1 mike 1.2 //%////////////////////////////////////////////////////////////////////////////
2 //
3 // Copyright (c) 2000, 2001 BMC Software, Hewlett-Packard Company, IBM,
4 // The Open Group, Tivoli Systems
5 //
6 // Permission is hereby granted, free of charge, to any person obtaining a copy
7 // of this software and associated documentation files (the "Software"), to
8 // deal in the Software without restriction, including without limitation the
9 // rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
10 // sell copies of the Software, and to permit persons to whom the Software is
11 // furnished to do so, subject to the following conditions:
12 //
13 // THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN
14 // ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED
15 // "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
16 // LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
17 // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
18 // HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
19 // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
20 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
21 //
22 mike 1.2 //=============================================================================
23 //
24 // Author: Sushma Fernandes (sushma_fernandes@hp.com)
25 //
26 // Modified By: Nag Boranna, Hewlett Packard Company (nagaraja_boranna@hp.com)
|
27 kumpf 1.9 // Carol Ann Krug Graves, Hewlett-Packard Company
28 // (carolann_graves@hp.com)
|
29 mike 1.2 //
30 //%////////////////////////////////////////////////////////////////////////////
31
32
33 ///////////////////////////////////////////////////////////////////////////////
34 //
35 // This file implements the functionality required to manage auth table.
36 //
37 ///////////////////////////////////////////////////////////////////////////////
38
39 #include <Pegasus/Common/FileSystem.h>
40 #include <Pegasus/Common/HashTable.h>
41 #include <Pegasus/Common/Destroyer.h>
42 #include <Pegasus/Common/Logger.h>
43 #include <Pegasus/Common/System.h>
44 #include <Pegasus/Common/Tracer.h>
45 #include <Pegasus/Common/CIMInstance.h>
|
46 kumpf 1.6 #include <Pegasus/Common/Constants.h>
|
47 mike 1.2
|
48 kumpf 1.5 #include "AuthorizationHandler.h"
49 #include "UserExceptions.h"
50
|
51 mike 1.2
52 PEGASUS_USING_STD;
53
54 PEGASUS_NAMESPACE_BEGIN
55
56
|
57 kumpf 1.7 //
58 // This constant represents the User name property in the schema
59 //
|
60 kumpf 1.3 static const char PROPERTY_NAME_USERNAME [] = "Username";
|
61 mike 1.2
|
62 kumpf 1.7 //
63 // This constant represents the Namespace property in the schema
64 //
|
65 kumpf 1.3 static const char PROPERTY_NAME_NAMESPACE [] = "Namespace";
|
66 mike 1.2
|
67 kumpf 1.7 //
68 // This constant represents the Authorizations property in the schema
69 //
|
70 kumpf 1.3 static const char PROPERTY_NAME_AUTHORIZATION [] = "Authorization";
|
71 mike 1.2
72
|
73 kumpf 1.7 //
74 // List of all the CIM Operations
75 //
76 // Note: The following tables contain all the existing CIM Operations.
77 // Any new CIM Operations created must be included in one of these tables,
78 // otherwise no CIM requests will have authorization to execute those
79 // new operations.
80 //
|
81 mike 1.2
|
82 kumpf 1.7 //
83 // List of read only CIM Operations
84 //
|
85 mike 1.2 static const char* READ_OPERATIONS [] = {
86 "GetClass",
87 "GetInstance",
88 "EnumerateClassNames",
89 "References",
90 "ReferenceNames",
91 "AssociatorNames",
92 "Associators",
93 "EnumerateInstanceNames",
94 "GetQualifier",
95 "EnumerateQualifiers",
96 "EnumerateClasses",
97 "EnumerateInstances",
98 "ExecQuery",
99 "GetProperty" };
100
|
101 kumpf 1.7 //
102 // List of write CIM Operations
103 //
|
104 mike 1.2 static const char* WRITE_OPERATIONS [] = {
105 "CreateClass",
106 "CreateInstance",
107 "DeleteQualifier",
108 "SetQualifier",
109 "ModifyClass",
110 "ModifyInstance",
111 "DeleteClass",
112 "DeleteInstance",
|
113 kumpf 1.4 "SetProperty",
114 "InvokeMethod",
115 "EnableIndicationSubscription",
116 "ModifyIndicationSubscription",
117 "DisableIndicationSubscription" };
|
118 mike 1.2
119
120 //
121 // Constructor
122 //
123 AuthorizationHandler::AuthorizationHandler(CIMRepository* repository)
124 {
|
125 kumpf 1.7 PEG_METHOD_ENTER(
126 TRC_AUTHORIZATION, "AuthorizationHandler::AuthorizationHandler()");
|
127 kumpf 1.5
|
128 mike 1.2 _repository = repository;
129
130 try
131 {
132 _loadAllAuthorizations();
133 }
134 catch(Exception& e)
135 {
|
136 kumpf 1.7 //ATTN-NB-03-20020402: Should this exception be thrown or ignored ?
137 //throw e;
138
|
139 kumpf 1.6 cerr << PEGASUS_CLASSNAME_AUTHORIZATION << " class not loaded, ";
|
140 mike 1.2 cerr << "No authorizations configured." << endl;
141 }
|
142 kumpf 1.5
|
143 kumpf 1.7 PEG_METHOD_EXIT();
|
144 mike 1.2 }
145
146 //
147 // Destructor.
148 //
149 AuthorizationHandler::~AuthorizationHandler()
150 {
|
151 kumpf 1.7 PEG_METHOD_ENTER(
152 TRC_AUTHORIZATION, "AuthorizationHandler::~AuthorizationHandler()");
|
153 mike 1.2
|
154 kumpf 1.7 PEG_METHOD_EXIT();
|
155 mike 1.2 }
156
157 //
158 // Check if a given namespace exists
159 //
160 Boolean AuthorizationHandler::verifyNamespace( const String& nameSpace )
161 {
|
162 kumpf 1.7 PEG_METHOD_ENTER(
163 TRC_AUTHORIZATION, "AuthorizationHandler::verifyNamespace()");
|
164 kumpf 1.5
|
165 mike 1.2 try
166 {
167 //
|
168 kumpf 1.3 // call enumerateNameSpaces to get all the namespaces
169 // in the repository
|
170 mike 1.2 //
|
171 kumpf 1.3 Array<String> namespaceNames =
172 _repository->enumerateNameSpaces();
|
173 mike 1.2
174 //
175 // check for the given namespace
176 //
|
177 kumpf 1.3 Uint32 size = namespaceNames.size();
178
179 for (Uint32 i = 0; i < size; i++)
|
180 mike 1.2 {
|
181 kumpf 1.3 if (String::equal(nameSpace, namespaceNames[i]))
182 {
|
183 kumpf 1.7 PEG_METHOD_EXIT();
|
184 kumpf 1.3 return true;
185 }
|
186 mike 1.2 }
|
187 kumpf 1.3 }
188 catch (Exception& e)
|
189 mike 1.2 {
|
190 kumpf 1.7 PEG_METHOD_EXIT();
|
191 kumpf 1.3 throw InvalidNamespace(nameSpace + e.getMessage());
|
192 mike 1.2 }
|
193 kumpf 1.3
|
194 kumpf 1.7 PEG_METHOD_EXIT();
|
195 kumpf 1.5
|
196 kumpf 1.3 return false;
|
197 mike 1.2 }
198
199 //
200 // Load all user names and password
201 //
202 void AuthorizationHandler::_loadAllAuthorizations()
203 {
|
204 kumpf 1.7 PEG_METHOD_ENTER(
205 TRC_AUTHORIZATION, "AuthorizationHandler::_loadAllAuthorizations()");
|
206 kumpf 1.5
|
207 kumpf 1.9 Array<CIMInstance> namedInstances;
|
208 mike 1.2
209 try
210 {
211 //
212 // call enumerateInstances of the repository
213 //
214 namedInstances = _repository->enumerateInstances(
|
215 kumpf 1.6 PEGASUS_NAMESPACENAME_AUTHORIZATION, PEGASUS_CLASSNAME_AUTHORIZATION);
|
216 mike 1.2
217 //
218 // get all the user names, namespaces, and authorizations
219 //
220 for (Uint32 i = 0; i < namedInstances.size(); i++)
221 {
|
222 kumpf 1.9 CIMInstance& authInstance = namedInstances[i];
|
223 mike 1.2
224 //
225 // get user name
226 //
227 Uint32 pos = authInstance.findProperty(PROPERTY_NAME_USERNAME);
228 CIMProperty prop = (CIMProperty)authInstance.getProperty(pos);
229 String userName = prop.getValue().toString();
230
231 //
232 // get namespace name
233 //
234 pos = authInstance.findProperty(PROPERTY_NAME_NAMESPACE);
235 prop = (CIMProperty)authInstance.getProperty(pos);
236 String nameSpace = prop.getValue().toString();
237
238 //
239 // get authorizations
240 //
241 pos = authInstance.findProperty(PROPERTY_NAME_AUTHORIZATION);
242 prop = (CIMProperty)authInstance.getProperty(pos);
243 String auth = prop.getValue().toString();
244 mike 1.2
245 //
246 // Add authorization to the table
247 //
|
248 kumpf 1.3 _authTable.insert(userName + nameSpace, auth);
|
249 mike 1.2 }
250
251 }
252 catch(Exception& e)
253 {
|
254 kumpf 1.7 PEG_METHOD_EXIT();
|
255 kumpf 1.3 throw e;
|
256 mike 1.2 }
257
|
258 kumpf 1.7 PEG_METHOD_EXIT();
|
259 mike 1.2 }
260
261 void AuthorizationHandler::setAuthorization(
262 const String& userName,
263 const String& nameSpace,
264 const String& auth)
265 {
|
266 kumpf 1.7 PEG_METHOD_ENTER(
267 TRC_AUTHORIZATION, "AuthorizationHandler::setAuthorization()");
|
268 kumpf 1.5
|
269 mike 1.2 //
|
270 kumpf 1.3 // Remove auth if it already exists
|
271 mike 1.2 //
|
272 kumpf 1.3 _authTable.remove(userName + nameSpace);
|
273 mike 1.2
274 //
|
275 kumpf 1.3 // Insert the specified authorization
|
276 mike 1.2 //
|
277 kumpf 1.3 if (!_authTable.insert(userName + nameSpace, auth))
|
278 mike 1.2 {
|
279 kumpf 1.7 PEG_METHOD_EXIT();
|
280 mike 1.2 throw AuthorizationCacheError();
281 }
282
|
283 kumpf 1.7 PEG_METHOD_EXIT();
|
284 mike 1.2 }
285
286 void AuthorizationHandler::removeAuthorization(
287 const String& userName,
288 const String& nameSpace)
289 {
|
290 kumpf 1.7 PEG_METHOD_ENTER(
291 TRC_AUTHORIZATION, "AuthorizationHandler::removeAuthorization()");
|
292 kumpf 1.5
|
293 mike 1.2 //
|
294 kumpf 1.3 // Remove the specified authorization
|
295 mike 1.2 //
|
296 kumpf 1.3 if (!_authTable.remove(userName + nameSpace))
|
297 mike 1.2 {
|
298 kumpf 1.7 PEG_METHOD_EXIT();
|
299 kumpf 1.3 throw AuthorizationEntryNotFound(userName, nameSpace);
|
300 mike 1.2 }
|
301 kumpf 1.7 PEG_METHOD_EXIT();
|
302 mike 1.2 }
303
304 String AuthorizationHandler::getAuthorization(
305 const String& userName,
306 const String& nameSpace)
307 {
|
308 kumpf 1.7 PEG_METHOD_ENTER(
309 TRC_AUTHORIZATION, "AuthorizationHandler::getAuthorization()");
|
310 kumpf 1.5
|
311 mike 1.2 String auth;
312
|
313 kumpf 1.3 //
314 // Get authorization for the specified userName and nameSpace
315 //
316 if (!_authTable.lookup(userName + nameSpace, auth))
|
317 mike 1.2 {
|
318 kumpf 1.7 PEG_METHOD_EXIT();
|
319 kumpf 1.3 throw AuthorizationEntryNotFound(userName, nameSpace);
|
320 mike 1.2 }
321
|
322 kumpf 1.7 PEG_METHOD_EXIT();
|
323 kumpf 1.5
|
324 mike 1.2 return auth;
325 }
326
327 //
328 // Verify whether the specified operation has authorization
329 // to be performed by the specified user.
330 //
331 Boolean AuthorizationHandler::verifyAuthorization(
332 const String& userName,
333 const String& nameSpace,
334 const String& cimMethodName)
335 {
|
336 kumpf 1.7 PEG_METHOD_ENTER(
337 TRC_AUTHORIZATION, "AuthorizationHandler::verifyAuthorization()");
|
338 kumpf 1.5
|
339 mike 1.2 Boolean authorized = false;
|
340 kumpf 1.3 Boolean readOperation = false;
341 Boolean writeOperation = false;
|
342 mike 1.2
343 Uint32 readOpSize = sizeof(READ_OPERATIONS) / sizeof(READ_OPERATIONS[0]);
344
345 Uint32 writeOpSize = sizeof(WRITE_OPERATIONS) / sizeof(WRITE_OPERATIONS[0]);
346
|
347 kumpf 1.3 for (Uint32 i = 0; i < readOpSize; i++ )
348 {
349 if ( String::equal(cimMethodName, READ_OPERATIONS[i]) )
350 {
351 readOperation = true;
352 break;
353 }
354 }
355 if ( !readOperation )
356 {
357 for (Uint32 i = 0; i < writeOpSize; i++ )
358 {
359 if ( String::equal(cimMethodName, WRITE_OPERATIONS[i]) )
360 {
361 writeOperation = true;
362 break;
363 }
364 }
365 }
366
|
367 mike 1.2 //
368 // Get the authorization of the specified user and namespace
369 //
370 String auth;
371 try
372 {
373 auth = getAuthorization(userName, nameSpace);
374 }
375 catch (Exception& e)
376 {
|
377 kumpf 1.7 PEG_METHOD_EXIT();
|
378 mike 1.2 return authorized;
379 }
380
|
381 kumpf 1.3 if ( ( String::equal(auth, "rw") || String::equal(auth, "wr") ) &&
382 ( readOperation || writeOperation ) )
|
383 mike 1.2 {
|
384 kumpf 1.3 authorized = true;
|
385 mike 1.2 }
|
386 kumpf 1.3 else if ( String::equal(auth, "r") && readOperation )
|
387 mike 1.2 {
|
388 kumpf 1.3 authorized = true;
|
389 mike 1.2 }
|
390 kumpf 1.3 else if ( String::equal(auth, "w") && writeOperation )
|
391 mike 1.2 {
|
392 kumpf 1.3 authorized = true;
|
393 mike 1.2 }
|
394 kumpf 1.5
|
395 kumpf 1.7 PEG_METHOD_EXIT();
|
396 mike 1.2
397 return authorized;
398 }
399
400 PEGASUS_NAMESPACE_END
401
402
|