modified By: Dave Rosckes (rosckes@us.ibm.com)
31 a.arora 1.20 // Josephine Eskaline Joyce (jojustin@in.ibm.com) for PEP#101
32 mike 1.2 // 33 //%///////////////////////////////////////////////////////////////////////////// 34 35 #include <Pegasus/Common/System.h> 36 #include <Pegasus/Common/XmlWriter.h>
37 kumpf 1.3 #include <Pegasus/Common/Tracer.h>
38 kumpf 1.7 #include <Pegasus/Common/PegasusVersion.h> 39
40 mike 1.2 #include <Pegasus/Config/ConfigManager.h>
41 kumpf 1.6 42 #include "LocalAuthenticationHandler.h" 43 #include "BasicAuthenticationHandler.h"
44 mike 1.2 #include "AuthenticationManager.h" 45
46 a.arora 1.20 #include <Pegasus/Common/AutoPtr.h> 47
48 gerarda 1.12 #ifdef PEGASUS_KERBEROS_AUTHENTICATION
49 gerarda 1.16 #include "KerberosAuthenticationHandler.h"
50 gerarda 1.12 #endif 51 52
53 mike 1.2 PEGASUS_USING_STD; 54 55 PEGASUS_NAMESPACE_BEGIN 56 57 // 58 // Constructor 59 // 60 AuthenticationManager::AuthenticationManager() 61 {
62 kumpf 1.6 PEG_METHOD_ENTER( 63 TRC_AUTHENTICATION, "AuthenticationManager::AuthenticationManager()");
64 kumpf 1.3
65 mike 1.2 //
66 kumpf 1.6 // get authentication handlers
67 mike 1.2 // 68 _localAuthHandler = _getLocalAuthHandler(); 69 70 _httpAuthHandler = _getHttpAuthHandler(); 71
72 kumpf 1.6 PEG_METHOD_EXIT();
73 mike 1.2 } 74 75 // 76 // Destructor 77 // 78 AuthenticationManager::~AuthenticationManager() 79 {
80 kumpf 1.6 PEG_METHOD_ENTER( 81 TRC_AUTHENTICATION, "AuthenticationManager::~AuthenticationManager()");
82 kumpf 1.3
83 mike 1.2 //
84 kumpf 1.6 // delete authentication handlers
85 mike 1.2 //
86 kumpf 1.6 if ( _localAuthHandler )
87 mike 1.2 { 88 delete _localAuthHandler; 89 }
90 kumpf 1.6 if ( _httpAuthHandler )
91 mike 1.2 { 92 delete _httpAuthHandler; 93 }
94 kumpf 1.3
95 kumpf 1.6 PEG_METHOD_EXIT();
96 mike 1.2 } 97 98 // 99 // Perform http authentication 100 // 101 Boolean AuthenticationManager::performHttpAuthentication 102 (
103 kumpf 1.3 const String& authHeader,
104 mike 1.2 AuthenticationInfo* authInfo 105 ) 106 {
107 kumpf 1.6 PEG_METHOD_ENTER( 108 TRC_AUTHENTICATION, "AuthenticationManager::performHttpAuthentication()");
109 kumpf 1.3
110 kumpf 1.6 String authType = String::EMPTY;
111 kumpf 1.3
112 mike 1.2 String cookie = String::EMPTY; 113
114 david 1.11 Logger::put(Logger::STANDARD_LOG, System::CIMSERVER, Logger::TRACE, 115 "AuthenticationManager:: performHttpAuthentication - Authority Header: $0", authHeader); 116
117 mike 1.2 //
118 kumpf 1.6 // Parse the HTTP authentication header for authentication information
119 mike 1.2 //
120 kumpf 1.6 if ( !_parseHttpAuthHeader(authHeader, authType, cookie) )
121 mike 1.2 {
122 kumpf 1.6 PEG_METHOD_EXIT();
123 kumpf 1.5 return false;
124 mike 1.2 } 125
126 kumpf 1.6 Boolean authenticated = false;
127 mike 1.2 128 //
129 kumpf 1.6 // Check the authenticationinformation and do the authentication
130 mike 1.2 //
131 kumpf 1.6 if ( String::equalNoCase(authType, "Basic") && 132 String::equalNoCase(_httpAuthType, "Basic") )
133 mike 1.2 { 134 authenticated = _httpAuthHandler->authenticate(cookie, authInfo); 135 }
136 gerarda 1.12 #ifdef PEGASUS_KERBEROS_AUTHENTICATION 137 else if ( String::equalNoCase(authType, "Negotiate") && 138 String::equalNoCase(_httpAuthType, "Kerberos") ) 139 { 140 authenticated = _httpAuthHandler->authenticate(cookie, authInfo); 141 } 142 #endif
143 kumpf 1.8 // FUTURE: Add code to check for "Digest" when digest
144 kumpf 1.6 // authentication is implemented.
145 mike 1.2
146 kumpf 1.6 if ( authenticated )
147 mike 1.2 {
148 kumpf 1.6 authInfo->setAuthStatus(AuthenticationInfoRep::AUTHENTICATED);
149 kumpf 1.4
150 kumpf 1.6 authInfo->setAuthType(authType);
151 mike 1.2 } 152
153 kumpf 1.6 PEG_METHOD_EXIT();
154 kumpf 1.3
155 mike 1.2 return ( authenticated ); 156 } 157 158 // 159 // Perform pegasus sepcific local authentication 160 // 161 Boolean AuthenticationManager::performPegasusAuthentication 162 (
163 kumpf 1.3 const String& authHeader,
164 mike 1.2 AuthenticationInfo* authInfo 165 ) 166 {
167 kumpf 1.6 PEG_METHOD_ENTER( 168 TRC_AUTHENTICATION, "AuthenticationManager::performPegasusAuthentication()");
169 kumpf 1.3
170 mike 1.2 Boolean authenticated = false; 171 172 String authType = String::EMPTY; 173 String userName = String::EMPTY; 174 String cookie = String::EMPTY;
175 david 1.11 176 Logger::put(Logger::STANDARD_LOG, System::CIMSERVER, Logger::TRACE, 177 "AuthenticationManager:: performPegasusAuthentication - Authority Header: $0", 178 authHeader);
179 mike 1.2 180 //
181 kumpf 1.6 // Parse the pegasus authentication header authentication information
182 mike 1.2 //
183 kumpf 1.6 if ( !_parseLocalAuthHeader(authHeader, authType, userName, cookie) ) 184 { 185 PEG_METHOD_EXIT(); 186 return false; 187 }
188 mike 1.2
189 kumpf 1.6 // 190 // Note: Pegasus LocalPrivileged authentication is not being used, but the 191 // code is kept here so that we can use it in the future if needed. 192 // 193 #if defined(PEGASUS_LOCAL_PRIVILEGED_AUTHENTICATION)
194 kumpf 1.5 if ( String::equalNoCase(authType, "LocalPrivileged") ) 195 { 196 if (authInfo->isAuthenticated() && authInfo->isPrivileged() && 197 String::equal(userName, authInfo->getAuthenticatedUser())) 198 {
199 kumpf 1.6 PEG_METHOD_EXIT();
200 kumpf 1.5 return true; 201 } 202 }
203 kumpf 1.6 #endif 204 205 if ( String::equalNoCase(authType, "Local") )
206 kumpf 1.5 { 207 if (authInfo->isAuthenticated() && 208 String::equal(userName, authInfo->getAuthenticatedUser())) 209 {
210 kumpf 1.6 PEG_METHOD_EXIT();
211 kumpf 1.5 return true; 212 } 213 } 214 else
215 mike 1.2 {
216 kumpf 1.6 PEG_METHOD_EXIT();
217 kumpf 1.5 return false;
218 mike 1.2 } 219 220 // 221 // Check if the authentication information is present 222 //
223 kumpf 1.6 if ( String::equal(cookie, String::EMPTY) )
224 mike 1.2 {
225 kumpf 1.6 PEG_METHOD_EXIT();
226 mike 1.2 return false; 227 } 228 229 authenticated = 230 _localAuthHandler->authenticate(cookie, authInfo); 231
232 kumpf 1.6 if ( authenticated )
233 mike 1.2 {
234 kumpf 1.6 authInfo->setAuthStatus(AuthenticationInfoRep::AUTHENTICATED);
235 mike 1.2
236 kumpf 1.6 #if defined(PEGASUS_LOCAL_PRIVILEGED_AUTHENTICATION)
237 mike 1.2 if ( String::equal(authType, "LocalPrivileged") ) 238 { 239 authInfo->setPrivileged(true); 240 } 241 else 242 { 243 authInfo->setPrivileged(false); 244 }
245 kumpf 1.6 #endif
246 kumpf 1.4 247 authInfo->setAuthType(authType);
248 mike 1.2 } 249
250 kumpf 1.6 PEG_METHOD_EXIT();
251 kumpf 1.3
252 mike 1.2 return ( authenticated ); 253 } 254 255 // 256 // Get pegasus/local authentication response header 257 // 258 String AuthenticationManager::getPegasusAuthResponseHeader 259 (
260 kumpf 1.3 const String& authHeader,
261 mike 1.2 AuthenticationInfo* authInfo 262 ) 263 {
264 kumpf 1.6 PEG_METHOD_ENTER( 265 TRC_AUTHENTICATION, "AuthenticationManager::getPegasusAuthResponseHeader()");
266 kumpf 1.3
267 kumpf 1.6 String respHeader = String::EMPTY;
268 kumpf 1.3
269 mike 1.2 String authType = String::EMPTY; 270 String userName = String::EMPTY; 271 String cookie = String::EMPTY; 272 273 //
274 kumpf 1.6 // Parse the pegasus authentication header authentication information
275 mike 1.2 //
276 kumpf 1.6 if ( !_parseLocalAuthHeader(authHeader, authType, userName, cookie) ) 277 { 278 PEG_METHOD_EXIT(); 279 return (respHeader); 280 }
281 mike 1.2 282 //
283 kumpf 1.6 // User name can not be empty
284 mike 1.2 //
285 kumpf 1.6 if ( String::equal(userName, String::EMPTY) )
286 mike 1.2 {
287 kumpf 1.6 PEG_METHOD_EXIT(); 288 return (respHeader);
289 mike 1.2 } 290
291 kumpf 1.6 respHeader = 292 _localAuthHandler->getAuthResponseHeader(authType, userName, authInfo); 293 294 PEG_METHOD_EXIT(); 295 296 return (respHeader);
297 kumpf 1.3
298 mike 1.2 } 299 300 // 301 // Get HTTP authentication response header 302 //
303 gerarda 1.12 #ifdef PEGASUS_KERBEROS_AUTHENTICATION 304 String AuthenticationManager::getHttpAuthResponseHeader( AuthenticationInfo* authInfo ) 305 #else
306 mike 1.2 String AuthenticationManager::getHttpAuthResponseHeader()
307 gerarda 1.12 #endif
308 mike 1.2 {
309 kumpf 1.6 PEG_METHOD_ENTER( 310 TRC_AUTHENTICATION, "AuthenticationManager::getHttpAuthResponseHeader()");
311 kumpf 1.3
312 gerarda 1.12 #ifdef PEGASUS_KERBEROS_AUTHENTICATION 313 String respHeader = _httpAuthHandler->getAuthResponseHeader( 314 String::EMPTY, String::EMPTY, authInfo); 315 #else
316 kumpf 1.6 String respHeader = _httpAuthHandler->getAuthResponseHeader();
317 gerarda 1.12 #endif
318 kumpf 1.3
319 kumpf 1.6 PEG_METHOD_EXIT();
320 kumpf 1.3
321 kumpf 1.6 return (respHeader);
322 mike 1.2 } 323 324 //
325 kumpf 1.6 // parse the local authentication header
326 mike 1.2 //
327 kumpf 1.6 Boolean AuthenticationManager::_parseLocalAuthHeader(
328 kumpf 1.3 const String& authHeader, String& authType, String& userName, String& cookie)
329 mike 1.2 {
330 kumpf 1.6 PEG_METHOD_ENTER( 331 TRC_AUTHENTICATION, "AuthenticationManager::_parseLocalAuthHeader()");
332 kumpf 1.3
333 kumpf 1.6 // 334 // Extract the authentication type: 335 // 336 Uint32 space = authHeader.find(' ');
337 kumpf 1.3
338 kumpf 1.10 if ( space == PEG_NOT_FOUND )
339 mike 1.2 {
340 kumpf 1.6 PEG_METHOD_EXIT(); 341 return false;
342 mike 1.2 } 343
344 kumpf 1.6 authType = authHeader.subString(0, space); 345 346 Uint32 startQuote = authHeader.find(space, '"'); 347 348 if ( startQuote == PEG_NOT_FOUND )
349 mike 1.2 {
350 kumpf 1.6 PEG_METHOD_EXIT(); 351 return false;
352 mike 1.2 } 353 354 Uint32 endQuote = authHeader.find(startQuote + 1, '"');
355 kumpf 1.6 356 if ( endQuote == PEG_NOT_FOUND )
357 mike 1.2 {
358 kumpf 1.6 PEG_METHOD_EXIT(); 359 return false;
360 mike 1.2 } 361 362 String temp = authHeader.subString( 363 startQuote + 1, (endQuote - startQuote - 1)); 364
365 kumpf 1.6 // 366 // Extract the user name and cookie: 367 // 368 Uint32 colon = temp.find(0, ':');
369 mike 1.2
370 kumpf 1.6 if ( colon == PEG_NOT_FOUND )
371 mike 1.2 { 372 userName = temp; 373 } 374 else 375 {
376 kumpf 1.6 userName = temp.subString(0, colon);
377 mike 1.2 cookie = temp; 378 }
379 kumpf 1.3
380 kumpf 1.6 PEG_METHOD_EXIT(); 381 382 return true;
383 mike 1.2 } 384 385 //
386 kumpf 1.6 // parse the HTTP authentication header 387 // 388 Boolean AuthenticationManager::_parseHttpAuthHeader( 389 const String& authHeader, String& authType, String& cookie) 390 { 391 PEG_METHOD_ENTER( 392 TRC_AUTHENTICATION, "AuthenticationManager::_parseHttpAuthHeader()"); 393 394 // 395 // Extract the authentication type: 396 // 397 Uint32 space = authHeader.find(' '); 398
399 kumpf 1.10 if ( space == PEG_NOT_FOUND )
400 kumpf 1.6 { 401 PEG_METHOD_EXIT(); 402 return false; 403 } 404 405 authType = authHeader.subString(0, space); 406 407 // 408 // Extract the cookie: 409 // 410 cookie = authHeader.subString(space + 1); 411 412 PEG_METHOD_EXIT(); 413 414 return true; 415 } 416 //
417 mike 1.2 // Get local authentication handler 418 // 419 Authenticator* AuthenticationManager::_getLocalAuthHandler() 420 {
421 kumpf 1.6 PEG_METHOD_ENTER( 422 TRC_AUTHENTICATION, "AuthenticationManager::_getLocalAuthHandler()");
423 kumpf 1.3
424 kumpf 1.6 PEG_METHOD_EXIT();
425 mike 1.2 // 426 // create and return a local authentication handler. 427 // 428 return (new LocalAuthenticationHandler()); 429 } 430 431 432 // 433 // Get Http authentication handler 434 // 435 Authenticator* AuthenticationManager::_getHttpAuthHandler() 436 {
437 kumpf 1.6 PEG_METHOD_ENTER( 438 TRC_AUTHENTICATION, "AuthenticationManager::_getHttpAuthHandler()");
439 a.arora 1.20 AutoPtr<Authenticator> handler;
440 mike 1.2 441 //
442 kumpf 1.6 // get the configured authentication type
443 mike 1.2 //
444 a.arora 1.20 AutoPtr<ConfigManager> configManager(ConfigManager::getInstance());
445 mike 1.2
446 kumpf 1.6 _httpAuthType = configManager->getCurrentValue("httpAuthType");
447 a.arora 1.20 configManager.release();
448 mike 1.2 //
449 kumpf 1.6 // create a authentication handler.
450 mike 1.2 //
451 kumpf 1.6 if ( String::equalNoCase(_httpAuthType, "Basic") )
452 mike 1.2 {
453 a.arora 1.20 handler.reset((Authenticator* ) new BasicAuthenticationHandler( ));
454 mike 1.2 }
455 gerarda 1.12 #ifdef PEGASUS_KERBEROS_AUTHENTICATION 456 else if ( String::equalNoCase(_httpAuthType, "Kerberos") ) 457 {
458 a.arora 1.20 handler.reset((Authenticator* ) new KerberosAuthenticationHandler( )); 459 AutoPtr<KerberosAuthenticationHandler> kerberosHandler((KerberosAuthenticationHandler *)handler.get());
460 gerarda 1.12 int itFailed = kerberosHandler->initialize();
461 a.arora 1.20 kerberosHandler.release();
462 gerarda 1.12 if (itFailed) 463 {
464 a.arora 1.20 if (handler.get())
465 gerarda 1.12 {
466 a.arora 1.20 handler.reset(0);
467 gerarda 1.12 }
468 humberto 1.15 // L10N TODO DONE 469 //Logger::put(Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE, 470 //"CIMOM server authentication handler for Kerberos failed to initialize properly. The CIMOM server is not started."); 471 Logger::put_l(Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE, 472 "Security.Authentication.AuthenticationManager.AUTHENTICATION_HANDLER_KERBEROS_FAILED_TO_INITIALIZE",
473 gerarda 1.13 "CIMOM server authentication handler for Kerberos failed to initialize properly. The CIMOM server is not started.");
474 gerarda 1.17 // end the server because Kerberos could not initialized. 475 MessageLoaderParms parms( "Security.Authentication.AuthenticationManager.AUTHENTICATION_HANDLER_KERBEROS_FAILED_TO_INITIALIZE", 476 "CIMOM server authentication handler for Kerberos failed to initialize properly. The CIMOM server is not started."); 477 throw Exception(parms);
478 gerarda 1.12 } 479 } 480 #endif
481 kumpf 1.8 // FUTURE: uncomment these line when Digest authentication
482 kumpf 1.6 // is implemented. 483 // 484 //else if (String::equalNoCase(_httpAuthType, "Digest"))
485 mike 1.2 //{ 486 // handler = (Authenticator* ) new DigestAuthenticationHandler( ); 487 //}
488 kumpf 1.6 else 489 { 490 // 491 // This should never happen. Gets here only if Security Config 492 // property owner has not validated the configured http auth type. 493 // 494 PEGASUS_ASSERT(0); 495 }
496 mike 1.2
497 kumpf 1.6 PEG_METHOD_EXIT();
498 a.arora 1.20 return ( handler.release() );
499 mike 1.2 } 500 501 502 PEGASUS_NAMESPACE_END 503

No CVS admin address has been configured