version 1.2, 2001/12/13 14:54:33
|
version 1.8.6.1, 2003/07/29 15:08:30
|
|
|
//%//////////////////////////////////////////////////////////////////////////// |
//%///////////////////////////////////////////////////////////////////////////// |
// | // |
// Copyright (c) 2000, 2001 BMC Software, Hewlett-Packard Company, IBM, |
// Copyright (c) 2000, 2001, 2002 BMC Software, Hewlett-Packard Company, IBM, |
// The Open Group, Tivoli Systems | // The Open Group, Tivoli Systems |
// | // |
// Permission is hereby granted, free of charge, to any person obtaining a copy | // Permission is hereby granted, free of charge, to any person obtaining a copy |
|
|
// ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION | // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION |
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. | // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
// | // |
//============================================================================= |
//============================================================================== |
// | // |
// Author: Sushma Fernandes, Hewlett Packard Company (sushma_fernandes@hp.com) | // Author: Sushma Fernandes, Hewlett Packard Company (sushma_fernandes@hp.com) |
// | // |
|
|
#include <Pegasus/Common/System.h> | #include <Pegasus/Common/System.h> |
#include <Pegasus/Common/Tracer.h> | #include <Pegasus/Common/Tracer.h> |
| |
|
#include <Pegasus/Config/ConfigManager.h> |
|
|
#include <Pegasus/Security/UserManager/UserFileHandler.h> | #include <Pegasus/Security/UserManager/UserFileHandler.h> |
#include <Pegasus/Security/UserManager/UserExceptions.h> | #include <Pegasus/Security/UserManager/UserExceptions.h> |
|
#include <Pegasus/Common/MessageLoader.h> //l10n |
| |
PEGASUS_USING_STD; | PEGASUS_USING_STD; |
| |
PEGASUS_NAMESPACE_BEGIN | PEGASUS_NAMESPACE_BEGIN |
| |
const char UserFileHandler::_PASSWD_FILE[] = "/cimserver.passwd"; |
|
|
|
const unsigned char UserFileHandler::_SALT_STRING[] = | const unsigned char UserFileHandler::_SALT_STRING[] = |
"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; | "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; |
| |
|
const String UserFileHandler::_PROPERTY_NAME_PASSWORD_FILEPATH = |
|
"passwordFilePath"; |
|
|
|
// Initialize the mutex timeout to 5000 ms. |
|
const Uint32 UserFileHandler::_MUTEX_TIMEOUT = 5000; |
|
|
// | // |
// Generate random salt key for password encryption refer to crypt(3C) | // Generate random salt key for password encryption refer to crypt(3C) |
// | // |
|
|
long randNum; | long randNum; |
Uint32 sec; | Uint32 sec; |
Uint32 milliSec; | Uint32 milliSec; |
const char METHOD_NAME[] = "PasswordFile::_GetSalt"; |
|
| |
PEG_FUNC_ENTER(TRC_USER_MANAGER,METHOD_NAME); |
PEG_METHOD_ENTER(TRC_USER_MANAGER, "PasswordFile::_GetSalt"); |
| |
// | // |
// Generate a random number and get the salt | // Generate a random number and get the salt |
|
|
| |
salt[2] = '\0'; | salt[2] = '\0'; |
| |
PEG_FUNC_EXIT(TRC_USER_MANAGER,METHOD_NAME); |
PEG_METHOD_EXIT(); |
} | } |
| |
// | // |
|
|
// | // |
UserFileHandler::UserFileHandler() | UserFileHandler::UserFileHandler() |
{ | { |
const char METHOD_NAME[] = "UserFileHandler::UserFileHandler"; |
PEG_METHOD_ENTER(TRC_USER_MANAGER, "UserFileHandler::UserFileHandler"); |
| |
PEG_FUNC_ENTER(TRC_USER_MANAGER,METHOD_NAME); |
// |
|
// Get an instance of the ConfigManager. |
// Get the value of environment variable PEGASUS_HOME |
// |
// The password file location is <$PEGASUS_HOME/cimserver.passwd> |
ConfigManager* configManager; |
const char* tmp = getenv("PEGASUS_HOME"); |
configManager = ConfigManager::getInstance(); |
|
|
_passwordFileExists = false; |
|
_passwdFileName = String(tmp); |
|
_passwdFileName.append(String(_PASSWD_FILE)); |
|
|
|
_passwordFile = new PasswordFile(_passwdFileName); |
|
| |
// | // |
// check whether the password file is readable |
// Get the PasswordFilePath property from the Config Manager. |
// | // |
|
String passwdFile; |
|
passwdFile = configManager->getCurrentValue( |
|
_PROPERTY_NAME_PASSWORD_FILEPATH); |
| |
if (!FileSystem::canRead(_passwdFileName)) |
// |
{ |
// Construct a PasswordFile object. |
// ATTN: Deal with this |
// |
//delete _passwordFile; |
_passwordFile = new PasswordFile(passwdFile); |
//throw FileNotReadable(_passwdFileName); |
|
} |
|
_passwordFileExists = true; |
|
| |
|
// |
|
// Load the user information in to the cache. |
|
// |
try | try |
{ | { |
_loadAllUsers(); | _loadAllUsers(); |
|
|
throw e; | throw e; |
} | } |
| |
PEG_FUNC_EXIT(TRC_USER_MANAGER,METHOD_NAME); |
// |
|
// Initialize the mutex, mutex lock needs to be held for any updates |
|
// to the password cache and password file. |
|
// |
|
_mutex = new Mutex; |
|
|
|
PEG_METHOD_EXIT(); |
} | } |
| |
| |
|
|
// | // |
UserFileHandler::~UserFileHandler() | UserFileHandler::~UserFileHandler() |
{ | { |
const char METHOD_NAME[] = "UserFileHandler::~UserFileHandler"; |
PEG_METHOD_ENTER(TRC_USER_MANAGER, "UserFileHandler::~UserFileHandler"); |
|
|
PEG_FUNC_ENTER(TRC_USER_MANAGER,METHOD_NAME); |
|
| |
delete _passwordFile; | delete _passwordFile; |
|
delete _mutex; |
| |
PEG_FUNC_EXIT(TRC_USER_MANAGER,METHOD_NAME); |
PEG_METHOD_EXIT(); |
} | } |
| |
// | // |
|
|
// | // |
void UserFileHandler::_loadAllUsers () | void UserFileHandler::_loadAllUsers () |
{ | { |
const char METHOD_NAME[] = "UserFileHandler::_loadAllUsers"; |
PEG_METHOD_ENTER(TRC_USER_MANAGER, "UserFileHandler::_loadAllUsers"); |
|
|
PEG_FUNC_ENTER(TRC_USER_MANAGER,METHOD_NAME); |
|
| |
try | try |
{ | { |
|
|
catch (CannotOpenFile cof) | catch (CannotOpenFile cof) |
{ | { |
_passwordTable.clear(); | _passwordTable.clear(); |
PEG_FUNC_EXIT(TRC_USER_MANAGER,METHOD_NAME); |
PEG_METHOD_EXIT(); |
throw cof; | throw cof; |
} | } |
PEG_FUNC_EXIT(TRC_USER_MANAGER,METHOD_NAME); |
PEG_METHOD_EXIT(); |
} | } |
| |
// |
void UserFileHandler::_Update( |
// Add user entry to file |
char operation, |
// |
|
void UserFileHandler::addUserEntry( |
|
const String& userName, | const String& userName, |
const String& password) | const String& password) |
{ | { |
char salt[3]; |
PEG_METHOD_ENTER(TRC_USER_MANAGER, "UserFileHandler::_Update"); |
String encryptedPassword = String::EMPTY; |
|
const char METHOD_NAME[] = "UserFileHandler::addUserEntry"; |
|
| |
PEG_FUNC_ENTER(TRC_USER_MANAGER,METHOD_NAME); |
// |
|
// Hold the mutex lock. |
|
// This will allow any one of the update operations to be performed |
|
// at any given time |
|
// |
| |
// Check if the user already exists |
try |
if (_passwordTable.contains(userName)) |
|
{ | { |
PEG_FUNC_EXIT(TRC_USER_MANAGER,METHOD_NAME); |
_mutex->timed_lock(_MUTEX_TIMEOUT, pegasus_thread_self()); |
throw DuplicateUser(userName); |
} |
|
catch (TimeOut e) |
|
{ |
|
//l10n |
|
//throw PEGASUS_CIM_EXCEPTION( CIM_ERR_FAILED, |
|
//"Timed out trying to perform requested operation." |
|
//"Please re-try the operation again."); |
|
throw PEGASUS_CIM_EXCEPTION_L( CIM_ERR_FAILED, MessageLoaderParms("Security.UserManager.UserFileHandler.TIMEOUT", |
|
"Timed out trying to perform requested operation.Please re-try the operation again.")); |
|
} |
|
catch (WaitFailed e) |
|
{ |
|
//l10n |
|
//throw PEGASUS_CIM_EXCEPTION( CIM_ERR_FAILED, |
|
//"Timed out trying to perform requested operation." |
|
//"Please re-try the operation again."); |
|
throw PEGASUS_CIM_EXCEPTION_L( CIM_ERR_FAILED, MessageLoaderParms("Security.UserManager.UserFileHandler.TIMEOUT", |
|
"Timed out trying to perform requested operation.Please re-try the operation again.")); |
|
} |
|
catch (Deadlock e) |
|
{ |
|
//l10n |
|
//throw PEGASUS_CIM_EXCEPTION( CIM_ERR_FAILED, |
|
//"Deak lock encountered trying to perform requested operation." |
|
//"Please re-try the operation again."); |
|
throw PEGASUS_CIM_EXCEPTION_L( CIM_ERR_FAILED, MessageLoaderParms("Security.UserManager.UserFileHandler.DEADLOCK", |
|
"Deak lock encountered trying to perform requested operation.Please re-try the operation again.")); |
} | } |
| |
// encrypt password |
switch (operation) |
_GetSalt(salt); |
{ |
|
case ADD_USER: |
|
if (!_passwordTable.insert(userName,password)) |
|
{ |
|
_mutex->unlock(); |
|
PEG_METHOD_EXIT(); |
|
throw PasswordCacheError(); |
|
} |
|
break; |
| |
ArrayDestroyer<char> pw(password.allocateCString()); |
case MODIFY_USER: |
|
if (!_passwordTable.remove(userName)) |
|
{ |
|
_mutex->unlock(); |
|
PEG_METHOD_EXIT(); |
|
throw PasswordCacheError(); |
|
} |
|
if (!_passwordTable.insert(userName,password)) |
|
{ |
|
_mutex->unlock(); |
|
//l10n |
|
//Logger::put(Logger::ERROR_LOG, System::CIMSERVER, |
|
//Logger::SEVERE, |
|
//"Error updating user information for : $0.",userName); |
|
Logger::put_l(Logger::ERROR_LOG, System::CIMSERVER,Logger::SEVERE, |
|
"Security.UserManager.UserFileHandler.ERROR_UPDATING_USER_INFO", |
|
"Error updating user information for : $0.",userName); |
|
PEG_METHOD_EXIT(); |
|
throw PasswordCacheError(); |
|
} |
|
break; |
| |
encryptedPassword = System::encryptPassword(pw.getPointer(),salt); |
case REMOVE_USER: |
| |
if (!_passwordTable.insert(userName,encryptedPassword)) |
//Remove the existing user name and password from the table |
|
if (!_passwordTable.remove(userName)) |
{ | { |
PEG_FUNC_EXIT(TRC_USER_MANAGER,METHOD_NAME); |
_mutex->unlock(); |
throw PasswordCacheError(); |
PEG_METHOD_EXIT(); |
|
throw InvalidUser(userName); |
} | } |
|
break; |
| |
// Store the new entry in the password file |
default: |
|
// Should never get here |
|
break; |
|
} |
|
|
|
// Store the entry in the password file |
try | try |
{ | { |
_passwordFile->save(_passwordTable); | _passwordFile->save(_passwordTable); |
} | } |
catch (CannotOpenFile& e) | catch (CannotOpenFile& e) |
{ | { |
PEG_FUNC_EXIT(TRC_USER_MANAGER,METHOD_NAME); |
_mutex->unlock(); |
|
PEG_METHOD_EXIT(); |
throw e; | throw e; |
} | } |
catch (CannotRenameFile& e) | catch (CannotRenameFile& e) |
|
|
// | // |
_loadAllUsers(); | _loadAllUsers(); |
| |
|
_mutex->unlock(); |
|
PEG_METHOD_EXIT(); |
|
throw e; |
|
} |
|
_mutex->unlock(); |
|
PEG_METHOD_EXIT(); |
|
} |
|
|
|
|
// | // |
// creation of backup file failed |
// Add user entry to file |
// | // |
|
void UserFileHandler::addUserEntry( |
|
const String& userName, |
|
const String& password) |
|
{ |
|
char salt[3]; |
|
String encryptedPassword = String::EMPTY; |
| |
PEG_FUNC_EXIT(TRC_USER_MANAGER,METHOD_NAME); |
PEG_METHOD_ENTER(TRC_USER_MANAGER, "UserFileHandler::addUserEntry"); |
throw e; |
|
|
// Check if the user already exists |
|
if (_passwordTable.contains(userName)) |
|
{ |
|
PEG_METHOD_EXIT(); |
|
throw DuplicateUser(userName); |
} | } |
PEG_FUNC_EXIT(TRC_USER_MANAGER,METHOD_NAME); |
|
|
// encrypt password |
|
_GetSalt(salt); |
|
|
|
encryptedPassword = System::encryptPassword(password.getCString(),salt); |
|
|
|
// add the user to the cache and password file |
|
_Update(ADD_USER,userName, encryptedPassword); |
|
|
|
PEG_METHOD_EXIT(); |
} | } |
| |
// | // |
|
|
{ | { |
char salt[3]; | char salt[3]; |
String encryptedPassword = String::EMPTY; | String encryptedPassword = String::EMPTY; |
const char METHOD_NAME[] = "UserFileHandler::modifyUserEntry"; |
|
| |
PEG_FUNC_ENTER(TRC_USER_MANAGER,METHOD_NAME); |
PEG_METHOD_ENTER(TRC_USER_MANAGER, "UserFileHandler::modifyUserEntry"); |
| |
// | // |
// Check if the given password matches the passwd in the file | // Check if the given password matches the passwd in the file |
|
|
{ | { |
if ( !verifyCIMUserPassword (userName,password) ) | if ( !verifyCIMUserPassword (userName,password) ) |
{ | { |
PEG_FUNC_EXIT(TRC_USER_MANAGER,METHOD_NAME); |
PEG_METHOD_EXIT(); |
throw PasswordMismatch(userName); | throw PasswordMismatch(userName); |
} | } |
} | } |
catch (Exception& e) | catch (Exception& e) |
{ | { |
PEG_FUNC_EXIT(TRC_USER_MANAGER,METHOD_NAME); |
PEG_METHOD_EXIT(); |
throw e; | throw e; |
} | } |
| |
// encrypt new password | // encrypt new password |
_GetSalt(salt); | _GetSalt(salt); |
| |
ArrayDestroyer<char> npw(newPassword.allocateCString()); |
encryptedPassword = System::encryptPassword(newPassword.getCString(),salt); |
|
|
encryptedPassword = System::encryptPassword(npw.getPointer(),salt); |
|
|
|
if (!_passwordTable.remove(userName)) |
|
{ |
|
PEG_FUNC_EXIT(TRC_USER_MANAGER,METHOD_NAME); |
|
throw PasswordCacheError(); |
|
} |
|
|
|
if (!_passwordTable.insert(userName,encryptedPassword)) |
|
{ |
|
PEG_FUNC_EXIT(TRC_USER_MANAGER,METHOD_NAME); |
|
throw PasswordCacheError(); |
|
} |
|
| |
// Store the modified entry in the password file |
_Update(MODIFY_USER, userName, encryptedPassword); |
try |
|
{ |
|
_passwordFile->save(_passwordTable); |
|
} |
|
catch (CannotOpenFile& e) |
|
{ |
|
PEG_FUNC_EXIT(TRC_USER_MANAGER,METHOD_NAME); |
|
throw e; |
|
} |
|
catch (CannotRenameFile& e) |
|
{ |
|
// |
|
// reload password hash table from file |
|
// |
|
_loadAllUsers(); |
|
| |
// |
PEG_METHOD_EXIT(); |
// creation of backup file failed |
|
// |
|
PEG_FUNC_EXIT(TRC_USER_MANAGER,METHOD_NAME); |
|
throw e; |
|
} |
|
PEG_FUNC_EXIT(TRC_USER_MANAGER,METHOD_NAME); |
|
} | } |
| |
// | // |
|
|
// | // |
void UserFileHandler::removeUserEntry(const String& userName) | void UserFileHandler::removeUserEntry(const String& userName) |
{ | { |
const char METHOD_NAME[] = "UserFileHandler::removeUserEntry"; |
PEG_METHOD_ENTER(TRC_USER_MANAGER, "UserFileHandler::removeUserEntry"); |
| |
PEG_FUNC_ENTER(TRC_USER_MANAGER,METHOD_NAME); |
_Update(REMOVE_USER, userName); |
|
|
//Remove the existing user name and password from the table |
|
if (!_passwordTable.remove(userName)) |
|
{ |
|
PEG_FUNC_EXIT(TRC_USER_MANAGER,METHOD_NAME); |
|
throw InvalidUser(userName); |
|
} |
|
|
|
// Store the removed entry in the password file |
|
try |
|
{ |
|
_passwordFile->save(_passwordTable); |
|
} |
|
catch (CannotOpenFile& e) |
|
{ |
|
PEG_FUNC_EXIT(TRC_USER_MANAGER,METHOD_NAME); |
|
throw e; |
|
} |
|
catch (CannotRenameFile& e) |
|
{ |
|
// |
|
// reload password hash table from file |
|
// |
|
_loadAllUsers(); |
|
| |
// |
PEG_METHOD_EXIT(); |
// creation of backup file failed |
|
PEG_FUNC_EXIT(TRC_USER_MANAGER,METHOD_NAME); |
|
throw e; |
|
} |
|
PEG_FUNC_EXIT(TRC_USER_MANAGER,METHOD_NAME); |
|
} | } |
| |
// | // |
|
|
// | // |
void UserFileHandler::getAllUserNames(Array<String>& userNames) | void UserFileHandler::getAllUserNames(Array<String>& userNames) |
{ | { |
const char METHOD_NAME[] = "UserFileHandler::getAllUserNames"; |
PEG_METHOD_ENTER(TRC_USER_MANAGER, "UserFileHandler::getAllUserNames"); |
|
|
PEG_FUNC_ENTER(TRC_USER_MANAGER,METHOD_NAME); |
|
| |
userNames.clear(); | userNames.clear(); |
| |
|
|
{ | { |
userNames.append(i.key()); | userNames.append(i.key()); |
} | } |
PEG_FUNC_EXIT(TRC_USER_MANAGER,METHOD_NAME); |
PEG_METHOD_EXIT(); |
} | } |
| |
// | // |
|
|
// | // |
Boolean UserFileHandler::verifyCIMUser (const String& userName) | Boolean UserFileHandler::verifyCIMUser (const String& userName) |
{ | { |
const char METHOD_NAME[] = "UserFileHandler::verifyCIMUser"; |
PEG_METHOD_ENTER(TRC_USER_MANAGER, "UserFileHandler::verifyCIMUser"); |
| |
PEG_FUNC_ENTER(TRC_USER_MANAGER,METHOD_NAME); |
PEG_METHOD_EXIT(); |
|
|
PEG_FUNC_EXIT(TRC_USER_MANAGER,METHOD_NAME); |
|
return _passwordTable.contains(userName); | return _passwordTable.contains(userName); |
} | } |
| |
|
|
const String& userName, | const String& userName, |
const String& password) | const String& password) |
{ | { |
const char METHOD_NAME[] = "UserFileHandler::verifyCIMUserPassword"; |
PEG_METHOD_ENTER(TRC_USER_MANAGER, |
|
"UserFileHandler::verifyCIMUserPassword"); |
PEG_FUNC_ENTER(TRC_USER_MANAGER,METHOD_NAME); |
|
| |
// Check if the user's password mathches the specified password | // Check if the user's password mathches the specified password |
String curPassword = String::EMPTY; | String curPassword = String::EMPTY; |
|
|
// Check if the user exists in the password table | // Check if the user exists in the password table |
if ( !_passwordTable.lookup(userName,curPassword) ) | if ( !_passwordTable.lookup(userName,curPassword) ) |
{ | { |
PEG_FUNC_EXIT(TRC_USER_MANAGER,METHOD_NAME); |
PEG_METHOD_EXIT(); |
throw InvalidUser(userName); | throw InvalidUser(userName); |
} | } |
| |
saltStr = curPassword.subString(0,2); | saltStr = curPassword.subString(0,2); |
ArrayDestroyer<char> oldsalt(saltStr.allocateCString()); |
|
ArrayDestroyer<char> pw(password.allocateCString()); |
|
| |
encryptedPassword = | encryptedPassword = |
System::encryptPassword(pw.getPointer(),oldsalt.getPointer()); |
System::encryptPassword(password.getCString(),saltStr.getCString()); |
| |
if ( curPassword != encryptedPassword ) | if ( curPassword != encryptedPassword ) |
{ | { |
PEG_FUNC_EXIT(TRC_USER_MANAGER,METHOD_NAME); |
PEG_METHOD_EXIT(); |
return false; | return false; |
} | } |
| |
PEG_FUNC_EXIT(TRC_USER_MANAGER,METHOD_NAME); |
PEG_METHOD_EXIT(); |
return true; | return true; |
} | } |
PEGASUS_NAMESPACE_END | PEGASUS_NAMESPACE_END |