|
version 1.56, 2005/11/22 21:07:16
|
version 1.57, 2005/12/05 16:25:06
|
|
|
|
| Boolean enableAuthentication = false; | Boolean enableAuthentication = false; |
| Boolean authenticated = false; | Boolean authenticated = false; |
| | |
| |
#ifdef PEGASUS_KERBEROS_AUTHENTICATION |
| |
CIMKerberosSecurityAssociation *sa = NULL; |
| |
// The presence of a Security Association indicates that Kerberos is being used |
| |
// Reset flag for subsequent calls to indicate that no Authorization |
| |
// record was sent. If one was sent the flag will be appropriately reset later. |
| |
// The sa is maintained while the connection is active. |
| |
sa = httpMessage->authInfo->getSecurityAssociation(); |
| |
if (sa) |
| |
{ |
| |
sa->setClientSentAuthorization(false); |
| |
} |
| |
#endif |
| |
|
| |
|
| if (String::equal( | if (String::equal( |
| configManager->getCurrentValue( | configManager->getCurrentValue( |
| _CONFIG_PARAM_ENABLEAUTHENTICATION), _TRUE)) | _CONFIG_PARAM_ENABLEAUTHENTICATION), _TRUE)) |
| { | { |
| enableAuthentication = true; | enableAuthentication = true; |
| |
#ifdef PEGASUS_KERBEROS_AUTHENTICATION |
| |
// If we are using Kerberos (sa pointer is set), the client has already authenticated, and the client is NOT attempting to re-authenticate (dermined by an Authorization record being sent), then we want to set the local authenticate flag to true so that the authentication logic is skipped. |
| |
String authstr = String::EMPTY; |
| |
if (sa && sa->getClientAuthenticated() && |
| |
!HTTPMessage::lookupHeader(headers, "Authorization", authstr, false)) |
| |
{ |
| |
authenticated = true; |
| |
} |
| |
if (!sa) |
| |
{ |
| |
authenticated = httpMessage->authInfo->isAuthenticated(); |
| |
} |
| |
#else |
| // Client may have already authenticated via SSL. | // Client may have already authenticated via SSL. |
| // In this case, no further attempts to authenticate the client are made | // In this case, no further attempts to authenticate the client are made |
| authenticated = httpMessage->authInfo->isAuthenticated(); | authenticated = httpMessage->authInfo->isAuthenticated(); |
| |
#endif |
| // If the request was authenticated via SSL, append the username to the IdentityContainer | // If the request was authenticated via SSL, append the username to the IdentityContainer |
| String cimOperation; | String cimOperation; |
| if (authenticated && | if (authenticated && |
|
|
|
| } | } |
| } | } |
| | |
| #ifdef PEGASUS_KERBEROS_AUTHENTICATION |
|
| // The presence of a Security Association indicates that Kerberos is being used |
|
| // Reset flag for subsequent calls to indicate that no Authorization |
|
| // record was sent. If one was sent the flag will be appropriately reset later. |
|
| // The sa is maintained while the connection is active. |
|
| CIMKerberosSecurityAssociation *sa = httpMessage->authInfo->getSecurityAssociation(); |
|
| if (sa) |
|
| { |
|
| sa->setClientSentAuthorization(false); |
|
| } |
|
| #endif |
|
| | |
| if ( HTTPMessage::lookupHeader( | if ( HTTPMessage::lookupHeader( |
| headers, _HTTP_HEADER_AUTHORIZATION, authorization, false) && | headers, _HTTP_HEADER_AUTHORIZATION, authorization, false) && |
|
|
|
| } | } |
| } // first not authenticated check | } // first not authenticated check |
| } // "Authorization" header check | } // "Authorization" header check |
| |
} //end if(!authenticated && enableAuthentication) |
| #ifdef PEGASUS_KERBEROS_AUTHENTICATION | #ifdef PEGASUS_KERBEROS_AUTHENTICATION |
| // The pointer to the sa is created in the authenticator so we need to also | // The pointer to the sa is created in the authenticator so we need to also |
| // assign it here. | // assign it here. |
|
|
|
| } | } |
| #endif | #endif |
| | |
| } //end if(!authenticated && enableAuthentication) |
|
| | |
| | |
| if ( authenticated || !enableAuthentication ) | if ( authenticated || !enableAuthentication ) |
Return to
HTTPAuthenticatorDelegator.cpp
CVS log
Up to [Pegasus] / pegasus / src / Pegasus / Server