version 1.7, 2002/06/03 19:32:35
|
version 1.34, 2009/01/27 18:28:33
|
|
|
//%///////////////////////////////////////////////////////////////////////////// |
//%LICENSE//////////////////////////////////////////////////////////////// |
// |
|
// Copyright (c) 2000, 2001, 2002 BMC Software, Hewlett-Packard Company, IBM, |
|
// The Open Group, Tivoli Systems |
|
// |
|
// Permission is hereby granted, free of charge, to any person obtaining a copy |
|
// of this software and associated documentation files (the "Software"), to |
|
// deal in the Software without restriction, including without limitation the |
|
// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or |
|
// sell copies of the Software, and to permit persons to whom the Software is |
|
// furnished to do so, subject to the following conditions: |
|
// |
|
// THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN |
|
// ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED |
|
// "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT |
|
// LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR |
|
// PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT |
|
// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN |
|
// ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION |
|
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
|
// |
|
//============================================================================== |
|
// | // |
// Author: Sushma Fernandes, Hewlett Packard Company (sushma_fernandes@hp.com) |
// Licensed to The Open Group (TOG) under one or more contributor license |
|
// agreements. Refer to the OpenPegasusNOTICE.txt file distributed with |
|
// this work for additional information regarding copyright ownership. |
|
// Each contributor licenses this file to you under the OpenPegasus Open |
|
// Source License; you may not use this file except in compliance with the |
|
// License. |
|
// |
|
// Permission is hereby granted, free of charge, to any person obtaining a |
|
// copy of this software and associated documentation files (the "Software"), |
|
// to deal in the Software without restriction, including without limitation |
|
// the rights to use, copy, modify, merge, publish, distribute, sublicense, |
|
// and/or sell copies of the Software, and to permit persons to whom the |
|
// Software is furnished to do so, subject to the following conditions: |
|
// |
|
// The above copyright notice and this permission notice shall be included |
|
// in all copies or substantial portions of the Software. |
|
// |
|
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS |
|
// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF |
|
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. |
|
// IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY |
|
// CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, |
|
// TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE |
|
// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
// | // |
// Modified By: |
////////////////////////////////////////////////////////////////////////// |
// | // |
//%///////////////////////////////////////////////////////////////////////////// | //%///////////////////////////////////////////////////////////////////////////// |
| |
|
|
#include <fstream> | #include <fstream> |
| |
#include <Pegasus/Common/FileSystem.h> | #include <Pegasus/Common/FileSystem.h> |
#include <Pegasus/Common/Destroyer.h> |
|
#include <Pegasus/Common/Logger.h> | #include <Pegasus/Common/Logger.h> |
#include <Pegasus/Common/Tracer.h> | #include <Pegasus/Common/Tracer.h> |
|
#include <Pegasus/Common/Executor.h> |
| |
#include <Pegasus/Security/UserManager/PasswordFile.h> | #include <Pegasus/Security/UserManager/PasswordFile.h> |
#include <Pegasus/Security/UserManager/UserExceptions.h> | #include <Pegasus/Security/UserManager/UserExceptions.h> |
|
|
| |
const char COLON = ':'; | const char COLON = ':'; |
| |
/* |
|
Password file header information |
|
*/ |
|
static const char* PasswordFileHeader [] = { |
|
"########################################################################", |
|
"## ##", |
|
"## CIM Server Password file ##", |
|
"## ##", |
|
"########################################################################", |
|
" ", |
|
"########################################################################", |
|
"# #", |
|
"# This is the password file for the CIMOM. The username/passowrd #", |
|
"# in this file are loaded in to CIMOM by the User Manager Provider. #", |
|
"# CIMOM updates this file with the changes . #", |
|
"# #", |
|
"# The password file stores the user information in username:password #", |
|
"# format in order to be compatible with Apache's htpasswd generated #", |
|
"# password file. #", |
|
"# #", |
|
"# The user must not edit this file, instead use #", |
|
"# cimuser CLI to make any changes to the CIMOM user information. #", |
|
"# #", |
|
"########################################################################", |
|
" " |
|
}; |
|
|
|
static const int HEADER_SIZE = sizeof(PasswordFileHeader)/sizeof(PasswordFileHeader[0]); |
|
|
|
|
|
//////////////////////////////////////////////////////////////////////////////// | //////////////////////////////////////////////////////////////////////////////// |
// | // |
// PasswordFile Class | // PasswordFile Class |
// | // |
//////////////////////////////////////////////////////////////////////////////// | //////////////////////////////////////////////////////////////////////////////// |
| |
|
|
|
|
/** | /** |
Constructor. | Constructor. |
*/ | */ |
|
|
| |
_passwordFile = fileName; | _passwordFile = fileName; |
| |
|
#ifdef PEGASUS_OS_VMS |
|
_passwordBackupFile = fileName + "_bak"; |
|
#else |
_passwordBackupFile = fileName + ".bak"; | _passwordBackupFile = fileName + ".bak"; |
|
#endif |
| |
try | try |
{ | { |
PasswordTable pt; | PasswordTable pt; |
load(pt); | load(pt); |
} | } |
catch( NoSuchFile& e ) |
catch (const NoSuchFile&) |
{ | { |
Logger::put(Logger::ERROR_LOG, "UserManager", Logger::SEVERE, |
Logger::put_l(Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE, |
"Password file not found : $0.", _passwordFile); |
MessageLoaderParms( |
Logger::put(Logger::ERROR_LOG, "UserManager", Logger::INFORMATION, |
"Security.UserManager.PasswordFile.PWD_FILE_NOT_FOUND", |
"Creating blank password file."); |
"Password file not found : $0.", _passwordFile)); |
|
Logger::put_l(Logger::ERROR_LOG, System::CIMSERVER, Logger::INFORMATION, |
|
MessageLoaderParms( |
|
"Security.UserManager.PasswordFile.CREATING_BLANK_PWD_FILE", |
|
"Creating blank password file.")); |
PasswordTable pt; | PasswordTable pt; |
save(pt); | save(pt); |
} | } |
catch ( Exception& e) |
|
{ |
|
throw e; |
|
} |
|
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
} | } |
| |
|
|
// | // |
if (FileSystem::exists(_passwordBackupFile)) | if (FileSystem::exists(_passwordBackupFile)) |
{ | { |
if (FileSystem::exists(_passwordFile)) |
Logger::put_l(Logger::ERROR_LOG, System::CIMSERVER, Logger::INFORMATION, |
{ |
MessageLoaderParms( |
if (! FileSystem::removeFile(_passwordFile)) |
"Security.UserManager.PasswordFile.TRYING_TO_BACKUP_FILE", |
{ |
"Trying to use the backup file : $0.", |
throw CannotRemoveFile(_passwordFile); |
_passwordBackupFile)); |
} |
if (Executor::renameFile( |
} |
_passwordBackupFile.getCString(), |
Logger::put(Logger::ERROR_LOG, "UserManager", Logger::INFORMATION, |
_passwordFile.getCString()) != 0) |
"Trying to use the backup file : $0.", _passwordBackupFile); |
{ |
if (! FileSystem::renameFile(_passwordBackupFile, _passwordFile)) |
Logger::put_l( |
{ |
Logger::ERROR_LOG, System::CIMSERVER, Logger::INFORMATION, |
Logger::put(Logger::ERROR_LOG, "UserManager", Logger::INFORMATION, |
MessageLoaderParms( |
"Unable to use the backup file : $0.", _passwordBackupFile); |
"Security.UserManager.PasswordFile.CANNOT_USE_BACKUP_FILE", |
|
"Unable to use the backup file : $0.", |
|
_passwordBackupFile)); |
throw CannotRenameFile(_passwordBackupFile); | throw CannotRenameFile(_passwordBackupFile); |
} | } |
Logger::put(Logger::ERROR_LOG, "UserManager", Logger::INFORMATION, |
Logger::put_l(Logger::ERROR_LOG, System::CIMSERVER, Logger::INFORMATION, |
"Recovered using the backup file : $0.", _passwordBackupFile); |
MessageLoaderParms( |
|
"Security.UserManager.PasswordFile.RECOVERED_USING_BACKUP_FILE", |
|
"Recovered using the backup file : $0.", |
|
_passwordBackupFile)); |
} | } |
if (! FileSystem::exists(_passwordFile)) | if (! FileSystem::exists(_passwordFile)) |
{ | { |
|
|
// | // |
// Open the password file | // Open the password file |
// | // |
ArrayDestroyer<char> p(_passwordFile.allocateCString()); |
ifstream ifs(_passwordFile.getCString()); |
ifstream ifs(p.getPointer()); |
|
if (!ifs) | if (!ifs) |
{ | { |
Logger::put(Logger::ERROR_LOG, "UserManager", Logger::SEVERE, |
Logger::put_l(Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE, |
"Error opening password file : $0.", _passwordFile); |
MessageLoaderParms( |
|
"Security.UserManager.PasswordFile.ERROR_OPENING_PWD_FILE", |
|
"Error opening password file : $0.", |
|
_passwordFile)); |
return; | return; |
} | } |
| |
|
|
// | // |
// Skip leading whitespace | // Skip leading whitespace |
// | // |
const Char16* p = line.getData(); |
const Char16* pLine = line.getChar16Data(); |
|
const Char16* pUserNameStart; |
|
const Char16* pUserNameEnd; |
|
const Char16* pColon; |
|
const Char16* pPassword; |
| |
while (*p && isspace(*p)) |
while (*pLine && isspace(*pLine)) |
{ | { |
p++; |
pLine++; |
} | } |
| |
if (!*p) |
if (!*pLine) |
{ | { |
continue; | continue; |
} | } |
| |
// | // |
// Skip comment lines |
// Get the userName |
|
// |
|
pUserNameStart = pLine; |
|
|
|
// |
|
// Look for the password |
// | // |
if (*p == '#') |
pColon = pLine; |
|
while (*pColon && (*pColon != COLON)) |
{ | { |
continue; |
*pColon++; |
} | } |
|
|
// | // |
// Get the userName |
// Expect a colon sign |
// | // |
String userName = String::EMPTY; |
if (*pColon != COLON) |
|
|
userName += *p++; |
|
|
|
while (isalnum(*p)) |
|
{ | { |
userName += *p++; |
// Did not find Colon, log a message and skip entry |
|
Logger::put_l( |
|
Logger::ERROR_LOG, System::CIMSERVER, Logger::INFORMATION, |
|
MessageLoaderParms( |
|
"Security.UserManager.PasswordFile.PWD_ENTRY_SYNTAX_ERROR", |
|
"Syntax error in password entry at line : $0.", |
|
lineNumber)); |
|
continue; |
} | } |
| |
// | // |
// Skip whitespace after user name | // Skip whitespace after user name |
// | // |
while (*p && isspace(*p)) |
pUserNameEnd = pColon - 1; |
|
while ((pUserNameEnd >= pUserNameStart) && isspace(*pUserNameEnd)) |
{ | { |
p++; |
pUserNameEnd--; |
} | } |
|
pUserNameEnd++; // Point to one past the username |
| |
// |
if (pUserNameStart == pUserNameEnd) |
// Expect a colon sign |
|
// |
|
if (*p != COLON) |
|
{ | { |
// |
// Did not find a user name, log a message and skip entry |
// Did not find Colon, log a message and skip entry |
Logger::put_l( |
// |
Logger::ERROR_LOG, System::CIMSERVER, Logger::INFORMATION, |
Logger::put(Logger::ERROR_LOG, "CIMPassword", Logger::INFORMATION, |
MessageLoaderParms( |
"Error in reading password entry for : $0.", userName); |
"Security.UserManager.PasswordFile.ERROR_READING_USR_ENTRY", |
|
"User name not found in entry at line : $0.", |
|
lineNumber)); |
continue; | continue; |
} | } |
| |
p++; |
String userName(pUserNameStart, pUserNameEnd - pUserNameStart); |
| |
// | // |
// Skip whitespace after : sign | // Skip whitespace after : sign |
// | // |
while (*p && isspace(*p)) |
pPassword = pColon + 1; |
|
while (*pPassword && isspace(*pPassword)) |
{ | { |
p++; |
pPassword++; |
|
} |
|
|
|
if (!*pPassword) |
|
{ |
|
// Did not find a password, log a message and skip entry |
|
Logger::put_l( |
|
Logger::ERROR_LOG, System::CIMSERVER, Logger::INFORMATION, |
|
MessageLoaderParms( |
|
"Security.UserManager.PasswordFile.ERROR_READING_PWD_ENTRY", |
|
"Error reading the password entry for user : $0.", |
|
userName)); |
|
continue; |
} | } |
| |
// | // |
// Get the password | // Get the password |
// | // |
String password = String::EMPTY; |
String password(pPassword); |
|
|
while (*p) |
|
{ |
|
password += *p++; |
|
} |
|
| |
// | // |
// Store the user name and password in the table | // Store the user name and password in the table |
|
|
// | // |
// Duplicate entry for user, ignore the new entry. | // Duplicate entry for user, ignore the new entry. |
// | // |
Logger::put(Logger::ERROR_LOG, "CIMPassword", Logger::INFORMATION, |
Logger::put_l( |
"Duplicate user: $0.", userName); |
Logger::ERROR_LOG, System::CIMSERVER, Logger::INFORMATION, |
|
MessageLoaderParms( |
|
"Security.UserManager.PasswordFile.DUPLICATE_USER", |
|
"Duplicate user: $0.", userName)); |
} | } |
} | } |
| |
|
|
/** | /** |
Save the username and password to the password file. | Save the username and password to the password file. |
*/ | */ |
void PasswordFile::save (PasswordTable& passwordTable) |
void PasswordFile::save (const PasswordTable& passwordTable) |
{ | { |
PEG_METHOD_ENTER(TRC_USER_MANAGER, "PasswordFile::save"); | PEG_METHOD_ENTER(TRC_USER_MANAGER, "PasswordFile::save"); |
| |
|
|
{ | { |
if ( FileSystem::exists(_passwordFile)) | if ( FileSystem::exists(_passwordFile)) |
{ | { |
if ( ! FileSystem::removeFile(_passwordFile)) |
if (Executor::removeFile(_passwordFile.getCString()) != 0) |
{ | { |
Logger::put(Logger::ERROR_LOG, "CIMPassword", Logger::SEVERE, |
Logger::put_l( |
"Cannot remove password file : $0.", _passwordFile); |
Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE, |
|
MessageLoaderParms( |
|
"Security.UserManager.PasswordFile." |
|
"CANNOT_REMOVE_PWD_FILE", |
|
"Cannot remove password file : $0.", _passwordFile)); |
throw CannotRemoveFile(_passwordFile); | throw CannotRemoveFile(_passwordFile); |
} | } |
} | } |
|
|
{ | { |
if ( FileSystem::exists(_passwordFile)) | if ( FileSystem::exists(_passwordFile)) |
{ | { |
if ( ! FileSystem::renameFile(_passwordFile, _passwordBackupFile)) |
if (Executor::renameFile(_passwordFile.getCString(), |
|
_passwordBackupFile.getCString()) != 0) |
{ | { |
Logger::put(Logger::ERROR_LOG, "CIMPassword", Logger::SEVERE, |
Logger::put_l( |
"Cannot rename password file : $0.", _passwordFile); |
Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE, |
|
MessageLoaderParms( |
|
"Security.UserManager.PasswordFile." |
|
"CANNOT_RENAME_PWD_FILE", |
|
"Cannot rename password file : $0.", |
|
_passwordFile)); |
throw CannotRenameFile(_passwordFile); | throw CannotRenameFile(_passwordFile); |
} | } |
} | } |
|
|
// | // |
// Open the password file for writing | // Open the password file for writing |
// | // |
ArrayDestroyer<char> p(_passwordFile.allocateCString()); |
|
ofstream ofs(p.getPointer()); |
FILE* ofs = Executor::openFile(_passwordFile.getCString(), 'w'); |
|
|
if (!ofs) | if (!ofs) |
{ | { |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
throw CannotOpenFile(getFileName()); | throw CannotOpenFile(getFileName()); |
} | } |
| |
ofs.clear(); |
|
|
|
// |
|
// Write password file header information |
|
// |
|
|
|
for (int index = 0; index < HEADER_SIZE; index++) |
|
{ |
|
ofs << PasswordFileHeader[index] << endl; |
|
} |
|
|
|
ofs << endl; |
|
|
|
// | // |
// Save user names and passwords to the new file | // Save user names and passwords to the new file |
// | // |
for (PasswordTable::Iterator i = passwordTable.start(); i; i++) | for (PasswordTable::Iterator i = passwordTable.start(); i; i++) |
{ | { |
ofs << i.key() << ":" << i.value() << endl; |
CString key = i.key().getCString(); |
|
CString value = i.value().getCString(); |
|
fprintf(ofs, "%s:%s\n", (const char*)key, (const char*)value); |
} | } |
| |
ofs.close(); |
fclose(ofs); |
| |
if ( FileSystem::exists(_passwordBackupFile)) | if ( FileSystem::exists(_passwordBackupFile)) |
{ | { |
if ( ! FileSystem::removeFile(_passwordBackupFile)) |
if (Executor::removeFile(_passwordBackupFile.getCString()) != 0) |
{ | { |
Logger::put(Logger::ERROR_LOG, "CIMPassword", |
Logger::put_l(Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE, |
Logger::SEVERE, |
MessageLoaderParms( |
|
"Security.UserManager.PasswordFile." |
|
"CANNOT_REMOVE_BACKUP_PWD_FILE", |
"Cannot remove backup password file : $0.", | "Cannot remove backup password file : $0.", |
_passwordBackupFile); |
_passwordBackupFile)); |
throw CannotRemoveFile(_passwordBackupFile); | throw CannotRemoveFile(_passwordBackupFile); |
} | } |
} | } |
|
|
} | } |
| |
PEGASUS_NAMESPACE_END | PEGASUS_NAMESPACE_END |
|
|