![]() ![]() |
![]() |
File: [Pegasus] / pegasus / src / Pegasus / Security / Authentication / SecureBasicAuthenticator.cpp
(download)
Revision: 1.26, Thu Jun 19 16:57:11 2008 UTC (16 years ago) by marek Branch: MAIN CVS Tags: RELEASE_2_8_0-RC2, RELEASE_2_8_0-RC1, RELEASE_2_8_0, RELEASE_2_8-root Branch point for: RELEASE_2_8-branch Changes since 1.25: +2 -2 lines BUG#:7749 TITLE: Trace Level checking (everything, but Pegasus/Server) DESCRIPTION: |
//%2006//////////////////////////////////////////////////////////////////////// // // Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development // Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems. // Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.; // IBM Corp.; EMC Corporation, The Open Group. // Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.; // IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group. // Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.; // EMC Corporation; VERITAS Software Corporation; The Open Group. // Copyright (c) 2006 Hewlett-Packard Development Company, L.P.; IBM Corp.; // EMC Corporation; Symantec Corporation; The Open Group. // // Permission is hereby granted, free of charge, to any person obtaining a copy // of this software and associated documentation files (the "Software"), to // deal in the Software without restriction, including without limitation the // rights to use, copy, modify, merge, publish, distribute, sublicense, and/or // sell copies of the Software, and to permit persons to whom the Software is // furnished to do so, subject to the following conditions: // // THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN // ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED // "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT // LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT // HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. // //============================================================================== // //%///////////////////////////////////////////////////////////////////////////// #include <Pegasus/Common/System.h> #include <Pegasus/Common/Tracer.h> #include <Pegasus/Config/ConfigManager.h> #include <Pegasus/Security/UserManager/UserExceptions.h> #include "SecureBasicAuthenticator.h" #include <Pegasus/Common/Executor.h> #ifdef PEGASUS_OS_ZOS #include <pwd.h> #ifdef PEGASUS_ZOS_SECURITY // This include file will not be provided in the OpenGroup CVS for now. // Do NOT try to include it in your compile #include <Pegasus/Common/safCheckzOS_inline.h> #endif #endif #ifdef PEGASUS_OS_PASE #include <ILEWrapper/ILEUtilities2.h> #endif PEGASUS_USING_STD; PEGASUS_NAMESPACE_BEGIN /** Constant representing the Basic authentication challenge header. */ static const String BASIC_CHALLENGE_HEADER = "WWW-Authenticate: Basic \""; #ifdef PEGASUS_PLATFORM_ZOS_ZSERIES_IBM # if (__TARGET_LIB__ < 0x410A0000) #define ZOS_PEGASUS_APPLID_LEN 7 static const char* ZOS_PEGASUS_APPLID = "\xC3\xC6\xE9\xC1\xD7\xD7\xD3\x40"; // "CFZAPPL " static const char* ZOS_PEGASUS_THLI_EYE_CATCHER = "\xE3\xC8\xD3\xC9"; // "THLI" #endif // end __TARGET_LIB__ #endif // end PEGASUS_PLATFORM_ZOS_ZSERIES_IBM /* constructor. */ SecureBasicAuthenticator::SecureBasicAuthenticator() { PEG_METHOD_ENTER(TRC_AUTHENTICATION, "SecureBasicAuthenticator::SecureBasicAuthenticator()"); // // get the local system name // _realm.assign(System::getHostName()); // // get the configured port number // ConfigManager* configManager = ConfigManager::getInstance(); String port = configManager->getCurrentValue("httpPort"); // // Create realm that will be used for Basic challenges // _realm.append(":"); _realm.append(port); // // Get a user manager instance handler // _userManager = UserManager::getInstance(); #ifdef PEGASUS_OS_ZOS if (String::equalNoCase( configManager->getCurrentValue("enableCFZAPPLID"),"true")) #ifdef PEGASUS_PLATFORM_ZOS_ZSERIES_IBM # if (__TARGET_LIB__ < 0x410A0000) { // // Enable __passwd() for passticket validation // for APPLID CFZAPPL in this thread. // set_ZOS_ApplicationID(); } else { Logger::put_l(Logger::STANDARD_LOG, ZOS_SECURITY_NAME, Logger::WARNING, "Security.Authentication.SecureBasicAuthenticator" ".APPLID_OMVSAPPL.PEGASUS_OS_ZOS", "CIM server authentication is using application ID OMVSAPPL."); } pthread_security_np(0,__USERID_IDENTITY,0,NULL,NULL,0); #else { _zosAPPLID = "CFZAPPL"; } else { _zosAPPLID = "OMVSAPPL"; Logger::put_l(Logger::STANDARD_LOG, ZOS_SECURITY_NAME, Logger::WARNING, "Security.Authentication.SecureBasicAuthenticator" ".APPLID_OMVSAPPL.PEGASUS_OS_ZOS", "CIM server authentication is using application ID OMVSAPPL."); } #endif // end __TARGET_LIB__ #endif // end PEGASUS_PLATFORM_ZOS_ZSERIES_IBM #endif // end PEGASUS_OS_ZOS PEG_METHOD_EXIT(); } /* destructor. */ SecureBasicAuthenticator::~SecureBasicAuthenticator() { PEG_METHOD_ENTER(TRC_AUTHENTICATION, "SecureBasicAuthenticator::~SecureBasicAuthenticator()"); PEG_METHOD_EXIT(); } Boolean SecureBasicAuthenticator::authenticate( const String & userName, const String & password) { PEG_METHOD_ENTER(TRC_AUTHENTICATION, "SecureBasicAuthenticator::authenticate()"); Boolean authenticated = false; #ifdef PEGASUS_OS_ZOS if ( password.size() == 0 ) { Logger::put_l(Logger::STANDARD_LOG, ZOS_SECURITY_NAME, Logger::WARNING, "Security.Authentication.SecureBasicAuthenticator" ".EMPTY_PASSWD.PEGASUS_OS_ZOS", "Request UserID $0 misses password.",userName); PEG_METHOD_EXIT(); return (false); } #if (__TARGET_LIB__ >= 0x410A0000) if (__passwd_applid((const char*) userName.getCString(), (const char*) password.getCString(), NULL, (const char*) _zosAPPLID.getCString()) == 0) #else if (__passwd((const char*) userName.getCString(), (const char*) password.getCString(), NULL) == 0) #endif { #ifdef PEGASUS_ZOS_SECURITY if (CheckProfileCIMSERVclassWBEM( userName , __READ_RESOURCE)) { authenticated = true; } else { authenticated = false; // no READ access to security resource profile CIMSERV CL(WBEM) Logger::put_l( Logger::STANDARD_LOG, ZOS_SECURITY_NAME, Logger::WARNING, "Security.Authentication.SecureBasicAuthenticator" ".NOREAD_CIMSERV_ACCESS.PEGASUS_OS_ZOS", "Request UserID $0 misses READ permission " "to profile CIMSERV CL(WBEM).", userName); } #else authenticated = true; #endif } else { authenticated = false; PEG_TRACE((TRC_AUTHENTICATION, Tracer::LEVEL1, "UserID %s not authenticated: %s (errno %d, reason code 0x%08X)", (const char*) userName.getCString(), strerror(errno),errno,__errno2())); } #elif defined(PEGASUS_OS_PASE) CString userCStr = userName.getCString(); CString pwCStr = password.getCString(); if ((strlen(userCStr) == 0) || (strlen(pwCStr) == 0)) { authenticated = false; } else { // this function only can be found in PASE environment authenticated = umeUserAuthenticate((const char *)userCStr, (const char *)pwCStr); } #else /* DEFAULT (!PEGASUS_OS_ZOS) */ // Check whether valid system user. if (!System::isSystemUser(userName.getCString())) { PEG_METHOD_EXIT(); return (authenticated); } try { // Verify the CIM user password. Use executor if present. Else, use // conventional method. if (Executor::detectExecutor() == 0) { if (Executor::authenticatePassword( userName.getCString(), password.getCString()) == 0) { authenticated = true; } } else { if (_userManager->verifyCIMUserPassword(userName, password)) authenticated = true; } } catch(InvalidUser &) { PEG_METHOD_EXIT(); return (authenticated); } catch(Exception & e) { PEG_METHOD_EXIT(); throw e; } #endif /* DEFAULT (!PEGASUS_OS_ZOS) */ PEG_METHOD_EXIT(); return (authenticated); } Boolean SecureBasicAuthenticator::validateUser(const String& userName) { PEG_METHOD_ENTER(TRC_AUTHENTICATION, "SecureBasicAuthenticator::validateUser()"); Boolean authenticated = false; if ( System::isSystemUser(userName.getCString())) { #if defined (PEGASUS_OS_PASE) authenticated = true; #else if (Executor::detectExecutor() == 0) { if (Executor::validateUser(userName.getCString()) != 0) authenticated = true; } else if (_userManager->verifyCIMUser(userName)) { authenticated = true; } #endif } PEG_METHOD_EXIT(); return (authenticated); } // // Create authentication response header // String SecureBasicAuthenticator::getAuthResponseHeader() { PEG_METHOD_ENTER(TRC_AUTHENTICATION, "SecureBasicAuthenticator::getAuthResponseHeader()"); // // build response header using realm // String responseHeader = BASIC_CHALLENGE_HEADER; responseHeader.append(_realm); responseHeader.append("\""); PEG_METHOD_EXIT(); return (responseHeader); } #ifdef PEGASUS_PLATFORM_ZOS_ZSERIES_IBM # if (__TARGET_LIB__ < 0x410A0000) // This function is only needed if the compile target system // is z/OS R9 or earlier and 32 Bit ! Boolean SecureBasicAuthenticator::set_ZOS_ApplicationID( void ) { Boolean applIDset = false; char* psa = 0; char* tcb = *(char **)(psa + 0x21C); // pas + PSATOLD char* stcb = *(char **)(tcb + 0x138); // tcb + TCBSTCB char* otcb = *(char **)(stcb + 0x0D8); // stcb + STCBOTCB char* thli = *(char **)(otcb + 0x0BC); // otcb + OTCBTHLI // if I find the BPXYTHILI eye catcher everything went fine. if ( memcmp(ZOS_PEGASUS_THLI_EYE_CATCHER,thli,4) != 0 ) { PEG_TRACE_CSTRING(TRC_AUTHENTICATION, Tracer::LEVEL1, "Could not set application ID CFZAPPL. " " BPXYTHLI control block not found."); applIDset = false; } else { // The size of applId: BPXYTHLI.THLIAPPLIDLEN char* thliApplIDLen = (char *)(thli + 0x052); // The applId: BPXYTHLI.THLIAPPLID char* thliApplID = (char *)(thli + 0x070); // The APPLID definition contains a padding space: + 1 memcpy(thliApplID,ZOS_PEGASUS_APPLID,ZOS_PEGASUS_APPLID_LEN+1); *thliApplIDLen = ZOS_PEGASUS_APPLID_LEN; applIDset = true; } return(applIDset); } #endif // end __TARGET_LIB__ #endif // end PEGASUS_PLATFORM_ZOS_ZSERIES_IBM PEGASUS_NAMESPACE_END
No CVS admin address has been configured |
Powered by ViewCVS 0.9.2 |