pegasus/src/Pegasus/Security/Authentication/SecureLocalAuthenticator.cpp - annotate

Return to SecureLocalAuthenticator.cpp CVS log

Up to [Pegasus] / pegasus / src / Pegasus / Security / Authentication

1 karl 1.11 //%2006////////////////////////////////////////////////////////////////////////
2 mike 1.2 //
3 karl 1.8 // Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development 4 // Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems. 5 // Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.;
6 karl 1.7 // IBM Corp.; EMC Corporation, The Open Group.
7 karl 1.8 // Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.; 8 // IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group.
9 karl 1.9 // Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.; 10 // EMC Corporation; VERITAS Software Corporation; The Open Group.
11 karl 1.11 // Copyright (c) 2006 Hewlett-Packard Development Company, L.P.; IBM Corp.; 12 // EMC Corporation; Symantec Corporation; The Open Group.
13 mike 1.2 //
14 kumpf 1.6 // Permission is hereby granted, free of charge, to any person obtaining a copy 15 // of this software and associated documentation files (the "Software"), to 16 // deal in the Software without restriction, including without limitation the 17 // rights to use, copy, modify, merge, publish, distribute, sublicense, and/or 18 // sell copies of the Software, and to permit persons to whom the Software is 19 // furnished to do so, subject to the following conditions: 20 // 21 // THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN 22 // ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED 23 // "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT 24 // LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR 25 // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 26 // HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN 27 // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION 28 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
29 mike 1.2 // 30 //============================================================================== 31 // 32 //%///////////////////////////////////////////////////////////////////////////// 33 34 35 #include <Pegasus/Common/FileSystem.h>
36 kumpf 1.3 #include <Pegasus/Common/Tracer.h>
37 kumpf 1.12.2.1 #include <Pegasus/Common/Executor.h> 38 #include <Executor/Strlcpy.h>
39 kumpf 1.5 40 #include "LocalAuthFile.h"
41 mike 1.2 #include "SecureLocalAuthenticator.h" 42
43 kumpf 1.5 PEGASUS_USING_STD; 44
45 mike 1.2 PEGASUS_NAMESPACE_BEGIN 46 47
48 kumpf 1.5 /** 49 Constant representing the pegasus authentication challenge header. 50 */ 51 static const String PEGASUS_CHALLENGE_HEADER = "WWW-Authenticate: "; 52 53
54 mike 1.2 /* constructor. */ 55 SecureLocalAuthenticator::SecureLocalAuthenticator() 56 {
57 kumpf 1.5 PEG_METHOD_ENTER(TRC_AUTHENTICATION, 58 "SecureLocalAuthenticator::SecureLocalAuthenticator()");
59 kumpf 1.3
60 kumpf 1.5 PEG_METHOD_EXIT();
61 mike 1.2 62 } 63 64 /* destructor. */ 65 SecureLocalAuthenticator::~SecureLocalAuthenticator() 66 {
67 kumpf 1.5 PEG_METHOD_ENTER(TRC_AUTHENTICATION, 68 "SecureLocalAuthenticator::~SecureLocalAuthenticator()");
69 kumpf 1.3
70 kumpf 1.5 PEG_METHOD_EXIT();
71 mike 1.2 72 } 73 74 // 75 // Does local authentication 76 //
77 kumpf 1.12.2.1 Boolean SecureLocalAuthenticator::authenticate(
78 kumpf 1.3 const String& filePath, 79 const String& secretReceived,
80 kumpf 1.12.2.1 const String& secretKept, 81 SessionKey& sessionKey)
82 mike 1.2 {
83 kumpf 1.5 PEG_METHOD_ENTER(TRC_AUTHENTICATION, 84 "SecureLocalAuthenticator::authenticate()");
85 kumpf 1.3
86 kumpf 1.5 Boolean authenticated = false;
87 kumpf 1.3
88 kumpf 1.12.2.1 sessionKey.clear();
89 mike 1.2
90 kumpf 1.12.2.1 // Use executor, if present. 91 92 if (Executor::detectExecutor() == 0)
93 mike 1.2 {
94 kumpf 1.12.2.1 Strlcpy( 95 (char)sessionKey.data(), 96 (const char)secretKept.getCString(), 97 sessionKey.size()); 98 99 if (Executor::authenticateLocal( 100 sessionKey, (const char*)secretReceived.getCString()) == 0)
101 mike 1.2 { 102 authenticated = true; 103 } 104 }
105 kumpf 1.12.2.1 else
106 mike 1.2 {
107 kumpf 1.12.2.1 // Check secret. 108 109 if ((!String::equal(secretReceived, String::EMPTY)) && 110 (!String::equal(secretKept, String::EMPTY)))
111 mike 1.2 {
112 kumpf 1.12.2.1 if (String::equal(secretKept, secretReceived)) 113 { 114 authenticated = true; 115 } 116 } 117 118 // Remove the auth file created for this user request 119 120 if (filePath.size()) 121 { 122 if (FileSystem::exists(filePath)) 123 { 124 FileSystem::removeFile(filePath); 125 }
126 mike 1.2 } 127 } 128
129 kumpf 1.5 PEG_METHOD_EXIT();
130 kumpf 1.3
131 kumpf 1.12.2.1 return authenticated;
132 mike 1.2 } 133
134 sushma.fernandes 1.10 Boolean SecureLocalAuthenticator::validateUser (const String& userName) 135 { 136 PEG_METHOD_ENTER(TRC_AUTHENTICATION, 137 "SecureLocalAuthenticator::validateUser()"); 138 139 Boolean authenticated = false; 140 141 if (System::isSystemUser(userName.getCString())) 142 { 143 authenticated = true; 144 } 145 146 PEG_METHOD_EXIT(); 147 return (authenticated); 148 } 149
150 mike 1.2 // 151 // Create authentication response header 152 // 153 String SecureLocalAuthenticator::getAuthResponseHeader(
154 kumpf 1.3 const String& authType, 155 const String& userName,
156 sushma.fernandes 1.12 String& secret)
157 mike 1.2 {
158 kumpf 1.5 PEG_METHOD_ENTER(TRC_AUTHENTICATION, 159 "SecureLocalAuthenticator::getAuthResponseHeader()");
160 kumpf 1.3
161 kumpf 1.5 String responseHeader = PEGASUS_CHALLENGE_HEADER;
162 kumpf 1.3 responseHeader.append(authType); 163 responseHeader.append(" \"");
164 kumpf 1.5
165 kumpf 1.12.2.1 // Use executor, if present. 166 167 if (Executor::detectExecutor() == 0) 168 { 169 char path[EXECUTOR_BUFFER_SIZE]; 170 SessionKey sessionKey; 171 172 if (Executor::challengeLocal( 173 userName.getCString(), path, sessionKey) != 0) 174 { 175 throw CannotOpenFile(path); 176 } 177 178 secret = sessionKey.data(); 179 180 responseHeader.append(path); 181 responseHeader.append("\""); 182 } 183 else 184 { 185 // create a file using user name and write a random number in it. 186 kumpf 1.12.2.1 LocalAuthFile localAuthFile(userName); 187 String filePath = localAuthFile.create(); 188 189 // 190 // get the secret string 191 // 192 secret = localAuthFile.getSecretString(); 193 194 // build response header with file path and challenge string. 195 responseHeader.append(filePath); 196 responseHeader.append("\""); 197 }
198 kumpf 1.3
199 kumpf 1.5 PEG_METHOD_EXIT();
200 mike 1.2
201 kumpf 1.12.2.1 return responseHeader;
202 mike 1.2 } 203 204 PEGASUS_NAMESPACE_END

No CVS admin address has been configured