|
version 1.21, 2003/04/02 20:29:47
|
version 1.22, 2003/08/02 19:24:22
|
|
|
|
| #include <Pegasus/Config/ConfigManager.h> | #include <Pegasus/Config/ConfigManager.h> |
| #include "HTTPAuthenticatorDelegator.h" | #include "HTTPAuthenticatorDelegator.h" |
| | |
| |
#ifdef PEGASUS_KERBEROS_AUTHENTICATION |
| |
#include <Pegasus/Common/CIMKerberosSecurityAssociation.h> |
| |
#endif |
| | |
| PEGASUS_USING_STD; | PEGASUS_USING_STD; |
| | |
| PEGASUS_NAMESPACE_BEGIN | PEGASUS_NAMESPACE_BEGIN |
| | |
| |
#ifdef PEGASUS_KERBEROS_AUTHENTICATION |
| |
/** |
| |
Constant representing the Kerberos authentication challenge header. |
| |
*/ |
| |
static const String KERBEROS_CHALLENGE_HEADER = "WWW-Authenticate: Negotiate "; |
| |
#endif |
| | |
| HTTPAuthenticatorDelegator::HTTPAuthenticatorDelegator( | HTTPAuthenticatorDelegator::HTTPAuthenticatorDelegator( |
| Uint32 operationMessageQueueId, | Uint32 operationMessageQueueId, |
|
|
|
| PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| } | } |
| | |
| |
#ifdef PEGASUS_KERBEROS_AUTHENTICATION |
| |
void HTTPAuthenticatorDelegator::_sendSuccess( |
| |
Uint32 queueId, |
| |
const String& authResponse) |
| |
{ |
| |
PEG_METHOD_ENTER(TRC_HTTP, |
| |
"HTTPAuthenticatorDelegator::_sendSuccess"); |
| |
|
| |
// |
| |
// build OK (200) response message |
| |
// |
| |
|
| |
Array<Sint8> message; |
| |
XmlWriter::appendOKResponseHeader(message, authResponse); |
| |
|
| |
_sendResponse(queueId, message); |
| |
|
| |
PEG_METHOD_EXIT(); |
| |
} |
| |
#endif |
| |
|
| void HTTPAuthenticatorDelegator::_sendChallenge( | void HTTPAuthenticatorDelegator::_sendChallenge( |
| Uint32 queueId, | Uint32 queueId, |
| const String& authResponse) | const String& authResponse) |
|
|
|
| // | // |
| Uint32 queueId = httpMessage->queueId; | Uint32 queueId = httpMessage->queueId; |
| | |
| |
#ifdef PEGASUS_KERBEROS_AUTHENTICATION |
| |
// This still needs work and is not functional. |
| |
|
| |
CIMKerberosSecurityAssociation *sa = httpMessage->authInfo->getSecurityAssociation(); |
| |
char* outmessage = NULL; |
| |
Uint32 outlength = 0; |
| |
if ( sa ) |
| |
{ |
| |
if (sa->getClientAuthenticated()) |
| |
{ |
| |
if (sa->unwrap_message((const char*)httpMessage->message.getData(), |
| |
httpMessage->message.size(), |
| |
outmessage, |
| |
outlength)) |
| |
{ |
| |
// build a bad request |
| |
Array<Sint8> statusMsg; |
| |
statusMsg = XmlWriter::formatHttpErrorRspMessage(HTTP_STATUS_BADREQUEST); |
| |
_sendResponse(queueId, statusMsg); |
| |
PEG_METHOD_EXIT(); |
| |
return; |
| |
} |
| |
} |
| |
else |
| |
{ |
| |
// set authenticated flag in _authInfo to not authenticated because the |
| |
// unwrap resulted in an expired token or credential. |
| |
httpMessage->authInfo->setAuthStatus(AuthenticationInfoRep::CHALLENGE_SENT); |
| |
// build a 401 response |
| |
Array<Sint8> statusMsg; |
| |
// do we need to add a token here or just restart the negotiate again??? |
| |
// authResponse.append(sa->getServerToken()); |
| |
XmlWriter::appendUnauthorizedResponseHeader(statusMsg, KERBEROS_CHALLENGE_HEADER); |
| |
_sendResponse(queueId, statusMsg); |
| |
PEG_METHOD_EXIT(); |
| |
return; |
| |
} |
| |
} |
| |
#endif |
| |
|
| // | // |
| // Parse the HTTP message: | // Parse the HTTP message: |
| // | // |
|
|
|
| { | { |
| //ATTN: the number of challenges get sent for a | //ATTN: the number of challenges get sent for a |
| // request on a connection can be pre-set. | // request on a connection can be pre-set. |
| |
#ifdef PEGASUS_KERBEROS_AUTHENTICATION |
| |
// Kerberos authentication needs access to the AuthenticationInfo |
| |
// object for this session in order to set up the reference to the |
| |
// CIMKerberosSecurityAssociation object for this session. |
| |
String authResp = |
| |
_authenticationManager->getHttpAuthResponseHeader(httpMessage->authInfo); |
| |
#else |
| String authResp = | String authResp = |
| _authenticationManager->getHttpAuthResponseHeader(); | _authenticationManager->getHttpAuthResponseHeader(); |
| |
#endif |
| if (!String::equal(authResp, String::EMPTY)) | if (!String::equal(authResp, String::EMPTY)) |
| { | { |
| _sendChallenge(queueId, authResp); | _sendChallenge(queueId, authResp); |
|
|
|
| PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| return; | return; |
| } | } |
| |
#ifdef PEGASUS_KERBEROS_AUTHENTICATION |
| |
else if (String::equalNoCase(httpMessage->authInfo->getAuthType(), |
| |
"Kerberos") && |
| |
httpMessage->authInfo->isAuthenticated() && |
| |
"Client requested mutual authentication") |
| |
{ |
| |
|
| |
String authResp = |
| |
_authenticationManager->getHttpAuthResponseHeader(httpMessage->authInfo); |
| |
if (!String::equal(authResp, String::EMPTY)) |
| |
{ |
| |
_sendSuccess(queueId, authResp); |
| |
} |
| |
else |
| |
{ |
| |
/* Should never fall into here. Add code to add a trace |
| |
statement in the event that it does fall into this |
| |
else. */ |
| |
} |
| |
} |
| |
#endif |
| } | } |
| } | } |
| | |
|
|
|
| } | } |
| else | else |
| { | { |
| |
#ifdef PEGASUS_KERBEROS_AUTHENTICATION |
| |
String authResp = |
| |
_authenticationManager->getHttpAuthResponseHeader(httpMessage->authInfo); |
| |
#else |
| String authResp = | String authResp = |
| _authenticationManager->getHttpAuthResponseHeader(); | _authenticationManager->getHttpAuthResponseHeader(); |
| |
#endif |
| | |
| if (!String::equal(authResp, String::EMPTY)) | if (!String::equal(authResp, String::EMPTY)) |
| { | { |
|
|
|
| else | else |
| { | { |
| _sendError(queueId, "Invalid Request"); | _sendError(queueId, "Invalid Request"); |
| |
#ifdef PEGASUS_KERBEROS_AUTHENTICATION |
| |
/* Should never fall into here. Add code to add a trace |
| |
statement in the event that it does fall into this |
| |
else. */ |
| |
#endif |
| } | } |
| } | } |
| } | } |
Return to
HTTPAuthenticatorDelegator.cpp
CVS log
Up to [Pegasus] / pegasus / src / Pegasus / Server