|
version 1.5, 2002/01/24 19:10:33
|
version 1.21, 2006/08/18 17:58:49
|
|
|
|
| //%//////////////////////////////////////////////////////////////////////////// |
//%2006//////////////////////////////////////////////////////////////////////// |
| // | // |
| // Copyright (c) 2000, 2001 BMC Software, Hewlett-Packard Company, IBM, |
// Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development |
| // The Open Group, Tivoli Systems |
// Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems. |
| |
// Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.; |
| |
// IBM Corp.; EMC Corporation, The Open Group. |
| |
// Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.; |
| |
// IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group. |
| |
// Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.; |
| |
// EMC Corporation; VERITAS Software Corporation; The Open Group. |
| |
// Copyright (c) 2006 Hewlett-Packard Development Company, L.P.; IBM Corp.; |
| |
// EMC Corporation; Symantec Corporation; The Open Group. |
| // | // |
| // Permission is hereby granted, free of charge, to any person obtaining a copy | // Permission is hereby granted, free of charge, to any person obtaining a copy |
| // of this software and associated documentation files (the "Software"), to | // of this software and associated documentation files (the "Software"), to |
|
|
|
| // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION | // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION |
| // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. | // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
| // | // |
| //============================================================================= |
//============================================================================== |
| // | // |
| // Author: Sushma Fernandes (sushma_fernandes@hp.com) | // Author: Sushma Fernandes (sushma_fernandes@hp.com) |
| // | // |
| // Modified By: Nag Boranna, Hewlett Packard Company (nagaraja_boranna@hp.com) | // Modified By: Nag Boranna, Hewlett Packard Company (nagaraja_boranna@hp.com) |
| |
// Carol Ann Krug Graves, Hewlett-Packard Company |
| |
// (carolann_graves@hp.com) |
| |
// Josephine Eskaline Joyce, IBM (jojustin@in.ibm.com) for PEP#101 |
| |
// David Dillard, VERITAS Software Corp. |
| |
// (david.dillard@veritas.com) |
| // | // |
| //%//////////////////////////////////////////////////////////////////////////// | //%//////////////////////////////////////////////////////////////////////////// |
| | |
|
|
|
| | |
| #include <Pegasus/Common/FileSystem.h> | #include <Pegasus/Common/FileSystem.h> |
| #include <Pegasus/Common/HashTable.h> | #include <Pegasus/Common/HashTable.h> |
| #include <Pegasus/Common/Destroyer.h> |
|
| #include <Pegasus/Common/Logger.h> | #include <Pegasus/Common/Logger.h> |
| #include <Pegasus/Common/System.h> | #include <Pegasus/Common/System.h> |
| #include <Pegasus/Common/Tracer.h> | #include <Pegasus/Common/Tracer.h> |
| #include <Pegasus/Common/CIMInstance.h> | #include <Pegasus/Common/CIMInstance.h> |
| #include <Pegasus/Common/CIMReference.h> |
#include <Pegasus/Common/Constants.h> |
| |
#include <Pegasus/Common/XmlWriter.h> |
| | |
| #include "AuthorizationHandler.h" | #include "AuthorizationHandler.h" |
| #include "UserExceptions.h" | #include "UserExceptions.h" |
| | |
| |
#ifdef PEGASUS_OS_OS400 |
| |
#include "qycmutiltyUtility.H" |
| |
#include "OS400ConvertChar.h" |
| |
#endif |
| | |
| PEGASUS_USING_STD; | PEGASUS_USING_STD; |
| | |
| PEGASUS_NAMESPACE_BEGIN | PEGASUS_NAMESPACE_BEGIN |
| | |
| |
|
| |
// |
| |
// This constant represents the User name property in the schema |
| |
// |
| |
static const CIMName PROPERTY_NAME_USERNAME = CIMName ("Username"); |
| |
|
| |
// |
| |
// This constant represents the Namespace property in the schema |
| |
// |
| |
static const CIMName PROPERTY_NAME_NAMESPACE = CIMName ("Namespace"); |
| |
|
| |
// |
| |
// This constant represents the Authorizations property in the schema |
| |
// |
| |
static const CIMName PROPERTY_NAME_AUTHORIZATION = CIMName ("Authorization"); |
| |
|
| |
|
| // | // |
| //ATTN: The following constant should be placed in a common place. |
// List of all the CIM Operations |
| |
// |
| |
// Note: The following tables contain all the existing CIM Operations. |
| |
// Any new CIM Operations created must be included in one of these tables, |
| |
// otherwise no CIM requests will have authorization to execute those |
| |
// new operations. |
| // | // |
| /** |
|
| The constant represeting the authorization class name |
// |
| */ |
// List of read only CIM Operations |
| static const String PG_AUTH_CLASS = "PG_Authorization"; |
// |
| |
static const CIMName READ_OPERATIONS [] = { |
| /** |
CIMName ("GetClass"), |
| The constant representing the namespace where the authorization |
CIMName ("GetInstance"), |
| instances reside. |
CIMName ("EnumerateClassNames"), |
| */ |
CIMName ("References"), |
| static const String AUTHORIZATION_NAMESPACE = "root/cimv2"; |
CIMName ("ReferenceNames"), |
| |
CIMName ("AssociatorNames"), |
| /** |
CIMName ("Associators"), |
| This constant represents the User name property in the schema |
CIMName ("EnumerateInstanceNames"), |
| */ |
CIMName ("GetQualifier"), |
| static const char PROPERTY_NAME_USERNAME [] = "Username"; |
CIMName ("EnumerateQualifiers"), |
| |
CIMName ("EnumerateClasses"), |
| /** |
CIMName ("EnumerateInstances"), |
| This constant represents the Namespace property in the schema |
CIMName ("ExecQuery"), |
| */ |
CIMName ("GetProperty") }; |
| static const char PROPERTY_NAME_NAMESPACE [] = "Namespace"; |
|
| |
// |
| /** |
// List of write CIM Operations |
| This constant represents the Authorizations property in the schema |
// |
| */ |
static const CIMName WRITE_OPERATIONS [] = { |
| static const char PROPERTY_NAME_AUTHORIZATION [] = "Authorization"; |
CIMName ("CreateClass"), |
| |
CIMName ("CreateInstance"), |
| |
CIMName ("DeleteQualifier"), |
| /** |
CIMName ("SetQualifier"), |
| List of CIM Operations |
CIMName ("ModifyClass"), |
| */ |
CIMName ("ModifyInstance"), |
| //ATTN: Make sure to include all the CIM operations here. |
CIMName ("DeleteClass"), |
| |
CIMName ("DeleteInstance"), |
| static const char* READ_OPERATIONS [] = { |
CIMName ("SetProperty"), |
| "GetClass", |
CIMName ("InvokeMethod"), |
| "GetInstance", |
CIMName ("EnableIndicationSubscription"), |
| "EnumerateClassNames", |
CIMName ("ModifyIndicationSubscription"), |
| "References", |
CIMName ("DisableIndicationSubscription") }; |
| "ReferenceNames", |
|
| "AssociatorNames", |
|
| "Associators", |
|
| "EnumerateInstanceNames", |
|
| "GetQualifier", |
|
| "EnumerateQualifiers", |
|
| "EnumerateClasses", |
|
| "EnumerateInstances", |
|
| "ExecQuery", |
|
| "GetProperty" }; |
|
| |
|
| static const char* WRITE_OPERATIONS [] = { |
|
| "CreateClass", |
|
| "CreateInstance", |
|
| "DeleteQualifier", |
|
| "SetQualifier", |
|
| "ModifyClass", |
|
| "ModifyInstance", |
|
| "DeleteClass", |
|
| "DeleteInstance", |
|
| "SetProperty", |
|
| "InvokeMethod", |
|
| "EnableIndicationSubscription", |
|
| "ModifyIndicationSubscription", |
|
| "DisableIndicationSubscription" }; |
|
| | |
| | |
| // | // |
|
|
|
| // | // |
| AuthorizationHandler::AuthorizationHandler(CIMRepository* repository) | AuthorizationHandler::AuthorizationHandler(CIMRepository* repository) |
| { | { |
| const char METHOD_NAME[] = "AuthorizationHandler::AuthorizationHandler()"; |
PEG_METHOD_ENTER( |
| |
TRC_AUTHORIZATION, "AuthorizationHandler::AuthorizationHandler()"); |
| PEG_FUNC_ENTER(TRC_AUTHORIZATION, METHOD_NAME); |
|
| | |
| _repository = repository; | _repository = repository; |
| | |
|
|
|
| { | { |
| _loadAllAuthorizations(); | _loadAllAuthorizations(); |
| } | } |
| catch(Exception& e) |
catch (Exception&) |
| { | { |
| //ATTN: |
//ATTN-NB-03-20020402: Should this exception be thrown or ignored ? |
| cerr << PG_AUTH_CLASS << " class not loaded, "; |
|
| cerr << "No authorizations configured." << endl; |
|
| |
|
| //throw e; | //throw e; |
| |
|
| |
// cerr << PEGASUS_CLASSNAME_AUTHORIZATION << " class not loaded, "; |
| |
// cerr << "No authorizations configured." << endl; |
| } | } |
| | |
| PEG_FUNC_EXIT(TRC_AUTHORIZATION, METHOD_NAME); |
PEG_METHOD_EXIT(); |
| } | } |
| | |
| // | // |
|
|
|
| // | // |
| AuthorizationHandler::~AuthorizationHandler() | AuthorizationHandler::~AuthorizationHandler() |
| { | { |
| const char METHOD_NAME[] = "AuthorizationHandler::~AuthorizationHandler()"; |
PEG_METHOD_ENTER( |
| |
TRC_AUTHORIZATION, "AuthorizationHandler::~AuthorizationHandler()"); |
| | |
| PEG_FUNC_ENTER(TRC_AUTHORIZATION, METHOD_NAME); |
PEG_METHOD_EXIT(); |
| |
|
| PEG_FUNC_EXIT(TRC_AUTHORIZATION, METHOD_NAME); |
|
| } | } |
| | |
| // | // |
| // Check if a given namespace exists | // Check if a given namespace exists |
| // | // |
| Boolean AuthorizationHandler::verifyNamespace( const String& nameSpace ) |
Boolean AuthorizationHandler::verifyNamespace( |
| |
const CIMNamespaceName& nameSpace ) |
| { | { |
| const char METHOD_NAME[] = "AuthorizationHandler::verifyNamespace()"; |
PEG_METHOD_ENTER( |
| |
TRC_AUTHORIZATION, "AuthorizationHandler::verifyNamespace()"); |
| PEG_FUNC_ENTER(TRC_AUTHORIZATION, METHOD_NAME); |
|
| | |
| try | try |
| { | { |
|
|
|
| // call enumerateNameSpaces to get all the namespaces | // call enumerateNameSpaces to get all the namespaces |
| // in the repository | // in the repository |
| // | // |
| Array<String> namespaceNames = |
Array<CIMNamespaceName> namespaceNames = |
| _repository->enumerateNameSpaces(); | _repository->enumerateNameSpaces(); |
| | |
| // | // |
|
|
|
| | |
| for (Uint32 i = 0; i < size; i++) | for (Uint32 i = 0; i < size; i++) |
| { | { |
| if (String::equal(nameSpace, namespaceNames[i])) |
if (nameSpace.equal (namespaceNames[i])) |
| { | { |
| PEG_FUNC_EXIT(TRC_AUTHORIZATION, METHOD_NAME); |
PEG_METHOD_EXIT(); |
| return true; | return true; |
| } | } |
| } | } |
| } | } |
| catch (Exception& e) | catch (Exception& e) |
| { | { |
| PEG_FUNC_EXIT(TRC_AUTHORIZATION, METHOD_NAME); |
PEG_METHOD_EXIT(); |
| throw InvalidNamespace(nameSpace + e.getMessage()); |
throw InvalidNamespace(nameSpace.getString() + e.getMessage()); |
| } | } |
| | |
| PEG_FUNC_EXIT(TRC_AUTHORIZATION, METHOD_NAME); |
PEG_METHOD_EXIT(); |
| | |
| return false; | return false; |
| } | } |
|
|
|
| // | // |
| void AuthorizationHandler::_loadAllAuthorizations() | void AuthorizationHandler::_loadAllAuthorizations() |
| { | { |
| const char METHOD_NAME[] = "AuthorizationHandler::_loadAllAuthorizations()"; |
PEG_METHOD_ENTER( |
| |
TRC_AUTHORIZATION, "AuthorizationHandler::_loadAllAuthorizations()"); |
| | |
| PEG_FUNC_ENTER(TRC_AUTHORIZATION, METHOD_NAME); |
Array<CIMInstance> namedInstances; |
| |
|
| Array<CIMNamedInstance> namedInstances; |
|
| | |
| try | try |
| { | { |
|
|
|
| // call enumerateInstances of the repository | // call enumerateInstances of the repository |
| // | // |
| namedInstances = _repository->enumerateInstances( | namedInstances = _repository->enumerateInstances( |
| AUTHORIZATION_NAMESPACE, PG_AUTH_CLASS); |
PEGASUS_NAMESPACENAME_AUTHORIZATION, PEGASUS_CLASSNAME_AUTHORIZATION); |
| | |
| // | // |
| // get all the user names, namespaces, and authorizations | // get all the user names, namespaces, and authorizations |
| // | // |
| for (Uint32 i = 0; i < namedInstances.size(); i++) | for (Uint32 i = 0; i < namedInstances.size(); i++) |
| { | { |
| CIMInstance& authInstance = |
CIMInstance& authInstance = namedInstances[i]; |
| namedInstances[i].getInstance(); |
|
| | |
| // | // |
| // get user name | // get user name |
|
|
|
| } | } |
| | |
| } | } |
| catch(Exception& e) |
catch(const Exception&) |
| { | { |
| PEG_FUNC_EXIT(TRC_AUTHORIZATION, METHOD_NAME); |
PEG_METHOD_EXIT(); |
| throw e; |
throw; |
| } | } |
| | |
| PEG_FUNC_EXIT(TRC_AUTHORIZATION, METHOD_NAME); |
PEG_METHOD_EXIT(); |
| } | } |
| | |
| void AuthorizationHandler::setAuthorization( | void AuthorizationHandler::setAuthorization( |
| const String& userName, | const String& userName, |
| const String& nameSpace, |
const CIMNamespaceName& nameSpace, |
| const String& auth) | const String& auth) |
| { | { |
| const char METHOD_NAME[] = "AuthorizationHandler::setAuthorization()"; |
PEG_METHOD_ENTER( |
| |
TRC_AUTHORIZATION, "AuthorizationHandler::setAuthorization()"); |
| PEG_FUNC_ENTER(TRC_AUTHORIZATION, METHOD_NAME); |
|
| | |
| // | // |
| // Remove auth if it already exists | // Remove auth if it already exists |
| // | // |
| _authTable.remove(userName + nameSpace); |
_authTable.remove(userName + nameSpace.getString()); |
| | |
| // | // |
| // Insert the specified authorization | // Insert the specified authorization |
| // | // |
| if (!_authTable.insert(userName + nameSpace, auth)) |
if (!_authTable.insert(userName + nameSpace.getString(), auth)) |
| { | { |
| PEG_FUNC_EXIT(TRC_AUTHORIZATION, METHOD_NAME); |
PEG_METHOD_EXIT(); |
| throw AuthorizationCacheError(); | throw AuthorizationCacheError(); |
| } | } |
| | |
| PEG_FUNC_EXIT(TRC_AUTHORIZATION, METHOD_NAME); |
PEG_METHOD_EXIT(); |
| } | } |
| | |
| void AuthorizationHandler::removeAuthorization( | void AuthorizationHandler::removeAuthorization( |
| const String& userName, | const String& userName, |
| const String& nameSpace) |
const CIMNamespaceName& nameSpace) |
| { | { |
| const char METHOD_NAME[] = "AuthorizationHandler::removeAuthorization()"; |
PEG_METHOD_ENTER( |
| |
TRC_AUTHORIZATION, "AuthorizationHandler::removeAuthorization()"); |
| PEG_FUNC_ENTER(TRC_AUTHORIZATION, METHOD_NAME); |
|
| | |
| // | // |
| // Remove the specified authorization | // Remove the specified authorization |
| // | // |
| if (!_authTable.remove(userName + nameSpace)) |
if (!_authTable.remove(userName + nameSpace.getString())) |
| { | { |
| PEG_FUNC_EXIT(TRC_AUTHORIZATION, METHOD_NAME); |
PEG_METHOD_EXIT(); |
| throw AuthorizationEntryNotFound(userName, nameSpace); |
throw AuthorizationEntryNotFound(userName, nameSpace.getString()); |
| } | } |
| PEG_FUNC_EXIT(TRC_AUTHORIZATION, METHOD_NAME); |
PEG_METHOD_EXIT(); |
| } | } |
| | |
| String AuthorizationHandler::getAuthorization( | String AuthorizationHandler::getAuthorization( |
| const String& userName, | const String& userName, |
| const String& nameSpace) |
const CIMNamespaceName& nameSpace) |
| { | { |
| const char METHOD_NAME[] = "AuthorizationHandler::getAuthorization()"; |
PEG_METHOD_ENTER( |
| |
TRC_AUTHORIZATION, "AuthorizationHandler::getAuthorization()"); |
| PEG_FUNC_ENTER(TRC_AUTHORIZATION, METHOD_NAME); |
|
| | |
| String auth; | String auth; |
| | |
| // | // |
| // Get authorization for the specified userName and nameSpace | // Get authorization for the specified userName and nameSpace |
| // | // |
| if (!_authTable.lookup(userName + nameSpace, auth)) |
if (!_authTable.lookup(userName + nameSpace.getString(), auth)) |
| { | { |
| PEG_FUNC_EXIT(TRC_AUTHORIZATION, METHOD_NAME); |
PEG_METHOD_EXIT(); |
| throw AuthorizationEntryNotFound(userName, nameSpace); |
throw AuthorizationEntryNotFound(userName, nameSpace.getString()); |
| } | } |
| | |
| PEG_FUNC_EXIT(TRC_AUTHORIZATION, METHOD_NAME); |
PEG_METHOD_EXIT(); |
| | |
| return auth; | return auth; |
| } | } |
|
|
|
| // | // |
| Boolean AuthorizationHandler::verifyAuthorization( | Boolean AuthorizationHandler::verifyAuthorization( |
| const String& userName, | const String& userName, |
| const String& nameSpace, |
const CIMNamespaceName& nameSpace, |
| const String& cimMethodName) |
const CIMName& cimMethodName) |
| { | { |
| const char METHOD_NAME[] = "AuthorizationHandler::verifyAuthorization()"; |
PEG_METHOD_ENTER( |
| |
TRC_AUTHORIZATION, "AuthorizationHandler::verifyAuthorization()"); |
| PEG_FUNC_ENTER(TRC_AUTHORIZATION, METHOD_NAME); |
|
| | |
| Boolean authorized = false; | Boolean authorized = false; |
| Boolean readOperation = false; | Boolean readOperation = false; |
|
|
|
| | |
| for (Uint32 i = 0; i < readOpSize; i++ ) | for (Uint32 i = 0; i < readOpSize; i++ ) |
| { | { |
| if ( String::equal(cimMethodName, READ_OPERATIONS[i]) ) |
if (cimMethodName.equal (READ_OPERATIONS[i])) |
| { | { |
| readOperation = true; | readOperation = true; |
| break; | break; |
|
|
|
| { | { |
| for (Uint32 i = 0; i < writeOpSize; i++ ) | for (Uint32 i = 0; i < writeOpSize; i++ ) |
| { | { |
| if ( String::equal(cimMethodName, WRITE_OPERATIONS[i]) ) |
if (cimMethodName.equal (WRITE_OPERATIONS[i])) |
| { | { |
| writeOperation = true; | writeOperation = true; |
| break; | break; |
|
|
|
| } | } |
| } | } |
| | |
| |
#ifdef PEGASUS_OS_OS400 |
| |
if (readOperation || writeOperation) |
| |
{ |
| |
// Use OS/400 Application Administration to do cim operation verification |
| |
// (note - need to convert to EBCDIC before calling ycm) |
| |
CString userCStr = userName.getCString(); |
| |
const char * user = (const char *)userCStr; |
| |
AtoE((char *)user); |
| |
CString nsCStr = nameSpace.getString().getCString(); |
| |
const char * ns = (const char *)nsCStr; |
| |
AtoE((char *)ns); |
| |
CString cimMethCStr = cimMethodName.getString().getCString(); |
| |
const char * cimMeth = (const char *)cimMethCStr; |
| |
AtoE((char *)cimMeth); |
| |
int os400auth = |
| |
ycmVerifyFunctionAuthorization(user, |
| |
ns, |
| |
cimMeth); |
| |
if (os400auth == TRUE) |
| |
authorized = true; |
| |
} |
| |
#else |
| // | // |
| // Get the authorization of the specified user and namespace | // Get the authorization of the specified user and namespace |
| // | // |
|
|
|
| { | { |
| auth = getAuthorization(userName, nameSpace); | auth = getAuthorization(userName, nameSpace); |
| } | } |
| catch (Exception& e) |
catch (Exception&) |
| { | { |
| PEG_FUNC_EXIT(TRC_AUTHORIZATION, METHOD_NAME); |
PEG_METHOD_EXIT(); |
| return authorized; | return authorized; |
| } | } |
| | |
|
|
|
| { | { |
| authorized = true; | authorized = true; |
| } | } |
| |
#endif |
| | |
| PEG_FUNC_EXIT(TRC_AUTHORIZATION, METHOD_NAME); |
PEG_METHOD_EXIT(); |
| | |
| return authorized; | return authorized; |
| } | } |
Return to
AuthorizationHandler.cpp
CVS log
Up to [Pegasus] / pegasus / src / Pegasus / Security / UserManager