(file) Return to LocalAuthenticationHandler.cpp CVS log (file) (dir) Up to [Pegasus] / pegasus / src / Pegasus / Security / Authentication

Diff for /pegasus/src/Pegasus/Security/Authentication/LocalAuthenticationHandler.cpp between version 1.2 and 1.29

version 1.2, 2001/12/13 14:54:31 version 1.29, 2013/06/05 14:09:26
Line 1 
Line 1 
 //%/////////////////////////////////////////////////////////////////////////////  //%LICENSE////////////////////////////////////////////////////////////////
 // //
 // Copyright (c) 2000, 2001 BMC Software, Hewlett-Packard Company, IBM,  // Licensed to The Open Group (TOG) under one or more contributor license
 // The Open Group, Tivoli Systems  // agreements.  Refer to the OpenPegasusNOTICE.txt file distributed with
   // this work for additional information regarding copyright ownership.
   // Each contributor licenses this file to you under the OpenPegasus Open
   // Source License; you may not use this file except in compliance with the
   // License.
 // //
 // Permission is hereby granted, free of charge, to any person obtaining a // Permission is hereby granted, free of charge, to any person obtaining a
 // copy of this software and associated documentation files (the "Software"), // copy of this software and associated documentation files (the "Software"),
Line 10 
Line 14 
 // and/or sell copies of the Software, and to permit persons to whom the // and/or sell copies of the Software, and to permit persons to whom the
 // Software is furnished to do so, subject to the following conditions: // Software is furnished to do so, subject to the following conditions:
 // //
 // The above copyright notice and this permission notice shall be included in  // The above copyright notice and this permission notice shall be included
 // all copies of substantial portions of this software.  // in all copies or substantial portions of the Software.
 //  
 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR  
 // IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,  
 // FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL  
 // THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER  
 // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING  
 // FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER  
 // DEALINGS IN THE SOFTWARE.  
 // //
 //==============================================================================  // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
   // OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
   // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
   // IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
   // CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
   // TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
   // SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 // //
 // Author: Nag Boranna, Hewlett-Packard Company(nagaraja_boranna@hp.com)  //////////////////////////////////////////////////////////////////////////
 //  
 // Modified By:  
 // //
 //%///////////////////////////////////////////////////////////////////////////// //%/////////////////////////////////////////////////////////////////////////////
  
   #include <Pegasus/Common/AuditLogger.h>
 #include <Pegasus/Common/Logger.h> #include <Pegasus/Common/Logger.h>
 #include <Pegasus/Security/Authentication/SecureLocalAuthenticator.h>  #include <Pegasus/Common/Tracer.h>
   
   #include "SecureLocalAuthenticator.h"
 #include "LocalAuthenticationHandler.h" #include "LocalAuthenticationHandler.h"
  
   #ifdef PEGASUS_ZOS_SECURITY
   // This include file will not be provided in the OpenGroup CVS for now.
   // Do NOT try to include it in your compile
   # include <Pegasus/Common/safCheckzOS_inline.h>
   #endif
   
 PEGASUS_USING_STD; PEGASUS_USING_STD;
  
 PEGASUS_NAMESPACE_BEGIN PEGASUS_NAMESPACE_BEGIN
Line 40 
Line 49 
  
 LocalAuthenticationHandler::LocalAuthenticationHandler() LocalAuthenticationHandler::LocalAuthenticationHandler()
 { {
     // ATTN: Load the local authentication module here      PEG_METHOD_ENTER(TRC_AUTHENTICATION,
          "LocalAuthenticationHandler::LocalAuthenticationHandler()");
   
       _localAuthenticator.reset(
           (LocalAuthenticator*) new SecureLocalAuthenticator());
  
     _localAuthenticator = (LocalAuthenticator*) new SecureLocalAuthenticator();      PEG_METHOD_EXIT();
 } }
  
 LocalAuthenticationHandler::~LocalAuthenticationHandler() LocalAuthenticationHandler::~LocalAuthenticationHandler()
 { {
     delete _localAuthenticator;      PEG_METHOD_ENTER(TRC_AUTHENTICATION,
           "LocalAuthenticationHandler::~LocalAuthenticationHandler()");
   
       PEG_METHOD_EXIT();
 } }
  
 Boolean LocalAuthenticationHandler::authenticate(  AuthenticationStatus LocalAuthenticationHandler::authenticate(
     String authHeader,      const String& authHeader,
     AuthenticationInfo* authInfo)     AuthenticationInfo* authInfo)
 { {
     Boolean authenticated   = false;      PEG_METHOD_ENTER(TRC_AUTHENTICATION,
           "LocalAuthenticationHandler::authenticate()");
  
     // Look for ':' seperator     // Look for ':' seperator
     Uint32 colon1 = authHeader.find(':');     Uint32 colon1 = authHeader.find(':');
  
     if ( colon1 == PEG_NOT_FOUND )     if ( colon1 == PEG_NOT_FOUND )
     {     {
         return ( authenticated );          PEG_METHOD_EXIT();
           return AuthenticationStatus(AUTHSC_UNAUTHORIZED);
     }     }
  
     String userName = authHeader.subString(0, colon1);     String userName = authHeader.subString(0, colon1);
Line 69 
Line 87 
     // Look for another ':' seperator     // Look for another ':' seperator
     Uint32 colon2 = authHeader.find(colon1 + 1, ':');     Uint32 colon2 = authHeader.find(colon1 + 1, ':');
  
     if ( colon1 == PEG_NOT_FOUND )      String filePath;
   
       String secretReceived;
   
       if (colon2 == PEG_NOT_FOUND)
       {
           filePath = String::EMPTY;
   
           secretReceived = authHeader.subString(colon1 + 1);
       }
       else
       {
           filePath = authHeader.subString(colon1 + 1, (colon2 - colon1 - 1));
   
           secretReceived = authHeader.subString(colon2 + 1);
       }
   
       //
       // Check for the expected file path in the authentication header
       //
       if (filePath != authInfo->getLocalAuthFilePath())
       {
           PEG_METHOD_EXIT();
           return AuthenticationStatus(AUTHSC_UNAUTHORIZED);
       }
   
       //
       // Check if the authentication information is present
       //
       if (secretReceived.size() == 0 || userName.size() == 0)
       {
           PEG_METHOD_EXIT();
           return AuthenticationStatus(AUTHSC_UNAUTHORIZED);
       }
   
       String authenticatedUsername = authInfo->getAuthenticatedUser();
   
       //
       // If this connection has been previously authenticated then ensure
       // the username passed with the current request matches the
       // username previously authenticated.
       //
       if (authenticatedUsername.size() != 0 &&
           userName != authenticatedUsername)
     {     {
         return ( authenticated );          PEG_METHOD_EXIT();
           return AuthenticationStatus(AUTHSC_UNAUTHORIZED);
     }     }
  
     String filePath = authHeader.subString( colon1 + 1, (colon2 - colon1 - 1) );      //
       // Check if the user is a valid system user
       //
       if (!System::isSystemUser(userName.getCString()))
       {
           PEG_METHOD_EXIT();
           return AuthenticationStatus(AUTHSC_UNAUTHORIZED);
       }
   
       // Check if the user is authorized to CIMSERV
   #ifdef PEGASUS_ZOS_SECURITY
       if (!CheckProfileCIMSERVclassWBEM(userName, __READ_RESOURCE))
       {
           Logger::put_l(Logger::STANDARD_LOG, ZOS_SECURITY_NAME, Logger::WARNING,
               MessageLoaderParms(
                   "Security.Authentication.LocalAuthenticationHandler."
                       "NOREAD_CIMSERV_ACCESS.PEGASUS_OS_ZOS",
                   "Request UserID $0 doesn't have READ permission "
                       "to profile CIMSERV CL(WBEM).",
                   userName));
           return AuthenticationStatus(AUTHSC_UNAUTHORIZED);
       }
   #endif
  
     String secretReceived = authHeader.subString( colon2 + 1 );      // It is not necessary to check remote privileged user access for local
       // connections; set the flag to "check done"
       authInfo->setRemotePrivilegedUserAccessChecked();
  
     authenticated = _localAuthenticator->authenticate(filePath,      // Authenticate
         secretReceived, authInfo->getAuthChallenge());      AuthenticationStatus authStatus = _localAuthenticator->authenticate(
           filePath, secretReceived, authInfo->getLocalAuthSecret());
  
     if (authenticated)      if (authStatus.isSuccess())
     {     {
         authInfo->setAuthenticatedUser(userName);         authInfo->setAuthenticatedUser(userName);
           // For Privilege Separation, remember the secret on subsequent requests
           authInfo->setLocalAuthSecret(secretReceived);
       }
       else
       {
           // log a failed authentication
           Logger::put_l(
               Logger::STANDARD_LOG, System::CIMSERVER, Logger::INFORMATION,
               MessageLoaderParms(
                   "Security.Authentication.LocalAuthenticationHandler."
                       "LOCAL_AUTHENTICATION_FAILURE",
                   "Local Authentication failed for user $0 from client "
                   "IP address $1.",userName,authInfo->getIpAddress()));
     }     }
  
     return ( authenticated );      PEG_AUDIT_LOG(logLocalAuthentication(userName, authStatus.isSuccess()));
   
       PEG_METHOD_EXIT();
   
       return authStatus;
   }
   
   AuthenticationStatus LocalAuthenticationHandler::validateUser(
       const String& userName,
       AuthenticationInfo* authInfo)
   {
       return _localAuthenticator->validateUser(userName,authInfo);
 } }
  
 String LocalAuthenticationHandler::getAuthResponseHeader( String LocalAuthenticationHandler::getAuthResponseHeader(
     String userName,      const String& authType,
       const String& userName,
     AuthenticationInfo* authInfo)     AuthenticationInfo* authInfo)
 { {
     String challenge;      PEG_METHOD_ENTER(TRC_AUTHENTICATION,
           "LocalAuthenticationHandler::getAuthResponseHeader()");
   
       String secret;
       String filePath;
       String authResp;
   
       //
       // Check if the user is a valid system user
       //
       if (!System::isSystemUser(userName.getCString()))
       {
           PEG_METHOD_EXIT();
           return authResp;
       }
   
       authResp = _localAuthenticator->getAuthResponseHeader(
           authType, userName, filePath, secret);
  
     String authResp = _localAuthenticator->getAuthResponseHeader(userName, challenge);      authInfo->setLocalAuthFilePath(filePath);
       authInfo->setLocalAuthSecret(secret);
  
     authInfo->setAuthChallenge(challenge);      PEG_METHOD_EXIT();
  
     return(authResp);      return authResp;
 } }
  
 PEGASUS_NAMESPACE_END PEGASUS_NAMESPACE_END

Legend:
Removed from v.1.2  
changed lines
  Added in v.1.29
No CVS admin address has been configured
 Powered by
ViewCVS 0.9.2