version 1.67, 2006/11/08 12:41:28
|
version 1.68, 2006/11/14 18:34:59
|
|
|
Uint32 operationMessageQueueId, | Uint32 operationMessageQueueId, |
Uint32 exportMessageQueueId, | Uint32 exportMessageQueueId, |
CIMRepository* repository) | CIMRepository* repository) |
: Base(PEGASUS_QUEUENAME_HTTPAUTHDELEGATOR, |
: Base(PEGASUS_QUEUENAME_HTTPAUTHDELEGATOR, MessageQueue::getNextQueueId()), |
MessageQueue::getNextQueueId()), |
|
_operationMessageQueueId(operationMessageQueueId), | _operationMessageQueueId(operationMessageQueueId), |
_exportMessageQueueId(exportMessageQueueId), | _exportMessageQueueId(exportMessageQueueId), |
_repository(repository) | _repository(repository) |
|
|
| |
#ifdef PEGASUS_KERBEROS_AUTHENTICATION | #ifdef PEGASUS_KERBEROS_AUTHENTICATION |
CIMKerberosSecurityAssociation *sa = NULL; | CIMKerberosSecurityAssociation *sa = NULL; |
// The presence of a Security Association indicates that Kerberos is being used |
// The presence of a Security Association indicates that Kerberos is |
|
// being used. |
// Reset flag for subsequent calls to indicate that no Authorization | // Reset flag for subsequent calls to indicate that no Authorization |
// record was sent. If one was sent the flag will be appropriately reset later. |
// record was sent. If one was sent the flag will be appropriately reset |
|
// later. |
// The sa is maintained while the connection is active. | // The sa is maintained while the connection is active. |
sa = httpMessage->authInfo->getSecurityAssociation(); | sa = httpMessage->authInfo->getSecurityAssociation(); |
if (sa) | if (sa) |
|
|
} | } |
#endif | #endif |
| |
|
if (ConfigManager::parseBooleanValue(configManager->getCurrentValue( |
if (ConfigManager::parseBooleanValue( |
_CONFIG_PARAM_ENABLEAUTHENTICATION))) |
configManager->getCurrentValue(_CONFIG_PARAM_ENABLEAUTHENTICATION))) |
|
{ | { |
enableAuthentication = true; | enableAuthentication = true; |
#ifdef PEGASUS_KERBEROS_AUTHENTICATION | #ifdef PEGASUS_KERBEROS_AUTHENTICATION |
// If we are using Kerberos (sa pointer is set), the client has already authenticated, and the client is NOT attempting to re-authenticate (dermined by an Authorization record being sent), then we want to set the local authenticate flag to true so that the authentication logic is skipped. |
// If we are using Kerberos (sa pointer is set), the client has |
String authstr = String::EMPTY; |
// already authenticated, and the client is NOT attempting to |
|
// re-authenticate (dermined by an Authorization record being sent), |
|
// then we want to set the local authenticate flag to true so that |
|
// the authentication logic is skipped. |
|
String authstr; |
if (sa && sa->getClientAuthenticated() && | if (sa && sa->getClientAuthenticated() && |
!HTTPMessage::lookupHeader(headers, "Authorization", authstr, false)) |
!HTTPMessage::lookupHeader( |
|
headers, "Authorization", authstr, false)) |
{ | { |
authenticated = true; | authenticated = true; |
} | } |
|
|
if (!sa) | if (!sa) |
{ | { |
authenticated = httpMessage->authInfo->isAuthenticated(); | authenticated = httpMessage->authInfo->isAuthenticated(); |
|
|
(String::equal(httpMessage->authInfo->getAuthType(), | (String::equal(httpMessage->authInfo->getAuthType(), |
AuthenticationInfoRep::AUTH_TYPE_SSL))) | AuthenticationInfoRep::AUTH_TYPE_SSL))) |
{ | { |
PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL3, "Client was authenticated via trusted SSL certificate."); |
PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL3, |
|
"Client was authenticated via trusted SSL certificate."); |
| |
String trustStore = configManager->getCurrentValue("sslTrustStore"); | String trustStore = configManager->getCurrentValue("sslTrustStore"); |
| |
if (FileSystem::isDirectory(ConfigManager::getHomedPath(trustStore))) |
if (FileSystem::isDirectory( |
|
ConfigManager::getHomedPath(trustStore))) |
{ | { |
PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL4, "Truststore is a directory, lookup username"); |
PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL4, |
|
"Truststore is a directory, lookup username"); |
| |
//Get the client certificate chain to determine the correct username mapping. |
// Get the client certificate chain to determine the correct |
//Starting with the peer certificate, work your way up the chain |
// username mapping. Starting with the peer certificate, |
//towards the root certificate until a match is found in the repository. |
// work your way up the chain towards the root certificate |
Array<SSLCertificateInfo*> clientCertificateChain = httpMessage->authInfo->getClientCertificateChain(); |
// until a match is found in the repository. |
|
Array<SSLCertificateInfo*> clientCertificateChain = |
|
httpMessage->authInfo->getClientCertificateChain(); |
SSLCertificateInfo* clientCertificate = NULL; | SSLCertificateInfo* clientCertificate = NULL; |
| |
Tracer::trace(TRC_HTTP, Tracer::LEVEL4, "Client certificate chain length: %d.", clientCertificateChain.size()); |
Tracer::trace(TRC_HTTP, Tracer::LEVEL4, |
|
"Client certificate chain length: %d.", |
|
clientCertificateChain.size()); |
| |
Uint32 loopCount = clientCertificateChain.size() - 1; | Uint32 loopCount = clientCertificateChain.size() - 1; |
for (Uint32 i = 0; i <= loopCount ; i++) | for (Uint32 i = 0; i <= loopCount ; i++) |
|
|
clientCertificate = clientCertificateChain[i]; | clientCertificate = clientCertificateChain[i]; |
if (clientCertificate == NULL) | if (clientCertificate == NULL) |
{ | { |
MessageLoaderParms msgParms("Pegasus.Server.HTTPAuthenticatorDelegator.BAD_CERTIFICATE", |
MessageLoaderParms msgParms( |
"The certificate used for authentication is not valid."); |
"Pegasus.Server.HTTPAuthenticatorDelegator." |
|
"BAD_CERTIFICATE", |
|
"The certificate used for authentication is not " |
|
"valid."); |
String msg(MessageLoader::getMessage(msgParms)); | String msg(MessageLoader::getMessage(msgParms)); |
_sendHttpError( | _sendHttpError( |
queueId, | queueId, |
|
|
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
return; | return; |
} | } |
PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL4, "Certificate toString " + clientCertificate->toString()); |
PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL4, |
|
"Certificate toString " + |
|
clientCertificate->toString()); |
| |
//get certificate properties | //get certificate properties |
String issuerName = clientCertificate->getIssuerName(); | String issuerName = clientCertificate->getIssuerName(); |
char serialNumber[256]; | char serialNumber[256]; |
sprintf(serialNumber, "%lu", clientCertificate->getSerialNumber()); |
sprintf(serialNumber, "%lu", |
|
clientCertificate->getSerialNumber()); |
| |
// | // |
// The truststore type key property is deprecated. To retain | // The truststore type key property is deprecated. To retain |
|
|
| |
//construct the corresponding PG_SSLCertificate instance | //construct the corresponding PG_SSLCertificate instance |
Array<CIMKeyBinding> keyBindings; | Array<CIMKeyBinding> keyBindings; |
keyBindings.append(CIMKeyBinding("IssuerName", issuerName, CIMKeyBinding::STRING)); |
keyBindings.append(CIMKeyBinding( |
keyBindings.append(CIMKeyBinding("SerialNumber", serialNumber, CIMKeyBinding::STRING)); |
"IssuerName", issuerName, CIMKeyBinding::STRING)); |
|
keyBindings.append(CIMKeyBinding( |
|
"SerialNumber", serialNumber, CIMKeyBinding::STRING)); |
keyBindings.append(CIMKeyBinding("TruststoreType", | keyBindings.append(CIMKeyBinding("TruststoreType", |
PG_SSLCERTIFICATE_TSTYPE_VALUE_SERVER)); | PG_SSLCERTIFICATE_TSTYPE_VALUE_SERVER)); |
| |
CIMObjectPath cimObjectPath("localhost", |
CIMObjectPath cimObjectPath( |
|
"localhost", |
PEGASUS_NAMESPACENAME_CERTIFICATE, | PEGASUS_NAMESPACENAME_CERTIFICATE, |
PEGASUS_CLASSNAME_CERTIFICATE, | PEGASUS_CLASSNAME_CERTIFICATE, |
keyBindings); | keyBindings); |
| |
PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL4, "Client Certificate COP: " + cimObjectPath.toString()); |
PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL4, |
|
"Client Certificate COP: " + cimObjectPath.toString()); |
| |
CIMInstance cimInstance; | CIMInstance cimInstance; |
CIMValue value; | CIMValue value; |
|
|
//attempt to get the username registered to the certificate | //attempt to get the username registered to the certificate |
try | try |
{ | { |
cimInstance = _repository->getInstance(PEGASUS_NAMESPACENAME_CERTIFICATE, cimObjectPath); |
cimInstance = _repository->getInstance( |
|
PEGASUS_NAMESPACENAME_CERTIFICATE, cimObjectPath); |
| |
pos = cimInstance.findProperty("RegisteredUserName"); | pos = cimInstance.findProperty("RegisteredUserName"); |
| |
if (pos != PEG_NOT_FOUND && !(value = cimInstance.getProperty(pos).getValue()).isNull()) |
if (pos != PEG_NOT_FOUND && |
|
!(value = cimInstance.getProperty(pos). |
|
getValue()).isNull()) |
{ | { |
value.get(userName); | value.get(userName); |
| |
// | // |
// If a user name is specified, our search is complete |
// If a user name is specified, our search is |
|
// complete |
// | // |
if (userName.size()) | if (userName.size()) |
{ | { |
|
|
} | } |
else | else |
{ | { |
Logger::put(Logger::ERROR_LOG, System::CIMSERVER, Logger::TRACE, |
Logger::put( |
"HTTPAuthenticatorDelegator - Bailing, no username is registered to this certificate."); |
Logger::ERROR_LOG, |
|
System::CIMSERVER, |
|
Logger::TRACE, |
|
"HTTPAuthenticatorDelegator - Bailing, no " |
|
"username is registered to this " |
|
"certificate."); |
|
} |
} | } |
} catch (CIMException& e) |
catch (CIMException& e) |
{ | { |
//this certificate did not have a registration associated with it; continue up the chain |
// this certificate did not have a registration |
|
// associated with it; continue up the chain |
if (e.getCode() == CIM_ERR_NOT_FOUND) | if (e.getCode() == CIM_ERR_NOT_FOUND) |
{ | { |
PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL4, "No registration for this certificate, try next certificate in chain"); |
PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL4, |
|
"No registration for this certificate, try " |
|
"next certificate in chain"); |
continue; | continue; |
|
} |
} else |
else |
{ | { |
Logger::put(Logger::ERROR_LOG, System::CIMSERVER, Logger::TRACE, |
Logger::put( |
"HTTPAuthenticatorDelegator - Bailing, Bailing, the certificate used for authentication is not valid."); |
Logger::ERROR_LOG, |
MessageLoaderParms msgParms("Pegasus.Server.HTTPAuthenticatorDelegator.BAD_CERTIFICATE", |
System::CIMSERVER, |
"The certificate used for authentication is not valid."); |
Logger::TRACE, |
|
"HTTPAuthenticatorDelegator - Bailing, " |
|
"the certificate used for authentication " |
|
"is not valid."); |
|
MessageLoaderParms msgParms( |
|
"Pegasus.Server.HTTPAuthenticatorDelegator." |
|
"BAD_CERTIFICATE", |
|
"The certificate used for authentication is " |
|
"not valid."); |
String msg(MessageLoader::getMessage(msgParms)); | String msg(MessageLoader::getMessage(msgParms)); |
PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL3, msg); | PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL3, msg); |
_sendHttpError( | _sendHttpError( |
|
|
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
return; | return; |
} | } |
|
} |
} catch (...) |
catch (...) |
{ | { |
//this scenario can occur if a certificate cached on the server was deleted |
// this scenario can occur if a certificate cached |
//openssl would not pick up the deletion but we would pick it up here when we went to look it up |
// on the server was deleted openssl would not pick |
//in the repository |
// up the deletion but we would pick it up here when |
Logger::put(Logger::ERROR_LOG, System::CIMSERVER, Logger::TRACE, |
// we went to look it up in the repository |
"HTTPAuthenticatorDelegator - Bailing, the certificate used for authentication is not valid."); |
Logger::put( |
MessageLoaderParms msgParms("Pegasus.Server.HTTPAuthenticatorDelegator.BAD_CERTIFICATE", |
Logger::ERROR_LOG, System::CIMSERVER, Logger::TRACE, |
"The certificate used for authentication is not valid."); |
"HTTPAuthenticatorDelegator - Bailing, the " |
|
"certificate used for authentication is not " |
|
"valid."); |
|
MessageLoaderParms msgParms( |
|
"Pegasus.Server.HTTPAuthenticatorDelegator." |
|
"BAD_CERTIFICATE", |
|
"The certificate used for authentication is not " |
|
"valid."); |
String msg(MessageLoader::getMessage(msgParms)); | String msg(MessageLoader::getMessage(msgParms)); |
PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL3, msg); | PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL3, msg); |
_sendHttpError( | _sendHttpError( |
|
|
else | else |
{ | { |
//trustStore is a single CA file, lookup username | //trustStore is a single CA file, lookup username |
//user was already verified as a valid system user during server startup |
// user was already verified as a valid system user during |
|
// server startup |
certUserName = | certUserName = |
configManager->getCurrentValue("sslTrustStoreUserName"); | configManager->getCurrentValue("sslTrustStoreUserName"); |
} | } |
|
|
| |
PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL4, "Exited authentication loop"); | PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL4, "Exited authentication loop"); |
| |
|
|
// l10n start |
|
AcceptLanguageList acceptLanguages; | AcceptLanguageList acceptLanguages; |
ContentLanguageList contentLanguages; | ContentLanguageList contentLanguages; |
try | try |
|
|
headers, | headers, |
_HTTP_HEADER_ACCEPT_LANGUAGE, | _HTTP_HEADER_ACCEPT_LANGUAGE, |
acceptLanguageHeader, | acceptLanguageHeader, |
false) == true) |
false)) |
{ | { |
acceptLanguages = LanguageParser::parseAcceptLanguageHeader( | acceptLanguages = LanguageParser::parseAcceptLanguageHeader( |
acceptLanguageHeader); | acceptLanguageHeader); |
|
|
headers, | headers, |
_HTTP_HEADER_CONTENT_LANGUAGE, | _HTTP_HEADER_CONTENT_LANGUAGE, |
contentLanguageHeader, | contentLanguageHeader, |
false) == true) |
false)) |
{ | { |
contentLanguages = LanguageParser::parseContentLanguageHeader( | contentLanguages = LanguageParser::parseContentLanguageHeader( |
contentLanguageHeader); | contentLanguageHeader); |
|
|
} | } |
catch (Exception &e) | catch (Exception &e) |
{ | { |
Thread::clearLanguages(); // clear any existing languages to force messages to come from the root bundle |
// clear any existing languages to force messages to come from the |
MessageLoaderParms msgParms("Pegasus.Server.HTTPAuthenticatorDelegator.REQUEST_NOT_VALID","request-not-valid"); |
// root bundle |
|
Thread::clearLanguages(); |
|
MessageLoaderParms msgParms( |
|
"Pegasus.Server.HTTPAuthenticatorDelegator.REQUEST_NOT_VALID", |
|
"request-not-valid"); |
String msg(MessageLoader::getMessage(msgParms)); | String msg(MessageLoader::getMessage(msgParms)); |
| |
_sendHttpError( | _sendHttpError( |
|
|
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
return; | return; |
} | } |
|
|
Thread::setLanguages(new AcceptLanguageList(acceptLanguages)); | Thread::setLanguages(new AcceptLanguageList(acceptLanguages)); |
httpMessage->acceptLanguages = acceptLanguages; | httpMessage->acceptLanguages = acceptLanguages; |
httpMessage->contentLanguages = contentLanguages; | httpMessage->contentLanguages = contentLanguages; |
// l10n end |
|
|
|
| |
// | // |
// Parse the request line: | // Parse the request line: |
|
|
// | // |
// Search for Authorization header: | // Search for Authorization header: |
// | // |
String authorization = String::EMPTY; |
String authorization; |
| |
if ( HTTPMessage::lookupHeader(headers, | if ( HTTPMessage::lookupHeader(headers, |
_HTTP_HEADER_PEGASUSAUTHORIZATION, authorization, false) && | _HTTP_HEADER_PEGASUSAUTHORIZATION, authorization, false) && |
enableAuthentication |
enableAuthentication) |
) |
|
{ | { |
try | try |
{ | { |
|
|
| |
if (!authenticated) | if (!authenticated) |
{ | { |
String authChallenge = String::EMPTY; |
String authChallenge; |
String authResp = String::EMPTY; |
String authResp; |
| |
authResp = _authenticationManager->getPegasusAuthResponseHeader( |
authResp = _authenticationManager-> |
|
getPegasusAuthResponseHeader( |
authorization, | authorization, |
httpMessage->authInfo); | httpMessage->authInfo); |
| |
|
|
} | } |
else | else |
{ | { |
MessageLoaderParms msgParms("Pegasus.Server.HTTPAuthenticatorDelegator.AUTHORIZATION_HEADER_ERROR","Authorization header error"); |
MessageLoaderParms msgParms( |
|
"Pegasus.Server.HTTPAuthenticatorDelegator." |
|
"AUTHORIZATION_HEADER_ERROR", |
|
"Authorization header error"); |
String msg(MessageLoader::getMessage(msgParms)); | String msg(MessageLoader::getMessage(msgParms)); |
_sendHttpError( | _sendHttpError( |
queueId, | queueId, |
|
|
closeConnect); | closeConnect); |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
return; | return; |
|
|
} | } |
} | } |
| |
|
|
|
|
if ( HTTPMessage::lookupHeader( | if ( HTTPMessage::lookupHeader( |
headers, _HTTP_HEADER_AUTHORIZATION, authorization, false) && |
headers, _HTTP_HEADER_AUTHORIZATION, authorization, false) |
enableAuthentication |
&& enableAuthentication) |
) |
|
{ | { |
// | // |
// Do http authentication if not authenticated already | // Do http authentication if not authenticated already |
|
|
//ATTN: the number of challenges get sent for a | //ATTN: the number of challenges get sent for a |
// request on a connection can be pre-set. | // request on a connection can be pre-set. |
#ifdef PEGASUS_KERBEROS_AUTHENTICATION | #ifdef PEGASUS_KERBEROS_AUTHENTICATION |
// Kerberos authentication needs access to the AuthenticationInfo |
// Kerberos authentication needs access to the |
// object for this session in order to set up the reference to the |
// AuthenticationInfo object for this session in |
// CIMKerberosSecurityAssociation object for this session. |
// order to set up the reference to the |
|
// CIMKerberosSecurityAssociation object for this |
|
// session. |
| |
String authResp = | String authResp = |
_authenticationManager->getHttpAuthResponseHeader(httpMessage->authInfo); |
_authenticationManager->getHttpAuthResponseHeader( |
|
httpMessage->authInfo); |
#else | #else |
String authResp = | String authResp = |
_authenticationManager->getHttpAuthResponseHeader(); | _authenticationManager->getHttpAuthResponseHeader(); |
|
|
} | } |
else | else |
{ | { |
MessageLoaderParms msgParms("Pegasus.Server.HTTPAuthenticatorDelegator.AUTHORIZATION_HEADER_ERROR","Authorization header error"); |
MessageLoaderParms msgParms( |
|
"Pegasus.Server.HTTPAuthenticatorDelegator." |
|
"AUTHORIZATION_HEADER_ERROR", |
|
"Authorization header error"); |
String msg(MessageLoader::getMessage(msgParms)); | String msg(MessageLoader::getMessage(msgParms)); |
_sendHttpError( | _sendHttpError( |
queueId, | queueId, |
|
|
} // first not authenticated check | } // first not authenticated check |
} // "Authorization" header check | } // "Authorization" header check |
} //end if(!authenticated && enableAuthentication) | } //end if(!authenticated && enableAuthentication) |
|
|
#ifdef PEGASUS_KERBEROS_AUTHENTICATION | #ifdef PEGASUS_KERBEROS_AUTHENTICATION |
// The pointer to the sa is created in the authenticator so we need to also |
// The pointer to the sa is created in the authenticator so we need |
// assign it here. |
// to also assign it here. |
sa = httpMessage->authInfo->getSecurityAssociation(); | sa = httpMessage->authInfo->getSecurityAssociation(); |
if (sa) | if (sa) |
{ | { |
Uint32 sendAction = 0; // 0 - continue, 1 = send success, 2 = send response |
// 0 - continue, 1 = send success, 2 = send response |
// The following is processing to unwrap (decrypt) the request from the |
Uint32 sendAction = 0; |
// client when using kerberos authentication. |
|
sa->unwrapRequestMessage(httpMessage->message, contentLength, |
// The following is processing to unwrap (decrypt) the request |
authenticated, sendAction); |
// from the client when using kerberos authentication. |
|
sa->unwrapRequestMessage( |
|
httpMessage->message, contentLength, authenticated, sendAction); |
|
|
if (sendAction) // send success or send response | if (sendAction) // send success or send response |
{ | { |
if (httpMessage->message.size() == 0) | if (httpMessage->message.size() == 0) |
{ | { |
MessageLoaderParms msgParms("Pegasus.Server.HTTPAuthenticatorDelegator.AUTHORIZATION_HEADER_ERROR","Authorization header error"); |
MessageLoaderParms msgParms( |
|
"Pegasus.Server.HTTPAuthenticatorDelegator." |
|
"AUTHORIZATION_HEADER_ERROR", |
|
"Authorization header error"); |
String msg(MessageLoader::getMessage(msgParms)); | String msg(MessageLoader::getMessage(msgParms)); |
_sendHttpError( | _sendHttpError( |
queueId, | queueId, |
|
|
_sendSuccess( | _sendSuccess( |
queueId, | queueId, |
String( | String( |
httpMessage->message.getData(),httpMessage->message.size()), |
httpMessage->message.getData(), |
|
httpMessage->message.size()), |
closeConnect); | closeConnect); |
} | } |
| |
if (sendAction == 2) // Send response | if (sendAction == 2) // Send response |
{ | { |
_sendResponse(queueId, httpMessage->message,closeConnect); |
_sendResponse( |
|
queueId, |
|
httpMessage->message, |
|
closeConnect); |
} | } |
} | } |
| |
|
|
} | } |
#endif | #endif |
| |
|
|
|
|
|
|
if ( authenticated || !enableAuthentication ) | if ( authenticated || !enableAuthentication ) |
{ | { |
// Final bastion to ensure the remote privileged user access | // Final bastion to ensure the remote privileged user access |
|
|
// enableRemotePrivilegedUserAccess check | // enableRemotePrivilegedUserAccess check |
// time to do it ourselves | // time to do it ourselves |
String userName = httpMessage->authInfo->getAuthenticatedUser(); | String userName = httpMessage->authInfo->getAuthenticatedUser(); |
if (! AuthenticationManager::isRemotePrivilegedUserAccessAllowed(userName)) |
if (!AuthenticationManager::isRemotePrivilegedUserAccessAllowed( |
|
userName)) |
{ | { |
// Send client a message that we can't proceed to talk to him |
// Send client a message that we can't proceed to talk |
|
// to him |
// HTTP 401 ? | // HTTP 401 ? |
MessageLoaderParms msgParms( | MessageLoaderParms msgParms( |
"Server.CIMOperationRequestAuthorizer.REMOTE_NOT_ENABLED", |
"Server.CIMOperationRequestAuthorizer." |
|
"REMOTE_NOT_ENABLED", |
"Remote privileged user access is not enabled."); | "Remote privileged user access is not enabled."); |
String msg(MessageLoader::getMessage(msgParms)); | String msg(MessageLoader::getMessage(msgParms)); |
_sendHttpError( | _sendHttpError( |
|
|
httpMessage->authInfo->setRemotePrivilegedUserAccessChecked(); | httpMessage->authInfo->setRemotePrivilegedUserAccessChecked(); |
} | } |
| |
|
|
// | // |
// Search for "CIMOperation" header: | // Search for "CIMOperation" header: |
// | // |
|
|
if (HTTPMessage::lookupHeader( | if (HTTPMessage::lookupHeader( |
headers, _HTTP_HEADER_CIMOPERATION, cimOperation, true)) | headers, _HTTP_HEADER_CIMOPERATION, cimOperation, true)) |
{ | { |
PEG_LOGGER_TRACE((Logger::STANDARD_LOG, System::CIMSERVER, Logger::TRACE, |
PEG_LOGGER_TRACE( |
"HTTPAuthenticatorDelegator - CIMOperation: $0 ",cimOperation)); |
(Logger::STANDARD_LOG, System::CIMSERVER, Logger::TRACE, |
|
"HTTPAuthenticatorDelegator - CIMOperation: $0 ", |
|
cimOperation)); |
| |
MessageQueue* queue = | MessageQueue* queue = |
MessageQueue::lookup(_operationMessageQueueId); | MessageQueue::lookup(_operationMessageQueueId); |
|
|
else if (HTTPMessage::lookupHeader( | else if (HTTPMessage::lookupHeader( |
headers, _HTTP_HEADER_CIMEXPORT, cimOperation, true)) | headers, _HTTP_HEADER_CIMEXPORT, cimOperation, true)) |
{ | { |
Logger::put(Logger::STANDARD_LOG, System::CIMSERVER, Logger::TRACE, |
Logger::put( |
|
Logger::STANDARD_LOG, System::CIMSERVER, Logger::TRACE, |
"HTTPAuthenticatorDelegator - CIMExport: $0 ",cimOperation); | "HTTPAuthenticatorDelegator - CIMExport: $0 ",cimOperation); |
| |
MessageQueue* queue = | MessageQueue* queue = |
|
|
{ // client not authenticated; send challenge | { // client not authenticated; send challenge |
#ifdef PEGASUS_KERBEROS_AUTHENTICATION | #ifdef PEGASUS_KERBEROS_AUTHENTICATION |
String authResp = | String authResp = |
_authenticationManager->getHttpAuthResponseHeader(httpMessage->authInfo); |
_authenticationManager->getHttpAuthResponseHeader( |
|
httpMessage->authInfo); |
#else | #else |
String authResp = | String authResp = |
_authenticationManager->getHttpAuthResponseHeader(); | _authenticationManager->getHttpAuthResponseHeader(); |
|
|
} | } |
else | else |
{ | { |
MessageLoaderParms msgParms("Pegasus.Server.HTTPAuthenticatorDelegator.AUTHORIZATION_HEADER_ERROR","Authorization header error"); |
MessageLoaderParms msgParms( |
|
"Pegasus.Server.HTTPAuthenticatorDelegator." |
|
"AUTHORIZATION_HEADER_ERROR", |
|
"Authorization header error"); |
String msg(MessageLoader::getMessage(msgParms)); | String msg(MessageLoader::getMessage(msgParms)); |
_sendHttpError( | _sendHttpError( |
queueId, | queueId, |