1 kumpf 1.10 //%/////////////////////////////////////////////////////////////////////////////
|
2 mike 1.2 //
|
3 kumpf 1.10 // Copyright (c) 2000, 2001, 2002 BMC Software, Hewlett-Packard Company, IBM,
|
4 mike 1.2 // The Open Group, Tivoli Systems
5 //
6 // Permission is hereby granted, free of charge, to any person obtaining a copy
|
7 kumpf 1.10 // of this software and associated documentation files (the "Software"), to
8 // deal in the Software without restriction, including without limitation the
9 // rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
|
10 mike 1.2 // sell copies of the Software, and to permit persons to whom the Software is
11 // furnished to do so, subject to the following conditions:
12 //
|
13 kumpf 1.10 // THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN
|
14 mike 1.2 // ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED
15 // "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
|
16 kumpf 1.10 // LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
17 // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
18 // HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
|
19 mike 1.2 // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
20 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
21 //
|
22 kumpf 1.10 //==============================================================================
|
23 mike 1.2 //
24 // Author: Sushma Fernandes (sushma_fernandes@hp.com)
25 //
26 // Modified By: Nag Boranna, Hewlett Packard Company (nagaraja_boranna@hp.com)
|
27 kumpf 1.9 // Carol Ann Krug Graves, Hewlett-Packard Company
28 // (carolann_graves@hp.com)
|
29 mike 1.2 //
30 //%////////////////////////////////////////////////////////////////////////////
31
32
33 ///////////////////////////////////////////////////////////////////////////////
34 //
35 // This file implements the functionality required to manage auth table.
36 //
37 ///////////////////////////////////////////////////////////////////////////////
38
39 #include <Pegasus/Common/FileSystem.h>
40 #include <Pegasus/Common/HashTable.h>
41 #include <Pegasus/Common/Destroyer.h>
42 #include <Pegasus/Common/Logger.h>
43 #include <Pegasus/Common/System.h>
44 #include <Pegasus/Common/Tracer.h>
45 #include <Pegasus/Common/CIMInstance.h>
|
46 kumpf 1.6 #include <Pegasus/Common/Constants.h>
|
47 kumpf 1.11 #include <Pegasus/Common/XmlWriter.h>
|
48 mike 1.2
|
49 kumpf 1.5 #include "AuthorizationHandler.h"
50 #include "UserExceptions.h"
51
|
52 gerarda 1.13 #ifdef PEGASUS_OS_OS400
53 #include "qycmutiltyUtility.H"
|
54 david 1.14 #include "OS400ConvertChar.h"
|
55 gerarda 1.13 #endif
|
56 mike 1.2
57 PEGASUS_USING_STD;
58
59 PEGASUS_NAMESPACE_BEGIN
60
61
|
62 kumpf 1.7 //
63 // This constant represents the User name property in the schema
64 //
|
65 kumpf 1.11 static const CIMName PROPERTY_NAME_USERNAME = CIMName ("Username");
|
66 mike 1.2
|
67 kumpf 1.7 //
68 // This constant represents the Namespace property in the schema
69 //
|
70 kumpf 1.11 static const CIMName PROPERTY_NAME_NAMESPACE = CIMName ("Namespace");
|
71 mike 1.2
|
72 kumpf 1.7 //
73 // This constant represents the Authorizations property in the schema
74 //
|
75 kumpf 1.11 static const CIMName PROPERTY_NAME_AUTHORIZATION = CIMName ("Authorization");
|
76 mike 1.2
77
|
78 kumpf 1.7 //
79 // List of all the CIM Operations
80 //
81 // Note: The following tables contain all the existing CIM Operations.
82 // Any new CIM Operations created must be included in one of these tables,
83 // otherwise no CIM requests will have authorization to execute those
84 // new operations.
85 //
|
86 mike 1.2
|
87 kumpf 1.7 //
88 // List of read only CIM Operations
89 //
|
90 kumpf 1.11 static const CIMName READ_OPERATIONS [] = {
91 CIMName ("GetClass"),
92 CIMName ("GetInstance"),
93 CIMName ("EnumerateClassNames"),
94 CIMName ("References"),
95 CIMName ("ReferenceNames"),
96 CIMName ("AssociatorNames"),
97 CIMName ("Associators"),
98 CIMName ("EnumerateInstanceNames"),
99 CIMName ("GetQualifier"),
100 CIMName ("EnumerateQualifiers"),
101 CIMName ("EnumerateClasses"),
102 CIMName ("EnumerateInstances"),
103 CIMName ("ExecQuery"),
104 CIMName ("GetProperty") };
|
105 mike 1.2
|
106 kumpf 1.7 //
107 // List of write CIM Operations
108 //
|
109 kumpf 1.11 static const CIMName WRITE_OPERATIONS [] = {
110 CIMName ("CreateClass"),
111 CIMName ("CreateInstance"),
112 CIMName ("DeleteQualifier"),
113 CIMName ("SetQualifier"),
114 CIMName ("ModifyClass"),
115 CIMName ("ModifyInstance"),
116 CIMName ("DeleteClass"),
117 CIMName ("DeleteInstance"),
118 CIMName ("SetProperty"),
119 CIMName ("InvokeMethod"),
120 CIMName ("EnableIndicationSubscription"),
121 CIMName ("ModifyIndicationSubscription"),
122 CIMName ("DisableIndicationSubscription") };
|
123 mike 1.2
124
125 //
126 // Constructor
127 //
128 AuthorizationHandler::AuthorizationHandler(CIMRepository* repository)
129 {
|
130 kumpf 1.7 PEG_METHOD_ENTER(
131 TRC_AUTHORIZATION, "AuthorizationHandler::AuthorizationHandler()");
|
132 kumpf 1.5
|
133 mike 1.2 _repository = repository;
134
135 try
136 {
137 _loadAllAuthorizations();
138 }
139 catch(Exception& e)
140 {
|
141 kumpf 1.7 //ATTN-NB-03-20020402: Should this exception be thrown or ignored ?
142 //throw e;
143
|
144 kumpf 1.12 // cerr << PEGASUS_CLASSNAME_AUTHORIZATION << " class not loaded, ";
145 // cerr << "No authorizations configured." << endl;
|
146 mike 1.2 }
|
147 kumpf 1.5
|
148 kumpf 1.7 PEG_METHOD_EXIT();
|
149 mike 1.2 }
150
151 //
152 // Destructor.
153 //
154 AuthorizationHandler::~AuthorizationHandler()
155 {
|
156 kumpf 1.7 PEG_METHOD_ENTER(
157 TRC_AUTHORIZATION, "AuthorizationHandler::~AuthorizationHandler()");
|
158 mike 1.2
|
159 kumpf 1.7 PEG_METHOD_EXIT();
|
160 mike 1.2 }
161
162 //
163 // Check if a given namespace exists
164 //
|
165 kumpf 1.11 Boolean AuthorizationHandler::verifyNamespace(
166 const CIMNamespaceName& nameSpace )
|
167 mike 1.2 {
|
168 kumpf 1.7 PEG_METHOD_ENTER(
169 TRC_AUTHORIZATION, "AuthorizationHandler::verifyNamespace()");
|
170 kumpf 1.5
|
171 mike 1.2 try
172 {
173 //
|
174 kumpf 1.3 // call enumerateNameSpaces to get all the namespaces
175 // in the repository
|
176 mike 1.2 //
|
177 kumpf 1.11 Array<CIMNamespaceName> namespaceNames =
|
178 kumpf 1.3 _repository->enumerateNameSpaces();
|
179 mike 1.2
180 //
181 // check for the given namespace
182 //
|
183 kumpf 1.3 Uint32 size = namespaceNames.size();
184
185 for (Uint32 i = 0; i < size; i++)
|
186 mike 1.2 {
|
187 kumpf 1.11 if (nameSpace.equal (namespaceNames[i]))
|
188 kumpf 1.3 {
|
189 kumpf 1.7 PEG_METHOD_EXIT();
|
190 kumpf 1.3 return true;
191 }
|
192 mike 1.2 }
|
193 kumpf 1.3 }
194 catch (Exception& e)
|
195 mike 1.2 {
|
196 kumpf 1.7 PEG_METHOD_EXIT();
|
197 kumpf 1.11 throw InvalidNamespace(nameSpace.getString() + e.getMessage());
|
198 mike 1.2 }
|
199 kumpf 1.3
|
200 kumpf 1.7 PEG_METHOD_EXIT();
|
201 kumpf 1.5
|
202 kumpf 1.3 return false;
|
203 mike 1.2 }
204
205 //
206 // Load all user names and password
207 //
208 void AuthorizationHandler::_loadAllAuthorizations()
209 {
|
210 kumpf 1.7 PEG_METHOD_ENTER(
211 TRC_AUTHORIZATION, "AuthorizationHandler::_loadAllAuthorizations()");
|
212 kumpf 1.5
|
213 kumpf 1.9 Array<CIMInstance> namedInstances;
|
214 mike 1.2
215 try
216 {
217 //
218 // call enumerateInstances of the repository
219 //
220 namedInstances = _repository->enumerateInstances(
|
221 kumpf 1.6 PEGASUS_NAMESPACENAME_AUTHORIZATION, PEGASUS_CLASSNAME_AUTHORIZATION);
|
222 mike 1.2
223 //
224 // get all the user names, namespaces, and authorizations
225 //
226 for (Uint32 i = 0; i < namedInstances.size(); i++)
227 {
|
228 kumpf 1.9 CIMInstance& authInstance = namedInstances[i];
|
229 mike 1.2
230 //
231 // get user name
232 //
233 Uint32 pos = authInstance.findProperty(PROPERTY_NAME_USERNAME);
234 CIMProperty prop = (CIMProperty)authInstance.getProperty(pos);
235 String userName = prop.getValue().toString();
236
237 //
238 // get namespace name
239 //
240 pos = authInstance.findProperty(PROPERTY_NAME_NAMESPACE);
241 prop = (CIMProperty)authInstance.getProperty(pos);
242 String nameSpace = prop.getValue().toString();
243
244 //
245 // get authorizations
246 //
247 pos = authInstance.findProperty(PROPERTY_NAME_AUTHORIZATION);
248 prop = (CIMProperty)authInstance.getProperty(pos);
249 String auth = prop.getValue().toString();
250 mike 1.2
251 //
252 // Add authorization to the table
253 //
|
254 kumpf 1.3 _authTable.insert(userName + nameSpace, auth);
|
255 mike 1.2 }
256
257 }
258 catch(Exception& e)
259 {
|
260 kumpf 1.7 PEG_METHOD_EXIT();
|
261 kumpf 1.3 throw e;
|
262 mike 1.2 }
263
|
264 kumpf 1.7 PEG_METHOD_EXIT();
|
265 mike 1.2 }
266
267 void AuthorizationHandler::setAuthorization(
268 const String& userName,
|
269 kumpf 1.11 const CIMNamespaceName& nameSpace,
|
270 mike 1.2 const String& auth)
271 {
|
272 kumpf 1.7 PEG_METHOD_ENTER(
273 TRC_AUTHORIZATION, "AuthorizationHandler::setAuthorization()");
|
274 kumpf 1.5
|
275 mike 1.2 //
|
276 kumpf 1.3 // Remove auth if it already exists
|
277 mike 1.2 //
|
278 kumpf 1.11 _authTable.remove(userName + nameSpace.getString());
|
279 mike 1.2
280 //
|
281 kumpf 1.3 // Insert the specified authorization
|
282 mike 1.2 //
|
283 kumpf 1.11 if (!_authTable.insert(userName + nameSpace.getString(), auth))
|
284 mike 1.2 {
|
285 kumpf 1.7 PEG_METHOD_EXIT();
|
286 mike 1.2 throw AuthorizationCacheError();
287 }
288
|
289 kumpf 1.7 PEG_METHOD_EXIT();
|
290 mike 1.2 }
291
292 void AuthorizationHandler::removeAuthorization(
293 const String& userName,
|
294 kumpf 1.11 const CIMNamespaceName& nameSpace)
|
295 mike 1.2 {
|
296 kumpf 1.7 PEG_METHOD_ENTER(
297 TRC_AUTHORIZATION, "AuthorizationHandler::removeAuthorization()");
|
298 kumpf 1.5
|
299 mike 1.2 //
|
300 kumpf 1.3 // Remove the specified authorization
|
301 mike 1.2 //
|
302 kumpf 1.11 if (!_authTable.remove(userName + nameSpace.getString()))
|
303 mike 1.2 {
|
304 kumpf 1.7 PEG_METHOD_EXIT();
|
305 kumpf 1.11 throw AuthorizationEntryNotFound(userName, nameSpace.getString());
|
306 mike 1.2 }
|
307 kumpf 1.7 PEG_METHOD_EXIT();
|
308 mike 1.2 }
309
310 String AuthorizationHandler::getAuthorization(
311 const String& userName,
|
312 kumpf 1.11 const CIMNamespaceName& nameSpace)
|
313 mike 1.2 {
|
314 kumpf 1.7 PEG_METHOD_ENTER(
315 TRC_AUTHORIZATION, "AuthorizationHandler::getAuthorization()");
|
316 kumpf 1.5
|
317 mike 1.2 String auth;
318
|
319 kumpf 1.3 //
320 // Get authorization for the specified userName and nameSpace
321 //
|
322 kumpf 1.11 if (!_authTable.lookup(userName + nameSpace.getString(), auth))
|
323 mike 1.2 {
|
324 kumpf 1.7 PEG_METHOD_EXIT();
|
325 kumpf 1.11 throw AuthorizationEntryNotFound(userName, nameSpace.getString());
|
326 mike 1.2 }
327
|
328 kumpf 1.7 PEG_METHOD_EXIT();
|
329 kumpf 1.5
|
330 mike 1.2 return auth;
331 }
332
333 //
334 // Verify whether the specified operation has authorization
335 // to be performed by the specified user.
336 //
337 Boolean AuthorizationHandler::verifyAuthorization(
338 const String& userName,
|
339 kumpf 1.11 const CIMNamespaceName& nameSpace,
340 const CIMName& cimMethodName)
|
341 mike 1.2 {
|
342 kumpf 1.7 PEG_METHOD_ENTER(
343 TRC_AUTHORIZATION, "AuthorizationHandler::verifyAuthorization()");
|
344 kumpf 1.5
|
345 mike 1.2 Boolean authorized = false;
|
346 kumpf 1.3 Boolean readOperation = false;
347 Boolean writeOperation = false;
|
348 mike 1.2
349 Uint32 readOpSize = sizeof(READ_OPERATIONS) / sizeof(READ_OPERATIONS[0]);
350
351 Uint32 writeOpSize = sizeof(WRITE_OPERATIONS) / sizeof(WRITE_OPERATIONS[0]);
352
|
353 kumpf 1.3 for (Uint32 i = 0; i < readOpSize; i++ )
354 {
|
355 kumpf 1.11 if (cimMethodName.equal (READ_OPERATIONS[i]))
|
356 kumpf 1.3 {
357 readOperation = true;
358 break;
359 }
360 }
361 if ( !readOperation )
362 {
363 for (Uint32 i = 0; i < writeOpSize; i++ )
364 {
|
365 kumpf 1.11 if (cimMethodName.equal (WRITE_OPERATIONS[i]))
|
366 kumpf 1.3 {
367 writeOperation = true;
368 break;
369 }
370 }
371 }
372
|
373 gerarda 1.13 #ifdef PEGASUS_OS_OS400
374 if (readOperation || writeOperation)
375 {
|
376 david 1.14 // Use OS/400 Application Administration to do cim operation verification
377 // (note - need to convert to EBCDIC before calling ycm)
378 CString userCStr = userName.getCString();
379 const char * user = (const char *)userCStr;
380 AtoE((char *)user);
381 CString nsCStr = nameSpace.getString().getCString();
382 const char * ns = (const char *)nsCStr;
383 AtoE((char *)ns);
384 CString cimMethCStr = cimMethodName.getString().getCString();
385 const char * cimMeth = (const char *)cimMethCStr;
386 AtoE((char *)cimMeth);
|
387 gerarda 1.13 int os400auth =
|
388 david 1.14 ycmVerifyFunctionAuthorization(user,
389 ns,
390 cimMeth);
|
391 gerarda 1.13 if (os400auth == TRUE)
392 authorized = true;
393 }
394 #else
|
395 mike 1.2 //
396 // Get the authorization of the specified user and namespace
397 //
398 String auth;
399 try
400 {
401 auth = getAuthorization(userName, nameSpace);
402 }
403 catch (Exception& e)
404 {
|
405 kumpf 1.7 PEG_METHOD_EXIT();
|
406 mike 1.2 return authorized;
407 }
408
|
409 kumpf 1.3 if ( ( String::equal(auth, "rw") || String::equal(auth, "wr") ) &&
410 ( readOperation || writeOperation ) )
|
411 mike 1.2 {
|
412 kumpf 1.3 authorized = true;
|
413 mike 1.2 }
|
414 kumpf 1.3 else if ( String::equal(auth, "r") && readOperation )
|
415 mike 1.2 {
|
416 kumpf 1.3 authorized = true;
|
417 mike 1.2 }
|
418 kumpf 1.3 else if ( String::equal(auth, "w") && writeOperation )
|
419 mike 1.2 {
|
420 kumpf 1.3 authorized = true;
|
421 mike 1.2 }
|
422 gerarda 1.13 #endif
|
423 kumpf 1.5
|
424 kumpf 1.7 PEG_METHOD_EXIT();
|
425 mike 1.2
426 return authorized;
427 }
428
429 PEGASUS_NAMESPACE_END
430
431
|
Return to
AuthorizationHandler.cpp
CVS log
Up to [Pegasus] / pegasus / src / Pegasus / Security / UserManager