pegasus/src/Pegasus/Security/UserManager/AuthorizationHandler.cpp - diff

Return to AuthorizationHandler.cpp CVS log

Up to [Pegasus] / pegasus / src / Pegasus / Security / UserManager

Diff for /pegasus/src/Pegasus/Security/UserManager/AuthorizationHandler.cpp between version 1.23 and 1.34

version 1.23, 2007/02/16 19:14:15

version 1.34, 2012/02/02 05:50:16

Line 1

//%2006////////////////////////////////////////////////////////////////////////

//%LICENSE////////////////////////////////////////////////////////////////

// Licensed to The Open Group (TOG) under one or more contributor license

// Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems.

// agreements. Refer to the OpenPegasusNOTICE.txt file distributed with

// this work for additional information regarding copyright ownership.

// IBM Corp.; EMC Corporation, The Open Group.

// Each contributor licenses this file to you under the OpenPegasus Open

// Source License; you may not use this file except in compliance with the

// IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group.

// License.

// EMC Corporation; VERITAS Software Corporation; The Open Group.

// Permission is hereby granted, free of charge, to any person obtaining a

// copy of this software and associated documentation files (the "Software"),

// EMC Corporation; Symantec Corporation; The Open Group.

// to deal in the Software without restriction, including without limitation

// the rights to use, copy, modify, merge, publish, distribute, sublicense,

// Permission is hereby granted, free of charge, to any person obtaining a copy

// and/or sell copies of the Software, and to permit persons to whom the

// of this software and associated documentation files (the "Software"), to

// Software is furnished to do so, subject to the following conditions:

// deal in the Software without restriction, including without limitation the

// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or

// The above copyright notice and this permission notice shall be included

// sell copies of the Software, and to permit persons to whom the Software is

// in all copies or substantial portions of the Software.

// furnished to do so, subject to the following conditions:

// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS

// THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN

// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF

// ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED

// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.

// "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT

// IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY

// LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR

// CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,

// PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT

// TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE

// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN

// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

// ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION

// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

//==============================================================================

//////////////////////////////////////////////////////////////////////////

//%////////////////////////////////////////////////////////////////////////////

Line 46

Line 44

#include <Pegasus/Common/CIMInstance.h>

#include <Pegasus/Common/Constants.h>

#include <Pegasus/Common/XmlWriter.h>

#include <Pegasus/Common/CIMNameCast.h>

#ifdef PEGASUS_OS_PASE

# include <ILEWrapper/qumemultiutil.h>

# include <ILEWrapper/ILEUtilities2.h>

#endif

#include "AuthorizationHandler.h"

#include "UserExceptions.h"

#ifdef PEGASUS_OS_OS400

#include "qycmutiltyUtility.H"

#include "OS400ConvertChar.h"

#endif

PEGASUS_USING_STD;

PEGASUS_NAMESPACE_BEGIN

Line 63

Line 62

// This constant represents the User name property in the schema

static const CIMName PROPERTY_NAME_USERNAME = CIMName ("Username");

static const CIMName PROPERTY_NAME_USERNAME = CIMNameCast("Username");

// This constant represents the Namespace property in the schema

static const CIMName PROPERTY_NAME_NAMESPACE = CIMName ("Namespace");

static const CIMName PROPERTY_NAME_NAMESPACE = CIMNameCast("Namespace");

// This constant represents the Authorizations property in the schema

static const CIMName PROPERTY_NAME_AUTHORIZATION = CIMName ("Authorization");

static const CIMName PROPERTY_NAME_AUTHORIZATION = CIMNameCast("Authorization");

Line 88

Line 87

// List of read only CIM Operations

static const CIMName READ_OPERATIONS [] = {

static const CIMName READ_OPERATIONS [] =

{

CIMName ("GetClass"),

CIMName ("GetInstance"),

CIMName ("EnumerateClassNames"),

Line 102

CIMName ("EnumerateClasses"),

CIMName ("EnumerateInstances"),

CIMName ("ExecQuery"),

CIMName ("GetProperty") };

CIMName("GetProperty")

};

// List of write CIM Operations

static const CIMName WRITE_OPERATIONS [] = {

static const CIMName WRITE_OPERATIONS [] =

{

CIMName ("CreateClass"),

CIMName ("CreateInstance"),

CIMName ("DeleteQualifier"),

Line 120

Line 122

CIMName ("InvokeMethod"),

CIMName ("EnableIndicationSubscription"),

CIMName ("ModifyIndicationSubscription"),

CIMName ("DisableIndicationSubscription") };

CIMName("DisableIndicationSubscription")

};

static String _getAuthKey(const String &userName, const String &nameSpace)

{

//Separator ":" is used to distinguish "a" +"bc"

// and "ab"+"c" scenarios

String key = nameSpace;

key.append(Char16(':'));

#ifdef PEGASUS_OS_TYPE_WINDOWS

key.append(userName);

key.toLower();

#else

key.toLower();

key.append(userName);

#endif

return key;

}

// Constructor

Line 208

Line 227

// call enumerateInstancesForClass of the repository

namedInstances = _repository->enumerateInstancesForClass(

PEGASUS_NAMESPACENAME_AUTHORIZATION, PEGASUS_CLASSNAME_AUTHORIZATION);

PEGASUS_NAMESPACENAME_AUTHORIZATION,

PEGASUS_CLASSNAME_AUTHORIZATION);

// get all the user names, namespaces, and authorizations

Line 241

Line 261

// Add authorization to the table

if (!_authTable.insert(userName + nameSpace, auth))

if (!_authTable.insert(_getAuthKey(userName, nameSpace), auth))

{

throw AuthorizationCacheError();

}

Line 257

Line 277

throw;

}

catch (const Exception&)

{

PEG_METHOD_EXIT();

throw;

}

PEG_METHOD_EXIT();

}

Line 274

Line 289

PEG_METHOD_ENTER(

TRC_AUTHORIZATION, "AuthorizationHandler::setAuthorization()");

String key = _getAuthKey(userName, nameSpace.getString());

// Remove auth if it already exists

_authTable.remove(userName + nameSpace.getString());

_authTable.remove(key);

// Insert the specified authorization

if (!_authTable.insert(userName + nameSpace.getString(), auth))

if (!_authTable.insert(key, auth))

{

PEG_METHOD_EXIT();

throw AuthorizationCacheError();

Line 301

Line 317

// Remove the specified authorization

if (!_authTable.remove(userName + nameSpace.getString()))

if (!_authTable.remove(_getAuthKey(userName, nameSpace.getString())))

{

PEG_METHOD_EXIT();

throw AuthorizationEntryNotFound(userName, nameSpace.getString());

Line 321

Line 337

// Get authorization for the specified userName and nameSpace

if (!_authTable.lookup(userName + nameSpace.getString(), auth))

if (!_authTable.lookup(_getAuthKey(userName, nameSpace.getString()), auth))

{

PEG_METHOD_EXIT();

throw AuthorizationEntryNotFound(userName, nameSpace.getString());

Line 372

Line 388

}

#ifdef PEGASUS_OS_OS400

#ifdef PEGASUS_OS_PASE

if (readOperation || writeOperation)

{

// Use OS/400 Application Administration to do cim operation verification

// (note - need to convert to EBCDIC before calling ycm)

CString userCStr = userName.getCString();

const char * user = (const char *)userCStr;

AtoE((char *)user);

CString nsCStr = nameSpace.getString().getCString();

const char * ns = (const char *)nsCStr;

AtoE((char *)ns);

CString cimMethCStr = cimMethodName.getString().getCString();

const char * cimMeth = (const char *)cimMethCStr;

AtoE((char *)cimMeth);

int os400auth =

CString nameSpaceCStr = nameSpace.getString().getCString();

ycmVerifyFunctionAuthorization(user,

const char * nameSpChar = (const char *)nameSpaceCStr;

ns,

int PaseAuth =

umeVerifyFunctionAuthorization(user,

cimMeth);

if (os400auth == TRUE)

if (PaseAuth == TRUE)

authorized = true;

/* read operation needn't verify priviledUser */

if(authorized && writeOperation)

{

The Application Admin checks

we have now cover all class/qualifier

operations to all namespaces.

But maybe this is not enough protection

for the private Pegasus namespaces.

We should call isPrivilegedUser

in this case instead of App Admin

if (strcasecmp(nameSpChar,"root/PG_Internal") == 0

||strcasecmp(nameSpChar,"root/PG_InterOp") == 0

||strcasecmp(nameSpChar,"PG_Internal") == 0

||strcasecmp(nameSpChar,"PG_InterOp") == 0 )

{

if(!System::isPrivilegedUser(userName))

authorized = false;

}

#else

Legend:

Removed from v.1.23
changed lines
	Added in v.1.34

No CVS admin address has been configured