|
version 1.42, 2004/10/17 20:40:12
|
version 1.43, 2004/12/07 22:45:05
|
|
|
|
| #include <Pegasus/Common/Thread.h> | #include <Pegasus/Common/Thread.h> |
| #include "HTTPAuthenticatorDelegator.h" | #include "HTTPAuthenticatorDelegator.h" |
| #include <Pegasus/Common/MessageLoader.h> | #include <Pegasus/Common/MessageLoader.h> |
| |
#include <Pegasus/Common/FileSystem.h> |
| | |
| #ifdef PEGASUS_KERBEROS_AUTHENTICATION | #ifdef PEGASUS_KERBEROS_AUTHENTICATION |
| #include <Pegasus/Common/CIMKerberosSecurityAssociation.h> | #include <Pegasus/Common/CIMKerberosSecurityAssociation.h> |
|
|
|
| | |
| HTTPAuthenticatorDelegator::HTTPAuthenticatorDelegator( | HTTPAuthenticatorDelegator::HTTPAuthenticatorDelegator( |
| Uint32 operationMessageQueueId, | Uint32 operationMessageQueueId, |
| Uint32 exportMessageQueueId) |
Uint32 exportMessageQueueId, |
| |
CIMRepository* repository) |
| : Base(PEGASUS_QUEUENAME_HTTPAUTHDELEGATOR, | : Base(PEGASUS_QUEUENAME_HTTPAUTHDELEGATOR, |
| MessageQueue::getNextQueueId()), | MessageQueue::getNextQueueId()), |
| _operationMessageQueueId(operationMessageQueueId), | _operationMessageQueueId(operationMessageQueueId), |
| _exportMessageQueueId(exportMessageQueueId) |
_exportMessageQueueId(exportMessageQueueId), |
| |
_repository(repository) |
| { | { |
| PEG_METHOD_ENTER(TRC_HTTP, | PEG_METHOD_ENTER(TRC_HTTP, |
| "HTTPAuthenticatorDelegator::HTTPAuthenticatorDelegator"); | "HTTPAuthenticatorDelegator::HTTPAuthenticatorDelegator"); |
|
|
|
| // In this case, no further attempts to authenticate the client are made | // In this case, no further attempts to authenticate the client are made |
| authenticated = httpMessage->authInfo->isAuthenticated(); | authenticated = httpMessage->authInfo->isAuthenticated(); |
| | |
| // If the request is a regular CIMOperation request that was authenticated |
// If the request was authenticated via SSL, append the username to the IdentityContainer |
| // via SSL, append the username associated with trusted clients. |
|
| // This is used in the OperationContext later in the transaction. |
|
| // Do not append for export requests. |
|
| String cimOperation; | String cimOperation; |
| if (authenticated && | if (authenticated && |
| (String::equal(httpMessage->authInfo->getAuthType(), AuthenticationInfoRep::AUTH_TYPE_SSL)) && | (String::equal(httpMessage->authInfo->getAuthType(), AuthenticationInfoRep::AUTH_TYPE_SSL)) && |
| HTTPMessage::lookupHeader(headers, "CIMOperation", cimOperation, true)) | HTTPMessage::lookupHeader(headers, "CIMOperation", cimOperation, true)) |
| { | { |
| String trustStoreUserName = configManager->getCurrentValue("sslTrustStoreUserName"); |
PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL4, "HTTPAuthDelegator was authenticated via SSL"); |
| |
|
| |
//PEP187 |
| |
String trustStore = configManager->getCurrentValue("sslTrustStore"); |
| | |
| // This should have been verified before server startup; perform an extra check |
if (FileSystem::isDirectory(trustStore)) |
| // in case this strategy changes. |
|
| if (System::isSystemUser((const char*)trustStoreUserName.getCString())) |
|
| { | { |
| Logger::put(Logger::STANDARD_LOG, System::CIMSERVER, Logger::TRACE, |
//get the authenticated client certificate |
| "HTTPAuthenticatorDelegator - Setting the trusted client certificate to $0", trustStoreUserName); |
SSLCertificateInfo* clientCertificate = httpMessage->authInfo->getClientCertificate(); |
| httpMessage->authInfo->setAuthenticatedUser(trustStoreUserName); |
|
| } |
if (!clientCertificate) |
| else |
|
| { | { |
| |
PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL4, "HTTPAuthDelegator auth error"); |
| MessageLoaderParms msgParms("Pegasus.Server.HTTPAuthenticatorDelegator.AUTHORIZATION_ERROR","Authorization error"); | MessageLoaderParms msgParms("Pegasus.Server.HTTPAuthenticatorDelegator.AUTHORIZATION_ERROR","Authorization error"); |
| String msg(MessageLoader::getMessage(msgParms)); | String msg(MessageLoader::getMessage(msgParms)); |
| _sendHttpError(queueId, | _sendHttpError(queueId, |
| HTTP_STATUS_BADREQUEST, | HTTP_STATUS_BADREQUEST, |
| String::EMPTY, | String::EMPTY, |
| msg); | msg); |
| |
PEG_METHOD_EXIT(); |
| |
return; |
| } | } |
| |
|
| |
//get certificate properties |
| |
String issuerName = clientCertificate->getIssuerName(); |
| |
char serialNumber[256]; |
| |
sprintf(serialNumber, "%ld", clientCertificate->getSerialNumber()); |
| |
|
| |
//ATTN: Use certificate provider constants |
| |
String truststoreType = (httpMessage->authInfo->isExportConnection() ? String("3") : String("2")); |
| |
|
| |
//construct the corresponding PG_SSLCertificate instance |
| |
Array<CIMKeyBinding> keyBindings; |
| |
keyBindings.append(CIMKeyBinding("IssuerName", issuerName, CIMKeyBinding::STRING)); |
| |
keyBindings.append(CIMKeyBinding("SerialNumber", serialNumber, CIMKeyBinding::STRING)); |
| |
keyBindings.append(CIMKeyBinding("TruststoreType", truststoreType, CIMKeyBinding::NUMERIC)); |
| |
|
| |
CIMObjectPath cimObjectPath("localhost", |
| |
PEGASUS_NAMESPACENAME_CERTIFICATE, |
| |
PEGASUS_CLASSNAME_CERTIFICATE, |
| |
keyBindings); |
| |
|
| |
PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL4, "Certificate COP: " + cimObjectPath.toString()); |
| |
|
| |
CIMInstance cimInstance; |
| |
CIMValue value; |
| |
Uint32 pos; |
| |
String userName = String::EMPTY; |
| |
|
| |
//attempt to get the username registered to the certificate |
| |
try |
| |
{ |
| |
cimInstance = _repository->getInstance(PEGASUS_NAMESPACENAME_CERTIFICATE, cimObjectPath); |
| |
PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL4, "HTTPAuthDelegator gotciminstance"); |
| |
|
| |
} catch (CIMException& e) |
| |
{ |
| |
PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL4, "The certificate used for authentication cannot be located in the repository."); |
| |
MessageLoaderParms msgParms("Pegasus.Server.HTTPAuthenticatorDelegator.BAD_CERTIFICATE","The certificate used for authentication cannot be located in the repository."); |
| |
String msg(MessageLoader::getMessage(msgParms)); |
| |
_sendHttpError(queueId, |
| |
HTTP_STATUS_BADREQUEST, |
| |
String::EMPTY, |
| |
msg); |
| |
PEG_METHOD_EXIT(); |
| |
return; |
| } | } |
| |
|
| |
pos = cimInstance.findProperty("RegisteredUserName"); |
| |
|
| |
if (pos != PEG_NOT_FOUND && !(value = cimInstance.getProperty(pos).getValue()).isNull()) |
| |
{ |
| |
value.get(userName); |
| |
httpMessage->authInfo->setAuthenticatedUser(userName); |
| |
|
| |
PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL4, "User name for certificate is " + userName); |
| |
Logger::put(Logger::STANDARD_LOG, System::CIMSERVER, Logger::TRACE, |
| |
"HTTPAuthenticatorDelegator - Setting the trusted client certificate to $0", userName); |
| |
} else |
| |
{ |
| |
PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL4, "No username associated with certificate."); |
| |
Logger::put(Logger::STANDARD_LOG, System::CIMSERVER, Logger::TRACE, |
| |
"No username associated with certificate."); |
| |
MessageLoaderParms msgParms("Pegasus.Server.HTTPAuthenticatorDelegator.AUTHORIZATION_ERROR","No username associated with certificate."); |
| |
String msg(MessageLoader::getMessage(msgParms)); |
| |
_sendHttpError(queueId, |
| |
HTTP_STATUS_BADREQUEST, |
| |
String::EMPTY, |
| |
msg); |
| |
PEG_METHOD_EXIT(); |
| |
return; |
| } | } |
| | |
| |
} else |
| |
{ |
| |
//trustStore is a single CA file, lookup username |
| |
//user was already verified as a valid system user during server startup |
| |
String trustStoreUserName = configManager->getCurrentValue("sslTrustStoreUserName"); |
| |
httpMessage->authInfo->setAuthenticatedUser(trustStoreUserName); |
| |
} |
| |
} |
| |
|
| |
} //end enableAuthentication |
| |
|
| |
PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL4, "Exited authentication loop"); |
| |
|
| |
|
| // l10n start | // l10n start |
| AcceptLanguages acceptLanguages = AcceptLanguages::EMPTY; | AcceptLanguages acceptLanguages = AcceptLanguages::EMPTY; |
| ContentLanguages contentLanguages = ContentLanguages::EMPTY; | ContentLanguages contentLanguages = ContentLanguages::EMPTY; |
Return to
HTTPAuthenticatorDelegator.cpp
CVS log
Up to [Pegasus] / pegasus / src / Pegasus / Server