(file) Return to HTTPAuthenticatorDelegator.cpp CVS log (file) (dir) Up to [Pegasus] / pegasus / src / Pegasus / Server

Diff for /pegasus/src/Pegasus/Server/HTTPAuthenticatorDelegator.cpp between version 1.25 and 1.26

version 1.25, 2003/10/13 17:55:56 version 1.26, 2003/10/16 21:52:10
Line 346 
Line 346 
              enableAuthentication              enableAuthentication
            )            )
         {         {
   #ifdef PEGASUS_KERBEROS_AUTHENTICATION
               // The presence of a Security Association indicates that Kerberos is being
               // used.
               CIMKerberosSecurityAssociation *sa = httpMessage->authInfo->getSecurityAssociation();
               if (sa)
               {
                   sa->setClientSentAuthorization(true);
               }
   #endif
             //             //
             // Do http authentication if not authenticated already             // Do http authentication if not authenticated already
             //             //
Line 387 
Line 396 
         }  // "Authorization" header check         }  // "Authorization" header check
  
 #ifdef PEGASUS_KERBEROS_AUTHENTICATION #ifdef PEGASUS_KERBEROS_AUTHENTICATION
           // The presence of a Security Association indicates that Kerberos is being
           // used.
           CIMKerberosSecurityAssociation *sa = httpMessage->authInfo->getSecurityAssociation();
   
           // This will process a request with no content.
           if (sa && authenticated)
           {
               if (sa->getServerToken().size())
               {
                   // This will handle the scenario where client did not send data (content) but
                   // is authenticated.  After the client receives the success it should will
                   // send the request.  For mutual authentication the client may choose not to
                   // send request data until the context is fully established.
                   // Note:  if mutual authentication wass not requested by the client then
                   // no server token will be available.
                   if (contentLength == 0)
                   {
                       String authResp =
                           _authenticationManager->getHttpAuthResponseHeader(httpMessage->authInfo);
                       if (!String::equal(authResp, String::EMPTY))
                       {
                           _sendSuccess(queueId, authResp);
                       }
                       else
                       {
                           _sendError(queueId, "Invalid Request");
                       }
   
                       PEG_METHOD_EXIT();
                       return;
                   }
               }
           }
   
           // This will process a request without an authorization record.
           if (sa && !authenticated)
           {
               // Not authenticated can result from the client not sending an authorization
               // record due to a previous authentication.  In this scenario the client
               // was previous authenticated but chose not to send an authorization
               // record.  The Security Association maintains state so a request will not
               // be processed unless the Security association thinks the client is authenticated.
   
               // This will handle the scenario where the client was authenticated in the
               // previous request but choose not to send an authorization record.
               if (sa->getClientAuthenticated())
               {
                   authenticated = true;
               }
           }
   
         // The following is processing to unwrap (unencrypt) the message received from the         // The following is processing to unwrap (unencrypt) the message received from the
         // client when using kerberos authentication.         // client when using kerberos authentication.
         // For Kerberos there should always be an "Authorization" record sent with the request         // For Kerberos there should always be an "Authorization" record sent with the request
Line 395 
Line 455 
         // client can't be authenticated.  The "Authorization" record was processed above         // client can't be authenticated.  The "Authorization" record was processed above
         // and if the "Authorization" record was successfully processed then the client         // and if the "Authorization" record was successfully processed then the client
         // is authenticated.         // is authenticated.
         CIMKerberosSecurityAssociation *sa = httpMessage->authInfo->getSecurityAssociation();  
         if (sa  &&  authenticated)         if (sa  &&  authenticated)
         {         {
             Uint32 rc;  // return code for the wrap             Uint32 rc;  // return code for the wrap
Line 460 
Line 519 
                 final_buffer.remove(final_buffer.size());  // "\n"                 final_buffer.remove(final_buffer.size());  // "\n"
                 final_buffer.remove(final_buffer.size());  // "\r"                 final_buffer.remove(final_buffer.size());  // "\r"
  
                 // Build the WWW_Authenticate record with token.  SPNEGO negotiation                  // Build the WWW_Authenticate record with token.
                 // requires that a WWW_Authenticate record is always sent.  
                 String authResp =                 String authResp =
                   _authenticationManager->getHttpAuthResponseHeader(httpMessage->authInfo);                   _authenticationManager->getHttpAuthResponseHeader(httpMessage->authInfo);
                 // error occurred on wrap so the final_buffer needs to be built                 // error occurred on wrap so the final_buffer needs to be built

Legend:
Removed from v.1.25  
changed lines
  Added in v.1.26
No CVS admin address has been configured
 Powered by
ViewCVS 0.9.2