pegasus/src/Pegasus/Server/CIMOperationRequestAuthorizer.cpp - diff

Return to CIMOperationRequestAuthorizer.cpp CVS log

Up to [Pegasus] / pegasus / src / Pegasus / Server

Diff for /pegasus/src/Pegasus/Server/CIMOperationRequestAuthorizer.cpp between version 1.29 and 1.30

version 1.29, 2004/01/16 00:41:40

version 1.30, 2004/05/26 17:04:39

Line 49

PEGASUS_USING_STD;

// Set group name separator

const char CIMOperationRequestAuthorizer::_GROUPNAME_SEPARATOR = ',';

CIMOperationRequestAuthorizer::CIMOperationRequestAuthorizer(

MessageQueueService* outputQueue)

Line 60

Line 64

PEG_METHOD_ENTER(TRC_SERVER, "CIMOperationRequestAuthorizer::"

"CIMOperationRequestAuthorizer");

#ifdef PEGASUS_ENABLE_USERGROUP_AUTHORIZATION

_authorizedUserGroups = _getAuthorizedUserGroups();

#endif

PEG_METHOD_EXIT();

}

Line 378

Line 386

break;

}

#ifdef PEGASUS_ENABLE_USERGROUP_AUTHORIZATION

// If the user is not privileged and authorized user group is specified,

// then perform the user group authorization check.

try

{

if ( ! System::isPrivilegedUser(userName) )

{

Uint32 size = _authorizedUserGroups.size();

if (size > 0)

{

Boolean authorized = false;

// Check if the user name is in the authorized user groups.

for (Uint32 i = 0; i < size; i++)

{

// Check if the user is a member of the group

if ( System::isGroupMember(userName.getCString(),

_authorizedUserGroups[i].getCString()) )

{

authorized = true;

break;

}

// If the user is not a member of any of the authorized

// user groups then generate error response.

if (!authorized)

{

PEG_TRACE_STRING(TRC_SERVER, Tracer::LEVEL2,

"Authorization Failed: User '" + userName +

"' is not a member of the authorized groups");

MessageLoaderParms msgLoaderParms(

"Server.CIMOperationRequestAuthorizer.NOT_IN_AUTHORIZED_GRP",

"User '$0' is not authorized to access CIM data.",

userName);

// user is not in the authorized user groups, send an

// error message to the requesting client.

if (cimMethodName == "InvokeMethod")

{

PEG_METHOD_EXIT();

// l10n

sendMethodError(

queueId,

request->getHttpMethod(),

((CIMRequestMessage*)request)->messageId,

((CIMInvokeMethodRequestMessage*)request)->methodName,

PEGASUS_CIM_EXCEPTION_L(CIM_ERR_ACCESS_DENIED, msgLoaderParms));

}

else

{

PEG_METHOD_EXIT();

// l10n

sendIMethodError(

queueId,

request->getHttpMethod(),

((CIMRequestMessage*)request)->messageId,

cimMethodName,

PEGASUS_CIM_EXCEPTION_L(CIM_ERR_ACCESS_DENIED, msgLoaderParms));

}

catch (InternalSystemError &ise)

{

PEG_METHOD_EXIT();

sendIMethodError(

queueId,

request->getHttpMethod(),

((CIMRequestMessage*)request)->messageId,

cimMethodName,

PEGASUS_CIM_EXCEPTION(CIM_ERR_ACCESS_DENIED, ise.getMessage()));

}

#endif // #ifdef PEGASUS_ENABLE_USERGROUP_AUTHORIZATION

// Get a config manager instance

Line 553

Line 648

PEG_METHOD_EXIT();

}

Array<String> CIMOperationRequestAuthorizer::_getAuthorizedUserGroups()

{

PEG_METHOD_ENTER(TRC_SERVER,

"CIMOperationRequestAuthorizer::getAuthorizedUserGroups");

Array<String> authorizedGroups;

String groupNames = String::EMPTY;

// Get a config manager instance

ConfigManager* configManager = ConfigManager::getInstance();

groupNames = configManager->getCurrentValue("authorizedUserGroups");

// Check if the group name is empty

if (groupNames == String::EMPTY || groupNames == "")

{

PEG_METHOD_EXIT();

return authorizedGroups;

}

// Append _GROUPNAME_SEPARATOR to the end of the groups

groupNames.append(_GROUPNAME_SEPARATOR);

Uint32 position = 0;

String groupName = String::EMPTY;

while (groupNames != String::EMPTY)

{

// Get a group name from user groups

// User groups are separated by _GROUPNAME_SEPARATOR

position = groupNames.find(_GROUPNAME_SEPARATOR);

groupName = groupNames.subString(0,(position));

authorizedGroups.append(groupName);

// Remove the searched group name

groupNames.remove(0, position + 1);

}

PEG_METHOD_EXIT();

return authorizedGroups;

}

PEGASUS_NAMESPACE_END

Legend:

Removed from v.1.29
changed lines
	Added in v.1.30

No CVS admin address has been configured