pegasus/src/Pegasus/Security/Authentication/LocalAuthenticationHandler.cpp - annotate

Return to LocalAuthenticationHandler.cpp CVS log

Up to [Pegasus] / pegasus / src / Pegasus / Security / Authentication

1 karl 1.14 //%2006////////////////////////////////////////////////////////////////////////
2 mike 1.2 //
3 karl 1.10 // Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development 4 // Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems. 5 // Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.;
6 karl 1.9 // IBM Corp.; EMC Corporation, The Open Group.
7 karl 1.10 // Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.; 8 // IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group.
9 karl 1.11 // Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.; 10 // EMC Corporation; VERITAS Software Corporation; The Open Group.
11 karl 1.14 // Copyright (c) 2006 Hewlett-Packard Development Company, L.P.; IBM Corp.; 12 // EMC Corporation; Symantec Corporation; The Open Group.
13 mike 1.2 //
14 kumpf 1.7 // Permission is hereby granted, free of charge, to any person obtaining a copy 15 // of this software and associated documentation files (the "Software"), to 16 // deal in the Software without restriction, including without limitation the 17 // rights to use, copy, modify, merge, publish, distribute, sublicense, and/or 18 // sell copies of the Software, and to permit persons to whom the Software is 19 // furnished to do so, subject to the following conditions: 20 // 21 // THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN 22 // ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED 23 // "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT 24 // LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR 25 // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 26 // HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN 27 // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION 28 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
29 mike 1.2 // 30 //============================================================================== 31 // 32 //%///////////////////////////////////////////////////////////////////////////// 33
34 sushma.fernandes 1.16 #include <Pegasus/Common/AuditLogger.h>
35 mike 1.2 #include <Pegasus/Common/Logger.h>
36 kumpf 1.3 #include <Pegasus/Common/Tracer.h>
37 kumpf 1.5 38 #include "SecureLocalAuthenticator.h"
39 mike 1.2 #include "LocalAuthenticationHandler.h" 40
41 marek 1.15 #ifdef PEGASUS_ZOS_SECURITY 42 // This include file will not be provided in the OpenGroup CVS for now. 43 // Do NOT try to include it in your compile 44 #include <Pegasus/Common/safCheckzOS_inline.h> 45 #endif
46 kumpf 1.5
47 mike 1.2 PEGASUS_USING_STD; 48 49 PEGASUS_NAMESPACE_BEGIN 50 51 52 LocalAuthenticationHandler::LocalAuthenticationHandler() 53 {
54 kumpf 1.5 PEG_METHOD_ENTER(TRC_AUTHENTICATION, 55 "LocalAuthenticationHandler::LocalAuthenticationHandler()");
56 mike 1.2
57 joyce.j 1.12 _localAuthenticator.reset((LocalAuthenticator*) new SecureLocalAuthenticator());
58 kumpf 1.3
59 kumpf 1.5 PEG_METHOD_EXIT();
60 mike 1.2 } 61 62 LocalAuthenticationHandler::~LocalAuthenticationHandler() 63 {
64 kumpf 1.5 PEG_METHOD_ENTER(TRC_AUTHENTICATION, 65 "LocalAuthenticationHandler::~LocalAuthenticationHandler()");
66 kumpf 1.3
67 kumpf 1.5 PEG_METHOD_EXIT();
68 mike 1.2 } 69 70 Boolean LocalAuthenticationHandler::authenticate(
71 kumpf 1.3 const String& authHeader,
72 mike 1.2 AuthenticationInfo* authInfo) 73 {
74 kumpf 1.5 PEG_METHOD_ENTER(TRC_AUTHENTICATION, 75 "LocalAuthenticationHandler::authenticate()");
76 kumpf 1.3
77 mike 1.2 // Look for ':' seperator 78 Uint32 colon1 = authHeader.find(':'); 79 80 if ( colon1 == PEG_NOT_FOUND ) 81 {
82 kumpf 1.5 PEG_METHOD_EXIT();
83 sushma.fernandes 1.17.4.1 return false;
84 mike 1.2 } 85 86 String userName = authHeader.subString(0, colon1); 87 88 // Look for another ':' seperator 89 Uint32 colon2 = authHeader.find(colon1 + 1, ':'); 90
91 kumpf 1.4 String filePath; 92 93 String secretReceived; 94 95 if ( colon2 == PEG_NOT_FOUND )
96 mike 1.2 {
97 kumpf 1.4 filePath = String::EMPTY; 98 99 secretReceived = authHeader.subString( colon1 + 1 );
100 mike 1.2 }
101 kumpf 1.4 else 102 { 103 filePath = authHeader.subString( colon1 + 1, (colon2 - colon1 - 1) );
104 mike 1.2
105 kumpf 1.4 secretReceived = authHeader.subString( colon2 + 1 ); 106 }
107 mike 1.2
108 kumpf 1.6 //
109 sushma.fernandes 1.17.4.1 // Check if the authentication information is present 110 // 111 if (secretReceived.size() == 0 \|\| userName.size() == 0) 112 { 113 PEG_METHOD_EXIT(); 114 return false; 115 } 116 117 String authenticatedUsername = authInfo->getAuthenticatedUser(); 118 119 // 120 // If this connection has been previously authenticated then ensure 121 // the username passed with the current request matches the 122 // username previously authenticated. 123 // 124 if (authenticatedUsername.size() != 0 && 125 userName != authenticatedUsername) 126 { 127 PEG_METHOD_EXIT(); 128 return false; 129 } 130 sushma.fernandes 1.17.4.1 131 //
132 kumpf 1.6 // Check if the user is a valid system user 133 //
134 kumpf 1.8 if ( !System::isSystemUser( userName.getCString() ) )
135 kumpf 1.6 { 136 PEG_METHOD_EXIT();
137 sushma.fernandes 1.17.4.1 return false;
138 kumpf 1.6 } 139
140 marek 1.15 // Check if the user is authorized to CIMSERV 141 #ifdef PEGASUS_ZOS_SECURITY 142 if ( !CheckProfileCIMSERVclassWBEM(userName, __READ_RESOURCE) ) 143 {
144 thilo.boehm 1.17.4.3 Logger::put_l(Logger::STANDARD_LOG, ZOS_SECURITY_NAME, Logger::WARNING,
145 marek 1.15 "Security.Authentication.LocalAuthenticationHandler" 146 ".NOREAD_CIMSERV_ACCESS.PEGASUS_OS_ZOS",
147 thilo.boehm 1.17.4.3 "Request UserID $0 doesn't have READ permission" 148 " to profile CIMSERV CL(WBEM).",
149 marek 1.15 userName);
150 sushma.fernandes 1.17.4.1 return false;
151 marek 1.15 } 152 #endif 153
154 marek 1.17 // it is not necessary to check remote privileged user access local 155 // set the flag to "check done" 156 authInfo->setRemotePrivilegedUserAccessChecked(); 157
158 sushma.fernandes 1.17.4.1 Boolean authenticated = _localAuthenticator->authenticate(filePath,
159 mike 1.2 secretReceived, authInfo->getAuthChallenge()); 160
161 sushma.fernandes 1.16 PEG_AUDIT_LOG(logLocalAuthentication( 162 userName, 163 authenticated)); 164
165 mike 1.2 if (authenticated) 166 { 167 authInfo->setAuthenticatedUser(userName); 168 }
169 marek 1.17.4.2 else 170 { 171 // log a failed authentication 172 Logger::put_l(Logger::STANDARD_LOG, 173 System::CIMSERVER, 174 Logger::INFORMATION, 175 "Security.Authentication.LocalAuthenticationHandler." 176 "LOCAL_AUTHENTICATION_FAILED", 177 "Local Authentication failed for user $0.", 178 userName); 179 }
180 mike 1.2
181 kumpf 1.5 PEG_METHOD_EXIT();
182 kumpf 1.3
183 mike 1.2 return ( authenticated ); 184 } 185
186 sushma.fernandes 1.13 Boolean LocalAuthenticationHandler::validateUser(const String& userName) 187 { 188 return _localAuthenticator->validateUser(userName); 189 } 190
191 mike 1.2 String LocalAuthenticationHandler::getAuthResponseHeader(
192 kumpf 1.3 const String& authType, 193 const String& userName,
194 mike 1.2 AuthenticationInfo* authInfo) 195 {
196 kumpf 1.5 PEG_METHOD_ENTER(TRC_AUTHENTICATION, 197 "LocalAuthenticationHandler::getAuthResponseHeader()");
198 kumpf 1.3
199 kumpf 1.6 String challenge = String::EMPTY; 200 String authResp = String::EMPTY; 201 202 // 203 // Check if the user is a valid system user 204 //
205 kumpf 1.8 if ( !System::isSystemUser( userName.getCString() ) )
206 kumpf 1.6 { 207 PEG_METHOD_EXIT(); 208 return ( authResp ); 209 }
210 mike 1.2
211 kumpf 1.6 authResp = _localAuthenticator->getAuthResponseHeader(authType, userName, challenge);
212 mike 1.2 213 authInfo->setAuthChallenge(challenge);
214 kumpf 1.3
215 kumpf 1.5 PEG_METHOD_EXIT();
216 mike 1.2
217 kumpf 1.6 return ( authResp );
218 mike 1.2 } 219 220 PEGASUS_NAMESPACE_END

No CVS admin address has been configured