1 mike 1.2 //%/////////////////////////////////////////////////////////////////////////////
2 //
3 // Copyright (c) 2000, 2001 BMC Software, Hewlett-Packard Company, IBM,
4 // The Open Group, Tivoli Systems
5 //
6 // Permission is hereby granted, free of charge, to any person obtaining a
7 // copy of this software and associated documentation files (the "Software"),
8 // to deal in the Software without restriction, including without limitation
9 // the rights to use, copy, modify, merge, publish, distribute, sublicense,
10 // and/or sell copies of the Software, and to permit persons to whom the
11 // Software is furnished to do so, subject to the following conditions:
12 //
13 // The above copyright notice and this permission notice shall be included in
14 // all copies of substantial portions of this software.
15 //
16 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 // IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 // FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 // THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
21 // FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
22 mike 1.2 // DEALINGS IN THE SOFTWARE.
23 //
24 //==============================================================================
25 //
26 // Author: Nag Boranna, Hewlett-Packard Company(nagaraja_boranna@hp.com)
27 //
28 // Modified By:
29 //
30 //%/////////////////////////////////////////////////////////////////////////////
31
32 #include <Pegasus/Common/System.h>
33 #include <Pegasus/Common/XmlWriter.h>
34 #include <Pegasus/Common/Destroyer.h>
|
35 kumpf 1.3 #include <Pegasus/Common/Tracer.h>
|
36 mike 1.2 #include <Pegasus/Config/ConfigManager.h>
37 #include <Pegasus/Security/Authentication/LocalAuthenticationHandler.h>
38 #include <Pegasus/Security/Authentication/BasicAuthenticationHandler.h>
39 #include "AuthenticationManager.h"
40
41 PEGASUS_USING_STD;
42
43 PEGASUS_NAMESPACE_BEGIN
44
45 //
46 // Constructor
47 //
48 AuthenticationManager::AuthenticationManager()
49 {
|
50 kumpf 1.3 const char METHOD_NAME[] = "AuthenticationManager::AuthenticationManager()";
51
52 PEG_FUNC_ENTER(TRC_AUTHENTICATION, METHOD_NAME);
53
|
54 mike 1.2 //
55 // get authentication handler
56 //
57 _localAuthHandler = _getLocalAuthHandler();
58
59 _httpAuthHandler = _getHttpAuthHandler();
60
61 //
62 // Build the Basic authentication challenge header
63 // "hostname" + ":" + "portNo" using the hostname and port number
64 //
65
66 //
67 // get the local system name
68 //
69 _realm.assign(System::getHostName());
70
71 //
72 // get the configured port number
73 //
74 ConfigManager* configManager = ConfigManager::getInstance();
75 mike 1.2
76 String port = configManager->getCurrentValue("port");
77
78 _realm.append(":");
79 _realm.append(port);
80
|
81 kumpf 1.3 PEG_FUNC_EXIT(TRC_AUTHENTICATION, METHOD_NAME);
|
82 mike 1.2 }
83
84 //
85 // Destructor
86 //
87 AuthenticationManager::~AuthenticationManager()
88 {
|
89 kumpf 1.3 const char METHOD_NAME[] = "AuthenticationManager::~AuthenticationManager()";
90
91 PEG_FUNC_ENTER(TRC_AUTHENTICATION, METHOD_NAME);
92
|
93 mike 1.2 //
94 // delete authentication handler
95 //
96 if (_localAuthHandler)
97 {
98 delete _localAuthHandler;
99 }
100 if (_httpAuthHandler)
101 {
102 delete _httpAuthHandler;
103 }
|
104 kumpf 1.3
105 PEG_FUNC_EXIT(TRC_AUTHENTICATION, METHOD_NAME);
|
106 mike 1.2 }
107
108 //
109 // Perform http authentication
110 //
111 Boolean AuthenticationManager::performHttpAuthentication
112 (
|
113 kumpf 1.3 const String& authHeader,
|
114 mike 1.2 AuthenticationInfo* authInfo
115 )
116 {
|
117 kumpf 1.3 const char METHOD_NAME[] = "AuthenticationManager::performHttpAuthentication()";
118
119 PEG_FUNC_ENTER(TRC_AUTHENTICATION, METHOD_NAME);
120
|
121 mike 1.2 Boolean authenticated = false;
122
123 String type = String::EMPTY;
124 String userName = String::EMPTY;
125 String cookie = String::EMPTY;
126
127 //
128 // Check whether the auth header has the authentication
129 // information or not and call authentication handlers
130 // authenticate method.
131 //
132 _parseAuthHeader(authHeader, type, userName, cookie);
133
134 //
135 // Check if the user is already authenticated
136 //
|
137 kumpf 1.4 if (authInfo->isAuthenticated() && authInfo->isPrivileged() &&
138 String::equal(userName, authInfo->getAuthenticatedUser()))
|
139 mike 1.2 {
|
140 kumpf 1.3 PEG_FUNC_EXIT(TRC_AUTHENTICATION, METHOD_NAME);
|
141 mike 1.2 return true;
142 }
143
144 //
145 // get the configured authentication type
146 //
147 ConfigManager* configManager = ConfigManager::getInstance();
148
149 String authType = configManager->getCurrentValue("httpAuthType");
150
151 //
152 // Check whether the auth header has the authentication
153 // information or not.
154 //
155 if (String::equalNoCase(authHeader, "Basic"))
156 {
157 //
158 // Check if Basic authentication is supported or not.
159 //
160 if (!String::equalNoCase(authType, "Basic"))
161 {
162 mike 1.2 // ATTN: Log basic authentication not supported message
|
163 kumpf 1.3 PEG_FUNC_EXIT(TRC_AUTHENTICATION, METHOD_NAME);
|
164 mike 1.2 return ( authenticated );
165 }
166
167 Uint32 pos = authHeader.find("Basic");
168
169 if (authHeader.size() > (pos + 5))
170 {
171 cookie = authHeader.subString(pos + 6);
172 }
173
174 authenticated = _httpAuthHandler->authenticate(cookie, authInfo);
175 }
176 // else ATTN: add code for digest authentication
177
178 // else ATTN: Log authentication type not supported message
179
180 if (authenticated)
181 {
182 authInfo->setAuthStatus(AuthenticationInfo::AUTHENTICATED);
|
183 kumpf 1.4
184 authInfo->setAuthType(type);
|
185 mike 1.2 }
186
|
187 kumpf 1.3 PEG_FUNC_EXIT(TRC_AUTHENTICATION, METHOD_NAME);
188
|
189 mike 1.2 return ( authenticated );
190 }
191
192 //
193 // Perform pegasus sepcific local authentication
194 //
195 Boolean AuthenticationManager::performPegasusAuthentication
196 (
|
197 kumpf 1.3 const String& authHeader,
|
198 mike 1.2 AuthenticationInfo* authInfo
199 )
200 {
|
201 kumpf 1.3 const char METHOD_NAME[] = "AuthenticationManager::performPegasusAuthentication()";
202
203 PEG_FUNC_ENTER(TRC_AUTHENTICATION, METHOD_NAME);
204
|
205 mike 1.2 Boolean authenticated = false;
206
207 String authType = String::EMPTY;
208 String userName = String::EMPTY;
209 String cookie = String::EMPTY;
210
211 //
212 // Check whether the auth header has the authentication
213 // information or not and call authentication handlers
214 // authenticate method.
215 //
216 _parseAuthHeader(authHeader, authType, userName, cookie);
217
218
219 //
220 // Check if the user is already authenticated
221 //
|
222 kumpf 1.4 if (authInfo->isAuthenticated() && authInfo->isPrivileged() &&
223 String::equal(userName, authInfo->getAuthenticatedUser()))
|
224 mike 1.2 {
|
225 kumpf 1.3 PEG_FUNC_EXIT(TRC_AUTHENTICATION, METHOD_NAME);
|
226 mike 1.2 return true;
227 }
228
229 //
230 // Check if the authentication information is present
231 //
232 if (String::equal(cookie, String::EMPTY))
233 {
|
234 kumpf 1.3 PEG_FUNC_EXIT(TRC_AUTHENTICATION, METHOD_NAME);
|
235 mike 1.2 return false;
236 }
237
238 authenticated =
239 _localAuthHandler->authenticate(cookie, authInfo);
240
241 if (authenticated)
242 {
243 authInfo->setAuthStatus(AuthenticationInfo::AUTHENTICATED);
244
245 if ( String::equal(authType, "LocalPrivileged") )
246 {
247 authInfo->setPrivileged(true);
248 }
249 else
250 {
251 authInfo->setPrivileged(false);
252 }
|
253 kumpf 1.4
254 authInfo->setAuthType(authType);
|
255 mike 1.2 }
256
|
257 kumpf 1.3 PEG_FUNC_EXIT(TRC_AUTHENTICATION, METHOD_NAME);
258
|
259 mike 1.2 return ( authenticated );
260 }
261
262 //
263 // Get pegasus/local authentication response header
264 //
265 String AuthenticationManager::getPegasusAuthResponseHeader
266 (
|
267 kumpf 1.3 const String& authHeader,
|
268 mike 1.2 AuthenticationInfo* authInfo
269 )
270 {
|
271 kumpf 1.3 const char METHOD_NAME[] = "AuthenticationManager::getPegasusAuthResponseHeader()";
272
273 PEG_FUNC_ENTER(TRC_AUTHENTICATION, METHOD_NAME);
274
|
275 mike 1.2 String authType = String::EMPTY;
276 String userName = String::EMPTY;
277 String cookie = String::EMPTY;
278
279 //
280 // Check whether the auth header has the authentication
281 // information or not and call authentication handlers
282 // authenticate method.
283 //
284 _parseAuthHeader(authHeader, authType, userName, cookie);
285
286 //
287 // Check if the authentication information is present
288 //
289 if (String::equal(userName, String::EMPTY))
290 {
291 //
292 // User name can not be empty
293 //
294 // ATTN: throw an exception
|
295 kumpf 1.3 PEG_FUNC_EXIT(TRC_AUTHENTICATION, METHOD_NAME);
|
296 mike 1.2 return (String::EMPTY);
297 }
298
|
299 kumpf 1.3 PEG_FUNC_EXIT(TRC_AUTHENTICATION, METHOD_NAME);
300
301 return(_localAuthHandler->getAuthResponseHeader(authType, userName, authInfo));
|
302 mike 1.2 }
303
304 //
305 // Get HTTP authentication response header
306 //
307 String AuthenticationManager::getHttpAuthResponseHeader()
308 {
|
309 kumpf 1.3 const char METHOD_NAME[] = "AuthenticationManager::getHttpAuthResponseHeader()";
310
311 PEG_FUNC_ENTER(TRC_AUTHENTICATION, METHOD_NAME);
312
313 PEG_FUNC_EXIT(TRC_AUTHENTICATION, METHOD_NAME);
314
|
315 mike 1.2 return (_httpAuthHandler->getAuthResponseHeader(_realm));
316 }
317
318 //
319 // parse the authentication header
320 //
321 void AuthenticationManager::_parseAuthHeader(
|
322 kumpf 1.3 const String& authHeader, String& authType, String& userName, String& cookie)
|
323 mike 1.2 {
|
324 kumpf 1.3 const char METHOD_NAME[] = "AuthenticationManager::_parseAuthHeader()";
325
326 PEG_FUNC_ENTER(TRC_AUTHENTICATION, METHOD_NAME);
327
|
328 mike 1.2 Uint32 pos;
329
330 if ( (pos = authHeader.find("LocalPrivileged")) == PEG_NOT_FOUND )
331 {
332 if ( (pos = authHeader.find("Local")) == PEG_NOT_FOUND )
333 {
334 //
335 //Invalid authorization header
336 //
337 //ATTN: throw exception
|
338 kumpf 1.3 PEG_FUNC_EXIT(TRC_AUTHENTICATION, METHOD_NAME);
|
339 mike 1.2 return;
340 }
341 }
342
343 Uint32 startQuote = authHeader.find(pos, '"');
344 if (startQuote == PEG_NOT_FOUND)
345 {
346 //
347 //Invalid authorization header
348 //
349 //ATTN: throw exception
|
350 kumpf 1.3 PEG_FUNC_EXIT(TRC_AUTHENTICATION, METHOD_NAME);
|
351 mike 1.2 return;
352 }
353
354 Uint32 endQuote = authHeader.find(startQuote + 1, '"');
355 if (endQuote == PEG_NOT_FOUND)
356 {
357 //
358 //Invalid authorization header
359 //
360 //ATTN: throw exception
|
361 kumpf 1.3 PEG_FUNC_EXIT(TRC_AUTHENTICATION, METHOD_NAME);
|
362 mike 1.2 return;
363 }
364
365 authType = authHeader.subString(pos, (startQuote - pos) - 1);
366
367 String temp = authHeader.subString(
368 startQuote + 1, (endQuote - startQuote - 1));
369
370 Uint32 colonPos;
371
372 if ((colonPos = temp.find(0, ':')) == PEG_NOT_FOUND)
373 {
374 userName = temp;
|
375 kumpf 1.3 PEG_FUNC_EXIT(TRC_AUTHENTICATION, METHOD_NAME);
|
376 mike 1.2 return;
377 }
378 else
379 {
380 userName = temp.subString(0, colonPos);
381 cookie = temp;
382 }
|
383 kumpf 1.3
384 PEG_FUNC_EXIT(TRC_AUTHENTICATION, METHOD_NAME);
|
385 mike 1.2 }
386
387 //
388 // Get local authentication handler
389 //
390 Authenticator* AuthenticationManager::_getLocalAuthHandler()
391 {
|
392 kumpf 1.3 const char METHOD_NAME[] = "AuthenticationManager::_getLocalAuthHandler()";
393
394 PEG_FUNC_ENTER(TRC_AUTHENTICATION, METHOD_NAME);
395
396 PEG_FUNC_EXIT(TRC_AUTHENTICATION, METHOD_NAME);
|
397 mike 1.2 //
398 // create and return a local authentication handler.
399 //
400 return (new LocalAuthenticationHandler());
401 }
402
403
404 //
405 // Get Http authentication handler
406 //
407 Authenticator* AuthenticationManager::_getHttpAuthHandler()
408 {
|
409 kumpf 1.3 const char METHOD_NAME[] = "AuthenticationManager::_getHttpAuthHandler()";
410
411 PEG_FUNC_ENTER(TRC_AUTHENTICATION, METHOD_NAME);
412
|
413 mike 1.2 Authenticator* handler = 0;
414
415 //
416 // get the configured/default authentication type
417 //
418 ConfigManager* configManager = ConfigManager::getInstance();
419
420 String authType = configManager->getCurrentValue("httpAuthType");
421
422 //
423 // If Basic authentication is configured then
424 // create a basic authentication handler.
425 //
426 if (String::equal(authType, "Basic"))
427 {
428 handler = (Authenticator* ) new BasicAuthenticationHandler( );
429 }
430
431 //ATTN: add support for Digest authentication.
432 //else if (authType.equalNoCase("Digest"))
433 //{
434 mike 1.2 // handler = (Authenticator* ) new DigestAuthenticationHandler( );
435 //}
436
|
437 kumpf 1.3 PEG_FUNC_EXIT(TRC_AUTHENTICATION, METHOD_NAME);
438
|
439 mike 1.2 return ( handler );
440 }
441
442
443 PEGASUS_NAMESPACE_END
444
|