|
version 1.67, 2006/11/08 12:41:28
|
version 1.68, 2006/11/14 18:34:59
|
|
|
|
| Uint32 operationMessageQueueId, | Uint32 operationMessageQueueId, |
| Uint32 exportMessageQueueId, | Uint32 exportMessageQueueId, |
| CIMRepository* repository) | CIMRepository* repository) |
| : Base(PEGASUS_QUEUENAME_HTTPAUTHDELEGATOR, |
: Base(PEGASUS_QUEUENAME_HTTPAUTHDELEGATOR, MessageQueue::getNextQueueId()), |
| MessageQueue::getNextQueueId()), |
|
| _operationMessageQueueId(operationMessageQueueId), | _operationMessageQueueId(operationMessageQueueId), |
| _exportMessageQueueId(exportMessageQueueId), | _exportMessageQueueId(exportMessageQueueId), |
| _repository(repository) | _repository(repository) |
|
|
|
| | |
| #ifdef PEGASUS_KERBEROS_AUTHENTICATION | #ifdef PEGASUS_KERBEROS_AUTHENTICATION |
| CIMKerberosSecurityAssociation *sa = NULL; | CIMKerberosSecurityAssociation *sa = NULL; |
| // The presence of a Security Association indicates that Kerberos is being used |
// The presence of a Security Association indicates that Kerberos is |
| |
// being used. |
| // Reset flag for subsequent calls to indicate that no Authorization | // Reset flag for subsequent calls to indicate that no Authorization |
| // record was sent. If one was sent the flag will be appropriately reset later. |
// record was sent. If one was sent the flag will be appropriately reset |
| |
// later. |
| // The sa is maintained while the connection is active. | // The sa is maintained while the connection is active. |
| sa = httpMessage->authInfo->getSecurityAssociation(); | sa = httpMessage->authInfo->getSecurityAssociation(); |
| if (sa) | if (sa) |
|
|
|
| } | } |
| #endif | #endif |
| | |
| |
if (ConfigManager::parseBooleanValue(configManager->getCurrentValue( |
| if (ConfigManager::parseBooleanValue( |
_CONFIG_PARAM_ENABLEAUTHENTICATION))) |
| configManager->getCurrentValue(_CONFIG_PARAM_ENABLEAUTHENTICATION))) |
|
| { | { |
| enableAuthentication = true; | enableAuthentication = true; |
| #ifdef PEGASUS_KERBEROS_AUTHENTICATION | #ifdef PEGASUS_KERBEROS_AUTHENTICATION |
| // If we are using Kerberos (sa pointer is set), the client has already authenticated, and the client is NOT attempting to re-authenticate (dermined by an Authorization record being sent), then we want to set the local authenticate flag to true so that the authentication logic is skipped. |
// If we are using Kerberos (sa pointer is set), the client has |
| String authstr = String::EMPTY; |
// already authenticated, and the client is NOT attempting to |
| |
// re-authenticate (dermined by an Authorization record being sent), |
| |
// then we want to set the local authenticate flag to true so that |
| |
// the authentication logic is skipped. |
| |
String authstr; |
| if (sa && sa->getClientAuthenticated() && | if (sa && sa->getClientAuthenticated() && |
| !HTTPMessage::lookupHeader(headers, "Authorization", authstr, false)) |
!HTTPMessage::lookupHeader( |
| |
headers, "Authorization", authstr, false)) |
| { | { |
| authenticated = true; | authenticated = true; |
| } | } |
| |
|
| if (!sa) | if (!sa) |
| { | { |
| authenticated = httpMessage->authInfo->isAuthenticated(); | authenticated = httpMessage->authInfo->isAuthenticated(); |
|
|
|
| (String::equal(httpMessage->authInfo->getAuthType(), | (String::equal(httpMessage->authInfo->getAuthType(), |
| AuthenticationInfoRep::AUTH_TYPE_SSL))) | AuthenticationInfoRep::AUTH_TYPE_SSL))) |
| { | { |
| PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL3, "Client was authenticated via trusted SSL certificate."); |
PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL3, |
| |
"Client was authenticated via trusted SSL certificate."); |
| | |
| String trustStore = configManager->getCurrentValue("sslTrustStore"); | String trustStore = configManager->getCurrentValue("sslTrustStore"); |
| | |
| if (FileSystem::isDirectory(ConfigManager::getHomedPath(trustStore))) |
if (FileSystem::isDirectory( |
| |
ConfigManager::getHomedPath(trustStore))) |
| { | { |
| PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL4, "Truststore is a directory, lookup username"); |
PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL4, |
| |
"Truststore is a directory, lookup username"); |
| | |
| //Get the client certificate chain to determine the correct username mapping. |
// Get the client certificate chain to determine the correct |
| //Starting with the peer certificate, work your way up the chain |
// username mapping. Starting with the peer certificate, |
| //towards the root certificate until a match is found in the repository. |
// work your way up the chain towards the root certificate |
| Array<SSLCertificateInfo*> clientCertificateChain = httpMessage->authInfo->getClientCertificateChain(); |
// until a match is found in the repository. |
| |
Array<SSLCertificateInfo*> clientCertificateChain = |
| |
httpMessage->authInfo->getClientCertificateChain(); |
| SSLCertificateInfo* clientCertificate = NULL; | SSLCertificateInfo* clientCertificate = NULL; |
| | |
| Tracer::trace(TRC_HTTP, Tracer::LEVEL4, "Client certificate chain length: %d.", clientCertificateChain.size()); |
Tracer::trace(TRC_HTTP, Tracer::LEVEL4, |
| |
"Client certificate chain length: %d.", |
| |
clientCertificateChain.size()); |
| | |
| Uint32 loopCount = clientCertificateChain.size() - 1; | Uint32 loopCount = clientCertificateChain.size() - 1; |
| for (Uint32 i = 0; i <= loopCount ; i++) | for (Uint32 i = 0; i <= loopCount ; i++) |
|
|
|
| clientCertificate = clientCertificateChain[i]; | clientCertificate = clientCertificateChain[i]; |
| if (clientCertificate == NULL) | if (clientCertificate == NULL) |
| { | { |
| MessageLoaderParms msgParms("Pegasus.Server.HTTPAuthenticatorDelegator.BAD_CERTIFICATE", |
MessageLoaderParms msgParms( |
| "The certificate used for authentication is not valid."); |
"Pegasus.Server.HTTPAuthenticatorDelegator." |
| |
"BAD_CERTIFICATE", |
| |
"The certificate used for authentication is not " |
| |
"valid."); |
| String msg(MessageLoader::getMessage(msgParms)); | String msg(MessageLoader::getMessage(msgParms)); |
| _sendHttpError( | _sendHttpError( |
| queueId, | queueId, |
|
|
|
| PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| return; | return; |
| } | } |
| PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL4, "Certificate toString " + clientCertificate->toString()); |
PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL4, |
| |
"Certificate toString " + |
| |
clientCertificate->toString()); |
| | |
| //get certificate properties | //get certificate properties |
| String issuerName = clientCertificate->getIssuerName(); | String issuerName = clientCertificate->getIssuerName(); |
| char serialNumber[256]; | char serialNumber[256]; |
| sprintf(serialNumber, "%lu", clientCertificate->getSerialNumber()); |
sprintf(serialNumber, "%lu", |
| |
clientCertificate->getSerialNumber()); |
| | |
| // | // |
| // The truststore type key property is deprecated. To retain | // The truststore type key property is deprecated. To retain |
|
|
|
| | |
| //construct the corresponding PG_SSLCertificate instance | //construct the corresponding PG_SSLCertificate instance |
| Array<CIMKeyBinding> keyBindings; | Array<CIMKeyBinding> keyBindings; |
| keyBindings.append(CIMKeyBinding("IssuerName", issuerName, CIMKeyBinding::STRING)); |
keyBindings.append(CIMKeyBinding( |
| keyBindings.append(CIMKeyBinding("SerialNumber", serialNumber, CIMKeyBinding::STRING)); |
"IssuerName", issuerName, CIMKeyBinding::STRING)); |
| |
keyBindings.append(CIMKeyBinding( |
| |
"SerialNumber", serialNumber, CIMKeyBinding::STRING)); |
| keyBindings.append(CIMKeyBinding("TruststoreType", | keyBindings.append(CIMKeyBinding("TruststoreType", |
| PG_SSLCERTIFICATE_TSTYPE_VALUE_SERVER)); | PG_SSLCERTIFICATE_TSTYPE_VALUE_SERVER)); |
| | |
| CIMObjectPath cimObjectPath("localhost", |
CIMObjectPath cimObjectPath( |
| |
"localhost", |
| PEGASUS_NAMESPACENAME_CERTIFICATE, | PEGASUS_NAMESPACENAME_CERTIFICATE, |
| PEGASUS_CLASSNAME_CERTIFICATE, | PEGASUS_CLASSNAME_CERTIFICATE, |
| keyBindings); | keyBindings); |
| | |
| PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL4, "Client Certificate COP: " + cimObjectPath.toString()); |
PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL4, |
| |
"Client Certificate COP: " + cimObjectPath.toString()); |
| | |
| CIMInstance cimInstance; | CIMInstance cimInstance; |
| CIMValue value; | CIMValue value; |
|
|
|
| //attempt to get the username registered to the certificate | //attempt to get the username registered to the certificate |
| try | try |
| { | { |
| cimInstance = _repository->getInstance(PEGASUS_NAMESPACENAME_CERTIFICATE, cimObjectPath); |
cimInstance = _repository->getInstance( |
| |
PEGASUS_NAMESPACENAME_CERTIFICATE, cimObjectPath); |
| | |
| pos = cimInstance.findProperty("RegisteredUserName"); | pos = cimInstance.findProperty("RegisteredUserName"); |
| | |
| if (pos != PEG_NOT_FOUND && !(value = cimInstance.getProperty(pos).getValue()).isNull()) |
if (pos != PEG_NOT_FOUND && |
| |
!(value = cimInstance.getProperty(pos). |
| |
getValue()).isNull()) |
| { | { |
| value.get(userName); | value.get(userName); |
| | |
| // | // |
| // If a user name is specified, our search is complete |
// If a user name is specified, our search is |
| |
// complete |
| // | // |
| if (userName.size()) | if (userName.size()) |
| { | { |
|
|
|
| } | } |
| else | else |
| { | { |
| Logger::put(Logger::ERROR_LOG, System::CIMSERVER, Logger::TRACE, |
Logger::put( |
| "HTTPAuthenticatorDelegator - Bailing, no username is registered to this certificate."); |
Logger::ERROR_LOG, |
| |
System::CIMSERVER, |
| |
Logger::TRACE, |
| |
"HTTPAuthenticatorDelegator - Bailing, no " |
| |
"username is registered to this " |
| |
"certificate."); |
| |
} |
| } | } |
| } catch (CIMException& e) |
catch (CIMException& e) |
| { | { |
| //this certificate did not have a registration associated with it; continue up the chain |
// this certificate did not have a registration |
| |
// associated with it; continue up the chain |
| if (e.getCode() == CIM_ERR_NOT_FOUND) | if (e.getCode() == CIM_ERR_NOT_FOUND) |
| { | { |
| PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL4, "No registration for this certificate, try next certificate in chain"); |
PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL4, |
| |
"No registration for this certificate, try " |
| |
"next certificate in chain"); |
| continue; | continue; |
| |
} |
| } else |
else |
| { | { |
| Logger::put(Logger::ERROR_LOG, System::CIMSERVER, Logger::TRACE, |
Logger::put( |
| "HTTPAuthenticatorDelegator - Bailing, Bailing, the certificate used for authentication is not valid."); |
Logger::ERROR_LOG, |
| MessageLoaderParms msgParms("Pegasus.Server.HTTPAuthenticatorDelegator.BAD_CERTIFICATE", |
System::CIMSERVER, |
| "The certificate used for authentication is not valid."); |
Logger::TRACE, |
| |
"HTTPAuthenticatorDelegator - Bailing, " |
| |
"the certificate used for authentication " |
| |
"is not valid."); |
| |
MessageLoaderParms msgParms( |
| |
"Pegasus.Server.HTTPAuthenticatorDelegator." |
| |
"BAD_CERTIFICATE", |
| |
"The certificate used for authentication is " |
| |
"not valid."); |
| String msg(MessageLoader::getMessage(msgParms)); | String msg(MessageLoader::getMessage(msgParms)); |
| PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL3, msg); | PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL3, msg); |
| _sendHttpError( | _sendHttpError( |
|
|
|
| PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| return; | return; |
| } | } |
| |
} |
| } catch (...) |
catch (...) |
| { | { |
| //this scenario can occur if a certificate cached on the server was deleted |
// this scenario can occur if a certificate cached |
| //openssl would not pick up the deletion but we would pick it up here when we went to look it up |
// on the server was deleted openssl would not pick |
| //in the repository |
// up the deletion but we would pick it up here when |
| Logger::put(Logger::ERROR_LOG, System::CIMSERVER, Logger::TRACE, |
// we went to look it up in the repository |
| "HTTPAuthenticatorDelegator - Bailing, the certificate used for authentication is not valid."); |
Logger::put( |
| MessageLoaderParms msgParms("Pegasus.Server.HTTPAuthenticatorDelegator.BAD_CERTIFICATE", |
Logger::ERROR_LOG, System::CIMSERVER, Logger::TRACE, |
| "The certificate used for authentication is not valid."); |
"HTTPAuthenticatorDelegator - Bailing, the " |
| |
"certificate used for authentication is not " |
| |
"valid."); |
| |
MessageLoaderParms msgParms( |
| |
"Pegasus.Server.HTTPAuthenticatorDelegator." |
| |
"BAD_CERTIFICATE", |
| |
"The certificate used for authentication is not " |
| |
"valid."); |
| String msg(MessageLoader::getMessage(msgParms)); | String msg(MessageLoader::getMessage(msgParms)); |
| PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL3, msg); | PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL3, msg); |
| _sendHttpError( | _sendHttpError( |
|
|
|
| else | else |
| { | { |
| //trustStore is a single CA file, lookup username | //trustStore is a single CA file, lookup username |
| //user was already verified as a valid system user during server startup |
// user was already verified as a valid system user during |
| |
// server startup |
| certUserName = | certUserName = |
| configManager->getCurrentValue("sslTrustStoreUserName"); | configManager->getCurrentValue("sslTrustStoreUserName"); |
| } | } |
|
|
|
| | |
| PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL4, "Exited authentication loop"); | PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL4, "Exited authentication loop"); |
| | |
| |
|
| // l10n start |
|
| AcceptLanguageList acceptLanguages; | AcceptLanguageList acceptLanguages; |
| ContentLanguageList contentLanguages; | ContentLanguageList contentLanguages; |
| try | try |
|
|
|
| headers, | headers, |
| _HTTP_HEADER_ACCEPT_LANGUAGE, | _HTTP_HEADER_ACCEPT_LANGUAGE, |
| acceptLanguageHeader, | acceptLanguageHeader, |
| false) == true) |
false)) |
| { | { |
| acceptLanguages = LanguageParser::parseAcceptLanguageHeader( | acceptLanguages = LanguageParser::parseAcceptLanguageHeader( |
| acceptLanguageHeader); | acceptLanguageHeader); |
|
|
|
| headers, | headers, |
| _HTTP_HEADER_CONTENT_LANGUAGE, | _HTTP_HEADER_CONTENT_LANGUAGE, |
| contentLanguageHeader, | contentLanguageHeader, |
| false) == true) |
false)) |
| { | { |
| contentLanguages = LanguageParser::parseContentLanguageHeader( | contentLanguages = LanguageParser::parseContentLanguageHeader( |
| contentLanguageHeader); | contentLanguageHeader); |
|
|
|
| } | } |
| catch (Exception &e) | catch (Exception &e) |
| { | { |
| Thread::clearLanguages(); // clear any existing languages to force messages to come from the root bundle |
// clear any existing languages to force messages to come from the |
| MessageLoaderParms msgParms("Pegasus.Server.HTTPAuthenticatorDelegator.REQUEST_NOT_VALID","request-not-valid"); |
// root bundle |
| |
Thread::clearLanguages(); |
| |
MessageLoaderParms msgParms( |
| |
"Pegasus.Server.HTTPAuthenticatorDelegator.REQUEST_NOT_VALID", |
| |
"request-not-valid"); |
| String msg(MessageLoader::getMessage(msgParms)); | String msg(MessageLoader::getMessage(msgParms)); |
| | |
| _sendHttpError( | _sendHttpError( |
|
|
|
| PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| return; | return; |
| } | } |
| |
|
| Thread::setLanguages(new AcceptLanguageList(acceptLanguages)); | Thread::setLanguages(new AcceptLanguageList(acceptLanguages)); |
| httpMessage->acceptLanguages = acceptLanguages; | httpMessage->acceptLanguages = acceptLanguages; |
| httpMessage->contentLanguages = contentLanguages; | httpMessage->contentLanguages = contentLanguages; |
| // l10n end |
|
| |
|
| | |
| // | // |
| // Parse the request line: | // Parse the request line: |
|
|
|
| // | // |
| // Search for Authorization header: | // Search for Authorization header: |
| // | // |
| String authorization = String::EMPTY; |
String authorization; |
| | |
| if ( HTTPMessage::lookupHeader(headers, | if ( HTTPMessage::lookupHeader(headers, |
| _HTTP_HEADER_PEGASUSAUTHORIZATION, authorization, false) && | _HTTP_HEADER_PEGASUSAUTHORIZATION, authorization, false) && |
| enableAuthentication |
enableAuthentication) |
| ) |
|
| { | { |
| try | try |
| { | { |
|
|
|
| | |
| if (!authenticated) | if (!authenticated) |
| { | { |
| String authChallenge = String::EMPTY; |
String authChallenge; |
| String authResp = String::EMPTY; |
String authResp; |
| | |
| authResp = _authenticationManager->getPegasusAuthResponseHeader( |
authResp = _authenticationManager-> |
| |
getPegasusAuthResponseHeader( |
| authorization, | authorization, |
| httpMessage->authInfo); | httpMessage->authInfo); |
| | |
|
|
|
| } | } |
| else | else |
| { | { |
| MessageLoaderParms msgParms("Pegasus.Server.HTTPAuthenticatorDelegator.AUTHORIZATION_HEADER_ERROR","Authorization header error"); |
MessageLoaderParms msgParms( |
| |
"Pegasus.Server.HTTPAuthenticatorDelegator." |
| |
"AUTHORIZATION_HEADER_ERROR", |
| |
"Authorization header error"); |
| String msg(MessageLoader::getMessage(msgParms)); | String msg(MessageLoader::getMessage(msgParms)); |
| _sendHttpError( | _sendHttpError( |
| queueId, | queueId, |
|
|
|
| closeConnect); | closeConnect); |
| PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| return; | return; |
| |
|
| } | } |
| } | } |
| | |
| |
|
| |
|
| if ( HTTPMessage::lookupHeader( | if ( HTTPMessage::lookupHeader( |
| headers, _HTTP_HEADER_AUTHORIZATION, authorization, false) && |
headers, _HTTP_HEADER_AUTHORIZATION, authorization, false) |
| enableAuthentication |
&& enableAuthentication) |
| ) |
|
| { | { |
| // | // |
| // Do http authentication if not authenticated already | // Do http authentication if not authenticated already |
|
|
|
| //ATTN: the number of challenges get sent for a | //ATTN: the number of challenges get sent for a |
| // request on a connection can be pre-set. | // request on a connection can be pre-set. |
| #ifdef PEGASUS_KERBEROS_AUTHENTICATION | #ifdef PEGASUS_KERBEROS_AUTHENTICATION |
| // Kerberos authentication needs access to the AuthenticationInfo |
// Kerberos authentication needs access to the |
| // object for this session in order to set up the reference to the |
// AuthenticationInfo object for this session in |
| // CIMKerberosSecurityAssociation object for this session. |
// order to set up the reference to the |
| |
// CIMKerberosSecurityAssociation object for this |
| |
// session. |
| | |
| String authResp = | String authResp = |
| _authenticationManager->getHttpAuthResponseHeader(httpMessage->authInfo); |
_authenticationManager->getHttpAuthResponseHeader( |
| |
httpMessage->authInfo); |
| #else | #else |
| String authResp = | String authResp = |
| _authenticationManager->getHttpAuthResponseHeader(); | _authenticationManager->getHttpAuthResponseHeader(); |
|
|
|
| } | } |
| else | else |
| { | { |
| MessageLoaderParms msgParms("Pegasus.Server.HTTPAuthenticatorDelegator.AUTHORIZATION_HEADER_ERROR","Authorization header error"); |
MessageLoaderParms msgParms( |
| |
"Pegasus.Server.HTTPAuthenticatorDelegator." |
| |
"AUTHORIZATION_HEADER_ERROR", |
| |
"Authorization header error"); |
| String msg(MessageLoader::getMessage(msgParms)); | String msg(MessageLoader::getMessage(msgParms)); |
| _sendHttpError( | _sendHttpError( |
| queueId, | queueId, |
|
|
|
| } // first not authenticated check | } // first not authenticated check |
| } // "Authorization" header check | } // "Authorization" header check |
| } //end if(!authenticated && enableAuthentication) | } //end if(!authenticated && enableAuthentication) |
| |
|
| #ifdef PEGASUS_KERBEROS_AUTHENTICATION | #ifdef PEGASUS_KERBEROS_AUTHENTICATION |
| // The pointer to the sa is created in the authenticator so we need to also |
// The pointer to the sa is created in the authenticator so we need |
| // assign it here. |
// to also assign it here. |
| sa = httpMessage->authInfo->getSecurityAssociation(); | sa = httpMessage->authInfo->getSecurityAssociation(); |
| if (sa) | if (sa) |
| { | { |
| Uint32 sendAction = 0; // 0 - continue, 1 = send success, 2 = send response |
// 0 - continue, 1 = send success, 2 = send response |
| // The following is processing to unwrap (decrypt) the request from the |
Uint32 sendAction = 0; |
| // client when using kerberos authentication. |
|
| sa->unwrapRequestMessage(httpMessage->message, contentLength, |
// The following is processing to unwrap (decrypt) the request |
| authenticated, sendAction); |
// from the client when using kerberos authentication. |
| |
sa->unwrapRequestMessage( |
| |
httpMessage->message, contentLength, authenticated, sendAction); |
| |
|
| if (sendAction) // send success or send response | if (sendAction) // send success or send response |
| { | { |
| if (httpMessage->message.size() == 0) | if (httpMessage->message.size() == 0) |
| { | { |
| MessageLoaderParms msgParms("Pegasus.Server.HTTPAuthenticatorDelegator.AUTHORIZATION_HEADER_ERROR","Authorization header error"); |
MessageLoaderParms msgParms( |
| |
"Pegasus.Server.HTTPAuthenticatorDelegator." |
| |
"AUTHORIZATION_HEADER_ERROR", |
| |
"Authorization header error"); |
| String msg(MessageLoader::getMessage(msgParms)); | String msg(MessageLoader::getMessage(msgParms)); |
| _sendHttpError( | _sendHttpError( |
| queueId, | queueId, |
|
|
|
| _sendSuccess( | _sendSuccess( |
| queueId, | queueId, |
| String( | String( |
| httpMessage->message.getData(),httpMessage->message.size()), |
httpMessage->message.getData(), |
| |
httpMessage->message.size()), |
| closeConnect); | closeConnect); |
| } | } |
| | |
| if (sendAction == 2) // Send response | if (sendAction == 2) // Send response |
| { | { |
| _sendResponse(queueId, httpMessage->message,closeConnect); |
_sendResponse( |
| |
queueId, |
| |
httpMessage->message, |
| |
closeConnect); |
| } | } |
| } | } |
| | |
|
|
|
| } | } |
| #endif | #endif |
| | |
| |
|
| |
|
| |
|
| if ( authenticated || !enableAuthentication ) | if ( authenticated || !enableAuthentication ) |
| { | { |
| // Final bastion to ensure the remote privileged user access | // Final bastion to ensure the remote privileged user access |
|
|
|
| // enableRemotePrivilegedUserAccess check | // enableRemotePrivilegedUserAccess check |
| // time to do it ourselves | // time to do it ourselves |
| String userName = httpMessage->authInfo->getAuthenticatedUser(); | String userName = httpMessage->authInfo->getAuthenticatedUser(); |
| if (! AuthenticationManager::isRemotePrivilegedUserAccessAllowed(userName)) |
if (!AuthenticationManager::isRemotePrivilegedUserAccessAllowed( |
| |
userName)) |
| { | { |
| // Send client a message that we can't proceed to talk to him |
// Send client a message that we can't proceed to talk |
| |
// to him |
| // HTTP 401 ? | // HTTP 401 ? |
| MessageLoaderParms msgParms( | MessageLoaderParms msgParms( |
| "Server.CIMOperationRequestAuthorizer.REMOTE_NOT_ENABLED", |
"Server.CIMOperationRequestAuthorizer." |
| |
"REMOTE_NOT_ENABLED", |
| "Remote privileged user access is not enabled."); | "Remote privileged user access is not enabled."); |
| String msg(MessageLoader::getMessage(msgParms)); | String msg(MessageLoader::getMessage(msgParms)); |
| _sendHttpError( | _sendHttpError( |
|
|
|
| httpMessage->authInfo->setRemotePrivilegedUserAccessChecked(); | httpMessage->authInfo->setRemotePrivilegedUserAccessChecked(); |
| } | } |
| | |
| |
|
| // | // |
| // Search for "CIMOperation" header: | // Search for "CIMOperation" header: |
| // | // |
|
|
|
| if (HTTPMessage::lookupHeader( | if (HTTPMessage::lookupHeader( |
| headers, _HTTP_HEADER_CIMOPERATION, cimOperation, true)) | headers, _HTTP_HEADER_CIMOPERATION, cimOperation, true)) |
| { | { |
| PEG_LOGGER_TRACE((Logger::STANDARD_LOG, System::CIMSERVER, Logger::TRACE, |
PEG_LOGGER_TRACE( |
| "HTTPAuthenticatorDelegator - CIMOperation: $0 ",cimOperation)); |
(Logger::STANDARD_LOG, System::CIMSERVER, Logger::TRACE, |
| |
"HTTPAuthenticatorDelegator - CIMOperation: $0 ", |
| |
cimOperation)); |
| | |
| MessageQueue* queue = | MessageQueue* queue = |
| MessageQueue::lookup(_operationMessageQueueId); | MessageQueue::lookup(_operationMessageQueueId); |
|
|
|
| else if (HTTPMessage::lookupHeader( | else if (HTTPMessage::lookupHeader( |
| headers, _HTTP_HEADER_CIMEXPORT, cimOperation, true)) | headers, _HTTP_HEADER_CIMEXPORT, cimOperation, true)) |
| { | { |
| Logger::put(Logger::STANDARD_LOG, System::CIMSERVER, Logger::TRACE, |
Logger::put( |
| |
Logger::STANDARD_LOG, System::CIMSERVER, Logger::TRACE, |
| "HTTPAuthenticatorDelegator - CIMExport: $0 ",cimOperation); | "HTTPAuthenticatorDelegator - CIMExport: $0 ",cimOperation); |
| | |
| MessageQueue* queue = | MessageQueue* queue = |
|
|
|
| { // client not authenticated; send challenge | { // client not authenticated; send challenge |
| #ifdef PEGASUS_KERBEROS_AUTHENTICATION | #ifdef PEGASUS_KERBEROS_AUTHENTICATION |
| String authResp = | String authResp = |
| _authenticationManager->getHttpAuthResponseHeader(httpMessage->authInfo); |
_authenticationManager->getHttpAuthResponseHeader( |
| |
httpMessage->authInfo); |
| #else | #else |
| String authResp = | String authResp = |
| _authenticationManager->getHttpAuthResponseHeader(); | _authenticationManager->getHttpAuthResponseHeader(); |
|
|
|
| } | } |
| else | else |
| { | { |
| MessageLoaderParms msgParms("Pegasus.Server.HTTPAuthenticatorDelegator.AUTHORIZATION_HEADER_ERROR","Authorization header error"); |
MessageLoaderParms msgParms( |
| |
"Pegasus.Server.HTTPAuthenticatorDelegator." |
| |
"AUTHORIZATION_HEADER_ERROR", |
| |
"Authorization header error"); |
| String msg(MessageLoader::getMessage(msgParms)); | String msg(MessageLoader::getMessage(msgParms)); |
| _sendHttpError( | _sendHttpError( |
| queueId, | queueId, |
Return to
HTTPAuthenticatorDelegator.cpp
CVS log
Up to [Pegasus] / pegasus / src / Pegasus / Server