version 1.22, 2003/08/02 19:24:22
|
version 1.23, 2003/08/11 22:16:36
|
|
|
if (httpMessage->message.size() == 0) | if (httpMessage->message.size() == 0) |
{ | { |
// The message is empty; just drop it | // The message is empty; just drop it |
|
PEG_METHOD_EXIT(); |
return; | return; |
} | } |
| |
|
|
Uint32 queueId = httpMessage->queueId; | Uint32 queueId = httpMessage->queueId; |
| |
#ifdef PEGASUS_KERBEROS_AUTHENTICATION | #ifdef PEGASUS_KERBEROS_AUTHENTICATION |
// This still needs work and is not functional. |
// TODO::KERBEROS complete and verify code |
|
|
CIMKerberosSecurityAssociation *sa = httpMessage->authInfo->getSecurityAssociation(); | CIMKerberosSecurityAssociation *sa = httpMessage->authInfo->getSecurityAssociation(); |
char* outmessage = NULL; |
|
Uint32 outlength = 0; |
|
if ( sa ) | if ( sa ) |
{ | { |
|
char* outmessage = NULL; |
|
Uint64 outlength = 0; |
|
Array<Sint8> final_buffer; |
|
final_buffer.clear(); |
|
Array<Sint8> header_buffer; |
|
header_buffer.clear(); |
|
Array<Sint8> wrapped_content_buffer; |
|
wrapped_content_buffer.clear(); |
if (sa->getClientAuthenticated()) | if (sa->getClientAuthenticated()) |
{ | { |
if (sa->unwrap_message((const char*)httpMessage->message.getData(), |
// TODO::KERBEROS Question - will parse be able to distinguish headers from |
httpMessage->message.size(), |
// contents when the contents is wrapped??? I am thinking we are okay |
|
// because the code breaks out of the loop as soon as it finds the |
|
// double separator that terminates the headers. |
|
// Parse the HTTP message: |
|
String startLine; |
|
Array<HTTPHeader> headers; |
|
Uint32 contentLength; |
|
httpMessage->parse(startLine, headers, contentLength); |
|
|
|
for (Uint64 i = 0; i < (httpMessage->message.size()-contentLength); i++) |
|
{ |
|
header_buffer.append(httpMessage->message[i]); |
|
} |
|
|
|
for (Uint64 i = (httpMessage->message.size()-contentLength); i < httpMessage->message.size(); i++) |
|
{ |
|
wrapped_content_buffer.append(outmessage[i]); |
|
} |
|
|
|
if (sa->wrap_message((const char*)wrapped_content_buffer.getData(), |
|
(Uint64)wrapped_content_buffer.size(), |
outmessage, | outmessage, |
outlength)) | outlength)) |
{ | { |
// build a bad request | // build a bad request |
Array<Sint8> statusMsg; |
final_buffer = XmlWriter::formatHttpErrorRspMessage(HTTP_STATUS_BADREQUEST); |
statusMsg = XmlWriter::formatHttpErrorRspMessage(HTTP_STATUS_BADREQUEST); |
_sendResponse(queueId, final_buffer); |
_sendResponse(queueId, statusMsg); |
if (outmessage) |
|
delete [] outmessage; // outmessage is no longer needed |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
return; | return; |
} | } |
} | } |
else |
// Note: unwrap_message can result in the client no longer being authenticated so the |
|
// flag needs to be checked. |
|
if (!sa->getClientAuthenticated()) |
{ | { |
// set authenticated flag in _authInfo to not authenticated because the | // set authenticated flag in _authInfo to not authenticated because the |
// unwrap resulted in an expired token or credential. |
// wrap resulted in an expired token or credential. |
httpMessage->authInfo->setAuthStatus(AuthenticationInfoRep::CHALLENGE_SENT); | httpMessage->authInfo->setAuthStatus(AuthenticationInfoRep::CHALLENGE_SENT); |
// build a 401 response | // build a 401 response |
Array<Sint8> statusMsg; |
|
// do we need to add a token here or just restart the negotiate again??? | // do we need to add a token here or just restart the negotiate again??? |
// authResponse.append(sa->getServerToken()); | // authResponse.append(sa->getServerToken()); |
XmlWriter::appendUnauthorizedResponseHeader(statusMsg, KERBEROS_CHALLENGE_HEADER); |
XmlWriter::appendUnauthorizedResponseHeader(final_buffer, KERBEROS_CHALLENGE_HEADER); |
_sendResponse(queueId, statusMsg); |
_sendResponse(queueId, final_buffer); |
|
if (outmessage) |
|
delete [] outmessage; // outmessage is no longer needed |
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
return; | return; |
} | } |
|
|
|
if (outlength > 0) |
|
{ |
|
Array<Sint8> unwrapped_content_buffer; |
|
unwrapped_content_buffer.clear(); |
|
for (Uint64 i = 0; i < outlength; i++) |
|
{ |
|
unwrapped_content_buffer.append(outmessage[i]); |
|
} |
|
final_buffer.appendArray(header_buffer); |
|
final_buffer.appendArray(unwrapped_content_buffer); |
|
|
|
if (outmessage) |
|
delete [] outmessage; // outmessage is no longer needed |
|
|
|
httpMessage->message.clear(); |
|
httpMessage->message = final_buffer; |
|
} |
} | } |
#endif | #endif |
| |
|
|
// Kerberos authentication needs access to the AuthenticationInfo | // Kerberos authentication needs access to the AuthenticationInfo |
// object for this session in order to set up the reference to the | // object for this session in order to set up the reference to the |
// CIMKerberosSecurityAssociation object for this session. | // CIMKerberosSecurityAssociation object for this session. |
|
|
String authResp = | String authResp = |
_authenticationManager->getHttpAuthResponseHeader(httpMessage->authInfo); | _authenticationManager->getHttpAuthResponseHeader(httpMessage->authInfo); |
#else | #else |
|
|
httpMessage->authInfo->isAuthenticated() && | httpMessage->authInfo->isAuthenticated() && |
"Client requested mutual authentication") | "Client requested mutual authentication") |
{ | { |
|
|
String authResp = | String authResp = |
_authenticationManager->getHttpAuthResponseHeader(httpMessage->authInfo); | _authenticationManager->getHttpAuthResponseHeader(httpMessage->authInfo); |
if (!String::equal(authResp, String::EMPTY)) | if (!String::equal(authResp, String::EMPTY)) |