version 1.15, 2003/10/22 14:26:13
|
version 1.35, 2012/05/14 09:12:17
|
|
|
//%2003//////////////////////////////////////////////////////////////////////// |
//%LICENSE//////////////////////////////////////////////////////////////// |
// | // |
// Copyright (c) 2000, 2001, 2002 BMC Software, Hewlett-Packard Development |
// Licensed to The Open Group (TOG) under one or more contributor license |
// Company, L. P., IBM Corp., The Open Group, Tivoli Systems. |
// agreements. Refer to the OpenPegasusNOTICE.txt file distributed with |
// Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L. P.; |
// this work for additional information regarding copyright ownership. |
// IBM Corp.; EMC Corporation, The Open Group. |
// Each contributor licenses this file to you under the OpenPegasus Open |
// |
// Source License; you may not use this file except in compliance with the |
// Permission is hereby granted, free of charge, to any person obtaining a copy |
// License. |
// of this software and associated documentation files (the "Software"), to |
// |
// deal in the Software without restriction, including without limitation the |
// Permission is hereby granted, free of charge, to any person obtaining a |
// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or |
// copy of this software and associated documentation files (the "Software"), |
// sell copies of the Software, and to permit persons to whom the Software is |
// to deal in the Software without restriction, including without limitation |
// furnished to do so, subject to the following conditions: |
// the rights to use, copy, modify, merge, publish, distribute, sublicense, |
// |
// and/or sell copies of the Software, and to permit persons to whom the |
// THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN |
// Software is furnished to do so, subject to the following conditions: |
// ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED |
// |
// "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT |
// The above copyright notice and this permission notice shall be included |
// LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR |
// in all copies or substantial portions of the Software. |
// PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT |
// |
// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN |
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS |
// ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION |
// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF |
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. |
// |
// IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY |
//============================================================================== |
// CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, |
// |
// TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE |
// Author: Sushma Fernandes (sushma_fernandes@hp.com) |
// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
// |
// |
// Modified By: Nag Boranna, Hewlett Packard Company (nagaraja_boranna@hp.com) |
////////////////////////////////////////////////////////////////////////// |
// Carol Ann Krug Graves, Hewlett-Packard Company |
|
// (carolann_graves@hp.com) |
|
// | // |
//%//////////////////////////////////////////////////////////////////////////// | //%//////////////////////////////////////////////////////////////////////////// |
| |
|
|
| |
#include <Pegasus/Common/FileSystem.h> | #include <Pegasus/Common/FileSystem.h> |
#include <Pegasus/Common/HashTable.h> | #include <Pegasus/Common/HashTable.h> |
#include <Pegasus/Common/Destroyer.h> |
|
#include <Pegasus/Common/Logger.h> | #include <Pegasus/Common/Logger.h> |
#include <Pegasus/Common/System.h> | #include <Pegasus/Common/System.h> |
#include <Pegasus/Common/Tracer.h> | #include <Pegasus/Common/Tracer.h> |
#include <Pegasus/Common/CIMInstance.h> | #include <Pegasus/Common/CIMInstance.h> |
#include <Pegasus/Common/Constants.h> | #include <Pegasus/Common/Constants.h> |
#include <Pegasus/Common/XmlWriter.h> | #include <Pegasus/Common/XmlWriter.h> |
|
#include <Pegasus/Common/CIMNameCast.h> |
|
|
|
#ifdef PEGASUS_OS_PASE |
|
# include <ILEWrapper/qumemultiutil.h> |
|
# include <ILEWrapper/ILEUtilities2.h> |
|
#endif |
| |
#include "AuthorizationHandler.h" | #include "AuthorizationHandler.h" |
#include "UserExceptions.h" | #include "UserExceptions.h" |
| |
#ifdef PEGASUS_OS_OS400 |
|
#include "qycmutiltyUtility.H" |
|
#include "OS400ConvertChar.h" |
|
#endif |
|
|
|
PEGASUS_USING_STD; | PEGASUS_USING_STD; |
| |
PEGASUS_NAMESPACE_BEGIN | PEGASUS_NAMESPACE_BEGIN |
|
|
// | // |
// This constant represents the User name property in the schema | // This constant represents the User name property in the schema |
// | // |
static const CIMName PROPERTY_NAME_USERNAME = CIMName ("Username"); |
static const CIMName PROPERTY_NAME_USERNAME = CIMNameCast("Username"); |
| |
// | // |
// This constant represents the Namespace property in the schema | // This constant represents the Namespace property in the schema |
// | // |
static const CIMName PROPERTY_NAME_NAMESPACE = CIMName ("Namespace"); |
static const CIMName PROPERTY_NAME_NAMESPACE = CIMNameCast("Namespace"); |
| |
// | // |
// This constant represents the Authorizations property in the schema | // This constant represents the Authorizations property in the schema |
// | // |
static const CIMName PROPERTY_NAME_AUTHORIZATION = CIMName ("Authorization"); |
static const CIMName PROPERTY_NAME_AUTHORIZATION = CIMNameCast("Authorization"); |
| |
| |
// | // |
|
|
// | // |
// List of read only CIM Operations | // List of read only CIM Operations |
// | // |
static const CIMName READ_OPERATIONS [] = { |
static const CIMName READ_OPERATIONS [] = |
|
{ |
CIMName ("GetClass"), | CIMName ("GetClass"), |
CIMName ("GetInstance"), | CIMName ("GetInstance"), |
CIMName ("EnumerateClassNames"), | CIMName ("EnumerateClassNames"), |
|
|
CIMName ("EnumerateClasses"), | CIMName ("EnumerateClasses"), |
CIMName ("EnumerateInstances"), | CIMName ("EnumerateInstances"), |
CIMName ("ExecQuery"), | CIMName ("ExecQuery"), |
CIMName ("GetProperty") }; |
CIMName("GetProperty") |
|
}; |
| |
// | // |
// List of write CIM Operations | // List of write CIM Operations |
// | // |
static const CIMName WRITE_OPERATIONS [] = { |
static const CIMName WRITE_OPERATIONS [] = |
|
{ |
CIMName ("CreateClass"), | CIMName ("CreateClass"), |
CIMName ("CreateInstance"), | CIMName ("CreateInstance"), |
CIMName ("DeleteQualifier"), | CIMName ("DeleteQualifier"), |
|
|
CIMName ("InvokeMethod"), | CIMName ("InvokeMethod"), |
CIMName ("EnableIndicationSubscription"), | CIMName ("EnableIndicationSubscription"), |
CIMName ("ModifyIndicationSubscription"), | CIMName ("ModifyIndicationSubscription"), |
CIMName ("DisableIndicationSubscription") }; |
CIMName("DisableIndicationSubscription") |
|
}; |
| |
|
static String _getAuthKey(const String &userName, const String &nameSpace) |
|
{ |
|
//Separator ":" is used to distinguish "a" +"bc" |
|
// and "ab"+"c" scenarios |
|
String key = nameSpace; |
|
key.append(Char16(':')); |
|
#ifdef PEGASUS_OS_TYPE_WINDOWS |
|
key.append(userName); |
|
key.toLower(); |
|
#else |
|
key.toLower(); |
|
key.append(userName); |
|
#endif |
|
|
|
return key; |
|
} |
| |
// | // |
// Constructor | // Constructor |
|
|
| |
_repository = repository; | _repository = repository; |
| |
try |
|
{ |
|
_loadAllAuthorizations(); | _loadAllAuthorizations(); |
} |
|
catch(Exception& e) |
|
{ |
|
//ATTN-NB-03-20020402: Should this exception be thrown or ignored ? |
|
//throw e; |
|
|
|
// cerr << PEGASUS_CLASSNAME_AUTHORIZATION << " class not loaded, "; |
|
// cerr << "No authorizations configured." << endl; |
|
} |
|
| |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
} | } |
|
|
try | try |
{ | { |
// | // |
// call enumerateInstances of the repository |
// call enumerateInstancesForClass of the repository |
// | // |
namedInstances = _repository->enumerateInstances( |
namedInstances = _repository->enumerateInstancesForClass( |
PEGASUS_NAMESPACENAME_AUTHORIZATION, PEGASUS_CLASSNAME_AUTHORIZATION); |
PEGASUS_NAMESPACENAME_AUTHORIZATION, |
|
PEGASUS_CLASSNAME_AUTHORIZATION); |
| |
// | // |
// get all the user names, namespaces, and authorizations | // get all the user names, namespaces, and authorizations |
|
|
// | // |
// Add authorization to the table | // Add authorization to the table |
// | // |
_authTable.insert(userName + nameSpace, auth); |
if (!_authTable.insert(_getAuthKey(userName, nameSpace), auth)) |
|
{ |
|
throw AuthorizationCacheError(); |
|
} |
} | } |
| |
} | } |
catch(Exception& e) |
catch (const CIMException& e) |
|
{ |
|
// Allow initialization to succeed with an empty repository |
|
if (e.getCode() != CIM_ERR_INVALID_NAMESPACE) |
{ | { |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
throw e; |
throw; |
|
} |
} | } |
| |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
|
|
PEG_METHOD_ENTER( | PEG_METHOD_ENTER( |
TRC_AUTHORIZATION, "AuthorizationHandler::setAuthorization()"); | TRC_AUTHORIZATION, "AuthorizationHandler::setAuthorization()"); |
| |
|
String key = _getAuthKey(userName, nameSpace.getString()); |
// | // |
// Remove auth if it already exists | // Remove auth if it already exists |
// | // |
_authTable.remove(userName + nameSpace.getString()); |
_authTable.remove(key); |
| |
// | // |
// Insert the specified authorization | // Insert the specified authorization |
// | // |
if (!_authTable.insert(userName + nameSpace.getString(), auth)) |
if (!_authTable.insert(key, auth)) |
{ | { |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
throw AuthorizationCacheError(); | throw AuthorizationCacheError(); |
|
|
// | // |
// Remove the specified authorization | // Remove the specified authorization |
// | // |
if (!_authTable.remove(userName + nameSpace.getString())) |
if (!_authTable.remove(_getAuthKey(userName, nameSpace.getString()))) |
{ | { |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
throw AuthorizationEntryNotFound(userName, nameSpace.getString()); | throw AuthorizationEntryNotFound(userName, nameSpace.getString()); |
|
|
// | // |
// Get authorization for the specified userName and nameSpace | // Get authorization for the specified userName and nameSpace |
// | // |
if (!_authTable.lookup(userName + nameSpace.getString(), auth)) |
if (!_authTable.lookup(_getAuthKey(userName, nameSpace.getString()), auth)) |
{ | { |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
throw AuthorizationEntryNotFound(userName, nameSpace.getString()); | throw AuthorizationEntryNotFound(userName, nameSpace.getString()); |
|
|
} | } |
} | } |
| |
#ifdef PEGASUS_OS_OS400 |
#ifdef PEGASUS_OS_PASE |
if (readOperation || writeOperation) | if (readOperation || writeOperation) |
{ | { |
// Use OS/400 Application Administration to do cim operation verification | // Use OS/400 Application Administration to do cim operation verification |
// (note - need to convert to EBCDIC before calling ycm) |
|
CString userCStr = userName.getCString(); | CString userCStr = userName.getCString(); |
const char * user = (const char *)userCStr; | const char * user = (const char *)userCStr; |
AtoE((char *)user); |
|
CString nsCStr = nameSpace.getString().getCString(); |
|
const char * ns = (const char *)nsCStr; |
|
AtoE((char *)ns); |
|
CString cimMethCStr = cimMethodName.getString().getCString(); | CString cimMethCStr = cimMethodName.getString().getCString(); |
const char * cimMeth = (const char *)cimMethCStr; | const char * cimMeth = (const char *)cimMethCStr; |
AtoE((char *)cimMeth); |
|
int os400auth = |
CString nameSpaceCStr = nameSpace.getString().getCString(); |
ycmVerifyFunctionAuthorization(user, |
const char * nameSpChar = (const char *)nameSpaceCStr; |
ns, |
|
|
int PaseAuth = |
|
umeVerifyFunctionAuthorization(user, |
cimMeth); | cimMeth); |
if (os400auth == TRUE) |
|
|
if (PaseAuth == TRUE) |
authorized = true; | authorized = true; |
|
|
|
/* read operation needn't verify priviledUser */ |
|
if(authorized && writeOperation) |
|
{ |
|
/* |
|
The Application Admin checks |
|
we have now cover all class/qualifier |
|
operations to all namespaces. |
|
But maybe this is not enough protection |
|
for the private Pegasus namespaces. |
|
We should call isPrivilegedUser |
|
in this case instead of App Admin |
|
*/ |
|
if (strcasecmp(nameSpChar,"root/PG_Internal") == 0 |
|
||strcasecmp(nameSpChar,"root/PG_InterOp") == 0 |
|
||strcasecmp(nameSpChar,"PG_Internal") == 0 |
|
||strcasecmp(nameSpChar,"PG_InterOp") == 0 |
|
||strcasecmp(nameSpChar,"root/interop") == 0 |
|
||strcasecmp(nameSpChar,"interop") == 0 ) |
|
{ |
|
if(!System::isPrivilegedUser(userName)) |
|
authorized = false; |
|
} |
|
} |
} | } |
#else | #else |
// | // |
|
|
{ | { |
auth = getAuthorization(userName, nameSpace); | auth = getAuthorization(userName, nameSpace); |
} | } |
catch (Exception& e) |
catch (Exception&) |
{ | { |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
return authorized; | return authorized; |