version 1.20, 2007/05/25 18:35:18
|
version 1.26.4.1, 2009/11/18 14:00:40
|
|
|
//%2006//////////////////////////////////////////////////////////////////////// |
//%LICENSE//////////////////////////////////////////////////////////////// |
// | // |
// Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development |
// Licensed to The Open Group (TOG) under one or more contributor license |
// Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems. |
// agreements. Refer to the OpenPegasusNOTICE.txt file distributed with |
// Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.; |
// this work for additional information regarding copyright ownership. |
// IBM Corp.; EMC Corporation, The Open Group. |
// Each contributor licenses this file to you under the OpenPegasus Open |
// Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.; |
// Source License; you may not use this file except in compliance with the |
// IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group. |
// License. |
// Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.; |
// |
// EMC Corporation; VERITAS Software Corporation; The Open Group. |
// Permission is hereby granted, free of charge, to any person obtaining a |
// Copyright (c) 2006 Hewlett-Packard Development Company, L.P.; IBM Corp.; |
// copy of this software and associated documentation files (the "Software"), |
// EMC Corporation; Symantec Corporation; The Open Group. |
// to deal in the Software without restriction, including without limitation |
// |
// the rights to use, copy, modify, merge, publish, distribute, sublicense, |
// Permission is hereby granted, free of charge, to any person obtaining a copy |
// and/or sell copies of the Software, and to permit persons to whom the |
// of this software and associated documentation files (the "Software"), to |
// Software is furnished to do so, subject to the following conditions: |
// deal in the Software without restriction, including without limitation the |
// |
// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or |
// The above copyright notice and this permission notice shall be included |
// sell copies of the Software, and to permit persons to whom the Software is |
// in all copies or substantial portions of the Software. |
// furnished to do so, subject to the following conditions: |
// |
// |
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS |
// THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN |
// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF |
// ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED |
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. |
// "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT |
// IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY |
// LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR |
// CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, |
// PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT |
// TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE |
// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN |
// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
// ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION |
|
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
|
// | // |
//============================================================================== |
////////////////////////////////////////////////////////////////////////// |
// | // |
//%///////////////////////////////////////////////////////////////////////////// | //%///////////////////////////////////////////////////////////////////////////// |
| |
|
|
PEG_METHOD_ENTER(TRC_AUTHENTICATION, | PEG_METHOD_ENTER(TRC_AUTHENTICATION, |
"LocalAuthenticationHandler::LocalAuthenticationHandler()"); | "LocalAuthenticationHandler::LocalAuthenticationHandler()"); |
| |
_localAuthenticator.reset((LocalAuthenticator*) new SecureLocalAuthenticator()); |
_localAuthenticator.reset( |
|
(LocalAuthenticator*) new SecureLocalAuthenticator()); |
| |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
} | } |
|
|
#ifdef PEGASUS_ZOS_SECURITY | #ifdef PEGASUS_ZOS_SECURITY |
if ( !CheckProfileCIMSERVclassWBEM(userName, __READ_RESOURCE) ) | if ( !CheckProfileCIMSERVclassWBEM(userName, __READ_RESOURCE) ) |
{ | { |
Logger::put_l(Logger::TRACE_LOG, ZOS_SECURITY_NAME, Logger::WARNING, |
Logger::put_l(Logger::STANDARD_LOG, ZOS_SECURITY_NAME, Logger::WARNING, |
"Security.Authentication.LocalAuthenticationHandler" |
MessageLoaderParms( |
".NOREAD_CIMSERV_ACCESS.PEGASUS_OS_ZOS", |
"Security.Authentication.LocalAuthenticationHandler." |
"Request UserID $0 doesn't have READ permission to profile CIMSERV CL(WBEM).", |
"NOREAD_CIMSERV_ACCESS.PEGASUS_OS_ZOS", |
userName); |
"Request UserID $0 doesn't have READ permission " |
|
"to profile CIMSERV CL(WBEM).", |
|
userName)); |
return false; | return false; |
} | } |
#endif | #endif |
|
|
// For Privilege Separation, remember the secret on subsequent requests | // For Privilege Separation, remember the secret on subsequent requests |
authInfo->setLocalAuthSecret(secretReceived); | authInfo->setLocalAuthSecret(secretReceived); |
} | } |
|
else |
|
{ |
|
// log a failed authentication |
|
Logger::put_l( |
|
Logger::STANDARD_LOG, System::CIMSERVER, Logger::INFORMATION, |
|
MessageLoaderParms( |
|
"Security.Authentication.LocalAuthenticationHandler." |
|
"LOCAL_AUTHENTICATION_FAILURE", |
|
"Local Authentication failed for user $0 from client " |
|
"IP address $1.",userName,authInfo->getIpAddress())); |
|
} |
| |
PEG_AUDIT_LOG(logLocalAuthentication( |
PEG_AUDIT_LOG(logLocalAuthentication(userName, authenticated)); |
userName, |
|
authenticated)); |
|
| |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| |
return ( authenticated ); |
return authenticated; |
} | } |
| |
Boolean LocalAuthenticationHandler::validateUser(const String& userName) | Boolean LocalAuthenticationHandler::validateUser(const String& userName) |
|
|
if ( !System::isSystemUser( userName.getCString() ) ) | if ( !System::isSystemUser( userName.getCString() ) ) |
{ | { |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
return ( authResp ); |
return authResp; |
} | } |
| |
authResp = _localAuthenticator->getAuthResponseHeader( | authResp = _localAuthenticator->getAuthResponseHeader( |
|
|
| |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| |
return ( authResp ); |
return authResp; |
} | } |
| |
PEGASUS_NAMESPACE_END | PEGASUS_NAMESPACE_END |