version 1.17.4.3, 2007/06/11 09:20:14
|
version 1.18, 2007/03/02 19:00:44
|
|
|
PEG_METHOD_ENTER(TRC_AUTHENTICATION, | PEG_METHOD_ENTER(TRC_AUTHENTICATION, |
"LocalAuthenticationHandler::authenticate()"); | "LocalAuthenticationHandler::authenticate()"); |
| |
|
Boolean authenticated = false; |
|
|
// Look for ':' seperator | // Look for ':' seperator |
Uint32 colon1 = authHeader.find(':'); | Uint32 colon1 = authHeader.find(':'); |
| |
if ( colon1 == PEG_NOT_FOUND ) | if ( colon1 == PEG_NOT_FOUND ) |
{ | { |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
return false; |
return ( authenticated ); |
} | } |
| |
String userName = authHeader.subString(0, colon1); | String userName = authHeader.subString(0, colon1); |
|
|
} | } |
| |
// | // |
// Check if the authentication information is present |
|
// |
|
if (secretReceived.size() == 0 || userName.size() == 0) |
|
{ |
|
PEG_METHOD_EXIT(); |
|
return false; |
|
} |
|
|
|
String authenticatedUsername = authInfo->getAuthenticatedUser(); |
|
|
|
// |
|
// If this connection has been previously authenticated then ensure |
|
// the username passed with the current request matches the |
|
// username previously authenticated. |
|
// |
|
if (authenticatedUsername.size() != 0 && |
|
userName != authenticatedUsername) |
|
{ |
|
PEG_METHOD_EXIT(); |
|
return false; |
|
} |
|
|
|
// |
|
// Check if the user is a valid system user | // Check if the user is a valid system user |
// | // |
if ( !System::isSystemUser( userName.getCString() ) ) | if ( !System::isSystemUser( userName.getCString() ) ) |
{ | { |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
return false; |
return (authenticated); |
} | } |
| |
// Check if the user is authorized to CIMSERV | // Check if the user is authorized to CIMSERV |
#ifdef PEGASUS_ZOS_SECURITY | #ifdef PEGASUS_ZOS_SECURITY |
if ( !CheckProfileCIMSERVclassWBEM(userName, __READ_RESOURCE) ) | if ( !CheckProfileCIMSERVclassWBEM(userName, __READ_RESOURCE) ) |
{ | { |
Logger::put_l(Logger::STANDARD_LOG, ZOS_SECURITY_NAME, Logger::WARNING, |
Logger::put_l(Logger::TRACE_LOG, ZOS_SECURITY_NAME, Logger::WARNING, |
"Security.Authentication.LocalAuthenticationHandler" | "Security.Authentication.LocalAuthenticationHandler" |
".NOREAD_CIMSERV_ACCESS.PEGASUS_OS_ZOS", | ".NOREAD_CIMSERV_ACCESS.PEGASUS_OS_ZOS", |
"Request UserID $0 doesn't have READ permission" |
"Request UserID $0 doesn't have READ permission to profile CIMSERV CL(WBEM).", |
" to profile CIMSERV CL(WBEM).", |
|
userName); | userName); |
return false; |
return (authenticated); |
} | } |
#endif | #endif |
| |
|
|
// set the flag to "check done" | // set the flag to "check done" |
authInfo->setRemotePrivilegedUserAccessChecked(); | authInfo->setRemotePrivilegedUserAccessChecked(); |
| |
Boolean authenticated = _localAuthenticator->authenticate(filePath, |
authenticated = _localAuthenticator->authenticate(filePath, |
secretReceived, authInfo->getAuthChallenge()); |
secretReceived, authInfo->getLocalAuthSecret()); |
| |
PEG_AUDIT_LOG(logLocalAuthentication( | PEG_AUDIT_LOG(logLocalAuthentication( |
userName, | userName, |
|
|
{ | { |
authInfo->setAuthenticatedUser(userName); | authInfo->setAuthenticatedUser(userName); |
} | } |
else |
|
{ |
|
// log a failed authentication |
|
Logger::put_l(Logger::STANDARD_LOG, |
|
System::CIMSERVER, |
|
Logger::INFORMATION, |
|
"Security.Authentication.LocalAuthenticationHandler." |
|
"LOCAL_AUTHENTICATION_FAILED", |
|
"Local Authentication failed for user $0.", |
|
userName); |
|
} |
|
| |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| |
|
|
PEG_METHOD_ENTER(TRC_AUTHENTICATION, | PEG_METHOD_ENTER(TRC_AUTHENTICATION, |
"LocalAuthenticationHandler::getAuthResponseHeader()"); | "LocalAuthenticationHandler::getAuthResponseHeader()"); |
| |
String challenge = String::EMPTY; |
String secret; |
String authResp = String::EMPTY; |
String authResp; |
| |
// | // |
// Check if the user is a valid system user | // Check if the user is a valid system user |
|
|
return ( authResp ); | return ( authResp ); |
} | } |
| |
authResp = _localAuthenticator->getAuthResponseHeader(authType, userName, challenge); |
authResp = _localAuthenticator->getAuthResponseHeader(authType, userName, secret); |
| |
authInfo->setAuthChallenge(challenge); |
authInfo->setLocalAuthSecret(secret); |
| |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| |