1 a.dunfey 1.22.8.1 //%2006////////////////////////////////////////////////////////////////////////
|
2 mike 1.2 //
|
3 karl 1.19 // Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development
4 // Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems.
5 // Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.;
|
6 karl 1.18 // IBM Corp.; EMC Corporation, The Open Group.
|
7 karl 1.19 // Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.;
8 // IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group.
|
9 karl 1.21 // Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.;
10 // EMC Corporation; VERITAS Software Corporation; The Open Group.
|
11 a.dunfey 1.22.8.1 // Copyright (c) 2006 Hewlett-Packard Development Company, L.P.; IBM Corp.;
12 // EMC Corporation; Symantec Corporation; The Open Group.
|
13 mike 1.2 //
|
14 kumpf 1.9 // Permission is hereby granted, free of charge, to any person obtaining a copy
15 // of this software and associated documentation files (the "Software"), to
16 // deal in the Software without restriction, including without limitation the
17 // rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
18 // sell copies of the Software, and to permit persons to whom the Software is
19 // furnished to do so, subject to the following conditions:
20 //
21 // THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN
22 // ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED
23 // "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
24 // LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
25 // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
26 // HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
27 // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
28 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
29 mike 1.2 //
30 //==============================================================================
31 //
32 // Author: Nag Boranna, Hewlett-Packard Company(nagaraja_boranna@hp.com)
33 //
|
34 david 1.11 // Modified By: Dave Rosckes (rosckes@us.ibm.com)
|
35 a.arora 1.20 // Josephine Eskaline Joyce (jojustin@in.ibm.com) for PEP#101
|
36 sushma.fernandes 1.22 // Sushma Fernandes, Hewlett-Packard Company(sushma_fernandes@hp.com)
|
37 mike 1.2 //
38 //%/////////////////////////////////////////////////////////////////////////////
39
40 #include <Pegasus/Common/System.h>
41 #include <Pegasus/Common/XmlWriter.h>
|
42 kumpf 1.3 #include <Pegasus/Common/Tracer.h>
|
43 kumpf 1.7 #include <Pegasus/Common/PegasusVersion.h>
44
|
45 mike 1.2 #include <Pegasus/Config/ConfigManager.h>
|
46 kumpf 1.6
47 #include "LocalAuthenticationHandler.h"
48 #include "BasicAuthenticationHandler.h"
|
49 mike 1.2 #include "AuthenticationManager.h"
50
|
51 a.arora 1.20 #include <Pegasus/Common/AutoPtr.h>
52
|
53 gerarda 1.12 #ifdef PEGASUS_KERBEROS_AUTHENTICATION
|
54 gerarda 1.16 #include "KerberosAuthenticationHandler.h"
|
55 gerarda 1.12 #endif
56
57
|
58 mike 1.2 PEGASUS_USING_STD;
59
60 PEGASUS_NAMESPACE_BEGIN
61
62 //
63 // Constructor
64 //
65 AuthenticationManager::AuthenticationManager()
66 {
|
67 kumpf 1.6 PEG_METHOD_ENTER(
68 TRC_AUTHENTICATION, "AuthenticationManager::AuthenticationManager()");
|
69 kumpf 1.3
|
70 mike 1.2 //
|
71 kumpf 1.6 // get authentication handlers
|
72 mike 1.2 //
73 _localAuthHandler = _getLocalAuthHandler();
74
75 _httpAuthHandler = _getHttpAuthHandler();
76
|
77 kumpf 1.6 PEG_METHOD_EXIT();
|
78 mike 1.2 }
79
80 //
81 // Destructor
82 //
83 AuthenticationManager::~AuthenticationManager()
84 {
|
85 kumpf 1.6 PEG_METHOD_ENTER(
86 TRC_AUTHENTICATION, "AuthenticationManager::~AuthenticationManager()");
|
87 kumpf 1.3
|
88 mike 1.2 //
|
89 kumpf 1.6 // delete authentication handlers
|
90 mike 1.2 //
|
91 kumpf 1.6 if ( _localAuthHandler )
|
92 mike 1.2 {
93 delete _localAuthHandler;
94 }
|
95 kumpf 1.6 if ( _httpAuthHandler )
|
96 mike 1.2 {
97 delete _httpAuthHandler;
98 }
|
99 kumpf 1.3
|
100 kumpf 1.6 PEG_METHOD_EXIT();
|
101 mike 1.2 }
102
103 //
104 // Perform http authentication
105 //
106 Boolean AuthenticationManager::performHttpAuthentication
107 (
|
108 kumpf 1.3 const String& authHeader,
|
109 mike 1.2 AuthenticationInfo* authInfo
110 )
111 {
|
112 kumpf 1.6 PEG_METHOD_ENTER(
113 TRC_AUTHENTICATION, "AuthenticationManager::performHttpAuthentication()");
|
114 kumpf 1.3
|
115 kumpf 1.6 String authType = String::EMPTY;
|
116 kumpf 1.3
|
117 mike 1.2 String cookie = String::EMPTY;
118
|
119 david 1.11 Logger::put(Logger::STANDARD_LOG, System::CIMSERVER, Logger::TRACE,
120 "AuthenticationManager:: performHttpAuthentication - Authority Header: $0", authHeader);
121
|
122 mike 1.2 //
|
123 kumpf 1.6 // Parse the HTTP authentication header for authentication information
|
124 mike 1.2 //
|
125 kumpf 1.6 if ( !_parseHttpAuthHeader(authHeader, authType, cookie) )
|
126 mike 1.2 {
|
127 kumpf 1.6 PEG_METHOD_EXIT();
|
128 kumpf 1.5 return false;
|
129 mike 1.2 }
130
|
131 kumpf 1.6 Boolean authenticated = false;
|
132 mike 1.2
133 //
|
134 kumpf 1.6 // Check the authenticationinformation and do the authentication
|
135 mike 1.2 //
|
136 kumpf 1.6 if ( String::equalNoCase(authType, "Basic") &&
137 String::equalNoCase(_httpAuthType, "Basic") )
|
138 mike 1.2 {
139 authenticated = _httpAuthHandler->authenticate(cookie, authInfo);
140 }
|
141 gerarda 1.12 #ifdef PEGASUS_KERBEROS_AUTHENTICATION
142 else if ( String::equalNoCase(authType, "Negotiate") &&
143 String::equalNoCase(_httpAuthType, "Kerberos") )
144 {
145 authenticated = _httpAuthHandler->authenticate(cookie, authInfo);
146 }
147 #endif
|
148 kumpf 1.8 // FUTURE: Add code to check for "Digest" when digest
|
149 kumpf 1.6 // authentication is implemented.
|
150 mike 1.2
|
151 kumpf 1.6 if ( authenticated )
|
152 mike 1.2 {
|
153 kumpf 1.6 authInfo->setAuthStatus(AuthenticationInfoRep::AUTHENTICATED);
|
154 kumpf 1.4
|
155 kumpf 1.6 authInfo->setAuthType(authType);
|
156 mike 1.2 }
157
|
158 kumpf 1.6 PEG_METHOD_EXIT();
|
159 kumpf 1.3
|
160 mike 1.2 return ( authenticated );
161 }
162
163 //
164 // Perform pegasus sepcific local authentication
165 //
166 Boolean AuthenticationManager::performPegasusAuthentication
167 (
|
168 kumpf 1.3 const String& authHeader,
|
169 mike 1.2 AuthenticationInfo* authInfo
170 )
171 {
|
172 kumpf 1.6 PEG_METHOD_ENTER(
173 TRC_AUTHENTICATION, "AuthenticationManager::performPegasusAuthentication()");
|
174 kumpf 1.3
|
175 mike 1.2 Boolean authenticated = false;
176
177 String authType = String::EMPTY;
178 String userName = String::EMPTY;
179 String cookie = String::EMPTY;
|
180 david 1.11
181 Logger::put(Logger::STANDARD_LOG, System::CIMSERVER, Logger::TRACE,
182 "AuthenticationManager:: performPegasusAuthentication - Authority Header: $0",
183 authHeader);
|
184 mike 1.2
185 //
|
186 kumpf 1.6 // Parse the pegasus authentication header authentication information
|
187 mike 1.2 //
|
188 kumpf 1.6 if ( !_parseLocalAuthHeader(authHeader, authType, userName, cookie) )
189 {
190 PEG_METHOD_EXIT();
191 return false;
192 }
|
193 mike 1.2
|
194 kumpf 1.6 //
195 // Note: Pegasus LocalPrivileged authentication is not being used, but the
196 // code is kept here so that we can use it in the future if needed.
197 //
198 #if defined(PEGASUS_LOCAL_PRIVILEGED_AUTHENTICATION)
|
199 kumpf 1.5 if ( String::equalNoCase(authType, "LocalPrivileged") )
200 {
201 if (authInfo->isAuthenticated() && authInfo->isPrivileged() &&
202 String::equal(userName, authInfo->getAuthenticatedUser()))
203 {
|
204 kumpf 1.6 PEG_METHOD_EXIT();
|
205 kumpf 1.5 return true;
206 }
207 }
|
208 kumpf 1.6 #endif
209
210 if ( String::equalNoCase(authType, "Local") )
|
211 kumpf 1.5 {
212 if (authInfo->isAuthenticated() &&
213 String::equal(userName, authInfo->getAuthenticatedUser()))
214 {
|
215 kumpf 1.6 PEG_METHOD_EXIT();
|
216 kumpf 1.5 return true;
217 }
218 }
219 else
|
220 mike 1.2 {
|
221 kumpf 1.6 PEG_METHOD_EXIT();
|
222 kumpf 1.5 return false;
|
223 mike 1.2 }
224
225 //
226 // Check if the authentication information is present
227 //
|
228 kumpf 1.6 if ( String::equal(cookie, String::EMPTY) )
|
229 mike 1.2 {
|
230 kumpf 1.6 PEG_METHOD_EXIT();
|
231 mike 1.2 return false;
232 }
233
234 authenticated =
235 _localAuthHandler->authenticate(cookie, authInfo);
236
|
237 kumpf 1.6 if ( authenticated )
|
238 mike 1.2 {
|
239 kumpf 1.6 authInfo->setAuthStatus(AuthenticationInfoRep::AUTHENTICATED);
|
240 mike 1.2
|
241 kumpf 1.6 #if defined(PEGASUS_LOCAL_PRIVILEGED_AUTHENTICATION)
|
242 mike 1.2 if ( String::equal(authType, "LocalPrivileged") )
243 {
244 authInfo->setPrivileged(true);
245 }
246 else
247 {
248 authInfo->setPrivileged(false);
249 }
|
250 kumpf 1.6 #endif
|
251 kumpf 1.4
252 authInfo->setAuthType(authType);
|
253 mike 1.2 }
254
|
255 kumpf 1.6 PEG_METHOD_EXIT();
|
256 kumpf 1.3
|
257 mike 1.2 return ( authenticated );
258 }
259
260 //
|
261 sushma.fernandes 1.22 // Validate user.
262 //
263 Boolean AuthenticationManager::validateUserForHttpAuth (const String& userName)
264 {
265 return _httpAuthHandler->validateUser(userName);
266 }
267
268 //
|
269 mike 1.2 // Get pegasus/local authentication response header
270 //
271 String AuthenticationManager::getPegasusAuthResponseHeader
272 (
|
273 kumpf 1.3 const String& authHeader,
|
274 mike 1.2 AuthenticationInfo* authInfo
275 )
276 {
|
277 kumpf 1.6 PEG_METHOD_ENTER(
278 TRC_AUTHENTICATION, "AuthenticationManager::getPegasusAuthResponseHeader()");
|
279 kumpf 1.3
|
280 kumpf 1.6 String respHeader = String::EMPTY;
|
281 kumpf 1.3
|
282 mike 1.2 String authType = String::EMPTY;
283 String userName = String::EMPTY;
284 String cookie = String::EMPTY;
285
286 //
|
287 kumpf 1.6 // Parse the pegasus authentication header authentication information
|
288 mike 1.2 //
|
289 kumpf 1.6 if ( !_parseLocalAuthHeader(authHeader, authType, userName, cookie) )
290 {
291 PEG_METHOD_EXIT();
292 return (respHeader);
293 }
|
294 mike 1.2
295 //
|
296 kumpf 1.6 // User name can not be empty
|
297 mike 1.2 //
|
298 kumpf 1.6 if ( String::equal(userName, String::EMPTY) )
|
299 mike 1.2 {
|
300 kumpf 1.6 PEG_METHOD_EXIT();
301 return (respHeader);
|
302 mike 1.2 }
303
|
304 kumpf 1.6 respHeader =
305 _localAuthHandler->getAuthResponseHeader(authType, userName, authInfo);
306
307 PEG_METHOD_EXIT();
308
309 return (respHeader);
|
310 kumpf 1.3
|
311 mike 1.2 }
312
313 //
314 // Get HTTP authentication response header
315 //
|
316 gerarda 1.12 #ifdef PEGASUS_KERBEROS_AUTHENTICATION
317 String AuthenticationManager::getHttpAuthResponseHeader( AuthenticationInfo* authInfo )
318 #else
|
319 mike 1.2 String AuthenticationManager::getHttpAuthResponseHeader()
|
320 gerarda 1.12 #endif
|
321 mike 1.2 {
|
322 kumpf 1.6 PEG_METHOD_ENTER(
323 TRC_AUTHENTICATION, "AuthenticationManager::getHttpAuthResponseHeader()");
|
324 kumpf 1.3
|
325 gerarda 1.12 #ifdef PEGASUS_KERBEROS_AUTHENTICATION
326 String respHeader = _httpAuthHandler->getAuthResponseHeader(
327 String::EMPTY, String::EMPTY, authInfo);
328 #else
|
329 kumpf 1.6 String respHeader = _httpAuthHandler->getAuthResponseHeader();
|
330 gerarda 1.12 #endif
|
331 kumpf 1.3
|
332 kumpf 1.6 PEG_METHOD_EXIT();
|
333 kumpf 1.3
|
334 kumpf 1.6 return (respHeader);
|
335 mike 1.2 }
336
337 //
|
338 kumpf 1.6 // parse the local authentication header
|
339 mike 1.2 //
|
340 kumpf 1.6 Boolean AuthenticationManager::_parseLocalAuthHeader(
|
341 kumpf 1.3 const String& authHeader, String& authType, String& userName, String& cookie)
|
342 mike 1.2 {
|
343 kumpf 1.6 PEG_METHOD_ENTER(
344 TRC_AUTHENTICATION, "AuthenticationManager::_parseLocalAuthHeader()");
|
345 kumpf 1.3
|
346 kumpf 1.6 //
347 // Extract the authentication type:
348 //
349 Uint32 space = authHeader.find(' ');
|
350 kumpf 1.3
|
351 kumpf 1.10 if ( space == PEG_NOT_FOUND )
|
352 mike 1.2 {
|
353 kumpf 1.6 PEG_METHOD_EXIT();
354 return false;
|
355 mike 1.2 }
356
|
357 kumpf 1.6 authType = authHeader.subString(0, space);
358
359 Uint32 startQuote = authHeader.find(space, '"');
360
361 if ( startQuote == PEG_NOT_FOUND )
|
362 mike 1.2 {
|
363 kumpf 1.6 PEG_METHOD_EXIT();
364 return false;
|
365 mike 1.2 }
366
367 Uint32 endQuote = authHeader.find(startQuote + 1, '"');
|
368 kumpf 1.6
369 if ( endQuote == PEG_NOT_FOUND )
|
370 mike 1.2 {
|
371 kumpf 1.6 PEG_METHOD_EXIT();
372 return false;
|
373 mike 1.2 }
374
375 String temp = authHeader.subString(
376 startQuote + 1, (endQuote - startQuote - 1));
377
|
378 kumpf 1.6 //
379 // Extract the user name and cookie:
380 //
381 Uint32 colon = temp.find(0, ':');
|
382 mike 1.2
|
383 kumpf 1.6 if ( colon == PEG_NOT_FOUND )
|
384 mike 1.2 {
385 userName = temp;
386 }
387 else
388 {
|
389 kumpf 1.6 userName = temp.subString(0, colon);
|
390 mike 1.2 cookie = temp;
391 }
|
392 kumpf 1.3
|
393 kumpf 1.6 PEG_METHOD_EXIT();
394
395 return true;
|
396 mike 1.2 }
397
398 //
|
399 kumpf 1.6 // parse the HTTP authentication header
400 //
401 Boolean AuthenticationManager::_parseHttpAuthHeader(
402 const String& authHeader, String& authType, String& cookie)
403 {
404 PEG_METHOD_ENTER(
405 TRC_AUTHENTICATION, "AuthenticationManager::_parseHttpAuthHeader()");
406
407 //
408 // Extract the authentication type:
409 //
410 Uint32 space = authHeader.find(' ');
411
|
412 kumpf 1.10 if ( space == PEG_NOT_FOUND )
|
413 kumpf 1.6 {
414 PEG_METHOD_EXIT();
415 return false;
416 }
417
418 authType = authHeader.subString(0, space);
419
420 //
421 // Extract the cookie:
422 //
423 cookie = authHeader.subString(space + 1);
424
425 PEG_METHOD_EXIT();
426
427 return true;
428 }
429 //
|
430 mike 1.2 // Get local authentication handler
431 //
432 Authenticator* AuthenticationManager::_getLocalAuthHandler()
433 {
|
434 kumpf 1.6 PEG_METHOD_ENTER(
435 TRC_AUTHENTICATION, "AuthenticationManager::_getLocalAuthHandler()");
|
436 kumpf 1.3
|
437 kumpf 1.6 PEG_METHOD_EXIT();
|
438 mike 1.2 //
439 // create and return a local authentication handler.
440 //
441 return (new LocalAuthenticationHandler());
442 }
443
444
445 //
446 // Get Http authentication handler
447 //
448 Authenticator* AuthenticationManager::_getHttpAuthHandler()
449 {
|
450 kumpf 1.6 PEG_METHOD_ENTER(
451 TRC_AUTHENTICATION, "AuthenticationManager::_getHttpAuthHandler()");
|
452 a.arora 1.20 AutoPtr<Authenticator> handler;
|
453 mike 1.2
454 //
|
455 kumpf 1.6 // get the configured authentication type
|
456 mike 1.2 //
|
457 a.arora 1.20 AutoPtr<ConfigManager> configManager(ConfigManager::getInstance());
|
458 mike 1.2
|
459 kumpf 1.6 _httpAuthType = configManager->getCurrentValue("httpAuthType");
|
460 a.arora 1.20 configManager.release();
|
461 mike 1.2 //
|
462 kumpf 1.6 // create a authentication handler.
|
463 mike 1.2 //
|
464 kumpf 1.6 if ( String::equalNoCase(_httpAuthType, "Basic") )
|
465 mike 1.2 {
|
466 a.arora 1.20 handler.reset((Authenticator* ) new BasicAuthenticationHandler( ));
|
467 mike 1.2 }
|
468 gerarda 1.12 #ifdef PEGASUS_KERBEROS_AUTHENTICATION
469 else if ( String::equalNoCase(_httpAuthType, "Kerberos") )
470 {
|
471 a.arora 1.20 handler.reset((Authenticator* ) new KerberosAuthenticationHandler( ));
472 AutoPtr<KerberosAuthenticationHandler> kerberosHandler((KerberosAuthenticationHandler *)handler.get());
|
473 gerarda 1.12 int itFailed = kerberosHandler->initialize();
|
474 a.arora 1.20 kerberosHandler.release();
|
475 gerarda 1.12 if (itFailed)
476 {
|
477 a.arora 1.20 if (handler.get())
|
478 gerarda 1.12 {
|
479 a.arora 1.20 handler.reset(0);
|
480 gerarda 1.12 }
|
481 humberto 1.15 // L10N TODO DONE
482 //Logger::put(Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE,
483 //"CIMOM server authentication handler for Kerberos failed to initialize properly. The CIMOM server is not started.");
484 Logger::put_l(Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE,
485 "Security.Authentication.AuthenticationManager.AUTHENTICATION_HANDLER_KERBEROS_FAILED_TO_INITIALIZE",
|
486 gerarda 1.13 "CIMOM server authentication handler for Kerberos failed to initialize properly. The CIMOM server is not started.");
|
487 gerarda 1.17 // end the server because Kerberos could not initialized.
488 MessageLoaderParms parms( "Security.Authentication.AuthenticationManager.AUTHENTICATION_HANDLER_KERBEROS_FAILED_TO_INITIALIZE",
489 "CIMOM server authentication handler for Kerberos failed to initialize properly. The CIMOM server is not started.");
490 throw Exception(parms);
|
491 gerarda 1.12 }
492 }
493 #endif
|
494 kumpf 1.8 // FUTURE: uncomment these line when Digest authentication
|
495 kumpf 1.6 // is implemented.
496 //
497 //else if (String::equalNoCase(_httpAuthType, "Digest"))
|
498 mike 1.2 //{
499 // handler = (Authenticator* ) new DigestAuthenticationHandler( );
500 //}
|
501 kumpf 1.6 else
502 {
503 //
504 // This should never happen. Gets here only if Security Config
505 // property owner has not validated the configured http auth type.
506 //
507 PEGASUS_ASSERT(0);
508 }
|
509 mike 1.2
|
510 kumpf 1.6 PEG_METHOD_EXIT();
|
511 a.arora 1.20 return ( handler.release() );
|
512 mike 1.2 }
513
514
515 PEGASUS_NAMESPACE_END
516
|