1 karl 1.14 //%2006////////////////////////////////////////////////////////////////////////
|
2 mike 1.2 //
|
3 karl 1.10 // Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development
4 // Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems.
5 // Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.;
|
6 karl 1.9 // IBM Corp.; EMC Corporation, The Open Group.
|
7 karl 1.10 // Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.;
8 // IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group.
|
9 karl 1.11 // Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.;
10 // EMC Corporation; VERITAS Software Corporation; The Open Group.
|
11 karl 1.14 // Copyright (c) 2006 Hewlett-Packard Development Company, L.P.; IBM Corp.;
12 // EMC Corporation; Symantec Corporation; The Open Group.
|
13 mike 1.2 //
|
14 kumpf 1.7 // Permission is hereby granted, free of charge, to any person obtaining a copy
15 // of this software and associated documentation files (the "Software"), to
16 // deal in the Software without restriction, including without limitation the
17 // rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
18 // sell copies of the Software, and to permit persons to whom the Software is
19 // furnished to do so, subject to the following conditions:
20 //
21 // THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN
22 // ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED
23 // "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
24 // LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
25 // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
26 // HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
27 // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
28 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
29 mike 1.2 //
30 //==============================================================================
31 //
32 //%/////////////////////////////////////////////////////////////////////////////
33
|
34 sushma.fernandes 1.16 #include <Pegasus/Common/AuditLogger.h>
|
35 mike 1.2 #include <Pegasus/Common/Logger.h>
|
36 kumpf 1.3 #include <Pegasus/Common/Tracer.h>
|
37 kumpf 1.5
38 #include "SecureLocalAuthenticator.h"
|
39 mike 1.2 #include "LocalAuthenticationHandler.h"
40
|
41 marek 1.15 #ifdef PEGASUS_ZOS_SECURITY
42 // This include file will not be provided in the OpenGroup CVS for now.
43 // Do NOT try to include it in your compile
44 #include <Pegasus/Common/safCheckzOS_inline.h>
45 #endif
|
46 kumpf 1.5
|
47 mike 1.2 PEGASUS_USING_STD;
48
49 PEGASUS_NAMESPACE_BEGIN
50
51
52 LocalAuthenticationHandler::LocalAuthenticationHandler()
53 {
|
54 kumpf 1.5 PEG_METHOD_ENTER(TRC_AUTHENTICATION,
55 "LocalAuthenticationHandler::LocalAuthenticationHandler()");
|
56 mike 1.2
|
57 joyce.j 1.12 _localAuthenticator.reset((LocalAuthenticator*) new SecureLocalAuthenticator());
|
58 kumpf 1.3
|
59 kumpf 1.5 PEG_METHOD_EXIT();
|
60 mike 1.2 }
61
62 LocalAuthenticationHandler::~LocalAuthenticationHandler()
63 {
|
64 kumpf 1.5 PEG_METHOD_ENTER(TRC_AUTHENTICATION,
65 "LocalAuthenticationHandler::~LocalAuthenticationHandler()");
|
66 kumpf 1.3
|
67 kumpf 1.5 PEG_METHOD_EXIT();
|
68 mike 1.2 }
69
70 Boolean LocalAuthenticationHandler::authenticate(
|
71 kumpf 1.3 const String& authHeader,
|
72 mike 1.2 AuthenticationInfo* authInfo)
73 {
|
74 kumpf 1.5 PEG_METHOD_ENTER(TRC_AUTHENTICATION,
75 "LocalAuthenticationHandler::authenticate()");
|
76 kumpf 1.3
|
77 mike 1.2 Boolean authenticated = false;
78
79 // Look for ':' seperator
80 Uint32 colon1 = authHeader.find(':');
81
82 if ( colon1 == PEG_NOT_FOUND )
83 {
|
84 kumpf 1.5 PEG_METHOD_EXIT();
|
85 mike 1.2 return ( authenticated );
86 }
87
88 String userName = authHeader.subString(0, colon1);
89
90 // Look for another ':' seperator
91 Uint32 colon2 = authHeader.find(colon1 + 1, ':');
92
|
93 kumpf 1.4 String filePath;
94
95 String secretReceived;
96
97 if ( colon2 == PEG_NOT_FOUND )
|
98 mike 1.2 {
|
99 kumpf 1.4 filePath = String::EMPTY;
100
101 secretReceived = authHeader.subString( colon1 + 1 );
|
102 mike 1.2 }
|
103 kumpf 1.4 else
104 {
105 filePath = authHeader.subString( colon1 + 1, (colon2 - colon1 - 1) );
|
106 mike 1.2
|
107 kumpf 1.4 secretReceived = authHeader.subString( colon2 + 1 );
108 }
|
109 mike 1.2
|
110 kumpf 1.6 //
111 // Check if the user is a valid system user
112 //
|
113 kumpf 1.8 if ( !System::isSystemUser( userName.getCString() ) )
|
114 kumpf 1.6 {
115 PEG_METHOD_EXIT();
116 return (authenticated);
117 }
118
|
119 marek 1.15 // Check if the user is authorized to CIMSERV
120 #ifdef PEGASUS_ZOS_SECURITY
121 if ( !CheckProfileCIMSERVclassWBEM(userName, __READ_RESOURCE) )
122 {
123 Logger::put_l(Logger::TRACE_LOG, ZOS_SECURITY_NAME, Logger::WARNING,
124 "Security.Authentication.LocalAuthenticationHandler"
125 ".NOREAD_CIMSERV_ACCESS.PEGASUS_OS_ZOS",
126 "Request UserID $0 doesn't have READ permission to profile CIMSERV CL(WBEM).",
127 userName);
128 return (authenticated);
129 }
130 #endif
131
|
132 marek 1.17 // it is not necessary to check remote privileged user access local
133 // set the flag to "check done"
134 authInfo->setRemotePrivilegedUserAccessChecked();
135
|
136 mike 1.2 authenticated = _localAuthenticator->authenticate(filePath,
137 secretReceived, authInfo->getAuthChallenge());
138
|
139 sushma.fernandes 1.16 PEG_AUDIT_LOG(logLocalAuthentication(
140 userName,
141 authenticated));
142
|
143 mike 1.2 if (authenticated)
144 {
145 authInfo->setAuthenticatedUser(userName);
146 }
147
|
148 kumpf 1.5 PEG_METHOD_EXIT();
|
149 kumpf 1.3
|
150 mike 1.2 return ( authenticated );
151 }
152
|
153 sushma.fernandes 1.13 Boolean LocalAuthenticationHandler::validateUser(const String& userName)
154 {
155 return _localAuthenticator->validateUser(userName);
156 }
157
|
158 mike 1.2 String LocalAuthenticationHandler::getAuthResponseHeader(
|
159 kumpf 1.3 const String& authType,
160 const String& userName,
|
161 mike 1.2 AuthenticationInfo* authInfo)
162 {
|
163 kumpf 1.5 PEG_METHOD_ENTER(TRC_AUTHENTICATION,
164 "LocalAuthenticationHandler::getAuthResponseHeader()");
|
165 kumpf 1.3
|
166 kumpf 1.6 String challenge = String::EMPTY;
167 String authResp = String::EMPTY;
168
169 //
170 // Check if the user is a valid system user
171 //
|
172 kumpf 1.8 if ( !System::isSystemUser( userName.getCString() ) )
|
173 kumpf 1.6 {
174 PEG_METHOD_EXIT();
175 return ( authResp );
176 }
|
177 mike 1.2
|
178 kumpf 1.6 authResp = _localAuthenticator->getAuthResponseHeader(authType, userName, challenge);
|
179 mike 1.2
180 authInfo->setAuthChallenge(challenge);
|
181 kumpf 1.3
|
182 kumpf 1.5 PEG_METHOD_EXIT();
|
183 mike 1.2
|
184 kumpf 1.6 return ( authResp );
|
185 mike 1.2 }
186
187 PEGASUS_NAMESPACE_END
|