1 karl 1.18 //%2005////////////////////////////////////////////////////////////////////////
|
2 mike 1.2 //
|
3 karl 1.16 // Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development
4 // Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems.
5 // Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.;
|
6 karl 1.15 // IBM Corp.; EMC Corporation, The Open Group.
|
7 karl 1.16 // Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.;
8 // IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group.
|
9 karl 1.18 // Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.;
10 // EMC Corporation; VERITAS Software Corporation; The Open Group.
|
11 mike 1.2 //
12 // Permission is hereby granted, free of charge, to any person obtaining a copy
|
13 kumpf 1.10 // of this software and associated documentation files (the "Software"), to
14 // deal in the Software without restriction, including without limitation the
15 // rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
|
16 mike 1.2 // sell copies of the Software, and to permit persons to whom the Software is
17 // furnished to do so, subject to the following conditions:
18 //
|
19 kumpf 1.10 // THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN
|
20 mike 1.2 // ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED
21 // "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
|
22 kumpf 1.10 // LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
23 // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
24 // HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
|
25 mike 1.2 // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
26 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
27 //
|
28 kumpf 1.10 //==============================================================================
|
29 mike 1.2 //
30 // Author: Sushma Fernandes (sushma_fernandes@hp.com)
31 //
32 // Modified By: Nag Boranna, Hewlett Packard Company (nagaraja_boranna@hp.com)
|
33 kumpf 1.9 // Carol Ann Krug Graves, Hewlett-Packard Company
34 // (carolann_graves@hp.com)
|
35 joyce.j 1.17 // Josephine Eskaline Joyce, IBM (jojustin@in.ibm.com) for PEP#101
|
36 mike 1.2 //
37 //%////////////////////////////////////////////////////////////////////////////
38
39
40 ///////////////////////////////////////////////////////////////////////////////
41 //
42 // This file implements the functionality required to manage auth table.
43 //
44 ///////////////////////////////////////////////////////////////////////////////
45
46 #include <Pegasus/Common/FileSystem.h>
47 #include <Pegasus/Common/HashTable.h>
48 #include <Pegasus/Common/Logger.h>
49 #include <Pegasus/Common/System.h>
50 #include <Pegasus/Common/Tracer.h>
51 #include <Pegasus/Common/CIMInstance.h>
|
52 kumpf 1.6 #include <Pegasus/Common/Constants.h>
|
53 kumpf 1.11 #include <Pegasus/Common/XmlWriter.h>
|
54 mike 1.2
|
55 kumpf 1.5 #include "AuthorizationHandler.h"
56 #include "UserExceptions.h"
57
|
58 gerarda 1.13 #ifdef PEGASUS_OS_OS400
59 #include "qycmutiltyUtility.H"
|
60 david 1.14 #include "OS400ConvertChar.h"
|
61 gerarda 1.13 #endif
|
62 mike 1.2
63 PEGASUS_USING_STD;
64
65 PEGASUS_NAMESPACE_BEGIN
66
67
|
68 kumpf 1.7 //
69 // This constant represents the User name property in the schema
70 //
|
71 kumpf 1.11 static const CIMName PROPERTY_NAME_USERNAME = CIMName ("Username");
|
72 mike 1.2
|
73 kumpf 1.7 //
74 // This constant represents the Namespace property in the schema
75 //
|
76 kumpf 1.11 static const CIMName PROPERTY_NAME_NAMESPACE = CIMName ("Namespace");
|
77 mike 1.2
|
78 kumpf 1.7 //
79 // This constant represents the Authorizations property in the schema
80 //
|
81 kumpf 1.11 static const CIMName PROPERTY_NAME_AUTHORIZATION = CIMName ("Authorization");
|
82 mike 1.2
83
|
84 kumpf 1.7 //
85 // List of all the CIM Operations
86 //
87 // Note: The following tables contain all the existing CIM Operations.
88 // Any new CIM Operations created must be included in one of these tables,
89 // otherwise no CIM requests will have authorization to execute those
90 // new operations.
91 //
|
92 mike 1.2
|
93 kumpf 1.7 //
94 // List of read only CIM Operations
95 //
|
96 kumpf 1.11 static const CIMName READ_OPERATIONS [] = {
97 CIMName ("GetClass"),
98 CIMName ("GetInstance"),
99 CIMName ("EnumerateClassNames"),
100 CIMName ("References"),
101 CIMName ("ReferenceNames"),
102 CIMName ("AssociatorNames"),
103 CIMName ("Associators"),
104 CIMName ("EnumerateInstanceNames"),
105 CIMName ("GetQualifier"),
106 CIMName ("EnumerateQualifiers"),
107 CIMName ("EnumerateClasses"),
108 CIMName ("EnumerateInstances"),
109 CIMName ("ExecQuery"),
110 CIMName ("GetProperty") };
|
111 mike 1.2
|
112 kumpf 1.7 //
113 // List of write CIM Operations
114 //
|
115 kumpf 1.11 static const CIMName WRITE_OPERATIONS [] = {
116 CIMName ("CreateClass"),
117 CIMName ("CreateInstance"),
118 CIMName ("DeleteQualifier"),
119 CIMName ("SetQualifier"),
120 CIMName ("ModifyClass"),
121 CIMName ("ModifyInstance"),
122 CIMName ("DeleteClass"),
123 CIMName ("DeleteInstance"),
124 CIMName ("SetProperty"),
125 CIMName ("InvokeMethod"),
126 CIMName ("EnableIndicationSubscription"),
127 CIMName ("ModifyIndicationSubscription"),
128 CIMName ("DisableIndicationSubscription") };
|
129 mike 1.2
130
131 //
132 // Constructor
133 //
134 AuthorizationHandler::AuthorizationHandler(CIMRepository* repository)
135 {
|
136 kumpf 1.7 PEG_METHOD_ENTER(
137 TRC_AUTHORIZATION, "AuthorizationHandler::AuthorizationHandler()");
|
138 kumpf 1.5
|
139 mike 1.2 _repository = repository;
140
141 try
142 {
143 _loadAllAuthorizations();
144 }
145 catch(Exception& e)
146 {
|
147 kumpf 1.7 //ATTN-NB-03-20020402: Should this exception be thrown or ignored ?
148 //throw e;
149
|
150 kumpf 1.12 // cerr << PEGASUS_CLASSNAME_AUTHORIZATION << " class not loaded, ";
151 // cerr << "No authorizations configured." << endl;
|
152 mike 1.2 }
|
153 kumpf 1.5
|
154 kumpf 1.7 PEG_METHOD_EXIT();
|
155 mike 1.2 }
156
157 //
158 // Destructor.
159 //
160 AuthorizationHandler::~AuthorizationHandler()
161 {
|
162 kumpf 1.7 PEG_METHOD_ENTER(
163 TRC_AUTHORIZATION, "AuthorizationHandler::~AuthorizationHandler()");
|
164 mike 1.2
|
165 kumpf 1.7 PEG_METHOD_EXIT();
|
166 mike 1.2 }
167
168 //
169 // Check if a given namespace exists
170 //
|
171 kumpf 1.11 Boolean AuthorizationHandler::verifyNamespace(
172 const CIMNamespaceName& nameSpace )
|
173 mike 1.2 {
|
174 kumpf 1.7 PEG_METHOD_ENTER(
175 TRC_AUTHORIZATION, "AuthorizationHandler::verifyNamespace()");
|
176 kumpf 1.5
|
177 mike 1.2 try
178 {
179 //
|
180 kumpf 1.3 // call enumerateNameSpaces to get all the namespaces
181 // in the repository
|
182 mike 1.2 //
|
183 kumpf 1.11 Array<CIMNamespaceName> namespaceNames =
|
184 kumpf 1.3 _repository->enumerateNameSpaces();
|
185 mike 1.2
186 //
187 // check for the given namespace
188 //
|
189 kumpf 1.3 Uint32 size = namespaceNames.size();
190
191 for (Uint32 i = 0; i < size; i++)
|
192 mike 1.2 {
|
193 kumpf 1.11 if (nameSpace.equal (namespaceNames[i]))
|
194 kumpf 1.3 {
|
195 kumpf 1.7 PEG_METHOD_EXIT();
|
196 kumpf 1.3 return true;
197 }
|
198 mike 1.2 }
|
199 kumpf 1.3 }
200 catch (Exception& e)
|
201 mike 1.2 {
|
202 kumpf 1.7 PEG_METHOD_EXIT();
|
203 kumpf 1.11 throw InvalidNamespace(nameSpace.getString() + e.getMessage());
|
204 mike 1.2 }
|
205 kumpf 1.3
|
206 kumpf 1.7 PEG_METHOD_EXIT();
|
207 kumpf 1.5
|
208 kumpf 1.3 return false;
|
209 mike 1.2 }
210
211 //
212 // Load all user names and password
213 //
214 void AuthorizationHandler::_loadAllAuthorizations()
215 {
|
216 kumpf 1.7 PEG_METHOD_ENTER(
217 TRC_AUTHORIZATION, "AuthorizationHandler::_loadAllAuthorizations()");
|
218 kumpf 1.5
|
219 kumpf 1.9 Array<CIMInstance> namedInstances;
|
220 mike 1.2
221 try
222 {
223 //
224 // call enumerateInstances of the repository
225 //
226 namedInstances = _repository->enumerateInstances(
|
227 kumpf 1.6 PEGASUS_NAMESPACENAME_AUTHORIZATION, PEGASUS_CLASSNAME_AUTHORIZATION);
|
228 mike 1.2
229 //
230 // get all the user names, namespaces, and authorizations
231 //
232 for (Uint32 i = 0; i < namedInstances.size(); i++)
233 {
|
234 kumpf 1.9 CIMInstance& authInstance = namedInstances[i];
|
235 mike 1.2
236 //
237 // get user name
238 //
239 Uint32 pos = authInstance.findProperty(PROPERTY_NAME_USERNAME);
240 CIMProperty prop = (CIMProperty)authInstance.getProperty(pos);
241 String userName = prop.getValue().toString();
242
243 //
244 // get namespace name
245 //
246 pos = authInstance.findProperty(PROPERTY_NAME_NAMESPACE);
247 prop = (CIMProperty)authInstance.getProperty(pos);
248 String nameSpace = prop.getValue().toString();
249
250 //
251 // get authorizations
252 //
253 pos = authInstance.findProperty(PROPERTY_NAME_AUTHORIZATION);
254 prop = (CIMProperty)authInstance.getProperty(pos);
255 String auth = prop.getValue().toString();
256 mike 1.2
257 //
258 // Add authorization to the table
259 //
|
260 kumpf 1.3 _authTable.insert(userName + nameSpace, auth);
|
261 mike 1.2 }
262
263 }
264 catch(Exception& e)
265 {
|
266 kumpf 1.7 PEG_METHOD_EXIT();
|
267 kumpf 1.3 throw e;
|
268 mike 1.2 }
269
|
270 kumpf 1.7 PEG_METHOD_EXIT();
|
271 mike 1.2 }
272
273 void AuthorizationHandler::setAuthorization(
274 const String& userName,
|
275 kumpf 1.11 const CIMNamespaceName& nameSpace,
|
276 mike 1.2 const String& auth)
277 {
|
278 kumpf 1.7 PEG_METHOD_ENTER(
279 TRC_AUTHORIZATION, "AuthorizationHandler::setAuthorization()");
|
280 kumpf 1.5
|
281 mike 1.2 //
|
282 kumpf 1.3 // Remove auth if it already exists
|
283 mike 1.2 //
|
284 kumpf 1.11 _authTable.remove(userName + nameSpace.getString());
|
285 mike 1.2
286 //
|
287 kumpf 1.3 // Insert the specified authorization
|
288 mike 1.2 //
|
289 kumpf 1.11 if (!_authTable.insert(userName + nameSpace.getString(), auth))
|
290 mike 1.2 {
|
291 kumpf 1.7 PEG_METHOD_EXIT();
|
292 mike 1.2 throw AuthorizationCacheError();
293 }
294
|
295 kumpf 1.7 PEG_METHOD_EXIT();
|
296 mike 1.2 }
297
298 void AuthorizationHandler::removeAuthorization(
299 const String& userName,
|
300 kumpf 1.11 const CIMNamespaceName& nameSpace)
|
301 mike 1.2 {
|
302 kumpf 1.7 PEG_METHOD_ENTER(
303 TRC_AUTHORIZATION, "AuthorizationHandler::removeAuthorization()");
|
304 kumpf 1.5
|
305 mike 1.2 //
|
306 kumpf 1.3 // Remove the specified authorization
|
307 mike 1.2 //
|
308 kumpf 1.11 if (!_authTable.remove(userName + nameSpace.getString()))
|
309 mike 1.2 {
|
310 kumpf 1.7 PEG_METHOD_EXIT();
|
311 kumpf 1.11 throw AuthorizationEntryNotFound(userName, nameSpace.getString());
|
312 mike 1.2 }
|
313 kumpf 1.7 PEG_METHOD_EXIT();
|
314 mike 1.2 }
315
316 String AuthorizationHandler::getAuthorization(
317 const String& userName,
|
318 kumpf 1.11 const CIMNamespaceName& nameSpace)
|
319 mike 1.2 {
|
320 kumpf 1.7 PEG_METHOD_ENTER(
321 TRC_AUTHORIZATION, "AuthorizationHandler::getAuthorization()");
|
322 kumpf 1.5
|
323 mike 1.2 String auth;
324
|
325 kumpf 1.3 //
326 // Get authorization for the specified userName and nameSpace
327 //
|
328 kumpf 1.11 if (!_authTable.lookup(userName + nameSpace.getString(), auth))
|
329 mike 1.2 {
|
330 kumpf 1.7 PEG_METHOD_EXIT();
|
331 kumpf 1.11 throw AuthorizationEntryNotFound(userName, nameSpace.getString());
|
332 mike 1.2 }
333
|
334 kumpf 1.7 PEG_METHOD_EXIT();
|
335 kumpf 1.5
|
336 mike 1.2 return auth;
337 }
338
339 //
340 // Verify whether the specified operation has authorization
341 // to be performed by the specified user.
342 //
343 Boolean AuthorizationHandler::verifyAuthorization(
344 const String& userName,
|
345 kumpf 1.11 const CIMNamespaceName& nameSpace,
346 const CIMName& cimMethodName)
|
347 mike 1.2 {
|
348 kumpf 1.7 PEG_METHOD_ENTER(
349 TRC_AUTHORIZATION, "AuthorizationHandler::verifyAuthorization()");
|
350 kumpf 1.5
|
351 mike 1.2 Boolean authorized = false;
|
352 kumpf 1.3 Boolean readOperation = false;
353 Boolean writeOperation = false;
|
354 mike 1.2
355 Uint32 readOpSize = sizeof(READ_OPERATIONS) / sizeof(READ_OPERATIONS[0]);
356
357 Uint32 writeOpSize = sizeof(WRITE_OPERATIONS) / sizeof(WRITE_OPERATIONS[0]);
358
|
359 kumpf 1.3 for (Uint32 i = 0; i < readOpSize; i++ )
360 {
|
361 kumpf 1.11 if (cimMethodName.equal (READ_OPERATIONS[i]))
|
362 kumpf 1.3 {
363 readOperation = true;
364 break;
365 }
366 }
367 if ( !readOperation )
368 {
369 for (Uint32 i = 0; i < writeOpSize; i++ )
370 {
|
371 kumpf 1.11 if (cimMethodName.equal (WRITE_OPERATIONS[i]))
|
372 kumpf 1.3 {
373 writeOperation = true;
374 break;
375 }
376 }
377 }
378
|
379 gerarda 1.13 #ifdef PEGASUS_OS_OS400
380 if (readOperation || writeOperation)
381 {
|
382 david 1.14 // Use OS/400 Application Administration to do cim operation verification
383 // (note - need to convert to EBCDIC before calling ycm)
384 CString userCStr = userName.getCString();
385 const char * user = (const char *)userCStr;
386 AtoE((char *)user);
387 CString nsCStr = nameSpace.getString().getCString();
388 const char * ns = (const char *)nsCStr;
389 AtoE((char *)ns);
390 CString cimMethCStr = cimMethodName.getString().getCString();
391 const char * cimMeth = (const char *)cimMethCStr;
392 AtoE((char *)cimMeth);
|
393 gerarda 1.13 int os400auth =
|
394 david 1.14 ycmVerifyFunctionAuthorization(user,
395 ns,
396 cimMeth);
|
397 gerarda 1.13 if (os400auth == TRUE)
398 authorized = true;
399 }
400 #else
|
401 mike 1.2 //
402 // Get the authorization of the specified user and namespace
403 //
404 String auth;
405 try
406 {
407 auth = getAuthorization(userName, nameSpace);
408 }
409 catch (Exception& e)
410 {
|
411 kumpf 1.7 PEG_METHOD_EXIT();
|
412 mike 1.2 return authorized;
413 }
414
|
415 kumpf 1.3 if ( ( String::equal(auth, "rw") || String::equal(auth, "wr") ) &&
416 ( readOperation || writeOperation ) )
|
417 mike 1.2 {
|
418 kumpf 1.3 authorized = true;
|
419 mike 1.2 }
|
420 kumpf 1.3 else if ( String::equal(auth, "r") && readOperation )
|
421 mike 1.2 {
|
422 kumpf 1.3 authorized = true;
|
423 mike 1.2 }
|
424 kumpf 1.3 else if ( String::equal(auth, "w") && writeOperation )
|
425 mike 1.2 {
|
426 kumpf 1.3 authorized = true;
|
427 mike 1.2 }
|
428 gerarda 1.13 #endif
|
429 kumpf 1.5
|
430 kumpf 1.7 PEG_METHOD_EXIT();
|
431 mike 1.2
432 return authorized;
433 }
434
435 PEGASUS_NAMESPACE_END
436
437
|