1 karl 1.40 //%2006////////////////////////////////////////////////////////////////////////
|
2 kumpf 1.1 //
|
3 karl 1.34 // Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development
4 // Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems.
5 // Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.;
|
6 karl 1.28 // IBM Corp.; EMC Corporation, The Open Group.
|
7 karl 1.34 // Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.;
8 // IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group.
|
9 karl 1.37 // Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.;
10 // EMC Corporation; VERITAS Software Corporation; The Open Group.
|
11 karl 1.40 // Copyright (c) 2006 Hewlett-Packard Development Company, L.P.; IBM Corp.;
12 // EMC Corporation; Symantec Corporation; The Open Group.
|
13 kumpf 1.1 //
14 // Permission is hereby granted, free of charge, to any person obtaining a copy
15 // of this software and associated documentation files (the "Software"), to
16 // deal in the Software without restriction, including without limitation the
17 // rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
18 // sell copies of the Software, and to permit persons to whom the Software is
19 // furnished to do so, subject to the following conditions:
|
20 kumpf 1.17 //
|
21 kumpf 1.1 // THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN
22 // ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED
23 // "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
24 // LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
25 // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
26 // HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
27 // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
28 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
29 //
30 //==============================================================================
31 //
32 // Author: Nag Boranna, Hewlett-Packard Company (nagaraja_boranna@hp.com)
33 //
|
34 kumpf 1.4 // Modified By: Sushma Fernandes, Hewlett-Packard Company
35 // (sushma_fernandes@hp.com)
|
36 kumpf 1.18 // Carol Ann Krug Graves, Hewlett-Packard Company
|
37 david.dillard 1.36 // (carolann_graves@hp.com)
|
38 kumpf 1.20 // Yi Zhou, Hewlett-Packard Company (yi_zhou@hp.com)
|
39 a.arora 1.31 // Amit K Arora, IBM (amita@in.ibm.com) for PEP#101
|
40 se.gupta 1.32 // Seema Gupta (gseema@in.ibm.com) for PEP135
|
41 david.dillard 1.36 // David Dillard, VERITAS Software Corp.
42 // (david.dillard@veritas.com)
|
43 kumpf 1.1 //
44 //%/////////////////////////////////////////////////////////////////////////////
45
|
46 sage 1.2 #include <Pegasus/Common/Config.h>
|
47 kumpf 1.9 #include <Pegasus/Common/Constants.h>
|
48 kumpf 1.1 #include <Pegasus/Security/UserManager/UserManager.h>
49 #include <Pegasus/Common/HTTPMessage.h>
50 #include <Pegasus/Common/XmlWriter.h>
51 #include <Pegasus/Common/Tracer.h>
52 #include "CIMOperationRequestAuthorizer.h"
53
|
54 humberto 1.25 // l10n
55 #include <Pegasus/Common/MessageLoader.h>
56
|
57 kumpf 1.1 PEGASUS_NAMESPACE_BEGIN
58
59 PEGASUS_USING_STD;
60
|
61 kumpf 1.30 //
62 // Set group name separator
63 //
64 const char CIMOperationRequestAuthorizer::_GROUPNAME_SEPARATOR = ',';
|
65 kumpf 1.1
66 CIMOperationRequestAuthorizer::CIMOperationRequestAuthorizer(
|
67 mday 1.16 MessageQueueService* outputQueue)
|
68 mday 1.5 :
|
69 kumpf 1.13 Base(PEGASUS_QUEUENAME_OPREQAUTHORIZER),
|
70 mday 1.3 _outputQueue(outputQueue),
71 _serverTerminating(false)
|
72 kumpf 1.1 {
|
73 kumpf 1.10 PEG_METHOD_ENTER(TRC_SERVER, "CIMOperationRequestAuthorizer::"
74 "CIMOperationRequestAuthorizer");
|
75 kumpf 1.1
|
76 kumpf 1.30 #ifdef PEGASUS_ENABLE_USERGROUP_AUTHORIZATION
77 _authorizedUserGroups = _getAuthorizedUserGroups();
78 #endif
79
|
80 kumpf 1.10 PEG_METHOD_EXIT();
|
81 kumpf 1.1 }
82
83 CIMOperationRequestAuthorizer::~CIMOperationRequestAuthorizer()
84 {
|
85 kumpf 1.10 PEG_METHOD_ENTER(TRC_SERVER, "CIMOperationRequestAuthorizer::"
86 "~CIMOperationRequestAuthorizer");
|
87 kumpf 1.1
|
88 kumpf 1.10 PEG_METHOD_EXIT();
|
89 kumpf 1.1 }
90
91 void CIMOperationRequestAuthorizer::sendResponse(
|
92 mday 1.5 Uint32 queueId,
|
93 mike 1.38 Buffer& message)
|
94 kumpf 1.1 {
|
95 kumpf 1.10 PEG_METHOD_ENTER(TRC_SERVER, "CIMOperationRequestAuthorizer::sendResponse");
|
96 kumpf 1.1
|
97 mday 1.5 MessageQueue* queue = MessageQueue::lookup(queueId);
|
98 kumpf 1.1
|
99 mday 1.5 if (queue)
100 {
|
101 a.arora 1.31 AutoPtr<HTTPMessage> httpMessage(new HTTPMessage(message));
|
102 gerarda 1.27
|
103 a.arora 1.31 queue->enqueue(httpMessage.release());
|
104 mday 1.5 }
|
105 kumpf 1.10 PEG_METHOD_EXIT();
|
106 kumpf 1.1 }
107
|
108 kumpf 1.7 // Code is duplicated in CIMOperationRequestDecoder
109 void CIMOperationRequestAuthorizer::sendIMethodError(
|
110 mday 1.5 Uint32 queueId,
|
111 kumpf 1.19 HttpMethod httpMethod,
|
112 mday 1.5 const String& messageId,
|
113 kumpf 1.18 const CIMName& iMethodName,
|
114 kumpf 1.12 const CIMException& cimException)
|
115 kumpf 1.1 {
|
116 kumpf 1.10 PEG_METHOD_ENTER(TRC_SERVER,
117 "CIMOperationRequestAuthorizer::sendIMethodError");
|
118 kumpf 1.1
|
119 mike 1.38 Buffer message;
|
120 kumpf 1.8 message = XmlWriter::formatSimpleIMethodErrorRspMessage(
121 iMethodName,
122 messageId,
|
123 kumpf 1.19 httpMethod,
|
124 kumpf 1.12 cimException);
|
125 kumpf 1.7
|
126 kumpf 1.8 sendResponse(queueId, message);
|
127 kumpf 1.1
|
128 kumpf 1.10 PEG_METHOD_EXIT();
|
129 kumpf 1.1 }
130
|
131 kumpf 1.23 // Code is duplicated in CIMOperationRequestDecoder
132 void CIMOperationRequestAuthorizer::sendMethodError(
133 Uint32 queueId,
134 HttpMethod httpMethod,
135 const String& messageId,
136 const CIMName& methodName,
137 const CIMException& cimException)
138 {
139 PEG_METHOD_ENTER(TRC_SERVER,
140 "CIMOperationRequestAuthorizer::sendMethodError");
141
|
142 mike 1.38 Buffer message;
|
143 kumpf 1.23 message = XmlWriter::formatSimpleMethodErrorRspMessage(
144 methodName,
145 messageId,
146 httpMethod,
147 cimException);
148
149 sendResponse(queueId, message);
150
151 PEG_METHOD_EXIT();
152 }
153
|
154 kumpf 1.1 ////////////////////////////////////////////////////////////////////////////////
155
|
156 mday 1.5
157 void CIMOperationRequestAuthorizer::handleEnqueue(Message *request)
|
158 kumpf 1.1 {
159
|
160 kumpf 1.10 PEG_METHOD_ENTER(TRC_SERVER, "CIMOperationRequestAuthorizer::handleEnqueue");
|
161 mday 1.5
162 if (!request)
163 {
|
164 kumpf 1.10 PEG_METHOD_EXIT();
|
165 mday 1.5 return;
166 }
167
|
168 sushma.fernandes 1.35 AutoPtr<CIMOperationRequestMessage>
169 req(dynamic_cast<CIMOperationRequestMessage *>(request));
170
171 PEGASUS_ASSERT(req.get());
172
|
173 mday 1.5 //
174 // Get the HTTPConnection queue id
175 //
|
176 sushma.fernandes 1.35 QueueIdStack qis = req->queueIds.copyAndPop();
|
177 mday 1.5
178 Uint32 queueId = qis.top();
179
|
180 chuck 1.24 // l10n
181 // Set the client's requested language into this service thread.
182 // This will allow functions in this service to return messages
183 // in the correct language.
|
184 sushma.fernandes 1.35 if (req->thread_changed())
|
185 chuck 1.24 {
|
186 kumpf 1.39 AutoPtr<AcceptLanguageList> langs(new AcceptLanguageList(((AcceptLanguageListContainer)req->operationContext.get
|
187 sushma.fernandes 1.35 (AcceptLanguageListContainer:: NAME)).getLanguages()));
188 Thread::setLanguages(langs.release());
|
189 chuck 1.24 }
190
|
191 kumpf 1.12 //
192 // If CIMOM is shutting down, return "Service Unavailable" response
193 //
194 if (_serverTerminating)
195 {
|
196 mike 1.38 Buffer message;
|
197 kumpf 1.12 message = XmlWriter::formatHttpErrorRspMessage(
198 HTTP_STATUS_SERVICEUNAVAILABLE,
199 String::EMPTY,
|
200 kumpf 1.14 "CIM Server is shutting down.");
|
201 kumpf 1.12
202 sendResponse(queueId, message);
203 PEG_METHOD_EXIT();
204 return;
205 }
206
|
207 mday 1.5 String userName = String::EMPTY;
208 String authType = String::EMPTY;
|
209 kumpf 1.18 CIMNamespaceName nameSpace;
|
210 mday 1.5 String cimMethodName = String::EMPTY;
211
|
212 sushma.fernandes 1.35 // Set the username and namespace.
213 nameSpace = req->nameSpace;
214 userName = ((IdentityContainer)(req->operationContext.get
215 (IdentityContainer::NAME))).getUserName();
216
217 switch (req->getType())
|
218 mday 1.5 {
219 case CIM_GET_CLASS_REQUEST_MESSAGE:
220 authType =
|
221 sushma.fernandes 1.35 ((CIMGetClassRequestMessage*)req.get())->authType;
|
222 mday 1.5 cimMethodName = "GetClass";
223 break;
224
225 case CIM_GET_INSTANCE_REQUEST_MESSAGE:
226 authType =
|
227 sushma.fernandes 1.35 ((CIMGetInstanceRequestMessage*)req.get())->authType;
|
228 mday 1.5 cimMethodName = "GetInstance";
229 break;
230
231 case CIM_DELETE_CLASS_REQUEST_MESSAGE:
232 authType =
|
233 sushma.fernandes 1.35 ((CIMDeleteClassRequestMessage*)req.get())->authType;
|
234 mday 1.5 cimMethodName = "DeleteClass";
235 break;
236
237 case CIM_DELETE_INSTANCE_REQUEST_MESSAGE:
238 authType =
|
239 sushma.fernandes 1.35 ((CIMDeleteInstanceRequestMessage*)req.get())->authType;
|
240 mday 1.5 cimMethodName = "DeleteInstance";
241 break;
242
243 case CIM_CREATE_CLASS_REQUEST_MESSAGE:
244 authType =
|
245 sushma.fernandes 1.35 ((CIMCreateClassRequestMessage*)req.get())->authType;
|
246 mday 1.5 cimMethodName = "CreateClass";
247 break;
248
249 case CIM_CREATE_INSTANCE_REQUEST_MESSAGE:
250 authType =
|
251 sushma.fernandes 1.35 ((CIMCreateInstanceRequestMessage*)req.get())->authType;
|
252 mday 1.5 cimMethodName = "CreateInstance";
253 break;
254
255 case CIM_MODIFY_CLASS_REQUEST_MESSAGE:
256 authType =
|
257 sushma.fernandes 1.35 ((CIMModifyClassRequestMessage*)req.get())->authType;
|
258 mday 1.5 cimMethodName = "ModifyClass";
259 break;
260
261 case CIM_MODIFY_INSTANCE_REQUEST_MESSAGE:
262 authType =
|
263 sushma.fernandes 1.35 ((CIMModifyInstanceRequestMessage*)req.get())->authType;
|
264 mday 1.5 cimMethodName = "ModifyInstance";
265 break;
266
267 case CIM_ENUMERATE_CLASSES_REQUEST_MESSAGE:
|
268 sushma.fernandes 1.35 authType = ((CIMEnumerateClassesRequestMessage*)req.get())->authType;
|
269 mday 1.5 cimMethodName = "EnumerateClasses";
270 break;
271
272 case CIM_ENUMERATE_CLASS_NAMES_REQUEST_MESSAGE:
273 authType =
|
274 sushma.fernandes 1.35 ((CIMEnumerateClassNamesRequestMessage*)req.get())->authType;
|
275 mday 1.5 cimMethodName = "EnumerateClassNames";
276 break;
277
278 case CIM_ENUMERATE_INSTANCES_REQUEST_MESSAGE:
|
279 sushma.fernandes 1.35 authType = ((CIMEnumerateInstancesRequestMessage*)req.get())->authType;
|
280 mday 1.5 cimMethodName = "EnumerateInstances";
281 break;
282
283 case CIM_ENUMERATE_INSTANCE_NAMES_REQUEST_MESSAGE:
|
284 sushma.fernandes 1.35 authType = ((CIMEnumerateInstanceNamesRequestMessage*)req.get())->authType;
|
285 mday 1.5 cimMethodName = "EnumerateInstanceNames";
286 break;
287
288 case CIM_EXEC_QUERY_REQUEST_MESSAGE:
|
289 sushma.fernandes 1.35 authType = ((CIMExecQueryRequestMessage*)req.get())->authType;
|
290 kumpf 1.11 cimMethodName = "ExecQuery";
|
291 mday 1.5 break;
292
293 case CIM_ASSOCIATORS_REQUEST_MESSAGE:
|
294 sushma.fernandes 1.35 authType = ((CIMAssociatorsRequestMessage*)req.get())->authType;
|
295 mday 1.5 cimMethodName = "Associators";
296 break;
297
298 case CIM_ASSOCIATOR_NAMES_REQUEST_MESSAGE:
|
299 sushma.fernandes 1.35 authType = ((CIMAssociatorNamesRequestMessage*)req.get())->authType;
|
300 mday 1.5 cimMethodName = "AssociatorNames";
301 break;
302
303 case CIM_REFERENCES_REQUEST_MESSAGE:
|
304 sushma.fernandes 1.35 authType = ((CIMReferencesRequestMessage*)req.get())->authType;
|
305 mday 1.5 cimMethodName = "References";
306 break;
307
308 case CIM_REFERENCE_NAMES_REQUEST_MESSAGE:
|
309 sushma.fernandes 1.35 authType = ((CIMReferenceNamesRequestMessage*)req.get())->authType;
|
310 mday 1.5 cimMethodName = "ReferenceNames";
311 break;
312
313 case CIM_GET_PROPERTY_REQUEST_MESSAGE:
|
314 sushma.fernandes 1.35 authType = ((CIMGetPropertyRequestMessage*)req.get())->authType;
|
315 mday 1.5 cimMethodName = "GetProperty";
316 break;
317
318 case CIM_SET_PROPERTY_REQUEST_MESSAGE:
|
319 sushma.fernandes 1.35 authType = ((CIMSetPropertyRequestMessage*)req.get())->authType;
|
320 mday 1.5 cimMethodName = "SetProperty";
321 break;
322
323 case CIM_GET_QUALIFIER_REQUEST_MESSAGE:
|
324 sushma.fernandes 1.35 authType = ((CIMGetQualifierRequestMessage*)req.get())->authType;
|
325 mday 1.5 cimMethodName = "GetQualifier";
326 break;
327
328 case CIM_SET_QUALIFIER_REQUEST_MESSAGE:
|
329 sushma.fernandes 1.35 authType = ((CIMSetQualifierRequestMessage*)req.get())->authType;
|
330 mday 1.5 cimMethodName = "SetQualifier";
331 break;
332
333 case CIM_DELETE_QUALIFIER_REQUEST_MESSAGE:
|
334 sushma.fernandes 1.35 authType = ((CIMDeleteQualifierRequestMessage*)req.get())->authType;
|
335 mday 1.5 cimMethodName = "DeleteQualifier";
336 break;
337
338 case CIM_ENUMERATE_QUALIFIERS_REQUEST_MESSAGE:
|
339 sushma.fernandes 1.35 authType = ((CIMEnumerateQualifiersRequestMessage*)req.get())->authType;
|
340 mday 1.5 cimMethodName = "EnumerateQualifiers";
341 break;
342
343 case CIM_INVOKE_METHOD_REQUEST_MESSAGE:
|
344 sushma.fernandes 1.35 authType = ((CIMInvokeMethodRequestMessage*)req.get())->authType;
|
345 mday 1.5 cimMethodName = "InvokeMethod";
346 break;
347
348 default:
|
349 sushma.fernandes 1.35 PEGASUS_ASSERT(0);
|
350 mday 1.5 break;
351 }
352
|
353 kumpf 1.30 #ifdef PEGASUS_ENABLE_USERGROUP_AUTHORIZATION
354 //
355 // If the user is not privileged and authorized user group is specified,
356 // then perform the user group authorization check.
357 //
358 try
359 {
360 if ( ! System::isPrivilegedUser(userName) )
361 {
362 Uint32 size = _authorizedUserGroups.size();
363
364 if (size > 0)
365 {
366 Boolean authorized = false;
367
368 //
369 // Check if the user name is in the authorized user groups.
370 //
371 for (Uint32 i = 0; i < size; i++)
372 {
373 //
374 kumpf 1.30 // Check if the user is a member of the group
375 //
376 if ( System::isGroupMember(userName.getCString(),
377 _authorizedUserGroups[i].getCString()) )
378 {
379 authorized = true;
380 break;
381 }
382 }
383
384 //
385 // If the user is not a member of any of the authorized
386 // user groups then generate error response.
387 //
388 if (!authorized)
389 {
390 PEG_TRACE_STRING(TRC_SERVER, Tracer::LEVEL2,
391 "Authorization Failed: User '" + userName +
392 "' is not a member of the authorized groups");
393
394 MessageLoaderParms msgLoaderParms(
395 kumpf 1.30 "Server.CIMOperationRequestAuthorizer.NOT_IN_AUTHORIZED_GRP",
396 "User '$0' is not authorized to access CIM data.",
397 userName);
398 //
399 // user is not in the authorized user groups, send an
400 // error message to the requesting client.
401 //
402 if (cimMethodName == "InvokeMethod")
403 {
404 // l10n
405 sendMethodError(
406 queueId,
|
407 sushma.fernandes 1.35 req->getHttpMethod(),
408 req->messageId,
409 ((CIMInvokeMethodRequestMessage*)req.get())->methodName,
410 PEGASUS_CIM_EXCEPTION_L(CIM_ERR_ACCESS_DENIED,
411 msgLoaderParms));
|
412 sushma.fernandes 1.33 PEG_METHOD_EXIT();
413 return;
|
414 kumpf 1.30 }
415 else
416 {
417 // l10n
418 sendIMethodError(
419 queueId,
|
420 sushma.fernandes 1.35 req->getHttpMethod(),
421 req->messageId,
|
422 kumpf 1.30 cimMethodName,
|
423 sushma.fernandes 1.35 PEGASUS_CIM_EXCEPTION_L(CIM_ERR_ACCESS_DENIED,
424 msgLoaderParms));
|
425 sushma.fernandes 1.33 PEG_METHOD_EXIT();
426 return;
|
427 kumpf 1.30 }
428 }
429 }
430 }
431 }
432 catch (InternalSystemError &ise)
433 {
434 sendIMethodError(
435 queueId,
|
436 sushma.fernandes 1.35 req->getHttpMethod(),
437 req->messageId,
|
438 kumpf 1.30 cimMethodName,
439 PEGASUS_CIM_EXCEPTION(CIM_ERR_ACCESS_DENIED, ise.getMessage()));
|
440 sushma.fernandes 1.33 PEG_METHOD_EXIT();
441 return;
|
442 kumpf 1.30 }
443 #endif // #ifdef PEGASUS_ENABLE_USERGROUP_AUTHORIZATION
444
|
445 mday 1.5 //
|
446 kumpf 1.22 // Get a config manager instance
|
447 mday 1.5 //
448 ConfigManager* configManager = ConfigManager::getInstance();
449
450 //
|
451 kumpf 1.22 // Do namespace authorization verification
|
452 mday 1.5 //
|
453 kumpf 1.22 if (String::equalNoCase(
454 configManager->getCurrentValue("enableNamespaceAuthorization"),
455 "true"))
456 {
457 //
458 // If the user is not privileged, perform the authorization check.
459 //
|
460 chuck 1.21 #if !defined(PEGASUS_PLATFORM_OS400_ISERIES_IBM)
|
461 kumpf 1.22 if ( ! System::isPrivilegedUser(userName) )
|
462 chuck 1.21 #else
|
463 kumpf 1.22 // On OS/400, always check authorization if remote user.
464 // Always allow local privileged users through.
465 // Check authorization for local non-privileged users.
466 // (User authorization to providers are checked downstream from here).
467 if ( ! String::equalNoCase(authType,"Local") ||
468 ! System::isPrivilegedUser(userName) )
|
469 chuck 1.21 #endif
|
470 mday 1.5 {
|
471 kumpf 1.22 UserManager* userManager = UserManager::getInstance();
|
472 mday 1.5
|
473 kumpf 1.22 if ( !userManager || !userManager->verifyAuthorization(
474 userName, nameSpace, cimMethodName) )
475 {
|
476 humberto 1.25
477 // l10n
478
479 // String description = "Not authorized to run ";
480 // description.append(cimMethodName);
481 // description.append(" in the namespace ");
482 // description.append(nameSpace.getString());
|
483 kumpf 1.22
|
484 kumpf 1.23 if (cimMethodName == "InvokeMethod")
485 {
|
486 humberto 1.25 // l10n
487 sendMethodError(
|
488 kumpf 1.23 queueId,
|
489 sushma.fernandes 1.35 req->getHttpMethod(),
490 req->messageId,
491 ((CIMInvokeMethodRequestMessage*)req.get())->methodName,
|
492 humberto 1.25 PEGASUS_CIM_EXCEPTION_L(CIM_ERR_ACCESS_DENIED,
|
493 sushma.fernandes 1.35 MessageLoaderParms(
494 "Server.CIMOperationRequestAuthorizer.NOT_AUTHORIZED",
495 "Not authorized to run $0 in the namespace $1",
496 cimMethodName, nameSpace.getString())));
|
497 kumpf 1.23 }
498 else
499 {
|
500 humberto 1.25 // l10n
501 sendIMethodError(
|
502 sushma.fernandes 1.35 queueId,
503 req->getHttpMethod(),
504 req->messageId,
505 cimMethodName,
506 PEGASUS_CIM_EXCEPTION_L(CIM_ERR_ACCESS_DENIED,
507 MessageLoaderParms(
508 "Server.CIMOperationRequestAuthorizer.NOT_AUTHORIZED",
509 "Not authorized to run $0 in the namespace $1",
510 cimMethodName, nameSpace.getString())));
|
511 kumpf 1.23 }
|
512 mday 1.5
|
513 kumpf 1.22 PEG_METHOD_EXIT();
514
515 return;
516 }
|
517 mday 1.5 }
518 }
|
519 kumpf 1.22
|
520 mday 1.5 //
521 // If the user is privileged, and remote privileged user access is not
|
522 kumpf 1.22 // enabled and the auth type is not Local then reject access.
|
523 mday 1.5 //
|
524 kumpf 1.22 if ( System::isPrivilegedUser(userName) &&
525 !String::equalNoCase(authType, "Local") &&
526 !String::equalNoCase(
527 configManager->getCurrentValue("enableRemotePrivilegedUserAccess"),
528 "true") )
|
529 mday 1.5 {
530
|
531 kumpf 1.23 if (cimMethodName == "InvokeMethod")
532 {
|
533 humberto 1.25
534 // l10n
535
|
536 kumpf 1.23 sendMethodError(
537 queueId,
|
538 sushma.fernandes 1.35 req->getHttpMethod(),
539 req->messageId,
540 ((CIMInvokeMethodRequestMessage*)req.get())->methodName,
541 PEGASUS_CIM_EXCEPTION_L(CIM_ERR_ACCESS_DENIED, MessageLoaderParms(
542 "Server.CIMOperationRequestAuthorizer.REMOTE_NOT_ENABLED",
543 "Remote privileged user access is not enabled.")));
|
544 kumpf 1.23 }
545 else
546 {
|
547 humberto 1.25 // l10n
548
|
549 kumpf 1.23 sendIMethodError(
550 queueId,
|
551 sushma.fernandes 1.35 req->getHttpMethod(),
552 req->messageId,
|
553 kumpf 1.23 cimMethodName,
|
554 sushma.fernandes 1.35 PEGASUS_CIM_EXCEPTION_L(CIM_ERR_ACCESS_DENIED, MessageLoaderParms(
555 "Server.CIMOperationRequestAuthorizer.REMOTE_NOT_ENABLED",
556 "Remote privileged user access is not enabled.")));
|
557 kumpf 1.23 }
|
558 mday 1.5
|
559 kumpf 1.10 PEG_METHOD_EXIT();
|
560 mday 1.5
561 return;
562 }
563
564 //
565 // Enqueue the request
566 //
|
567 sushma.fernandes 1.35 _outputQueue->enqueue(req.release());
|
568 mday 1.5
|
569 kumpf 1.10 PEG_METHOD_EXIT();
|
570 kumpf 1.1
|
571 mday 1.5 }
572
573
574 void CIMOperationRequestAuthorizer::handleEnqueue()
575 {
|
576 kumpf 1.10 PEG_METHOD_ENTER(TRC_SERVER, "CIMOperationRequestAuthorizer::handleEnqueue");
577
|
578 mday 1.5 Message* request = dequeue();
579 if( request )
580 handleEnqueue(request);
|
581 kumpf 1.10
582 PEG_METHOD_EXIT();
|
583 kumpf 1.1 }
584
585 void CIMOperationRequestAuthorizer::setServerTerminating(Boolean flag)
586 {
|
587 kumpf 1.10 PEG_METHOD_ENTER(TRC_SERVER,
588 "CIMOperationRequestAuthorizer::setServerTerminating");
|
589 kumpf 1.1
|
590 mday 1.5 _serverTerminating = flag;
|
591 kumpf 1.1
|
592 kumpf 1.10 PEG_METHOD_EXIT();
|
593 kumpf 1.1 }
594
|
595 kumpf 1.30 Array<String> CIMOperationRequestAuthorizer::_getAuthorizedUserGroups()
596 {
597 PEG_METHOD_ENTER(TRC_SERVER,
598 "CIMOperationRequestAuthorizer::getAuthorizedUserGroups");
599
600 Array<String> authorizedGroups;
601
602 String groupNames = String::EMPTY;
603
604 //
605 // Get a config manager instance
606 //
607 ConfigManager* configManager = ConfigManager::getInstance();
608
609 groupNames = configManager->getCurrentValue("authorizedUserGroups");
610
611 //
612 // Check if the group name is empty
613 //
614 if (groupNames == String::EMPTY || groupNames == "")
615 {
616 kumpf 1.30 PEG_METHOD_EXIT();
617 return authorizedGroups;
618 }
619
620 //
621 // Append _GROUPNAME_SEPARATOR to the end of the groups
622 //
623 groupNames.append(_GROUPNAME_SEPARATOR);
624
625 Uint32 position = 0;
626 String groupName = String::EMPTY;
627
628 while (groupNames != String::EMPTY)
629 {
630 //
631 // Get a group name from user groups
632 // User groups are separated by _GROUPNAME_SEPARATOR
633 //
634 position = groupNames.find(_GROUPNAME_SEPARATOR);
635 groupName = groupNames.subString(0,(position));
636
637 kumpf 1.30 authorizedGroups.append(groupName);
638
639 // Remove the searched group name
640 groupNames.remove(0, position + 1);
641 }
642
643 PEG_METHOD_EXIT();
644
645 return authorizedGroups;
646 }
|
647 kumpf 1.1 PEGASUS_NAMESPACE_END
|