1 martin 1.14 //%LICENSE////////////////////////////////////////////////////////////////
|
2 martin 1.15 //
|
3 martin 1.14 // Licensed to The Open Group (TOG) under one or more contributor license
4 // agreements. Refer to the OpenPegasusNOTICE.txt file distributed with
5 // this work for additional information regarding copyright ownership.
6 // Each contributor licenses this file to you under the OpenPegasus Open
7 // Source License; you may not use this file except in compliance with the
8 // License.
|
9 martin 1.15 //
|
10 martin 1.14 // Permission is hereby granted, free of charge, to any person obtaining a
11 // copy of this software and associated documentation files (the "Software"),
12 // to deal in the Software without restriction, including without limitation
13 // the rights to use, copy, modify, merge, publish, distribute, sublicense,
14 // and/or sell copies of the Software, and to permit persons to whom the
15 // Software is furnished to do so, subject to the following conditions:
|
16 martin 1.15 //
|
17 martin 1.14 // The above copyright notice and this permission notice shall be included
18 // in all copies or substantial portions of the Software.
|
19 martin 1.15 //
|
20 martin 1.14 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
|
21 martin 1.15 // OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
22 martin 1.14 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
23 // IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
24 // CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
25 // TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
26 // SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
27 martin 1.15 //
|
28 martin 1.14 //////////////////////////////////////////////////////////////////////////
|
29 mike 1.2 //
30 //%/////////////////////////////////////////////////////////////////////////////
31
32
33 #include <Pegasus/Common/FileSystem.h>
|
34 kumpf 1.3 #include <Pegasus/Common/Tracer.h>
|
35 kumpf 1.13 #include <Pegasus/Common/Executor.h>
36 #include <Executor/Strlcpy.h>
|
37 kumpf 1.5
38 #include "LocalAuthFile.h"
|
39 mike 1.2 #include "SecureLocalAuthenticator.h"
40
|
41 kumpf 1.5 PEGASUS_USING_STD;
42
|
43 mike 1.2 PEGASUS_NAMESPACE_BEGIN
44
45
|
46 kumpf 1.5 /**
47 Constant representing the pegasus authentication challenge header.
48 */
49 static const String PEGASUS_CHALLENGE_HEADER = "WWW-Authenticate: ";
50
51
|
52 mike 1.2 /* constructor. */
|
53 kumpf 1.16 SecureLocalAuthenticator::SecureLocalAuthenticator()
54 {
|
55 kumpf 1.5 PEG_METHOD_ENTER(TRC_AUTHENTICATION,
56 "SecureLocalAuthenticator::SecureLocalAuthenticator()");
|
57 kumpf 1.3
|
58 kumpf 1.5 PEG_METHOD_EXIT();
|
59 mike 1.2
60 }
61
62 /* destructor. */
|
63 kumpf 1.16 SecureLocalAuthenticator::~SecureLocalAuthenticator()
64 {
|
65 kumpf 1.5 PEG_METHOD_ENTER(TRC_AUTHENTICATION,
66 "SecureLocalAuthenticator::~SecureLocalAuthenticator()");
|
67 kumpf 1.3
|
68 kumpf 1.5 PEG_METHOD_EXIT();
|
69 mike 1.2
70 }
71
72 //
73 // Does local authentication
74 //
|
75 kumpf 1.13 Boolean SecureLocalAuthenticator::authenticate(
|
76 kumpf 1.16 const String& filePath,
77 const String& secretReceived,
|
78 kumpf 1.13 const String& secretKept)
|
79 mike 1.2 {
|
80 kumpf 1.5 PEG_METHOD_ENTER(TRC_AUTHENTICATION,
81 "SecureLocalAuthenticator::authenticate()");
|
82 kumpf 1.3
|
83 kumpf 1.5 Boolean authenticated = false;
|
84 kumpf 1.3
|
85 kumpf 1.13 // Use executor, if present.
|
86 mike 1.2
|
87 kumpf 1.13 if (Executor::detectExecutor() == 0)
|
88 mike 1.2 {
|
89 kumpf 1.13 if (!String::equal(secretKept, String::EMPTY) &&
90 String::equal(secretKept, secretReceived))
91 {
92 authenticated = true;
93 }
94 else if (Executor::authenticateLocal(
95 (const char*)filePath.getCString(),
96 (const char*)secretReceived.getCString()) == 0)
|
97 mike 1.2 {
98 authenticated = true;
99 }
100 }
|
101 kumpf 1.13 else
102 {
103 // Check secret.
|
104 mike 1.2
|
105 kumpf 1.13 if (!String::equal(secretKept, String::EMPTY) &&
106 String::equal(secretKept, secretReceived))
107 {
108 authenticated = true;
109 }
110
111 // Remove the auth file created for this user request
112
113 if (filePath.size())
|
114 mike 1.2 {
|
115 kumpf 1.13 if (FileSystem::exists(filePath))
116 {
117 FileSystem::removeFile(filePath);
118 }
|
119 mike 1.2 }
120 }
121
|
122 kumpf 1.5 PEG_METHOD_EXIT();
|
123 kumpf 1.3
|
124 kumpf 1.13 return authenticated;
|
125 mike 1.2 }
126
|
127 sushma.fernandes 1.10 Boolean SecureLocalAuthenticator::validateUser (const String& userName)
128 {
129 PEG_METHOD_ENTER(TRC_AUTHENTICATION,
130 "SecureLocalAuthenticator::validateUser()");
131
132 Boolean authenticated = false;
133
134 if (System::isSystemUser(userName.getCString()))
135 {
136 authenticated = true;
137 }
138
139 PEG_METHOD_EXIT();
140 return (authenticated);
141 }
142
|
143 mike 1.2 //
144 // Create authentication response header
145 //
146 String SecureLocalAuthenticator::getAuthResponseHeader(
|
147 kumpf 1.13 const String& authType,
148 const String& userName,
149 String& filePath,
|
150 sushma.fernandes 1.12 String& secret)
|
151 mike 1.2 {
|
152 kumpf 1.5 PEG_METHOD_ENTER(TRC_AUTHENTICATION,
153 "SecureLocalAuthenticator::getAuthResponseHeader()");
|
154 kumpf 1.3
|
155 kumpf 1.5 String responseHeader = PEGASUS_CHALLENGE_HEADER;
|
156 kumpf 1.3 responseHeader.append(authType);
157 responseHeader.append(" \"");
|
158 kumpf 1.5
|
159 kumpf 1.13 // Use executor, if present.
160
161 if (Executor::detectExecutor() == 0)
162 {
163 char filePathBuffer[EXECUTOR_BUFFER_SIZE];
164
165 if (Executor::challengeLocal(
166 userName.getCString(), filePathBuffer) != 0)
167 {
168 throw CannotOpenFile(filePathBuffer);
169 }
170 filePath = filePathBuffer;
171 secret.clear();
172
173 responseHeader.append(filePath);
174 responseHeader.append("\"");
175 }
176 else
177 {
178 // create a file using user name and write a random number in it.
179 LocalAuthFile localAuthFile(userName);
180 kumpf 1.13 filePath = localAuthFile.create();
181
182 //
183 // get the secret string
184 //
185 secret = localAuthFile.getSecretString();
186
187 // build response header with file path and challenge string.
188 responseHeader.append(filePath);
189 responseHeader.append("\"");
190 }
|
191 kumpf 1.3
|
192 kumpf 1.5 PEG_METHOD_EXIT();
|
193 mike 1.2
|
194 kumpf 1.13 return responseHeader;
|
195 mike 1.2 }
196
197 PEGASUS_NAMESPACE_END
|