|
version 1.62, 2006/01/30 16:18:31
|
version 1.63, 2006/03/08 20:55:16
|
|
|
|
| // In this case, no further attempts to authenticate the client are made | // In this case, no further attempts to authenticate the client are made |
| authenticated = httpMessage->authInfo->isAuthenticated(); | authenticated = httpMessage->authInfo->isAuthenticated(); |
| #endif | #endif |
| // If the request was authenticated via SSL, append the username to the IdentityContainer |
|
| String cimOperation; |
// Get the user name associated with the certificate (using the |
| |
// certificate chain, if necessary). |
| |
|
| |
String certUserName; |
| if (authenticated && | if (authenticated && |
| (String::equal(httpMessage->authInfo->getAuthType(), | (String::equal(httpMessage->authInfo->getAuthType(), |
| AuthenticationInfoRep::AUTH_TYPE_SSL))) | AuthenticationInfoRep::AUTH_TYPE_SSL))) |
| { | { |
| PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL3, "Client was authenticated via trusted SSL certificate."); | PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL3, "Client was authenticated via trusted SSL certificate."); |
| | |
| //PEP187 |
|
| String trustStore = configManager->getCurrentValue("sslTrustStore"); | String trustStore = configManager->getCurrentValue("sslTrustStore"); |
| | |
| if (FileSystem::isDirectory(ConfigManager::getHomedPath(trustStore))) | if (FileSystem::isDirectory(ConfigManager::getHomedPath(trustStore))) |
|
|
|
| { | { |
| cimInstance = _repository->getInstance(PEGASUS_NAMESPACENAME_CERTIFICATE, cimObjectPath); | cimInstance = _repository->getInstance(PEGASUS_NAMESPACENAME_CERTIFICATE, cimObjectPath); |
| | |
| Boolean isValidUser = false; |
|
| pos = cimInstance.findProperty("RegisteredUserName"); | pos = cimInstance.findProperty("RegisteredUserName"); |
| | |
| if (pos != PEG_NOT_FOUND && !(value = cimInstance.getProperty(pos).getValue()).isNull()) | if (pos != PEG_NOT_FOUND && !(value = cimInstance.getProperty(pos).getValue()).isNull()) |
|
|
|
| value.get(userName); | value.get(userName); |
| | |
| // | // |
| // If a username is not specified, continue up the chain to look for a username. |
// If a user name is specified, our search is complete |
| // | // |
| if (userName == String::EMPTY && i < loopCount ) |
if (userName.size()) |
| { | { |
| Tracer::trace(TRC_HTTP, Tracer::LEVEL4, |
PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL3, |
| "The certificate at level %u has no associated username, moving up the chain", i); |
"User name for certificate is " + userName); |
| continue; |
certUserName = userName; |
| |
break; |
| } | } |
| | |
| PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL3, "User name for certificate is " + userName); |
// No user name is specified; continue up the chain |
| isValidUser = _validateUser(userName, queueId); |
Tracer::trace(TRC_HTTP, Tracer::LEVEL4, |
| |
"The certificate at level %u has no " |
| |
"associated username, moving up the chain", |
| |
i); |
| } | } |
| else | else |
| { | { |
| Logger::put(Logger::ERROR_LOG, System::CIMSERVER, Logger::TRACE, | Logger::put(Logger::ERROR_LOG, System::CIMSERVER, Logger::TRACE, |
| "HTTPAuthenticatorDelegator - Bailing, no username is registered to this certificate."); | "HTTPAuthenticatorDelegator - Bailing, no username is registered to this certificate."); |
| } | } |
| |
|
| if (isValidUser) |
|
| { |
|
| httpMessage->authInfo->setAuthenticatedUser(userName); |
|
| |
|
| PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL3, "User name for certificate is " + userName); |
|
| Logger::put(Logger::STANDARD_LOG, System::CIMSERVER, Logger::TRACE, |
|
| "HTTPAuthenticatorDelegator - The trusted client certificate is registered to $0.", userName); |
|
| break; |
|
| |
|
| } else |
|
| { |
|
| MessageLoaderParms msgParms("Pegasus.Server.HTTPAuthenticatorDelegator.BAD_CERTIFICATE_USERNAME", |
|
| "The username associated to this certificate is not a valid system user"); |
|
| String msg(MessageLoader::getMessage(msgParms)); |
|
| PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL3, msg); |
|
| _sendHttpError( |
|
| queueId, |
|
| HTTP_STATUS_UNAUTHORIZED, |
|
| String::EMPTY, |
|
| msg, |
|
| closeConnect); |
|
| PEG_METHOD_EXIT(); |
|
| return; |
|
| } |
|
| |
|
| |
|
| } catch (CIMException& e) | } catch (CIMException& e) |
| { | { |
| //this certificate did not have a registration associated with it; continue up the chain | //this certificate did not have a registration associated with it; continue up the chain |
|
|
|
| { | { |
| //trustStore is a single CA file, lookup username | //trustStore is a single CA file, lookup username |
| //user was already verified as a valid system user during server startup | //user was already verified as a valid system user during server startup |
| String trustStoreUserName = configManager->getCurrentValue("sslTrustStoreUserName"); |
certUserName = |
| |
configManager->getCurrentValue("sslTrustStoreUserName"); |
| |
} |
| | |
| // | // |
| // Validate user information | // Validate user information |
| // | // |
| | |
| if (!_validateUser(trustStoreUserName, queueId)) |
if (!_authenticationManager->validateUserForHttpAuth(certUserName)) |
| { | { |
| |
MessageLoaderParms msgParms( |
| |
"Pegasus.Server.HTTPAuthenticatorDelegator." |
| |
"BAD_CERTIFICATE_USERNAME", |
| |
"The username registered to this certificate is not a " |
| |
"valid user."); |
| |
_sendHttpError( |
| |
queueId, |
| |
HTTP_STATUS_UNAUTHORIZED, |
| |
String::EMPTY, |
| |
MessageLoader::getMessage(msgParms), |
| |
closeConnect); |
| PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| return; | return; |
| } | } |
| | |
| |
httpMessage->authInfo->setAuthenticatedUser(certUserName); |
| httpMessage->authInfo->setAuthenticatedUser(trustStoreUserName); |
|
| | |
| PEG_TRACE_STRING( | PEG_TRACE_STRING( |
| TRC_HTTP, | TRC_HTTP, |
| Tracer::LEVEL3, | Tracer::LEVEL3, |
| "User name for certificate is " + trustStoreUserName); |
"User name for certificate is " + certUserName); |
| Logger::put( | Logger::put( |
| Logger::STANDARD_LOG, | Logger::STANDARD_LOG, |
| System::CIMSERVER, | System::CIMSERVER, |
| Logger::TRACE, | Logger::TRACE, |
| "HTTPAuthenticatorDelegator - The trusted client certificate is registered to $0.", |
"HTTPAuthenticatorDelegator - The trusted client certificate " |
| trustStoreUserName); |
"is registered to $0.", |
| |
certUserName); |
| } | } |
| } |
|
| |
|
| } //end enableAuthentication | } //end enableAuthentication |
| | |
| PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL4, "Exited authentication loop"); | PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL4, "Exited authentication loop"); |
|
|
|
| PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| } | } |
| | |
| Boolean HTTPAuthenticatorDelegator::_validateUser( |
|
| const String& userName, |
|
| Uint32 queueId) |
|
| { |
|
| Boolean authenticated = false; |
|
| |
|
| authenticated = _authenticationManager->validateUserForHttpAuth(userName); |
|
| |
|
| if (!authenticated) |
|
| { |
|
| MessageLoaderParms msgParms( |
|
| "Pegasus.Server.HTTPAuthenticatorDelegator.BAD_CERTIFICATE_USERNAME", |
|
| "The username registered to this certificate is not a valid user."); |
|
| |
|
| String msg(MessageLoader::getMessage(msgParms)); |
|
| _sendHttpError(queueId, |
|
| HTTP_STATUS_UNAUTHORIZED, |
|
| String::EMPTY, |
|
| msg); |
|
| } |
|
| |
|
| return(authenticated); |
|
| } |
|
| |
|
| PEGASUS_NAMESPACE_END | PEGASUS_NAMESPACE_END |
Return to
HTTPAuthenticatorDelegator.cpp
CVS log
Up to [Pegasus] / pegasus / src / Pegasus / Server