|
version 1.24, 2008/08/14 17:30:45
|
version 1.29, 2013/06/05 14:09:26
|
|
|
|
| //%2006//////////////////////////////////////////////////////////////////////// |
//%LICENSE//////////////////////////////////////////////////////////////// |
| // | // |
| // Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development |
// Licensed to The Open Group (TOG) under one or more contributor license |
| // Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems. |
// agreements. Refer to the OpenPegasusNOTICE.txt file distributed with |
| // Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.; |
// this work for additional information regarding copyright ownership. |
| // IBM Corp.; EMC Corporation, The Open Group. |
// Each contributor licenses this file to you under the OpenPegasus Open |
| // Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.; |
// Source License; you may not use this file except in compliance with the |
| // IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group. |
// License. |
| // Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.; |
// |
| // EMC Corporation; VERITAS Software Corporation; The Open Group. |
// Permission is hereby granted, free of charge, to any person obtaining a |
| // Copyright (c) 2006 Hewlett-Packard Development Company, L.P.; IBM Corp.; |
// copy of this software and associated documentation files (the "Software"), |
| // EMC Corporation; Symantec Corporation; The Open Group. |
// to deal in the Software without restriction, including without limitation |
| // |
// the rights to use, copy, modify, merge, publish, distribute, sublicense, |
| // Permission is hereby granted, free of charge, to any person obtaining a copy |
// and/or sell copies of the Software, and to permit persons to whom the |
| // of this software and associated documentation files (the "Software"), to |
// Software is furnished to do so, subject to the following conditions: |
| // deal in the Software without restriction, including without limitation the |
// |
| // rights to use, copy, modify, merge, publish, distribute, sublicense, and/or |
// The above copyright notice and this permission notice shall be included |
| // sell copies of the Software, and to permit persons to whom the Software is |
// in all copies or substantial portions of the Software. |
| // furnished to do so, subject to the following conditions: |
// |
| // |
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS |
| // THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN |
// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF |
| // ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED |
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. |
| // "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT |
// IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY |
| // LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR |
// CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, |
| // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT |
// TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE |
| // HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN |
// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
| // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION |
|
| // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
|
| // | // |
| //============================================================================== |
////////////////////////////////////////////////////////////////////////// |
| // | // |
| //%///////////////////////////////////////////////////////////////////////////// | //%///////////////////////////////////////////////////////////////////////////// |
| | |
|
|
|
| PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| } | } |
| | |
| Boolean LocalAuthenticationHandler::authenticate( |
AuthenticationStatus LocalAuthenticationHandler::authenticate( |
| const String& authHeader, | const String& authHeader, |
| AuthenticationInfo* authInfo) | AuthenticationInfo* authInfo) |
| { | { |
|
|
|
| if (colon1 == PEG_NOT_FOUND) | if (colon1 == PEG_NOT_FOUND) |
| { | { |
| PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| return false; |
return AuthenticationStatus(AUTHSC_UNAUTHORIZED); |
| } | } |
| | |
| String userName = authHeader.subString(0, colon1); | String userName = authHeader.subString(0, colon1); |
|
|
|
| if (filePath != authInfo->getLocalAuthFilePath()) | if (filePath != authInfo->getLocalAuthFilePath()) |
| { | { |
| PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| return false; |
return AuthenticationStatus(AUTHSC_UNAUTHORIZED); |
| } | } |
| | |
| // | // |
|
|
|
| if (secretReceived.size() == 0 || userName.size() == 0) | if (secretReceived.size() == 0 || userName.size() == 0) |
| { | { |
| PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| return false; |
return AuthenticationStatus(AUTHSC_UNAUTHORIZED); |
| } | } |
| | |
| String authenticatedUsername = authInfo->getAuthenticatedUser(); | String authenticatedUsername = authInfo->getAuthenticatedUser(); |
|
|
|
| userName != authenticatedUsername) | userName != authenticatedUsername) |
| { | { |
| PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| return false; |
return AuthenticationStatus(AUTHSC_UNAUTHORIZED); |
| } | } |
| | |
| // | // |
|
|
|
| if (!System::isSystemUser(userName.getCString())) | if (!System::isSystemUser(userName.getCString())) |
| { | { |
| PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| return false; |
return AuthenticationStatus(AUTHSC_UNAUTHORIZED); |
| } | } |
| | |
| // Check if the user is authorized to CIMSERV | // Check if the user is authorized to CIMSERV |
|
|
|
| "Request UserID $0 doesn't have READ permission " | "Request UserID $0 doesn't have READ permission " |
| "to profile CIMSERV CL(WBEM).", | "to profile CIMSERV CL(WBEM).", |
| userName)); | userName)); |
| return false; |
return AuthenticationStatus(AUTHSC_UNAUTHORIZED); |
| } | } |
| #endif | #endif |
| | |
|
|
|
| authInfo->setRemotePrivilegedUserAccessChecked(); | authInfo->setRemotePrivilegedUserAccessChecked(); |
| | |
| // Authenticate | // Authenticate |
| Boolean authenticated = _localAuthenticator->authenticate( |
AuthenticationStatus authStatus = _localAuthenticator->authenticate( |
| filePath, secretReceived, authInfo->getLocalAuthSecret()); | filePath, secretReceived, authInfo->getLocalAuthSecret()); |
| | |
| if (authenticated) |
if (authStatus.isSuccess()) |
| { | { |
| authInfo->setAuthenticatedUser(userName); | authInfo->setAuthenticatedUser(userName); |
| // For Privilege Separation, remember the secret on subsequent requests | // For Privilege Separation, remember the secret on subsequent requests |
|
|
|
| Logger::STANDARD_LOG, System::CIMSERVER, Logger::INFORMATION, | Logger::STANDARD_LOG, System::CIMSERVER, Logger::INFORMATION, |
| MessageLoaderParms( | MessageLoaderParms( |
| "Security.Authentication.LocalAuthenticationHandler." | "Security.Authentication.LocalAuthenticationHandler." |
| "LOCAL_AUTHENTICATION_FAILED", |
"LOCAL_AUTHENTICATION_FAILURE", |
| "Local Authentication failed for user $0.", |
"Local Authentication failed for user $0 from client " |
| userName)); |
"IP address $1.",userName,authInfo->getIpAddress())); |
| } | } |
| | |
| PEG_AUDIT_LOG(logLocalAuthentication(userName, authenticated)); |
PEG_AUDIT_LOG(logLocalAuthentication(userName, authStatus.isSuccess())); |
| | |
| PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| | |
| return authenticated; |
return authStatus; |
| } | } |
| | |
| Boolean LocalAuthenticationHandler::validateUser(const String& userName) |
AuthenticationStatus LocalAuthenticationHandler::validateUser( |
| |
const String& userName, |
| |
AuthenticationInfo* authInfo) |
| { | { |
| return _localAuthenticator->validateUser(userName); |
return _localAuthenticator->validateUser(userName,authInfo); |
| } | } |
| | |
| String LocalAuthenticationHandler::getAuthResponseHeader( | String LocalAuthenticationHandler::getAuthResponseHeader( |
Return to
LocalAuthenticationHandler.cpp
CVS log
Up to [Pegasus] / pegasus / src / Pegasus / Security / Authentication