pegasus/src/Pegasus/Security/UserManager/AuthorizationHandler.cpp - diff

Return to AuthorizationHandler.cpp CVS log

Up to [Pegasus] / pegasus / src / Pegasus / Security / UserManager

Diff for /pegasus/src/Pegasus/Security/UserManager/AuthorizationHandler.cpp between version 1.15 and 1.27

version 1.15, 2003/10/22 14:26:13

version 1.27, 2007/08/03 02:11:38

Line 1

//%2003////////////////////////////////////////////////////////////////////////

//%2006////////////////////////////////////////////////////////////////////////

// Company, L. P., IBM Corp., The Open Group, Tivoli Systems.

// Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems.

// IBM Corp.; EMC Corporation, The Open Group.

// IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group.

// EMC Corporation; VERITAS Software Corporation; The Open Group.

// EMC Corporation; Symantec Corporation; The Open Group.

// Permission is hereby granted, free of charge, to any person obtaining a copy

// of this software and associated documentation files (the "Software"), to

Line 23

Line 29

//==============================================================================

// Author: Sushma Fernandes (sushma_fernandes@hp.com)

// Modified By: Nag Boranna, Hewlett Packard Company (nagaraja_boranna@hp.com)

// Carol Ann Krug Graves, Hewlett-Packard Company

// (carolann_graves@hp.com)

//%////////////////////////////////////////////////////////////////////////////

Line 40

#include <Pegasus/Common/FileSystem.h>

#include <Pegasus/Common/HashTable.h>

#include <Pegasus/Common/Destroyer.h>

#include <Pegasus/Common/Logger.h>

#include <Pegasus/Common/System.h>

#include <Pegasus/Common/Tracer.h>

Line 48

Line 47

#include <Pegasus/Common/Constants.h>

#include <Pegasus/Common/XmlWriter.h>

#ifdef PEGASUS_OS_PASE

# include <ILEWrapper/qumemultiutil.h>

# include <ILEWrapper/ILEUtilities2.h>

#endif

#include "AuthorizationHandler.h"

#include "UserExceptions.h"

#ifdef PEGASUS_OS_OS400

#include "qycmutiltyUtility.H"

#include "OS400ConvertChar.h"

#endif

PEGASUS_USING_STD;

PEGASUS_NAMESPACE_BEGIN

Line 89

Line 88

// List of read only CIM Operations

static const CIMName READ_OPERATIONS [] = {

static const CIMName READ_OPERATIONS [] =

{

CIMName ("GetClass"),

CIMName ("GetInstance"),

CIMName ("EnumerateClassNames"),

Line 103

CIMName ("EnumerateClasses"),

CIMName ("EnumerateInstances"),

CIMName ("ExecQuery"),

CIMName ("GetProperty") };

CIMName("GetProperty")

};

// List of write CIM Operations

static const CIMName WRITE_OPERATIONS [] = {

static const CIMName WRITE_OPERATIONS [] =

{

CIMName ("CreateClass"),

CIMName ("CreateInstance"),

CIMName ("DeleteQualifier"),

Line 121

Line 123

CIMName ("InvokeMethod"),

CIMName ("EnableIndicationSubscription"),

CIMName ("ModifyIndicationSubscription"),

CIMName ("DisableIndicationSubscription") };

CIMName("DisableIndicationSubscription")

};

Line 134

Line 137

_repository = repository;

try

{

_loadAllAuthorizations();

}

catch(Exception& e)

{

//ATTN-NB-03-20020402: Should this exception be thrown or ignored ?

//throw e;

// cerr << PEGASUS_CLASSNAME_AUTHORIZATION << " class not loaded, ";

// cerr << "No authorizations configured." << endl;

}

PEG_METHOD_EXIT();

}

Line 217

Line 209

try

{

// call enumerateInstances of the repository

// call enumerateInstancesForClass of the repository

namedInstances = _repository->enumerateInstances(

namedInstances = _repository->enumerateInstancesForClass(

PEGASUS_NAMESPACENAME_AUTHORIZATION, PEGASUS_CLASSNAME_AUTHORIZATION);

PEGASUS_NAMESPACENAME_AUTHORIZATION,

PEGASUS_CLASSNAME_AUTHORIZATION);

// get all the user names, namespaces, and authorizations

Line 253

Line 246

// Add authorization to the table

_authTable.insert(userName + nameSpace, auth);

if (!_authTable.insert(userName + nameSpace, auth))

{

throw AuthorizationCacheError();

}

catch(Exception& e)

catch (const CIMException& e)

{

// Allow initialization to succeed with an empty repository

if (e.getCode() != CIM_ERR_INVALID_NAMESPACE)

{

PEG_METHOD_EXIT();

throw e;

throw;

}

PEG_METHOD_EXIT();

Line 372

}

#ifdef PEGASUS_OS_OS400

#ifdef PEGASUS_OS_PASE

if (readOperation || writeOperation)

{

// Use OS/400 Application Administration to do cim operation verification

// (note - need to convert to EBCDIC before calling ycm)

CString userCStr = userName.getCString();

const char * user = (const char *)userCStr;

AtoE((char *)user);

CString nsCStr = nameSpace.getString().getCString();

const char * ns = (const char *)nsCStr;

AtoE((char *)ns);

CString cimMethCStr = cimMethodName.getString().getCString();

const char * cimMeth = (const char *)cimMethCStr;

AtoE((char *)cimMeth);

int os400auth =

CString nameSpaceCStr = nameSpace.getString().getCString();

ycmVerifyFunctionAuthorization(user,

const char * nameSpChar = (const char *)nameSpaceCStr;

ns,

int PaseAuth =

umeVerifyFunctionAuthorization(user,

cimMeth);

if (os400auth == TRUE)

if (PaseAuth == TRUE)

authorized = true;

/* read operation needn't verify priviledUser */

if(authorized && writeOperation)

{

The Application Admin checks

we have now cover all class/qualifier

operations to all namespaces.

But maybe this is not enough protection

for the private Pegasus namespaces.

We should call isPrivilegedUser

in this case instead of App Admin

if (strcasecmp(nameSpChar,"root/PG_Internal") == 0

||strcasecmp(nameSpChar,"root/PG_InterOp") == 0

||strcasecmp(nameSpChar,"PG_Internal") == 0

||strcasecmp(nameSpChar,"PG_InterOp") == 0 )

{

if(!System::isPrivilegedUser(userName))

authorized = false;

}

#else

Line 402

Line 422

{

auth = getAuthorization(userName, nameSpace);

}

catch (Exception& e)

catch (Exception&)

{

PEG_METHOD_EXIT();

return authorized;

Legend:

Removed from v.1.15
changed lines
	Added in v.1.27

No CVS admin address has been configured