|
version 1.3, 2002/01/24 19:10:32
|
version 1.19.2.1, 2007/03/23 21:53:54
|
|
|
|
| //%///////////////////////////////////////////////////////////////////////////// |
//%2006//////////////////////////////////////////////////////////////////////// |
| // |
|
| // Copyright (c) 2000, 2001 BMC Software, Hewlett-Packard Company, IBM, |
|
| // The Open Group, Tivoli Systems |
|
| // | // |
| // Permission is hereby granted, free of charge, to any person obtaining a |
// Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development |
| // copy of this software and associated documentation files (the "Software"), |
// Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems. |
| // to deal in the Software without restriction, including without limitation |
// Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.; |
| // the rights to use, copy, modify, merge, publish, distribute, sublicense, |
// IBM Corp.; EMC Corporation, The Open Group. |
| // and/or sell copies of the Software, and to permit persons to whom the |
// Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.; |
| // Software is furnished to do so, subject to the following conditions: |
// IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group. |
| // |
// Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.; |
| // The above copyright notice and this permission notice shall be included in |
// EMC Corporation; VERITAS Software Corporation; The Open Group. |
| // all copies of substantial portions of this software. |
// Copyright (c) 2006 Hewlett-Packard Development Company, L.P.; IBM Corp.; |
| // |
// EMC Corporation; Symantec Corporation; The Open Group. |
| // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
// |
| // IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
// Permission is hereby granted, free of charge, to any person obtaining a copy |
| // FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL |
// of this software and associated documentation files (the "Software"), to |
| // THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
// deal in the Software without restriction, including without limitation the |
| // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING |
// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or |
| // FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER |
// sell copies of the Software, and to permit persons to whom the Software is |
| // DEALINGS IN THE SOFTWARE. |
// furnished to do so, subject to the following conditions: |
| |
// |
| |
// THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN |
| |
// ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED |
| |
// "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT |
| |
// LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR |
| |
// PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT |
| |
// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN |
| |
// ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION |
| |
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
| // | // |
| //============================================================================== | //============================================================================== |
| // | // |
| // Author: Nag Boranna, Hewlett-Packard Company(nagaraja_boranna@hp.com) |
|
| // |
|
| // Modified By: |
|
| // |
|
| //%///////////////////////////////////////////////////////////////////////////// | //%///////////////////////////////////////////////////////////////////////////// |
| | |
| |
#include <Pegasus/Common/AuditLogger.h> |
| #include <Pegasus/Common/Logger.h> | #include <Pegasus/Common/Logger.h> |
| #include <Pegasus/Common/Tracer.h> | #include <Pegasus/Common/Tracer.h> |
| #include <Pegasus/Security/Authentication/SecureLocalAuthenticator.h> |
#include <Pegasus/Common/SessionKey.h> |
| |
|
| |
#include "SecureLocalAuthenticator.h" |
| #include "LocalAuthenticationHandler.h" | #include "LocalAuthenticationHandler.h" |
| | |
| |
#ifdef PEGASUS_ZOS_SECURITY |
| |
// This include file will not be provided in the OpenGroup CVS for now. |
| |
// Do NOT try to include it in your compile |
| |
#include <Pegasus/Common/safCheckzOS_inline.h> |
| |
#endif |
| |
|
| PEGASUS_USING_STD; | PEGASUS_USING_STD; |
| | |
| PEGASUS_NAMESPACE_BEGIN | PEGASUS_NAMESPACE_BEGIN |
|
|
|
| | |
| LocalAuthenticationHandler::LocalAuthenticationHandler() | LocalAuthenticationHandler::LocalAuthenticationHandler() |
| { | { |
| const char METHOD_NAME[] = |
PEG_METHOD_ENTER(TRC_AUTHENTICATION, |
| "LocalAuthenticationHandler::LocalAuthenticationHandler()"; |
"LocalAuthenticationHandler::LocalAuthenticationHandler()"); |
| |
|
| PEG_FUNC_ENTER(TRC_AUTHENTICATION, METHOD_NAME); |
|
| | |
| // ATTN: Load the local authentication module here |
_localAuthenticator.reset((LocalAuthenticator*) new SecureLocalAuthenticator()); |
| | |
| _localAuthenticator = (LocalAuthenticator*) new SecureLocalAuthenticator(); |
PEG_METHOD_EXIT(); |
| |
|
| PEG_FUNC_EXIT(TRC_AUTHENTICATION, METHOD_NAME); |
|
| } | } |
| | |
| LocalAuthenticationHandler::~LocalAuthenticationHandler() | LocalAuthenticationHandler::~LocalAuthenticationHandler() |
| { | { |
| const char METHOD_NAME[] = |
PEG_METHOD_ENTER(TRC_AUTHENTICATION, |
| "LocalAuthenticationHandler::~LocalAuthenticationHandler()"; |
"LocalAuthenticationHandler::~LocalAuthenticationHandler()"); |
| |
|
| PEG_FUNC_ENTER(TRC_AUTHENTICATION, METHOD_NAME); |
|
| | |
| PEG_FUNC_EXIT(TRC_AUTHENTICATION, METHOD_NAME); |
PEG_METHOD_EXIT(); |
| |
|
| delete _localAuthenticator; |
|
| } | } |
| | |
| Boolean LocalAuthenticationHandler::authenticate( | Boolean LocalAuthenticationHandler::authenticate( |
| const String& authHeader, | const String& authHeader, |
| AuthenticationInfo* authInfo) | AuthenticationInfo* authInfo) |
| { | { |
| const char METHOD_NAME[] = |
PEG_METHOD_ENTER(TRC_AUTHENTICATION, |
| "LocalAuthenticationHandler::authenticate()"; |
"LocalAuthenticationHandler::authenticate()"); |
| |
|
| PEG_FUNC_ENTER(TRC_AUTHENTICATION, METHOD_NAME); |
|
| |
|
| Boolean authenticated = false; |
|
| | |
| // Look for ':' seperator | // Look for ':' seperator |
| Uint32 colon1 = authHeader.find(':'); | Uint32 colon1 = authHeader.find(':'); |
| | |
| if ( colon1 == PEG_NOT_FOUND ) | if ( colon1 == PEG_NOT_FOUND ) |
| { | { |
| PEG_FUNC_EXIT(TRC_AUTHENTICATION, METHOD_NAME); |
PEG_METHOD_EXIT(); |
| return ( authenticated ); |
return false; |
| } | } |
| | |
| String userName = authHeader.subString(0, colon1); | String userName = authHeader.subString(0, colon1); |
|
|
|
| // Look for another ':' seperator | // Look for another ':' seperator |
| Uint32 colon2 = authHeader.find(colon1 + 1, ':'); | Uint32 colon2 = authHeader.find(colon1 + 1, ':'); |
| | |
| if ( colon1 == PEG_NOT_FOUND ) |
String filePath; |
| |
|
| |
String secretReceived; |
| |
|
| |
if ( colon2 == PEG_NOT_FOUND ) |
| { | { |
| PEG_FUNC_EXIT(TRC_AUTHENTICATION, METHOD_NAME); |
filePath = String::EMPTY; |
| return ( authenticated ); |
|
| |
secretReceived = authHeader.subString( colon1 + 1 ); |
| } | } |
| |
else |
| |
{ |
| |
filePath = authHeader.subString( colon1 + 1, (colon2 - colon1 - 1) ); |
| | |
| String filePath = authHeader.subString( colon1 + 1, (colon2 - colon1 - 1) ); |
secretReceived = authHeader.subString( colon2 + 1 ); |
| |
} |
| | |
| String secretReceived = authHeader.subString( colon2 + 1 ); |
// |
| |
// Check if the authentication information is present |
| |
// |
| |
if (secretReceived.size() == 0 || userName.size() == 0) |
| |
{ |
| |
PEG_METHOD_EXIT(); |
| |
return false; |
| |
} |
| | |
| authenticated = _localAuthenticator->authenticate(filePath, |
String authenticatedUsername = authInfo->getAuthenticatedUser(); |
| secretReceived, authInfo->getAuthChallenge()); |
|
| | |
| if (authenticated) |
// |
| |
// If this connection has been previously authenticated then ensure |
| |
// the username passed with the current request matches the |
| |
// username previously authenticated. |
| |
// |
| |
if (authenticatedUsername.size() != 0 && |
| |
userName != authenticatedUsername) |
| { | { |
| authInfo->setAuthenticatedUser(userName); |
PEG_METHOD_EXIT(); |
| |
return false; |
| } | } |
| | |
| PEG_FUNC_EXIT(TRC_AUTHENTICATION, METHOD_NAME); |
// |
| |
// Check if the user is a valid system user |
| |
// |
| |
if ( !System::isSystemUser( userName.getCString() ) ) |
| |
{ |
| |
PEG_METHOD_EXIT(); |
| |
return false; |
| |
} |
| | |
| return ( authenticated ); |
// Check if the user is authorized to CIMSERV |
| |
#ifdef PEGASUS_ZOS_SECURITY |
| |
if ( !CheckProfileCIMSERVclassWBEM(userName, __READ_RESOURCE) ) |
| |
{ |
| |
Logger::put_l(Logger::TRACE_LOG, ZOS_SECURITY_NAME, Logger::WARNING, |
| |
"Security.Authentication.LocalAuthenticationHandler" |
| |
".NOREAD_CIMSERV_ACCESS.PEGASUS_OS_ZOS", |
| |
"Request UserID $0 doesn't have READ permission to profile CIMSERV CL(WBEM).", |
| |
userName); |
| |
return false; |
| } | } |
| |
#endif |
| | |
| String LocalAuthenticationHandler::getAuthResponseHeader( |
// it is not necessary to check remote privileged user access local |
| const String& authHeader, |
// set the flag to "check done" |
| AuthenticationInfo* authInfo) |
authInfo->setRemotePrivilegedUserAccessChecked(); |
| |
|
| |
SessionKey sessionKey; |
| |
|
| |
Boolean authenticated = _localAuthenticator->authenticate(filePath, |
| |
secretReceived, authInfo->getLocalAuthSecret(), sessionKey); |
| |
|
| |
PEG_AUDIT_LOG(logLocalAuthentication( |
| |
userName, |
| |
authenticated)); |
| |
|
| |
if (authenticated) |
| { | { |
| const char METHOD_NAME[] = |
authInfo->setAuthenticatedUser(userName); |
| "LocalAuthenticationHandler::getAuthResponseHeader()"; |
authInfo->setSessionKey(sessionKey); |
| |
} |
| | |
| PEG_FUNC_ENTER(TRC_AUTHENTICATION, METHOD_NAME); |
PEG_METHOD_EXIT(); |
| | |
| PEG_FUNC_EXIT(TRC_AUTHENTICATION, METHOD_NAME); |
return ( authenticated ); |
| |
} |
| | |
| // |
Boolean LocalAuthenticationHandler::validateUser(const String& userName) |
| // No Implementation required in LocalAuthenticationHandler |
{ |
| // |
return _localAuthenticator->validateUser(userName); |
| return(String("")); |
|
| } | } |
| | |
| String LocalAuthenticationHandler::getAuthResponseHeader( | String LocalAuthenticationHandler::getAuthResponseHeader( |
|
|
|
| const String& userName, | const String& userName, |
| AuthenticationInfo* authInfo) | AuthenticationInfo* authInfo) |
| { | { |
| const char METHOD_NAME[] = |
PEG_METHOD_ENTER(TRC_AUTHENTICATION, |
| "LocalAuthenticationHandler::getAuthResponseHeader()"; |
"LocalAuthenticationHandler::getAuthResponseHeader()"); |
| | |
| PEG_FUNC_ENTER(TRC_AUTHENTICATION, METHOD_NAME); |
String secret; |
| |
String authResp; |
| | |
| String challenge; |
// |
| |
// Check if the user is a valid system user |
| |
// |
| |
if ( !System::isSystemUser( userName.getCString() ) ) |
| |
{ |
| |
PEG_METHOD_EXIT(); |
| |
return ( authResp ); |
| |
} |
| | |
| String authResp = |
authResp = _localAuthenticator->getAuthResponseHeader(authType, userName, secret); |
| _localAuthenticator->getAuthResponseHeader(authType, userName, challenge); |
|
| | |
| authInfo->setAuthChallenge(challenge); |
authInfo->setLocalAuthSecret(secret); |
| | |
| PEG_FUNC_EXIT(TRC_AUTHENTICATION, METHOD_NAME); |
PEG_METHOD_EXIT(); |
| | |
| return(authResp); | return(authResp); |
| } | } |
Return to
LocalAuthenticationHandler.cpp
CVS log
Up to [Pegasus] / pegasus / src / Pegasus / Security / Authentication