1 karl 1.16 //%2004////////////////////////////////////////////////////////////////////////
|
2 mike 1.2 //
|
3 karl 1.16 // Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development
4 // Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems.
5 // Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.;
|
6 karl 1.15 // IBM Corp.; EMC Corporation, The Open Group.
|
7 karl 1.16 // Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.;
8 // IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group.
|
9 mike 1.2 //
10 // Permission is hereby granted, free of charge, to any person obtaining a copy
|
11 kumpf 1.10 // of this software and associated documentation files (the "Software"), to
12 // deal in the Software without restriction, including without limitation the
13 // rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
|
14 mike 1.2 // sell copies of the Software, and to permit persons to whom the Software is
15 // furnished to do so, subject to the following conditions:
16 //
|
17 kumpf 1.10 // THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN
|
18 mike 1.2 // ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED
19 // "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
|
20 kumpf 1.10 // LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
21 // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
22 // HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
|
23 mike 1.2 // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
24 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
25 //
|
26 kumpf 1.10 //==============================================================================
|
27 mike 1.2 //
28 // Author: Sushma Fernandes (sushma_fernandes@hp.com)
29 //
30 // Modified By: Nag Boranna, Hewlett Packard Company (nagaraja_boranna@hp.com)
|
31 kumpf 1.9 // Carol Ann Krug Graves, Hewlett-Packard Company
32 // (carolann_graves@hp.com)
|
33 mike 1.2 //
34 //%////////////////////////////////////////////////////////////////////////////
35
36
37 ///////////////////////////////////////////////////////////////////////////////
38 //
39 // This file implements the functionality required to manage auth table.
40 //
41 ///////////////////////////////////////////////////////////////////////////////
42
43 #include <Pegasus/Common/FileSystem.h>
44 #include <Pegasus/Common/HashTable.h>
45 #include <Pegasus/Common/Destroyer.h>
46 #include <Pegasus/Common/Logger.h>
47 #include <Pegasus/Common/System.h>
48 #include <Pegasus/Common/Tracer.h>
49 #include <Pegasus/Common/CIMInstance.h>
|
50 kumpf 1.6 #include <Pegasus/Common/Constants.h>
|
51 kumpf 1.11 #include <Pegasus/Common/XmlWriter.h>
|
52 mike 1.2
|
53 kumpf 1.5 #include "AuthorizationHandler.h"
54 #include "UserExceptions.h"
55
|
56 gerarda 1.13 #ifdef PEGASUS_OS_OS400
57 #include "qycmutiltyUtility.H"
|
58 david 1.14 #include "OS400ConvertChar.h"
|
59 gerarda 1.13 #endif
|
60 mike 1.2
61 PEGASUS_USING_STD;
62
63 PEGASUS_NAMESPACE_BEGIN
64
65
|
66 kumpf 1.7 //
67 // This constant represents the User name property in the schema
68 //
|
69 kumpf 1.11 static const CIMName PROPERTY_NAME_USERNAME = CIMName ("Username");
|
70 mike 1.2
|
71 kumpf 1.7 //
72 // This constant represents the Namespace property in the schema
73 //
|
74 kumpf 1.11 static const CIMName PROPERTY_NAME_NAMESPACE = CIMName ("Namespace");
|
75 mike 1.2
|
76 kumpf 1.7 //
77 // This constant represents the Authorizations property in the schema
78 //
|
79 kumpf 1.11 static const CIMName PROPERTY_NAME_AUTHORIZATION = CIMName ("Authorization");
|
80 mike 1.2
81
|
82 kumpf 1.7 //
83 // List of all the CIM Operations
84 //
85 // Note: The following tables contain all the existing CIM Operations.
86 // Any new CIM Operations created must be included in one of these tables,
87 // otherwise no CIM requests will have authorization to execute those
88 // new operations.
89 //
|
90 mike 1.2
|
91 kumpf 1.7 //
92 // List of read only CIM Operations
93 //
|
94 kumpf 1.11 static const CIMName READ_OPERATIONS [] = {
95 CIMName ("GetClass"),
96 CIMName ("GetInstance"),
97 CIMName ("EnumerateClassNames"),
98 CIMName ("References"),
99 CIMName ("ReferenceNames"),
100 CIMName ("AssociatorNames"),
101 CIMName ("Associators"),
102 CIMName ("EnumerateInstanceNames"),
103 CIMName ("GetQualifier"),
104 CIMName ("EnumerateQualifiers"),
105 CIMName ("EnumerateClasses"),
106 CIMName ("EnumerateInstances"),
107 CIMName ("ExecQuery"),
108 CIMName ("GetProperty") };
|
109 mike 1.2
|
110 kumpf 1.7 //
111 // List of write CIM Operations
112 //
|
113 kumpf 1.11 static const CIMName WRITE_OPERATIONS [] = {
114 CIMName ("CreateClass"),
115 CIMName ("CreateInstance"),
116 CIMName ("DeleteQualifier"),
117 CIMName ("SetQualifier"),
118 CIMName ("ModifyClass"),
119 CIMName ("ModifyInstance"),
120 CIMName ("DeleteClass"),
121 CIMName ("DeleteInstance"),
122 CIMName ("SetProperty"),
123 CIMName ("InvokeMethod"),
124 CIMName ("EnableIndicationSubscription"),
125 CIMName ("ModifyIndicationSubscription"),
126 CIMName ("DisableIndicationSubscription") };
|
127 mike 1.2
128
129 //
130 // Constructor
131 //
132 AuthorizationHandler::AuthorizationHandler(CIMRepository* repository)
133 {
|
134 kumpf 1.7 PEG_METHOD_ENTER(
135 TRC_AUTHORIZATION, "AuthorizationHandler::AuthorizationHandler()");
|
136 kumpf 1.5
|
137 mike 1.2 _repository = repository;
138
139 try
140 {
141 _loadAllAuthorizations();
142 }
143 catch(Exception& e)
144 {
|
145 kumpf 1.7 //ATTN-NB-03-20020402: Should this exception be thrown or ignored ?
146 //throw e;
147
|
148 kumpf 1.12 // cerr << PEGASUS_CLASSNAME_AUTHORIZATION << " class not loaded, ";
149 // cerr << "No authorizations configured." << endl;
|
150 mike 1.2 }
|
151 kumpf 1.5
|
152 kumpf 1.7 PEG_METHOD_EXIT();
|
153 mike 1.2 }
154
155 //
156 // Destructor.
157 //
158 AuthorizationHandler::~AuthorizationHandler()
159 {
|
160 kumpf 1.7 PEG_METHOD_ENTER(
161 TRC_AUTHORIZATION, "AuthorizationHandler::~AuthorizationHandler()");
|
162 mike 1.2
|
163 kumpf 1.7 PEG_METHOD_EXIT();
|
164 mike 1.2 }
165
166 //
167 // Check if a given namespace exists
168 //
|
169 kumpf 1.11 Boolean AuthorizationHandler::verifyNamespace(
170 const CIMNamespaceName& nameSpace )
|
171 mike 1.2 {
|
172 kumpf 1.7 PEG_METHOD_ENTER(
173 TRC_AUTHORIZATION, "AuthorizationHandler::verifyNamespace()");
|
174 kumpf 1.5
|
175 mike 1.2 try
176 {
177 //
|
178 kumpf 1.3 // call enumerateNameSpaces to get all the namespaces
179 // in the repository
|
180 mike 1.2 //
|
181 kumpf 1.11 Array<CIMNamespaceName> namespaceNames =
|
182 kumpf 1.3 _repository->enumerateNameSpaces();
|
183 mike 1.2
184 //
185 // check for the given namespace
186 //
|
187 kumpf 1.3 Uint32 size = namespaceNames.size();
188
189 for (Uint32 i = 0; i < size; i++)
|
190 mike 1.2 {
|
191 kumpf 1.11 if (nameSpace.equal (namespaceNames[i]))
|
192 kumpf 1.3 {
|
193 kumpf 1.7 PEG_METHOD_EXIT();
|
194 kumpf 1.3 return true;
195 }
|
196 mike 1.2 }
|
197 kumpf 1.3 }
198 catch (Exception& e)
|
199 mike 1.2 {
|
200 kumpf 1.7 PEG_METHOD_EXIT();
|
201 kumpf 1.11 throw InvalidNamespace(nameSpace.getString() + e.getMessage());
|
202 mike 1.2 }
|
203 kumpf 1.3
|
204 kumpf 1.7 PEG_METHOD_EXIT();
|
205 kumpf 1.5
|
206 kumpf 1.3 return false;
|
207 mike 1.2 }
208
209 //
210 // Load all user names and password
211 //
212 void AuthorizationHandler::_loadAllAuthorizations()
213 {
|
214 kumpf 1.7 PEG_METHOD_ENTER(
215 TRC_AUTHORIZATION, "AuthorizationHandler::_loadAllAuthorizations()");
|
216 kumpf 1.5
|
217 kumpf 1.9 Array<CIMInstance> namedInstances;
|
218 mike 1.2
219 try
220 {
221 //
222 // call enumerateInstances of the repository
223 //
224 namedInstances = _repository->enumerateInstances(
|
225 kumpf 1.6 PEGASUS_NAMESPACENAME_AUTHORIZATION, PEGASUS_CLASSNAME_AUTHORIZATION);
|
226 mike 1.2
227 //
228 // get all the user names, namespaces, and authorizations
229 //
230 for (Uint32 i = 0; i < namedInstances.size(); i++)
231 {
|
232 kumpf 1.9 CIMInstance& authInstance = namedInstances[i];
|
233 mike 1.2
234 //
235 // get user name
236 //
237 Uint32 pos = authInstance.findProperty(PROPERTY_NAME_USERNAME);
238 CIMProperty prop = (CIMProperty)authInstance.getProperty(pos);
239 String userName = prop.getValue().toString();
240
241 //
242 // get namespace name
243 //
244 pos = authInstance.findProperty(PROPERTY_NAME_NAMESPACE);
245 prop = (CIMProperty)authInstance.getProperty(pos);
246 String nameSpace = prop.getValue().toString();
247
248 //
249 // get authorizations
250 //
251 pos = authInstance.findProperty(PROPERTY_NAME_AUTHORIZATION);
252 prop = (CIMProperty)authInstance.getProperty(pos);
253 String auth = prop.getValue().toString();
254 mike 1.2
255 //
256 // Add authorization to the table
257 //
|
258 kumpf 1.3 _authTable.insert(userName + nameSpace, auth);
|
259 mike 1.2 }
260
261 }
262 catch(Exception& e)
263 {
|
264 kumpf 1.7 PEG_METHOD_EXIT();
|
265 kumpf 1.3 throw e;
|
266 mike 1.2 }
267
|
268 kumpf 1.7 PEG_METHOD_EXIT();
|
269 mike 1.2 }
270
271 void AuthorizationHandler::setAuthorization(
272 const String& userName,
|
273 kumpf 1.11 const CIMNamespaceName& nameSpace,
|
274 mike 1.2 const String& auth)
275 {
|
276 kumpf 1.7 PEG_METHOD_ENTER(
277 TRC_AUTHORIZATION, "AuthorizationHandler::setAuthorization()");
|
278 kumpf 1.5
|
279 mike 1.2 //
|
280 kumpf 1.3 // Remove auth if it already exists
|
281 mike 1.2 //
|
282 kumpf 1.11 _authTable.remove(userName + nameSpace.getString());
|
283 mike 1.2
284 //
|
285 kumpf 1.3 // Insert the specified authorization
|
286 mike 1.2 //
|
287 kumpf 1.11 if (!_authTable.insert(userName + nameSpace.getString(), auth))
|
288 mike 1.2 {
|
289 kumpf 1.7 PEG_METHOD_EXIT();
|
290 mike 1.2 throw AuthorizationCacheError();
291 }
292
|
293 kumpf 1.7 PEG_METHOD_EXIT();
|
294 mike 1.2 }
295
296 void AuthorizationHandler::removeAuthorization(
297 const String& userName,
|
298 kumpf 1.11 const CIMNamespaceName& nameSpace)
|
299 mike 1.2 {
|
300 kumpf 1.7 PEG_METHOD_ENTER(
301 TRC_AUTHORIZATION, "AuthorizationHandler::removeAuthorization()");
|
302 kumpf 1.5
|
303 mike 1.2 //
|
304 kumpf 1.3 // Remove the specified authorization
|
305 mike 1.2 //
|
306 kumpf 1.11 if (!_authTable.remove(userName + nameSpace.getString()))
|
307 mike 1.2 {
|
308 kumpf 1.7 PEG_METHOD_EXIT();
|
309 kumpf 1.11 throw AuthorizationEntryNotFound(userName, nameSpace.getString());
|
310 mike 1.2 }
|
311 kumpf 1.7 PEG_METHOD_EXIT();
|
312 mike 1.2 }
313
314 String AuthorizationHandler::getAuthorization(
315 const String& userName,
|
316 kumpf 1.11 const CIMNamespaceName& nameSpace)
|
317 mike 1.2 {
|
318 kumpf 1.7 PEG_METHOD_ENTER(
319 TRC_AUTHORIZATION, "AuthorizationHandler::getAuthorization()");
|
320 kumpf 1.5
|
321 mike 1.2 String auth;
322
|
323 kumpf 1.3 //
324 // Get authorization for the specified userName and nameSpace
325 //
|
326 kumpf 1.11 if (!_authTable.lookup(userName + nameSpace.getString(), auth))
|
327 mike 1.2 {
|
328 kumpf 1.7 PEG_METHOD_EXIT();
|
329 kumpf 1.11 throw AuthorizationEntryNotFound(userName, nameSpace.getString());
|
330 mike 1.2 }
331
|
332 kumpf 1.7 PEG_METHOD_EXIT();
|
333 kumpf 1.5
|
334 mike 1.2 return auth;
335 }
336
337 //
338 // Verify whether the specified operation has authorization
339 // to be performed by the specified user.
340 //
341 Boolean AuthorizationHandler::verifyAuthorization(
342 const String& userName,
|
343 kumpf 1.11 const CIMNamespaceName& nameSpace,
344 const CIMName& cimMethodName)
|
345 mike 1.2 {
|
346 kumpf 1.7 PEG_METHOD_ENTER(
347 TRC_AUTHORIZATION, "AuthorizationHandler::verifyAuthorization()");
|
348 kumpf 1.5
|
349 mike 1.2 Boolean authorized = false;
|
350 kumpf 1.3 Boolean readOperation = false;
351 Boolean writeOperation = false;
|
352 mike 1.2
353 Uint32 readOpSize = sizeof(READ_OPERATIONS) / sizeof(READ_OPERATIONS[0]);
354
355 Uint32 writeOpSize = sizeof(WRITE_OPERATIONS) / sizeof(WRITE_OPERATIONS[0]);
356
|
357 kumpf 1.3 for (Uint32 i = 0; i < readOpSize; i++ )
358 {
|
359 kumpf 1.11 if (cimMethodName.equal (READ_OPERATIONS[i]))
|
360 kumpf 1.3 {
361 readOperation = true;
362 break;
363 }
364 }
365 if ( !readOperation )
366 {
367 for (Uint32 i = 0; i < writeOpSize; i++ )
368 {
|
369 kumpf 1.11 if (cimMethodName.equal (WRITE_OPERATIONS[i]))
|
370 kumpf 1.3 {
371 writeOperation = true;
372 break;
373 }
374 }
375 }
376
|
377 gerarda 1.13 #ifdef PEGASUS_OS_OS400
378 if (readOperation || writeOperation)
379 {
|
380 david 1.14 // Use OS/400 Application Administration to do cim operation verification
381 // (note - need to convert to EBCDIC before calling ycm)
382 CString userCStr = userName.getCString();
383 const char * user = (const char *)userCStr;
384 AtoE((char *)user);
385 CString nsCStr = nameSpace.getString().getCString();
386 const char * ns = (const char *)nsCStr;
387 AtoE((char *)ns);
388 CString cimMethCStr = cimMethodName.getString().getCString();
389 const char * cimMeth = (const char *)cimMethCStr;
390 AtoE((char *)cimMeth);
|
391 gerarda 1.13 int os400auth =
|
392 david 1.14 ycmVerifyFunctionAuthorization(user,
393 ns,
394 cimMeth);
|
395 gerarda 1.13 if (os400auth == TRUE)
396 authorized = true;
397 }
398 #else
|
399 mike 1.2 //
400 // Get the authorization of the specified user and namespace
401 //
402 String auth;
403 try
404 {
405 auth = getAuthorization(userName, nameSpace);
406 }
407 catch (Exception& e)
408 {
|
409 kumpf 1.7 PEG_METHOD_EXIT();
|
410 mike 1.2 return authorized;
411 }
412
|
413 kumpf 1.3 if ( ( String::equal(auth, "rw") || String::equal(auth, "wr") ) &&
414 ( readOperation || writeOperation ) )
|
415 mike 1.2 {
|
416 kumpf 1.3 authorized = true;
|
417 mike 1.2 }
|
418 kumpf 1.3 else if ( String::equal(auth, "r") && readOperation )
|
419 mike 1.2 {
|
420 kumpf 1.3 authorized = true;
|
421 mike 1.2 }
|
422 kumpf 1.3 else if ( String::equal(auth, "w") && writeOperation )
|
423 mike 1.2 {
|
424 kumpf 1.3 authorized = true;
|
425 mike 1.2 }
|
426 gerarda 1.13 #endif
|
427 kumpf 1.5
|
428 kumpf 1.7 PEG_METHOD_EXIT();
|
429 mike 1.2
430 return authorized;
431 }
432
433 PEGASUS_NAMESPACE_END
434
435
|
Return to
AuthorizationHandler.cpp
CVS log
Up to [Pegasus] / pegasus / src / Pegasus / Security / UserManager