1 kumpf 1.1 //%/////////////////////////////////////////////////////////////////////////////
2 //
3 // Copyright (c) 2000, 2001 BMC Software, Hewlett-Packard Company, IBM,
4 // The Open Group, Tivoli Systems
5 //
6 // Permission is hereby granted, free of charge, to any person obtaining a copy
7 // of this software and associated documentation files (the "Software"), to
8 // deal in the Software without restriction, including without limitation the
9 // rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
10 // sell copies of the Software, and to permit persons to whom the Software is
11 // furnished to do so, subject to the following conditions:
12 //
13 // THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN
14 // ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED
15 // "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
16 // LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
17 // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
18 // HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
19 // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
20 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
21 //
22 kumpf 1.1 //==============================================================================
23 //
24 // Author: Nag Boranna, Hewlett-Packard Company (nagaraja_boranna@hp.com)
25 //
|
26 kumpf 1.4 // Modified By: Sushma Fernandes, Hewlett-Packard Company
27 // (sushma_fernandes@hp.com)
|
28 kumpf 1.1 //
29 //%/////////////////////////////////////////////////////////////////////////////
30
|
31 sage 1.2 #include <Pegasus/Common/Config.h>
|
32 kumpf 1.1 #include <Pegasus/Security/UserManager/UserManager.h>
33 #include <Pegasus/Common/HTTPMessage.h>
34 #include <Pegasus/Common/Destroyer.h>
35 #include <Pegasus/Common/XmlWriter.h>
36 #include <Pegasus/Common/Tracer.h>
37 #include "CIMOperationRequestAuthorizer.h"
38
39 PEGASUS_NAMESPACE_BEGIN
40
41 PEGASUS_USING_STD;
42
43
44 CIMOperationRequestAuthorizer::CIMOperationRequestAuthorizer(
|
45 mday 1.6 MessageQueueService* outputQueue)
|
46 mday 1.5 :
|
47 mday 1.3 Base("CIMOperationRequestAuthorizer", MessageQueue::getNextQueueId()),
48 _outputQueue(outputQueue),
49 _serverTerminating(false)
|
50 kumpf 1.1 {
|
51 mday 1.5 const char METHOD_NAME[] =
52 "CIMOperationRequestAuthorizer::CIMOperationRequestAuthorizer()";
|
53 kumpf 1.1
|
54 mday 1.5 PEG_FUNC_ENTER(TRC_SERVER, METHOD_NAME);
|
55 kumpf 1.1
|
56 mday 1.5 PEG_FUNC_EXIT(TRC_SERVER, METHOD_NAME);
|
57 kumpf 1.1 }
58
59 CIMOperationRequestAuthorizer::~CIMOperationRequestAuthorizer()
60 {
|
61 mday 1.5 const char METHOD_NAME[] =
62 "CIMOperationRequestAuthorizer::~CIMOperationRequestAuthorizer()";
|
63 kumpf 1.1
|
64 mday 1.5 PEG_FUNC_ENTER(TRC_SERVER, METHOD_NAME);
|
65 kumpf 1.1
|
66 mday 1.5 PEG_FUNC_EXIT(TRC_SERVER, METHOD_NAME);
|
67 kumpf 1.1 }
68
69 void CIMOperationRequestAuthorizer::sendResponse(
|
70 mday 1.5 Uint32 queueId,
71 Array<Sint8>& message)
|
72 kumpf 1.1 {
|
73 mday 1.5 const char METHOD_NAME[] =
74 "CIMOperationRequestAuthorizer::sendResponse()";
|
75 kumpf 1.1
|
76 mday 1.5 PEG_FUNC_ENTER(TRC_SERVER, METHOD_NAME);
|
77 kumpf 1.1
|
78 mday 1.5 MessageQueue* queue = MessageQueue::lookup(queueId);
|
79 kumpf 1.1
|
80 mday 1.5 if (queue)
81 {
82 HTTPMessage* httpMessage = new HTTPMessage(message);
83 queue->enqueue(httpMessage);
84 }
85 PEG_FUNC_EXIT(TRC_SERVER, METHOD_NAME);
|
86 kumpf 1.1 }
87
88 void CIMOperationRequestAuthorizer::sendError(
|
89 mday 1.5 Uint32 queueId,
90 const String& messageId,
91 const String& cimMethodName,
92 CIMStatusCode code,
93 const String& description)
|
94 kumpf 1.1 {
|
95 mday 1.5 const char METHOD_NAME[] =
96 "CIMOperationRequestAuthorizer::sendError()";
|
97 kumpf 1.1
|
98 mday 1.5 PEG_FUNC_ENTER(TRC_SERVER, METHOD_NAME);
|
99 kumpf 1.1
|
100 mday 1.5 ArrayDestroyer<char> tmp1(cimMethodName.allocateCString());
101 ArrayDestroyer<char> tmp2(description.allocateCString());
|
102 kumpf 1.1
|
103 mday 1.5 Array<Sint8> message = XmlWriter::formatMethodResponseHeader(
104 XmlWriter::formatMessageElement(
105 messageId,
106 XmlWriter::formatSimpleRspElement(
107 XmlWriter::formatIMethodResponseElement(
108 tmp1.getPointer(),
109 XmlWriter::formatErrorElement(code, tmp2.getPointer())))));
|
110 kumpf 1.1
|
111 mday 1.5 sendResponse(queueId, message);
|
112 kumpf 1.1
|
113 mday 1.5 PEG_FUNC_EXIT(TRC_SERVER, METHOD_NAME);
|
114 kumpf 1.1 }
115
116 ////////////////////////////////////////////////////////////////////////////////
117
|
118 mday 1.5
119 void CIMOperationRequestAuthorizer::handleEnqueue(Message *request)
|
120 kumpf 1.1 {
121
|
122 mday 1.5 const char METHOD_NAME[] =
123 "CIMOperationRequestAuthorizer::handleEnqueue()";
124
125 PEG_FUNC_ENTER(TRC_SERVER, METHOD_NAME);
|
126 kumpf 1.1
127
|
128 mday 1.5
129 if (!request)
130 {
131 PEG_FUNC_EXIT(TRC_SERVER, METHOD_NAME);
132 return;
133 }
134
135 //
136 // Get the HTTPConnection queue id
137 //
138 QueueIdStack qis = ((CIMRequestMessage*)request)->queueIds.copyAndPop();
139
140 Uint32 queueId = qis.top();
141
142
143 String userName = String::EMPTY;
144
145 String authType = String::EMPTY;
146
147 String nameSpace = String::EMPTY;
148
149 mday 1.5 String cimMethodName = String::EMPTY;
150
151 switch (request->getType())
152 {
153 case CIM_GET_CLASS_REQUEST_MESSAGE:
154 userName = ((CIMGetClassRequestMessage*)request)->userName;
155 authType =
156 ((CIMGetClassRequestMessage*)request)->authType;
157 nameSpace = ((CIMGetClassRequestMessage*)request)->nameSpace;
158 cimMethodName = "GetClass";
159 break;
160
161 case CIM_GET_INSTANCE_REQUEST_MESSAGE:
162 userName = ((CIMGetInstanceRequestMessage*)request)->userName;
163 authType =
164 ((CIMGetInstanceRequestMessage*)request)->authType;
165 nameSpace = ((CIMGetInstanceRequestMessage*)request)->nameSpace;
166 cimMethodName = "GetInstance";
167 break;
168
169 case CIM_DELETE_CLASS_REQUEST_MESSAGE:
170 mday 1.5 userName = ((CIMDeleteClassRequestMessage*)request)->userName;
171 authType =
172 ((CIMDeleteClassRequestMessage*)request)->authType;
173 nameSpace = ((CIMDeleteClassRequestMessage*)request)->nameSpace;
174 cimMethodName = "DeleteClass";
175 break;
176
177 case CIM_DELETE_INSTANCE_REQUEST_MESSAGE:
178 userName = ((CIMDeleteInstanceRequestMessage*)request)->userName;
179 authType =
180 ((CIMDeleteInstanceRequestMessage*)request)->authType;
181 nameSpace = ((CIMDeleteInstanceRequestMessage*)request)->nameSpace;
182 cimMethodName = "DeleteInstance";
183 break;
184
185 case CIM_CREATE_CLASS_REQUEST_MESSAGE:
186 userName = ((CIMCreateClassRequestMessage*)request)->userName;
187 authType =
188 ((CIMCreateClassRequestMessage*)request)->authType;
189 nameSpace = ((CIMCreateClassRequestMessage*)request)->nameSpace;
190 cimMethodName = "CreateClass";
191 mday 1.5 break;
192
193 case CIM_CREATE_INSTANCE_REQUEST_MESSAGE:
194 userName = ((CIMCreateInstanceRequestMessage*)request)->userName;
195 authType =
196 ((CIMCreateInstanceRequestMessage*)request)->authType;
197 nameSpace = ((CIMCreateInstanceRequestMessage*)request)->nameSpace;
198 cimMethodName = "CreateInstance";
199 break;
200
201 case CIM_MODIFY_CLASS_REQUEST_MESSAGE:
202 userName = ((CIMModifyClassRequestMessage*)request)->userName;
203 authType =
204 ((CIMModifyClassRequestMessage*)request)->authType;
205 nameSpace = ((CIMModifyClassRequestMessage*)request)->nameSpace;
206 cimMethodName = "ModifyClass";
207 break;
208
209 case CIM_MODIFY_INSTANCE_REQUEST_MESSAGE:
210 userName = ((CIMModifyInstanceRequestMessage*)request)->userName;
211 authType =
212 mday 1.5 ((CIMModifyInstanceRequestMessage*)request)->authType;
213 nameSpace = ((CIMModifyInstanceRequestMessage*)request)->nameSpace;
214 cimMethodName = "ModifyInstance";
215 break;
216
217 case CIM_ENUMERATE_CLASSES_REQUEST_MESSAGE:
218 userName = ((CIMEnumerateClassesRequestMessage*)request)->userName;
219 authType = ((CIMEnumerateClassesRequestMessage*)request)->authType;
220 nameSpace = ((CIMEnumerateClassesRequestMessage*)request)->nameSpace;
221 cimMethodName = "EnumerateClasses";
222 break;
223
224 case CIM_ENUMERATE_CLASS_NAMES_REQUEST_MESSAGE:
225 userName = ((CIMEnumerateClassNamesRequestMessage*)request)->userName;
226 authType =
227 ((CIMEnumerateClassNamesRequestMessage*)request)->authType;
228 nameSpace = ((CIMEnumerateClassNamesRequestMessage*)request)->nameSpace;
229 cimMethodName = "EnumerateClassNames";
230 break;
231
232 case CIM_ENUMERATE_INSTANCES_REQUEST_MESSAGE:
233 mday 1.5 userName = ((CIMEnumerateInstancesRequestMessage*)request)->userName;
234 authType = ((CIMEnumerateInstancesRequestMessage*)request)->authType;
235 nameSpace = ((CIMEnumerateInstancesRequestMessage*)request)->nameSpace;
236 cimMethodName = "EnumerateInstances";
237 break;
238
239 case CIM_ENUMERATE_INSTANCE_NAMES_REQUEST_MESSAGE:
240 userName = ((CIMEnumerateInstanceNamesRequestMessage*)request)->userName;
241 authType = ((CIMEnumerateInstanceNamesRequestMessage*)request)->authType;
242 nameSpace = ((CIMEnumerateInstanceNamesRequestMessage*)request)->nameSpace;
243 cimMethodName = "EnumerateInstanceNames";
244 break;
245
246 //ATTN: Implement this when ExecQuery is implemented in the decoder
247 case CIM_EXEC_QUERY_REQUEST_MESSAGE:
248 //userName = ((CIMExecQueryRequestMessage*)request)->userName;
249 //authType = ((CIMExecQueryRequestMessage*)request)->authType;
250 //nameSpace = ((CIMExecQueryRequestMessage*)request)->nameSpace;
251 //cimMethodName = "ExecQuery";
252 break;
253
254 mday 1.5 case CIM_ASSOCIATORS_REQUEST_MESSAGE:
255 userName = ((CIMAssociatorsRequestMessage*)request)->userName;
256 authType = ((CIMAssociatorsRequestMessage*)request)->authType;
257 nameSpace = ((CIMAssociatorsRequestMessage*)request)->nameSpace;
258 cimMethodName = "Associators";
259 break;
260
261 case CIM_ASSOCIATOR_NAMES_REQUEST_MESSAGE:
262 userName = ((CIMAssociatorNamesRequestMessage*)request)->userName;
263 authType = ((CIMAssociatorNamesRequestMessage*)request)->authType;
264 nameSpace = ((CIMAssociatorNamesRequestMessage*)request)->nameSpace;
265 cimMethodName = "AssociatorNames";
266 break;
267
268 case CIM_REFERENCES_REQUEST_MESSAGE:
269 userName = ((CIMReferencesRequestMessage*)request)->userName;
270 authType = ((CIMReferencesRequestMessage*)request)->authType;
271 nameSpace = ((CIMReferencesRequestMessage*)request)->nameSpace;
272 cimMethodName = "References";
273 break;
274
275 mday 1.5 case CIM_REFERENCE_NAMES_REQUEST_MESSAGE:
276 userName = ((CIMReferenceNamesRequestMessage*)request)->userName;
277 authType = ((CIMReferenceNamesRequestMessage*)request)->authType;
278 nameSpace = ((CIMReferenceNamesRequestMessage*)request)->nameSpace;
279 cimMethodName = "ReferenceNames";
280 break;
281
282 case CIM_GET_PROPERTY_REQUEST_MESSAGE:
283 userName = ((CIMGetPropertyRequestMessage*)request)->userName;
284 authType = ((CIMGetPropertyRequestMessage*)request)->authType;
285 nameSpace = ((CIMGetPropertyRequestMessage*)request)->nameSpace;
286 cimMethodName = "GetProperty";
287 break;
288
289 case CIM_SET_PROPERTY_REQUEST_MESSAGE:
290 userName = ((CIMSetPropertyRequestMessage*)request)->userName;
291 authType = ((CIMSetPropertyRequestMessage*)request)->authType;
292 nameSpace = ((CIMSetPropertyRequestMessage*)request)->nameSpace;
293 cimMethodName = "SetProperty";
294 break;
295
296 mday 1.5 case CIM_GET_QUALIFIER_REQUEST_MESSAGE:
297 userName = ((CIMGetQualifierRequestMessage*)request)->userName;
298 authType = ((CIMGetQualifierRequestMessage*)request)->authType;
299 nameSpace = ((CIMGetQualifierRequestMessage*)request)->nameSpace;
300 cimMethodName = "GetQualifier";
301 break;
302
303 case CIM_SET_QUALIFIER_REQUEST_MESSAGE:
304 userName = ((CIMSetQualifierRequestMessage*)request)->userName;
305 authType = ((CIMSetQualifierRequestMessage*)request)->authType;
306 nameSpace = ((CIMSetQualifierRequestMessage*)request)->nameSpace;
307 cimMethodName = "SetQualifier";
308 break;
309
310 case CIM_DELETE_QUALIFIER_REQUEST_MESSAGE:
311 userName = ((CIMDeleteQualifierRequestMessage*)request)->userName;
312 authType = ((CIMDeleteQualifierRequestMessage*)request)->authType;
313 nameSpace = ((CIMDeleteQualifierRequestMessage*)request)->nameSpace;
314 cimMethodName = "DeleteQualifier";
315 break;
316
317 mday 1.5 case CIM_ENUMERATE_QUALIFIERS_REQUEST_MESSAGE:
318 userName = ((CIMEnumerateQualifiersRequestMessage*)request)->userName;
319 authType = ((CIMEnumerateQualifiersRequestMessage*)request)->authType;
320 nameSpace = ((CIMEnumerateQualifiersRequestMessage*)request)->nameSpace;
321 cimMethodName = "EnumerateQualifiers";
322 break;
323
324 case CIM_INVOKE_METHOD_REQUEST_MESSAGE:
325 userName = ((CIMInvokeMethodRequestMessage*)request)->userName;
326 authType = ((CIMInvokeMethodRequestMessage*)request)->authType;
327 nameSpace = ((CIMInvokeMethodRequestMessage*)request)->nameSpace;
328 cimMethodName = "InvokeMethod";
329 break;
330
331 case CIM_ENABLE_INDICATION_SUBSCRIPTION_REQUEST_MESSAGE:
332 userName =
333 ((CIMEnableIndicationSubscriptionRequestMessage*)request)->userName;
334 authType =
335 ((CIMEnableIndicationSubscriptionRequestMessage*)request)->authType;
336 nameSpace =
337 ((CIMEnableIndicationSubscriptionRequestMessage*)request)->nameSpace;
338 mday 1.5 cimMethodName = "EnableIndicationSubscription";
339 break;
340
341 case CIM_MODIFY_INDICATION_SUBSCRIPTION_REQUEST_MESSAGE:
342 userName =
343 ((CIMModifyIndicationSubscriptionRequestMessage*)request)->userName;
344 authType =
345 ((CIMModifyIndicationSubscriptionRequestMessage*)request)->authType;
346 nameSpace =
347 ((CIMModifyIndicationSubscriptionRequestMessage*)request)->nameSpace;
348 cimMethodName = "ModifyIndicationSubscription";
349 break;
350
351 case CIM_DISABLE_INDICATION_SUBSCRIPTION_REQUEST_MESSAGE:
352 userName =
353 ((CIMDisableIndicationSubscriptionRequestMessage*)request)->userName;
354 authType =
355 ((CIMDisableIndicationSubscriptionRequestMessage*)request)->authType;
356 nameSpace =
357 ((CIMDisableIndicationSubscriptionRequestMessage*)request)->nameSpace;
358 cimMethodName = "DisableIndicationSubscription";
359 mday 1.5 break;
360
361 default:
362 break;
363 }
364
365 //
366 // if CIMOM is shutting down, return error response
367 //
368 // ATTN: Need to define a new CIM Error.
369 //
370 if (_serverTerminating)
371 {
372 String description = "CIMServer is shutting down. ";
373 description.append("Request cannot be processed: ");
374
375 sendError(
376 queueId,
377 ((CIMRequestMessage*)request)->messageId,
378 cimMethodName,
379 CIM_ERR_FAILED,
380 mday 1.5 description);
381
382 PEG_FUNC_EXIT(TRC_SERVER, METHOD_NAME);
383
384 return;
385 }
386
387 //
388 // Do Authorization verification
389 //
390 UserManager* userManager = UserManager::getInstance();
391
392 //
393 // Get a config manager instance and current value for
394 // enableRemotePrivilegedUserAccess property.
395 //
396 ConfigManager* configManager = ConfigManager::getInstance();
397
398 String privilegedAccessEnabled = String::EMPTY;
399 privilegedAccessEnabled =
400 configManager->getCurrentValue("enableRemotePrivilegedUserAccess");
401 mday 1.5
402 //
403 // Check if the user is not priviliged, if so perform authorization check.
404 //
405 if ( ! System::isPrivilegedUser(userName) )
406 {
407 if ( !userManager || !userManager->verifyAuthorization(
|
408 kumpf 1.4 userName, nameSpace, cimMethodName) )
|
409 mday 1.5 {
410 String description = "Not authorized to run ";
411 description.append(cimMethodName);
412 description.append(" in the namespace ");
413 description.append(nameSpace);
414
415 sendError(
416 queueId,
417 ((CIMRequestMessage*)request)->messageId,
418 cimMethodName,
419 CIM_ERR_FAILED,
420 description);
421
422 PEG_FUNC_EXIT(TRC_SERVER, METHOD_NAME);
423
424 return;
425 }
426 }
427 //
428 // If the user is privileged, and remote privileged user access is not
429 // enabled and the auth type is not local then reject access.
430 mday 1.5 // If the auth type is local then allow access.
431 //
432 else if ( (!String::equalNoCase(authType,"Local")) &&
433 String::equalNoCase(privilegedAccessEnabled,"false"))
434 {
435 String description =
436 "Remote privileged user access is not enabled.";
437
438 sendError(
439 queueId,
440 ((CIMRequestMessage*)request)->messageId,
441 cimMethodName,
442 CIM_ERR_ACCESS_DENIED,
443 description);
444
445 PEG_FUNC_EXIT(TRC_SERVER, METHOD_NAME);
446
447 return;
448 }
449
450 //
451 mday 1.5 // Enqueue the request
452 //
453 _outputQueue->enqueue(request);
454
455 PEG_FUNC_EXIT(TRC_SERVER, METHOD_NAME);
|
456 kumpf 1.1
|
457 mday 1.5 }
458
459
460 void CIMOperationRequestAuthorizer::handleEnqueue()
461 {
462 Message* request = dequeue();
463 if( request )
464 handleEnqueue(request);
|
465 kumpf 1.1 }
466
467 const char* CIMOperationRequestAuthorizer::getQueueName() const
468 {
|
469 mday 1.5 const char METHOD_NAME[] =
470 "CIMOperationRequestAuthorizer::getQueueName()";
|
471 kumpf 1.1
|
472 mday 1.5 PEG_FUNC_ENTER(TRC_SERVER, METHOD_NAME);
|
473 kumpf 1.1
|
474 mday 1.5 PEG_FUNC_EXIT(TRC_SERVER, METHOD_NAME);
|
475 kumpf 1.1
|
476 mday 1.5 return "CIMOperationRequestAuthorizer";
|
477 kumpf 1.1 }
478
479 void CIMOperationRequestAuthorizer::setServerTerminating(Boolean flag)
480 {
|
481 mday 1.5 const char METHOD_NAME[] =
482 "CIMOperationRequestAuthorizer::setServerTerminating()";
|
483 kumpf 1.1
|
484 mday 1.5 PEG_FUNC_ENTER(TRC_SERVER, METHOD_NAME);
|
485 kumpf 1.1
|
486 mday 1.5 _serverTerminating = flag;
|
487 kumpf 1.1
|
488 mday 1.5 PEG_FUNC_EXIT(TRC_SERVER, METHOD_NAME);
|
489 kumpf 1.1 }
490
491 PEGASUS_NAMESPACE_END
|