1 karl 1.40 //%2006////////////////////////////////////////////////////////////////////////
|
2 kumpf 1.1 //
|
3 karl 1.34 // Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development
4 // Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems.
5 // Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.;
|
6 karl 1.28 // IBM Corp.; EMC Corporation, The Open Group.
|
7 karl 1.34 // Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.;
8 // IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group.
|
9 karl 1.37 // Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.;
10 // EMC Corporation; VERITAS Software Corporation; The Open Group.
|
11 karl 1.40 // Copyright (c) 2006 Hewlett-Packard Development Company, L.P.; IBM Corp.;
12 // EMC Corporation; Symantec Corporation; The Open Group.
|
13 kumpf 1.1 //
14 // Permission is hereby granted, free of charge, to any person obtaining a copy
15 // of this software and associated documentation files (the "Software"), to
16 // deal in the Software without restriction, including without limitation the
17 // rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
18 // sell copies of the Software, and to permit persons to whom the Software is
19 // furnished to do so, subject to the following conditions:
|
20 kumpf 1.17 //
|
21 kumpf 1.1 // THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN
22 // ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED
23 // "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
24 // LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
25 // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
26 // HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
27 // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
28 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
29 //
30 //==============================================================================
31 //
32 //%/////////////////////////////////////////////////////////////////////////////
33
|
34 sage 1.2 #include <Pegasus/Common/Config.h>
|
35 kumpf 1.9 #include <Pegasus/Common/Constants.h>
|
36 kumpf 1.1 #include <Pegasus/Security/UserManager/UserManager.h>
37 #include <Pegasus/Common/HTTPMessage.h>
38 #include <Pegasus/Common/XmlWriter.h>
39 #include <Pegasus/Common/Tracer.h>
40 #include "CIMOperationRequestAuthorizer.h"
|
41 marek 1.42 #ifdef PEGASUS_ZOS_SECURITY
42 // This include file will not be provided in the OpenGroup CVS for now.
43 // Do NOT try to include it in your compile
44 #include <Pegasus/Common/safCheckzOS_inline.h>
45 #endif
|
46 kumpf 1.1
|
47 humberto 1.25 // l10n
48 #include <Pegasus/Common/MessageLoader.h>
49
|
50 kumpf 1.1 PEGASUS_NAMESPACE_BEGIN
51
52 PEGASUS_USING_STD;
53
|
54 kumpf 1.30 //
55 // Set group name separator
56 //
57 const char CIMOperationRequestAuthorizer::_GROUPNAME_SEPARATOR = ',';
|
58 kumpf 1.1
59 CIMOperationRequestAuthorizer::CIMOperationRequestAuthorizer(
|
60 mday 1.16 MessageQueueService* outputQueue)
|
61 mday 1.5 :
|
62 kumpf 1.13 Base(PEGASUS_QUEUENAME_OPREQAUTHORIZER),
|
63 mday 1.3 _outputQueue(outputQueue),
64 _serverTerminating(false)
|
65 kumpf 1.1 {
|
66 kumpf 1.10 PEG_METHOD_ENTER(TRC_SERVER, "CIMOperationRequestAuthorizer::"
67 "CIMOperationRequestAuthorizer");
|
68 kumpf 1.1
|
69 kumpf 1.30 #ifdef PEGASUS_ENABLE_USERGROUP_AUTHORIZATION
70 _authorizedUserGroups = _getAuthorizedUserGroups();
71 #endif
72
|
73 kumpf 1.10 PEG_METHOD_EXIT();
|
74 kumpf 1.1 }
75
76 CIMOperationRequestAuthorizer::~CIMOperationRequestAuthorizer()
77 {
|
78 kumpf 1.10 PEG_METHOD_ENTER(TRC_SERVER, "CIMOperationRequestAuthorizer::"
79 "~CIMOperationRequestAuthorizer");
|
80 kumpf 1.1
|
81 kumpf 1.10 PEG_METHOD_EXIT();
|
82 kumpf 1.1 }
83
84 void CIMOperationRequestAuthorizer::sendResponse(
|
85 mday 1.5 Uint32 queueId,
|
86 mike 1.38 Buffer& message)
|
87 kumpf 1.1 {
|
88 kumpf 1.10 PEG_METHOD_ENTER(TRC_SERVER, "CIMOperationRequestAuthorizer::sendResponse");
|
89 kumpf 1.1
|
90 mday 1.5 MessageQueue* queue = MessageQueue::lookup(queueId);
|
91 kumpf 1.1
|
92 mday 1.5 if (queue)
93 {
|
94 a.arora 1.31 AutoPtr<HTTPMessage> httpMessage(new HTTPMessage(message));
|
95 gerarda 1.27
|
96 a.arora 1.31 queue->enqueue(httpMessage.release());
|
97 mday 1.5 }
|
98 kumpf 1.10 PEG_METHOD_EXIT();
|
99 kumpf 1.1 }
100
|
101 kumpf 1.7 // Code is duplicated in CIMOperationRequestDecoder
102 void CIMOperationRequestAuthorizer::sendIMethodError(
|
103 mday 1.5 Uint32 queueId,
|
104 kumpf 1.19 HttpMethod httpMethod,
|
105 mday 1.5 const String& messageId,
|
106 kumpf 1.18 const CIMName& iMethodName,
|
107 kumpf 1.12 const CIMException& cimException)
|
108 kumpf 1.1 {
|
109 kumpf 1.10 PEG_METHOD_ENTER(TRC_SERVER,
110 "CIMOperationRequestAuthorizer::sendIMethodError");
|
111 kumpf 1.1
|
112 mike 1.38 Buffer message;
|
113 kumpf 1.8 message = XmlWriter::formatSimpleIMethodErrorRspMessage(
114 iMethodName,
115 messageId,
|
116 kumpf 1.19 httpMethod,
|
117 kumpf 1.12 cimException);
|
118 kumpf 1.7
|
119 kumpf 1.8 sendResponse(queueId, message);
|
120 kumpf 1.1
|
121 kumpf 1.10 PEG_METHOD_EXIT();
|
122 kumpf 1.1 }
123
|
124 kumpf 1.23 // Code is duplicated in CIMOperationRequestDecoder
125 void CIMOperationRequestAuthorizer::sendMethodError(
126 Uint32 queueId,
127 HttpMethod httpMethod,
128 const String& messageId,
129 const CIMName& methodName,
130 const CIMException& cimException)
131 {
132 PEG_METHOD_ENTER(TRC_SERVER,
133 "CIMOperationRequestAuthorizer::sendMethodError");
134
|
135 mike 1.38 Buffer message;
|
136 kumpf 1.23 message = XmlWriter::formatSimpleMethodErrorRspMessage(
137 methodName,
138 messageId,
139 httpMethod,
140 cimException);
141
142 sendResponse(queueId, message);
143
144 PEG_METHOD_EXIT();
145 }
146
|
147 kumpf 1.1 ////////////////////////////////////////////////////////////////////////////////
148
|
149 mday 1.5
150 void CIMOperationRequestAuthorizer::handleEnqueue(Message *request)
|
151 kumpf 1.1 {
152
|
153 kumpf 1.10 PEG_METHOD_ENTER(TRC_SERVER, "CIMOperationRequestAuthorizer::handleEnqueue");
|
154 mday 1.5
155 if (!request)
156 {
|
157 kumpf 1.10 PEG_METHOD_EXIT();
|
158 mday 1.5 return;
159 }
160
|
161 sushma.fernandes 1.35 AutoPtr<CIMOperationRequestMessage>
162 req(dynamic_cast<CIMOperationRequestMessage *>(request));
163
164 PEGASUS_ASSERT(req.get());
165
|
166 mday 1.5 //
167 // Get the HTTPConnection queue id
168 //
|
169 sushma.fernandes 1.35 QueueIdStack qis = req->queueIds.copyAndPop();
|
170 mday 1.5
171 Uint32 queueId = qis.top();
172
|
173 chuck 1.24 // l10n
174 // Set the client's requested language into this service thread.
175 // This will allow functions in this service to return messages
176 // in the correct language.
|
177 sushma.fernandes 1.35 if (req->thread_changed())
|
178 chuck 1.24 {
|
179 kumpf 1.39 AutoPtr<AcceptLanguageList> langs(new AcceptLanguageList(((AcceptLanguageListContainer)req->operationContext.get
|
180 sushma.fernandes 1.35 (AcceptLanguageListContainer:: NAME)).getLanguages()));
181 Thread::setLanguages(langs.release());
|
182 chuck 1.24 }
183
|
184 kumpf 1.12 //
185 // If CIMOM is shutting down, return "Service Unavailable" response
186 //
187 if (_serverTerminating)
188 {
|
189 mike 1.38 Buffer message;
|
190 kumpf 1.12 message = XmlWriter::formatHttpErrorRspMessage(
191 HTTP_STATUS_SERVICEUNAVAILABLE,
192 String::EMPTY,
|
193 kumpf 1.14 "CIM Server is shutting down.");
|
194 kumpf 1.12
195 sendResponse(queueId, message);
196 PEG_METHOD_EXIT();
197 return;
198 }
199
|
200 kumpf 1.41 String userName = ((IdentityContainer)(req->operationContext.get(
201 IdentityContainer::NAME))).getUserName();
202 String authType = req->authType;
203 CIMNamespaceName nameSpace = req->nameSpace;
|
204 mday 1.5 String cimMethodName = String::EMPTY;
205
|
206 sushma.fernandes 1.35 switch (req->getType())
|
207 mday 1.5 {
208 case CIM_GET_CLASS_REQUEST_MESSAGE:
209 cimMethodName = "GetClass";
210 break;
211
212 case CIM_GET_INSTANCE_REQUEST_MESSAGE:
213 cimMethodName = "GetInstance";
214 break;
215
216 case CIM_DELETE_CLASS_REQUEST_MESSAGE:
217 cimMethodName = "DeleteClass";
218 break;
219
220 case CIM_DELETE_INSTANCE_REQUEST_MESSAGE:
221 cimMethodName = "DeleteInstance";
222 break;
223
224 case CIM_CREATE_CLASS_REQUEST_MESSAGE:
225 cimMethodName = "CreateClass";
226 break;
227
228 mday 1.5 case CIM_CREATE_INSTANCE_REQUEST_MESSAGE:
229 cimMethodName = "CreateInstance";
230 break;
231
232 case CIM_MODIFY_CLASS_REQUEST_MESSAGE:
233 cimMethodName = "ModifyClass";
234 break;
235
236 case CIM_MODIFY_INSTANCE_REQUEST_MESSAGE:
237 cimMethodName = "ModifyInstance";
238 break;
239
240 case CIM_ENUMERATE_CLASSES_REQUEST_MESSAGE:
241 cimMethodName = "EnumerateClasses";
242 break;
243
244 case CIM_ENUMERATE_CLASS_NAMES_REQUEST_MESSAGE:
245 cimMethodName = "EnumerateClassNames";
246 break;
247
248 case CIM_ENUMERATE_INSTANCES_REQUEST_MESSAGE:
249 mday 1.5 cimMethodName = "EnumerateInstances";
250 break;
251
252 case CIM_ENUMERATE_INSTANCE_NAMES_REQUEST_MESSAGE:
253 cimMethodName = "EnumerateInstanceNames";
254 break;
255
256 case CIM_EXEC_QUERY_REQUEST_MESSAGE:
|
257 kumpf 1.11 cimMethodName = "ExecQuery";
|
258 mday 1.5 break;
259
260 case CIM_ASSOCIATORS_REQUEST_MESSAGE:
261 cimMethodName = "Associators";
262 break;
263
264 case CIM_ASSOCIATOR_NAMES_REQUEST_MESSAGE:
265 cimMethodName = "AssociatorNames";
266 break;
267
268 case CIM_REFERENCES_REQUEST_MESSAGE:
269 cimMethodName = "References";
270 break;
271
272 case CIM_REFERENCE_NAMES_REQUEST_MESSAGE:
273 cimMethodName = "ReferenceNames";
274 break;
275
276 case CIM_GET_PROPERTY_REQUEST_MESSAGE:
277 cimMethodName = "GetProperty";
278 break;
279 mday 1.5
280 case CIM_SET_PROPERTY_REQUEST_MESSAGE:
281 cimMethodName = "SetProperty";
282 break;
283
284 case CIM_GET_QUALIFIER_REQUEST_MESSAGE:
285 cimMethodName = "GetQualifier";
286 break;
287
288 case CIM_SET_QUALIFIER_REQUEST_MESSAGE:
289 cimMethodName = "SetQualifier";
290 break;
291
292 case CIM_DELETE_QUALIFIER_REQUEST_MESSAGE:
293 cimMethodName = "DeleteQualifier";
294 break;
295
296 case CIM_ENUMERATE_QUALIFIERS_REQUEST_MESSAGE:
297 cimMethodName = "EnumerateQualifiers";
298 break;
299
300 mday 1.5 case CIM_INVOKE_METHOD_REQUEST_MESSAGE:
301 cimMethodName = "InvokeMethod";
302 break;
303
304 default:
|
305 sushma.fernandes 1.35 PEGASUS_ASSERT(0);
|
306 mday 1.5 break;
307 }
308
|
309 marek 1.42 #ifdef PEGASUS_ZOS_SECURITY
310 if (checkRequestTypeAuthorizationZOS(req->getType(), userName, nameSpace) == false)
311 {
312 //
313 // user is not authorized, send an
314 // error message to the requesting client.
315 //
316 if (cimMethodName == "InvokeMethod")
317 {
318 sendMethodError(
319 queueId,
320 req->getHttpMethod(),
321 req->messageId,
322 ((CIMInvokeMethodRequestMessage*)req.get())->methodName,
323 PEGASUS_CIM_EXCEPTION_L(CIM_ERR_ACCESS_DENIED,
324 MessageLoaderParms(
325 "Server.CIMOperationRequestAuthorizer.NOT_AUTHORIZED",
326 "Not authorized to run $0 in the namespace $1",
327 cimMethodName, nameSpace.getString())
328 ));
329 }
330 marek 1.42 else
331 {
332 sendIMethodError(
333 queueId,
334 req->getHttpMethod(),
335 req->messageId,
336 cimMethodName,
337 PEGASUS_CIM_EXCEPTION_L(CIM_ERR_ACCESS_DENIED,
338 MessageLoaderParms(
339 "Server.CIMOperationRequestAuthorizer.NOT_AUTHORIZED",
340 "Not authorized to run $0 in the namespace $1",
341 cimMethodName, nameSpace.getString()))
342 );
343 }
344 PEG_METHOD_EXIT();
345 return;
346 }
347 #endif
348
|
349 kumpf 1.30 #ifdef PEGASUS_ENABLE_USERGROUP_AUTHORIZATION
350 //
351 // If the user is not privileged and authorized user group is specified,
352 // then perform the user group authorization check.
353 //
354 try
355 {
356 if ( ! System::isPrivilegedUser(userName) )
357 {
358 Uint32 size = _authorizedUserGroups.size();
359
360 if (size > 0)
361 {
362 Boolean authorized = false;
363
364 //
365 // Check if the user name is in the authorized user groups.
366 //
367 for (Uint32 i = 0; i < size; i++)
368 {
369 //
370 kumpf 1.30 // Check if the user is a member of the group
371 //
372 if ( System::isGroupMember(userName.getCString(),
373 _authorizedUserGroups[i].getCString()) )
374 {
375 authorized = true;
376 break;
377 }
378 }
379
380 //
381 // If the user is not a member of any of the authorized
382 // user groups then generate error response.
383 //
384 if (!authorized)
385 {
386 PEG_TRACE_STRING(TRC_SERVER, Tracer::LEVEL2,
387 "Authorization Failed: User '" + userName +
388 "' is not a member of the authorized groups");
389
390 MessageLoaderParms msgLoaderParms(
391 kumpf 1.30 "Server.CIMOperationRequestAuthorizer.NOT_IN_AUTHORIZED_GRP",
392 "User '$0' is not authorized to access CIM data.",
393 userName);
394 //
395 // user is not in the authorized user groups, send an
396 // error message to the requesting client.
397 //
398 if (cimMethodName == "InvokeMethod")
399 {
400 // l10n
401 sendMethodError(
402 queueId,
|
403 sushma.fernandes 1.35 req->getHttpMethod(),
404 req->messageId,
405 ((CIMInvokeMethodRequestMessage*)req.get())->methodName,
406 PEGASUS_CIM_EXCEPTION_L(CIM_ERR_ACCESS_DENIED,
407 msgLoaderParms));
|
408 sushma.fernandes 1.33 PEG_METHOD_EXIT();
409 return;
|
410 kumpf 1.30 }
411 else
412 {
413 // l10n
414 sendIMethodError(
415 queueId,
|
416 sushma.fernandes 1.35 req->getHttpMethod(),
417 req->messageId,
|
418 kumpf 1.30 cimMethodName,
|
419 sushma.fernandes 1.35 PEGASUS_CIM_EXCEPTION_L(CIM_ERR_ACCESS_DENIED,
420 msgLoaderParms));
|
421 sushma.fernandes 1.33 PEG_METHOD_EXIT();
422 return;
|
423 kumpf 1.30 }
424 }
425 }
426 }
427 }
428 catch (InternalSystemError &ise)
429 {
430 sendIMethodError(
431 queueId,
|
432 sushma.fernandes 1.35 req->getHttpMethod(),
433 req->messageId,
|
434 kumpf 1.30 cimMethodName,
435 PEGASUS_CIM_EXCEPTION(CIM_ERR_ACCESS_DENIED, ise.getMessage()));
|
436 sushma.fernandes 1.33 PEG_METHOD_EXIT();
437 return;
|
438 kumpf 1.30 }
439 #endif // #ifdef PEGASUS_ENABLE_USERGROUP_AUTHORIZATION
440
|
441 mday 1.5 //
|
442 kumpf 1.22 // Get a config manager instance
|
443 mday 1.5 //
444 ConfigManager* configManager = ConfigManager::getInstance();
445
446 //
|
447 kumpf 1.22 // Do namespace authorization verification
|
448 mday 1.5 //
|
449 kumpf 1.43 if (ConfigManager::parseBooleanValue(
450 configManager->getCurrentValue("enableNamespaceAuthorization")))
|
451 kumpf 1.22 {
452 //
453 // If the user is not privileged, perform the authorization check.
454 //
|
455 chuck 1.21 #if !defined(PEGASUS_PLATFORM_OS400_ISERIES_IBM)
|
456 kumpf 1.22 if ( ! System::isPrivilegedUser(userName) )
|
457 chuck 1.21 #else
|
458 kumpf 1.22 // On OS/400, always check authorization if remote user.
459 // Always allow local privileged users through.
460 // Check authorization for local non-privileged users.
461 // (User authorization to providers are checked downstream from here).
462 if ( ! String::equalNoCase(authType,"Local") ||
463 ! System::isPrivilegedUser(userName) )
|
464 chuck 1.21 #endif
|
465 mday 1.5 {
|
466 kumpf 1.22 UserManager* userManager = UserManager::getInstance();
|
467 mday 1.5
|
468 kumpf 1.22 if ( !userManager || !userManager->verifyAuthorization(
469 userName, nameSpace, cimMethodName) )
470 {
|
471 humberto 1.25
472 // l10n
473
474 // String description = "Not authorized to run ";
475 // description.append(cimMethodName);
476 // description.append(" in the namespace ");
477 // description.append(nameSpace.getString());
|
478 kumpf 1.22
|
479 kumpf 1.23 if (cimMethodName == "InvokeMethod")
480 {
|
481 humberto 1.25 // l10n
482 sendMethodError(
|
483 kumpf 1.23 queueId,
|
484 sushma.fernandes 1.35 req->getHttpMethod(),
485 req->messageId,
486 ((CIMInvokeMethodRequestMessage*)req.get())->methodName,
|
487 humberto 1.25 PEGASUS_CIM_EXCEPTION_L(CIM_ERR_ACCESS_DENIED,
|
488 sushma.fernandes 1.35 MessageLoaderParms(
489 "Server.CIMOperationRequestAuthorizer.NOT_AUTHORIZED",
490 "Not authorized to run $0 in the namespace $1",
491 cimMethodName, nameSpace.getString())));
|
492 kumpf 1.23 }
493 else
494 {
|
495 humberto 1.25 // l10n
496 sendIMethodError(
|
497 sushma.fernandes 1.35 queueId,
498 req->getHttpMethod(),
499 req->messageId,
500 cimMethodName,
501 PEGASUS_CIM_EXCEPTION_L(CIM_ERR_ACCESS_DENIED,
502 MessageLoaderParms(
503 "Server.CIMOperationRequestAuthorizer.NOT_AUTHORIZED",
504 "Not authorized to run $0 in the namespace $1",
505 cimMethodName, nameSpace.getString())));
|
506 kumpf 1.23 }
|
507 mday 1.5
|
508 kumpf 1.22 PEG_METHOD_EXIT();
509
510 return;
511 }
|
512 mday 1.5 }
513 }
|
514 kumpf 1.22
|
515 mday 1.5 //
516 // If the user is privileged, and remote privileged user access is not
|
517 kumpf 1.22 // enabled and the auth type is not Local then reject access.
|
518 mday 1.5 //
|
519 marek 1.44 if (!String::equalNoCase(authType, "Local") &&
|
520 kumpf 1.43 !ConfigManager::parseBooleanValue(
|
521 marek 1.44 configManager->getCurrentValue("enableRemotePrivilegedUserAccess")) &&
522 System::isPrivilegedUser(userName))
|
523 mday 1.5 {
524
|
525 kumpf 1.23 if (cimMethodName == "InvokeMethod")
526 {
|
527 humberto 1.25
528 // l10n
529
|
530 kumpf 1.23 sendMethodError(
531 queueId,
|
532 sushma.fernandes 1.35 req->getHttpMethod(),
533 req->messageId,
534 ((CIMInvokeMethodRequestMessage*)req.get())->methodName,
535 PEGASUS_CIM_EXCEPTION_L(CIM_ERR_ACCESS_DENIED, MessageLoaderParms(
536 "Server.CIMOperationRequestAuthorizer.REMOTE_NOT_ENABLED",
537 "Remote privileged user access is not enabled.")));
|
538 kumpf 1.23 }
539 else
540 {
|
541 humberto 1.25 // l10n
542
|
543 kumpf 1.23 sendIMethodError(
544 queueId,
|
545 sushma.fernandes 1.35 req->getHttpMethod(),
546 req->messageId,
|
547 kumpf 1.23 cimMethodName,
|
548 sushma.fernandes 1.35 PEGASUS_CIM_EXCEPTION_L(CIM_ERR_ACCESS_DENIED, MessageLoaderParms(
549 "Server.CIMOperationRequestAuthorizer.REMOTE_NOT_ENABLED",
550 "Remote privileged user access is not enabled.")));
|
551 kumpf 1.23 }
|
552 mday 1.5
|
553 kumpf 1.10 PEG_METHOD_EXIT();
|
554 mday 1.5
555 return;
556 }
557
558 //
559 // Enqueue the request
560 //
|
561 sushma.fernandes 1.35 _outputQueue->enqueue(req.release());
|
562 mday 1.5
|
563 kumpf 1.10 PEG_METHOD_EXIT();
|
564 kumpf 1.1
|
565 mday 1.5 }
566
567
568 void CIMOperationRequestAuthorizer::handleEnqueue()
569 {
|
570 kumpf 1.10 PEG_METHOD_ENTER(TRC_SERVER, "CIMOperationRequestAuthorizer::handleEnqueue");
571
|
572 mday 1.5 Message* request = dequeue();
573 if( request )
574 handleEnqueue(request);
|
575 kumpf 1.10
576 PEG_METHOD_EXIT();
|
577 kumpf 1.1 }
578
579 void CIMOperationRequestAuthorizer::setServerTerminating(Boolean flag)
580 {
|
581 kumpf 1.10 PEG_METHOD_ENTER(TRC_SERVER,
582 "CIMOperationRequestAuthorizer::setServerTerminating");
|
583 kumpf 1.1
|
584 mday 1.5 _serverTerminating = flag;
|
585 kumpf 1.1
|
586 kumpf 1.10 PEG_METHOD_EXIT();
|
587 kumpf 1.1 }
588
|
589 kumpf 1.30 Array<String> CIMOperationRequestAuthorizer::_getAuthorizedUserGroups()
590 {
591 PEG_METHOD_ENTER(TRC_SERVER,
592 "CIMOperationRequestAuthorizer::getAuthorizedUserGroups");
593
594 Array<String> authorizedGroups;
595
596 String groupNames = String::EMPTY;
597
598 //
599 // Get a config manager instance
600 //
601 ConfigManager* configManager = ConfigManager::getInstance();
602
603 groupNames = configManager->getCurrentValue("authorizedUserGroups");
604
605 //
606 // Check if the group name is empty
607 //
608 if (groupNames == String::EMPTY || groupNames == "")
609 {
610 kumpf 1.30 PEG_METHOD_EXIT();
611 return authorizedGroups;
612 }
613
614 //
615 // Append _GROUPNAME_SEPARATOR to the end of the groups
616 //
617 groupNames.append(_GROUPNAME_SEPARATOR);
618
619 Uint32 position = 0;
620 String groupName = String::EMPTY;
621
622 while (groupNames != String::EMPTY)
623 {
624 //
625 // Get a group name from user groups
626 // User groups are separated by _GROUPNAME_SEPARATOR
627 //
628 position = groupNames.find(_GROUPNAME_SEPARATOR);
629 groupName = groupNames.subString(0,(position));
630
631 kumpf 1.30 authorizedGroups.append(groupName);
632
633 // Remove the searched group name
634 groupNames.remove(0, position + 1);
635 }
636
637 PEG_METHOD_EXIT();
638
639 return authorizedGroups;
640 }
|
641 kumpf 1.1 PEGASUS_NAMESPACE_END
|
Return to
CIMOperationRequestAuthorizer.cpp
CVS log
Up to [Pegasus] / pegasus / src / Pegasus / Server