1 karl 1.11 //%2006////////////////////////////////////////////////////////////////////////
|
2 mike 1.2 //
|
3 karl 1.8 // Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development
4 // Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems.
5 // Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.;
|
6 karl 1.7 // IBM Corp.; EMC Corporation, The Open Group.
|
7 karl 1.8 // Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.;
8 // IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group.
|
9 karl 1.9 // Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.;
10 // EMC Corporation; VERITAS Software Corporation; The Open Group.
|
11 karl 1.11 // Copyright (c) 2006 Hewlett-Packard Development Company, L.P.; IBM Corp.;
12 // EMC Corporation; Symantec Corporation; The Open Group.
|
13 mike 1.2 //
|
14 kumpf 1.6 // Permission is hereby granted, free of charge, to any person obtaining a copy
15 // of this software and associated documentation files (the "Software"), to
16 // deal in the Software without restriction, including without limitation the
17 // rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
18 // sell copies of the Software, and to permit persons to whom the Software is
19 // furnished to do so, subject to the following conditions:
20 //
21 // THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN
22 // ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED
23 // "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
24 // LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
25 // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
26 // HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
27 // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
28 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
29 mike 1.2 //
30 //==============================================================================
31 //
32 //%/////////////////////////////////////////////////////////////////////////////
33
34
35 #include <Pegasus/Common/FileSystem.h>
|
36 kumpf 1.3 #include <Pegasus/Common/Tracer.h>
|
37 kumpf 1.12.2.1 #include <Pegasus/Common/Executor.h>
38 #include <Executor/Strlcpy.h>
|
39 kumpf 1.5
40 #include "LocalAuthFile.h"
|
41 mike 1.2 #include "SecureLocalAuthenticator.h"
42
|
43 kumpf 1.5 PEGASUS_USING_STD;
44
|
45 mike 1.2 PEGASUS_NAMESPACE_BEGIN
46
47
|
48 kumpf 1.5 /**
49 Constant representing the pegasus authentication challenge header.
50 */
51 static const String PEGASUS_CHALLENGE_HEADER = "WWW-Authenticate: ";
52
53
|
54 mike 1.2 /* constructor. */
55 SecureLocalAuthenticator::SecureLocalAuthenticator()
56 {
|
57 kumpf 1.5 PEG_METHOD_ENTER(TRC_AUTHENTICATION,
58 "SecureLocalAuthenticator::SecureLocalAuthenticator()");
|
59 kumpf 1.3
|
60 kumpf 1.5 PEG_METHOD_EXIT();
|
61 mike 1.2
62 }
63
64 /* destructor. */
65 SecureLocalAuthenticator::~SecureLocalAuthenticator()
66 {
|
67 kumpf 1.5 PEG_METHOD_ENTER(TRC_AUTHENTICATION,
68 "SecureLocalAuthenticator::~SecureLocalAuthenticator()");
|
69 kumpf 1.3
|
70 kumpf 1.5 PEG_METHOD_EXIT();
|
71 mike 1.2
72 }
73
74 //
75 // Does local authentication
76 //
|
77 kumpf 1.12.2.1 Boolean SecureLocalAuthenticator::authenticate(
|
78 kumpf 1.3 const String& filePath,
79 const String& secretReceived,
|
80 kumpf 1.12.2.1 const String& secretKept,
81 SessionKey& sessionKey)
|
82 mike 1.2 {
|
83 kumpf 1.5 PEG_METHOD_ENTER(TRC_AUTHENTICATION,
84 "SecureLocalAuthenticator::authenticate()");
|
85 kumpf 1.3
|
86 kumpf 1.5 Boolean authenticated = false;
|
87 kumpf 1.3
|
88 kumpf 1.12.2.1 sessionKey.clear();
|
89 mike 1.2
|
90 kumpf 1.12.2.1 // Use executor, if present.
91
92 if (Executor::detectExecutor() == 0)
|
93 mike 1.2 {
|
94 kumpf 1.12.2.1 Strlcpy(
95 (char*)sessionKey.data(),
96 (const char*)secretKept.getCString(),
97 sessionKey.size());
98
99 if (Executor::authenticateLocal(
100 sessionKey, (const char*)secretReceived.getCString()) == 0)
|
101 mike 1.2 {
102 authenticated = true;
103 }
104 }
|
105 kumpf 1.12.2.1 else
|
106 mike 1.2 {
|
107 kumpf 1.12.2.1 // Check secret.
108
109 if ((!String::equal(secretReceived, String::EMPTY)) &&
110 (!String::equal(secretKept, String::EMPTY)))
|
111 mike 1.2 {
|
112 kumpf 1.12.2.1 if (String::equal(secretKept, secretReceived))
113 {
114 authenticated = true;
115 }
116 }
117
118 // Remove the auth file created for this user request
119
120 if (filePath.size())
121 {
122 if (FileSystem::exists(filePath))
123 {
124 FileSystem::removeFile(filePath);
125 }
|
126 mike 1.2 }
127 }
128
|
129 kumpf 1.5 PEG_METHOD_EXIT();
|
130 kumpf 1.3
|
131 kumpf 1.12.2.1 return authenticated;
|
132 mike 1.2 }
133
|
134 sushma.fernandes 1.10 Boolean SecureLocalAuthenticator::validateUser (const String& userName)
135 {
136 PEG_METHOD_ENTER(TRC_AUTHENTICATION,
137 "SecureLocalAuthenticator::validateUser()");
138
139 Boolean authenticated = false;
140
141 if (System::isSystemUser(userName.getCString()))
142 {
143 authenticated = true;
144 }
145
146 PEG_METHOD_EXIT();
147 return (authenticated);
148 }
149
|
150 mike 1.2 //
151 // Create authentication response header
152 //
153 String SecureLocalAuthenticator::getAuthResponseHeader(
|
154 kumpf 1.3 const String& authType,
155 const String& userName,
|
156 sushma.fernandes 1.12 String& secret)
|
157 mike 1.2 {
|
158 kumpf 1.5 PEG_METHOD_ENTER(TRC_AUTHENTICATION,
159 "SecureLocalAuthenticator::getAuthResponseHeader()");
|
160 kumpf 1.3
|
161 kumpf 1.5 String responseHeader = PEGASUS_CHALLENGE_HEADER;
|
162 kumpf 1.3 responseHeader.append(authType);
163 responseHeader.append(" \"");
|
164 kumpf 1.5
|
165 kumpf 1.12.2.1 // Use executor, if present.
166
167 if (Executor::detectExecutor() == 0)
168 {
169 char path[EXECUTOR_BUFFER_SIZE];
170 SessionKey sessionKey;
171
172 if (Executor::challengeLocal(
173 userName.getCString(), path, sessionKey) != 0)
174 {
175 throw CannotOpenFile(path);
176 }
177
178 secret = sessionKey.data();
179
180 responseHeader.append(path);
181 responseHeader.append("\"");
182 }
183 else
184 {
185 // create a file using user name and write a random number in it.
186 kumpf 1.12.2.1 LocalAuthFile localAuthFile(userName);
187 String filePath = localAuthFile.create();
188
189 //
190 // get the secret string
191 //
192 secret = localAuthFile.getSecretString();
193
194 // build response header with file path and challenge string.
195 responseHeader.append(filePath);
196 responseHeader.append("\"");
197 }
|
198 kumpf 1.3
|
199 kumpf 1.5 PEG_METHOD_EXIT();
|
200 mike 1.2
|
201 kumpf 1.12.2.1 return responseHeader;
|
202 mike 1.2 }
203
204 PEGASUS_NAMESPACE_END
|