Return to
SecureBasicAuthenticator.cpp
CVS log
Up to [Pegasus] / pegasus / src / Pegasus / Security / Authentication
|
Return to
SecureBasicAuthenticator.cpp
CVS log
|
Up to [Pegasus] / pegasus / src / Pegasus / Security / Authentication
|
|
File: [Pegasus] / pegasus / src / Pegasus / Security / Authentication / SecureBasicAuthenticator.cpp
(download)
Revision: 1.8, Fri Jan 16 13:35:58 2004 UTC (20 years, 5 months ago) by marek Branch: MAIN CVS Tags: RELEASE_2_4_FC_CANDIDATE_1, RELEASE_2_3_2-testfreeze, RELEASE_2_3_2-root, RELEASE_2_3_2-releasesnapshot, RELEASE_2_3_2-branch-freeze, RELEASE_2_3_2-branch, MONITOR_CONSOLIDATION_2_5_BRANCH, CQL_2_5_BRANCH Changes since 1.7: +18 -1 lines Bugzilla#1146 security fixes for z/OS only |
//%2003////////////////////////////////////////////////////////////////////////
//
// Copyright (c) 2000, 2001, 2002 BMC Software, Hewlett-Packard Development
// Company, L. P., IBM Corp., The Open Group, Tivoli Systems.
// Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L. P.;
// IBM Corp.; EMC Corporation, The Open Group.
//
// Permission is hereby granted, free of charge, to any person obtaining a copy
// of this software and associated documentation files (the "Software"), to
// deal in the Software without restriction, including without limitation the
// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
// sell copies of the Software, and to permit persons to whom the Software is
// furnished to do so, subject to the following conditions:
//
// THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN
// ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED
// "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
// LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
// PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
// ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
//
//==============================================================================
//
// Author: Nag Boranna, Hewlett-Packard Company(nagaraja_boranna@hp.com)
//
// Modified By:
//
//%/////////////////////////////////////////////////////////////////////////////
#include <Pegasus/Common/System.h>
#include <Pegasus/Common/Tracer.h>
#include <Pegasus/Common/Destroyer.h>
#include <Pegasus/Config/ConfigManager.h>
#include <Pegasus/Security/UserManager/UserExceptions.h>
#include "SecureBasicAuthenticator.h"
#ifdef PEGASUS_OS_OS400
#include "qycmutiltyUtility.H"
#include "OS400ConvertChar.h"
#endif
#ifdef PEGASUS_OS_ZOS
#include <pwd.h>
#endif
PEGASUS_USING_STD;
PEGASUS_NAMESPACE_BEGIN
/**
Constant representing the Basic authentication challenge header.
*/
static const String BASIC_CHALLENGE_HEADER = "WWW-Authenticate: Basic \"";
/* constructor. */
SecureBasicAuthenticator::SecureBasicAuthenticator()
{
PEG_METHOD_ENTER(TRC_AUTHENTICATION,
"SecureBasicAuthenticator::SecureBasicAuthenticator()");
//
// get the local system name
//
_realm.assign(System::getHostName());
//
// get the configured port number
//
ConfigManager* configManager = ConfigManager::getInstance();
String port = configManager->getCurrentValue("httpPort");
//
// Create realm that will be used for Basic challenges
//
_realm.append(":");
_realm.append(port);
//
// Get a user manager instance handler
//
_userManager = UserManager::getInstance();
PEG_METHOD_EXIT();
}
/* destructor. */
SecureBasicAuthenticator::~SecureBasicAuthenticator()
{
PEG_METHOD_ENTER(TRC_AUTHENTICATION,
"SecureBasicAuthenticator::~SecureBasicAuthenticator()");
PEG_METHOD_EXIT();
}
Boolean SecureBasicAuthenticator::authenticate(
const String& userName,
const String& password)
{
PEG_METHOD_ENTER(TRC_AUTHENTICATION,
"SecureBasicAuthenticator::authenticate()");
Boolean authenticated = false;
#ifdef PEGASUS_OS_OS400
// Use OS400 APIs to do user name and password verification
// (note - need to convert to EBCDIC before calling ycm)
CString userCStr = userName.getCString();
const char * user = (const char *)userCStr;
AtoE((char *)user);
CString pwCStr = password.getCString();
const char * pw = (const char *)pwCStr;
AtoE((char *)pw);
int os400auth =
ycmVerifyUserAuthorization(user, pw);
if (os400auth == TRUE)
authenticated = true;
#else
#if defined(PEGASUS_OS_ZOS)
// use zOS API to do the user name and password verification
// note: write possible errors to the tracelog
if (__passwd((const char*) userName.getCString(), (const char*) password.getCString(), NULL) == 0)
{
authenticated = true;
}
else
{
authenticated = false;
PEG_TRACE_STRING(TRC_AUTHENTICATION, Tracer::LEVEL4,"Authentication failed.");
}
#else
//
// Check if the user is a valid system user
//
if ( !System::isSystemUser( userName.getCString() ) )
{
PEG_METHOD_EXIT();
return (authenticated);
}
try
{
//
// Verify the CIM user password
//
if (_userManager->verifyCIMUserPassword( userName, password ))
{
authenticated = true;
}
}
catch (InvalidUser& iu)
{
PEG_METHOD_EXIT();
return (authenticated);
}
catch (Exception& e)
{
PEG_METHOD_EXIT();
throw e;
}
#endif // PEGASUS_OS_ZOS
#endif
PEG_METHOD_EXIT();
return (authenticated);
}
//
// Create authentication response header
//
String SecureBasicAuthenticator::getAuthResponseHeader()
{
PEG_METHOD_ENTER(TRC_AUTHENTICATION,
"SecureBasicAuthenticator::getAuthResponseHeader()");
//
// build response header using realm
//
String responseHeader = BASIC_CHALLENGE_HEADER;
responseHeader.append(_realm);
responseHeader.append("\"");
PEG_METHOD_EXIT();
return (responseHeader);
}
PEGASUS_NAMESPACE_END
| No CVS admin address has been configured |
Powered by ViewCVS 0.9.2 |