pegasus/src/Pegasus/Security/UserManager/AuthorizationHandler.cpp - diff

Return to AuthorizationHandler.cpp CVS log

Up to [Pegasus] / pegasus / src / Pegasus / Security / UserManager

Diff for /pegasus/src/Pegasus/Security/UserManager/AuthorizationHandler.cpp between version 1.7 and 1.21

version 1.7, 2002/04/04 00:34:22

version 1.21, 2006/08/18 17:58:49

Line 1

//%////////////////////////////////////////////////////////////////////////////

//%2006////////////////////////////////////////////////////////////////////////

// The Open Group, Tivoli Systems

// Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems.

// IBM Corp.; EMC Corporation, The Open Group.

// IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group.

// EMC Corporation; VERITAS Software Corporation; The Open Group.

// EMC Corporation; Symantec Corporation; The Open Group.

// Permission is hereby granted, free of charge, to any person obtaining a copy

// of this software and associated documentation files (the "Software"), to

Line 19

Line 27

// ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION

// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

//=============================================================================

//==============================================================================

// Author: Sushma Fernandes (sushma_fernandes@hp.com)

// Modified By: Nag Boranna, Hewlett Packard Company (nagaraja_boranna@hp.com)

// Carol Ann Krug Graves, Hewlett-Packard Company

// (carolann_graves@hp.com)

// Josephine Eskaline Joyce, IBM (jojustin@in.ibm.com) for PEP#101

// David Dillard, VERITAS Software Corp.

// (david.dillard@veritas.com)

//%////////////////////////////////////////////////////////////////////////////

Line 36

Line 49

#include <Pegasus/Common/FileSystem.h>

#include <Pegasus/Common/HashTable.h>

#include <Pegasus/Common/Destroyer.h>

#include <Pegasus/Common/Logger.h>

#include <Pegasus/Common/System.h>

#include <Pegasus/Common/Tracer.h>

#include <Pegasus/Common/CIMInstance.h>

#include <Pegasus/Common/CIMReference.h>

#include <Pegasus/Common/Constants.h>

#include <Pegasus/Common/XmlWriter.h>

#include "AuthorizationHandler.h"

#include "UserExceptions.h"

#ifdef PEGASUS_OS_OS400

#include "qycmutiltyUtility.H"

#include "OS400ConvertChar.h"

#endif

PEGASUS_USING_STD;

Line 56

Line 72

// This constant represents the User name property in the schema

static const char PROPERTY_NAME_USERNAME [] = "Username";

static const CIMName PROPERTY_NAME_USERNAME = CIMName ("Username");

// This constant represents the Namespace property in the schema

static const char PROPERTY_NAME_NAMESPACE [] = "Namespace";

static const CIMName PROPERTY_NAME_NAMESPACE = CIMName ("Namespace");

// This constant represents the Authorizations property in the schema

static const char PROPERTY_NAME_AUTHORIZATION [] = "Authorization";

static const CIMName PROPERTY_NAME_AUTHORIZATION = CIMName ("Authorization");

Line 81

Line 97

// List of read only CIM Operations

static const char* READ_OPERATIONS [] = {

static const CIMName READ_OPERATIONS [] = {

"GetClass",

CIMName ("GetClass"),

"GetInstance",

CIMName ("GetInstance"),

"EnumerateClassNames",

CIMName ("EnumerateClassNames"),

"References",

CIMName ("References"),

"ReferenceNames",

CIMName ("ReferenceNames"),

"AssociatorNames",

CIMName ("AssociatorNames"),

"Associators",

CIMName ("Associators"),

"EnumerateInstanceNames",

CIMName ("EnumerateInstanceNames"),

"GetQualifier",

CIMName ("GetQualifier"),

"EnumerateQualifiers",

CIMName ("EnumerateQualifiers"),

"EnumerateClasses",

CIMName ("EnumerateClasses"),

"EnumerateInstances",

CIMName ("EnumerateInstances"),

"ExecQuery",

CIMName ("ExecQuery"),

"GetProperty" };

CIMName ("GetProperty") };

// List of write CIM Operations

static const char* WRITE_OPERATIONS [] = {

static const CIMName WRITE_OPERATIONS [] = {

"CreateClass",

CIMName ("CreateClass"),

"CreateInstance",

CIMName ("CreateInstance"),

"DeleteQualifier",

CIMName ("DeleteQualifier"),

"SetQualifier",

CIMName ("SetQualifier"),

"ModifyClass",

CIMName ("ModifyClass"),

"ModifyInstance",

CIMName ("ModifyInstance"),

"DeleteClass",

CIMName ("DeleteClass"),

"DeleteInstance",

CIMName ("DeleteInstance"),

"SetProperty",

CIMName ("SetProperty"),

"InvokeMethod",

CIMName ("InvokeMethod"),

"EnableIndicationSubscription",

CIMName ("EnableIndicationSubscription"),

"ModifyIndicationSubscription",

CIMName ("ModifyIndicationSubscription"),

"DisableIndicationSubscription" };

CIMName ("DisableIndicationSubscription") };

Line 130

Line 146

{

_loadAllAuthorizations();

}

catch(Exception& e)

catch (Exception&)

{

//ATTN-NB-03-20020402: Should this exception be thrown or ignored ?

//throw e;

cerr << PEGASUS_CLASSNAME_AUTHORIZATION << " class not loaded, ";

// cerr << PEGASUS_CLASSNAME_AUTHORIZATION << " class not loaded, ";

cerr << "No authorizations configured." << endl;

// cerr << "No authorizations configured." << endl;

}

PEG_METHOD_EXIT();

Line 156

Line 172

// Check if a given namespace exists

Boolean AuthorizationHandler::verifyNamespace( const String& nameSpace )

Boolean AuthorizationHandler::verifyNamespace(

const CIMNamespaceName& nameSpace )

{

PEG_METHOD_ENTER(

TRC_AUTHORIZATION, "AuthorizationHandler::verifyNamespace()");

Line 167

Line 184

// call enumerateNameSpaces to get all the namespaces

// in the repository

Array<String> namespaceNames =

Array<CIMNamespaceName> namespaceNames =

_repository->enumerateNameSpaces();

Line 177

Line 194

for (Uint32 i = 0; i < size; i++)

{

if (String::equal(nameSpace, namespaceNames[i]))

if (nameSpace.equal (namespaceNames[i]))

{

PEG_METHOD_EXIT();

return true;

Line 187

Line 204

catch (Exception& e)

{

PEG_METHOD_EXIT();

throw InvalidNamespace(nameSpace + e.getMessage());

throw InvalidNamespace(nameSpace.getString() + e.getMessage());

}

PEG_METHOD_EXIT();

Line 203

Line 220

PEG_METHOD_ENTER(

TRC_AUTHORIZATION, "AuthorizationHandler::_loadAllAuthorizations()");

Array<CIMNamedInstance> namedInstances;

Array<CIMInstance> namedInstances;

try

{

Line 218

Line 235

for (Uint32 i = 0; i < namedInstances.size(); i++)

{

CIMInstance& authInstance =

CIMInstance& authInstance = namedInstances[i];

namedInstances[i].getInstance();

// get user name

Line 249

Line 265

}

catch(Exception& e)

catch(const Exception&)

{

PEG_METHOD_EXIT();

throw e;

throw;

}

PEG_METHOD_EXIT();

Line 260

Line 276

void AuthorizationHandler::setAuthorization(

const String& userName,

const String& nameSpace,

const CIMNamespaceName& nameSpace,

const String& auth)

{

PEG_METHOD_ENTER(

Line 269

Line 285

// Remove auth if it already exists

_authTable.remove(userName + nameSpace);

_authTable.remove(userName + nameSpace.getString());

// Insert the specified authorization

if (!_authTable.insert(userName + nameSpace, auth))

if (!_authTable.insert(userName + nameSpace.getString(), auth))

{

PEG_METHOD_EXIT();

throw AuthorizationCacheError();

Line 285

Line 301

void AuthorizationHandler::removeAuthorization(

const String& userName,

const String& nameSpace)

const CIMNamespaceName& nameSpace)

{

PEG_METHOD_ENTER(

TRC_AUTHORIZATION, "AuthorizationHandler::removeAuthorization()");

Line 293

Line 309

// Remove the specified authorization

if (!_authTable.remove(userName + nameSpace))

if (!_authTable.remove(userName + nameSpace.getString()))

{

PEG_METHOD_EXIT();

throw AuthorizationEntryNotFound(userName, nameSpace);

throw AuthorizationEntryNotFound(userName, nameSpace.getString());

}

PEG_METHOD_EXIT();

}

String AuthorizationHandler::getAuthorization(

const String& userName,

const String& nameSpace)

const CIMNamespaceName& nameSpace)

{

PEG_METHOD_ENTER(

TRC_AUTHORIZATION, "AuthorizationHandler::getAuthorization()");

Line 313

Line 329

// Get authorization for the specified userName and nameSpace

if (!_authTable.lookup(userName + nameSpace, auth))

if (!_authTable.lookup(userName + nameSpace.getString(), auth))

{

PEG_METHOD_EXIT();

throw AuthorizationEntryNotFound(userName, nameSpace);

throw AuthorizationEntryNotFound(userName, nameSpace.getString());

}

PEG_METHOD_EXIT();

Line 330

Line 346

Boolean AuthorizationHandler::verifyAuthorization(

const String& userName,

const String& nameSpace,

const CIMNamespaceName& nameSpace,

const String& cimMethodName)

const CIMName& cimMethodName)

{

PEG_METHOD_ENTER(

TRC_AUTHORIZATION, "AuthorizationHandler::verifyAuthorization()");

Line 346

Line 362

for (Uint32 i = 0; i < readOpSize; i++ )

{

if ( String::equal(cimMethodName, READ_OPERATIONS[i]) )

if (cimMethodName.equal (READ_OPERATIONS[i]))

{

readOperation = true;

break;

Line 356

Line 372

{

for (Uint32 i = 0; i < writeOpSize; i++ )

{

if ( String::equal(cimMethodName, WRITE_OPERATIONS[i]) )

if (cimMethodName.equal (WRITE_OPERATIONS[i]))

{

writeOperation = true;

break;

Line 364

Line 380

}

#ifdef PEGASUS_OS_OS400

if (readOperation || writeOperation)

{

// Use OS/400 Application Administration to do cim operation verification

// (note - need to convert to EBCDIC before calling ycm)

CString userCStr = userName.getCString();

const char * user = (const char *)userCStr;

AtoE((char *)user);

CString nsCStr = nameSpace.getString().getCString();

const char * ns = (const char *)nsCStr;

AtoE((char *)ns);

CString cimMethCStr = cimMethodName.getString().getCString();

const char * cimMeth = (const char *)cimMethCStr;

AtoE((char *)cimMeth);

int os400auth =

ycmVerifyFunctionAuthorization(user,

ns,

cimMeth);

if (os400auth == TRUE)

authorized = true;

}

#else

// Get the authorization of the specified user and namespace

Line 372

Line 410

{

auth = getAuthorization(userName, nameSpace);

}

catch (Exception& e)

catch (Exception&)

{

PEG_METHOD_EXIT();

return authorized;

Line 391

Line 429

{

authorized = true;

}

#endif

PEG_METHOD_EXIT();

Legend:

Removed from v.1.7
changed lines
	Added in v.1.21

No CVS admin address has been configured