pegasus/src/Pegasus/Security/UserManager/AuthorizationHandler.cpp - diff

Return to AuthorizationHandler.cpp CVS log

Up to [Pegasus] / pegasus / src / Pegasus / Security / UserManager

Diff for /pegasus/src/Pegasus/Security/UserManager/AuthorizationHandler.cpp between version 1.7 and 1.15

version 1.7, 2002/04/04 00:34:22

version 1.15, 2003/10/22 14:26:13

Line 1

//%////////////////////////////////////////////////////////////////////////////

//%2003////////////////////////////////////////////////////////////////////////

// The Open Group, Tivoli Systems

// Company, L. P., IBM Corp., The Open Group, Tivoli Systems.

// IBM Corp.; EMC Corporation, The Open Group.

// Permission is hereby granted, free of charge, to any person obtaining a copy

// of this software and associated documentation files (the "Software"), to

Line 19

Line 21

// ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION

// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

//=============================================================================

//==============================================================================

// Author: Sushma Fernandes (sushma_fernandes@hp.com)

// Modified By: Nag Boranna, Hewlett Packard Company (nagaraja_boranna@hp.com)

// Carol Ann Krug Graves, Hewlett-Packard Company

// (carolann_graves@hp.com)

//%////////////////////////////////////////////////////////////////////////////

Line 41

Line 45

#include <Pegasus/Common/System.h>

#include <Pegasus/Common/Tracer.h>

#include <Pegasus/Common/CIMInstance.h>

#include <Pegasus/Common/CIMReference.h>

#include <Pegasus/Common/Constants.h>

#include <Pegasus/Common/XmlWriter.h>

#include "AuthorizationHandler.h"

#include "UserExceptions.h"

#ifdef PEGASUS_OS_OS400

#include "qycmutiltyUtility.H"

#include "OS400ConvertChar.h"

#endif

PEGASUS_USING_STD;

Line 56

Line 64

// This constant represents the User name property in the schema

static const char PROPERTY_NAME_USERNAME [] = "Username";

static const CIMName PROPERTY_NAME_USERNAME = CIMName ("Username");

// This constant represents the Namespace property in the schema

static const char PROPERTY_NAME_NAMESPACE [] = "Namespace";

static const CIMName PROPERTY_NAME_NAMESPACE = CIMName ("Namespace");

// This constant represents the Authorizations property in the schema

static const char PROPERTY_NAME_AUTHORIZATION [] = "Authorization";

static const CIMName PROPERTY_NAME_AUTHORIZATION = CIMName ("Authorization");

Line 81

Line 89

// List of read only CIM Operations

static const char* READ_OPERATIONS [] = {

static const CIMName READ_OPERATIONS [] = {

"GetClass",

CIMName ("GetClass"),

"GetInstance",

CIMName ("GetInstance"),

"EnumerateClassNames",

CIMName ("EnumerateClassNames"),

"References",

CIMName ("References"),

"ReferenceNames",

CIMName ("ReferenceNames"),

"AssociatorNames",

CIMName ("AssociatorNames"),

"Associators",

CIMName ("Associators"),

"EnumerateInstanceNames",

CIMName ("EnumerateInstanceNames"),

"GetQualifier",

CIMName ("GetQualifier"),

"EnumerateQualifiers",

CIMName ("EnumerateQualifiers"),

"EnumerateClasses",

CIMName ("EnumerateClasses"),

"EnumerateInstances",

CIMName ("EnumerateInstances"),

"ExecQuery",

CIMName ("ExecQuery"),

"GetProperty" };

CIMName ("GetProperty") };

// List of write CIM Operations

static const char* WRITE_OPERATIONS [] = {

static const CIMName WRITE_OPERATIONS [] = {

"CreateClass",

CIMName ("CreateClass"),

"CreateInstance",

CIMName ("CreateInstance"),

"DeleteQualifier",

CIMName ("DeleteQualifier"),

"SetQualifier",

CIMName ("SetQualifier"),

"ModifyClass",

CIMName ("ModifyClass"),

"ModifyInstance",

CIMName ("ModifyInstance"),

"DeleteClass",

CIMName ("DeleteClass"),

"DeleteInstance",

CIMName ("DeleteInstance"),

"SetProperty",

CIMName ("SetProperty"),

"InvokeMethod",

CIMName ("InvokeMethod"),

"EnableIndicationSubscription",

CIMName ("EnableIndicationSubscription"),

"ModifyIndicationSubscription",

CIMName ("ModifyIndicationSubscription"),

"DisableIndicationSubscription" };

CIMName ("DisableIndicationSubscription") };

Line 135

Line 143

//ATTN-NB-03-20020402: Should this exception be thrown or ignored ?

//throw e;

cerr << PEGASUS_CLASSNAME_AUTHORIZATION << " class not loaded, ";

// cerr << PEGASUS_CLASSNAME_AUTHORIZATION << " class not loaded, ";

cerr << "No authorizations configured." << endl;

// cerr << "No authorizations configured." << endl;

}

PEG_METHOD_EXIT();

Line 156

Line 164

// Check if a given namespace exists

Boolean AuthorizationHandler::verifyNamespace( const String& nameSpace )

Boolean AuthorizationHandler::verifyNamespace(

const CIMNamespaceName& nameSpace )

{

PEG_METHOD_ENTER(

TRC_AUTHORIZATION, "AuthorizationHandler::verifyNamespace()");

Line 167

Line 176

// call enumerateNameSpaces to get all the namespaces

// in the repository

Array<String> namespaceNames =

Array<CIMNamespaceName> namespaceNames =

_repository->enumerateNameSpaces();

Line 177

Line 186

for (Uint32 i = 0; i < size; i++)

{

if (String::equal(nameSpace, namespaceNames[i]))

if (nameSpace.equal (namespaceNames[i]))

{

PEG_METHOD_EXIT();

return true;

Line 187

Line 196

catch (Exception& e)

{

PEG_METHOD_EXIT();

throw InvalidNamespace(nameSpace + e.getMessage());

throw InvalidNamespace(nameSpace.getString() + e.getMessage());

}

PEG_METHOD_EXIT();

Line 203

Line 212

PEG_METHOD_ENTER(

TRC_AUTHORIZATION, "AuthorizationHandler::_loadAllAuthorizations()");

Array<CIMNamedInstance> namedInstances;

Array<CIMInstance> namedInstances;

try

{

Line 218

Line 227

for (Uint32 i = 0; i < namedInstances.size(); i++)

{

CIMInstance& authInstance =

CIMInstance& authInstance = namedInstances[i];

namedInstances[i].getInstance();

// get user name

Line 260

Line 268

void AuthorizationHandler::setAuthorization(

const String& userName,

const String& nameSpace,

const CIMNamespaceName& nameSpace,

const String& auth)

{

PEG_METHOD_ENTER(

Line 269

Line 277

// Remove auth if it already exists

_authTable.remove(userName + nameSpace);

_authTable.remove(userName + nameSpace.getString());

// Insert the specified authorization

if (!_authTable.insert(userName + nameSpace, auth))

if (!_authTable.insert(userName + nameSpace.getString(), auth))

{

PEG_METHOD_EXIT();

throw AuthorizationCacheError();

Line 285

Line 293

void AuthorizationHandler::removeAuthorization(

const String& userName,

const String& nameSpace)

const CIMNamespaceName& nameSpace)

{

PEG_METHOD_ENTER(

TRC_AUTHORIZATION, "AuthorizationHandler::removeAuthorization()");

Line 293

Line 301

// Remove the specified authorization

if (!_authTable.remove(userName + nameSpace))

if (!_authTable.remove(userName + nameSpace.getString()))

{

PEG_METHOD_EXIT();

throw AuthorizationEntryNotFound(userName, nameSpace);

throw AuthorizationEntryNotFound(userName, nameSpace.getString());

}

PEG_METHOD_EXIT();

}

String AuthorizationHandler::getAuthorization(

const String& userName,

const String& nameSpace)

const CIMNamespaceName& nameSpace)

{

PEG_METHOD_ENTER(

TRC_AUTHORIZATION, "AuthorizationHandler::getAuthorization()");

Line 313

Line 321

// Get authorization for the specified userName and nameSpace

if (!_authTable.lookup(userName + nameSpace, auth))

if (!_authTable.lookup(userName + nameSpace.getString(), auth))

{

PEG_METHOD_EXIT();

throw AuthorizationEntryNotFound(userName, nameSpace);

throw AuthorizationEntryNotFound(userName, nameSpace.getString());

}

PEG_METHOD_EXIT();

Line 330

Line 338

Boolean AuthorizationHandler::verifyAuthorization(

const String& userName,

const String& nameSpace,

const CIMNamespaceName& nameSpace,

const String& cimMethodName)

const CIMName& cimMethodName)

{

PEG_METHOD_ENTER(

TRC_AUTHORIZATION, "AuthorizationHandler::verifyAuthorization()");

Line 346

Line 354

for (Uint32 i = 0; i < readOpSize; i++ )

{

if ( String::equal(cimMethodName, READ_OPERATIONS[i]) )

if (cimMethodName.equal (READ_OPERATIONS[i]))

{

readOperation = true;

break;

Line 356

Line 364

{

for (Uint32 i = 0; i < writeOpSize; i++ )

{

if ( String::equal(cimMethodName, WRITE_OPERATIONS[i]) )

if (cimMethodName.equal (WRITE_OPERATIONS[i]))

{

writeOperation = true;

break;

Line 364

Line 372

}

#ifdef PEGASUS_OS_OS400

if (readOperation || writeOperation)

{

// Use OS/400 Application Administration to do cim operation verification

// (note - need to convert to EBCDIC before calling ycm)

CString userCStr = userName.getCString();

const char * user = (const char *)userCStr;

AtoE((char *)user);

CString nsCStr = nameSpace.getString().getCString();

const char * ns = (const char *)nsCStr;

AtoE((char *)ns);

CString cimMethCStr = cimMethodName.getString().getCString();

const char * cimMeth = (const char *)cimMethCStr;

AtoE((char *)cimMeth);

int os400auth =

ycmVerifyFunctionAuthorization(user,

ns,

cimMeth);

if (os400auth == TRUE)

authorized = true;

}

#else

// Get the authorization of the specified user and namespace

Line 391

Line 421

{

authorized = true;

}

#endif

PEG_METHOD_EXIT();

Legend:

Removed from v.1.7
changed lines
	Added in v.1.15

No CVS admin address has been configured