|
version 1.21, 2006/08/18 17:58:49
|
version 1.30, 2008/11/14 00:43:34
|
|
|
|
| // | // |
| //============================================================================== | //============================================================================== |
| // | // |
| // Author: Sushma Fernandes (sushma_fernandes@hp.com) |
|
| // |
|
| // Modified By: Nag Boranna, Hewlett Packard Company (nagaraja_boranna@hp.com) |
|
| // Carol Ann Krug Graves, Hewlett-Packard Company |
|
| // (carolann_graves@hp.com) |
|
| // Josephine Eskaline Joyce, IBM (jojustin@in.ibm.com) for PEP#101 |
|
| // David Dillard, VERITAS Software Corp. |
|
| // (david.dillard@veritas.com) |
|
| // |
|
| //%//////////////////////////////////////////////////////////////////////////// | //%//////////////////////////////////////////////////////////////////////////// |
| | |
| | |
|
|
|
| #include <Pegasus/Common/CIMInstance.h> | #include <Pegasus/Common/CIMInstance.h> |
| #include <Pegasus/Common/Constants.h> | #include <Pegasus/Common/Constants.h> |
| #include <Pegasus/Common/XmlWriter.h> | #include <Pegasus/Common/XmlWriter.h> |
| |
#include <Pegasus/Common/CIMNameCast.h> |
| |
|
| |
#ifdef PEGASUS_OS_PASE |
| |
# include <ILEWrapper/qumemultiutil.h> |
| |
# include <ILEWrapper/ILEUtilities2.h> |
| |
#endif |
| | |
| #include "AuthorizationHandler.h" | #include "AuthorizationHandler.h" |
| #include "UserExceptions.h" | #include "UserExceptions.h" |
| | |
| #ifdef PEGASUS_OS_OS400 |
|
| #include "qycmutiltyUtility.H" |
|
| #include "OS400ConvertChar.h" |
|
| #endif |
|
| |
|
| PEGASUS_USING_STD; | PEGASUS_USING_STD; |
| | |
| PEGASUS_NAMESPACE_BEGIN | PEGASUS_NAMESPACE_BEGIN |
|
|
|
| // | // |
| // This constant represents the User name property in the schema | // This constant represents the User name property in the schema |
| // | // |
| static const CIMName PROPERTY_NAME_USERNAME = CIMName ("Username"); |
static const CIMName PROPERTY_NAME_USERNAME = CIMNameCast("Username"); |
| | |
| // | // |
| // This constant represents the Namespace property in the schema | // This constant represents the Namespace property in the schema |
| // | // |
| static const CIMName PROPERTY_NAME_NAMESPACE = CIMName ("Namespace"); |
static const CIMName PROPERTY_NAME_NAMESPACE = CIMNameCast("Namespace"); |
| | |
| // | // |
| // This constant represents the Authorizations property in the schema | // This constant represents the Authorizations property in the schema |
| // | // |
| static const CIMName PROPERTY_NAME_AUTHORIZATION = CIMName ("Authorization"); |
static const CIMName PROPERTY_NAME_AUTHORIZATION = CIMNameCast("Authorization"); |
| | |
| | |
| // | // |
|
|
|
| // | // |
| // List of read only CIM Operations | // List of read only CIM Operations |
| // | // |
| static const CIMName READ_OPERATIONS [] = { |
static const CIMName READ_OPERATIONS [] = |
| |
{ |
| CIMName ("GetClass"), | CIMName ("GetClass"), |
| CIMName ("GetInstance"), | CIMName ("GetInstance"), |
| CIMName ("EnumerateClassNames"), | CIMName ("EnumerateClassNames"), |
|
|
|
| CIMName ("EnumerateClasses"), | CIMName ("EnumerateClasses"), |
| CIMName ("EnumerateInstances"), | CIMName ("EnumerateInstances"), |
| CIMName ("ExecQuery"), | CIMName ("ExecQuery"), |
| CIMName ("GetProperty") }; |
CIMName("GetProperty") |
| |
}; |
| | |
| // | // |
| // List of write CIM Operations | // List of write CIM Operations |
| // | // |
| static const CIMName WRITE_OPERATIONS [] = { |
static const CIMName WRITE_OPERATIONS [] = |
| |
{ |
| CIMName ("CreateClass"), | CIMName ("CreateClass"), |
| CIMName ("CreateInstance"), | CIMName ("CreateInstance"), |
| CIMName ("DeleteQualifier"), | CIMName ("DeleteQualifier"), |
|
|
|
| CIMName ("InvokeMethod"), | CIMName ("InvokeMethod"), |
| CIMName ("EnableIndicationSubscription"), | CIMName ("EnableIndicationSubscription"), |
| CIMName ("ModifyIndicationSubscription"), | CIMName ("ModifyIndicationSubscription"), |
| CIMName ("DisableIndicationSubscription") }; |
CIMName("DisableIndicationSubscription") |
| |
}; |
| | |
| | |
| // | // |
|
|
|
| | |
| _repository = repository; | _repository = repository; |
| | |
| try |
|
| { |
|
| _loadAllAuthorizations(); | _loadAllAuthorizations(); |
| } |
|
| catch (Exception&) |
|
| { |
|
| //ATTN-NB-03-20020402: Should this exception be thrown or ignored ? |
|
| //throw e; |
|
| |
|
| // cerr << PEGASUS_CLASSNAME_AUTHORIZATION << " class not loaded, "; |
|
| // cerr << "No authorizations configured." << endl; |
|
| } |
|
| | |
| PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| } | } |
|
|
|
| try | try |
| { | { |
| // | // |
| // call enumerateInstances of the repository |
// call enumerateInstancesForClass of the repository |
| // | // |
| namedInstances = _repository->enumerateInstances( |
namedInstances = _repository->enumerateInstancesForClass( |
| PEGASUS_NAMESPACENAME_AUTHORIZATION, PEGASUS_CLASSNAME_AUTHORIZATION); |
PEGASUS_NAMESPACENAME_AUTHORIZATION, |
| |
PEGASUS_CLASSNAME_AUTHORIZATION); |
| | |
| // | // |
| // get all the user names, namespaces, and authorizations | // get all the user names, namespaces, and authorizations |
|
|
|
| // | // |
| // Add authorization to the table | // Add authorization to the table |
| // | // |
| _authTable.insert(userName + nameSpace, auth); |
if (!_authTable.insert(userName + nameSpace, auth)) |
| |
{ |
| |
throw AuthorizationCacheError(); |
| |
} |
| } | } |
| | |
| } | } |
| catch(const Exception&) |
catch (const CIMException& e) |
| |
{ |
| |
// Allow initialization to succeed with an empty repository |
| |
if (e.getCode() != CIM_ERR_INVALID_NAMESPACE) |
| { | { |
| PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| throw; | throw; |
| } | } |
| |
} |
| | |
| PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| } | } |
|
|
|
| } | } |
| } | } |
| | |
| #ifdef PEGASUS_OS_OS400 |
#ifdef PEGASUS_OS_PASE |
| if (readOperation || writeOperation) | if (readOperation || writeOperation) |
| { | { |
| // Use OS/400 Application Administration to do cim operation verification | // Use OS/400 Application Administration to do cim operation verification |
| // (note - need to convert to EBCDIC before calling ycm) |
|
| CString userCStr = userName.getCString(); | CString userCStr = userName.getCString(); |
| const char * user = (const char *)userCStr; | const char * user = (const char *)userCStr; |
| AtoE((char *)user); |
|
| CString nsCStr = nameSpace.getString().getCString(); |
|
| const char * ns = (const char *)nsCStr; |
|
| AtoE((char *)ns); |
|
| CString cimMethCStr = cimMethodName.getString().getCString(); | CString cimMethCStr = cimMethodName.getString().getCString(); |
| const char * cimMeth = (const char *)cimMethCStr; | const char * cimMeth = (const char *)cimMethCStr; |
| AtoE((char *)cimMeth); |
|
| int os400auth = |
CString nameSpaceCStr = nameSpace.getString().getCString(); |
| ycmVerifyFunctionAuthorization(user, |
const char * nameSpChar = (const char *)nameSpaceCStr; |
| ns, |
|
| |
int PaseAuth = |
| |
umeVerifyFunctionAuthorization(user, |
| cimMeth); | cimMeth); |
| if (os400auth == TRUE) |
|
| |
if (PaseAuth == TRUE) |
| authorized = true; | authorized = true; |
| |
|
| |
/* read operation needn't verify priviledUser */ |
| |
if(authorized && writeOperation) |
| |
{ |
| |
/* |
| |
The Application Admin checks |
| |
we have now cover all class/qualifier |
| |
operations to all namespaces. |
| |
But maybe this is not enough protection |
| |
for the private Pegasus namespaces. |
| |
We should call isPrivilegedUser |
| |
in this case instead of App Admin |
| |
*/ |
| |
if (strcasecmp(nameSpChar,"root/PG_Internal") == 0 |
| |
||strcasecmp(nameSpChar,"root/PG_InterOp") == 0 |
| |
||strcasecmp(nameSpChar,"PG_Internal") == 0 |
| |
||strcasecmp(nameSpChar,"PG_InterOp") == 0 ) |
| |
{ |
| |
if(!System::isPrivilegedUser(userName)) |
| |
authorized = false; |
| |
} |
| |
} |
| } | } |
| #else | #else |
| // | // |
Return to
AuthorizationHandler.cpp
CVS log
Up to [Pegasus] / pegasus / src / Pegasus / Security / UserManager