version 1.21, 2003/04/02 20:29:47
|
version 1.22, 2003/08/02 19:24:22
|
|
|
#include <Pegasus/Config/ConfigManager.h> | #include <Pegasus/Config/ConfigManager.h> |
#include "HTTPAuthenticatorDelegator.h" | #include "HTTPAuthenticatorDelegator.h" |
| |
|
#ifdef PEGASUS_KERBEROS_AUTHENTICATION |
|
#include <Pegasus/Common/CIMKerberosSecurityAssociation.h> |
|
#endif |
| |
PEGASUS_USING_STD; | PEGASUS_USING_STD; |
| |
PEGASUS_NAMESPACE_BEGIN | PEGASUS_NAMESPACE_BEGIN |
| |
|
#ifdef PEGASUS_KERBEROS_AUTHENTICATION |
|
/** |
|
Constant representing the Kerberos authentication challenge header. |
|
*/ |
|
static const String KERBEROS_CHALLENGE_HEADER = "WWW-Authenticate: Negotiate "; |
|
#endif |
| |
HTTPAuthenticatorDelegator::HTTPAuthenticatorDelegator( | HTTPAuthenticatorDelegator::HTTPAuthenticatorDelegator( |
Uint32 operationMessageQueueId, | Uint32 operationMessageQueueId, |
|
|
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
} | } |
| |
|
#ifdef PEGASUS_KERBEROS_AUTHENTICATION |
|
void HTTPAuthenticatorDelegator::_sendSuccess( |
|
Uint32 queueId, |
|
const String& authResponse) |
|
{ |
|
PEG_METHOD_ENTER(TRC_HTTP, |
|
"HTTPAuthenticatorDelegator::_sendSuccess"); |
|
|
|
// |
|
// build OK (200) response message |
|
// |
|
|
|
Array<Sint8> message; |
|
XmlWriter::appendOKResponseHeader(message, authResponse); |
|
|
|
_sendResponse(queueId, message); |
|
|
|
PEG_METHOD_EXIT(); |
|
} |
|
#endif |
|
|
void HTTPAuthenticatorDelegator::_sendChallenge( | void HTTPAuthenticatorDelegator::_sendChallenge( |
Uint32 queueId, | Uint32 queueId, |
const String& authResponse) | const String& authResponse) |
|
|
// | // |
Uint32 queueId = httpMessage->queueId; | Uint32 queueId = httpMessage->queueId; |
| |
|
#ifdef PEGASUS_KERBEROS_AUTHENTICATION |
|
// This still needs work and is not functional. |
|
|
|
CIMKerberosSecurityAssociation *sa = httpMessage->authInfo->getSecurityAssociation(); |
|
char* outmessage = NULL; |
|
Uint32 outlength = 0; |
|
if ( sa ) |
|
{ |
|
if (sa->getClientAuthenticated()) |
|
{ |
|
if (sa->unwrap_message((const char*)httpMessage->message.getData(), |
|
httpMessage->message.size(), |
|
outmessage, |
|
outlength)) |
|
{ |
|
// build a bad request |
|
Array<Sint8> statusMsg; |
|
statusMsg = XmlWriter::formatHttpErrorRspMessage(HTTP_STATUS_BADREQUEST); |
|
_sendResponse(queueId, statusMsg); |
|
PEG_METHOD_EXIT(); |
|
return; |
|
} |
|
} |
|
else |
|
{ |
|
// set authenticated flag in _authInfo to not authenticated because the |
|
// unwrap resulted in an expired token or credential. |
|
httpMessage->authInfo->setAuthStatus(AuthenticationInfoRep::CHALLENGE_SENT); |
|
// build a 401 response |
|
Array<Sint8> statusMsg; |
|
// do we need to add a token here or just restart the negotiate again??? |
|
// authResponse.append(sa->getServerToken()); |
|
XmlWriter::appendUnauthorizedResponseHeader(statusMsg, KERBEROS_CHALLENGE_HEADER); |
|
_sendResponse(queueId, statusMsg); |
|
PEG_METHOD_EXIT(); |
|
return; |
|
} |
|
} |
|
#endif |
|
|
// | // |
// Parse the HTTP message: | // Parse the HTTP message: |
// | // |
|
|
{ | { |
//ATTN: the number of challenges get sent for a | //ATTN: the number of challenges get sent for a |
// request on a connection can be pre-set. | // request on a connection can be pre-set. |
|
#ifdef PEGASUS_KERBEROS_AUTHENTICATION |
|
// Kerberos authentication needs access to the AuthenticationInfo |
|
// object for this session in order to set up the reference to the |
|
// CIMKerberosSecurityAssociation object for this session. |
|
String authResp = |
|
_authenticationManager->getHttpAuthResponseHeader(httpMessage->authInfo); |
|
#else |
String authResp = | String authResp = |
_authenticationManager->getHttpAuthResponseHeader(); | _authenticationManager->getHttpAuthResponseHeader(); |
|
#endif |
if (!String::equal(authResp, String::EMPTY)) | if (!String::equal(authResp, String::EMPTY)) |
{ | { |
_sendChallenge(queueId, authResp); | _sendChallenge(queueId, authResp); |
|
|
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
return; | return; |
} | } |
|
#ifdef PEGASUS_KERBEROS_AUTHENTICATION |
|
else if (String::equalNoCase(httpMessage->authInfo->getAuthType(), |
|
"Kerberos") && |
|
httpMessage->authInfo->isAuthenticated() && |
|
"Client requested mutual authentication") |
|
{ |
|
|
|
String authResp = |
|
_authenticationManager->getHttpAuthResponseHeader(httpMessage->authInfo); |
|
if (!String::equal(authResp, String::EMPTY)) |
|
{ |
|
_sendSuccess(queueId, authResp); |
|
} |
|
else |
|
{ |
|
/* Should never fall into here. Add code to add a trace |
|
statement in the event that it does fall into this |
|
else. */ |
|
} |
|
} |
|
#endif |
} | } |
} | } |
| |
|
|
} | } |
else | else |
{ | { |
|
#ifdef PEGASUS_KERBEROS_AUTHENTICATION |
|
String authResp = |
|
_authenticationManager->getHttpAuthResponseHeader(httpMessage->authInfo); |
|
#else |
String authResp = | String authResp = |
_authenticationManager->getHttpAuthResponseHeader(); | _authenticationManager->getHttpAuthResponseHeader(); |
|
#endif |
| |
if (!String::equal(authResp, String::EMPTY)) | if (!String::equal(authResp, String::EMPTY)) |
{ | { |
|
|
else | else |
{ | { |
_sendError(queueId, "Invalid Request"); | _sendError(queueId, "Invalid Request"); |
|
#ifdef PEGASUS_KERBEROS_AUTHENTICATION |
|
/* Should never fall into here. Add code to add a trace |
|
statement in the event that it does fall into this |
|
else. */ |
|
#endif |
} | } |
} | } |
} | } |