pegasus/src/Pegasus/Security/Authentication/LocalAuthenticationHandler.cpp - diff

Return to LocalAuthenticationHandler.cpp CVS log

Up to [Pegasus] / pegasus / src / Pegasus / Security / Authentication

Diff for /pegasus/src/Pegasus/Security/Authentication/LocalAuthenticationHandler.cpp between version 1.4 and 1.18

version 1.4, 2002/02/23 00:27:20

version 1.18, 2007/03/02 19:00:44

Line 1

//%/////////////////////////////////////////////////////////////////////////////

//%2006////////////////////////////////////////////////////////////////////////

// The Open Group, Tivoli Systems

// Permission is hereby granted, free of charge, to any person obtaining a

// copy of this software and associated documentation files (the "Software"),

// Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems.

// to deal in the Software without restriction, including without limitation

// the rights to use, copy, modify, merge, publish, distribute, sublicense,

// IBM Corp.; EMC Corporation, The Open Group.

// and/or sell copies of the Software, and to permit persons to whom the

// Software is furnished to do so, subject to the following conditions:

// IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group.

// The above copyright notice and this permission notice shall be included in

// EMC Corporation; VERITAS Software Corporation; The Open Group.

// all copies of substantial portions of this software.

// EMC Corporation; Symantec Corporation; The Open Group.

// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR

// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,

// Permission is hereby granted, free of charge, to any person obtaining a copy

// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL

// of this software and associated documentation files (the "Software"), to

// THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER

// deal in the Software without restriction, including without limitation the

// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING

// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or

// FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER

// sell copies of the Software, and to permit persons to whom the Software is

// DEALINGS IN THE SOFTWARE.

// furnished to do so, subject to the following conditions:

// THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN

// ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED

// "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT

// LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR

// PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT

// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN

// ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION

// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

//==============================================================================

// Author: Nag Boranna, Hewlett-Packard Company(nagaraja_boranna@hp.com)

// Modified By:

//%/////////////////////////////////////////////////////////////////////////////

#include <Pegasus/Common/AuditLogger.h>

#include <Pegasus/Common/Logger.h>

#include <Pegasus/Common/Tracer.h>

#include <Pegasus/Security/Authentication/SecureLocalAuthenticator.h>

#include "SecureLocalAuthenticator.h"

#include "LocalAuthenticationHandler.h"

#ifdef PEGASUS_ZOS_SECURITY

// This include file will not be provided in the OpenGroup CVS for now.

// Do NOT try to include it in your compile

#include <Pegasus/Common/safCheckzOS_inline.h>

#endif

PEGASUS_USING_STD;

PEGASUS_NAMESPACE_BEGIN

Line 41

Line 51

LocalAuthenticationHandler::LocalAuthenticationHandler()

{

const char METHOD_NAME[] =

PEG_METHOD_ENTER(TRC_AUTHENTICATION,

"LocalAuthenticationHandler::LocalAuthenticationHandler()";

"LocalAuthenticationHandler::LocalAuthenticationHandler()");

PEG_FUNC_ENTER(TRC_AUTHENTICATION, METHOD_NAME);

// ATTN: Load the local authentication module here

_localAuthenticator.reset((LocalAuthenticator*) new SecureLocalAuthenticator());

_localAuthenticator = (LocalAuthenticator*) new SecureLocalAuthenticator();

PEG_METHOD_EXIT();

PEG_FUNC_EXIT(TRC_AUTHENTICATION, METHOD_NAME);

}

LocalAuthenticationHandler::~LocalAuthenticationHandler()

{

const char METHOD_NAME[] =

PEG_METHOD_ENTER(TRC_AUTHENTICATION,

"LocalAuthenticationHandler::~LocalAuthenticationHandler()";

"LocalAuthenticationHandler::~LocalAuthenticationHandler()");

PEG_FUNC_ENTER(TRC_AUTHENTICATION, METHOD_NAME);

PEG_FUNC_EXIT(TRC_AUTHENTICATION, METHOD_NAME);

PEG_METHOD_EXIT();

delete _localAuthenticator;

}

Boolean LocalAuthenticationHandler::authenticate(

const String& authHeader,

AuthenticationInfo* authInfo)

{

const char METHOD_NAME[] =

PEG_METHOD_ENTER(TRC_AUTHENTICATION,

"LocalAuthenticationHandler::authenticate()";

"LocalAuthenticationHandler::authenticate()");

PEG_FUNC_ENTER(TRC_AUTHENTICATION, METHOD_NAME);

Boolean authenticated = false;

Line 81

if ( colon1 == PEG_NOT_FOUND )

{

PEG_FUNC_EXIT(TRC_AUTHENTICATION, METHOD_NAME);

PEG_METHOD_EXIT();

return ( authenticated );

}

Line 107

secretReceived = authHeader.subString( colon2 + 1 );

}

// Check if the user is a valid system user

if ( !System::isSystemUser( userName.getCString() ) )

{

PEG_METHOD_EXIT();

return (authenticated);

}

// Check if the user is authorized to CIMSERV

#ifdef PEGASUS_ZOS_SECURITY

if ( !CheckProfileCIMSERVclassWBEM(userName, __READ_RESOURCE) )

{

Logger::put_l(Logger::TRACE_LOG, ZOS_SECURITY_NAME, Logger::WARNING,

"Security.Authentication.LocalAuthenticationHandler"

".NOREAD_CIMSERV_ACCESS.PEGASUS_OS_ZOS",

"Request UserID $0 doesn't have READ permission to profile CIMSERV CL(WBEM).",

userName);

return (authenticated);

}

#endif

// it is not necessary to check remote privileged user access local

// set the flag to "check done"

authInfo->setRemotePrivilegedUserAccessChecked();

authenticated = _localAuthenticator->authenticate(filePath,

secretReceived, authInfo->getAuthChallenge());

secretReceived, authInfo->getLocalAuthSecret());

PEG_AUDIT_LOG(logLocalAuthentication(

userName,

authenticated));

if (authenticated)

{

authInfo->setAuthenticatedUser(userName);

}

PEG_FUNC_EXIT(TRC_AUTHENTICATION, METHOD_NAME);

PEG_METHOD_EXIT();

return ( authenticated );

}

String LocalAuthenticationHandler::getAuthResponseHeader(

Boolean LocalAuthenticationHandler::validateUser(const String& userName)

const String& authHeader,

AuthenticationInfo* authInfo)

{

const char METHOD_NAME[] =

return _localAuthenticator->validateUser(userName);

"LocalAuthenticationHandler::getAuthResponseHeader()";

PEG_FUNC_ENTER(TRC_AUTHENTICATION, METHOD_NAME);

PEG_FUNC_EXIT(TRC_AUTHENTICATION, METHOD_NAME);

// No Implementation required in LocalAuthenticationHandler

return(String(""));

}

String LocalAuthenticationHandler::getAuthResponseHeader(

Line 142

Line 160

const String& userName,

AuthenticationInfo* authInfo)

{

const char METHOD_NAME[] =

PEG_METHOD_ENTER(TRC_AUTHENTICATION,

"LocalAuthenticationHandler::getAuthResponseHeader()";

"LocalAuthenticationHandler::getAuthResponseHeader()");

PEG_FUNC_ENTER(TRC_AUTHENTICATION, METHOD_NAME);

String secret;

String authResp;

String challenge;

// Check if the user is a valid system user

if ( !System::isSystemUser( userName.getCString() ) )

{

PEG_METHOD_EXIT();

return ( authResp );

}

String authResp =

authResp = _localAuthenticator->getAuthResponseHeader(authType, userName, secret);

_localAuthenticator->getAuthResponseHeader(authType, userName, challenge);

authInfo->setAuthChallenge(challenge);

authInfo->setLocalAuthSecret(secret);

PEG_FUNC_EXIT(TRC_AUTHENTICATION, METHOD_NAME);

PEG_METHOD_EXIT();

return(authResp);

}

Legend:

Removed from v.1.4
changed lines
	Added in v.1.18

No CVS admin address has been configured