(file) Return to LocalAuthenticationHandler.cpp CVS log (file) (dir) Up to [Pegasus] / pegasus / src / Pegasus / Security / Authentication

Diff for /pegasus/src/Pegasus/Security/Authentication/LocalAuthenticationHandler.cpp between version 1.19.2.1 and 1.23

version 1.19.2.1, 2007/03/23 21:53:54 version 1.23, 2007/06/29 17:43:15
Line 34 
Line 34 
 #include <Pegasus/Common/AuditLogger.h> #include <Pegasus/Common/AuditLogger.h>
 #include <Pegasus/Common/Logger.h> #include <Pegasus/Common/Logger.h>
 #include <Pegasus/Common/Tracer.h> #include <Pegasus/Common/Tracer.h>
 #include <Pegasus/Common/SessionKey.h>  
  
 #include "SecureLocalAuthenticator.h" #include "SecureLocalAuthenticator.h"
 #include "LocalAuthenticationHandler.h" #include "LocalAuthenticationHandler.h"
Line 55 
Line 54 
     PEG_METHOD_ENTER(TRC_AUTHENTICATION,     PEG_METHOD_ENTER(TRC_AUTHENTICATION,
        "LocalAuthenticationHandler::LocalAuthenticationHandler()");        "LocalAuthenticationHandler::LocalAuthenticationHandler()");
  
     _localAuthenticator.reset((LocalAuthenticator*) new SecureLocalAuthenticator());      _localAuthenticator.reset(
           (LocalAuthenticator*) new SecureLocalAuthenticator());
  
     PEG_METHOD_EXIT();     PEG_METHOD_EXIT();
 } }
Line 107 
Line 107 
     }     }
  
     //     //
       // Check for the expected file path in the authentication header
       //
       if (filePath != authInfo->getLocalAuthFilePath())
       {
           PEG_METHOD_EXIT();
           return false;
       }
   
       //
     // Check if the authentication information is present     // Check if the authentication information is present
     //     //
     if (secretReceived.size() == 0 || userName.size() == 0)     if (secretReceived.size() == 0 || userName.size() == 0)
Line 142 
Line 151 
 #ifdef PEGASUS_ZOS_SECURITY #ifdef PEGASUS_ZOS_SECURITY
     if ( !CheckProfileCIMSERVclassWBEM(userName, __READ_RESOURCE) )     if ( !CheckProfileCIMSERVclassWBEM(userName, __READ_RESOURCE) )
     {     {
         Logger::put_l(Logger::TRACE_LOG, ZOS_SECURITY_NAME, Logger::WARNING,          Logger::put_l(Logger::STANDARD_LOG, ZOS_SECURITY_NAME, Logger::WARNING,
             "Security.Authentication.LocalAuthenticationHandler"              "Security.Authentication.LocalAuthenticationHandler."
             ".NOREAD_CIMSERV_ACCESS.PEGASUS_OS_ZOS",                  "NOREAD_CIMSERV_ACCESS.PEGASUS_OS_ZOS",
             "Request UserID $0 doesn't have READ permission to profile CIMSERV CL(WBEM).",              "Request UserID $0 doesn't have READ permission "
                   "to profile CIMSERV CL(WBEM).",
             userName);             userName);
         return false;         return false;
     }     }
 #endif #endif
  
     // it is not necessary to check remote privileged user access local      // It is not necessary to check remote privileged user access for local
     // set the flag to "check done"      // connections; set the flag to "check done"
     authInfo->setRemotePrivilegedUserAccessChecked();     authInfo->setRemotePrivilegedUserAccessChecked();
  
     SessionKey sessionKey;      // Authenticate
       Boolean authenticated = _localAuthenticator->authenticate(
     Boolean authenticated = _localAuthenticator->authenticate(filePath,          filePath, secretReceived, authInfo->getLocalAuthSecret());
         secretReceived, authInfo->getLocalAuthSecret(), sessionKey);  
   
     PEG_AUDIT_LOG(logLocalAuthentication(  
                      userName,  
                      authenticated));  
  
     if (authenticated)     if (authenticated)
     {     {
         authInfo->setAuthenticatedUser(userName);         authInfo->setAuthenticatedUser(userName);
         authInfo->setSessionKey(sessionKey);          // For Privilege Separation, remember the secret on subsequent requests
           authInfo->setLocalAuthSecret(secretReceived);
     }     }
       else
       {
           // log a failed authentication
           Logger::put_l(Logger::STANDARD_LOG,
                         System::CIMSERVER,
                         Logger::INFORMATION,
                         "Security.Authentication.LocalAuthenticationHandler."
                             "LOCAL_AUTHENTICATION_FAILED",
                         "Local Authentication failed for user $0.",
                         userName);
       }
   
       PEG_AUDIT_LOG(logLocalAuthentication(userName, authenticated));
  
     PEG_METHOD_EXIT();     PEG_METHOD_EXIT();
  
     return ( authenticated );      return authenticated;
 } }
  
 Boolean LocalAuthenticationHandler::validateUser(const String& userName) Boolean LocalAuthenticationHandler::validateUser(const String& userName)
Line 189 
Line 208 
         "LocalAuthenticationHandler::getAuthResponseHeader()");         "LocalAuthenticationHandler::getAuthResponseHeader()");
  
     String secret;     String secret;
       String filePath;
     String authResp;     String authResp;
  
     //     //
Line 197 
Line 217 
     if ( !System::isSystemUser( userName.getCString() ) )     if ( !System::isSystemUser( userName.getCString() ) )
     {     {
         PEG_METHOD_EXIT();         PEG_METHOD_EXIT();
         return ( authResp );          return authResp;
     }     }
  
     authResp = _localAuthenticator->getAuthResponseHeader(authType, userName, secret);      authResp = _localAuthenticator->getAuthResponseHeader(
           authType, userName, filePath, secret);
  
       authInfo->setLocalAuthFilePath(filePath);
     authInfo->setLocalAuthSecret(secret);     authInfo->setLocalAuthSecret(secret);
  
     PEG_METHOD_EXIT();     PEG_METHOD_EXIT();
  
     return ( authResp );      return authResp;
 } }
  
 PEGASUS_NAMESPACE_END PEGASUS_NAMESPACE_END

Legend:
Removed from v.1.19.2.1  
changed lines
  Added in v.1.23
No CVS admin address has been configured
 Powered by
ViewCVS 0.9.2