1 kumpf 1.1 //%/////////////////////////////////////////////////////////////////////////////
2 //
3 // Copyright (c) 2000, 2001 BMC Software, Hewlett-Packard Company, IBM,
4 // The Open Group, Tivoli Systems
5 //
6 // Permission is hereby granted, free of charge, to any person obtaining a copy
7 // of this software and associated documentation files (the "Software"), to
8 // deal in the Software without restriction, including without limitation the
9 // rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
10 // sell copies of the Software, and to permit persons to whom the Software is
11 // furnished to do so, subject to the following conditions:
12 //
13 // THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN
14 // ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED
15 // "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
16 // LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
17 // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
18 // HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
19 // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
20 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
21 //
22 kumpf 1.1 //==============================================================================
23 //
24 // Author: Nag Boranna, Hewlett-Packard Company (nagaraja_boranna@hp.com)
25 //
|
26 kumpf 1.4 // Modified By: Sushma Fernandes, Hewlett-Packard Company
27 // (sushma_fernandes@hp.com)
|
28 kumpf 1.1 //
29 //%/////////////////////////////////////////////////////////////////////////////
30
|
31 sage 1.2 #include <Pegasus/Common/Config.h>
|
32 kumpf 1.9 #include <Pegasus/Common/Constants.h>
|
33 kumpf 1.1 #include <Pegasus/Security/UserManager/UserManager.h>
34 #include <Pegasus/Common/HTTPMessage.h>
35 #include <Pegasus/Common/Destroyer.h>
36 #include <Pegasus/Common/XmlWriter.h>
37 #include <Pegasus/Common/Tracer.h>
38 #include "CIMOperationRequestAuthorizer.h"
39
40 PEGASUS_NAMESPACE_BEGIN
41
42 PEGASUS_USING_STD;
43
44
45 CIMOperationRequestAuthorizer::CIMOperationRequestAuthorizer(
|
46 mday 1.6 MessageQueueService* outputQueue)
|
47 mday 1.5 :
|
48 kumpf 1.13 Base(PEGASUS_QUEUENAME_OPREQAUTHORIZER),
|
49 mday 1.3 _outputQueue(outputQueue),
50 _serverTerminating(false)
|
51 kumpf 1.1 {
|
52 kumpf 1.10 PEG_METHOD_ENTER(TRC_SERVER, "CIMOperationRequestAuthorizer::"
53 "CIMOperationRequestAuthorizer");
|
54 kumpf 1.1
|
55 kumpf 1.10 PEG_METHOD_EXIT();
|
56 kumpf 1.1 }
57
58 CIMOperationRequestAuthorizer::~CIMOperationRequestAuthorizer()
59 {
|
60 kumpf 1.10 PEG_METHOD_ENTER(TRC_SERVER, "CIMOperationRequestAuthorizer::"
61 "~CIMOperationRequestAuthorizer");
|
62 kumpf 1.1
|
63 kumpf 1.10 PEG_METHOD_EXIT();
|
64 kumpf 1.1 }
65
66 void CIMOperationRequestAuthorizer::sendResponse(
|
67 mday 1.5 Uint32 queueId,
68 Array<Sint8>& message)
|
69 kumpf 1.1 {
|
70 kumpf 1.10 PEG_METHOD_ENTER(TRC_SERVER, "CIMOperationRequestAuthorizer::sendResponse");
|
71 kumpf 1.1
|
72 mday 1.5 MessageQueue* queue = MessageQueue::lookup(queueId);
|
73 kumpf 1.1
|
74 mday 1.5 if (queue)
75 {
76 HTTPMessage* httpMessage = new HTTPMessage(message);
77 queue->enqueue(httpMessage);
78 }
|
79 kumpf 1.10 PEG_METHOD_EXIT();
|
80 kumpf 1.1 }
81
|
82 kumpf 1.7 // Code is duplicated in CIMOperationRequestDecoder
83 void CIMOperationRequestAuthorizer::sendIMethodError(
|
84 mday 1.5 Uint32 queueId,
85 const String& messageId,
|
86 kumpf 1.8 const String& iMethodName,
|
87 kumpf 1.12 const CIMException& cimException)
|
88 kumpf 1.1 {
|
89 kumpf 1.10 PEG_METHOD_ENTER(TRC_SERVER,
90 "CIMOperationRequestAuthorizer::sendIMethodError");
|
91 kumpf 1.1
|
92 kumpf 1.7 Array<Sint8> message;
|
93 kumpf 1.8 message = XmlWriter::formatSimpleIMethodErrorRspMessage(
94 iMethodName,
95 messageId,
|
96 kumpf 1.12 cimException);
|
97 kumpf 1.7
|
98 kumpf 1.8 sendResponse(queueId, message);
|
99 kumpf 1.1
|
100 kumpf 1.10 PEG_METHOD_EXIT();
|
101 kumpf 1.1 }
102
103 ////////////////////////////////////////////////////////////////////////////////
104
|
105 mday 1.5
106 void CIMOperationRequestAuthorizer::handleEnqueue(Message *request)
|
107 kumpf 1.1 {
108
|
109 kumpf 1.10 PEG_METHOD_ENTER(TRC_SERVER, "CIMOperationRequestAuthorizer::handleEnqueue");
|
110 mday 1.5
111 if (!request)
112 {
|
113 kumpf 1.10 PEG_METHOD_EXIT();
|
114 mday 1.5 return;
115 }
116
117 //
118 // Get the HTTPConnection queue id
119 //
120 QueueIdStack qis = ((CIMRequestMessage*)request)->queueIds.copyAndPop();
121
122 Uint32 queueId = qis.top();
123
|
124 kumpf 1.12 //
125 // If CIMOM is shutting down, return "Service Unavailable" response
126 //
127 if (_serverTerminating)
128 {
129 Array<Sint8> message;
130 message = XmlWriter::formatHttpErrorRspMessage(
131 HTTP_STATUS_SERVICEUNAVAILABLE,
132 String::EMPTY,
133 "CIM Server is shutting down. "
134 "Request cannot be processed.");
135
136 sendResponse(queueId, message);
137 PEG_METHOD_EXIT();
138 return;
139 }
140
|
141 mday 1.5 String userName = String::EMPTY;
142 String authType = String::EMPTY;
143 String nameSpace = String::EMPTY;
144 String cimMethodName = String::EMPTY;
145
146 switch (request->getType())
147 {
148 case CIM_GET_CLASS_REQUEST_MESSAGE:
149 userName = ((CIMGetClassRequestMessage*)request)->userName;
150 authType =
151 ((CIMGetClassRequestMessage*)request)->authType;
152 nameSpace = ((CIMGetClassRequestMessage*)request)->nameSpace;
153 cimMethodName = "GetClass";
154 break;
155
156 case CIM_GET_INSTANCE_REQUEST_MESSAGE:
157 userName = ((CIMGetInstanceRequestMessage*)request)->userName;
158 authType =
159 ((CIMGetInstanceRequestMessage*)request)->authType;
160 nameSpace = ((CIMGetInstanceRequestMessage*)request)->nameSpace;
161 cimMethodName = "GetInstance";
162 mday 1.5 break;
163
164 case CIM_DELETE_CLASS_REQUEST_MESSAGE:
165 userName = ((CIMDeleteClassRequestMessage*)request)->userName;
166 authType =
167 ((CIMDeleteClassRequestMessage*)request)->authType;
168 nameSpace = ((CIMDeleteClassRequestMessage*)request)->nameSpace;
169 cimMethodName = "DeleteClass";
170 break;
171
172 case CIM_DELETE_INSTANCE_REQUEST_MESSAGE:
173 userName = ((CIMDeleteInstanceRequestMessage*)request)->userName;
174 authType =
175 ((CIMDeleteInstanceRequestMessage*)request)->authType;
176 nameSpace = ((CIMDeleteInstanceRequestMessage*)request)->nameSpace;
177 cimMethodName = "DeleteInstance";
178 break;
179
180 case CIM_CREATE_CLASS_REQUEST_MESSAGE:
181 userName = ((CIMCreateClassRequestMessage*)request)->userName;
182 authType =
183 mday 1.5 ((CIMCreateClassRequestMessage*)request)->authType;
184 nameSpace = ((CIMCreateClassRequestMessage*)request)->nameSpace;
185 cimMethodName = "CreateClass";
186 break;
187
188 case CIM_CREATE_INSTANCE_REQUEST_MESSAGE:
189 userName = ((CIMCreateInstanceRequestMessage*)request)->userName;
190 authType =
191 ((CIMCreateInstanceRequestMessage*)request)->authType;
192 nameSpace = ((CIMCreateInstanceRequestMessage*)request)->nameSpace;
193 cimMethodName = "CreateInstance";
194 break;
195
196 case CIM_MODIFY_CLASS_REQUEST_MESSAGE:
197 userName = ((CIMModifyClassRequestMessage*)request)->userName;
198 authType =
199 ((CIMModifyClassRequestMessage*)request)->authType;
200 nameSpace = ((CIMModifyClassRequestMessage*)request)->nameSpace;
201 cimMethodName = "ModifyClass";
202 break;
203
204 mday 1.5 case CIM_MODIFY_INSTANCE_REQUEST_MESSAGE:
205 userName = ((CIMModifyInstanceRequestMessage*)request)->userName;
206 authType =
207 ((CIMModifyInstanceRequestMessage*)request)->authType;
208 nameSpace = ((CIMModifyInstanceRequestMessage*)request)->nameSpace;
209 cimMethodName = "ModifyInstance";
210 break;
211
212 case CIM_ENUMERATE_CLASSES_REQUEST_MESSAGE:
213 userName = ((CIMEnumerateClassesRequestMessage*)request)->userName;
214 authType = ((CIMEnumerateClassesRequestMessage*)request)->authType;
215 nameSpace = ((CIMEnumerateClassesRequestMessage*)request)->nameSpace;
216 cimMethodName = "EnumerateClasses";
217 break;
218
219 case CIM_ENUMERATE_CLASS_NAMES_REQUEST_MESSAGE:
220 userName = ((CIMEnumerateClassNamesRequestMessage*)request)->userName;
221 authType =
222 ((CIMEnumerateClassNamesRequestMessage*)request)->authType;
223 nameSpace = ((CIMEnumerateClassNamesRequestMessage*)request)->nameSpace;
224 cimMethodName = "EnumerateClassNames";
225 mday 1.5 break;
226
227 case CIM_ENUMERATE_INSTANCES_REQUEST_MESSAGE:
228 userName = ((CIMEnumerateInstancesRequestMessage*)request)->userName;
229 authType = ((CIMEnumerateInstancesRequestMessage*)request)->authType;
230 nameSpace = ((CIMEnumerateInstancesRequestMessage*)request)->nameSpace;
231 cimMethodName = "EnumerateInstances";
232 break;
233
234 case CIM_ENUMERATE_INSTANCE_NAMES_REQUEST_MESSAGE:
235 userName = ((CIMEnumerateInstanceNamesRequestMessage*)request)->userName;
236 authType = ((CIMEnumerateInstanceNamesRequestMessage*)request)->authType;
237 nameSpace = ((CIMEnumerateInstanceNamesRequestMessage*)request)->nameSpace;
238 cimMethodName = "EnumerateInstanceNames";
239 break;
240
241 case CIM_EXEC_QUERY_REQUEST_MESSAGE:
|
242 kumpf 1.11 userName = ((CIMExecQueryRequestMessage*)request)->userName;
243 authType = ((CIMExecQueryRequestMessage*)request)->authType;
244 nameSpace = ((CIMExecQueryRequestMessage*)request)->nameSpace;
245 cimMethodName = "ExecQuery";
|
246 mday 1.5 break;
247
248 case CIM_ASSOCIATORS_REQUEST_MESSAGE:
249 userName = ((CIMAssociatorsRequestMessage*)request)->userName;
250 authType = ((CIMAssociatorsRequestMessage*)request)->authType;
251 nameSpace = ((CIMAssociatorsRequestMessage*)request)->nameSpace;
252 cimMethodName = "Associators";
253 break;
254
255 case CIM_ASSOCIATOR_NAMES_REQUEST_MESSAGE:
256 userName = ((CIMAssociatorNamesRequestMessage*)request)->userName;
257 authType = ((CIMAssociatorNamesRequestMessage*)request)->authType;
258 nameSpace = ((CIMAssociatorNamesRequestMessage*)request)->nameSpace;
259 cimMethodName = "AssociatorNames";
260 break;
261
262 case CIM_REFERENCES_REQUEST_MESSAGE:
263 userName = ((CIMReferencesRequestMessage*)request)->userName;
264 authType = ((CIMReferencesRequestMessage*)request)->authType;
265 nameSpace = ((CIMReferencesRequestMessage*)request)->nameSpace;
266 cimMethodName = "References";
267 mday 1.5 break;
268
269 case CIM_REFERENCE_NAMES_REQUEST_MESSAGE:
270 userName = ((CIMReferenceNamesRequestMessage*)request)->userName;
271 authType = ((CIMReferenceNamesRequestMessage*)request)->authType;
272 nameSpace = ((CIMReferenceNamesRequestMessage*)request)->nameSpace;
273 cimMethodName = "ReferenceNames";
274 break;
275
276 case CIM_GET_PROPERTY_REQUEST_MESSAGE:
277 userName = ((CIMGetPropertyRequestMessage*)request)->userName;
278 authType = ((CIMGetPropertyRequestMessage*)request)->authType;
279 nameSpace = ((CIMGetPropertyRequestMessage*)request)->nameSpace;
280 cimMethodName = "GetProperty";
281 break;
282
283 case CIM_SET_PROPERTY_REQUEST_MESSAGE:
284 userName = ((CIMSetPropertyRequestMessage*)request)->userName;
285 authType = ((CIMSetPropertyRequestMessage*)request)->authType;
286 nameSpace = ((CIMSetPropertyRequestMessage*)request)->nameSpace;
287 cimMethodName = "SetProperty";
288 mday 1.5 break;
289
290 case CIM_GET_QUALIFIER_REQUEST_MESSAGE:
291 userName = ((CIMGetQualifierRequestMessage*)request)->userName;
292 authType = ((CIMGetQualifierRequestMessage*)request)->authType;
293 nameSpace = ((CIMGetQualifierRequestMessage*)request)->nameSpace;
294 cimMethodName = "GetQualifier";
295 break;
296
297 case CIM_SET_QUALIFIER_REQUEST_MESSAGE:
298 userName = ((CIMSetQualifierRequestMessage*)request)->userName;
299 authType = ((CIMSetQualifierRequestMessage*)request)->authType;
300 nameSpace = ((CIMSetQualifierRequestMessage*)request)->nameSpace;
301 cimMethodName = "SetQualifier";
302 break;
303
304 case CIM_DELETE_QUALIFIER_REQUEST_MESSAGE:
305 userName = ((CIMDeleteQualifierRequestMessage*)request)->userName;
306 authType = ((CIMDeleteQualifierRequestMessage*)request)->authType;
307 nameSpace = ((CIMDeleteQualifierRequestMessage*)request)->nameSpace;
308 cimMethodName = "DeleteQualifier";
309 mday 1.5 break;
310
311 case CIM_ENUMERATE_QUALIFIERS_REQUEST_MESSAGE:
312 userName = ((CIMEnumerateQualifiersRequestMessage*)request)->userName;
313 authType = ((CIMEnumerateQualifiersRequestMessage*)request)->authType;
314 nameSpace = ((CIMEnumerateQualifiersRequestMessage*)request)->nameSpace;
315 cimMethodName = "EnumerateQualifiers";
316 break;
317
318 case CIM_INVOKE_METHOD_REQUEST_MESSAGE:
319 userName = ((CIMInvokeMethodRequestMessage*)request)->userName;
320 authType = ((CIMInvokeMethodRequestMessage*)request)->authType;
321 nameSpace = ((CIMInvokeMethodRequestMessage*)request)->nameSpace;
322 cimMethodName = "InvokeMethod";
323 break;
324
325 default:
326 break;
327 }
328
329 //
330 mday 1.5 // Do Authorization verification
331 //
332 UserManager* userManager = UserManager::getInstance();
333
334 //
335 // Get a config manager instance and current value for
336 // enableRemotePrivilegedUserAccess property.
337 //
338 ConfigManager* configManager = ConfigManager::getInstance();
339
340 String privilegedAccessEnabled = String::EMPTY;
341 privilegedAccessEnabled =
342 configManager->getCurrentValue("enableRemotePrivilegedUserAccess");
343
344 //
345 // Check if the user is not priviliged, if so perform authorization check.
346 //
347 if ( ! System::isPrivilegedUser(userName) )
348 {
349 if ( !userManager || !userManager->verifyAuthorization(
|
350 kumpf 1.4 userName, nameSpace, cimMethodName) )
|
351 mday 1.5 {
352 String description = "Not authorized to run ";
353 description.append(cimMethodName);
354 description.append(" in the namespace ");
355 description.append(nameSpace);
356
|
357 kumpf 1.7 sendIMethodError(
|
358 mday 1.5 queueId,
359 ((CIMRequestMessage*)request)->messageId,
360 cimMethodName,
|
361 kumpf 1.12 PEGASUS_CIM_EXCEPTION(CIM_ERR_FAILED, description));
|
362 mday 1.5
|
363 kumpf 1.10 PEG_METHOD_EXIT();
|
364 mday 1.5
365 return;
366 }
367 }
368 //
369 // If the user is privileged, and remote privileged user access is not
370 // enabled and the auth type is not local then reject access.
371 // If the auth type is local then allow access.
372 //
373 else if ( (!String::equalNoCase(authType,"Local")) &&
374 String::equalNoCase(privilegedAccessEnabled,"false"))
375 {
376 String description =
377 "Remote privileged user access is not enabled.";
378
|
379 kumpf 1.7 sendIMethodError(
|
380 mday 1.5 queueId,
381 ((CIMRequestMessage*)request)->messageId,
382 cimMethodName,
|
383 kumpf 1.12 PEGASUS_CIM_EXCEPTION(CIM_ERR_ACCESS_DENIED, description));
|
384 mday 1.5
|
385 kumpf 1.10 PEG_METHOD_EXIT();
|
386 mday 1.5
387 return;
388 }
389
390 //
391 // Enqueue the request
392 //
393 _outputQueue->enqueue(request);
394
|
395 kumpf 1.10 PEG_METHOD_EXIT();
|
396 kumpf 1.1
|
397 mday 1.5 }
398
399
400 void CIMOperationRequestAuthorizer::handleEnqueue()
401 {
|
402 kumpf 1.10 PEG_METHOD_ENTER(TRC_SERVER, "CIMOperationRequestAuthorizer::handleEnqueue");
403
|
404 mday 1.5 Message* request = dequeue();
405 if( request )
406 handleEnqueue(request);
|
407 kumpf 1.10
408 PEG_METHOD_EXIT();
|
409 kumpf 1.1 }
410
411 void CIMOperationRequestAuthorizer::setServerTerminating(Boolean flag)
412 {
|
413 kumpf 1.10 PEG_METHOD_ENTER(TRC_SERVER,
414 "CIMOperationRequestAuthorizer::setServerTerminating");
|
415 kumpf 1.1
|
416 mday 1.5 _serverTerminating = flag;
|
417 kumpf 1.1
|
418 kumpf 1.10 PEG_METHOD_EXIT();
|
419 kumpf 1.1 }
420
421 PEGASUS_NAMESPACE_END
|