version 1.28, 2013/05/28 12:34:24
|
version 1.29, 2013/06/05 14:09:26
|
|
|
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
} | } |
| |
Boolean LocalAuthenticationHandler::authenticate( |
AuthenticationStatus LocalAuthenticationHandler::authenticate( |
const String& authHeader, | const String& authHeader, |
AuthenticationInfo* authInfo) | AuthenticationInfo* authInfo) |
{ | { |
|
|
if (colon1 == PEG_NOT_FOUND) | if (colon1 == PEG_NOT_FOUND) |
{ | { |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
return false; |
return AuthenticationStatus(AUTHSC_UNAUTHORIZED); |
} | } |
| |
String userName = authHeader.subString(0, colon1); | String userName = authHeader.subString(0, colon1); |
|
|
if (filePath != authInfo->getLocalAuthFilePath()) | if (filePath != authInfo->getLocalAuthFilePath()) |
{ | { |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
return false; |
return AuthenticationStatus(AUTHSC_UNAUTHORIZED); |
} | } |
| |
// | // |
|
|
if (secretReceived.size() == 0 || userName.size() == 0) | if (secretReceived.size() == 0 || userName.size() == 0) |
{ | { |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
return false; |
return AuthenticationStatus(AUTHSC_UNAUTHORIZED); |
} | } |
| |
String authenticatedUsername = authInfo->getAuthenticatedUser(); | String authenticatedUsername = authInfo->getAuthenticatedUser(); |
|
|
userName != authenticatedUsername) | userName != authenticatedUsername) |
{ | { |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
return false; |
return AuthenticationStatus(AUTHSC_UNAUTHORIZED); |
} | } |
| |
// | // |
|
|
if (!System::isSystemUser(userName.getCString())) | if (!System::isSystemUser(userName.getCString())) |
{ | { |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
return false; |
return AuthenticationStatus(AUTHSC_UNAUTHORIZED); |
} | } |
| |
// Check if the user is authorized to CIMSERV | // Check if the user is authorized to CIMSERV |
|
|
"Request UserID $0 doesn't have READ permission " | "Request UserID $0 doesn't have READ permission " |
"to profile CIMSERV CL(WBEM).", | "to profile CIMSERV CL(WBEM).", |
userName)); | userName)); |
return false; |
return AuthenticationStatus(AUTHSC_UNAUTHORIZED); |
} | } |
#endif | #endif |
| |
|
|
authInfo->setRemotePrivilegedUserAccessChecked(); | authInfo->setRemotePrivilegedUserAccessChecked(); |
| |
// Authenticate | // Authenticate |
Boolean authenticated = _localAuthenticator->authenticate( |
AuthenticationStatus authStatus = _localAuthenticator->authenticate( |
filePath, secretReceived, authInfo->getLocalAuthSecret()); | filePath, secretReceived, authInfo->getLocalAuthSecret()); |
| |
if (authenticated) |
if (authStatus.isSuccess()) |
{ | { |
authInfo->setAuthenticatedUser(userName); | authInfo->setAuthenticatedUser(userName); |
// For Privilege Separation, remember the secret on subsequent requests | // For Privilege Separation, remember the secret on subsequent requests |
|
|
"IP address $1.",userName,authInfo->getIpAddress())); | "IP address $1.",userName,authInfo->getIpAddress())); |
} | } |
| |
PEG_AUDIT_LOG(logLocalAuthentication(userName, authenticated)); |
PEG_AUDIT_LOG(logLocalAuthentication(userName, authStatus.isSuccess())); |
| |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| |
return authenticated; |
return authStatus; |
} | } |
| |
Boolean LocalAuthenticationHandler::validateUser( |
AuthenticationStatus LocalAuthenticationHandler::validateUser( |
const String& userName, | const String& userName, |
AuthenticationInfo* authInfo) | AuthenticationInfo* authInfo) |
{ | { |