![]() ![]() |
![]() |
File: [Pegasus] / pegasus / src / Pegasus / Security / Authentication / AuthenticationManager.cpp
(download)
Revision: 1.40, Fri Apr 17 13:39:31 2009 UTC (15 years, 2 months ago) by kavita.gupta Branch: MAIN CVS Tags: TASK_PEP317_1JUNE_2013, TASK-PEP348_SCMO-root, TASK-PEP348_SCMO-merged_out_to_branch, TASK-PEP348_SCMO-merged_out_from_trunk, TASK-PEP348_SCMO-merged_in_to_trunk, TASK-PEP348_SCMO-merged_in_from_branch, TASK-PEP348_SCMO-branch, TASK-PEP317_pullop-root, RELEASE_2_12_1-RC1, RELEASE_2_12_1, RELEASE_2_12_0-RC1, RELEASE_2_12_0-FC, RELEASE_2_12_0, RELEASE_2_12-root, RELEASE_2_12-branch, RELEASE_2_11_2-RC1, RELEASE_2_11_2, RELEASE_2_11_1-RC1, RELEASE_2_11_1, RELEASE_2_11_0-RC1, RELEASE_2_11_0-FC, RELEASE_2_11_0, RELEASE_2_11-root, RELEASE_2_11-branch, RELEASE_2_10_1-RC1, RELEASE_2_10_1, RELEASE_2_10_0-RC2, RELEASE_2_10_0-RC1, RELEASE_2_10_0, RELEASE_2_10-root, RELEASE_2_10-branch, BeforeUpdateToHeadOct82011 Branch point for: TASK-PEP317_pullop-branch Changes since 1.39: +5 -5 lines BUG#: 8470 TITLE: Inconsistency in checking the configuration property names and their values |
//%LICENSE//////////////////////////////////////////////////////////////// // // Licensed to The Open Group (TOG) under one or more contributor license // agreements. Refer to the OpenPegasusNOTICE.txt file distributed with // this work for additional information regarding copyright ownership. // Each contributor licenses this file to you under the OpenPegasus Open // Source License; you may not use this file except in compliance with the // License. // // Permission is hereby granted, free of charge, to any person obtaining a // copy of this software and associated documentation files (the "Software"), // to deal in the Software without restriction, including without limitation // the rights to use, copy, modify, merge, publish, distribute, sublicense, // and/or sell copies of the Software, and to permit persons to whom the // Software is furnished to do so, subject to the following conditions: // // The above copyright notice and this permission notice shall be included // in all copies or substantial portions of the Software. // // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS // OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. // IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY // CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, // TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE // SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. // ////////////////////////////////////////////////////////////////////////// // //%///////////////////////////////////////////////////////////////////////////// #include <Pegasus/Common/System.h> #include <Pegasus/Common/XmlWriter.h> #include <Pegasus/Common/Tracer.h> #include <Pegasus/Common/PegasusVersion.h> #include <Pegasus/Common/HTTPMessage.h> #include <Pegasus/Config/ConfigManager.h> #include "LocalAuthenticationHandler.h" #include "BasicAuthenticationHandler.h" #include "AuthenticationManager.h" #include <Pegasus/Common/AutoPtr.h> #ifdef PEGASUS_KERBEROS_AUTHENTICATION #include "KerberosAuthenticationHandler.h" #endif PEGASUS_USING_STD; PEGASUS_NAMESPACE_BEGIN // // Constructor // AuthenticationManager::AuthenticationManager() { PEG_METHOD_ENTER( TRC_AUTHENTICATION, "AuthenticationManager::AuthenticationManager()"); // // get authentication handlers // _localAuthHandler = _getLocalAuthHandler(); _httpAuthHandler = _getHttpAuthHandler(); PEG_METHOD_EXIT(); } // // Destructor // AuthenticationManager::~AuthenticationManager() { PEG_METHOD_ENTER( TRC_AUTHENTICATION, "AuthenticationManager::~AuthenticationManager()"); // // delete authentication handlers // delete _localAuthHandler; delete _httpAuthHandler; PEG_METHOD_EXIT(); } Boolean AuthenticationManager::isRemotePrivilegedUserAccessAllowed( String & userName) { // // Reject access if the user is privileged and remote privileged user // access is not enabled. // if (!ConfigManager::parseBooleanValue(ConfigManager::getInstance()-> getCurrentValue("enableRemotePrivilegedUserAccess")) && System::isPrivilegedUser(userName)) { Logger::put_l( Logger::STANDARD_LOG, System::CIMSERVER, Logger::INFORMATION, MessageLoaderParms( "Security.Authentication.BasicAuthenticationHandler." "PRIVILEGED_ACCESS_DISABLED", "Authentication failed for user '$0' because " "enableRemotePrivilegedUserAccess is not set to 'true'.", userName)); return false; } return true; } // // Perform http authentication // Boolean AuthenticationManager::performHttpAuthentication( const String& authHeader, AuthenticationInfo* authInfo) { PEG_METHOD_ENTER(TRC_AUTHENTICATION, "AuthenticationManager::performHttpAuthentication()"); String authType; String cookie; // // Parse the HTTP authentication header for authentication information // if ( !HTTPMessage::parseHttpAuthHeader(authHeader, authType, cookie) ) { PEG_TRACE(( TRC_DISCARDED_DATA, Tracer::LEVEL1, "HTTPAuthentication failed. " "Malformed HTTP authentication header: %s", (const char*)authHeader.getCString())); PEG_METHOD_EXIT(); return false; } Boolean authenticated = false; // // Check the authenticationinformation and do the authentication // if ( String::equalNoCase(authType, "Basic") && String::equal(_httpAuthType, "Basic") ) { authenticated = _httpAuthHandler->authenticate(cookie, authInfo); } #ifdef PEGASUS_KERBEROS_AUTHENTICATION else if ( String::equalNoCase(authType, "Negotiate") && String::equal(_httpAuthType, "Kerberos") ) { authenticated = _httpAuthHandler->authenticate(cookie, authInfo); } #endif // FUTURE: Add code to check for "Digest" when digest // authentication is implemented. if ( authenticated ) { authInfo->setAuthType(authType); } PEG_METHOD_EXIT(); return authenticated; } // // Perform pegasus sepcific local authentication // Boolean AuthenticationManager::performPegasusAuthentication( const String& authHeader, AuthenticationInfo* authInfo) { PEG_METHOD_ENTER(TRC_AUTHENTICATION, "AuthenticationManager::performPegasusAuthentication()"); Boolean authenticated = false; String authType; String userName; String cookie; // // Parse the pegasus authentication header authentication information // if ( !HTTPMessage::parseLocalAuthHeader(authHeader, authType, userName, cookie) ) { PEG_TRACE(( TRC_DISCARDED_DATA, Tracer::LEVEL1, "PegasusAuthentication failed. " "Malformed Pegasus authentication header: %s", (const char*)authHeader.getCString())); PEG_METHOD_EXIT(); return false; } // The HTTPAuthenticatorDelegator ensures only local authentication // requests get here. PEGASUS_ASSERT(authType == "Local"); authenticated = _localAuthHandler->authenticate(cookie, authInfo); if ( authenticated ) { authInfo->setAuthType(authType); } PEG_METHOD_EXIT(); return authenticated; } // // Validate user. // Boolean AuthenticationManager::validateUserForHttpAuth (const String& userName) { return _httpAuthHandler->validateUser(userName); } // // Get pegasus/local authentication response header // String AuthenticationManager::getPegasusAuthResponseHeader( const String& authHeader, AuthenticationInfo* authInfo) { PEG_METHOD_ENTER(TRC_AUTHENTICATION, "AuthenticationManager::getPegasusAuthResponseHeader()"); String respHeader; String authType; String userName; String cookie; // // Parse the pegasus authentication header authentication information // if ( !HTTPMessage::parseLocalAuthHeader(authHeader, authType, userName, cookie) ) { PEG_METHOD_EXIT(); return respHeader; } // // User name can not be empty // if (String::equal(userName, String::EMPTY)) { PEG_METHOD_EXIT(); return respHeader; } respHeader = _localAuthHandler->getAuthResponseHeader(authType, userName, authInfo); PEG_METHOD_EXIT(); return respHeader; } // // Get HTTP authentication response header // #ifdef PEGASUS_KERBEROS_AUTHENTICATION String AuthenticationManager::getHttpAuthResponseHeader( AuthenticationInfo* authInfo) #else String AuthenticationManager::getHttpAuthResponseHeader() #endif { PEG_METHOD_ENTER(TRC_AUTHENTICATION, "AuthenticationManager::getHttpAuthResponseHeader()"); #ifdef PEGASUS_KERBEROS_AUTHENTICATION String respHeader = _httpAuthHandler->getAuthResponseHeader( String::EMPTY, String::EMPTY, authInfo); #else String respHeader = _httpAuthHandler->getAuthResponseHeader(); #endif PEG_METHOD_EXIT(); return respHeader; } // // Get local authentication handler // Authenticator* AuthenticationManager::_getLocalAuthHandler() { PEG_METHOD_ENTER( TRC_AUTHENTICATION, "AuthenticationManager::_getLocalAuthHandler()"); PEG_METHOD_EXIT(); // // create and return a local authentication handler. // return new LocalAuthenticationHandler(); } // // Get Http authentication handler // Authenticator* AuthenticationManager::_getHttpAuthHandler() { PEG_METHOD_ENTER( TRC_AUTHENTICATION, "AuthenticationManager::_getHttpAuthHandler()"); AutoPtr<Authenticator> handler; // // get the configured authentication type // AutoPtr<ConfigManager> configManager(ConfigManager::getInstance()); _httpAuthType = configManager->getCurrentValue("httpAuthType"); configManager.release(); // // create a authentication handler. // if ( String::equal(_httpAuthType, "Basic") ) { handler.reset((Authenticator* ) new BasicAuthenticationHandler( )); } #ifdef PEGASUS_KERBEROS_AUTHENTICATION else if ( String::equal(_httpAuthType, "Kerberos") ) { handler.reset((Authenticator*) new KerberosAuthenticationHandler()); AutoPtr<KerberosAuthenticationHandler> kerberosHandler( (KerberosAuthenticationHandler *)handler.get()); int itFailed = kerberosHandler->initialize(); kerberosHandler.release(); if (itFailed) { if (handler.get()) { handler.reset(0); } MessageLoaderParms parms( "Security.Authentication.AuthenticationManager." "AUTHENTICATION_HANDLER_KERBEROS_FAILED_TO_INITIALIZE", "CIMOM server authentication handler for Kerberos failed to " "initialize properly."); Logger::put_l(Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE, parms); throw Exception(parms); } } #endif // FUTURE: uncomment these line when Digest authentication // is implemented. // //else if (String::equal(_httpAuthType, "Digest")) //{ // handler = (Authenticator* ) new DigestAuthenticationHandler( ); //} else { // // This should never happen. Gets here only if Security Config // property owner has not validated the configured http auth type. // PEGASUS_ASSERT(0); } PEG_METHOD_EXIT(); return handler.release(); } PEGASUS_NAMESPACE_END
No CVS admin address has been configured |
Powered by ViewCVS 0.9.2 |