![]() ![]() |
![]() |
File: [Pegasus] / pegasus / src / Pegasus / Security / Authentication / SecureLocalAuthenticator.cpp
(download)
Revision: 1.13, Fri May 25 17:35:18 2007 UTC (17 years, 1 month ago) by kumpf Branch: MAIN CVS Tags: TASK_PEP328_SOLARIS_NEVADA_PORT, TASK-PEP328_SOLARIS_NEVADA_PORT_v2-root, TASK-PEP328_SOLARIS_NEVADA_PORT_v2-branch, TASK-PEP328_SOLARIS_NEVADA_PORT-root, TASK-PEP328_SOLARIS_NEVADA_PORT-branch, TASK-PEP328_SOLARIS_IX86_CC_PORT-root, TASK-PEP328_SOLARIS_IX86_CC_PORT-branch-v2, TASK-PEP328_SOLARIS_IX86_CC_PORT-branch, TASK-PEP311_WSMan-root, TASK-PEP311_WSMan-branch, TASK-PEP305_VXWORKS-root, TASK-PEP305_VXWORKS-branch-pre-solaris-port, TASK-PEP305_VXWORKS-branch-post-solaris-port, TASK-PEP305_VXWORKS-branch-beta2, TASK-PEP305_VXWORKS-branch, TASK-PEP305_VXWORKS-2008-10-23, TASK-PEP291_IPV6-root, TASK-PEP291_IPV6-branch, TASK-PEP274_dacim-root, TASK-PEP274_dacim-merged_out_to_branch, TASK-PEP274_dacim-merged_out_from_trunk, TASK-PEP274_dacim-merged_in_to_trunk, TASK-PEP274_dacim-merged_in_from_branch, TASK-PEP274_dacim-branch, TASK-Bug2102Final-root, TASK-Bug2102Final-merged_out_to_branch, TASK-Bug2102Final-merged_out_from_trunk, TASK-Bug2102Final-merged_in_to_trunk, TASK-Bug2102Final-merged_in_from_branch, TASK-Bug2102Final-branch, TASK-BUG7146_SqlRepositoryPrototype-root, TASK-BUG7146_SqlRepositoryPrototype-merged_out_to_branch, TASK-BUG7146_SqlRepositoryPrototype-merged_out_from_trunk, TASK-BUG7146_SqlRepositoryPrototype-merged_in_to_trunk, TASK-BUG7146_SqlRepositoryPrototype-merged_in_from_branch, TASK-BUG7146_SqlRepositoryPrototype-branch, RELEASE_2_8_2-RC1, RELEASE_2_8_2, RELEASE_2_8_1-RC1, RELEASE_2_8_1, RELEASE_2_8_0_BETA, RELEASE_2_8_0-RC2, RELEASE_2_8_0-RC1, RELEASE_2_8_0-FC, RELEASE_2_8_0, RELEASE_2_8-root, RELEASE_2_8-branch, RELEASE_2_7_3-RC1, RELEASE_2_7_3, RELEASE_2_7_2-RC1, RELEASE_2_7_2, RELEASE_2_7_1-RC1, RELEASE_2_7_1, RELEASE_2_7_0-RC1, RELEASE_2_7_0-BETA, RELEASE_2_7_0, RELEASE_2_7-root, RELEASE_2_7-branch Changes since 1.12: +67 -36 lines BUG#: 6037 TITLE: PEP 286 Privilege Separation DESCRIPTION: Implement privilege separation for the CIM Server. This allows the CIM Server to run without privilege, using a separate small process to perform privileged operations as necessary. |
//%2006//////////////////////////////////////////////////////////////////////// // // Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development // Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems. // Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.; // IBM Corp.; EMC Corporation, The Open Group. // Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.; // IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group. // Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.; // EMC Corporation; VERITAS Software Corporation; The Open Group. // Copyright (c) 2006 Hewlett-Packard Development Company, L.P.; IBM Corp.; // EMC Corporation; Symantec Corporation; The Open Group. // // Permission is hereby granted, free of charge, to any person obtaining a copy // of this software and associated documentation files (the "Software"), to // deal in the Software without restriction, including without limitation the // rights to use, copy, modify, merge, publish, distribute, sublicense, and/or // sell copies of the Software, and to permit persons to whom the Software is // furnished to do so, subject to the following conditions: // // THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN // ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED // "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT // LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT // HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. // //============================================================================== // //%///////////////////////////////////////////////////////////////////////////// #include <Pegasus/Common/FileSystem.h> #include <Pegasus/Common/Tracer.h> #include <Pegasus/Common/Executor.h> #include <Executor/Strlcpy.h> #include "LocalAuthFile.h" #include "SecureLocalAuthenticator.h" PEGASUS_USING_STD; PEGASUS_NAMESPACE_BEGIN /** Constant representing the pegasus authentication challenge header. */ static const String PEGASUS_CHALLENGE_HEADER = "WWW-Authenticate: "; /* constructor. */ SecureLocalAuthenticator::SecureLocalAuthenticator() { PEG_METHOD_ENTER(TRC_AUTHENTICATION, "SecureLocalAuthenticator::SecureLocalAuthenticator()"); PEG_METHOD_EXIT(); } /* destructor. */ SecureLocalAuthenticator::~SecureLocalAuthenticator() { PEG_METHOD_ENTER(TRC_AUTHENTICATION, "SecureLocalAuthenticator::~SecureLocalAuthenticator()"); PEG_METHOD_EXIT(); } // // Does local authentication // Boolean SecureLocalAuthenticator::authenticate( const String& filePath, const String& secretReceived, const String& secretKept) { PEG_METHOD_ENTER(TRC_AUTHENTICATION, "SecureLocalAuthenticator::authenticate()"); Boolean authenticated = false; // Use executor, if present. if (Executor::detectExecutor() == 0) { if (!String::equal(secretKept, String::EMPTY) && String::equal(secretKept, secretReceived)) { authenticated = true; } else if (Executor::authenticateLocal( (const char*)filePath.getCString(), (const char*)secretReceived.getCString()) == 0) { authenticated = true; } } else { // Check secret. if (!String::equal(secretKept, String::EMPTY) && String::equal(secretKept, secretReceived)) { authenticated = true; } // Remove the auth file created for this user request if (filePath.size()) { if (FileSystem::exists(filePath)) { FileSystem::removeFile(filePath); } } } PEG_METHOD_EXIT(); return authenticated; } Boolean SecureLocalAuthenticator::validateUser (const String& userName) { PEG_METHOD_ENTER(TRC_AUTHENTICATION, "SecureLocalAuthenticator::validateUser()"); Boolean authenticated = false; if (System::isSystemUser(userName.getCString())) { authenticated = true; } PEG_METHOD_EXIT(); return (authenticated); } // // Create authentication response header // String SecureLocalAuthenticator::getAuthResponseHeader( const String& authType, const String& userName, String& filePath, String& secret) { PEG_METHOD_ENTER(TRC_AUTHENTICATION, "SecureLocalAuthenticator::getAuthResponseHeader()"); String responseHeader = PEGASUS_CHALLENGE_HEADER; responseHeader.append(authType); responseHeader.append(" \""); // Use executor, if present. if (Executor::detectExecutor() == 0) { char filePathBuffer[EXECUTOR_BUFFER_SIZE]; if (Executor::challengeLocal( userName.getCString(), filePathBuffer) != 0) { throw CannotOpenFile(filePathBuffer); } filePath = filePathBuffer; secret.clear(); responseHeader.append(filePath); responseHeader.append("\""); } else { // create a file using user name and write a random number in it. LocalAuthFile localAuthFile(userName); filePath = localAuthFile.create(); // // get the secret string // secret = localAuthFile.getSecretString(); // build response header with file path and challenge string. responseHeader.append(filePath); responseHeader.append("\""); } PEG_METHOD_EXIT(); return responseHeader; } PEGASUS_NAMESPACE_END
No CVS admin address has been configured |
Powered by ViewCVS 0.9.2 |