Return to
SecureLocalAuthenticator.cpp
CVS log
Up to [Pegasus] / pegasus / src / Pegasus / Security / Authentication
|
Return to
SecureLocalAuthenticator.cpp
CVS log
|
Up to [Pegasus] / pegasus / src / Pegasus / Security / Authentication
|
|
File: [Pegasus] / pegasus / src / Pegasus / Security / Authentication / SecureLocalAuthenticator.cpp
(download)
Revision: 1.13, Fri May 25 17:35:18 2007 UTC (17 years, 1 month ago) by kumpf Branch: MAIN CVS Tags: TASK_PEP328_SOLARIS_NEVADA_PORT, TASK-PEP328_SOLARIS_NEVADA_PORT_v2-root, TASK-PEP328_SOLARIS_NEVADA_PORT_v2-branch, TASK-PEP328_SOLARIS_NEVADA_PORT-root, TASK-PEP328_SOLARIS_NEVADA_PORT-branch, TASK-PEP328_SOLARIS_IX86_CC_PORT-root, TASK-PEP328_SOLARIS_IX86_CC_PORT-branch-v2, TASK-PEP328_SOLARIS_IX86_CC_PORT-branch, TASK-PEP311_WSMan-root, TASK-PEP311_WSMan-branch, TASK-PEP305_VXWORKS-root, TASK-PEP305_VXWORKS-branch-pre-solaris-port, TASK-PEP305_VXWORKS-branch-post-solaris-port, TASK-PEP305_VXWORKS-branch-beta2, TASK-PEP305_VXWORKS-branch, TASK-PEP305_VXWORKS-2008-10-23, TASK-PEP291_IPV6-root, TASK-PEP291_IPV6-branch, TASK-PEP274_dacim-root, TASK-PEP274_dacim-merged_out_to_branch, TASK-PEP274_dacim-merged_out_from_trunk, TASK-PEP274_dacim-merged_in_to_trunk, TASK-PEP274_dacim-merged_in_from_branch, TASK-PEP274_dacim-branch, TASK-Bug2102Final-root, TASK-Bug2102Final-merged_out_to_branch, TASK-Bug2102Final-merged_out_from_trunk, TASK-Bug2102Final-merged_in_to_trunk, TASK-Bug2102Final-merged_in_from_branch, TASK-Bug2102Final-branch, TASK-BUG7146_SqlRepositoryPrototype-root, TASK-BUG7146_SqlRepositoryPrototype-merged_out_to_branch, TASK-BUG7146_SqlRepositoryPrototype-merged_out_from_trunk, TASK-BUG7146_SqlRepositoryPrototype-merged_in_to_trunk, TASK-BUG7146_SqlRepositoryPrototype-merged_in_from_branch, TASK-BUG7146_SqlRepositoryPrototype-branch, RELEASE_2_8_2-RC1, RELEASE_2_8_2, RELEASE_2_8_1-RC1, RELEASE_2_8_1, RELEASE_2_8_0_BETA, RELEASE_2_8_0-RC2, RELEASE_2_8_0-RC1, RELEASE_2_8_0-FC, RELEASE_2_8_0, RELEASE_2_8-root, RELEASE_2_8-branch, RELEASE_2_7_3-RC1, RELEASE_2_7_3, RELEASE_2_7_2-RC1, RELEASE_2_7_2, RELEASE_2_7_1-RC1, RELEASE_2_7_1, RELEASE_2_7_0-RC1, RELEASE_2_7_0-BETA, RELEASE_2_7_0, RELEASE_2_7-root, RELEASE_2_7-branch Changes since 1.12: +67 -36 lines BUG#: 6037 TITLE: PEP 286 Privilege Separation DESCRIPTION: Implement privilege separation for the CIM Server. This allows the CIM Server to run without privilege, using a separate small process to perform privileged operations as necessary. |
//%2006////////////////////////////////////////////////////////////////////////
//
// Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development
// Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems.
// Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.;
// IBM Corp.; EMC Corporation, The Open Group.
// Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.;
// IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group.
// Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.;
// EMC Corporation; VERITAS Software Corporation; The Open Group.
// Copyright (c) 2006 Hewlett-Packard Development Company, L.P.; IBM Corp.;
// EMC Corporation; Symantec Corporation; The Open Group.
//
// Permission is hereby granted, free of charge, to any person obtaining a copy
// of this software and associated documentation files (the "Software"), to
// deal in the Software without restriction, including without limitation the
// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
// sell copies of the Software, and to permit persons to whom the Software is
// furnished to do so, subject to the following conditions:
//
// THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN
// ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED
// "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
// LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
// PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
// ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
//
//==============================================================================
//
//%/////////////////////////////////////////////////////////////////////////////
#include <Pegasus/Common/FileSystem.h>
#include <Pegasus/Common/Tracer.h>
#include <Pegasus/Common/Executor.h>
#include <Executor/Strlcpy.h>
#include "LocalAuthFile.h"
#include "SecureLocalAuthenticator.h"
PEGASUS_USING_STD;
PEGASUS_NAMESPACE_BEGIN
/**
Constant representing the pegasus authentication challenge header.
*/
static const String PEGASUS_CHALLENGE_HEADER = "WWW-Authenticate: ";
/* constructor. */
SecureLocalAuthenticator::SecureLocalAuthenticator()
{
PEG_METHOD_ENTER(TRC_AUTHENTICATION,
"SecureLocalAuthenticator::SecureLocalAuthenticator()");
PEG_METHOD_EXIT();
}
/* destructor. */
SecureLocalAuthenticator::~SecureLocalAuthenticator()
{
PEG_METHOD_ENTER(TRC_AUTHENTICATION,
"SecureLocalAuthenticator::~SecureLocalAuthenticator()");
PEG_METHOD_EXIT();
}
//
// Does local authentication
//
Boolean SecureLocalAuthenticator::authenticate(
const String& filePath,
const String& secretReceived,
const String& secretKept)
{
PEG_METHOD_ENTER(TRC_AUTHENTICATION,
"SecureLocalAuthenticator::authenticate()");
Boolean authenticated = false;
// Use executor, if present.
if (Executor::detectExecutor() == 0)
{
if (!String::equal(secretKept, String::EMPTY) &&
String::equal(secretKept, secretReceived))
{
authenticated = true;
}
else if (Executor::authenticateLocal(
(const char*)filePath.getCString(),
(const char*)secretReceived.getCString()) == 0)
{
authenticated = true;
}
}
else
{
// Check secret.
if (!String::equal(secretKept, String::EMPTY) &&
String::equal(secretKept, secretReceived))
{
authenticated = true;
}
// Remove the auth file created for this user request
if (filePath.size())
{
if (FileSystem::exists(filePath))
{
FileSystem::removeFile(filePath);
}
}
}
PEG_METHOD_EXIT();
return authenticated;
}
Boolean SecureLocalAuthenticator::validateUser (const String& userName)
{
PEG_METHOD_ENTER(TRC_AUTHENTICATION,
"SecureLocalAuthenticator::validateUser()");
Boolean authenticated = false;
if (System::isSystemUser(userName.getCString()))
{
authenticated = true;
}
PEG_METHOD_EXIT();
return (authenticated);
}
//
// Create authentication response header
//
String SecureLocalAuthenticator::getAuthResponseHeader(
const String& authType,
const String& userName,
String& filePath,
String& secret)
{
PEG_METHOD_ENTER(TRC_AUTHENTICATION,
"SecureLocalAuthenticator::getAuthResponseHeader()");
String responseHeader = PEGASUS_CHALLENGE_HEADER;
responseHeader.append(authType);
responseHeader.append(" \"");
// Use executor, if present.
if (Executor::detectExecutor() == 0)
{
char filePathBuffer[EXECUTOR_BUFFER_SIZE];
if (Executor::challengeLocal(
userName.getCString(), filePathBuffer) != 0)
{
throw CannotOpenFile(filePathBuffer);
}
filePath = filePathBuffer;
secret.clear();
responseHeader.append(filePath);
responseHeader.append("\"");
}
else
{
// create a file using user name and write a random number in it.
LocalAuthFile localAuthFile(userName);
filePath = localAuthFile.create();
//
// get the secret string
//
secret = localAuthFile.getSecretString();
// build response header with file path and challenge string.
responseHeader.append(filePath);
responseHeader.append("\"");
}
PEG_METHOD_EXIT();
return responseHeader;
}
PEGASUS_NAMESPACE_END
| No CVS admin address has been configured |
Powered by ViewCVS 0.9.2 |