1 kumpf 1.10 //%/////////////////////////////////////////////////////////////////////////////
|
2 mike 1.2 //
|
3 kumpf 1.10 // Copyright (c) 2000, 2001, 2002 BMC Software, Hewlett-Packard Company, IBM,
|
4 mike 1.2 // The Open Group, Tivoli Systems
5 //
6 // Permission is hereby granted, free of charge, to any person obtaining a copy
|
7 kumpf 1.10 // of this software and associated documentation files (the "Software"), to
8 // deal in the Software without restriction, including without limitation the
9 // rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
|
10 mike 1.2 // sell copies of the Software, and to permit persons to whom the Software is
11 // furnished to do so, subject to the following conditions:
12 //
|
13 kumpf 1.10 // THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN
|
14 mike 1.2 // ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED
15 // "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
|
16 kumpf 1.10 // LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
17 // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
18 // HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
|
19 mike 1.2 // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
20 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
21 //
|
22 kumpf 1.10 //==============================================================================
|
23 mike 1.2 //
24 // Author: Sushma Fernandes (sushma_fernandes@hp.com)
25 //
26 // Modified By: Nag Boranna, Hewlett Packard Company (nagaraja_boranna@hp.com)
|
27 kumpf 1.9 // Carol Ann Krug Graves, Hewlett-Packard Company
28 // (carolann_graves@hp.com)
|
29 mike 1.2 //
30 //%////////////////////////////////////////////////////////////////////////////
31
32
33 ///////////////////////////////////////////////////////////////////////////////
34 //
35 // This file implements the functionality required to manage auth table.
36 //
37 ///////////////////////////////////////////////////////////////////////////////
38
39 #include <Pegasus/Common/FileSystem.h>
40 #include <Pegasus/Common/HashTable.h>
41 #include <Pegasus/Common/Destroyer.h>
42 #include <Pegasus/Common/Logger.h>
43 #include <Pegasus/Common/System.h>
44 #include <Pegasus/Common/Tracer.h>
45 #include <Pegasus/Common/CIMInstance.h>
|
46 kumpf 1.6 #include <Pegasus/Common/Constants.h>
|
47 kumpf 1.11 #include <Pegasus/Common/XmlWriter.h>
|
48 mike 1.2
|
49 kumpf 1.5 #include "AuthorizationHandler.h"
50 #include "UserExceptions.h"
51
|
52 gerarda 1.13 #ifdef PEGASUS_OS_OS400
53 #include "qycmutiltyUtility.H"
54 #endif
|
55 mike 1.2
56 PEGASUS_USING_STD;
57
58 PEGASUS_NAMESPACE_BEGIN
59
60
|
61 kumpf 1.7 //
62 // This constant represents the User name property in the schema
63 //
|
64 kumpf 1.11 static const CIMName PROPERTY_NAME_USERNAME = CIMName ("Username");
|
65 mike 1.2
|
66 kumpf 1.7 //
67 // This constant represents the Namespace property in the schema
68 //
|
69 kumpf 1.11 static const CIMName PROPERTY_NAME_NAMESPACE = CIMName ("Namespace");
|
70 mike 1.2
|
71 kumpf 1.7 //
72 // This constant represents the Authorizations property in the schema
73 //
|
74 kumpf 1.11 static const CIMName PROPERTY_NAME_AUTHORIZATION = CIMName ("Authorization");
|
75 mike 1.2
76
|
77 kumpf 1.7 //
78 // List of all the CIM Operations
79 //
80 // Note: The following tables contain all the existing CIM Operations.
81 // Any new CIM Operations created must be included in one of these tables,
82 // otherwise no CIM requests will have authorization to execute those
83 // new operations.
84 //
|
85 mike 1.2
|
86 kumpf 1.7 //
87 // List of read only CIM Operations
88 //
|
89 kumpf 1.11 static const CIMName READ_OPERATIONS [] = {
90 CIMName ("GetClass"),
91 CIMName ("GetInstance"),
92 CIMName ("EnumerateClassNames"),
93 CIMName ("References"),
94 CIMName ("ReferenceNames"),
95 CIMName ("AssociatorNames"),
96 CIMName ("Associators"),
97 CIMName ("EnumerateInstanceNames"),
98 CIMName ("GetQualifier"),
99 CIMName ("EnumerateQualifiers"),
100 CIMName ("EnumerateClasses"),
101 CIMName ("EnumerateInstances"),
102 CIMName ("ExecQuery"),
103 CIMName ("GetProperty") };
|
104 mike 1.2
|
105 kumpf 1.7 //
106 // List of write CIM Operations
107 //
|
108 kumpf 1.11 static const CIMName WRITE_OPERATIONS [] = {
109 CIMName ("CreateClass"),
110 CIMName ("CreateInstance"),
111 CIMName ("DeleteQualifier"),
112 CIMName ("SetQualifier"),
113 CIMName ("ModifyClass"),
114 CIMName ("ModifyInstance"),
115 CIMName ("DeleteClass"),
116 CIMName ("DeleteInstance"),
117 CIMName ("SetProperty"),
118 CIMName ("InvokeMethod"),
119 CIMName ("EnableIndicationSubscription"),
120 CIMName ("ModifyIndicationSubscription"),
121 CIMName ("DisableIndicationSubscription") };
|
122 mike 1.2
123
124 //
125 // Constructor
126 //
127 AuthorizationHandler::AuthorizationHandler(CIMRepository* repository)
128 {
|
129 kumpf 1.7 PEG_METHOD_ENTER(
130 TRC_AUTHORIZATION, "AuthorizationHandler::AuthorizationHandler()");
|
131 kumpf 1.5
|
132 mike 1.2 _repository = repository;
133
134 try
135 {
136 _loadAllAuthorizations();
137 }
138 catch(Exception& e)
139 {
|
140 kumpf 1.7 //ATTN-NB-03-20020402: Should this exception be thrown or ignored ?
141 //throw e;
142
|
143 kumpf 1.12 // cerr << PEGASUS_CLASSNAME_AUTHORIZATION << " class not loaded, ";
144 // cerr << "No authorizations configured." << endl;
|
145 mike 1.2 }
|
146 kumpf 1.5
|
147 kumpf 1.7 PEG_METHOD_EXIT();
|
148 mike 1.2 }
149
150 //
151 // Destructor.
152 //
153 AuthorizationHandler::~AuthorizationHandler()
154 {
|
155 kumpf 1.7 PEG_METHOD_ENTER(
156 TRC_AUTHORIZATION, "AuthorizationHandler::~AuthorizationHandler()");
|
157 mike 1.2
|
158 kumpf 1.7 PEG_METHOD_EXIT();
|
159 mike 1.2 }
160
161 //
162 // Check if a given namespace exists
163 //
|
164 kumpf 1.11 Boolean AuthorizationHandler::verifyNamespace(
165 const CIMNamespaceName& nameSpace )
|
166 mike 1.2 {
|
167 kumpf 1.7 PEG_METHOD_ENTER(
168 TRC_AUTHORIZATION, "AuthorizationHandler::verifyNamespace()");
|
169 kumpf 1.5
|
170 mike 1.2 try
171 {
172 //
|
173 kumpf 1.3 // call enumerateNameSpaces to get all the namespaces
174 // in the repository
|
175 mike 1.2 //
|
176 kumpf 1.11 Array<CIMNamespaceName> namespaceNames =
|
177 kumpf 1.3 _repository->enumerateNameSpaces();
|
178 mike 1.2
179 //
180 // check for the given namespace
181 //
|
182 kumpf 1.3 Uint32 size = namespaceNames.size();
183
184 for (Uint32 i = 0; i < size; i++)
|
185 mike 1.2 {
|
186 kumpf 1.11 if (nameSpace.equal (namespaceNames[i]))
|
187 kumpf 1.3 {
|
188 kumpf 1.7 PEG_METHOD_EXIT();
|
189 kumpf 1.3 return true;
190 }
|
191 mike 1.2 }
|
192 kumpf 1.3 }
193 catch (Exception& e)
|
194 mike 1.2 {
|
195 kumpf 1.7 PEG_METHOD_EXIT();
|
196 kumpf 1.11 throw InvalidNamespace(nameSpace.getString() + e.getMessage());
|
197 mike 1.2 }
|
198 kumpf 1.3
|
199 kumpf 1.7 PEG_METHOD_EXIT();
|
200 kumpf 1.5
|
201 kumpf 1.3 return false;
|
202 mike 1.2 }
203
204 //
205 // Load all user names and password
206 //
207 void AuthorizationHandler::_loadAllAuthorizations()
208 {
|
209 kumpf 1.7 PEG_METHOD_ENTER(
210 TRC_AUTHORIZATION, "AuthorizationHandler::_loadAllAuthorizations()");
|
211 kumpf 1.5
|
212 kumpf 1.9 Array<CIMInstance> namedInstances;
|
213 mike 1.2
214 try
215 {
216 //
217 // call enumerateInstances of the repository
218 //
219 namedInstances = _repository->enumerateInstances(
|
220 kumpf 1.6 PEGASUS_NAMESPACENAME_AUTHORIZATION, PEGASUS_CLASSNAME_AUTHORIZATION);
|
221 mike 1.2
222 //
223 // get all the user names, namespaces, and authorizations
224 //
225 for (Uint32 i = 0; i < namedInstances.size(); i++)
226 {
|
227 kumpf 1.9 CIMInstance& authInstance = namedInstances[i];
|
228 mike 1.2
229 //
230 // get user name
231 //
232 Uint32 pos = authInstance.findProperty(PROPERTY_NAME_USERNAME);
233 CIMProperty prop = (CIMProperty)authInstance.getProperty(pos);
234 String userName = prop.getValue().toString();
235
236 //
237 // get namespace name
238 //
239 pos = authInstance.findProperty(PROPERTY_NAME_NAMESPACE);
240 prop = (CIMProperty)authInstance.getProperty(pos);
241 String nameSpace = prop.getValue().toString();
242
243 //
244 // get authorizations
245 //
246 pos = authInstance.findProperty(PROPERTY_NAME_AUTHORIZATION);
247 prop = (CIMProperty)authInstance.getProperty(pos);
248 String auth = prop.getValue().toString();
249 mike 1.2
250 //
251 // Add authorization to the table
252 //
|
253 kumpf 1.3 _authTable.insert(userName + nameSpace, auth);
|
254 mike 1.2 }
255
256 }
257 catch(Exception& e)
258 {
|
259 kumpf 1.7 PEG_METHOD_EXIT();
|
260 kumpf 1.3 throw e;
|
261 mike 1.2 }
262
|
263 kumpf 1.7 PEG_METHOD_EXIT();
|
264 mike 1.2 }
265
266 void AuthorizationHandler::setAuthorization(
267 const String& userName,
|
268 kumpf 1.11 const CIMNamespaceName& nameSpace,
|
269 mike 1.2 const String& auth)
270 {
|
271 kumpf 1.7 PEG_METHOD_ENTER(
272 TRC_AUTHORIZATION, "AuthorizationHandler::setAuthorization()");
|
273 kumpf 1.5
|
274 mike 1.2 //
|
275 kumpf 1.3 // Remove auth if it already exists
|
276 mike 1.2 //
|
277 kumpf 1.11 _authTable.remove(userName + nameSpace.getString());
|
278 mike 1.2
279 //
|
280 kumpf 1.3 // Insert the specified authorization
|
281 mike 1.2 //
|
282 kumpf 1.11 if (!_authTable.insert(userName + nameSpace.getString(), auth))
|
283 mike 1.2 {
|
284 kumpf 1.7 PEG_METHOD_EXIT();
|
285 mike 1.2 throw AuthorizationCacheError();
286 }
287
|
288 kumpf 1.7 PEG_METHOD_EXIT();
|
289 mike 1.2 }
290
291 void AuthorizationHandler::removeAuthorization(
292 const String& userName,
|
293 kumpf 1.11 const CIMNamespaceName& nameSpace)
|
294 mike 1.2 {
|
295 kumpf 1.7 PEG_METHOD_ENTER(
296 TRC_AUTHORIZATION, "AuthorizationHandler::removeAuthorization()");
|
297 kumpf 1.5
|
298 mike 1.2 //
|
299 kumpf 1.3 // Remove the specified authorization
|
300 mike 1.2 //
|
301 kumpf 1.11 if (!_authTable.remove(userName + nameSpace.getString()))
|
302 mike 1.2 {
|
303 kumpf 1.7 PEG_METHOD_EXIT();
|
304 kumpf 1.11 throw AuthorizationEntryNotFound(userName, nameSpace.getString());
|
305 mike 1.2 }
|
306 kumpf 1.7 PEG_METHOD_EXIT();
|
307 mike 1.2 }
308
309 String AuthorizationHandler::getAuthorization(
310 const String& userName,
|
311 kumpf 1.11 const CIMNamespaceName& nameSpace)
|
312 mike 1.2 {
|
313 kumpf 1.7 PEG_METHOD_ENTER(
314 TRC_AUTHORIZATION, "AuthorizationHandler::getAuthorization()");
|
315 kumpf 1.5
|
316 mike 1.2 String auth;
317
|
318 kumpf 1.3 //
319 // Get authorization for the specified userName and nameSpace
320 //
|
321 kumpf 1.11 if (!_authTable.lookup(userName + nameSpace.getString(), auth))
|
322 mike 1.2 {
|
323 kumpf 1.7 PEG_METHOD_EXIT();
|
324 kumpf 1.11 throw AuthorizationEntryNotFound(userName, nameSpace.getString());
|
325 mike 1.2 }
326
|
327 kumpf 1.7 PEG_METHOD_EXIT();
|
328 kumpf 1.5
|
329 mike 1.2 return auth;
330 }
331
332 //
333 // Verify whether the specified operation has authorization
334 // to be performed by the specified user.
335 //
336 Boolean AuthorizationHandler::verifyAuthorization(
337 const String& userName,
|
338 kumpf 1.11 const CIMNamespaceName& nameSpace,
339 const CIMName& cimMethodName)
|
340 mike 1.2 {
|
341 kumpf 1.7 PEG_METHOD_ENTER(
342 TRC_AUTHORIZATION, "AuthorizationHandler::verifyAuthorization()");
|
343 kumpf 1.5
|
344 mike 1.2 Boolean authorized = false;
|
345 kumpf 1.3 Boolean readOperation = false;
346 Boolean writeOperation = false;
|
347 mike 1.2
348 Uint32 readOpSize = sizeof(READ_OPERATIONS) / sizeof(READ_OPERATIONS[0]);
349
350 Uint32 writeOpSize = sizeof(WRITE_OPERATIONS) / sizeof(WRITE_OPERATIONS[0]);
351
|
352 kumpf 1.3 for (Uint32 i = 0; i < readOpSize; i++ )
353 {
|
354 kumpf 1.11 if (cimMethodName.equal (READ_OPERATIONS[i]))
|
355 kumpf 1.3 {
356 readOperation = true;
357 break;
358 }
359 }
360 if ( !readOperation )
361 {
362 for (Uint32 i = 0; i < writeOpSize; i++ )
363 {
|
364 kumpf 1.11 if (cimMethodName.equal (WRITE_OPERATIONS[i]))
|
365 kumpf 1.3 {
366 writeOperation = true;
367 break;
368 }
369 }
370 }
371
|
372 gerarda 1.13 #ifdef PEGASUS_OS_OS400
373 if (readOperation || writeOperation)
374 {
375 // Use OS/400 Application Administration to do cim operation verification
376 int os400auth =
377 ycmVerifyFunctionAuthorization((const char*)userName.getCString(),
378 (const char*)(nameSpace.getString()).getCString(),
379 (const char*)(cimMethodName.getString()).getCString());
380 if (os400auth == TRUE)
381 authorized = true;
382 }
383 #else
|
384 mike 1.2 //
385 // Get the authorization of the specified user and namespace
386 //
387 String auth;
388 try
389 {
390 auth = getAuthorization(userName, nameSpace);
391 }
392 catch (Exception& e)
393 {
|
394 kumpf 1.7 PEG_METHOD_EXIT();
|
395 mike 1.2 return authorized;
396 }
397
|
398 kumpf 1.3 if ( ( String::equal(auth, "rw") || String::equal(auth, "wr") ) &&
399 ( readOperation || writeOperation ) )
|
400 mike 1.2 {
|
401 kumpf 1.3 authorized = true;
|
402 mike 1.2 }
|
403 kumpf 1.3 else if ( String::equal(auth, "r") && readOperation )
|
404 mike 1.2 {
|
405 kumpf 1.3 authorized = true;
|
406 mike 1.2 }
|
407 kumpf 1.3 else if ( String::equal(auth, "w") && writeOperation )
|
408 mike 1.2 {
|
409 kumpf 1.3 authorized = true;
|
410 mike 1.2 }
|
411 gerarda 1.13 #endif
|
412 kumpf 1.5
|
413 kumpf 1.7 PEG_METHOD_EXIT();
|
414 mike 1.2
415 return authorized;
416 }
417
418 PEGASUS_NAMESPACE_END
419
420
|