pegasus/src/Pegasus/Security/Authentication/LocalAuthenticationHandler.cpp - diff

Return to LocalAuthenticationHandler.cpp CVS log

Up to [Pegasus] / pegasus / src / Pegasus / Security / Authentication

Diff for /pegasus/src/Pegasus/Security/Authentication/LocalAuthenticationHandler.cpp between version 1.18 and 1.26.4.1

version 1.18, 2007/03/02 19:00:44

version 1.26.4.1, 2009/11/18 14:00:40

Line 1

//%2006////////////////////////////////////////////////////////////////////////

//%LICENSE////////////////////////////////////////////////////////////////

// Licensed to The Open Group (TOG) under one or more contributor license

// Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems.

// agreements. Refer to the OpenPegasusNOTICE.txt file distributed with

// this work for additional information regarding copyright ownership.

// IBM Corp.; EMC Corporation, The Open Group.

// Each contributor licenses this file to you under the OpenPegasus Open

// Source License; you may not use this file except in compliance with the

// IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group.

// License.

// EMC Corporation; VERITAS Software Corporation; The Open Group.

// Permission is hereby granted, free of charge, to any person obtaining a

// copy of this software and associated documentation files (the "Software"),

// EMC Corporation; Symantec Corporation; The Open Group.

// to deal in the Software without restriction, including without limitation

// the rights to use, copy, modify, merge, publish, distribute, sublicense,

// Permission is hereby granted, free of charge, to any person obtaining a copy

// and/or sell copies of the Software, and to permit persons to whom the

// of this software and associated documentation files (the "Software"), to

// Software is furnished to do so, subject to the following conditions:

// deal in the Software without restriction, including without limitation the

// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or

// The above copyright notice and this permission notice shall be included

// sell copies of the Software, and to permit persons to whom the Software is

// in all copies or substantial portions of the Software.

// furnished to do so, subject to the following conditions:

// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS

// THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN

// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF

// ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED

// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.

// "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT

// IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY

// LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR

// CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,

// PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT

// TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE

// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN

// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

// ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION

// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

//==============================================================================

//////////////////////////////////////////////////////////////////////////

//%/////////////////////////////////////////////////////////////////////////////

Line 54

Line 52

PEG_METHOD_ENTER(TRC_AUTHENTICATION,

"LocalAuthenticationHandler::LocalAuthenticationHandler()");

_localAuthenticator.reset((LocalAuthenticator*) new SecureLocalAuthenticator());

_localAuthenticator.reset(

(LocalAuthenticator*) new SecureLocalAuthenticator());

PEG_METHOD_EXIT();

}

Line 74

Line 73

PEG_METHOD_ENTER(TRC_AUTHENTICATION,

"LocalAuthenticationHandler::authenticate()");

Boolean authenticated = false;

// Look for ':' seperator

Uint32 colon1 = authHeader.find(':');

if ( colon1 == PEG_NOT_FOUND )

{

PEG_METHOD_EXIT();

return ( authenticated );

return false;

}

String userName = authHeader.subString(0, colon1);

Line 108

Line 105

}

// Check for the expected file path in the authentication header

if (filePath != authInfo->getLocalAuthFilePath())

{

PEG_METHOD_EXIT();

return false;

}

// Check if the authentication information is present

if (secretReceived.size() == 0 || userName.size() == 0)

{

PEG_METHOD_EXIT();

return false;

}

String authenticatedUsername = authInfo->getAuthenticatedUser();

// If this connection has been previously authenticated then ensure

// the username passed with the current request matches the

// username previously authenticated.

if (authenticatedUsername.size() != 0 &&

userName != authenticatedUsername)

{

PEG_METHOD_EXIT();

return false;

}

// Check if the user is a valid system user

if ( !System::isSystemUser( userName.getCString() ) )

{

PEG_METHOD_EXIT();

return (authenticated);

return false;

}

// Check if the user is authorized to CIMSERV

#ifdef PEGASUS_ZOS_SECURITY

if ( !CheckProfileCIMSERVclassWBEM(userName, __READ_RESOURCE) )

{

Logger::put_l(Logger::TRACE_LOG, ZOS_SECURITY_NAME, Logger::WARNING,

Logger::put_l(Logger::STANDARD_LOG, ZOS_SECURITY_NAME, Logger::WARNING,

"Security.Authentication.LocalAuthenticationHandler"

MessageLoaderParms(

".NOREAD_CIMSERV_ACCESS.PEGASUS_OS_ZOS",

"Security.Authentication.LocalAuthenticationHandler."

"Request UserID $0 doesn't have READ permission to profile CIMSERV CL(WBEM).",

"NOREAD_CIMSERV_ACCESS.PEGASUS_OS_ZOS",

userName);

"Request UserID $0 doesn't have READ permission "

return (authenticated);

"to profile CIMSERV CL(WBEM).",

userName));

return false;

}

#endif

// it is not necessary to check remote privileged user access local

// It is not necessary to check remote privileged user access for local

// set the flag to "check done"

// connections; set the flag to "check done"

authInfo->setRemotePrivilegedUserAccessChecked();

authenticated = _localAuthenticator->authenticate(filePath,

// Authenticate

secretReceived, authInfo->getLocalAuthSecret());

Boolean authenticated = _localAuthenticator->authenticate(

filePath, secretReceived, authInfo->getLocalAuthSecret());

PEG_AUDIT_LOG(logLocalAuthentication(

userName,

authenticated));

if (authenticated)

{

authInfo->setAuthenticatedUser(userName);

// For Privilege Separation, remember the secret on subsequent requests

authInfo->setLocalAuthSecret(secretReceived);

}

else

{

// log a failed authentication

Logger::put_l(

Logger::STANDARD_LOG, System::CIMSERVER, Logger::INFORMATION,

MessageLoaderParms(

"Security.Authentication.LocalAuthenticationHandler."

"LOCAL_AUTHENTICATION_FAILURE",

"Local Authentication failed for user $0 from client "

"IP address $1.",userName,authInfo->getIpAddress()));

}

PEG_AUDIT_LOG(logLocalAuthentication(userName, authenticated));

PEG_METHOD_EXIT();

return ( authenticated );

return authenticated;

}

Boolean LocalAuthenticationHandler::validateUser(const String& userName)

Line 164

Line 207

"LocalAuthenticationHandler::getAuthResponseHeader()");

String secret;

String filePath;

String authResp;

Line 172

Line 216

if ( !System::isSystemUser( userName.getCString() ) )

{

PEG_METHOD_EXIT();

return ( authResp );

return authResp;

}

authResp = _localAuthenticator->getAuthResponseHeader(authType, userName, secret);

authResp = _localAuthenticator->getAuthResponseHeader(

authType, userName, filePath, secret);

authInfo->setLocalAuthFilePath(filePath);

authInfo->setLocalAuthSecret(secret);

PEG_METHOD_EXIT();

return ( authResp );

return authResp;

}

PEGASUS_NAMESPACE_END

Legend:

Removed from v.1.18
changed lines
	Added in v.1.26.4.1

No CVS admin address has been configured