version 1.7, 2002/06/01 00:57:25
|
version 1.19.2.1, 2007/03/23 21:53:54
|
|
|
//%///////////////////////////////////////////////////////////////////////////// |
//%2006//////////////////////////////////////////////////////////////////////// |
// | // |
// Copyright (c) 2000, 2001, 2002 BMC Software, Hewlett-Packard Company, IBM, |
// Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development |
// The Open Group, Tivoli Systems |
// Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems. |
|
// Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.; |
|
// IBM Corp.; EMC Corporation, The Open Group. |
|
// Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.; |
|
// IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group. |
|
// Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.; |
|
// EMC Corporation; VERITAS Software Corporation; The Open Group. |
|
// Copyright (c) 2006 Hewlett-Packard Development Company, L.P.; IBM Corp.; |
|
// EMC Corporation; Symantec Corporation; The Open Group. |
// | // |
// Permission is hereby granted, free of charge, to any person obtaining a copy | // Permission is hereby granted, free of charge, to any person obtaining a copy |
// of this software and associated documentation files (the "Software"), to | // of this software and associated documentation files (the "Software"), to |
|
|
// | // |
//============================================================================== | //============================================================================== |
// | // |
// Author: Nag Boranna, Hewlett-Packard Company(nagaraja_boranna@hp.com) |
|
// |
|
// Modified By: |
|
// |
|
//%///////////////////////////////////////////////////////////////////////////// | //%///////////////////////////////////////////////////////////////////////////// |
| |
|
#include <Pegasus/Common/AuditLogger.h> |
#include <Pegasus/Common/Logger.h> | #include <Pegasus/Common/Logger.h> |
#include <Pegasus/Common/Tracer.h> | #include <Pegasus/Common/Tracer.h> |
#include <Pegasus/Common/Destroyer.h> |
#include <Pegasus/Common/SessionKey.h> |
| |
#include "SecureLocalAuthenticator.h" | #include "SecureLocalAuthenticator.h" |
#include "LocalAuthenticationHandler.h" | #include "LocalAuthenticationHandler.h" |
| |
|
#ifdef PEGASUS_ZOS_SECURITY |
|
// This include file will not be provided in the OpenGroup CVS for now. |
|
// Do NOT try to include it in your compile |
|
#include <Pegasus/Common/safCheckzOS_inline.h> |
|
#endif |
| |
PEGASUS_USING_STD; | PEGASUS_USING_STD; |
| |
|
|
PEG_METHOD_ENTER(TRC_AUTHENTICATION, | PEG_METHOD_ENTER(TRC_AUTHENTICATION, |
"LocalAuthenticationHandler::LocalAuthenticationHandler()"); | "LocalAuthenticationHandler::LocalAuthenticationHandler()"); |
| |
_localAuthenticator = (LocalAuthenticator*) new SecureLocalAuthenticator(); |
_localAuthenticator.reset((LocalAuthenticator*) new SecureLocalAuthenticator()); |
| |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
} | } |
|
|
PEG_METHOD_ENTER(TRC_AUTHENTICATION, | PEG_METHOD_ENTER(TRC_AUTHENTICATION, |
"LocalAuthenticationHandler::~LocalAuthenticationHandler()"); | "LocalAuthenticationHandler::~LocalAuthenticationHandler()"); |
| |
delete _localAuthenticator; |
|
|
|
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
} | } |
| |
|
|
PEG_METHOD_ENTER(TRC_AUTHENTICATION, | PEG_METHOD_ENTER(TRC_AUTHENTICATION, |
"LocalAuthenticationHandler::authenticate()"); | "LocalAuthenticationHandler::authenticate()"); |
| |
Boolean authenticated = false; |
|
|
|
// Look for ':' seperator | // Look for ':' seperator |
Uint32 colon1 = authHeader.find(':'); | Uint32 colon1 = authHeader.find(':'); |
| |
if ( colon1 == PEG_NOT_FOUND ) | if ( colon1 == PEG_NOT_FOUND ) |
{ | { |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
return ( authenticated ); |
return false; |
} | } |
| |
String userName = authHeader.subString(0, colon1); | String userName = authHeader.subString(0, colon1); |
|
|
} | } |
| |
// | // |
|
// Check if the authentication information is present |
|
// |
|
if (secretReceived.size() == 0 || userName.size() == 0) |
|
{ |
|
PEG_METHOD_EXIT(); |
|
return false; |
|
} |
|
|
|
String authenticatedUsername = authInfo->getAuthenticatedUser(); |
|
|
|
// |
|
// If this connection has been previously authenticated then ensure |
|
// the username passed with the current request matches the |
|
// username previously authenticated. |
|
// |
|
if (authenticatedUsername.size() != 0 && |
|
userName != authenticatedUsername) |
|
{ |
|
PEG_METHOD_EXIT(); |
|
return false; |
|
} |
|
|
|
// |
// Check if the user is a valid system user | // Check if the user is a valid system user |
// | // |
ArrayDestroyer<char> un(userName.allocateCString()); |
if ( !System::isSystemUser( userName.getCString() ) ) |
if ( !System::isSystemUser( un.getPointer() ) ) |
|
{ | { |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
return (authenticated); |
return false; |
|
} |
|
|
|
// Check if the user is authorized to CIMSERV |
|
#ifdef PEGASUS_ZOS_SECURITY |
|
if ( !CheckProfileCIMSERVclassWBEM(userName, __READ_RESOURCE) ) |
|
{ |
|
Logger::put_l(Logger::TRACE_LOG, ZOS_SECURITY_NAME, Logger::WARNING, |
|
"Security.Authentication.LocalAuthenticationHandler" |
|
".NOREAD_CIMSERV_ACCESS.PEGASUS_OS_ZOS", |
|
"Request UserID $0 doesn't have READ permission to profile CIMSERV CL(WBEM).", |
|
userName); |
|
return false; |
} | } |
|
#endif |
|
|
|
// it is not necessary to check remote privileged user access local |
|
// set the flag to "check done" |
|
authInfo->setRemotePrivilegedUserAccessChecked(); |
|
|
|
SessionKey sessionKey; |
|
|
|
Boolean authenticated = _localAuthenticator->authenticate(filePath, |
|
secretReceived, authInfo->getLocalAuthSecret(), sessionKey); |
| |
authenticated = _localAuthenticator->authenticate(filePath, |
PEG_AUDIT_LOG(logLocalAuthentication( |
secretReceived, authInfo->getAuthChallenge()); |
userName, |
|
authenticated)); |
| |
if (authenticated) | if (authenticated) |
{ | { |
authInfo->setAuthenticatedUser(userName); | authInfo->setAuthenticatedUser(userName); |
|
authInfo->setSessionKey(sessionKey); |
} | } |
| |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
|
|
return ( authenticated ); | return ( authenticated ); |
} | } |
| |
|
Boolean LocalAuthenticationHandler::validateUser(const String& userName) |
|
{ |
|
return _localAuthenticator->validateUser(userName); |
|
} |
|
|
String LocalAuthenticationHandler::getAuthResponseHeader( | String LocalAuthenticationHandler::getAuthResponseHeader( |
const String& authType, | const String& authType, |
const String& userName, | const String& userName, |
|
|
PEG_METHOD_ENTER(TRC_AUTHENTICATION, | PEG_METHOD_ENTER(TRC_AUTHENTICATION, |
"LocalAuthenticationHandler::getAuthResponseHeader()"); | "LocalAuthenticationHandler::getAuthResponseHeader()"); |
| |
String challenge = String::EMPTY; |
String secret; |
String authResp = String::EMPTY; |
String authResp; |
| |
// | // |
// Check if the user is a valid system user | // Check if the user is a valid system user |
// | // |
ArrayDestroyer<char> un(userName.allocateCString()); |
if ( !System::isSystemUser( userName.getCString() ) ) |
if ( !System::isSystemUser( un.getPointer() ) ) |
|
{ | { |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
return ( authResp ); | return ( authResp ); |
} | } |
| |
authResp = _localAuthenticator->getAuthResponseHeader(authType, userName, challenge); |
authResp = _localAuthenticator->getAuthResponseHeader(authType, userName, secret); |
| |
authInfo->setAuthChallenge(challenge); |
authInfo->setLocalAuthSecret(secret); |
| |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| |