pegasus/src/Pegasus/Security/UserManager/UserFileHandler.cpp - diff

Return to UserFileHandler.cpp CVS log

Up to [Pegasus] / pegasus / src / Pegasus / Security / UserManager

Diff for /pegasus/src/Pegasus/Security/UserManager/UserFileHandler.cpp between version 1.2 and 1.24

version 1.2, 2001/12/13 14:54:33

version 1.24, 2007/07/31 19:13:50

Line 1

//%////////////////////////////////////////////////////////////////////////////

//%2006////////////////////////////////////////////////////////////////////////

// The Open Group, Tivoli Systems

// Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems.

// IBM Corp.; EMC Corporation, The Open Group.

// IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group.

// EMC Corporation; VERITAS Software Corporation; The Open Group.

// EMC Corporation; Symantec Corporation; The Open Group.

// Permission is hereby granted, free of charge, to any person obtaining a copy

// of this software and associated documentation files (the "Software"), to

Line 19

Line 27

// ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION

// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

//=============================================================================

//==============================================================================

// Author: Sushma Fernandes, Hewlett Packard Company (sushma_fernandes@hp.com)

// Modified By:

//%////////////////////////////////////////////////////////////////////////////

Line 35

Line 39

///////////////////////////////////////////////////////////////////////////////

#include <Pegasus/Common/FileSystem.h>

#include <Pegasus/Common/Destroyer.h>

#include <Pegasus/Common/Logger.h>

#include <Pegasus/Common/System.h>

#include <Pegasus/Common/Tracer.h>

#include <Pegasus/Common/IPCExceptions.h>

#include <Pegasus/Config/ConfigManager.h>

#include <Pegasus/Security/UserManager/UserFileHandler.h>

#include <Pegasus/Security/UserManager/UserExceptions.h>

#include <Pegasus/Common/MessageLoader.h>

PEGASUS_USING_STD;

PEGASUS_NAMESPACE_BEGIN

const char UserFileHandler::_PASSWD_FILE[] = "/cimserver.passwd";

const unsigned char UserFileHandler::_SALT_STRING[] =

"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";

const String UserFileHandler::_PROPERTY_NAME_PASSWORD_FILEPATH =

"passwordFilePath";

// Initialize the mutex timeout to 5000 ms.

const Uint32 UserFileHandler::_MUTEX_TIMEOUT = 5000;

// Generate random salt key for password encryption refer to crypt(3C)

Line 60

Line 71

long randNum;

Uint32 sec;

Uint32 milliSec;

const char METHOD_NAME[] = "PasswordFile::_GetSalt";

PEG_FUNC_ENTER(TRC_USER_MANAGER,METHOD_NAME);

PEG_METHOD_ENTER(TRC_USER_MANAGER, "PasswordFile::_GetSalt");

// Generate a random number and get the salt

Line 70

Line 80

System::getCurrentTime( sec, milliSec );

srand( (int) sec );

#ifdef PEGASUS_PLATFORM_SOLARIS_SPARC

Unit32 seed;

randNum = rand_r(*seed);

#else

randNum = rand();

#endif

// Make sure the random number generated is between 0-63.

Line 80

Line 95

randNum >>= 6;

*salt++ = _SALT_STRING[ randNum & 0x3f ];

salt[2] = '\0';

*salt = '\0';

PEG_FUNC_EXIT(TRC_USER_MANAGER,METHOD_NAME);

PEG_METHOD_EXIT();

}

Line 90

Line 105

UserFileHandler::UserFileHandler()

{

const char METHOD_NAME[] = "UserFileHandler::UserFileHandler";

PEG_METHOD_ENTER(TRC_USER_MANAGER, "UserFileHandler::UserFileHandler");

PEG_FUNC_ENTER(TRC_USER_MANAGER,METHOD_NAME);

// Get the value of environment variable PEGASUS_HOME

// The password file location is <$PEGASUS_HOME/cimserver.passwd>

const char* tmp = getenv("PEGASUS_HOME");

_passwordFileExists = false;

_passwdFileName = String(tmp);

// Get an instance of the ConfigManager.

_passwdFileName.append(String(_PASSWD_FILE));

ConfigManager* configManager;

_passwordFile = new PasswordFile(_passwdFileName);

configManager = ConfigManager::getInstance();

// check whether the password file is readable

// Get the PasswordFilePath property from the Config Manager.

String passwdFile;

passwdFile = ConfigManager::getHomedPath(

configManager->getCurrentValue(_PROPERTY_NAME_PASSWORD_FILEPATH));

if (!FileSystem::canRead(_passwdFileName))

{

// Construct a PasswordFile object.

// ATTN: Deal with this

//delete _passwordFile;

_passwordFile.reset(new PasswordFile(passwdFile));

//throw FileNotReadable(_passwdFileName);

}

_passwordFileExists = true;

try

{

// Load the user information in to the cache.

_loadAllUsers();

}

catch (Exception& e)

{

throw e;

}

PEG_FUNC_EXIT(TRC_USER_MANAGER,METHOD_NAME);

// Initialize the mutex, mutex lock needs to be held for any updates

// to the password cache and password file.

_mutex.reset(new Mutex);

PEG_METHOD_EXIT();

}

Line 134

Line 145

UserFileHandler::~UserFileHandler()

{

const char METHOD_NAME[] = "UserFileHandler::~UserFileHandler";

PEG_METHOD_ENTER(TRC_USER_MANAGER, "UserFileHandler::~UserFileHandler");

PEG_FUNC_ENTER(TRC_USER_MANAGER,METHOD_NAME);

delete _passwordFile;

PEG_METHOD_EXIT();

PEG_FUNC_EXIT(TRC_USER_MANAGER,METHOD_NAME);

}

Line 148

Line 155

void UserFileHandler::_loadAllUsers ()

{

const char METHOD_NAME[] = "UserFileHandler::_loadAllUsers";

PEG_METHOD_ENTER(TRC_USER_MANAGER, "UserFileHandler::_loadAllUsers");

PEG_FUNC_ENTER(TRC_USER_MANAGER,METHOD_NAME);

try

{

_passwordTable.clear();

_passwordFile->load(_passwordTable);

}

catch (CannotOpenFile cof)

catch (CannotOpenFile&)

{

_passwordTable.clear();

PEG_FUNC_EXIT(TRC_USER_MANAGER,METHOD_NAME);

PEG_METHOD_EXIT();

throw cof;

throw;

}

PEG_FUNC_EXIT(TRC_USER_MANAGER,METHOD_NAME);

PEG_METHOD_EXIT();

}

void UserFileHandler::_Update(

// Add user entry to file

char operation,

void UserFileHandler::addUserEntry(

const String& userName,

const String& password)

{

char salt[3];

PEG_METHOD_ENTER(TRC_USER_MANAGER, "UserFileHandler::_Update");

String encryptedPassword = String::EMPTY;

const char METHOD_NAME[] = "UserFileHandler::addUserEntry";

PEG_FUNC_ENTER(TRC_USER_MANAGER,METHOD_NAME);

// Hold the mutex lock.

// This will allow any one of the update operations to be performed

// at any given time

// Check if the user already exists

try

if (_passwordTable.contains(userName))

{

PEG_FUNC_EXIT(TRC_USER_MANAGER,METHOD_NAME);

_mutex->timed_lock(_MUTEX_TIMEOUT);

throw DuplicateUser(userName);

}

catch (TimeOut&)

{

throw PEGASUS_CIM_EXCEPTION_L(CIM_ERR_FAILED,

MessageLoaderParms(

"Security.UserManager.UserFileHandler.TIMEOUT",

"Timed out while attempting to perform the requested "

"operation. Try the operation again."));

}

catch (WaitFailed&)

{

throw PEGASUS_CIM_EXCEPTION_L(CIM_ERR_FAILED,

MessageLoaderParms(

"Security.UserManager.UserFileHandler.TIMEOUT",

"Timed out while attempting to perform the requested "

"operation. Try the operation again."));

}

catch (Deadlock&)

{

throw PEGASUS_CIM_EXCEPTION_L(CIM_ERR_FAILED,

MessageLoaderParms(

"Security.UserManager.UserFileHandler.DEADLOCK",

"Deadlock encountered while attempting to perform the "

"requested operation. Try the operation again."));

}

// encrypt password

switch (operation)

_GetSalt(salt);

{

case ADD_USER:

if (!_passwordTable.insert(userName,password))

{

_mutex->unlock();

PEG_METHOD_EXIT();

throw PasswordCacheError();

}

break;

ArrayDestroyer<char> pw(password.allocateCString());

case MODIFY_USER:

if (!_passwordTable.remove(userName))

{

_mutex->unlock();

PEG_METHOD_EXIT();

throw PasswordCacheError();

}

if (!_passwordTable.insert(userName,password))

{

_mutex->unlock();

Logger::put_l(

Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE,

"Security.UserManager.UserFileHandler."

"ERROR_UPDATING_USER_INFO",

"Error updating the user information for user $0.",

userName);

PEG_METHOD_EXIT();

throw PasswordCacheError();

}

break;

encryptedPassword = System::encryptPassword(pw.getPointer(),salt);

case REMOVE_USER:

if (!_passwordTable.insert(userName,encryptedPassword))

//Remove the existing user name and password from the table

if (!_passwordTable.remove(userName))

{

PEG_FUNC_EXIT(TRC_USER_MANAGER,METHOD_NAME);

_mutex->unlock();

throw PasswordCacheError();

PEG_METHOD_EXIT();

throw InvalidUser(userName);

}

break;

default:

// Should never get here

break;

}

// Store the new entry in the password file

// Store the entry in the password file

try

{

_passwordFile->save(_passwordTable);

}

catch (CannotOpenFile& e)

catch (const CannotOpenFile&)

{

PEG_FUNC_EXIT(TRC_USER_MANAGER,METHOD_NAME);

_mutex->unlock();

throw e;

PEG_METHOD_EXIT();

throw;

}

catch (CannotRenameFile& e)

catch (const CannotRenameFile&)

{

// reload password hash table from file

_loadAllUsers();

_mutex->unlock();

PEG_METHOD_EXIT();

throw;

}

_mutex->unlock();

PEG_METHOD_EXIT();

}

// creation of backup file failed

// Add user entry to file

void UserFileHandler::addUserEntry(

const String& userName,

const String& password)

{

char salt[3];

String encryptedPassword;

PEG_METHOD_ENTER(TRC_USER_MANAGER, "UserFileHandler::addUserEntry");

PEG_FUNC_EXIT(TRC_USER_MANAGER,METHOD_NAME);

// Check if the user already exists

throw e;

if (_passwordTable.contains(userName))

{

PEG_METHOD_EXIT();

throw DuplicateUser(userName);

}

PEG_FUNC_EXIT(TRC_USER_MANAGER,METHOD_NAME);

// encrypt password

_GetSalt(salt);

encryptedPassword = System::encryptPassword(password.getCString(),salt);

// add the user to the cache and password file

_Update(ADD_USER,userName, encryptedPassword);

PEG_METHOD_EXIT();

}

Line 235

Line 327

const String& newPassword )

{

char salt[3];

String encryptedPassword = String::EMPTY;

String encryptedPassword;

const char METHOD_NAME[] = "UserFileHandler::modifyUserEntry";

PEG_FUNC_ENTER(TRC_USER_MANAGER,METHOD_NAME);

PEG_METHOD_ENTER(TRC_USER_MANAGER, "UserFileHandler::modifyUserEntry");

// Check if the given password matches the passwd in the file

try

{

if ( !verifyCIMUserPassword (userName,password) )

{

PEG_FUNC_EXIT(TRC_USER_MANAGER,METHOD_NAME);

PEG_METHOD_EXIT();

throw PasswordMismatch(userName);

}

catch (Exception& e)

{

PEG_FUNC_EXIT(TRC_USER_MANAGER,METHOD_NAME);

throw e;

}

// encrypt new password

_GetSalt(salt);

ArrayDestroyer<char> npw(newPassword.allocateCString());

encryptedPassword = System::encryptPassword(newPassword.getCString(),salt);

encryptedPassword = System::encryptPassword(npw.getPointer(),salt);

_Update(MODIFY_USER, userName, encryptedPassword);

if (!_passwordTable.remove(userName))

PEG_METHOD_EXIT();

{

PEG_FUNC_EXIT(TRC_USER_MANAGER,METHOD_NAME);

throw PasswordCacheError();

}

if (!_passwordTable.insert(userName,encryptedPassword))

{

PEG_FUNC_EXIT(TRC_USER_MANAGER,METHOD_NAME);

throw PasswordCacheError();

}

// Store the modified entry in the password file

try

{

_passwordFile->save(_passwordTable);

}

catch (CannotOpenFile& e)

{

PEG_FUNC_EXIT(TRC_USER_MANAGER,METHOD_NAME);

throw e;

}

catch (CannotRenameFile& e)

{

// reload password hash table from file

_loadAllUsers();

// creation of backup file failed

PEG_FUNC_EXIT(TRC_USER_MANAGER,METHOD_NAME);

throw e;

}

PEG_FUNC_EXIT(TRC_USER_MANAGER,METHOD_NAME);

}

Line 307

Line 355

void UserFileHandler::removeUserEntry(const String& userName)

{

const char METHOD_NAME[] = "UserFileHandler::removeUserEntry";

PEG_METHOD_ENTER(TRC_USER_MANAGER, "UserFileHandler::removeUserEntry");

PEG_FUNC_ENTER(TRC_USER_MANAGER,METHOD_NAME);

//Remove the existing user name and password from the table

if (!_passwordTable.remove(userName))

{

PEG_FUNC_EXIT(TRC_USER_MANAGER,METHOD_NAME);

throw InvalidUser(userName);

}

// Store the removed entry in the password file

_Update(REMOVE_USER, userName);

try

{

_passwordFile->save(_passwordTable);

}

catch (CannotOpenFile& e)

{

PEG_FUNC_EXIT(TRC_USER_MANAGER,METHOD_NAME);

throw e;

}

catch (CannotRenameFile& e)

{

// reload password hash table from file

_loadAllUsers();

PEG_METHOD_EXIT();

// creation of backup file failed

PEG_FUNC_EXIT(TRC_USER_MANAGER,METHOD_NAME);

throw e;

}

PEG_FUNC_EXIT(TRC_USER_MANAGER,METHOD_NAME);

}

Line 348

Line 367

void UserFileHandler::getAllUserNames(Array<String>& userNames)

{

const char METHOD_NAME[] = "UserFileHandler::getAllUserNames";

PEG_METHOD_ENTER(TRC_USER_MANAGER, "UserFileHandler::getAllUserNames");

PEG_FUNC_ENTER(TRC_USER_MANAGER,METHOD_NAME);

userNames.clear();

Line 358

Line 375

{

userNames.append(i.key());

}

PEG_FUNC_EXIT(TRC_USER_MANAGER,METHOD_NAME);

PEG_METHOD_EXIT();

}

Line 366

Line 383

Boolean UserFileHandler::verifyCIMUser (const String& userName)

{

const char METHOD_NAME[] = "UserFileHandler::verifyCIMUser";

PEG_METHOD_ENTER(TRC_USER_MANAGER, "UserFileHandler::verifyCIMUser");

PEG_FUNC_ENTER(TRC_USER_MANAGER,METHOD_NAME);

PEG_METHOD_EXIT();

PEG_FUNC_EXIT(TRC_USER_MANAGER,METHOD_NAME);

return _passwordTable.contains(userName);

}

Line 381

Line 396

const String& userName,

const String& password)

{

const char METHOD_NAME[] = "UserFileHandler::verifyCIMUserPassword";

PEG_METHOD_ENTER(TRC_USER_MANAGER,

"UserFileHandler::verifyCIMUserPassword");

PEG_FUNC_ENTER(TRC_USER_MANAGER,METHOD_NAME);

// Check if the user's password mathches the specified password

String curPassword = String::EMPTY;

String curPassword;

String encryptedPassword = String::EMPTY;

String encryptedPassword;

String saltStr = String::EMPTY;

String saltStr;

// Check if the user exists in the password table

if ( !_passwordTable.lookup(userName,curPassword) )

{

PEG_FUNC_EXIT(TRC_USER_MANAGER,METHOD_NAME);

PEG_METHOD_EXIT();

throw InvalidUser(userName);

}

saltStr = curPassword.subString(0,2);

ArrayDestroyer<char> oldsalt(saltStr.allocateCString());

ArrayDestroyer<char> pw(password.allocateCString());

encryptedPassword =

System::encryptPassword(pw.getPointer(),oldsalt.getPointer());

System::encryptPassword(password.getCString(),saltStr.getCString());

if ( curPassword != encryptedPassword )

{

PEG_FUNC_EXIT(TRC_USER_MANAGER,METHOD_NAME);

PEG_METHOD_EXIT();

return false;

}

PEG_FUNC_EXIT(TRC_USER_MANAGER,METHOD_NAME);

PEG_METHOD_EXIT();

return true;

}

PEGASUS_NAMESPACE_END

Legend:

Removed from v.1.2
changed lines
	Added in v.1.24

No CVS admin address has been configured