1 martin 1.14 //%LICENSE////////////////////////////////////////////////////////////////
|
2 martin 1.15 //
|
3 martin 1.14 // Licensed to The Open Group (TOG) under one or more contributor license
4 // agreements. Refer to the OpenPegasusNOTICE.txt file distributed with
5 // this work for additional information regarding copyright ownership.
6 // Each contributor licenses this file to you under the OpenPegasus Open
7 // Source License; you may not use this file except in compliance with the
8 // License.
|
9 martin 1.15 //
|
10 martin 1.14 // Permission is hereby granted, free of charge, to any person obtaining a
11 // copy of this software and associated documentation files (the "Software"),
12 // to deal in the Software without restriction, including without limitation
13 // the rights to use, copy, modify, merge, publish, distribute, sublicense,
14 // and/or sell copies of the Software, and to permit persons to whom the
15 // Software is furnished to do so, subject to the following conditions:
|
16 martin 1.15 //
|
17 martin 1.14 // The above copyright notice and this permission notice shall be included
18 // in all copies or substantial portions of the Software.
|
19 martin 1.15 //
|
20 martin 1.14 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
|
21 martin 1.15 // OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
22 martin 1.14 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
23 // IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
24 // CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
25 // TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
26 // SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
27 martin 1.15 //
|
28 martin 1.14 //////////////////////////////////////////////////////////////////////////
|
29 mike 1.2 //
30 //%/////////////////////////////////////////////////////////////////////////////
31
32
33 #include <Pegasus/Common/FileSystem.h>
|
34 kumpf 1.3 #include <Pegasus/Common/Tracer.h>
|
35 kumpf 1.13 #include <Pegasus/Common/Executor.h>
|
36 kumpf 1.5
37 #include "LocalAuthFile.h"
|
38 mike 1.2 #include "SecureLocalAuthenticator.h"
39
|
40 kumpf 1.5 PEGASUS_USING_STD;
41
|
42 mike 1.2 PEGASUS_NAMESPACE_BEGIN
43
44
|
45 kumpf 1.5 /**
46 Constant representing the pegasus authentication challenge header.
47 */
48 static const String PEGASUS_CHALLENGE_HEADER = "WWW-Authenticate: ";
49
50
|
51 mike 1.2 /* constructor. */
|
52 kumpf 1.16 SecureLocalAuthenticator::SecureLocalAuthenticator()
53 {
|
54 kumpf 1.5 PEG_METHOD_ENTER(TRC_AUTHENTICATION,
55 "SecureLocalAuthenticator::SecureLocalAuthenticator()");
|
56 kumpf 1.3
|
57 kumpf 1.5 PEG_METHOD_EXIT();
|
58 mike 1.2
59 }
60
61 /* destructor. */
|
62 kumpf 1.16 SecureLocalAuthenticator::~SecureLocalAuthenticator()
63 {
|
64 kumpf 1.5 PEG_METHOD_ENTER(TRC_AUTHENTICATION,
65 "SecureLocalAuthenticator::~SecureLocalAuthenticator()");
|
66 kumpf 1.3
|
67 kumpf 1.5 PEG_METHOD_EXIT();
|
68 mike 1.2
69 }
70
71 //
72 // Does local authentication
73 //
|
74 marek 1.20 AuthenticationStatus SecureLocalAuthenticator::authenticate(
|
75 kumpf 1.16 const String& filePath,
76 const String& secretReceived,
|
77 kumpf 1.13 const String& secretKept)
|
78 mike 1.2 {
|
79 kumpf 1.5 PEG_METHOD_ENTER(TRC_AUTHENTICATION,
80 "SecureLocalAuthenticator::authenticate()");
|
81 kumpf 1.3
|
82 kumpf 1.5 Boolean authenticated = false;
|
83 kumpf 1.3
|
84 kumpf 1.13 // Use executor, if present.
|
85 mike 1.2
|
86 kumpf 1.13 if (Executor::detectExecutor() == 0)
|
87 mike 1.2 {
|
88 kumpf 1.13 if (!String::equal(secretKept, String::EMPTY) &&
89 String::equal(secretKept, secretReceived))
90 {
91 authenticated = true;
92 }
93 else if (Executor::authenticateLocal(
94 (const char*)filePath.getCString(),
95 (const char*)secretReceived.getCString()) == 0)
|
96 mike 1.2 {
97 authenticated = true;
98 }
99 }
|
100 kumpf 1.13 else
101 {
102 // Check secret.
|
103 mike 1.2
|
104 kumpf 1.13 if (!String::equal(secretKept, String::EMPTY) &&
105 String::equal(secretKept, secretReceived))
106 {
107 authenticated = true;
108 }
109
110 // Remove the auth file created for this user request
111
112 if (filePath.size())
|
113 mike 1.2 {
|
114 kumpf 1.13 if (FileSystem::exists(filePath))
115 {
116 FileSystem::removeFile(filePath);
117 }
|
118 mike 1.2 }
119 }
120
|
121 kumpf 1.5 PEG_METHOD_EXIT();
|
122 kumpf 1.3
|
123 marek 1.20 return AuthenticationStatus(authenticated);
|
124 mike 1.2 }
125
|
126 marek 1.20 AuthenticationStatus SecureLocalAuthenticator::validateUser(
|
127 marek 1.19 const String& userName,
128 AuthenticationInfo* authInfo)
|
129 sushma.fernandes 1.10 {
130 PEG_METHOD_ENTER(TRC_AUTHENTICATION,
131 "SecureLocalAuthenticator::validateUser()");
132
133 Boolean authenticated = false;
134
135 if (System::isSystemUser(userName.getCString()))
136 {
137 authenticated = true;
138 }
139
140 PEG_METHOD_EXIT();
|
141 marek 1.20 return AuthenticationStatus(authenticated);
|
142 sushma.fernandes 1.10 }
143
|
144 mike 1.2 //
145 // Create authentication response header
146 //
147 String SecureLocalAuthenticator::getAuthResponseHeader(
|
148 kumpf 1.13 const String& authType,
149 const String& userName,
150 String& filePath,
|
151 sushma.fernandes 1.12 String& secret)
|
152 mike 1.2 {
|
153 kumpf 1.5 PEG_METHOD_ENTER(TRC_AUTHENTICATION,
154 "SecureLocalAuthenticator::getAuthResponseHeader()");
|
155 kumpf 1.3
|
156 kumpf 1.5 String responseHeader = PEGASUS_CHALLENGE_HEADER;
|
157 kumpf 1.3 responseHeader.append(authType);
158 responseHeader.append(" \"");
|
159 kumpf 1.5
|
160 kumpf 1.13 // Use executor, if present.
161
162 if (Executor::detectExecutor() == 0)
163 {
164 char filePathBuffer[EXECUTOR_BUFFER_SIZE];
165
166 if (Executor::challengeLocal(
167 userName.getCString(), filePathBuffer) != 0)
168 {
|
169 dl.meetei 1.18 PEG_METHOD_EXIT();
|
170 kumpf 1.13 throw CannotOpenFile(filePathBuffer);
171 }
172 filePath = filePathBuffer;
173 secret.clear();
174
175 responseHeader.append(filePath);
176 responseHeader.append("\"");
177 }
178 else
179 {
180 // create a file using user name and write a random number in it.
181 LocalAuthFile localAuthFile(userName);
182 filePath = localAuthFile.create();
183
184 //
185 // get the secret string
186 //
187 secret = localAuthFile.getSecretString();
188
189 // build response header with file path and challenge string.
190 responseHeader.append(filePath);
191 kumpf 1.13 responseHeader.append("\"");
192 }
|
193 kumpf 1.3
|
194 kumpf 1.5 PEG_METHOD_EXIT();
|
195 kumpf 1.13 return responseHeader;
|
196 mike 1.2 }
197
198 PEGASUS_NAMESPACE_END
|