1 karl 1.15 //%2003////////////////////////////////////////////////////////////////////////
|
2 mike 1.2 //
|
3 karl 1.15 // Copyright (c) 2000, 2001, 2002 BMC Software, Hewlett-Packard Development
4 // Company, L. P., IBM Corp., The Open Group, Tivoli Systems.
5 // Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L. P.;
6 // IBM Corp.; EMC Corporation, The Open Group.
|
7 mike 1.2 //
8 // Permission is hereby granted, free of charge, to any person obtaining a copy
|
9 kumpf 1.10 // of this software and associated documentation files (the "Software"), to
10 // deal in the Software without restriction, including without limitation the
11 // rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
|
12 mike 1.2 // sell copies of the Software, and to permit persons to whom the Software is
13 // furnished to do so, subject to the following conditions:
14 //
|
15 kumpf 1.10 // THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN
|
16 mike 1.2 // ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED
17 // "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
|
18 kumpf 1.10 // LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
19 // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
20 // HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
|
21 mike 1.2 // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
22 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
23 //
|
24 kumpf 1.10 //==============================================================================
|
25 mike 1.2 //
26 // Author: Sushma Fernandes (sushma_fernandes@hp.com)
27 //
28 // Modified By: Nag Boranna, Hewlett Packard Company (nagaraja_boranna@hp.com)
|
29 kumpf 1.9 // Carol Ann Krug Graves, Hewlett-Packard Company
30 // (carolann_graves@hp.com)
|
31 mike 1.2 //
32 //%////////////////////////////////////////////////////////////////////////////
33
34
35 ///////////////////////////////////////////////////////////////////////////////
36 //
37 // This file implements the functionality required to manage auth table.
38 //
39 ///////////////////////////////////////////////////////////////////////////////
40
41 #include <Pegasus/Common/FileSystem.h>
42 #include <Pegasus/Common/HashTable.h>
43 #include <Pegasus/Common/Destroyer.h>
44 #include <Pegasus/Common/Logger.h>
45 #include <Pegasus/Common/System.h>
46 #include <Pegasus/Common/Tracer.h>
47 #include <Pegasus/Common/CIMInstance.h>
|
48 kumpf 1.6 #include <Pegasus/Common/Constants.h>
|
49 kumpf 1.11 #include <Pegasus/Common/XmlWriter.h>
|
50 mike 1.2
|
51 kumpf 1.5 #include "AuthorizationHandler.h"
52 #include "UserExceptions.h"
53
|
54 gerarda 1.13 #ifdef PEGASUS_OS_OS400
55 #include "qycmutiltyUtility.H"
|
56 david 1.14 #include "OS400ConvertChar.h"
|
57 gerarda 1.13 #endif
|
58 mike 1.2
59 PEGASUS_USING_STD;
60
61 PEGASUS_NAMESPACE_BEGIN
62
63
|
64 kumpf 1.7 //
65 // This constant represents the User name property in the schema
66 //
|
67 kumpf 1.11 static const CIMName PROPERTY_NAME_USERNAME = CIMName ("Username");
|
68 mike 1.2
|
69 kumpf 1.7 //
70 // This constant represents the Namespace property in the schema
71 //
|
72 kumpf 1.11 static const CIMName PROPERTY_NAME_NAMESPACE = CIMName ("Namespace");
|
73 mike 1.2
|
74 kumpf 1.7 //
75 // This constant represents the Authorizations property in the schema
76 //
|
77 kumpf 1.11 static const CIMName PROPERTY_NAME_AUTHORIZATION = CIMName ("Authorization");
|
78 mike 1.2
79
|
80 kumpf 1.7 //
81 // List of all the CIM Operations
82 //
83 // Note: The following tables contain all the existing CIM Operations.
84 // Any new CIM Operations created must be included in one of these tables,
85 // otherwise no CIM requests will have authorization to execute those
86 // new operations.
87 //
|
88 mike 1.2
|
89 kumpf 1.7 //
90 // List of read only CIM Operations
91 //
|
92 kumpf 1.11 static const CIMName READ_OPERATIONS [] = {
93 CIMName ("GetClass"),
94 CIMName ("GetInstance"),
95 CIMName ("EnumerateClassNames"),
96 CIMName ("References"),
97 CIMName ("ReferenceNames"),
98 CIMName ("AssociatorNames"),
99 CIMName ("Associators"),
100 CIMName ("EnumerateInstanceNames"),
101 CIMName ("GetQualifier"),
102 CIMName ("EnumerateQualifiers"),
103 CIMName ("EnumerateClasses"),
104 CIMName ("EnumerateInstances"),
105 CIMName ("ExecQuery"),
106 CIMName ("GetProperty") };
|
107 mike 1.2
|
108 kumpf 1.7 //
109 // List of write CIM Operations
110 //
|
111 kumpf 1.11 static const CIMName WRITE_OPERATIONS [] = {
112 CIMName ("CreateClass"),
113 CIMName ("CreateInstance"),
114 CIMName ("DeleteQualifier"),
115 CIMName ("SetQualifier"),
116 CIMName ("ModifyClass"),
117 CIMName ("ModifyInstance"),
118 CIMName ("DeleteClass"),
119 CIMName ("DeleteInstance"),
120 CIMName ("SetProperty"),
121 CIMName ("InvokeMethod"),
122 CIMName ("EnableIndicationSubscription"),
123 CIMName ("ModifyIndicationSubscription"),
124 CIMName ("DisableIndicationSubscription") };
|
125 mike 1.2
126
127 //
128 // Constructor
129 //
130 AuthorizationHandler::AuthorizationHandler(CIMRepository* repository)
131 {
|
132 kumpf 1.7 PEG_METHOD_ENTER(
133 TRC_AUTHORIZATION, "AuthorizationHandler::AuthorizationHandler()");
|
134 kumpf 1.5
|
135 mike 1.2 _repository = repository;
136
137 try
138 {
139 _loadAllAuthorizations();
140 }
141 catch(Exception& e)
142 {
|
143 kumpf 1.7 //ATTN-NB-03-20020402: Should this exception be thrown or ignored ?
144 //throw e;
145
|
146 kumpf 1.12 // cerr << PEGASUS_CLASSNAME_AUTHORIZATION << " class not loaded, ";
147 // cerr << "No authorizations configured." << endl;
|
148 mike 1.2 }
|
149 kumpf 1.5
|
150 kumpf 1.7 PEG_METHOD_EXIT();
|
151 mike 1.2 }
152
153 //
154 // Destructor.
155 //
156 AuthorizationHandler::~AuthorizationHandler()
157 {
|
158 kumpf 1.7 PEG_METHOD_ENTER(
159 TRC_AUTHORIZATION, "AuthorizationHandler::~AuthorizationHandler()");
|
160 mike 1.2
|
161 kumpf 1.7 PEG_METHOD_EXIT();
|
162 mike 1.2 }
163
164 //
165 // Check if a given namespace exists
166 //
|
167 kumpf 1.11 Boolean AuthorizationHandler::verifyNamespace(
168 const CIMNamespaceName& nameSpace )
|
169 mike 1.2 {
|
170 kumpf 1.7 PEG_METHOD_ENTER(
171 TRC_AUTHORIZATION, "AuthorizationHandler::verifyNamespace()");
|
172 kumpf 1.5
|
173 mike 1.2 try
174 {
175 //
|
176 kumpf 1.3 // call enumerateNameSpaces to get all the namespaces
177 // in the repository
|
178 mike 1.2 //
|
179 kumpf 1.11 Array<CIMNamespaceName> namespaceNames =
|
180 kumpf 1.3 _repository->enumerateNameSpaces();
|
181 mike 1.2
182 //
183 // check for the given namespace
184 //
|
185 kumpf 1.3 Uint32 size = namespaceNames.size();
186
187 for (Uint32 i = 0; i < size; i++)
|
188 mike 1.2 {
|
189 kumpf 1.11 if (nameSpace.equal (namespaceNames[i]))
|
190 kumpf 1.3 {
|
191 kumpf 1.7 PEG_METHOD_EXIT();
|
192 kumpf 1.3 return true;
193 }
|
194 mike 1.2 }
|
195 kumpf 1.3 }
196 catch (Exception& e)
|
197 mike 1.2 {
|
198 kumpf 1.7 PEG_METHOD_EXIT();
|
199 kumpf 1.11 throw InvalidNamespace(nameSpace.getString() + e.getMessage());
|
200 mike 1.2 }
|
201 kumpf 1.3
|
202 kumpf 1.7 PEG_METHOD_EXIT();
|
203 kumpf 1.5
|
204 kumpf 1.3 return false;
|
205 mike 1.2 }
206
207 //
208 // Load all user names and password
209 //
210 void AuthorizationHandler::_loadAllAuthorizations()
211 {
|
212 kumpf 1.7 PEG_METHOD_ENTER(
213 TRC_AUTHORIZATION, "AuthorizationHandler::_loadAllAuthorizations()");
|
214 kumpf 1.5
|
215 kumpf 1.9 Array<CIMInstance> namedInstances;
|
216 mike 1.2
217 try
218 {
219 //
220 // call enumerateInstances of the repository
221 //
222 namedInstances = _repository->enumerateInstances(
|
223 kumpf 1.6 PEGASUS_NAMESPACENAME_AUTHORIZATION, PEGASUS_CLASSNAME_AUTHORIZATION);
|
224 mike 1.2
225 //
226 // get all the user names, namespaces, and authorizations
227 //
228 for (Uint32 i = 0; i < namedInstances.size(); i++)
229 {
|
230 kumpf 1.9 CIMInstance& authInstance = namedInstances[i];
|
231 mike 1.2
232 //
233 // get user name
234 //
235 Uint32 pos = authInstance.findProperty(PROPERTY_NAME_USERNAME);
236 CIMProperty prop = (CIMProperty)authInstance.getProperty(pos);
237 String userName = prop.getValue().toString();
238
239 //
240 // get namespace name
241 //
242 pos = authInstance.findProperty(PROPERTY_NAME_NAMESPACE);
243 prop = (CIMProperty)authInstance.getProperty(pos);
244 String nameSpace = prop.getValue().toString();
245
246 //
247 // get authorizations
248 //
249 pos = authInstance.findProperty(PROPERTY_NAME_AUTHORIZATION);
250 prop = (CIMProperty)authInstance.getProperty(pos);
251 String auth = prop.getValue().toString();
252 mike 1.2
253 //
254 // Add authorization to the table
255 //
|
256 kumpf 1.3 _authTable.insert(userName + nameSpace, auth);
|
257 mike 1.2 }
258
259 }
260 catch(Exception& e)
261 {
|
262 kumpf 1.7 PEG_METHOD_EXIT();
|
263 kumpf 1.3 throw e;
|
264 mike 1.2 }
265
|
266 kumpf 1.7 PEG_METHOD_EXIT();
|
267 mike 1.2 }
268
269 void AuthorizationHandler::setAuthorization(
270 const String& userName,
|
271 kumpf 1.11 const CIMNamespaceName& nameSpace,
|
272 mike 1.2 const String& auth)
273 {
|
274 kumpf 1.7 PEG_METHOD_ENTER(
275 TRC_AUTHORIZATION, "AuthorizationHandler::setAuthorization()");
|
276 kumpf 1.5
|
277 mike 1.2 //
|
278 kumpf 1.3 // Remove auth if it already exists
|
279 mike 1.2 //
|
280 kumpf 1.11 _authTable.remove(userName + nameSpace.getString());
|
281 mike 1.2
282 //
|
283 kumpf 1.3 // Insert the specified authorization
|
284 mike 1.2 //
|
285 kumpf 1.11 if (!_authTable.insert(userName + nameSpace.getString(), auth))
|
286 mike 1.2 {
|
287 kumpf 1.7 PEG_METHOD_EXIT();
|
288 mike 1.2 throw AuthorizationCacheError();
289 }
290
|
291 kumpf 1.7 PEG_METHOD_EXIT();
|
292 mike 1.2 }
293
294 void AuthorizationHandler::removeAuthorization(
295 const String& userName,
|
296 kumpf 1.11 const CIMNamespaceName& nameSpace)
|
297 mike 1.2 {
|
298 kumpf 1.7 PEG_METHOD_ENTER(
299 TRC_AUTHORIZATION, "AuthorizationHandler::removeAuthorization()");
|
300 kumpf 1.5
|
301 mike 1.2 //
|
302 kumpf 1.3 // Remove the specified authorization
|
303 mike 1.2 //
|
304 kumpf 1.11 if (!_authTable.remove(userName + nameSpace.getString()))
|
305 mike 1.2 {
|
306 kumpf 1.7 PEG_METHOD_EXIT();
|
307 kumpf 1.11 throw AuthorizationEntryNotFound(userName, nameSpace.getString());
|
308 mike 1.2 }
|
309 kumpf 1.7 PEG_METHOD_EXIT();
|
310 mike 1.2 }
311
312 String AuthorizationHandler::getAuthorization(
313 const String& userName,
|
314 kumpf 1.11 const CIMNamespaceName& nameSpace)
|
315 mike 1.2 {
|
316 kumpf 1.7 PEG_METHOD_ENTER(
317 TRC_AUTHORIZATION, "AuthorizationHandler::getAuthorization()");
|
318 kumpf 1.5
|
319 mike 1.2 String auth;
320
|
321 kumpf 1.3 //
322 // Get authorization for the specified userName and nameSpace
323 //
|
324 kumpf 1.11 if (!_authTable.lookup(userName + nameSpace.getString(), auth))
|
325 mike 1.2 {
|
326 kumpf 1.7 PEG_METHOD_EXIT();
|
327 kumpf 1.11 throw AuthorizationEntryNotFound(userName, nameSpace.getString());
|
328 mike 1.2 }
329
|
330 kumpf 1.7 PEG_METHOD_EXIT();
|
331 kumpf 1.5
|
332 mike 1.2 return auth;
333 }
334
335 //
336 // Verify whether the specified operation has authorization
337 // to be performed by the specified user.
338 //
339 Boolean AuthorizationHandler::verifyAuthorization(
340 const String& userName,
|
341 kumpf 1.11 const CIMNamespaceName& nameSpace,
342 const CIMName& cimMethodName)
|
343 mike 1.2 {
|
344 kumpf 1.7 PEG_METHOD_ENTER(
345 TRC_AUTHORIZATION, "AuthorizationHandler::verifyAuthorization()");
|
346 kumpf 1.5
|
347 mike 1.2 Boolean authorized = false;
|
348 kumpf 1.3 Boolean readOperation = false;
349 Boolean writeOperation = false;
|
350 mike 1.2
351 Uint32 readOpSize = sizeof(READ_OPERATIONS) / sizeof(READ_OPERATIONS[0]);
352
353 Uint32 writeOpSize = sizeof(WRITE_OPERATIONS) / sizeof(WRITE_OPERATIONS[0]);
354
|
355 kumpf 1.3 for (Uint32 i = 0; i < readOpSize; i++ )
356 {
|
357 kumpf 1.11 if (cimMethodName.equal (READ_OPERATIONS[i]))
|
358 kumpf 1.3 {
359 readOperation = true;
360 break;
361 }
362 }
363 if ( !readOperation )
364 {
365 for (Uint32 i = 0; i < writeOpSize; i++ )
366 {
|
367 kumpf 1.11 if (cimMethodName.equal (WRITE_OPERATIONS[i]))
|
368 kumpf 1.3 {
369 writeOperation = true;
370 break;
371 }
372 }
373 }
374
|
375 gerarda 1.13 #ifdef PEGASUS_OS_OS400
376 if (readOperation || writeOperation)
377 {
|
378 david 1.14 // Use OS/400 Application Administration to do cim operation verification
379 // (note - need to convert to EBCDIC before calling ycm)
380 CString userCStr = userName.getCString();
381 const char * user = (const char *)userCStr;
382 AtoE((char *)user);
383 CString nsCStr = nameSpace.getString().getCString();
384 const char * ns = (const char *)nsCStr;
385 AtoE((char *)ns);
386 CString cimMethCStr = cimMethodName.getString().getCString();
387 const char * cimMeth = (const char *)cimMethCStr;
388 AtoE((char *)cimMeth);
|
389 gerarda 1.13 int os400auth =
|
390 david 1.14 ycmVerifyFunctionAuthorization(user,
391 ns,
392 cimMeth);
|
393 gerarda 1.13 if (os400auth == TRUE)
394 authorized = true;
395 }
396 #else
|
397 mike 1.2 //
398 // Get the authorization of the specified user and namespace
399 //
400 String auth;
401 try
402 {
403 auth = getAuthorization(userName, nameSpace);
404 }
405 catch (Exception& e)
406 {
|
407 kumpf 1.7 PEG_METHOD_EXIT();
|
408 mike 1.2 return authorized;
409 }
410
|
411 kumpf 1.3 if ( ( String::equal(auth, "rw") || String::equal(auth, "wr") ) &&
412 ( readOperation || writeOperation ) )
|
413 mike 1.2 {
|
414 kumpf 1.3 authorized = true;
|
415 mike 1.2 }
|
416 kumpf 1.3 else if ( String::equal(auth, "r") && readOperation )
|
417 mike 1.2 {
|
418 kumpf 1.3 authorized = true;
|
419 mike 1.2 }
|
420 kumpf 1.3 else if ( String::equal(auth, "w") && writeOperation )
|
421 mike 1.2 {
|
422 kumpf 1.3 authorized = true;
|
423 mike 1.2 }
|
424 gerarda 1.13 #endif
|
425 kumpf 1.5
|
426 kumpf 1.7 PEG_METHOD_EXIT();
|
427 mike 1.2
428 return authorized;
429 }
430
431 PEGASUS_NAMESPACE_END
432
433
|