1 karl 1.14 //%2006////////////////////////////////////////////////////////////////////////
|
2 mike 1.2 //
|
3 karl 1.10 // Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development
4 // Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems.
5 // Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.;
|
6 karl 1.9 // IBM Corp.; EMC Corporation, The Open Group.
|
7 karl 1.10 // Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.;
8 // IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group.
|
9 karl 1.11 // Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.;
10 // EMC Corporation; VERITAS Software Corporation; The Open Group.
|
11 karl 1.14 // Copyright (c) 2006 Hewlett-Packard Development Company, L.P.; IBM Corp.;
12 // EMC Corporation; Symantec Corporation; The Open Group.
|
13 mike 1.2 //
|
14 kumpf 1.7 // Permission is hereby granted, free of charge, to any person obtaining a copy
15 // of this software and associated documentation files (the "Software"), to
16 // deal in the Software without restriction, including without limitation the
17 // rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
18 // sell copies of the Software, and to permit persons to whom the Software is
19 // furnished to do so, subject to the following conditions:
20 //
21 // THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN
22 // ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED
23 // "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
24 // LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
25 // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
26 // HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
27 // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
28 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
29 mike 1.2 //
30 //==============================================================================
31 //
32 //%/////////////////////////////////////////////////////////////////////////////
33
|
34 sushma.fernandes 1.16 #include <Pegasus/Common/AuditLogger.h>
|
35 mike 1.2 #include <Pegasus/Common/Logger.h>
|
36 kumpf 1.3 #include <Pegasus/Common/Tracer.h>
|
37 kumpf 1.5
38 #include "SecureLocalAuthenticator.h"
|
39 mike 1.2 #include "LocalAuthenticationHandler.h"
40
|
41 marek 1.15 #ifdef PEGASUS_ZOS_SECURITY
42 // This include file will not be provided in the OpenGroup CVS for now.
43 // Do NOT try to include it in your compile
44 #include <Pegasus/Common/safCheckzOS_inline.h>
45 #endif
|
46 kumpf 1.5
|
47 mike 1.2 PEGASUS_USING_STD;
48
49 PEGASUS_NAMESPACE_BEGIN
50
51
52 LocalAuthenticationHandler::LocalAuthenticationHandler()
53 {
|
54 kumpf 1.5 PEG_METHOD_ENTER(TRC_AUTHENTICATION,
55 "LocalAuthenticationHandler::LocalAuthenticationHandler()");
|
56 mike 1.2
|
57 joyce.j 1.12 _localAuthenticator.reset((LocalAuthenticator*) new SecureLocalAuthenticator());
|
58 kumpf 1.3
|
59 kumpf 1.5 PEG_METHOD_EXIT();
|
60 mike 1.2 }
61
62 LocalAuthenticationHandler::~LocalAuthenticationHandler()
63 {
|
64 kumpf 1.5 PEG_METHOD_ENTER(TRC_AUTHENTICATION,
65 "LocalAuthenticationHandler::~LocalAuthenticationHandler()");
|
66 kumpf 1.3
|
67 kumpf 1.5 PEG_METHOD_EXIT();
|
68 mike 1.2 }
69
70 Boolean LocalAuthenticationHandler::authenticate(
|
71 kumpf 1.3 const String& authHeader,
|
72 mike 1.2 AuthenticationInfo* authInfo)
73 {
|
74 kumpf 1.5 PEG_METHOD_ENTER(TRC_AUTHENTICATION,
75 "LocalAuthenticationHandler::authenticate()");
|
76 kumpf 1.3
|
77 mike 1.2 // Look for ':' seperator
78 Uint32 colon1 = authHeader.find(':');
79
80 if ( colon1 == PEG_NOT_FOUND )
81 {
|
82 kumpf 1.5 PEG_METHOD_EXIT();
|
83 sushma.fernandes 1.17.4.1 return false;
|
84 mike 1.2 }
85
86 String userName = authHeader.subString(0, colon1);
87
88 // Look for another ':' seperator
89 Uint32 colon2 = authHeader.find(colon1 + 1, ':');
90
|
91 kumpf 1.4 String filePath;
92
93 String secretReceived;
94
95 if ( colon2 == PEG_NOT_FOUND )
|
96 mike 1.2 {
|
97 kumpf 1.4 filePath = String::EMPTY;
98
99 secretReceived = authHeader.subString( colon1 + 1 );
|
100 mike 1.2 }
|
101 kumpf 1.4 else
102 {
103 filePath = authHeader.subString( colon1 + 1, (colon2 - colon1 - 1) );
|
104 mike 1.2
|
105 kumpf 1.4 secretReceived = authHeader.subString( colon2 + 1 );
106 }
|
107 mike 1.2
|
108 kumpf 1.6 //
|
109 sushma.fernandes 1.17.4.1 // Check if the authentication information is present
110 //
111 if (secretReceived.size() == 0 || userName.size() == 0)
112 {
113 PEG_METHOD_EXIT();
114 return false;
115 }
116
117 String authenticatedUsername = authInfo->getAuthenticatedUser();
118
119 //
120 // If this connection has been previously authenticated then ensure
121 // the username passed with the current request matches the
122 // username previously authenticated.
123 //
124 if (authenticatedUsername.size() != 0 &&
125 userName != authenticatedUsername)
126 {
127 PEG_METHOD_EXIT();
128 return false;
129 }
130 sushma.fernandes 1.17.4.1
131 //
|
132 kumpf 1.6 // Check if the user is a valid system user
133 //
|
134 kumpf 1.8 if ( !System::isSystemUser( userName.getCString() ) )
|
135 kumpf 1.6 {
136 PEG_METHOD_EXIT();
|
137 sushma.fernandes 1.17.4.1 return false;
|
138 kumpf 1.6 }
139
|
140 marek 1.15 // Check if the user is authorized to CIMSERV
141 #ifdef PEGASUS_ZOS_SECURITY
142 if ( !CheckProfileCIMSERVclassWBEM(userName, __READ_RESOURCE) )
143 {
|
144 thilo.boehm 1.17.4.3 Logger::put_l(Logger::STANDARD_LOG, ZOS_SECURITY_NAME, Logger::WARNING,
|
145 marek 1.15 "Security.Authentication.LocalAuthenticationHandler"
146 ".NOREAD_CIMSERV_ACCESS.PEGASUS_OS_ZOS",
|
147 thilo.boehm 1.17.4.3 "Request UserID $0 doesn't have READ permission"
148 " to profile CIMSERV CL(WBEM).",
|
149 marek 1.15 userName);
|
150 sushma.fernandes 1.17.4.1 return false;
|
151 marek 1.15 }
152 #endif
153
|
154 marek 1.17 // it is not necessary to check remote privileged user access local
155 // set the flag to "check done"
156 authInfo->setRemotePrivilegedUserAccessChecked();
157
|
158 sushma.fernandes 1.17.4.1 Boolean authenticated = _localAuthenticator->authenticate(filePath,
|
159 mike 1.2 secretReceived, authInfo->getAuthChallenge());
160
|
161 sushma.fernandes 1.16 PEG_AUDIT_LOG(logLocalAuthentication(
162 userName,
163 authenticated));
164
|
165 mike 1.2 if (authenticated)
166 {
167 authInfo->setAuthenticatedUser(userName);
168 }
|
169 marek 1.17.4.2 else
170 {
171 // log a failed authentication
172 Logger::put_l(Logger::STANDARD_LOG,
173 System::CIMSERVER,
174 Logger::INFORMATION,
175 "Security.Authentication.LocalAuthenticationHandler."
176 "LOCAL_AUTHENTICATION_FAILED",
177 "Local Authentication failed for user $0.",
178 userName);
179 }
|
180 mike 1.2
|
181 kumpf 1.5 PEG_METHOD_EXIT();
|
182 kumpf 1.3
|
183 mike 1.2 return ( authenticated );
184 }
185
|
186 sushma.fernandes 1.13 Boolean LocalAuthenticationHandler::validateUser(const String& userName)
187 {
188 return _localAuthenticator->validateUser(userName);
189 }
190
|
191 mike 1.2 String LocalAuthenticationHandler::getAuthResponseHeader(
|
192 kumpf 1.3 const String& authType,
193 const String& userName,
|
194 mike 1.2 AuthenticationInfo* authInfo)
195 {
|
196 kumpf 1.5 PEG_METHOD_ENTER(TRC_AUTHENTICATION,
197 "LocalAuthenticationHandler::getAuthResponseHeader()");
|
198 kumpf 1.3
|
199 kumpf 1.6 String challenge = String::EMPTY;
200 String authResp = String::EMPTY;
201
202 //
203 // Check if the user is a valid system user
204 //
|
205 kumpf 1.8 if ( !System::isSystemUser( userName.getCString() ) )
|
206 kumpf 1.6 {
207 PEG_METHOD_EXIT();
208 return ( authResp );
209 }
|
210 mike 1.2
|
211 kumpf 1.6 authResp = _localAuthenticator->getAuthResponseHeader(authType, userName, challenge);
|
212 mike 1.2
213 authInfo->setAuthChallenge(challenge);
|
214 kumpf 1.3
|
215 kumpf 1.5 PEG_METHOD_EXIT();
|
216 mike 1.2
|
217 kumpf 1.6 return ( authResp );
|
218 mike 1.2 }
219
220 PEGASUS_NAMESPACE_END
|