1 kumpf 1.1 //%/////////////////////////////////////////////////////////////////////////////
2 //
3 // Copyright (c) 2000, 2001 BMC Software, Hewlett-Packard Company, IBM,
4 // The Open Group, Tivoli Systems
5 //
6 // Permission is hereby granted, free of charge, to any person obtaining a copy
7 // of this software and associated documentation files (the "Software"), to
8 // deal in the Software without restriction, including without limitation the
9 // rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
10 // sell copies of the Software, and to permit persons to whom the Software is
11 // furnished to do so, subject to the following conditions:
12 //
13 // THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN
14 // ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED
15 // "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
16 // LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
17 // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
18 // HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
19 // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
20 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
21 //
22 kumpf 1.1 //==============================================================================
23 //
24 // Author: Nag Boranna, Hewlett-Packard Company (nagaraja_boranna@hp.com)
25 //
|
26 kumpf 1.4 // Modified By: Sushma Fernandes, Hewlett-Packard Company
27 // (sushma_fernandes@hp.com)
|
28 kumpf 1.1 //
29 //%/////////////////////////////////////////////////////////////////////////////
30
|
31 sage 1.2 #include <Pegasus/Common/Config.h>
|
32 kumpf 1.9 #include <Pegasus/Common/Constants.h>
|
33 kumpf 1.1 #include <Pegasus/Security/UserManager/UserManager.h>
34 #include <Pegasus/Common/HTTPMessage.h>
35 #include <Pegasus/Common/Destroyer.h>
36 #include <Pegasus/Common/XmlWriter.h>
37 #include <Pegasus/Common/Tracer.h>
38 #include "CIMOperationRequestAuthorizer.h"
39
40 PEGASUS_NAMESPACE_BEGIN
41
42 PEGASUS_USING_STD;
43
44
45 CIMOperationRequestAuthorizer::CIMOperationRequestAuthorizer(
|
46 mday 1.6 MessageQueueService* outputQueue)
|
47 mday 1.5 :
|
48 kumpf 1.9 Base(PEGASUS_SERVICENAME_CIMOPREQAUTHORIZER, MessageQueue::getNextQueueId()),
|
49 mday 1.3 _outputQueue(outputQueue),
50 _serverTerminating(false)
|
51 kumpf 1.1 {
|
52 kumpf 1.10 PEG_METHOD_ENTER(TRC_SERVER, "CIMOperationRequestAuthorizer::"
53 "CIMOperationRequestAuthorizer");
|
54 kumpf 1.1
|
55 kumpf 1.10 PEG_METHOD_EXIT();
|
56 kumpf 1.1 }
57
58 CIMOperationRequestAuthorizer::~CIMOperationRequestAuthorizer()
59 {
|
60 kumpf 1.10 PEG_METHOD_ENTER(TRC_SERVER, "CIMOperationRequestAuthorizer::"
61 "~CIMOperationRequestAuthorizer");
|
62 kumpf 1.1
|
63 kumpf 1.10 PEG_METHOD_EXIT();
|
64 kumpf 1.1 }
65
66 void CIMOperationRequestAuthorizer::sendResponse(
|
67 mday 1.5 Uint32 queueId,
68 Array<Sint8>& message)
|
69 kumpf 1.1 {
|
70 kumpf 1.10 PEG_METHOD_ENTER(TRC_SERVER, "CIMOperationRequestAuthorizer::sendResponse");
|
71 kumpf 1.1
|
72 mday 1.5 MessageQueue* queue = MessageQueue::lookup(queueId);
|
73 kumpf 1.1
|
74 mday 1.5 if (queue)
75 {
76 HTTPMessage* httpMessage = new HTTPMessage(message);
77 queue->enqueue(httpMessage);
78 }
|
79 kumpf 1.10 PEG_METHOD_EXIT();
|
80 kumpf 1.1 }
81
|
82 kumpf 1.7 // Code is duplicated in CIMOperationRequestDecoder
83 void CIMOperationRequestAuthorizer::sendIMethodError(
|
84 mday 1.5 Uint32 queueId,
85 const String& messageId,
|
86 kumpf 1.8 const String& iMethodName,
|
87 mday 1.5 CIMStatusCode code,
88 const String& description)
|
89 kumpf 1.1 {
|
90 kumpf 1.10 PEG_METHOD_ENTER(TRC_SERVER,
91 "CIMOperationRequestAuthorizer::sendIMethodError");
|
92 kumpf 1.1
|
93 kumpf 1.7 Array<Sint8> message;
|
94 kumpf 1.8 message = XmlWriter::formatSimpleIMethodErrorRspMessage(
95 iMethodName,
96 messageId,
97 code,
98 description);
|
99 kumpf 1.7
|
100 kumpf 1.8 sendResponse(queueId, message);
|
101 kumpf 1.1
|
102 kumpf 1.10 PEG_METHOD_EXIT();
|
103 kumpf 1.1 }
104
105 ////////////////////////////////////////////////////////////////////////////////
106
|
107 mday 1.5
108 void CIMOperationRequestAuthorizer::handleEnqueue(Message *request)
|
109 kumpf 1.1 {
110
|
111 kumpf 1.10 PEG_METHOD_ENTER(TRC_SERVER, "CIMOperationRequestAuthorizer::handleEnqueue");
|
112 mday 1.5
113 if (!request)
114 {
|
115 kumpf 1.10 PEG_METHOD_EXIT();
|
116 mday 1.5 return;
117 }
118
119 //
120 // Get the HTTPConnection queue id
121 //
122 QueueIdStack qis = ((CIMRequestMessage*)request)->queueIds.copyAndPop();
123
124 Uint32 queueId = qis.top();
125
126 String userName = String::EMPTY;
127 String authType = String::EMPTY;
128 String nameSpace = String::EMPTY;
129 String cimMethodName = String::EMPTY;
130
131 switch (request->getType())
132 {
133 case CIM_GET_CLASS_REQUEST_MESSAGE:
134 userName = ((CIMGetClassRequestMessage*)request)->userName;
135 authType =
136 ((CIMGetClassRequestMessage*)request)->authType;
137 mday 1.5 nameSpace = ((CIMGetClassRequestMessage*)request)->nameSpace;
138 cimMethodName = "GetClass";
139 break;
140
141 case CIM_GET_INSTANCE_REQUEST_MESSAGE:
142 userName = ((CIMGetInstanceRequestMessage*)request)->userName;
143 authType =
144 ((CIMGetInstanceRequestMessage*)request)->authType;
145 nameSpace = ((CIMGetInstanceRequestMessage*)request)->nameSpace;
146 cimMethodName = "GetInstance";
147 break;
148
149 case CIM_DELETE_CLASS_REQUEST_MESSAGE:
150 userName = ((CIMDeleteClassRequestMessage*)request)->userName;
151 authType =
152 ((CIMDeleteClassRequestMessage*)request)->authType;
153 nameSpace = ((CIMDeleteClassRequestMessage*)request)->nameSpace;
154 cimMethodName = "DeleteClass";
155 break;
156
157 case CIM_DELETE_INSTANCE_REQUEST_MESSAGE:
158 mday 1.5 userName = ((CIMDeleteInstanceRequestMessage*)request)->userName;
159 authType =
160 ((CIMDeleteInstanceRequestMessage*)request)->authType;
161 nameSpace = ((CIMDeleteInstanceRequestMessage*)request)->nameSpace;
162 cimMethodName = "DeleteInstance";
163 break;
164
165 case CIM_CREATE_CLASS_REQUEST_MESSAGE:
166 userName = ((CIMCreateClassRequestMessage*)request)->userName;
167 authType =
168 ((CIMCreateClassRequestMessage*)request)->authType;
169 nameSpace = ((CIMCreateClassRequestMessage*)request)->nameSpace;
170 cimMethodName = "CreateClass";
171 break;
172
173 case CIM_CREATE_INSTANCE_REQUEST_MESSAGE:
174 userName = ((CIMCreateInstanceRequestMessage*)request)->userName;
175 authType =
176 ((CIMCreateInstanceRequestMessage*)request)->authType;
177 nameSpace = ((CIMCreateInstanceRequestMessage*)request)->nameSpace;
178 cimMethodName = "CreateInstance";
179 mday 1.5 break;
180
181 case CIM_MODIFY_CLASS_REQUEST_MESSAGE:
182 userName = ((CIMModifyClassRequestMessage*)request)->userName;
183 authType =
184 ((CIMModifyClassRequestMessage*)request)->authType;
185 nameSpace = ((CIMModifyClassRequestMessage*)request)->nameSpace;
186 cimMethodName = "ModifyClass";
187 break;
188
189 case CIM_MODIFY_INSTANCE_REQUEST_MESSAGE:
190 userName = ((CIMModifyInstanceRequestMessage*)request)->userName;
191 authType =
192 ((CIMModifyInstanceRequestMessage*)request)->authType;
193 nameSpace = ((CIMModifyInstanceRequestMessage*)request)->nameSpace;
194 cimMethodName = "ModifyInstance";
195 break;
196
197 case CIM_ENUMERATE_CLASSES_REQUEST_MESSAGE:
198 userName = ((CIMEnumerateClassesRequestMessage*)request)->userName;
199 authType = ((CIMEnumerateClassesRequestMessage*)request)->authType;
200 mday 1.5 nameSpace = ((CIMEnumerateClassesRequestMessage*)request)->nameSpace;
201 cimMethodName = "EnumerateClasses";
202 break;
203
204 case CIM_ENUMERATE_CLASS_NAMES_REQUEST_MESSAGE:
205 userName = ((CIMEnumerateClassNamesRequestMessage*)request)->userName;
206 authType =
207 ((CIMEnumerateClassNamesRequestMessage*)request)->authType;
208 nameSpace = ((CIMEnumerateClassNamesRequestMessage*)request)->nameSpace;
209 cimMethodName = "EnumerateClassNames";
210 break;
211
212 case CIM_ENUMERATE_INSTANCES_REQUEST_MESSAGE:
213 userName = ((CIMEnumerateInstancesRequestMessage*)request)->userName;
214 authType = ((CIMEnumerateInstancesRequestMessage*)request)->authType;
215 nameSpace = ((CIMEnumerateInstancesRequestMessage*)request)->nameSpace;
216 cimMethodName = "EnumerateInstances";
217 break;
218
219 case CIM_ENUMERATE_INSTANCE_NAMES_REQUEST_MESSAGE:
220 userName = ((CIMEnumerateInstanceNamesRequestMessage*)request)->userName;
221 mday 1.5 authType = ((CIMEnumerateInstanceNamesRequestMessage*)request)->authType;
222 nameSpace = ((CIMEnumerateInstanceNamesRequestMessage*)request)->nameSpace;
223 cimMethodName = "EnumerateInstanceNames";
224 break;
225
226 //ATTN: Implement this when ExecQuery is implemented in the decoder
227 case CIM_EXEC_QUERY_REQUEST_MESSAGE:
228 //userName = ((CIMExecQueryRequestMessage*)request)->userName;
229 //authType = ((CIMExecQueryRequestMessage*)request)->authType;
230 //nameSpace = ((CIMExecQueryRequestMessage*)request)->nameSpace;
231 //cimMethodName = "ExecQuery";
232 break;
233
234 case CIM_ASSOCIATORS_REQUEST_MESSAGE:
235 userName = ((CIMAssociatorsRequestMessage*)request)->userName;
236 authType = ((CIMAssociatorsRequestMessage*)request)->authType;
237 nameSpace = ((CIMAssociatorsRequestMessage*)request)->nameSpace;
238 cimMethodName = "Associators";
239 break;
240
241 case CIM_ASSOCIATOR_NAMES_REQUEST_MESSAGE:
242 mday 1.5 userName = ((CIMAssociatorNamesRequestMessage*)request)->userName;
243 authType = ((CIMAssociatorNamesRequestMessage*)request)->authType;
244 nameSpace = ((CIMAssociatorNamesRequestMessage*)request)->nameSpace;
245 cimMethodName = "AssociatorNames";
246 break;
247
248 case CIM_REFERENCES_REQUEST_MESSAGE:
249 userName = ((CIMReferencesRequestMessage*)request)->userName;
250 authType = ((CIMReferencesRequestMessage*)request)->authType;
251 nameSpace = ((CIMReferencesRequestMessage*)request)->nameSpace;
252 cimMethodName = "References";
253 break;
254
255 case CIM_REFERENCE_NAMES_REQUEST_MESSAGE:
256 userName = ((CIMReferenceNamesRequestMessage*)request)->userName;
257 authType = ((CIMReferenceNamesRequestMessage*)request)->authType;
258 nameSpace = ((CIMReferenceNamesRequestMessage*)request)->nameSpace;
259 cimMethodName = "ReferenceNames";
260 break;
261
262 case CIM_GET_PROPERTY_REQUEST_MESSAGE:
263 mday 1.5 userName = ((CIMGetPropertyRequestMessage*)request)->userName;
264 authType = ((CIMGetPropertyRequestMessage*)request)->authType;
265 nameSpace = ((CIMGetPropertyRequestMessage*)request)->nameSpace;
266 cimMethodName = "GetProperty";
267 break;
268
269 case CIM_SET_PROPERTY_REQUEST_MESSAGE:
270 userName = ((CIMSetPropertyRequestMessage*)request)->userName;
271 authType = ((CIMSetPropertyRequestMessage*)request)->authType;
272 nameSpace = ((CIMSetPropertyRequestMessage*)request)->nameSpace;
273 cimMethodName = "SetProperty";
274 break;
275
276 case CIM_GET_QUALIFIER_REQUEST_MESSAGE:
277 userName = ((CIMGetQualifierRequestMessage*)request)->userName;
278 authType = ((CIMGetQualifierRequestMessage*)request)->authType;
279 nameSpace = ((CIMGetQualifierRequestMessage*)request)->nameSpace;
280 cimMethodName = "GetQualifier";
281 break;
282
283 case CIM_SET_QUALIFIER_REQUEST_MESSAGE:
284 mday 1.5 userName = ((CIMSetQualifierRequestMessage*)request)->userName;
285 authType = ((CIMSetQualifierRequestMessage*)request)->authType;
286 nameSpace = ((CIMSetQualifierRequestMessage*)request)->nameSpace;
287 cimMethodName = "SetQualifier";
288 break;
289
290 case CIM_DELETE_QUALIFIER_REQUEST_MESSAGE:
291 userName = ((CIMDeleteQualifierRequestMessage*)request)->userName;
292 authType = ((CIMDeleteQualifierRequestMessage*)request)->authType;
293 nameSpace = ((CIMDeleteQualifierRequestMessage*)request)->nameSpace;
294 cimMethodName = "DeleteQualifier";
295 break;
296
297 case CIM_ENUMERATE_QUALIFIERS_REQUEST_MESSAGE:
298 userName = ((CIMEnumerateQualifiersRequestMessage*)request)->userName;
299 authType = ((CIMEnumerateQualifiersRequestMessage*)request)->authType;
300 nameSpace = ((CIMEnumerateQualifiersRequestMessage*)request)->nameSpace;
301 cimMethodName = "EnumerateQualifiers";
302 break;
303
304 case CIM_INVOKE_METHOD_REQUEST_MESSAGE:
305 mday 1.5 userName = ((CIMInvokeMethodRequestMessage*)request)->userName;
306 authType = ((CIMInvokeMethodRequestMessage*)request)->authType;
307 nameSpace = ((CIMInvokeMethodRequestMessage*)request)->nameSpace;
308 cimMethodName = "InvokeMethod";
309 break;
310
311 case CIM_ENABLE_INDICATION_SUBSCRIPTION_REQUEST_MESSAGE:
312 userName =
313 ((CIMEnableIndicationSubscriptionRequestMessage*)request)->userName;
314 authType =
315 ((CIMEnableIndicationSubscriptionRequestMessage*)request)->authType;
316 nameSpace =
317 ((CIMEnableIndicationSubscriptionRequestMessage*)request)->nameSpace;
318 cimMethodName = "EnableIndicationSubscription";
319 break;
320
321 case CIM_MODIFY_INDICATION_SUBSCRIPTION_REQUEST_MESSAGE:
322 userName =
323 ((CIMModifyIndicationSubscriptionRequestMessage*)request)->userName;
324 authType =
325 ((CIMModifyIndicationSubscriptionRequestMessage*)request)->authType;
326 mday 1.5 nameSpace =
327 ((CIMModifyIndicationSubscriptionRequestMessage*)request)->nameSpace;
328 cimMethodName = "ModifyIndicationSubscription";
329 break;
330
331 case CIM_DISABLE_INDICATION_SUBSCRIPTION_REQUEST_MESSAGE:
332 userName =
333 ((CIMDisableIndicationSubscriptionRequestMessage*)request)->userName;
334 authType =
335 ((CIMDisableIndicationSubscriptionRequestMessage*)request)->authType;
336 nameSpace =
337 ((CIMDisableIndicationSubscriptionRequestMessage*)request)->nameSpace;
338 cimMethodName = "DisableIndicationSubscription";
339 break;
340
341 default:
342 break;
343 }
344
345 //
346 // if CIMOM is shutting down, return error response
347 mday 1.5 //
348 // ATTN: Need to define a new CIM Error.
349 //
350 if (_serverTerminating)
351 {
352 String description = "CIMServer is shutting down. ";
353 description.append("Request cannot be processed: ");
354
|
355 kumpf 1.7 sendIMethodError(
|
356 mday 1.5 queueId,
357 ((CIMRequestMessage*)request)->messageId,
358 cimMethodName,
359 CIM_ERR_FAILED,
360 description);
361
|
362 kumpf 1.10 PEG_METHOD_EXIT();
|
363 mday 1.5
364 return;
365 }
366
367 //
368 // Do Authorization verification
369 //
370 UserManager* userManager = UserManager::getInstance();
371
372 //
373 // Get a config manager instance and current value for
374 // enableRemotePrivilegedUserAccess property.
375 //
376 ConfigManager* configManager = ConfigManager::getInstance();
377
378 String privilegedAccessEnabled = String::EMPTY;
379 privilegedAccessEnabled =
380 configManager->getCurrentValue("enableRemotePrivilegedUserAccess");
381
382 //
383 // Check if the user is not priviliged, if so perform authorization check.
384 mday 1.5 //
385 if ( ! System::isPrivilegedUser(userName) )
386 {
387 if ( !userManager || !userManager->verifyAuthorization(
|
388 kumpf 1.4 userName, nameSpace, cimMethodName) )
|
389 mday 1.5 {
390 String description = "Not authorized to run ";
391 description.append(cimMethodName);
392 description.append(" in the namespace ");
393 description.append(nameSpace);
394
|
395 kumpf 1.7 sendIMethodError(
|
396 mday 1.5 queueId,
397 ((CIMRequestMessage*)request)->messageId,
398 cimMethodName,
399 CIM_ERR_FAILED,
400 description);
401
|
402 kumpf 1.10 PEG_METHOD_EXIT();
|
403 mday 1.5
404 return;
405 }
406 }
407 //
408 // If the user is privileged, and remote privileged user access is not
409 // enabled and the auth type is not local then reject access.
410 // If the auth type is local then allow access.
411 //
412 else if ( (!String::equalNoCase(authType,"Local")) &&
413 String::equalNoCase(privilegedAccessEnabled,"false"))
414 {
415 String description =
416 "Remote privileged user access is not enabled.";
417
|
418 kumpf 1.7 sendIMethodError(
|
419 mday 1.5 queueId,
420 ((CIMRequestMessage*)request)->messageId,
421 cimMethodName,
422 CIM_ERR_ACCESS_DENIED,
423 description);
424
|
425 kumpf 1.10 PEG_METHOD_EXIT();
|
426 mday 1.5
427 return;
428 }
429
430 //
431 // Enqueue the request
432 //
433 _outputQueue->enqueue(request);
434
|
435 kumpf 1.10 PEG_METHOD_EXIT();
|
436 kumpf 1.1
|
437 mday 1.5 }
438
439
440 void CIMOperationRequestAuthorizer::handleEnqueue()
441 {
|
442 kumpf 1.10 PEG_METHOD_ENTER(TRC_SERVER, "CIMOperationRequestAuthorizer::handleEnqueue");
443
|
444 mday 1.5 Message* request = dequeue();
445 if( request )
446 handleEnqueue(request);
|
447 kumpf 1.10
448 PEG_METHOD_EXIT();
|
449 kumpf 1.1 }
450
451 const char* CIMOperationRequestAuthorizer::getQueueName() const
452 {
|
453 kumpf 1.10 PEG_METHOD_ENTER(TRC_SERVER, "CIMOperationRequestAuthorizer::getQueueName");
|
454 kumpf 1.1
|
455 kumpf 1.10 PEG_METHOD_EXIT();
|
456 kumpf 1.9 return PEGASUS_SERVICENAME_CIMOPREQAUTHORIZER;
|
457 kumpf 1.1 }
458
459 void CIMOperationRequestAuthorizer::setServerTerminating(Boolean flag)
460 {
|
461 kumpf 1.10 PEG_METHOD_ENTER(TRC_SERVER,
462 "CIMOperationRequestAuthorizer::setServerTerminating");
|
463 kumpf 1.1
|
464 mday 1.5 _serverTerminating = flag;
|
465 kumpf 1.1
|
466 kumpf 1.10 PEG_METHOD_EXIT();
|
467 kumpf 1.1 }
468
469 PEGASUS_NAMESPACE_END
|