|
version 1.22, 2003/08/02 19:24:22
|
version 1.23, 2003/08/11 22:16:36
|
|
|
|
| if (httpMessage->message.size() == 0) | if (httpMessage->message.size() == 0) |
| { | { |
| // The message is empty; just drop it | // The message is empty; just drop it |
| |
PEG_METHOD_EXIT(); |
| return; | return; |
| } | } |
| | |
|
|
|
| Uint32 queueId = httpMessage->queueId; | Uint32 queueId = httpMessage->queueId; |
| | |
| #ifdef PEGASUS_KERBEROS_AUTHENTICATION | #ifdef PEGASUS_KERBEROS_AUTHENTICATION |
| // This still needs work and is not functional. |
// TODO::KERBEROS complete and verify code |
| |
|
| CIMKerberosSecurityAssociation *sa = httpMessage->authInfo->getSecurityAssociation(); | CIMKerberosSecurityAssociation *sa = httpMessage->authInfo->getSecurityAssociation(); |
| char* outmessage = NULL; |
|
| Uint32 outlength = 0; |
|
| if ( sa ) | if ( sa ) |
| { | { |
| |
char* outmessage = NULL; |
| |
Uint64 outlength = 0; |
| |
Array<Sint8> final_buffer; |
| |
final_buffer.clear(); |
| |
Array<Sint8> header_buffer; |
| |
header_buffer.clear(); |
| |
Array<Sint8> wrapped_content_buffer; |
| |
wrapped_content_buffer.clear(); |
| if (sa->getClientAuthenticated()) | if (sa->getClientAuthenticated()) |
| { | { |
| if (sa->unwrap_message((const char*)httpMessage->message.getData(), |
// TODO::KERBEROS Question - will parse be able to distinguish headers from |
| httpMessage->message.size(), |
// contents when the contents is wrapped??? I am thinking we are okay |
| |
// because the code breaks out of the loop as soon as it finds the |
| |
// double separator that terminates the headers. |
| |
// Parse the HTTP message: |
| |
String startLine; |
| |
Array<HTTPHeader> headers; |
| |
Uint32 contentLength; |
| |
httpMessage->parse(startLine, headers, contentLength); |
| |
|
| |
for (Uint64 i = 0; i < (httpMessage->message.size()-contentLength); i++) |
| |
{ |
| |
header_buffer.append(httpMessage->message[i]); |
| |
} |
| |
|
| |
for (Uint64 i = (httpMessage->message.size()-contentLength); i < httpMessage->message.size(); i++) |
| |
{ |
| |
wrapped_content_buffer.append(outmessage[i]); |
| |
} |
| |
|
| |
if (sa->wrap_message((const char*)wrapped_content_buffer.getData(), |
| |
(Uint64)wrapped_content_buffer.size(), |
| outmessage, | outmessage, |
| outlength)) | outlength)) |
| { | { |
| // build a bad request | // build a bad request |
| Array<Sint8> statusMsg; |
final_buffer = XmlWriter::formatHttpErrorRspMessage(HTTP_STATUS_BADREQUEST); |
| statusMsg = XmlWriter::formatHttpErrorRspMessage(HTTP_STATUS_BADREQUEST); |
_sendResponse(queueId, final_buffer); |
| _sendResponse(queueId, statusMsg); |
if (outmessage) |
| |
delete [] outmessage; // outmessage is no longer needed |
| PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| return; | return; |
| } | } |
| } | } |
| else |
// Note: unwrap_message can result in the client no longer being authenticated so the |
| |
// flag needs to be checked. |
| |
if (!sa->getClientAuthenticated()) |
| { | { |
| // set authenticated flag in _authInfo to not authenticated because the | // set authenticated flag in _authInfo to not authenticated because the |
| // unwrap resulted in an expired token or credential. |
// wrap resulted in an expired token or credential. |
| httpMessage->authInfo->setAuthStatus(AuthenticationInfoRep::CHALLENGE_SENT); | httpMessage->authInfo->setAuthStatus(AuthenticationInfoRep::CHALLENGE_SENT); |
| // build a 401 response | // build a 401 response |
| Array<Sint8> statusMsg; |
|
| // do we need to add a token here or just restart the negotiate again??? | // do we need to add a token here or just restart the negotiate again??? |
| // authResponse.append(sa->getServerToken()); | // authResponse.append(sa->getServerToken()); |
| XmlWriter::appendUnauthorizedResponseHeader(statusMsg, KERBEROS_CHALLENGE_HEADER); |
XmlWriter::appendUnauthorizedResponseHeader(final_buffer, KERBEROS_CHALLENGE_HEADER); |
| _sendResponse(queueId, statusMsg); |
_sendResponse(queueId, final_buffer); |
| |
if (outmessage) |
| |
delete [] outmessage; // outmessage is no longer needed |
| PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| return; | return; |
| } | } |
| |
|
| |
if (outlength > 0) |
| |
{ |
| |
Array<Sint8> unwrapped_content_buffer; |
| |
unwrapped_content_buffer.clear(); |
| |
for (Uint64 i = 0; i < outlength; i++) |
| |
{ |
| |
unwrapped_content_buffer.append(outmessage[i]); |
| |
} |
| |
final_buffer.appendArray(header_buffer); |
| |
final_buffer.appendArray(unwrapped_content_buffer); |
| |
|
| |
if (outmessage) |
| |
delete [] outmessage; // outmessage is no longer needed |
| |
|
| |
httpMessage->message.clear(); |
| |
httpMessage->message = final_buffer; |
| |
} |
| } | } |
| #endif | #endif |
| | |
|
|
|
| // Kerberos authentication needs access to the AuthenticationInfo | // Kerberos authentication needs access to the AuthenticationInfo |
| // object for this session in order to set up the reference to the | // object for this session in order to set up the reference to the |
| // CIMKerberosSecurityAssociation object for this session. | // CIMKerberosSecurityAssociation object for this session. |
| |
|
| String authResp = | String authResp = |
| _authenticationManager->getHttpAuthResponseHeader(httpMessage->authInfo); | _authenticationManager->getHttpAuthResponseHeader(httpMessage->authInfo); |
| #else | #else |
|
|
|
| httpMessage->authInfo->isAuthenticated() && | httpMessage->authInfo->isAuthenticated() && |
| "Client requested mutual authentication") | "Client requested mutual authentication") |
| { | { |
| |
|
| String authResp = | String authResp = |
| _authenticationManager->getHttpAuthResponseHeader(httpMessage->authInfo); | _authenticationManager->getHttpAuthResponseHeader(httpMessage->authInfo); |
| if (!String::equal(authResp, String::EMPTY)) | if (!String::equal(authResp, String::EMPTY)) |
Return to
HTTPAuthenticatorDelegator.cpp
CVS log
Up to [Pegasus] / pegasus / src / Pegasus / Server