1 karl 1.23 //%2006////////////////////////////////////////////////////////////////////////
|
2 mike 1.2 //
|
3 karl 1.19 // Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development
4 // Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems.
5 // Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.;
|
6 karl 1.18 // IBM Corp.; EMC Corporation, The Open Group.
|
7 karl 1.19 // Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.;
8 // IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group.
|
9 karl 1.21 // Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.;
10 // EMC Corporation; VERITAS Software Corporation; The Open Group.
|
11 karl 1.23 // Copyright (c) 2006 Hewlett-Packard Development Company, L.P.; IBM Corp.;
12 // EMC Corporation; Symantec Corporation; The Open Group.
|
13 mike 1.2 //
|
14 kumpf 1.9 // Permission is hereby granted, free of charge, to any person obtaining a copy
15 // of this software and associated documentation files (the "Software"), to
16 // deal in the Software without restriction, including without limitation the
17 // rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
18 // sell copies of the Software, and to permit persons to whom the Software is
19 // furnished to do so, subject to the following conditions:
20 //
21 // THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN
22 // ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED
23 // "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
24 // LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
25 // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
26 // HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
27 // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
28 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
29 mike 1.2 //
30 //==============================================================================
31 //
32 // Author: Nag Boranna, Hewlett-Packard Company(nagaraja_boranna@hp.com)
33 //
|
34 david 1.11 // Modified By: Dave Rosckes (rosckes@us.ibm.com)
|
35 a.arora 1.20 // Josephine Eskaline Joyce (jojustin@in.ibm.com) for PEP#101
|
36 sushma.fernandes 1.22 // Sushma Fernandes, Hewlett-Packard Company(sushma_fernandes@hp.com)
|
37 mike 1.2 //
38 //%/////////////////////////////////////////////////////////////////////////////
39
40 #include <Pegasus/Common/System.h>
41 #include <Pegasus/Common/XmlWriter.h>
|
42 kumpf 1.3 #include <Pegasus/Common/Tracer.h>
|
43 kumpf 1.7 #include <Pegasus/Common/PegasusVersion.h>
44
|
45 mike 1.2 #include <Pegasus/Config/ConfigManager.h>
|
46 kumpf 1.6
47 #include "LocalAuthenticationHandler.h"
48 #include "BasicAuthenticationHandler.h"
|
49 mike 1.2 #include "AuthenticationManager.h"
50
|
51 a.arora 1.20 #include <Pegasus/Common/AutoPtr.h>
52
|
53 gerarda 1.12 #ifdef PEGASUS_KERBEROS_AUTHENTICATION
|
54 gerarda 1.16 #include "KerberosAuthenticationHandler.h"
|
55 gerarda 1.12 #endif
56
57
|
58 mike 1.2 PEGASUS_USING_STD;
59
60 PEGASUS_NAMESPACE_BEGIN
61
62 //
63 // Constructor
64 //
65 AuthenticationManager::AuthenticationManager()
66 {
|
67 kumpf 1.6 PEG_METHOD_ENTER(
68 TRC_AUTHENTICATION, "AuthenticationManager::AuthenticationManager()");
|
69 kumpf 1.3
|
70 mike 1.2 //
|
71 kumpf 1.6 // get authentication handlers
|
72 mike 1.2 //
73 _localAuthHandler = _getLocalAuthHandler();
74
75 _httpAuthHandler = _getHttpAuthHandler();
76
|
77 kumpf 1.6 PEG_METHOD_EXIT();
|
78 mike 1.2 }
79
80 //
81 // Destructor
82 //
83 AuthenticationManager::~AuthenticationManager()
84 {
|
85 kumpf 1.6 PEG_METHOD_ENTER(
86 TRC_AUTHENTICATION, "AuthenticationManager::~AuthenticationManager()");
|
87 kumpf 1.3
|
88 mike 1.2 //
|
89 kumpf 1.6 // delete authentication handlers
|
90 mike 1.2 //
|
91 kumpf 1.24 delete _localAuthHandler;
92 delete _httpAuthHandler;
|
93 kumpf 1.3
|
94 kumpf 1.6 PEG_METHOD_EXIT();
|
95 mike 1.2 }
96
97 //
98 // Perform http authentication
99 //
100 Boolean AuthenticationManager::performHttpAuthentication
101 (
|
102 kumpf 1.3 const String& authHeader,
|
103 mike 1.2 AuthenticationInfo* authInfo
104 )
105 {
|
106 kumpf 1.6 PEG_METHOD_ENTER(
107 TRC_AUTHENTICATION, "AuthenticationManager::performHttpAuthentication()");
|
108 kumpf 1.3
|
109 kumpf 1.6 String authType = String::EMPTY;
|
110 kumpf 1.3
|
111 mike 1.2 String cookie = String::EMPTY;
112
|
113 david 1.11 Logger::put(Logger::STANDARD_LOG, System::CIMSERVER, Logger::TRACE,
114 "AuthenticationManager:: performHttpAuthentication - Authority Header: $0", authHeader);
115
|
116 mike 1.2 //
|
117 kumpf 1.6 // Parse the HTTP authentication header for authentication information
|
118 mike 1.2 //
|
119 kumpf 1.6 if ( !_parseHttpAuthHeader(authHeader, authType, cookie) )
|
120 mike 1.2 {
|
121 kumpf 1.6 PEG_METHOD_EXIT();
|
122 kumpf 1.5 return false;
|
123 mike 1.2 }
124
|
125 kumpf 1.6 Boolean authenticated = false;
|
126 mike 1.2
127 //
|
128 kumpf 1.6 // Check the authenticationinformation and do the authentication
|
129 mike 1.2 //
|
130 kumpf 1.6 if ( String::equalNoCase(authType, "Basic") &&
131 String::equalNoCase(_httpAuthType, "Basic") )
|
132 mike 1.2 {
133 authenticated = _httpAuthHandler->authenticate(cookie, authInfo);
134 }
|
135 gerarda 1.12 #ifdef PEGASUS_KERBEROS_AUTHENTICATION
136 else if ( String::equalNoCase(authType, "Negotiate") &&
137 String::equalNoCase(_httpAuthType, "Kerberos") )
138 {
139 authenticated = _httpAuthHandler->authenticate(cookie, authInfo);
140 }
141 #endif
|
142 kumpf 1.8 // FUTURE: Add code to check for "Digest" when digest
|
143 kumpf 1.6 // authentication is implemented.
|
144 mike 1.2
|
145 kumpf 1.6 if ( authenticated )
|
146 mike 1.2 {
|
147 kumpf 1.6 authInfo->setAuthStatus(AuthenticationInfoRep::AUTHENTICATED);
|
148 kumpf 1.4
|
149 kumpf 1.6 authInfo->setAuthType(authType);
|
150 mike 1.2 }
151
|
152 kumpf 1.6 PEG_METHOD_EXIT();
|
153 kumpf 1.3
|
154 mike 1.2 return ( authenticated );
155 }
156
157 //
158 // Perform pegasus sepcific local authentication
159 //
160 Boolean AuthenticationManager::performPegasusAuthentication
161 (
|
162 kumpf 1.3 const String& authHeader,
|
163 mike 1.2 AuthenticationInfo* authInfo
164 )
165 {
|
166 kumpf 1.6 PEG_METHOD_ENTER(
167 TRC_AUTHENTICATION, "AuthenticationManager::performPegasusAuthentication()");
|
168 kumpf 1.3
|
169 mike 1.2 Boolean authenticated = false;
170
171 String authType = String::EMPTY;
172 String userName = String::EMPTY;
173 String cookie = String::EMPTY;
|
174 david 1.11
175 Logger::put(Logger::STANDARD_LOG, System::CIMSERVER, Logger::TRACE,
176 "AuthenticationManager:: performPegasusAuthentication - Authority Header: $0",
177 authHeader);
|
178 mike 1.2
179 //
|
180 kumpf 1.6 // Parse the pegasus authentication header authentication information
|
181 mike 1.2 //
|
182 kumpf 1.6 if ( !_parseLocalAuthHeader(authHeader, authType, userName, cookie) )
183 {
184 PEG_METHOD_EXIT();
185 return false;
186 }
|
187 mike 1.2
|
188 kumpf 1.6 //
189 // Note: Pegasus LocalPrivileged authentication is not being used, but the
190 // code is kept here so that we can use it in the future if needed.
191 //
192 #if defined(PEGASUS_LOCAL_PRIVILEGED_AUTHENTICATION)
|
193 kumpf 1.5 if ( String::equalNoCase(authType, "LocalPrivileged") )
194 {
195 if (authInfo->isAuthenticated() && authInfo->isPrivileged() &&
196 String::equal(userName, authInfo->getAuthenticatedUser()))
197 {
|
198 kumpf 1.6 PEG_METHOD_EXIT();
|
199 kumpf 1.5 return true;
200 }
201 }
|
202 kumpf 1.6 #endif
203
204 if ( String::equalNoCase(authType, "Local") )
|
205 kumpf 1.5 {
206 if (authInfo->isAuthenticated() &&
207 String::equal(userName, authInfo->getAuthenticatedUser()))
208 {
|
209 kumpf 1.6 PEG_METHOD_EXIT();
|
210 kumpf 1.5 return true;
211 }
212 }
213 else
|
214 mike 1.2 {
|
215 kumpf 1.6 PEG_METHOD_EXIT();
|
216 kumpf 1.5 return false;
|
217 mike 1.2 }
218
219 //
220 // Check if the authentication information is present
221 //
|
222 kumpf 1.6 if ( String::equal(cookie, String::EMPTY) )
|
223 mike 1.2 {
|
224 kumpf 1.6 PEG_METHOD_EXIT();
|
225 mike 1.2 return false;
226 }
227
228 authenticated =
229 _localAuthHandler->authenticate(cookie, authInfo);
230
|
231 kumpf 1.6 if ( authenticated )
|
232 mike 1.2 {
|
233 kumpf 1.6 authInfo->setAuthStatus(AuthenticationInfoRep::AUTHENTICATED);
|
234 mike 1.2
|
235 kumpf 1.6 #if defined(PEGASUS_LOCAL_PRIVILEGED_AUTHENTICATION)
|
236 mike 1.2 if ( String::equal(authType, "LocalPrivileged") )
237 {
238 authInfo->setPrivileged(true);
239 }
240 else
241 {
242 authInfo->setPrivileged(false);
243 }
|
244 kumpf 1.6 #endif
|
245 kumpf 1.4
246 authInfo->setAuthType(authType);
|
247 mike 1.2 }
248
|
249 kumpf 1.6 PEG_METHOD_EXIT();
|
250 kumpf 1.3
|
251 mike 1.2 return ( authenticated );
252 }
253
254 //
|
255 sushma.fernandes 1.22 // Validate user.
256 //
257 Boolean AuthenticationManager::validateUserForHttpAuth (const String& userName)
258 {
259 return _httpAuthHandler->validateUser(userName);
260 }
261
262 //
|
263 mike 1.2 // Get pegasus/local authentication response header
264 //
265 String AuthenticationManager::getPegasusAuthResponseHeader
266 (
|
267 kumpf 1.3 const String& authHeader,
|
268 mike 1.2 AuthenticationInfo* authInfo
269 )
270 {
|
271 kumpf 1.6 PEG_METHOD_ENTER(
272 TRC_AUTHENTICATION, "AuthenticationManager::getPegasusAuthResponseHeader()");
|
273 kumpf 1.3
|
274 kumpf 1.6 String respHeader = String::EMPTY;
|
275 kumpf 1.3
|
276 mike 1.2 String authType = String::EMPTY;
277 String userName = String::EMPTY;
278 String cookie = String::EMPTY;
279
280 //
|
281 kumpf 1.6 // Parse the pegasus authentication header authentication information
|
282 mike 1.2 //
|
283 kumpf 1.6 if ( !_parseLocalAuthHeader(authHeader, authType, userName, cookie) )
284 {
285 PEG_METHOD_EXIT();
286 return (respHeader);
287 }
|
288 mike 1.2
289 //
|
290 kumpf 1.6 // User name can not be empty
|
291 mike 1.2 //
|
292 kumpf 1.6 if ( String::equal(userName, String::EMPTY) )
|
293 mike 1.2 {
|
294 kumpf 1.6 PEG_METHOD_EXIT();
295 return (respHeader);
|
296 mike 1.2 }
297
|
298 kumpf 1.6 respHeader =
299 _localAuthHandler->getAuthResponseHeader(authType, userName, authInfo);
300
301 PEG_METHOD_EXIT();
302
303 return (respHeader);
|
304 kumpf 1.3
|
305 mike 1.2 }
306
307 //
308 // Get HTTP authentication response header
309 //
|
310 gerarda 1.12 #ifdef PEGASUS_KERBEROS_AUTHENTICATION
311 String AuthenticationManager::getHttpAuthResponseHeader( AuthenticationInfo* authInfo )
312 #else
|
313 mike 1.2 String AuthenticationManager::getHttpAuthResponseHeader()
|
314 gerarda 1.12 #endif
|
315 mike 1.2 {
|
316 kumpf 1.6 PEG_METHOD_ENTER(
317 TRC_AUTHENTICATION, "AuthenticationManager::getHttpAuthResponseHeader()");
|
318 kumpf 1.3
|
319 gerarda 1.12 #ifdef PEGASUS_KERBEROS_AUTHENTICATION
320 String respHeader = _httpAuthHandler->getAuthResponseHeader(
321 String::EMPTY, String::EMPTY, authInfo);
322 #else
|
323 kumpf 1.6 String respHeader = _httpAuthHandler->getAuthResponseHeader();
|
324 gerarda 1.12 #endif
|
325 kumpf 1.3
|
326 kumpf 1.6 PEG_METHOD_EXIT();
|
327 kumpf 1.3
|
328 kumpf 1.6 return (respHeader);
|
329 mike 1.2 }
330
331 //
|
332 kumpf 1.6 // parse the local authentication header
|
333 mike 1.2 //
|
334 kumpf 1.6 Boolean AuthenticationManager::_parseLocalAuthHeader(
|
335 kumpf 1.3 const String& authHeader, String& authType, String& userName, String& cookie)
|
336 mike 1.2 {
|
337 kumpf 1.6 PEG_METHOD_ENTER(
338 TRC_AUTHENTICATION, "AuthenticationManager::_parseLocalAuthHeader()");
|
339 kumpf 1.3
|
340 kumpf 1.6 //
341 // Extract the authentication type:
342 //
343 Uint32 space = authHeader.find(' ');
|
344 kumpf 1.3
|
345 kumpf 1.10 if ( space == PEG_NOT_FOUND )
|
346 mike 1.2 {
|
347 kumpf 1.6 PEG_METHOD_EXIT();
348 return false;
|
349 mike 1.2 }
350
|
351 kumpf 1.6 authType = authHeader.subString(0, space);
352
353 Uint32 startQuote = authHeader.find(space, '"');
354
355 if ( startQuote == PEG_NOT_FOUND )
|
356 mike 1.2 {
|
357 kumpf 1.6 PEG_METHOD_EXIT();
358 return false;
|
359 mike 1.2 }
360
361 Uint32 endQuote = authHeader.find(startQuote + 1, '"');
|
362 kumpf 1.6
363 if ( endQuote == PEG_NOT_FOUND )
|
364 mike 1.2 {
|
365 kumpf 1.6 PEG_METHOD_EXIT();
366 return false;
|
367 mike 1.2 }
368
369 String temp = authHeader.subString(
370 startQuote + 1, (endQuote - startQuote - 1));
371
|
372 kumpf 1.6 //
373 // Extract the user name and cookie:
374 //
375 Uint32 colon = temp.find(0, ':');
|
376 mike 1.2
|
377 kumpf 1.6 if ( colon == PEG_NOT_FOUND )
|
378 mike 1.2 {
379 userName = temp;
380 }
381 else
382 {
|
383 kumpf 1.6 userName = temp.subString(0, colon);
|
384 mike 1.2 cookie = temp;
385 }
|
386 kumpf 1.3
|
387 kumpf 1.6 PEG_METHOD_EXIT();
388
389 return true;
|
390 mike 1.2 }
391
392 //
|
393 kumpf 1.6 // parse the HTTP authentication header
394 //
395 Boolean AuthenticationManager::_parseHttpAuthHeader(
396 const String& authHeader, String& authType, String& cookie)
397 {
398 PEG_METHOD_ENTER(
399 TRC_AUTHENTICATION, "AuthenticationManager::_parseHttpAuthHeader()");
400
401 //
402 // Extract the authentication type:
403 //
404 Uint32 space = authHeader.find(' ');
405
|
406 kumpf 1.10 if ( space == PEG_NOT_FOUND )
|
407 kumpf 1.6 {
408 PEG_METHOD_EXIT();
409 return false;
410 }
411
412 authType = authHeader.subString(0, space);
413
414 //
415 // Extract the cookie:
416 //
417 cookie = authHeader.subString(space + 1);
418
419 PEG_METHOD_EXIT();
420
421 return true;
422 }
423 //
|
424 mike 1.2 // Get local authentication handler
425 //
426 Authenticator* AuthenticationManager::_getLocalAuthHandler()
427 {
|
428 kumpf 1.6 PEG_METHOD_ENTER(
429 TRC_AUTHENTICATION, "AuthenticationManager::_getLocalAuthHandler()");
|
430 kumpf 1.3
|
431 kumpf 1.6 PEG_METHOD_EXIT();
|
432 mike 1.2 //
433 // create and return a local authentication handler.
434 //
435 return (new LocalAuthenticationHandler());
436 }
437
438
439 //
440 // Get Http authentication handler
441 //
442 Authenticator* AuthenticationManager::_getHttpAuthHandler()
443 {
|
444 kumpf 1.6 PEG_METHOD_ENTER(
445 TRC_AUTHENTICATION, "AuthenticationManager::_getHttpAuthHandler()");
|
446 a.arora 1.20 AutoPtr<Authenticator> handler;
|
447 mike 1.2
448 //
|
449 kumpf 1.6 // get the configured authentication type
|
450 mike 1.2 //
|
451 a.arora 1.20 AutoPtr<ConfigManager> configManager(ConfigManager::getInstance());
|
452 mike 1.2
|
453 kumpf 1.6 _httpAuthType = configManager->getCurrentValue("httpAuthType");
|
454 a.arora 1.20 configManager.release();
|
455 mike 1.2 //
|
456 kumpf 1.6 // create a authentication handler.
|
457 mike 1.2 //
|
458 kumpf 1.6 if ( String::equalNoCase(_httpAuthType, "Basic") )
|
459 mike 1.2 {
|
460 a.arora 1.20 handler.reset((Authenticator* ) new BasicAuthenticationHandler( ));
|
461 mike 1.2 }
|
462 gerarda 1.12 #ifdef PEGASUS_KERBEROS_AUTHENTICATION
463 else if ( String::equalNoCase(_httpAuthType, "Kerberos") )
464 {
|
465 a.arora 1.20 handler.reset((Authenticator* ) new KerberosAuthenticationHandler( ));
466 AutoPtr<KerberosAuthenticationHandler> kerberosHandler((KerberosAuthenticationHandler *)handler.get());
|
467 gerarda 1.12 int itFailed = kerberosHandler->initialize();
|
468 a.arora 1.20 kerberosHandler.release();
|
469 gerarda 1.12 if (itFailed)
470 {
|
471 a.arora 1.20 if (handler.get())
|
472 gerarda 1.12 {
|
473 a.arora 1.20 handler.reset(0);
|
474 gerarda 1.12 }
|
475 humberto 1.15 // L10N TODO DONE
476 //Logger::put(Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE,
477 //"CIMOM server authentication handler for Kerberos failed to initialize properly. The CIMOM server is not started.");
478 Logger::put_l(Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE,
479 "Security.Authentication.AuthenticationManager.AUTHENTICATION_HANDLER_KERBEROS_FAILED_TO_INITIALIZE",
|
480 gerarda 1.13 "CIMOM server authentication handler for Kerberos failed to initialize properly. The CIMOM server is not started.");
|
481 gerarda 1.17 // end the server because Kerberos could not initialized.
482 MessageLoaderParms parms( "Security.Authentication.AuthenticationManager.AUTHENTICATION_HANDLER_KERBEROS_FAILED_TO_INITIALIZE",
483 "CIMOM server authentication handler for Kerberos failed to initialize properly. The CIMOM server is not started.");
484 throw Exception(parms);
|
485 gerarda 1.12 }
486 }
487 #endif
|
488 kumpf 1.8 // FUTURE: uncomment these line when Digest authentication
|
489 kumpf 1.6 // is implemented.
490 //
491 //else if (String::equalNoCase(_httpAuthType, "Digest"))
|
492 mike 1.2 //{
493 // handler = (Authenticator* ) new DigestAuthenticationHandler( );
494 //}
|
495 kumpf 1.6 else
496 {
497 //
498 // This should never happen. Gets here only if Security Config
499 // property owner has not validated the configured http auth type.
500 //
501 PEGASUS_ASSERT(0);
502 }
|
503 mike 1.2
|
504 kumpf 1.6 PEG_METHOD_EXIT();
|
505 a.arora 1.20 return ( handler.release() );
|
506 mike 1.2 }
507
508
509 PEGASUS_NAMESPACE_END
510
|