version 1.19.2.1, 2007/03/23 21:53:54
|
version 1.23, 2007/06/29 17:43:15
|
|
|
#include <Pegasus/Common/AuditLogger.h> | #include <Pegasus/Common/AuditLogger.h> |
#include <Pegasus/Common/Logger.h> | #include <Pegasus/Common/Logger.h> |
#include <Pegasus/Common/Tracer.h> | #include <Pegasus/Common/Tracer.h> |
#include <Pegasus/Common/SessionKey.h> |
|
| |
#include "SecureLocalAuthenticator.h" | #include "SecureLocalAuthenticator.h" |
#include "LocalAuthenticationHandler.h" | #include "LocalAuthenticationHandler.h" |
|
|
PEG_METHOD_ENTER(TRC_AUTHENTICATION, | PEG_METHOD_ENTER(TRC_AUTHENTICATION, |
"LocalAuthenticationHandler::LocalAuthenticationHandler()"); | "LocalAuthenticationHandler::LocalAuthenticationHandler()"); |
| |
_localAuthenticator.reset((LocalAuthenticator*) new SecureLocalAuthenticator()); |
_localAuthenticator.reset( |
|
(LocalAuthenticator*) new SecureLocalAuthenticator()); |
| |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
} | } |
|
|
} | } |
| |
// | // |
|
// Check for the expected file path in the authentication header |
|
// |
|
if (filePath != authInfo->getLocalAuthFilePath()) |
|
{ |
|
PEG_METHOD_EXIT(); |
|
return false; |
|
} |
|
|
|
// |
// Check if the authentication information is present | // Check if the authentication information is present |
// | // |
if (secretReceived.size() == 0 || userName.size() == 0) | if (secretReceived.size() == 0 || userName.size() == 0) |
|
|
#ifdef PEGASUS_ZOS_SECURITY | #ifdef PEGASUS_ZOS_SECURITY |
if ( !CheckProfileCIMSERVclassWBEM(userName, __READ_RESOURCE) ) | if ( !CheckProfileCIMSERVclassWBEM(userName, __READ_RESOURCE) ) |
{ | { |
Logger::put_l(Logger::TRACE_LOG, ZOS_SECURITY_NAME, Logger::WARNING, |
Logger::put_l(Logger::STANDARD_LOG, ZOS_SECURITY_NAME, Logger::WARNING, |
"Security.Authentication.LocalAuthenticationHandler" |
"Security.Authentication.LocalAuthenticationHandler." |
".NOREAD_CIMSERV_ACCESS.PEGASUS_OS_ZOS", |
"NOREAD_CIMSERV_ACCESS.PEGASUS_OS_ZOS", |
"Request UserID $0 doesn't have READ permission to profile CIMSERV CL(WBEM).", |
"Request UserID $0 doesn't have READ permission " |
|
"to profile CIMSERV CL(WBEM).", |
userName); | userName); |
return false; | return false; |
} | } |
#endif | #endif |
| |
// it is not necessary to check remote privileged user access local |
// It is not necessary to check remote privileged user access for local |
// set the flag to "check done" |
// connections; set the flag to "check done" |
authInfo->setRemotePrivilegedUserAccessChecked(); | authInfo->setRemotePrivilegedUserAccessChecked(); |
| |
SessionKey sessionKey; |
// Authenticate |
|
Boolean authenticated = _localAuthenticator->authenticate( |
Boolean authenticated = _localAuthenticator->authenticate(filePath, |
filePath, secretReceived, authInfo->getLocalAuthSecret()); |
secretReceived, authInfo->getLocalAuthSecret(), sessionKey); |
|
|
|
PEG_AUDIT_LOG(logLocalAuthentication( |
|
userName, |
|
authenticated)); |
|
| |
if (authenticated) | if (authenticated) |
{ | { |
authInfo->setAuthenticatedUser(userName); | authInfo->setAuthenticatedUser(userName); |
authInfo->setSessionKey(sessionKey); |
// For Privilege Separation, remember the secret on subsequent requests |
|
authInfo->setLocalAuthSecret(secretReceived); |
} | } |
|
else |
|
{ |
|
// log a failed authentication |
|
Logger::put_l(Logger::STANDARD_LOG, |
|
System::CIMSERVER, |
|
Logger::INFORMATION, |
|
"Security.Authentication.LocalAuthenticationHandler." |
|
"LOCAL_AUTHENTICATION_FAILED", |
|
"Local Authentication failed for user $0.", |
|
userName); |
|
} |
|
|
|
PEG_AUDIT_LOG(logLocalAuthentication(userName, authenticated)); |
| |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| |
return ( authenticated ); |
return authenticated; |
} | } |
| |
Boolean LocalAuthenticationHandler::validateUser(const String& userName) | Boolean LocalAuthenticationHandler::validateUser(const String& userName) |
|
|
"LocalAuthenticationHandler::getAuthResponseHeader()"); | "LocalAuthenticationHandler::getAuthResponseHeader()"); |
| |
String secret; | String secret; |
|
String filePath; |
String authResp; | String authResp; |
| |
// | // |
|
|
if ( !System::isSystemUser( userName.getCString() ) ) | if ( !System::isSystemUser( userName.getCString() ) ) |
{ | { |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
return ( authResp ); |
return authResp; |
} | } |
| |
authResp = _localAuthenticator->getAuthResponseHeader(authType, userName, secret); |
authResp = _localAuthenticator->getAuthResponseHeader( |
|
authType, userName, filePath, secret); |
| |
|
authInfo->setLocalAuthFilePath(filePath); |
authInfo->setLocalAuthSecret(secret); | authInfo->setLocalAuthSecret(secret); |
| |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| |
return ( authResp ); |
return authResp; |
} | } |
| |
PEGASUS_NAMESPACE_END | PEGASUS_NAMESPACE_END |