pegasus/src/Pegasus/Security/UserManager/AuthorizationHandler.cpp - annotate

Return to AuthorizationHandler.cpp CVS log

Up to [Pegasus] / pegasus / src / Pegasus / Security / UserManager

1 karl 1.18 //%2005////////////////////////////////////////////////////////////////////////
2 mike 1.2 //
3 karl 1.16 // Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development 4 // Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems. 5 // Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.;
6 karl 1.15 // IBM Corp.; EMC Corporation, The Open Group.
7 karl 1.16 // Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.; 8 // IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group.
9 karl 1.18 // Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.; 10 // EMC Corporation; VERITAS Software Corporation; The Open Group.
11 mike 1.2 // 12 // Permission is hereby granted, free of charge, to any person obtaining a copy
13 kumpf 1.10 // of this software and associated documentation files (the "Software"), to 14 // deal in the Software without restriction, including without limitation the 15 // rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
16 mike 1.2 // sell copies of the Software, and to permit persons to whom the Software is 17 // furnished to do so, subject to the following conditions: 18 //
19 kumpf 1.10 // THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN
20 mike 1.2 // ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED 21 // "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
22 kumpf 1.10 // LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR 23 // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 24 // HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
25 mike 1.2 // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION 26 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 27 //
28 kumpf 1.10 //==============================================================================
29 mike 1.2 // 30 // Author: Sushma Fernandes (sushma_fernandes@hp.com) 31 // 32 // Modified By: Nag Boranna, Hewlett Packard Company (nagaraja_boranna@hp.com)
33 kumpf 1.9 // Carol Ann Krug Graves, Hewlett-Packard Company 34 // (carolann_graves@hp.com)
35 joyce.j 1.17 // Josephine Eskaline Joyce, IBM (jojustin@in.ibm.com) for PEP#101
36 mike 1.2 // 37 //%//////////////////////////////////////////////////////////////////////////// 38 39 40 /////////////////////////////////////////////////////////////////////////////// 41 // 42 // This file implements the functionality required to manage auth table. 43 // 44 /////////////////////////////////////////////////////////////////////////////// 45 46 #include <Pegasus/Common/FileSystem.h> 47 #include <Pegasus/Common/HashTable.h> 48 #include <Pegasus/Common/Logger.h> 49 #include <Pegasus/Common/System.h> 50 #include <Pegasus/Common/Tracer.h> 51 #include <Pegasus/Common/CIMInstance.h>
52 kumpf 1.6 #include <Pegasus/Common/Constants.h>
53 kumpf 1.11 #include <Pegasus/Common/XmlWriter.h>
54 mike 1.2
55 kumpf 1.5 #include "AuthorizationHandler.h" 56 #include "UserExceptions.h" 57
58 gerarda 1.13 #ifdef PEGASUS_OS_OS400 59 #include "qycmutiltyUtility.H"
60 david 1.14 #include "OS400ConvertChar.h"
61 gerarda 1.13 #endif
62 mike 1.2 63 PEGASUS_USING_STD; 64 65 PEGASUS_NAMESPACE_BEGIN 66 67
68 kumpf 1.7 // 69 // This constant represents the User name property in the schema 70 //
71 kumpf 1.11 static const CIMName PROPERTY_NAME_USERNAME = CIMName ("Username");
72 mike 1.2
73 kumpf 1.7 // 74 // This constant represents the Namespace property in the schema 75 //
76 kumpf 1.11 static const CIMName PROPERTY_NAME_NAMESPACE = CIMName ("Namespace");
77 mike 1.2
78 kumpf 1.7 // 79 // This constant represents the Authorizations property in the schema 80 //
81 kumpf 1.11 static const CIMName PROPERTY_NAME_AUTHORIZATION = CIMName ("Authorization");
82 mike 1.2 83
84 kumpf 1.7 // 85 // List of all the CIM Operations 86 // 87 // Note: The following tables contain all the existing CIM Operations. 88 // Any new CIM Operations created must be included in one of these tables, 89 // otherwise no CIM requests will have authorization to execute those 90 // new operations. 91 //
92 mike 1.2
93 kumpf 1.7 // 94 // List of read only CIM Operations 95 //
96 kumpf 1.11 static const CIMName READ_OPERATIONS [] = { 97 CIMName ("GetClass"), 98 CIMName ("GetInstance"), 99 CIMName ("EnumerateClassNames"), 100 CIMName ("References"), 101 CIMName ("ReferenceNames"), 102 CIMName ("AssociatorNames"), 103 CIMName ("Associators"), 104 CIMName ("EnumerateInstanceNames"), 105 CIMName ("GetQualifier"), 106 CIMName ("EnumerateQualifiers"), 107 CIMName ("EnumerateClasses"), 108 CIMName ("EnumerateInstances"), 109 CIMName ("ExecQuery"), 110 CIMName ("GetProperty") };
111 mike 1.2
112 kumpf 1.7 // 113 // List of write CIM Operations 114 //
115 kumpf 1.11 static const CIMName WRITE_OPERATIONS [] = { 116 CIMName ("CreateClass"), 117 CIMName ("CreateInstance"), 118 CIMName ("DeleteQualifier"), 119 CIMName ("SetQualifier"), 120 CIMName ("ModifyClass"), 121 CIMName ("ModifyInstance"), 122 CIMName ("DeleteClass"), 123 CIMName ("DeleteInstance"), 124 CIMName ("SetProperty"), 125 CIMName ("InvokeMethod"), 126 CIMName ("EnableIndicationSubscription"), 127 CIMName ("ModifyIndicationSubscription"), 128 CIMName ("DisableIndicationSubscription") };
129 mike 1.2 130 131 // 132 // Constructor 133 // 134 AuthorizationHandler::AuthorizationHandler(CIMRepository* repository) 135 {
136 kumpf 1.7 PEG_METHOD_ENTER( 137 TRC_AUTHORIZATION, "AuthorizationHandler::AuthorizationHandler()");
138 kumpf 1.5
139 mike 1.2 _repository = repository; 140 141 try 142 { 143 _loadAllAuthorizations(); 144 } 145 catch(Exception& e) 146 {
147 kumpf 1.7 //ATTN-NB-03-20020402: Should this exception be thrown or ignored ? 148 //throw e; 149
150 kumpf 1.12 // cerr << PEGASUS_CLASSNAME_AUTHORIZATION << " class not loaded, "; 151 // cerr << "No authorizations configured." << endl;
152 mike 1.2 }
153 kumpf 1.5
154 kumpf 1.7 PEG_METHOD_EXIT();
155 mike 1.2 } 156 157 // 158 // Destructor. 159 // 160 AuthorizationHandler::~AuthorizationHandler() 161 {
162 kumpf 1.7 PEG_METHOD_ENTER( 163 TRC_AUTHORIZATION, "AuthorizationHandler::~AuthorizationHandler()");
164 mike 1.2
165 kumpf 1.7 PEG_METHOD_EXIT();
166 mike 1.2 } 167 168 // 169 // Check if a given namespace exists 170 //
171 kumpf 1.11 Boolean AuthorizationHandler::verifyNamespace( 172 const CIMNamespaceName& nameSpace )
173 mike 1.2 {
174 kumpf 1.7 PEG_METHOD_ENTER( 175 TRC_AUTHORIZATION, "AuthorizationHandler::verifyNamespace()");
176 kumpf 1.5
177 mike 1.2 try 178 { 179 //
180 kumpf 1.3 // call enumerateNameSpaces to get all the namespaces 181 // in the repository
182 mike 1.2 //
183 kumpf 1.11 Array<CIMNamespaceName> namespaceNames =
184 kumpf 1.3 _repository->enumerateNameSpaces();
185 mike 1.2 186 // 187 // check for the given namespace 188 //
189 kumpf 1.3 Uint32 size = namespaceNames.size(); 190 191 for (Uint32 i = 0; i < size; i++)
192 mike 1.2 {
193 kumpf 1.11 if (nameSpace.equal (namespaceNames[i]))
194 kumpf 1.3 {
195 kumpf 1.7 PEG_METHOD_EXIT();
196 kumpf 1.3 return true; 197 }
198 mike 1.2 }
199 kumpf 1.3 } 200 catch (Exception& e)
201 mike 1.2 {
202 kumpf 1.7 PEG_METHOD_EXIT();
203 kumpf 1.11 throw InvalidNamespace(nameSpace.getString() + e.getMessage());
204 mike 1.2 }
205 kumpf 1.3
206 kumpf 1.7 PEG_METHOD_EXIT();
207 kumpf 1.5
208 kumpf 1.3 return false;
209 mike 1.2 } 210 211 // 212 // Load all user names and password 213 // 214 void AuthorizationHandler::_loadAllAuthorizations() 215 {
216 kumpf 1.7 PEG_METHOD_ENTER( 217 TRC_AUTHORIZATION, "AuthorizationHandler::_loadAllAuthorizations()");
218 kumpf 1.5
219 kumpf 1.9 Array<CIMInstance> namedInstances;
220 mike 1.2 221 try 222 { 223 // 224 // call enumerateInstances of the repository 225 // 226 namedInstances = _repository->enumerateInstances(
227 kumpf 1.6 PEGASUS_NAMESPACENAME_AUTHORIZATION, PEGASUS_CLASSNAME_AUTHORIZATION);
228 mike 1.2 229 // 230 // get all the user names, namespaces, and authorizations 231 // 232 for (Uint32 i = 0; i < namedInstances.size(); i++) 233 {
234 kumpf 1.9 CIMInstance& authInstance = namedInstances[i];
235 mike 1.2 236 // 237 // get user name 238 // 239 Uint32 pos = authInstance.findProperty(PROPERTY_NAME_USERNAME); 240 CIMProperty prop = (CIMProperty)authInstance.getProperty(pos); 241 String userName = prop.getValue().toString(); 242 243 // 244 // get namespace name 245 // 246 pos = authInstance.findProperty(PROPERTY_NAME_NAMESPACE); 247 prop = (CIMProperty)authInstance.getProperty(pos); 248 String nameSpace = prop.getValue().toString(); 249 250 // 251 // get authorizations 252 // 253 pos = authInstance.findProperty(PROPERTY_NAME_AUTHORIZATION); 254 prop = (CIMProperty)authInstance.getProperty(pos); 255 String auth = prop.getValue().toString(); 256 mike 1.2 257 // 258 // Add authorization to the table 259 //
260 kumpf 1.3 _authTable.insert(userName + nameSpace, auth);
261 mike 1.2 } 262 263 } 264 catch(Exception& e) 265 {
266 kumpf 1.7 PEG_METHOD_EXIT();
267 kumpf 1.3 throw e;
268 mike 1.2 } 269
270 kumpf 1.7 PEG_METHOD_EXIT();
271 mike 1.2 } 272 273 void AuthorizationHandler::setAuthorization( 274 const String& userName,
275 kumpf 1.11 const CIMNamespaceName& nameSpace,
276 mike 1.2 const String& auth) 277 {
278 kumpf 1.7 PEG_METHOD_ENTER( 279 TRC_AUTHORIZATION, "AuthorizationHandler::setAuthorization()");
280 kumpf 1.5
281 mike 1.2 //
282 kumpf 1.3 // Remove auth if it already exists
283 mike 1.2 //
284 kumpf 1.11 _authTable.remove(userName + nameSpace.getString());
285 mike 1.2 286 //
287 kumpf 1.3 // Insert the specified authorization
288 mike 1.2 //
289 kumpf 1.11 if (!_authTable.insert(userName + nameSpace.getString(), auth))
290 mike 1.2 {
291 kumpf 1.7 PEG_METHOD_EXIT();
292 mike 1.2 throw AuthorizationCacheError(); 293 } 294
295 kumpf 1.7 PEG_METHOD_EXIT();
296 mike 1.2 } 297 298 void AuthorizationHandler::removeAuthorization( 299 const String& userName,
300 kumpf 1.11 const CIMNamespaceName& nameSpace)
301 mike 1.2 {
302 kumpf 1.7 PEG_METHOD_ENTER( 303 TRC_AUTHORIZATION, "AuthorizationHandler::removeAuthorization()");
304 kumpf 1.5
305 mike 1.2 //
306 kumpf 1.3 // Remove the specified authorization
307 mike 1.2 //
308 kumpf 1.11 if (!_authTable.remove(userName + nameSpace.getString()))
309 mike 1.2 {
310 kumpf 1.7 PEG_METHOD_EXIT();
311 kumpf 1.11 throw AuthorizationEntryNotFound(userName, nameSpace.getString());
312 mike 1.2 }
313 kumpf 1.7 PEG_METHOD_EXIT();
314 mike 1.2 } 315 316 String AuthorizationHandler::getAuthorization( 317 const String& userName,
318 kumpf 1.11 const CIMNamespaceName& nameSpace)
319 mike 1.2 {
320 kumpf 1.7 PEG_METHOD_ENTER( 321 TRC_AUTHORIZATION, "AuthorizationHandler::getAuthorization()");
322 kumpf 1.5
323 mike 1.2 String auth; 324
325 kumpf 1.3 // 326 // Get authorization for the specified userName and nameSpace 327 //
328 kumpf 1.11 if (!_authTable.lookup(userName + nameSpace.getString(), auth))
329 mike 1.2 {
330 kumpf 1.7 PEG_METHOD_EXIT();
331 kumpf 1.11 throw AuthorizationEntryNotFound(userName, nameSpace.getString());
332 mike 1.2 } 333
334 kumpf 1.7 PEG_METHOD_EXIT();
335 kumpf 1.5
336 mike 1.2 return auth; 337 } 338 339 // 340 // Verify whether the specified operation has authorization 341 // to be performed by the specified user. 342 // 343 Boolean AuthorizationHandler::verifyAuthorization( 344 const String& userName,
345 kumpf 1.11 const CIMNamespaceName& nameSpace, 346 const CIMName& cimMethodName)
347 mike 1.2 {
348 kumpf 1.7 PEG_METHOD_ENTER( 349 TRC_AUTHORIZATION, "AuthorizationHandler::verifyAuthorization()");
350 kumpf 1.5
351 mike 1.2 Boolean authorized = false;
352 kumpf 1.3 Boolean readOperation = false; 353 Boolean writeOperation = false;
354 mike 1.2 355 Uint32 readOpSize = sizeof(READ_OPERATIONS) / sizeof(READ_OPERATIONS[0]); 356 357 Uint32 writeOpSize = sizeof(WRITE_OPERATIONS) / sizeof(WRITE_OPERATIONS[0]); 358
359 kumpf 1.3 for (Uint32 i = 0; i < readOpSize; i++ ) 360 {
361 kumpf 1.11 if (cimMethodName.equal (READ_OPERATIONS[i]))
362 kumpf 1.3 { 363 readOperation = true; 364 break; 365 } 366 } 367 if ( !readOperation ) 368 { 369 for (Uint32 i = 0; i < writeOpSize; i++ ) 370 {
371 kumpf 1.11 if (cimMethodName.equal (WRITE_OPERATIONS[i]))
372 kumpf 1.3 { 373 writeOperation = true; 374 break; 375 } 376 } 377 } 378
379 gerarda 1.13 #ifdef PEGASUS_OS_OS400 380 if (readOperation \|\| writeOperation) 381 {
382 david 1.14 // Use OS/400 Application Administration to do cim operation verification 383 // (note - need to convert to EBCDIC before calling ycm) 384 CString userCStr = userName.getCString(); 385 const char * user = (const char )userCStr; 386 AtoE((char )user); 387 CString nsCStr = nameSpace.getString().getCString(); 388 const char * ns = (const char )nsCStr; 389 AtoE((char )ns); 390 CString cimMethCStr = cimMethodName.getString().getCString(); 391 const char * cimMeth = (const char )cimMethCStr; 392 AtoE((char )cimMeth);
393 gerarda 1.13 int os400auth =
394 david 1.14 ycmVerifyFunctionAuthorization(user, 395 ns, 396 cimMeth);
397 gerarda 1.13 if (os400auth == TRUE) 398 authorized = true; 399 } 400 #else
401 mike 1.2 // 402 // Get the authorization of the specified user and namespace 403 // 404 String auth; 405 try 406 { 407 auth = getAuthorization(userName, nameSpace); 408 } 409 catch (Exception& e) 410 {
411 kumpf 1.7 PEG_METHOD_EXIT();
412 mike 1.2 return authorized; 413 } 414
415 kumpf 1.3 if ( ( String::equal(auth, "rw") \|\| String::equal(auth, "wr") ) && 416 ( readOperation \|\| writeOperation ) )
417 mike 1.2 {
418 kumpf 1.3 authorized = true;
419 mike 1.2 }
420 kumpf 1.3 else if ( String::equal(auth, "r") && readOperation )
421 mike 1.2 {
422 kumpf 1.3 authorized = true;
423 mike 1.2 }
424 kumpf 1.3 else if ( String::equal(auth, "w") && writeOperation )
425 mike 1.2 {
426 kumpf 1.3 authorized = true;
427 mike 1.2 }
428 gerarda 1.13 #endif
429 kumpf 1.5
430 kumpf 1.7 PEG_METHOD_EXIT();
431 mike 1.2 432 return authorized; 433 } 434 435 PEGASUS_NAMESPACE_END 436 437

No CVS admin address has been configured